« back to all changes in this revision
Viewing changes to serverguide/po/lo.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/lo.po
1
# Lao translation for ubuntu-docs
2
# Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2008.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2008-05-16 05:43+0000\n"
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
"Language-Team: Lao <lo@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:45+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr ""
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr ""
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr ""
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr ""
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
48
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
49
msgid "Introduction"
50
msgstr ""
51
52
#: serverguide/C/windows-networking.xml:27(para)
53
msgid ""
54
"Successfully networking your Ubuntu system with Windows clients involves "
55
"providing and integrating with services common to Windows environments. Such "
56
"services assist the sharing of data and information about the computers and "
57
"users involved in the network, and may be classified under three major "
58
"categories of functionality:"
59
msgstr ""
60
61
#: serverguide/C/windows-networking.xml:35(para)
62
msgid ""
63
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
64
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
65
"folders, volumes, and the sharing of printers throughout the network."
66
msgstr ""
67
68
#: serverguide/C/windows-networking.xml:41(para)
69
msgid ""
70
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
71
"information about the computers and users of the network with such "
72
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
73
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
74
msgstr ""
75
76
#: serverguide/C/windows-networking.xml:48(para)
77
msgid ""
78
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
79
"the identity of a computer or user of the network and determining the "
80
"information the computer or user is authorized to access using such "
81
"principles and technologies as file permissions, group policies, and the "
82
"Kerberos authentication service."
83
msgstr ""
84
85
#: serverguide/C/windows-networking.xml:56(para)
86
msgid ""
87
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
88
"clients and share network resources among them. One of the principal pieces "
89
"of software your Ubuntu system includes for Windows networking is the Samba "
90
"suite of SMB server applications and tools."
91
msgstr ""
92
93
#: serverguide/C/windows-networking.xml:62(para)
94
msgid ""
95
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
96
"of the common Samba use cases, and how to install and configure the "
97
"necessary packages. Additional detailed documentation and information on "
98
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
99
"website</ulink>."
100
msgstr ""
101
102
#: serverguide/C/windows-networking.xml:70(title)
103
msgid "Samba File Server"
104
msgstr ""
105
106
#: serverguide/C/windows-networking.xml:72(para)
107
msgid ""
108
"One of the most common ways to network Ubuntu and Windows computers is to "
109
"configure Samba as a File Server. This section covers setting up a "
110
"<application>Samba</application> server to share files with Windows clients."
111
msgstr ""
112
113
#: serverguide/C/windows-networking.xml:77(para)
114
msgid ""
115
"The server will be configured to share files with any client on the network "
116
"without prompting for a password. If your environment requires stricter "
117
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
118
msgstr ""
119
120
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
121
msgid "Installation"
122
msgstr ""
123
124
#: serverguide/C/windows-networking.xml:85(para)
125
msgid ""
126
"The first step is to install the <application>samba</application> package. "
127
"From a terminal prompt enter:"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
131
msgid "sudo apt-get install samba"
132
msgstr ""
133
134
#: serverguide/C/windows-networking.xml:93(para)
135
msgid ""
136
"That's all there is to it; you are now ready to configure Samba to share "
137
"files."
138
msgstr ""
139
140
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
141
msgid "Configuration"
142
msgstr ""
143
144
#: serverguide/C/windows-networking.xml:101(para)
145
msgid ""
146
"The main Samba configuration file is located in "
147
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
148
"a significant amount of comments in order to document various configuration "
149
"directives."
150
msgstr ""
151
152
#: serverguide/C/windows-networking.xml:106(para)
153
msgid ""
154
"Not all the available options are included in the default configuration "
155
"file. See the <filename>smb.conf</filename><application>man</application> "
156
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
157
"Collection/\">Samba HOWTO Collection</ulink> for more details."
158
msgstr ""
159
160
#: serverguide/C/windows-networking.xml:116(para)
161
msgid ""
162
"First, edit the following key/value pairs in the "
163
"<emphasis>[global]</emphasis> section of "
164
"<filename>/etc/samba/smb.conf</filename>:"
165
msgstr ""
166
167
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
168
#, no-wrap
169
msgid ""
170
"\n"
171
" workgroup = EXAMPLE\n"
172
" ...\n"
173
" security = user\n"
174
msgstr ""
175
176
#: serverguide/C/windows-networking.xml:127(para)
177
msgid ""
178
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
179
"section, and is commented by default. Also, change "
180
"<emphasis>EXAMPLE</emphasis> to better match your environment."
181
msgstr ""
182
183
#: serverguide/C/windows-networking.xml:135(para)
184
msgid ""
185
"Create a new section at the bottom of the file, or uncomment one of the "
186
"examples, for the directory to be shared:"
187
msgstr ""
188
189
#: serverguide/C/windows-networking.xml:139(programlisting)
190
#, no-wrap
191
msgid ""
192
"\n"
193
"[share]\n"
194
" comment = Ubuntu File Server Share\n"
195
" path = /srv/samba/share\n"
196
" browsable = yes\n"
197
" guest ok = yes\n"
198
" read only = no\n"
199
" create mask = 0755\n"
200
msgstr ""
201
202
#: serverguide/C/windows-networking.xml:151(para)
203
msgid ""
204
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
205
"fit your needs."
206
msgstr ""
207
208
#: serverguide/C/windows-networking.xml:156(para)
209
msgid "<emphasis>path:</emphasis> the path to the directory to share."
210
msgstr ""
211
212
#: serverguide/C/windows-networking.xml:159(para)
213
msgid ""
214
"This example uses <filename>/srv/samba/sharename</filename> because, "
215
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
216
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
217
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
218
"specific data should be served. Technically Samba shares can be placed "
219
"anywhere on the filesystem as long as the permissions are correct, but "
220
"adhering to standards is recommended."
221
msgstr ""
222
223
#: serverguide/C/windows-networking.xml:168(para)
224
msgid ""
225
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
226
"directory using <application>Windows Explorer</application>."
227
msgstr ""
228
229
#: serverguide/C/windows-networking.xml:174(para)
230
msgid ""
231
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
232
"without supplying a password."
233
msgstr ""
234
235
#: serverguide/C/windows-networking.xml:179(para)
236
msgid ""
237
"<emphasis>read only:</emphasis> determines if the share is read only or if "
238
"write privileges are granted. Write privileges are allowed only when the "
239
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
240
"is <emphasis>yes</emphasis>, then access to the share is read only."
241
msgstr ""
242
243
#: serverguide/C/windows-networking.xml:184(para)
244
msgid ""
245
"<emphasis>create mask:</emphasis> determines the permissions new files will "
246
"have when created."
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:193(para)
250
msgid ""
251
"Now that <application>Samba</application> is configured, the directory needs "
252
"to be created and the permissions changed. From a terminal enter:"
253
msgstr ""
254
255
#: serverguide/C/windows-networking.xml:199(command)
256
msgid "sudo mkdir -p /srv/samba/share"
257
msgstr ""
258
259
#: serverguide/C/windows-networking.xml:200(command)
260
msgid "sudo chown nobody.nogroup /srv/samba/share/"
261
msgstr ""
262
263
#: serverguide/C/windows-networking.xml:204(para)
264
msgid ""
265
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
266
"directory tree if it doesn't exist. Change the share name to fit your "
267
"environment."
268
msgstr ""
269
270
#: serverguide/C/windows-networking.xml:213(para)
271
msgid ""
272
"Finally, restart the <application>samba</application> services to enable the "
273
"new configuration:"
274
msgstr ""
275
276
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
277
msgid "sudo restart smbd"
278
msgstr ""
279
280
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
281
msgid "sudo restart nmbd"
282
msgstr ""
283
284
#: serverguide/C/windows-networking.xml:226(para)
285
msgid ""
286
"Once again, the above configuration gives all access to any client on the "
287
"local network. For a more secure configuration see <xref linkend=\"samba-"
288
"fileprint-security\"/>."
289
msgstr ""
290
291
#: serverguide/C/windows-networking.xml:232(para)
292
msgid ""
293
"From a Windows client you should now be able to browse to the Ubuntu file "
294
"server and see the shared directory. To check that everything is working try "
295
"creating a directory from Windows."
296
msgstr ""
297
298
#: serverguide/C/windows-networking.xml:237(para)
299
msgid ""
300
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
301
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
302
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
303
"share actually exists and the permissions are correct."
304
msgstr ""
305
306
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
307
msgid "Resources"
308
msgstr ""
309
310
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
311
msgid ""
312
"For in depth Samba configurations see the <ulink "
313
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
314
"Collection</ulink>"
315
msgstr ""
316
317
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
318
msgid ""
319
"The guide is also available in <ulink "
320
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
321
"format</ulink>."
322
msgstr ""
323
324
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
325
msgid ""
326
"O'Reilly's <ulink "
327
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
328
"another good reference."
329
msgstr ""
330
331
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
332
msgid ""
333
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
334
"</ulink> page."
335
msgstr ""
336
337
#: serverguide/C/windows-networking.xml:275(title)
338
msgid "Samba Print Server"
339
msgstr ""
340
341
#: serverguide/C/windows-networking.xml:277(para)
342
msgid ""
343
"Another common use of Samba is to configure it to share printers installed, "
344
"either locally or over the network, on an Ubuntu server. Similar to <xref "
345
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
346
"any client on the local network to use the installed printers without "
347
"prompting for a username and password."
348
msgstr ""
349
350
#: serverguide/C/windows-networking.xml:283(para)
351
msgid ""
352
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
353
"security\"/>."
354
msgstr ""
355
356
#: serverguide/C/windows-networking.xml:290(para)
357
msgid ""
358
"Before installing and configuring Samba it is best to already have a working "
359
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
360
"for details."
361
msgstr ""
362
363
#: serverguide/C/windows-networking.xml:295(para)
364
msgid ""
365
"To install the <application>samba</application> package, from a terminal "
366
"enter:"
367
msgstr ""
368
369
#: serverguide/C/windows-networking.xml:306(para)
370
msgid ""
371
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
372
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
373
"network, and change <emphasis>security</emphasis> to <emphasis "
374
"role=\"italic\">share</emphasis>:"
375
msgstr ""
376
377
#: serverguide/C/windows-networking.xml:318(para)
378
msgid ""
379
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
380
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
381
msgstr ""
382
383
#: serverguide/C/windows-networking.xml:322(programlisting)
384
#, no-wrap
385
msgid ""
386
"\n"
387
" browsable = yes\n"
388
" guest ok = yes\n"
389
msgstr ""
390
391
#: serverguide/C/windows-networking.xml:327(para)
392
msgid "After editing <filename>smb.conf</filename> restart Samba:"
393
msgstr ""
394
395
#: serverguide/C/windows-networking.xml:336(para)
396
msgid ""
397
"The default Samba configuration will automatically share any printers "
398
"installed. Simply install the printer locally on your Windows clients."
399
msgstr ""
400
401
#: serverguide/C/windows-networking.xml:365(para)
402
msgid ""
403
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
404
"more information on configuring CUPS."
405
msgstr ""
406
407
#: serverguide/C/windows-networking.xml:379(title)
408
msgid "Securing a Samba File and Print Server"
409
msgstr ""
410
411
#: serverguide/C/windows-networking.xml:382(title)
412
msgid "Samba Security Modes"
413
msgstr ""
414
415
#: serverguide/C/windows-networking.xml:384(para)
416
msgid ""
417
"There are two security levels available to the Common Internet Filesystem "
418
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
419
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
420
"allows more flexibility, providing four ways of implementing user-level "
421
"security and one way to implement share-level:"
422
msgstr ""
423
424
#: serverguide/C/windows-networking.xml:393(para)
425
msgid ""
426
"<emphasis>security = user:</emphasis> requires clients to supply a username "
427
"and password to connect to shares. Samba user accounts are separate from "
428
"system accounts, but the <application>libpam-smbpass</application> package "
429
"will sync system users and passwords with the Samba user database."
430
msgstr ""
431
432
#: serverguide/C/windows-networking.xml:400(para)
433
msgid ""
434
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
435
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
436
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
437
"linkend=\"samba-dc\"/> for further information."
438
msgstr ""
439
440
#: serverguide/C/windows-networking.xml:407(para)
441
msgid ""
442
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
443
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
444
"integration\"/> for details."
445
msgstr ""
446
447
#: serverguide/C/windows-networking.xml:413(para)
448
msgid ""
449
"<emphasis>security = server:</emphasis> this mode is left over from before "
450
"Samba could become a member server, and due to some security issues should "
451
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
452
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
453
"of the Samba guide for more details."
454
msgstr ""
455
456
#: serverguide/C/windows-networking.xml:421(para)
457
msgid ""
458
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
459
"without supplying a username and password."
460
msgstr ""
461
462
#: serverguide/C/windows-networking.xml:428(para)
463
msgid ""
464
"The security mode you choose will depend on your environment and what you "
465
"need the Samba server to accomplish."
466
msgstr ""
467
468
#: serverguide/C/windows-networking.xml:434(title)
469
msgid "Security = User"
470
msgstr ""
471
472
#: serverguide/C/windows-networking.xml:436(para)
473
msgid ""
474
"This section will reconfigure the Samba file and print server, from <xref "
475
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
476
"require authentication."
477
msgstr ""
478
479
#: serverguide/C/windows-networking.xml:441(para)
480
msgid ""
481
"First, install the <application>libpam-smbpass</application> package which "
482
"will sync the system users to the Samba user database:"
483
msgstr ""
484
485
#: serverguide/C/windows-networking.xml:447(command)
486
msgid "sudo apt-get install libpam-smbpass"
487
msgstr ""
488
489
#: serverguide/C/windows-networking.xml:451(para)
490
msgid ""
491
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
492
"<application>libpam-smbpass</application> is already installed."
493
msgstr ""
494
495
#: serverguide/C/windows-networking.xml:457(para)
496
msgid ""
497
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
498
"<emphasis>[share]</emphasis> section change:"
499
msgstr ""
500
501
#: serverguide/C/windows-networking.xml:461(programlisting)
502
#, no-wrap
503
msgid ""
504
"\n"
505
" guest ok = no\n"
506
msgstr ""
507
508
#: serverguide/C/windows-networking.xml:465(para)
509
msgid "Finally, restart Samba for the new settings to take effect:"
510
msgstr ""
511
512
#: serverguide/C/windows-networking.xml:474(para)
513
msgid ""
514
"Now when connecting to the shared directories or printers you should be "
515
"prompted for a username and password."
516
msgstr ""
517
518
#: serverguide/C/windows-networking.xml:479(para)
519
msgid ""
520
"If you choose to map a network drive to the share you can check the "
521
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
522
"enter the username and password once, at least until the password changes."
523
msgstr ""
524
525
#: serverguide/C/windows-networking.xml:487(title)
526
msgid "Share Security"
527
msgstr ""
528
529
#: serverguide/C/windows-networking.xml:489(para)
530
msgid ""
531
"There are several options available to increase the security for each "
532
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
533
"this section will cover some common options."
534
msgstr ""
535
536
#: serverguide/C/windows-networking.xml:495(title)
537
msgid "Groups"
538
msgstr ""
539
540
#: serverguide/C/windows-networking.xml:497(para)
541
msgid ""
542
"Groups define a collection of computers or users which have a common level "
543
"of access to particular network resources and offer a level of granularity "
544
"in controlling access to such resources. For example, if a group <emphasis "
545
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
546
"role=\"italic\">freda</emphasis>, <emphasis "
547
"role=\"italic\">danika</emphasis>, and <emphasis "
548
"role=\"italic\">rob</emphasis> and a second group <emphasis "
549
"role=\"italic\">support</emphasis> is defined and consists of users "
550
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
551
"role=\"italic\">jeremy</emphasis>, and <emphasis "
552
"role=\"italic\">vincent</emphasis> then certain network resources configured "
553
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
554
"subsequently enable access by freda, danika, and rob, but not jeremy or "
555
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
556
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
557
"role=\"italic\">support</emphasis> groups, she will be able to access "
558
"resources configured for access by both groups, whereas all other users will "
559
"have only access to resources explicitly allowing the group they are part of."
560
msgstr ""
561
562
#: serverguide/C/windows-networking.xml:511(para)
563
msgid ""
564
"By default Samba looks for the local system groups defined in "
565
"<filename>/etc/group</filename> to determine which users belong to which "
566
"groups. For more information on adding and removing users from groups see "
567
"<xref linkend=\"adding-deleting-users\"/>."
568
msgstr ""
569
570
#: serverguide/C/windows-networking.xml:517(para)
571
msgid ""
572
"When defining groups in the Samba configuration file, "
573
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
574
"preface the group name with an \"@\" symbol. For example, if you wished to "
575
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
576
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
577
"do so by entering the group name as <emphasis "
578
"role=\"bold\">@sysadmin</emphasis>."
579
msgstr ""
580
581
#: serverguide/C/windows-networking.xml:526(title)
582
msgid "File Permissions"
583
msgstr ""
584
585
#: serverguide/C/windows-networking.xml:528(para)
586
msgid ""
587
"File Permissions define the explicit rights a computer or user has to a "
588
"particular directory, file, or set of files. Such permissions may be defined "
589
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
590
"the explicit permissions of a defined file share."
591
msgstr ""
592
593
#: serverguide/C/windows-networking.xml:534(para)
594
msgid ""
595
"For example, if you have defined a Samba share called "
596
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
597
"only</emphasis> permissions to the group of users known as <emphasis "
598
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
599
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
600
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
601
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
602
"under the <emphasis>[share]</emphasis> entry:"
603
msgstr ""
604
605
#: serverguide/C/windows-networking.xml:543(programlisting)
606
#, no-wrap
607
msgid ""
608
"\n"
609
" read list = @qa\n"
610
" write list = @sysadmin, vincent\n"
611
msgstr ""
612
613
#: serverguide/C/windows-networking.xml:548(para)
614
msgid ""
615
"Another possible Samba permission is to declare "
616
"<emphasis>administrative</emphasis> permissions to a particular shared "
617
"resource. Users having administrative permissions may read, write, or modify "
618
"any information contained in the resource the user has been given explicit "
619
"administrative permissions to."
620
msgstr ""
621
622
#: serverguide/C/windows-networking.xml:554(para)
623
msgid ""
624
"For example, if you wanted to give the user <emphasis "
625
"role=\"italic\">melissa</emphasis> administrative permissions to the "
626
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
627
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
628
"under the <emphasis>[share]</emphasis> entry:"
629
msgstr ""
630
631
#: serverguide/C/windows-networking.xml:561(programlisting)
632
#, no-wrap
633
msgid ""
634
"\n"
635
" admin users = melissa\n"
636
msgstr ""
637
638
#: serverguide/C/windows-networking.xml:565(para)
639
msgid ""
640
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
641
"the changes to take effect:"
642
msgstr ""
643
644
#: serverguide/C/windows-networking.xml:575(para)
645
msgid ""
646
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
647
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
648
"<emphasis role=\"italic\">security = share</emphasis>"
649
msgstr ""
650
651
#: serverguide/C/windows-networking.xml:581(para)
652
msgid ""
653
"Now that Samba has been configured to limit which groups have access to the "
654
"shared directory, the filesystem permissions need to be updated."
655
msgstr ""
656
657
#: serverguide/C/windows-networking.xml:586(para)
658
msgid ""
659
"Traditional Linux file permissions do not map well to Windows NT Access "
660
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
661
"providing more fine grained control. For example, to enable ACLs on "
662
"<filename>/srv</filename> an EXT3 filesystem, edit "
663
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
664
msgstr ""
665
666
#: serverguide/C/windows-networking.xml:593(programlisting)
667
#, no-wrap
668
msgid ""
669
"\n"
670
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
671
"0 1\n"
672
msgstr ""
673
674
#: serverguide/C/windows-networking.xml:597(para)
675
msgid "Then remount the partition:"
676
msgstr ""
677
678
#: serverguide/C/windows-networking.xml:602(command)
679
msgid "sudo mount -v -o remount /srv"
680
msgstr ""
681
682
#: serverguide/C/windows-networking.xml:606(para)
683
msgid ""
684
"The above example assumes <filename>/srv</filename> on a separate partition. "
685
"If <filename>/srv</filename>, or wherever you have configured your share "
686
"path, is part of the <filename>/</filename> partition a reboot may be "
687
"required."
688
msgstr ""
689
690
#: serverguide/C/windows-networking.xml:613(para)
691
msgid ""
692
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
693
"group will be given read, write, and execute permissions to "
694
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
695
"will be given read and execute permissions, and the files will be owned by "
696
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
697
msgstr ""
698
699
#: serverguide/C/windows-networking.xml:621(command)
700
msgid "sudo chown -R melissa /srv/samba/share/"
701
msgstr ""
702
703
#: serverguide/C/windows-networking.xml:622(command)
704
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
705
msgstr ""
706
707
#: serverguide/C/windows-networking.xml:623(command)
708
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
709
msgstr ""
710
711
#: serverguide/C/windows-networking.xml:627(para)
712
msgid ""
713
"The <application>setfacl</application> command above gives "
714
"<emphasis>execute</emphasis> permissions to all files in the "
715
"<filename>/srv/samba/share</filename> directory, which you may or may not "
716
"want."
717
msgstr ""
718
719
#: serverguide/C/windows-networking.xml:633(para)
720
msgid ""
721
"Now from a Windows client you should notice the new file permissions are "
722
"implemented. See the <application>acl</application> and "
723
"<application>setfacl</application> man pages for more information on POSIX "
724
"ACLs."
725
msgstr ""
726
727
#: serverguide/C/windows-networking.xml:641(title)
728
msgid "Samba AppArmor Profile"
729
msgstr ""
730
731
#: serverguide/C/windows-networking.xml:643(para)
732
msgid ""
733
"Ubuntu comes with the <application>AppArmor</application> security module, "
734
"which provides mandatory access controls. The default AppArmor profile for "
735
"Samba will need to be adapted to your configuration. For more details on "
736
"using AppArmor see <xref linkend=\"apparmor\"/>."
737
msgstr ""
738
739
#: serverguide/C/windows-networking.xml:649(para)
740
msgid ""
741
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
742
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
743
"of the <application>apparmor-profiles</application> packages. To install the "
744
"package, from a terminal prompt enter:"
745
msgstr ""
746
747
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
748
msgid "sudo apt-get install apparmor-profiles"
749
msgstr ""
750
751
#: serverguide/C/windows-networking.xml:660(para)
752
msgid "This package contains profiles for several other binaries."
753
msgstr ""
754
755
#: serverguide/C/windows-networking.xml:665(para)
756
msgid ""
757
"By default the profiles for <application>smbd</application> and "
758
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
759
"allowing Samba to work without modifying the profile, and only logging "
760
"errors. To place the <application>smbd</application> profile into "
761
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
762
"profile will need to be modified to reflect any directories that are shared."
763
msgstr ""
764
765
#: serverguide/C/windows-networking.xml:672(para)
766
msgid ""
767
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
768
"for <emphasis>[share]</emphasis> from the file server example:"
769
msgstr ""
770
771
#: serverguide/C/windows-networking.xml:677(programlisting)
772
#, no-wrap
773
msgid ""
774
"\n"
775
" /srv/samba/share/ r,\n"
776
" /srv/samba/share/** rwkix,\n"
777
msgstr ""
778
779
#: serverguide/C/windows-networking.xml:682(para)
780
msgid ""
781
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
782
msgstr ""
783
784
#: serverguide/C/windows-networking.xml:687(command)
785
msgid "sudo aa-enforce /usr/sbin/smbd"
786
msgstr ""
787
788
#: serverguide/C/windows-networking.xml:688(command)
789
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
790
msgstr ""
791
792
#: serverguide/C/windows-networking.xml:691(para)
793
msgid ""
794
"You should now be able to read, write, and execute files in the shared "
795
"directory as normal, and the <application>smbd</application> binary will "
796
"have access to only the configured files and directories. Be sure to add "
797
"entries for each directory you configure Samba to share. Also, any errors "
798
"will be logged to <filename>/var/log/syslog</filename>."
799
msgstr ""
800
801
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
802
msgid ""
803
"O'Reilly's <ulink "
804
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
805
"also a good reference."
806
msgstr ""
807
808
#: serverguide/C/windows-networking.xml:722(para)
809
msgid ""
810
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
811
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
812
"security."
813
msgstr ""
814
815
#: serverguide/C/windows-networking.xml:728(para)
816
msgid ""
817
"For more information on Samba and ACLs see the <ulink "
818
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
819
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
820
msgstr ""
821
822
#: serverguide/C/windows-networking.xml:744(title)
823
msgid "Samba as a Domain Controller"
824
msgstr ""
825
826
#: serverguide/C/windows-networking.xml:746(para)
827
msgid ""
828
"Although it cannot act as an Active Directory Primary Domain Controller "
829
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
830
"domain controller. A major advantage of this configuration is the ability to "
831
"centralize user and machine credentials. Samba can also use multiple "
832
"backends to store the user information."
833
msgstr ""
834
835
#: serverguide/C/windows-networking.xml:753(title)
836
msgid "Primary Domain Controller"
837
msgstr ""
838
839
#: serverguide/C/windows-networking.xml:755(para)
840
msgid ""
841
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
842
"using the default smbpasswd backend."
843
msgstr ""
844
845
#: serverguide/C/windows-networking.xml:762(para)
846
msgid ""
847
"First, install Samba, and <application>libpam-smbpass</application> to sync "
848
"the user accounts, by entering the following in a terminal prompt:"
849
msgstr ""
850
851
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
852
msgid "sudo apt-get install samba libpam-smbpass"
853
msgstr ""
854
855
#: serverguide/C/windows-networking.xml:774(para)
856
msgid ""
857
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
858
"The <emphasis>security</emphasis> mode should be set to <emphasis "
859
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
860
"should relate to your organization:"
861
msgstr ""
862
863
#: serverguide/C/windows-networking.xml:789(para)
864
msgid ""
865
"In the commented <quote>Domains</quote> section add or uncomment the "
866
"following:"
867
msgstr ""
868
869
#: serverguide/C/windows-networking.xml:793(programlisting)
870
#, no-wrap
871
msgid ""
872
"\n"
873
" domain logons = yes\n"
874
" logon path = \\\\%N\\%U\\profile\n"
875
" logon drive = H:\n"
876
" logon home = \\\\%N\\%U\n"
877
" logon script = logon.cmd\n"
878
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
879
"/var/lib/samba -s /bin/false %u\n"
880
msgstr ""
881
882
#: serverguide/C/windows-networking.xml:804(para)
883
msgid ""
884
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
885
"Samba to act as a domain controller."
886
msgstr ""
887
888
#: serverguide/C/windows-networking.xml:809(para)
889
msgid ""
890
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
891
"their home directory. It is also possible to configure a "
892
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
893
"directory."
894
msgstr ""
895
896
#: serverguide/C/windows-networking.xml:815(para)
897
msgid ""
898
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
899
msgstr ""
900
901
#: serverguide/C/windows-networking.xml:820(para)
902
msgid ""
903
"<emphasis>logon home:</emphasis> specifies the home directory location."
904
msgstr ""
905
906
#: serverguide/C/windows-networking.xml:825(para)
907
msgid ""
908
"<emphasis>logon script:</emphasis> determines the script to be run locally "
909
"once a user has logged in. The script needs to be placed in the "
910
"<emphasis>[netlogon]</emphasis> share."
911
msgstr ""
912
913
#: serverguide/C/windows-networking.xml:831(para)
914
msgid ""
915
"<emphasis>add machine script:</emphasis> a script that will automatically "
916
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
917
"workstation to join the domain."
918
msgstr ""
919
920
#: serverguide/C/windows-networking.xml:835(para)
921
msgid ""
922
"In this example the <emphasis>machines</emphasis> group will need to be "
923
"created using the <application>addgroup</application> utility see <xref "
924
"linkend=\"adding-deleting-users\"/> for details."
925
msgstr ""
926
927
#: serverguide/C/windows-networking.xml:839(para)
928
msgid ""
929
"Also, rights need to be explicitly provided to the <emphasis>Domain "
930
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
931
"(and other admin functions) to work. This is achieved by executing:"
932
msgstr ""
933
934
#: serverguide/C/windows-networking.xml:844(command)
935
msgid ""
936
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
937
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
938
"SeRemoteShutdownPrivilege"
939
msgstr ""
940
941
#: serverguide/C/windows-networking.xml:851(para)
942
msgid ""
943
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
944
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
945
"commented."
946
msgstr ""
947
948
#: serverguide/C/windows-networking.xml:860(para)
949
msgid ""
950
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
951
"role=\"italic\">logon home</emphasis> to be mapped:"
952
msgstr ""
953
954
#: serverguide/C/windows-networking.xml:865(programlisting)
955
#, no-wrap
956
msgid ""
957
"\n"
958
"[homes]\n"
959
" comment = Home Directories\n"
960
" browseable = no\n"
961
" read only = no\n"
962
" create mask = 0700\n"
963
" directory mask = 0700\n"
964
" valid users = %S\n"
965
msgstr ""
966
967
#: serverguide/C/windows-networking.xml:878(para)
968
msgid ""
969
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
970
"share needs to be configured. To enable the share, uncomment:"
971
msgstr ""
972
973
#: serverguide/C/windows-networking.xml:883(programlisting)
974
#, no-wrap
975
msgid ""
976
"\n"
977
"[netlogon]\n"
978
" comment = Network Logon Service\n"
979
" path = /srv/samba/netlogon\n"
980
" guest ok = yes\n"
981
" read only = yes\n"
982
" share modes = no\n"
983
msgstr ""
984
985
#: serverguide/C/windows-networking.xml:893(para)
986
msgid ""
987
"The original <emphasis>netlogon</emphasis> share path is "
988
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
989
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
990
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
991
"location for site-specific data provided by the system."
992
msgstr ""
993
994
#: serverguide/C/windows-networking.xml:904(para)
995
msgid ""
996
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
997
"and an empty (for now) <filename>logon.cmd</filename> script file:"
998
msgstr ""
999
1000
#: serverguide/C/windows-networking.xml:910(command)
1001
msgid "sudo mkdir -p /srv/samba/netlogon"
1002
msgstr ""
1003
1004
#: serverguide/C/windows-networking.xml:911(command)
1005
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1006
msgstr ""
1007
1008
#: serverguide/C/windows-networking.xml:914(para)
1009
msgid ""
1010
"You can enter any normal Windows logon script commands in "
1011
"<filename>logon.cmd</filename> to customize the client's environment."
1012
msgstr ""
1013
1014
#: serverguide/C/windows-networking.xml:922(para)
1015
msgid ""
1016
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1017
"workstation to the domain, a system group needs to be mapped to the Windows "
1018
"<emphasis>Domain Admins</emphasis> group. Using the "
1019
"<application>net</application> utility, from a terminal enter:"
1020
msgstr ""
1021
1022
#: serverguide/C/windows-networking.xml:929(command)
1023
msgid ""
1024
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1025
"type=d"
1026
msgstr ""
1027
1028
#: serverguide/C/windows-networking.xml:933(para)
1029
msgid ""
1030
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1031
"prefer. Also, the user used to join the domain needs to be a member of the "
1032
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1033
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1034
"allows <application>sudo</application> use."
1035
msgstr ""
1036
1037
#: serverguide/C/windows-networking.xml:944(para)
1038
msgid "Finally, restart Samba to enable the new domain controller:"
1039
msgstr ""
1040
1041
#: serverguide/C/windows-networking.xml:956(para)
1042
msgid ""
1043
"You should now be able to join Windows clients to the Domain in the same "
1044
"manner as joining them to an NT4 domain running on a Windows server."
1045
msgstr ""
1046
1047
#: serverguide/C/windows-networking.xml:966(title)
1048
msgid "Backup Domain Controller"
1049
msgstr ""
1050
1051
#: serverguide/C/windows-networking.xml:968(para)
1052
msgid ""
1053
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1054
"Backup Domain Controller (BDC) as well. This will allow clients to "
1055
"authenticate in case the PDC becomes unavailable."
1056
msgstr ""
1057
1058
#: serverguide/C/windows-networking.xml:973(para)
1059
msgid ""
1060
"When configuring Samba as a BDC you need a way to sync account information "
1061
"with the PDC. There are multiple ways of accomplishing this "
1062
"<application>scp</application>, <application>rsync</application>, or by "
1063
"using <application>LDAP</application> as the <emphasis>passdb "
1064
"backend</emphasis>."
1065
msgstr ""
1066
1067
#: serverguide/C/windows-networking.xml:979(para)
1068
msgid ""
1069
"Using LDAP is the most robust way to sync account information, because both "
1070
"domain controllers can use the same information in real time. However, "
1071
"setting up a LDAP server may be overly complicated for a small number of "
1072
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1073
msgstr ""
1074
1075
#: serverguide/C/windows-networking.xml:988(para)
1076
msgid ""
1077
"First, install <application>samba</application> and <application>libpam-"
1078
"smbpass</application>. From a terminal enter:"
1079
msgstr ""
1080
1081
#: serverguide/C/windows-networking.xml:999(para)
1082
msgid ""
1083
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1084
"following in the <emphasis>[global]</emphasis>:"
1085
msgstr ""
1086
1087
#: serverguide/C/windows-networking.xml:1012(para)
1088
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1089
msgstr ""
1090
1091
#: serverguide/C/windows-networking.xml:1016(programlisting)
1092
#, no-wrap
1093
msgid ""
1094
"\n"
1095
" domain logons = yes\n"
1096
" domain master = no\n"
1097
msgstr ""
1098
1099
#: serverguide/C/windows-networking.xml:1024(para)
1100
msgid ""
1101
"Make sure a user has rights to read the files in "
1102
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1103
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1104
"files, enter:"
1105
msgstr ""
1106
1107
#: serverguide/C/windows-networking.xml:1030(command)
1108
msgid "sudo chgrp -R admin /var/lib/samba"
1109
msgstr ""
1110
1111
#: serverguide/C/windows-networking.xml:1036(para)
1112
msgid ""
1113
"Next, sync the user accounts, using <application>scp</application> to copy "
1114
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1115
msgstr ""
1116
1117
#: serverguide/C/windows-networking.xml:1042(command)
1118
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1119
msgstr ""
1120
1121
#: serverguide/C/windows-networking.xml:1046(para)
1122
msgid ""
1123
"Replace <emphasis>username</emphasis> with a valid username and "
1124
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1125
msgstr ""
1126
1127
#: serverguide/C/windows-networking.xml:1055(para)
1128
msgid "Finally, restart <application>samba</application>:"
1129
msgstr ""
1130
1131
#: serverguide/C/windows-networking.xml:1067(para)
1132
msgid ""
1133
"You can test that your Backup Domain controller is working by stopping the "
1134
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1135
"the domain."
1136
msgstr ""
1137
1138
#: serverguide/C/windows-networking.xml:1072(para)
1139
msgid ""
1140
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1141
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1142
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1143
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1144
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1145
msgstr ""
1146
1147
#: serverguide/C/windows-networking.xml:1102(para)
1148
msgid ""
1149
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1150
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1151
"up a Primary Domain Controller."
1152
msgstr ""
1153
1154
#: serverguide/C/windows-networking.xml:1108(para)
1155
msgid ""
1156
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1157
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1158
"explains setting up a Backup Domain Controller."
1159
msgstr ""
1160
1161
#: serverguide/C/windows-networking.xml:1123(title)
1162
msgid "Samba Active Directory Integration"
1163
msgstr ""
1164
1165
#: serverguide/C/windows-networking.xml:1126(title)
1166
msgid "Accessing a Samba Share"
1167
msgstr ""
1168
1169
#: serverguide/C/windows-networking.xml:1128(para)
1170
msgid ""
1171
"Another, use for Samba is to integrate into an existing Windows network. "
1172
"Once part of an Active Directory domain, Samba can provide file and print "
1173
"services to AD users."
1174
msgstr ""
1175
1176
#: serverguide/C/windows-networking.xml:1133(para)
1177
msgid ""
1178
"The simplest way to join an AD domain is to use <application>Likewise-"
1179
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1180
"open\"/>."
1181
msgstr ""
1182
1183
#: serverguide/C/windows-networking.xml:1138(para)
1184
msgid ""
1185
"Once part of the domain, enter the following command in the terminal prompt:"
1186
msgstr ""
1187
1188
#: serverguide/C/windows-networking.xml:1143(command)
1189
msgid "sudo apt-get install samba smbfs smbclient"
1190
msgstr ""
1191
1192
#: serverguide/C/windows-networking.xml:1146(para)
1193
msgid ""
1194
"Since the <application>likewise-open</application> and "
1195
"<application>samba</application> packages use separate "
1196
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1197
"<filename role=\"directory\">/var/lib/samba</filename>:"
1198
msgstr ""
1199
1200
#: serverguide/C/windows-networking.xml:1152(command)
1201
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1202
msgstr ""
1203
1204
#: serverguide/C/windows-networking.xml:1153(command)
1205
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:1156(para)
1209
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1210
msgstr ""
1211
1212
#: serverguide/C/windows-networking.xml:1160(programlisting)
1213
#, no-wrap
1214
msgid ""
1215
"\n"
1216
" workgroup = EXAMPLE\n"
1217
" ...\n"
1218
" security = ads\n"
1219
" realm = EXAMPLE.COM\n"
1220
" ...\n"
1221
" idmap backend = lwopen\n"
1222
" idmap uid = 50-9999999999\n"
1223
" idmap gid = 50-9999999999\n"
1224
msgstr ""
1225
1226
#: serverguide/C/windows-networking.xml:1171(para)
1227
msgid ""
1228
"Restart <application>samba</application> for the new settings to take effect:"
1229
msgstr ""
1230
1231
#: serverguide/C/windows-networking.xml:1180(para)
1232
msgid ""
1233
"You should now be able to access any <application>Samba</application> shares "
1234
"from a Windows client. However, be sure to give the appropriate AD users or "
1235
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1236
"security\"/> for more details."
1237
msgstr ""
1238
1239
#: serverguide/C/windows-networking.xml:1188(title)
1240
msgid "Accessing a Windows Share"
1241
msgstr ""
1242
1243
#: serverguide/C/windows-networking.xml:1190(para)
1244
msgid ""
1245
"Now that the Samba server is part of the Active Directory domain you can "
1246
"access any Windows server shares:"
1247
msgstr ""
1248
1249
#: serverguide/C/windows-networking.xml:1197(para)
1250
msgid ""
1251
"To mount a Windows file share enter the following in a terminal prompt:"
1252
msgstr ""
1253
1254
#: serverguide/C/windows-networking.xml:1201(command)
1255
msgid "mount.cifs //fs01.example.com/share mount_point"
1256
msgstr ""
1257
1258
#: serverguide/C/windows-networking.xml:1204(para)
1259
msgid ""
1260
"It is also possible to access shares on computers not part of an AD domain, "
1261
"but a username and password will need to be provided."
1262
msgstr ""
1263
1264
#: serverguide/C/windows-networking.xml:1212(para)
1265
msgid ""
1266
"To mount the share during boot place an entry in "
1267
"<filename>/etc/fstab</filename>, for example:"
1268
msgstr ""
1269
1270
#: serverguide/C/windows-networking.xml:1216(programlisting)
1271
#, no-wrap
1272
msgid ""
1273
"\n"
1274
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1275
"0 0\n"
1276
msgstr ""
1277
1278
#: serverguide/C/windows-networking.xml:1223(para)
1279
msgid ""
1280
"Another way to copy files from a Windows server is to use the "
1281
"<application>smbclient</application> utility. To list the files in a Windows "
1282
"share:"
1283
msgstr ""
1284
1285
#: serverguide/C/windows-networking.xml:1229(command)
1286
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1287
msgstr ""
1288
1289
#: serverguide/C/windows-networking.xml:1235(para)
1290
msgid "To copy a file from the share, enter:"
1291
msgstr ""
1292
1293
#: serverguide/C/windows-networking.xml:1240(command)
1294
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1295
msgstr ""
1296
1297
#: serverguide/C/windows-networking.xml:1243(para)
1298
msgid ""
1299
"This will copy the <filename>file.txt</filename> into the current directory."
1300
msgstr ""
1301
1302
#: serverguide/C/windows-networking.xml:1250(para)
1303
msgid "And to copy a file to the share:"
1304
msgstr ""
1305
1306
#: serverguide/C/windows-networking.xml:1255(command)
1307
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1308
msgstr ""
1309
1310
#: serverguide/C/windows-networking.xml:1258(para)
1311
msgid ""
1312
"This will copy the <filename>/etc/hosts</filename> to "
1313
"<filename>//fs01.example.com/share/hosts</filename>."
1314
msgstr ""
1315
1316
#: serverguide/C/windows-networking.xml:1265(para)
1317
msgid ""
1318
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1319
"<application>smbclient</application> command all at once. This is useful for "
1320
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1321
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1322
"and directory commands, simply execute:"
1323
msgstr ""
1324
1325
#: serverguide/C/windows-networking.xml:1272(command)
1326
msgid "smbclient //fs01.example.com/share -k"
1327
msgstr ""
1328
1329
#: serverguide/C/windows-networking.xml:1279(para)
1330
msgid ""
1331
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1332
"<emphasis>//192.168.0.5/share</emphasis>, "
1333
"<emphasis>username=steve,password=secret</emphasis>, and "
1334
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1335
"file name, and an actual username and password with rights to the share."
1336
msgstr ""
1337
1338
#: serverguide/C/windows-networking.xml:1290(para)
1339
msgid ""
1340
"For more <application>smbclient</application> options see the man page: "
1341
"<command>man smbclient</command>, also available <ulink "
1342
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1343
">online</ulink>."
1344
msgstr ""
1345
1346
#: serverguide/C/windows-networking.xml:1295(para)
1347
msgid ""
1348
"The <application>mount.cifs</application><ulink "
1349
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1350
"\">man page</ulink> is also useful for more detailed information."
1351
msgstr ""
1352
1353
#: serverguide/C/windows-networking.xml:1308(title)
1354
msgid "Likewise Open"
1355
msgstr ""
1356
1357
#: serverguide/C/windows-networking.xml:1310(para)
1358
msgid ""
1359
"<application>Likewise Open</application> simplifies the necessary "
1360
"configuration needed to authenticate a Linux machine to an Active Directory "
1361
"domain. Based on <application>winbind</application>, the "
1362
"<application>likewise-open</application> package takes the pain out of "
1363
"integrating Ubuntu authentication into an existing Windows network."
1364
msgstr ""
1365
1366
#: serverguide/C/windows-networking.xml:1319(para)
1367
msgid ""
1368
"There are two ways to use Likewise Open, <application>likewise-"
1369
"open</application> the command line utility and <application>likewise-open-"
1370
"gui</application>. This section focuses on the command line utility."
1371
msgstr ""
1372
1373
#: serverguide/C/windows-networking.xml:1324(para)
1374
msgid ""
1375
"To install the <application>likewise-open</application> package, open a "
1376
"terminal prompt and enter:"
1377
msgstr ""
1378
1379
#: serverguide/C/windows-networking.xml:1329(command)
1380
msgid "sudo apt-get install likewise-open"
1381
msgstr ""
1382
1383
#: serverguide/C/windows-networking.xml:1334(title)
1384
msgid "Joining a Domain"
1385
msgstr ""
1386
1387
#: serverguide/C/windows-networking.xml:1336(para)
1388
msgid ""
1389
"The main executable file of the <application>likewise-open</application> "
1390
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1391
"join your computer to the domain. Before you join a domain you will need to "
1392
"make sure you have:"
1393
msgstr ""
1394
1395
#: serverguide/C/windows-networking.xml:1344(para)
1396
msgid ""
1397
"Access to an Active Directory user with appropriate rights to join the "
1398
"domain."
1399
msgstr ""
1400
1401
#: serverguide/C/windows-networking.xml:1349(para)
1402
msgid ""
1403
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1404
"you want to join. If your AD domain does not match a valid domain such as "
1405
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1406
"the form of <emphasis>domainname.local</emphasis>."
1407
msgstr ""
1408
1409
#: serverguide/C/windows-networking.xml:1356(para)
1410
msgid ""
1411
"DNS for the domain setup properly. In a production AD environment this "
1412
"should be the case. Proper Microsoft DNS is needed so that client "
1413
"workstations can determine the Active Directory domain is available."
1414
msgstr ""
1415
1416
#: serverguide/C/windows-networking.xml:1360(para)
1417
msgid ""
1418
"If you don't have a Windows DNS server on your network, see <xref "
1419
"linkend=\"likewise-open-ms-dns\"/> for details."
1420
msgstr ""
1421
1422
#: serverguide/C/windows-networking.xml:1367(para)
1423
msgid "To join a domain, from a terminal prompt enter:"
1424
msgstr ""
1425
1426
#: serverguide/C/windows-networking.xml:1372(command)
1427
msgid "sudo domainjoin-cli join example.com Administrator"
1428
msgstr ""
1429
1430
#: serverguide/C/windows-networking.xml:1376(para)
1431
msgid ""
1432
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1433
"<emphasis>Administrator</emphasis> with the appropriate user name."
1434
msgstr ""
1435
1436
#: serverguide/C/windows-networking.xml:1382(para)
1437
msgid ""
1438
"You will then be prompted for the user's password. If all goes well a "
1439
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1440
msgstr ""
1441
1442
#: serverguide/C/windows-networking.xml:1388(para)
1443
msgid ""
1444
"After joining the domain, it is necessary to reboot before attempting to "
1445
"authenticate against the domain."
1446
msgstr ""
1447
1448
#: serverguide/C/windows-networking.xml:1394(para)
1449
msgid ""
1450
"After successfully joining an Ubuntu machine to an Active Directory domain "
1451
"you can authenticate using any valid AD user. To login you will need to "
1452
"enter the user name as 'domain\\username'. For example to ssh to a server "
1453
"joined to the domain enter:"
1454
msgstr ""
1455
1456
#: serverguide/C/windows-networking.xml:1401(command)
1457
msgid "ssh 'example\\steve'@hostname"
1458
msgstr ""
1459
1460
#: serverguide/C/windows-networking.xml:1405(para)
1461
msgid ""
1462
"If configuring a Desktop the user name will need to be prefixed with "
1463
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1464
msgstr ""
1465
1466
#: serverguide/C/windows-networking.xml:1411(para)
1467
msgid ""
1468
"To make likewise-open use a default domain, you can add the following "
1469
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1470
msgstr ""
1471
1472
#: serverguide/C/windows-networking.xml:1415(programlisting)
1473
#, no-wrap
1474
msgid ""
1475
"\n"
1476
"winbind use default domain = yes\n"
1477
msgstr ""
1478
1479
#: serverguide/C/windows-networking.xml:1419(para)
1480
msgid "Then restart the <application>likewise-open</application> daemons:"
1481
msgstr ""
1482
1483
#: serverguide/C/windows-networking.xml:1424(command)
1484
msgid "sudo /etc/init.d/likewise-open restart"
1485
msgstr ""
1486
1487
#: serverguide/C/windows-networking.xml:1428(para)
1488
msgid ""
1489
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1490
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1491
"using only their username."
1492
msgstr ""
1493
1494
#: serverguide/C/windows-networking.xml:1434(para)
1495
msgid ""
1496
"The <application>domainjoin-cli</application> utility can also be used to "
1497
"leave the domain. From a terminal:"
1498
msgstr ""
1499
1500
#: serverguide/C/windows-networking.xml:1439(command)
1501
msgid "sudo domainjoin-cli leave"
1502
msgstr ""
1503
1504
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1505
msgid "Other Utilities"
1506
msgstr ""
1507
1508
#: serverguide/C/windows-networking.xml:1446(para)
1509
msgid ""
1510
"The <application>likewise-open</application> package comes with a few other "
1511
"utilities that may be useful for gathering information about the Active "
1512
"Directory environment. These utilities are used to join the machine to the "
1513
"domain, and are the same as those available in the <application>samba-"
1514
"common</application> and <application>winbind</application> packages:"
1515
msgstr ""
1516
1517
#: serverguide/C/windows-networking.xml:1455(para)
1518
msgid ""
1519
"<application>lwinet</application>: Returns information about the network and "
1520
"the domain."
1521
msgstr ""
1522
1523
#: serverguide/C/windows-networking.xml:1460(para)
1524
msgid ""
1525
"<application>lwimsg</application>: Allows interaction with the "
1526
"<application>likewise-winbindd</application> daemon."
1527
msgstr ""
1528
1529
#: serverguide/C/windows-networking.xml:1465(para)
1530
msgid ""
1531
"<application>lwiinfo</application>: Displays information about various parts "
1532
"of the Domain."
1533
msgstr ""
1534
1535
#: serverguide/C/windows-networking.xml:1471(para)
1536
msgid "Please refer to each utility's man page specific for details."
1537
msgstr ""
1538
1539
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1540
msgid "Troubleshooting"
1541
msgstr ""
1542
1543
#: serverguide/C/windows-networking.xml:1481(para)
1544
msgid ""
1545
"If the client has trouble joining the domain, double check that the "
1546
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1547
"example:"
1548
msgstr ""
1549
1550
#: serverguide/C/windows-networking.xml:1486(programlisting)
1551
#, no-wrap
1552
msgid ""
1553
"\n"
1554
"nameserver 192.168.0.1\n"
1555
msgstr ""
1556
1557
#: serverguide/C/windows-networking.xml:1491(para)
1558
msgid ""
1559
"For more information when joining a domain, use the <emphasis>--loglevel "
1560
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1561
"<application>domainjoin-cli</application> utility:"
1562
msgstr ""
1563
1564
#: serverguide/C/windows-networking.xml:1497(command)
1565
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1566
msgstr ""
1567
1568
#: serverguide/C/windows-networking.xml:1501(para)
1569
msgid ""
1570
"If an Active Directory user has trouble logging in, check the "
1571
"<filename>/var/log/auth.log</filename> for details."
1572
msgstr ""
1573
1574
#: serverguide/C/windows-networking.xml:1506(para)
1575
msgid ""
1576
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1577
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1578
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1579
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1580
"<emphasis>hosts</emphasis> option. For example:"
1581
msgstr ""
1582
1583
#: serverguide/C/windows-networking.xml:1512(programlisting)
1584
#, no-wrap
1585
msgid ""
1586
"\n"
1587
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1588
msgstr ""
1589
1590
#: serverguide/C/windows-networking.xml:1516(para)
1591
msgid "Change the above to:"
1592
msgstr ""
1593
1594
#: serverguide/C/windows-networking.xml:1520(programlisting)
1595
#, no-wrap
1596
msgid ""
1597
"\n"
1598
"hosts: files dns [NOTFOUND=return]\n"
1599
msgstr ""
1600
1601
#: serverguide/C/windows-networking.xml:1524(para)
1602
msgid "Then restart networking by entering:"
1603
msgstr ""
1604
1605
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1606
msgid "sudo /etc/init.d/networking restart"
1607
msgstr ""
1608
1609
#: serverguide/C/windows-networking.xml:1532(para)
1610
msgid "You should now be able to join the Active Directory domain."
1611
msgstr ""
1612
1613
#: serverguide/C/windows-networking.xml:1540(title)
1614
msgid "Microsoft DNS"
1615
msgstr ""
1616
1617
#: serverguide/C/windows-networking.xml:1542(para)
1618
msgid ""
1619
"The following are instructions for installing DNS on an Active Directory "
1620
"domain controller running Windows Server 2003, but the instructions should "
1621
"be similar for other versions:"
1622
msgstr ""
1623
1624
#: serverguide/C/windows-networking.xml:1551(para)
1625
msgid ""
1626
"Click "
1627
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1628
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1629
"This will open the <application>Server Role Mangement</application> utility."
1630
msgstr ""
1631
1632
#: serverguide/C/windows-networking.xml:1559(para)
1633
msgid "Click <guilabel>Add or remove a role</guilabel>"
1634
msgstr ""
1635
1636
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1637
msgid "Click Next"
1638
msgstr ""
1639
1640
#: serverguide/C/windows-networking.xml:1561(para)
1641
msgid "Select \"DNS Server\""
1642
msgstr ""
1643
1644
#: serverguide/C/windows-networking.xml:1563(para)
1645
msgid "Click Next again to proceed"
1646
msgstr ""
1647
1648
#: serverguide/C/windows-networking.xml:1564(para)
1649
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1650
msgstr ""
1651
1652
#: serverguide/C/windows-networking.xml:1566(para)
1653
msgid ""
1654
"Make sure \"This server maintains the zone\" is selected and click Next."
1655
msgstr ""
1656
1657
#: serverguide/C/windows-networking.xml:1567(para)
1658
msgid "Enter your domain name and click Next"
1659
msgstr ""
1660
1661
#: serverguide/C/windows-networking.xml:1568(para)
1662
msgid "Click Next to \"Allow only secure dynamic updates\""
1663
msgstr ""
1664
1665
#: serverguide/C/windows-networking.xml:1570(para)
1666
msgid ""
1667
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1668
"should not forward queries\" and click Next."
1669
msgstr ""
1670
1671
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1672
msgid "Click Finish"
1673
msgstr ""
1674
1675
#: serverguide/C/windows-networking.xml:1577(para)
1676
msgid ""
1677
"DNS is now installed and can be further configured using the "
1678
"<application>Microsoft Management Console</application> DNS snap-in."
1679
msgstr ""
1680
1681
#: serverguide/C/windows-networking.xml:1585(para)
1682
msgid "Click Start"
1683
msgstr ""
1684
1685
#: serverguide/C/windows-networking.xml:1586(para)
1686
msgid "Control Panel"
1687
msgstr ""
1688
1689
#: serverguide/C/windows-networking.xml:1587(para)
1690
msgid "Network Connections"
1691
msgstr ""
1692
1693
#: serverguide/C/windows-networking.xml:1588(para)
1694
msgid "Right Click \"Local Area Connection\""
1695
msgstr ""
1696
1697
#: serverguide/C/windows-networking.xml:1589(para)
1698
msgid "Click Properties"
1699
msgstr ""
1700
1701
#: serverguide/C/windows-networking.xml:1590(para)
1702
msgid "Double click \"Internet Protocol (TCP/IP)\""
1703
msgstr ""
1704
1705
#: serverguide/C/windows-networking.xml:1591(para)
1706
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1707
msgstr ""
1708
1709
#: serverguide/C/windows-networking.xml:1592(para)
1710
msgid "Click Ok"
1711
msgstr ""
1712
1713
#: serverguide/C/windows-networking.xml:1593(para)
1714
msgid "Click Ok again to save the settings"
1715
msgstr ""
1716
1717
#: serverguide/C/windows-networking.xml:1582(para)
1718
msgid ""
1719
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1720
msgstr ""
1721
1722
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1723
msgid "References"
1724
msgstr ""
1725
1726
#: serverguide/C/windows-networking.xml:1602(para)
1727
msgid ""
1728
"Please refer to the <ulink "
1729
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1730
"further information."
1731
msgstr ""
1732
1733
#: serverguide/C/windows-networking.xml:1606(para)
1734
msgid ""
1735
"For more <application>domainjoin-cli</application> options see the man page: "
1736
"<command>man domainjoin-cli</command>."
1737
msgstr ""
1738
1739
#: serverguide/C/windows-networking.xml:1610(para)
1740
msgid ""
1741
"Also, see the <ulink "
1742
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1743
"LikewiseOpen</ulink> page."
1744
msgstr ""
1745
1746
#: serverguide/C/web-servers.xml:13(title)
1747
msgid "Web Servers"
1748
msgstr ""
1749
1750
#: serverguide/C/web-servers.xml:14(para)
1751
msgid ""
1752
"A Web server is a software responsible for accepting HTTP requests from "
1753
"clients, which are known as Web browsers, and serving them HTTP responses "
1754
"along with optional data contents, which usually are Web pages such as HTML "
1755
"documents and linked objects (images, etc.)."
1756
msgstr ""
1757
1758
#: serverguide/C/web-servers.xml:19(title)
1759
msgid "HTTPD - Apache2 Web Server"
1760
msgstr ""
1761
1762
#: serverguide/C/web-servers.xml:20(para)
1763
msgid ""
1764
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1765
"are used to serve Web Pages requested by client computers. Clients typically "
1766
"request and view Web Pages using Web Browser applications such as "
1767
"<application>Firefox</application>, <application>Opera</application>, or "
1768
"<application>Mozilla</application>."
1769
msgstr ""
1770
1771
#: serverguide/C/web-servers.xml:24(para)
1772
msgid ""
1773
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1774
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1775
"resource. For example, to view the home page of the <ulink "
1776
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1777
"the FQDN. To request specific information about <ulink "
1778
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1779
"enter the FQDN followed by a path."
1780
msgstr ""
1781
1782
#: serverguide/C/web-servers.xml:29(para)
1783
msgid ""
1784
"The most common protocol used to transfer Web pages is the Hyper Text "
1785
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1786
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1787
"protocol for uploading and downloading files, are also supported."
1788
msgstr ""
1789
1790
#: serverguide/C/web-servers.xml:33(para)
1791
msgid ""
1792
"Apache Web Servers are often used in combination with the "
1793
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1794
"(<application>PHP</application>) scripting language, and other popular "
1795
"scripting languages such as <application>Python</application> and "
1796
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1797
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1798
"for the development and deployment of Web-based applications."
1799
msgstr ""
1800
1801
#: serverguide/C/web-servers.xml:42(para)
1802
msgid ""
1803
"The <application>Apache2</application> web server is available in Ubuntu "
1804
"Linux. To install Apache2:"
1805
msgstr ""
1806
1807
#: serverguide/C/web-servers.xml:48(para)
1808
msgid "At a terminal prompt enter the following command:"
1809
msgstr ""
1810
1811
#: serverguide/C/web-servers.xml:53(command)
1812
msgid "sudo apt-get install apache2"
1813
msgstr ""
1814
1815
#: serverguide/C/web-servers.xml:63(para)
1816
msgid ""
1817
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1818
"text configuration files. These <emphasis>directives</emphasis> are "
1819
"separated between the following files and directories:"
1820
msgstr ""
1821
1822
#: serverguide/C/web-servers.xml:71(para)
1823
msgid ""
1824
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1825
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1826
msgstr ""
1827
1828
#: serverguide/C/web-servers.xml:77(para)
1829
msgid ""
1830
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1831
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1832
"serve content may add files, or symlinks, to this directory."
1833
msgstr ""
1834
1835
#: serverguide/C/web-servers.xml:83(para)
1836
msgid ""
1837
"<emphasis>envvars:</emphasis> file where Apache2 "
1838
"<emphasis>environment</emphasis> variables are set."
1839
msgstr ""
1840
1841
#: serverguide/C/web-servers.xml:88(para)
1842
msgid ""
1843
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1844
"file, named after the <application>httpd</application> daemon. The file can "
1845
"be used for <emphasis>user specific</emphasis> configuration options that "
1846
"globally effect Apache2."
1847
msgstr ""
1848
1849
#: serverguide/C/web-servers.xml:95(para)
1850
msgid ""
1851
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1852
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1853
"modules will have specific configuration files, however."
1854
msgstr ""
1855
1856
#: serverguide/C/web-servers.xml:101(para)
1857
msgid ""
1858
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1859
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1860
"configuration file is symlinked it will be enabled the next time "
1861
"<application>apache2</application> is restarted."
1862
msgstr ""
1863
1864
#: serverguide/C/web-servers.xml:108(para)
1865
msgid ""
1866
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1867
"TCP ports Apache2 is listening on."
1868
msgstr ""
1869
1870
#: serverguide/C/web-servers.xml:113(para)
1871
msgid ""
1872
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1873
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1874
"to be configured for multiple sites that have separate configurations."
1875
msgstr ""
1876
1877
#: serverguide/C/web-servers.xml:119(para)
1878
msgid ""
1879
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1880
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1881
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1882
"a configuration file in sites-available is symlinked, the site configured by "
1883
"it will be active once Apache2 is restarted."
1884
msgstr ""
1885
1886
#: serverguide/C/web-servers.xml:127(para)
1887
msgid ""
1888
"In addition, other configuration files may be added using the "
1889
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1890
"many configuration files. Any directive may be placed in any of these "
1891
"configuration files. Changes to the main configuration files are only "
1892
"recognized by Apache2 when it is started or restarted."
1893
msgstr ""
1894
1895
#: serverguide/C/web-servers.xml:136(para)
1896
msgid ""
1897
"The server also reads a file containing mime document types; the filename is "
1898
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1899
"<filename>/etc/mime.types</filename> by default."
1900
msgstr ""
1901
1902
#: serverguide/C/web-servers.xml:141(title)
1903
msgid "Basic Settings"
1904
msgstr ""
1905
1906
#: serverguide/C/web-servers.xml:142(para)
1907
msgid ""
1908
"This section explains Apache2 server essential configuration parameters. "
1909
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1910
"Documentation</ulink> for more details."
1911
msgstr ""
1912
1913
#: serverguide/C/web-servers.xml:150(para)
1914
msgid ""
1915
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1916
"it is configured with a single default virtual host (using the "
1917
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1918
"if you have a single site, or used as a template for additional virtual "
1919
"hosts if you have multiple sites. If left alone, the default virtual host "
1920
"will serve as your default site, or the site users will see if the URL they "
1921
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1922
"your custom sites. To modify the default virtual host, edit the file "
1923
"<filename>/etc/apache2/sites-available/default</filename>."
1924
msgstr ""
1925
1926
#: serverguide/C/web-servers.xml:163(para)
1927
msgid ""
1928
"The directives set for a virtual host only apply to that particular virtual "
1929
"host. If a directive is set server-wide and not defined within the virtual "
1930
"host settings, the default setting is used. For example, you can define a "
1931
"Webmaster email address and not define individual email addresses for each "
1932
"virtual host."
1933
msgstr ""
1934
1935
#: serverguide/C/web-servers.xml:171(para)
1936
msgid ""
1937
"If you wish to configure a new virtual host or site, copy that file into the "
1938
"same directory with a name you choose. For example:"
1939
msgstr ""
1940
1941
#: serverguide/C/web-servers.xml:177(command)
1942
msgid ""
1943
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1944
"available/mynewsite"
1945
msgstr ""
1946
1947
#: serverguide/C/web-servers.xml:180(para)
1948
msgid ""
1949
"Edit the new file to configure the new site using some of the directives "
1950
"described below."
1951
msgstr ""
1952
1953
#: serverguide/C/web-servers.xml:187(para)
1954
msgid ""
1955
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1956
"to be advertised for the server's administrator. The default value is "
1957
"webmaster@localhost. This should be changed to an email address that is "
1958
"delivered to you (if you are the server's administrator). If your website "
1959
"has a problem, Apache2 will display an error message containing this email "
1960
"address to report the problem to. Find this directive in your site's "
1961
"configuration file in /etc/apache2/sites-available."
1962
msgstr ""
1963
1964
#: serverguide/C/web-servers.xml:198(para)
1965
msgid ""
1966
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1967
"the IP address, Apache2 should listen on. If the IP address is not "
1968
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1969
"it runs on. The default value for the Listen directive is 80. Change this to "
1970
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1971
"that it will not be available to the Internet, to (for example) 81 to change "
1972
"the port that it listens on, or leave it as is for normal operation. This "
1973
"directive can be found and changed in its own file, "
1974
"<filename>/etc/apache2/ports.conf</filename>"
1975
msgstr ""
1976
1977
#: serverguide/C/web-servers.xml:211(para)
1978
msgid ""
1979
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1980
"FQDN your site should answer to. The default virtual host has no ServerName "
1981
"directive specified, so it will respond to all requests that do not match a "
1982
"ServerName directive in another virtual host. If you have just acquired the "
1983
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1984
"value of the ServerName directive in your virtual host configuration file "
1985
"should be ubunturocks.com. Add this directive to the new virtual host file "
1986
"you created earlier (<filename>/etc/apache2/sites-"
1987
"available/mynewsite</filename>)."
1988
msgstr ""
1989
1990
#: serverguide/C/web-servers.xml:223(para)
1991
msgid ""
1992
"You may also want your site to respond to www.ubunturocks.com, since many "
1993
"users will assume the www prefix is appropriate. Use the "
1994
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1995
"wildcards in the ServerAlias directive."
1996
msgstr ""
1997
1998
#: serverguide/C/web-servers.xml:230(para)
1999
msgid ""
2000
"For example, the following configuration will cause your site to respond to "
2001
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2002
msgstr ""
2003
2004
#: serverguide/C/web-servers.xml:236(programlisting)
2005
#, no-wrap
2006
msgid ""
2007
"\n"
2008
"ServerAlias *.ubunturocks.com\n"
2009
msgstr ""
2010
2011
#: serverguide/C/web-servers.xml:242(para)
2012
msgid ""
2013
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2014
"should look for the files that make up the site. The default value is "
2015
"/var/www. No site is configured there, but if you uncomment the "
2016
"<emphasis>RedirectMatch</emphasis> directive in "
2017
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2018
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2019
"this value in your site's virtual host file, and remember to create that "
2020
"directory if necessary!"
2021
msgstr ""
2022
2023
#: serverguide/C/web-servers.xml:254(para)
2024
msgid ""
2025
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2026
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2027
"enabled point to \"available\" sites."
2028
msgstr ""
2029
2030
#: serverguide/C/web-servers.xml:260(para)
2031
msgid ""
2032
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2033
"<application>a2ensite</application> utility and restart Apache2:"
2034
msgstr ""
2035
2036
#: serverguide/C/web-servers.xml:266(command)
2037
msgid "sudo a2ensite mynewsite"
2038
msgstr ""
2039
2040
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2041
msgid "sudo /etc/init.d/apache2 restart"
2042
msgstr ""
2043
2044
#: serverguide/C/web-servers.xml:271(para)
2045
msgid ""
2046
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2047
"name for the VirtualHost. One method is to name the file after the "
2048
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2049
msgstr ""
2050
2051
#: serverguide/C/web-servers.xml:278(para)
2052
msgid ""
2053
"Similarly, use the <application>a2dissite</application> utility to disable "
2054
"sites. This is can be useful when troubleshooting configuration problems "
2055
"with multiple VirtualHosts:"
2056
msgstr ""
2057
2058
#: serverguide/C/web-servers.xml:284(command)
2059
msgid "sudo a2dissite mynewsite"
2060
msgstr ""
2061
2062
#: serverguide/C/web-servers.xml:290(title)
2063
msgid "Default Settings"
2064
msgstr ""
2065
2066
#: serverguide/C/web-servers.xml:292(para)
2067
msgid ""
2068
"This section explains configuration of the Apache2 server default settings. "
2069
"For example, if you add a virtual host, the settings you configure for the "
2070
"virtual host take precedence for that virtual host. For a directive not "
2071
"defined within the virtual host settings, the default value is used."
2072
msgstr ""
2073
2074
#: serverguide/C/web-servers.xml:304(para)
2075
msgid ""
2076
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2077
"server when a user requests an index of a directory by specifying a forward "
2078
"slash (/) at the end of the directory name."
2079
msgstr ""
2080
2081
#: serverguide/C/web-servers.xml:311(para)
2082
msgid ""
2083
"For example, when a user requests the page "
2084
"http://www.example.com/this_directory/, he or she will get either the "
2085
"DirectoryIndex page if it exists, a server-generated directory list if it "
2086
"does not and the Indexes option is specified, or a Permission Denied page if "
2087
"neither is true. The server will try to find one of the files listed in the "
2088
"DirectoryIndex directive and will return the first one it finds. If it does "
2089
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2090
"set for that directory, the server will generate and return a list, in HTML "
2091
"format, of the subdirectories and files in the directory. The default value, "
2092
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2093
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2094
"Apache2 finds a file in a requested directory matching any of these names, "
2095
"the first will be displayed."
2096
msgstr ""
2097
2098
#: serverguide/C/web-servers.xml:332(para)
2099
msgid ""
2100
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2101
"file for Apache2 to use for specific error events. For example, if a user "
2102
"requests a resource that does not exist, a 404 error will occur, and per "
2103
"Apache2's default configuration, the file "
2104
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2105
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2106
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2107
"redirects requests to the /error directory to "
2108
"<filename>/usr/share/apache2/error/</filename>."
2109
msgstr ""
2110
2111
#: serverguide/C/web-servers.xml:344(para)
2112
msgid ""
2113
"To see a list of the default ErrorDocument directives, use this command:"
2114
msgstr ""
2115
2116
#: serverguide/C/web-servers.xml:350(command)
2117
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2118
msgstr ""
2119
2120
#: serverguide/C/web-servers.xml:355(para)
2121
msgid ""
2122
"By default, the server writes the transfer log to the file "
2123
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2124
"per-site basis in your virtual host configuration files with the "
2125
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2126
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2127
"specify the file to which errors are logged, via the "
2128
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2129
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2130
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2131
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2132
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2133
"/etc/apache2/apache2.conf</filename> for the default value)."
2134
msgstr ""
2135
2136
#: serverguide/C/web-servers.xml:370(para)
2137
msgid ""
2138
"Some options are specified on a per-directory basis rather than per-server. "
2139
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2140
"is enclosed in XML-like tags, like so:"
2141
msgstr ""
2142
2143
#: serverguide/C/web-servers.xml:376(programlisting)
2144
#, no-wrap
2145
msgid ""
2146
"\n"
2147
"<Directory /var/www/mynewsite>\n"
2148
"...\n"
2149
"</Directory>\n"
2150
msgstr ""
2151
2152
#: serverguide/C/web-servers.xml:382(para)
2153
msgid ""
2154
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2155
"one or more of the following values (among others), separated by spaces:"
2156
msgstr ""
2157
2158
#: serverguide/C/web-servers.xml:394(para)
2159
msgid ""
2160
"Most files should not be executed as CGI scripts. This would be very "
2161
"dangerous. CGI scripts should kept in a directory separate from and outside "
2162
"your DocumentRoot, and only this directory should have the ExecCGI option "
2163
"set. This is the default, and the default location for CGI scripts is "
2164
"<filename>/usr/lib/cgi-bin</filename>."
2165
msgstr ""
2166
2167
#: serverguide/C/web-servers.xml:389(para)
2168
msgid ""
2169
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2170
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2171
msgstr ""
2172
2173
#: serverguide/C/web-servers.xml:405(para)
2174
msgid ""
2175
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2176
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2177
"other files. This is not a common option. See <ulink "
2178
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2179
"HOWTO</ulink> for more information."
2180
msgstr ""
2181
2182
#: serverguide/C/web-servers.xml:414(para)
2183
msgid ""
2184
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2185
"includes, but disable the <emphasis>#exec</emphasis> and "
2186
"<emphasis>#include</emphasis> commands in CGI scripts."
2187
msgstr ""
2188
2189
#: serverguide/C/web-servers.xml:426(para)
2190
msgid ""
2191
"For security reasons, this should usually not be set, and certainly should "
2192
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2193
"per-directory basis only if you are certain you want users to see the entire "
2194
"contents of the directory."
2195
msgstr ""
2196
2197
#: serverguide/C/web-servers.xml:421(para)
2198
msgid ""
2199
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2200
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2201
"index.html) exists in the requested directory. <placeholder-1/>"
2202
msgstr ""
2203
2204
#: serverguide/C/web-servers.xml:436(para)
2205
msgid ""
2206
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2207
"multiviews; this option is disabled by default for security reasons. See the "
2208
"<ulink "
2209
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2210
"Apache2 documentation on this option</ulink>."
2211
msgstr ""
2212
2213
#: serverguide/C/web-servers.xml:444(para)
2214
msgid ""
2215
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2216
"symbolic links if the target file or directory has the same owner as the "
2217
"link."
2218
msgstr ""
2219
2220
#: serverguide/C/web-servers.xml:456(title)
2221
msgid "httpd Settings"
2222
msgstr ""
2223
2224
#: serverguide/C/web-servers.xml:458(para)
2225
msgid ""
2226
"This section explains some basic <application>httpd</application> daemon "
2227
"configuration settings."
2228
msgstr ""
2229
2230
#: serverguide/C/web-servers.xml:462(para)
2231
msgid ""
2232
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2233
"the path to the lockfile used when the server is compiled with either "
2234
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2235
"stored on the local disk. It should be left to the default value unless the "
2236
"logs directory is located on an NFS share. If this is the case, the default "
2237
"value should be changed to a location on the local disk and to a directory "
2238
"that is readable only by root."
2239
msgstr ""
2240
2241
#: serverguide/C/web-servers.xml:471(para)
2242
msgid ""
2243
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2244
"file in which the server records its process ID (pid). This file should only "
2245
"be readable by root. In most cases, it should be left to the default value."
2246
msgstr ""
2247
2248
#: serverguide/C/web-servers.xml:477(para)
2249
msgid ""
2250
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2251
"used by the server to answer requests. This setting determines the server's "
2252
"access. Any files inaccessible to this user will also be inaccessible to "
2253
"your website's visitors. The default value for User is www-data."
2254
msgstr ""
2255
2256
#: serverguide/C/web-servers.xml:484(para)
2257
msgid ""
2258
"Unless you know exactly what you are doing, do not set the User directive to "
2259
"root. Using root as the User will create large security holes for your Web "
2260
"server."
2261
msgstr ""
2262
2263
#: serverguide/C/web-servers.xml:490(para)
2264
msgid ""
2265
"The Group directive is similar to the User directive. Group sets the group "
2266
"under which the server will answer requests. The default group is also www-"
2267
"data."
2268
msgstr ""
2269
2270
#: serverguide/C/web-servers.xml:496(title)
2271
msgid "Apache2 Modules"
2272
msgstr ""
2273
2274
#: serverguide/C/web-servers.xml:498(para)
2275
msgid ""
2276
"Apache2 is a modular server. This implies that only the most basic "
2277
"functionality is included in the core server. Extended features are "
2278
"available through modules which can be loaded into Apache2. By default, a "
2279
"base set of modules is included in the server at compile-time. If the server "
2280
"is compiled to use dynamically loaded modules, then modules can be compiled "
2281
"separately, and added at any time using the LoadModule directive. Otherwise, "
2282
"Apache2 must be recompiled to add or remove modules."
2283
msgstr ""
2284
2285
#: serverguide/C/web-servers.xml:510(para)
2286
msgid ""
2287
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2288
"Configuration directives may be conditionally included on the presence of a "
2289
"particular module by enclosing them in an "
2290
"<emphasis><IfModule></emphasis> block."
2291
msgstr ""
2292
2293
#: serverguide/C/web-servers.xml:517(para)
2294
msgid ""
2295
"You can install additional Apache2 modules and use them with your Web "
2296
"server. For example, run the following command from a terminal prompt to "
2297
"install the <emphasis>MySQL Authentication</emphasis> module:"
2298
msgstr ""
2299
2300
#: serverguide/C/web-servers.xml:524(command)
2301
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2302
msgstr ""
2303
2304
#: serverguide/C/web-servers.xml:527(para)
2305
msgid ""
2306
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2307
"additional modules."
2308
msgstr ""
2309
2310
#: serverguide/C/web-servers.xml:531(para)
2311
msgid ""
2312
"Use the <application>a2enmod</application> utility to enable a module:"
2313
msgstr ""
2314
2315
#: serverguide/C/web-servers.xml:537(command)
2316
msgid "sudo a2enmod auth_mysql"
2317
msgstr ""
2318
2319
#: serverguide/C/web-servers.xml:541(para)
2320
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2321
msgstr ""
2322
2323
#: serverguide/C/web-servers.xml:546(command)
2324
msgid "sudo a2dismod auth_mysql"
2325
msgstr ""
2326
2327
#: serverguide/C/web-servers.xml:553(title)
2328
msgid "HTTPS Configuration"
2329
msgstr ""
2330
2331
#: serverguide/C/web-servers.xml:555(para)
2332
msgid ""
2333
"The <application>mod_ssl</application> module adds an important feature to "
2334
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2335
"browser is communicating using SSL, the https:// prefix is used at the "
2336
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2337
"bar."
2338
msgstr ""
2339
2340
#: serverguide/C/web-servers.xml:564(para)
2341
msgid ""
2342
"The <application>mod_ssl</application> module is available in "
2343
"<application>apache2-common</application> package. Execute the following "
2344
"command from a terminal prompt to enable the "
2345
"<application>mod_ssl</application> module:"
2346
msgstr ""
2347
2348
#: serverguide/C/web-servers.xml:571(command)
2349
msgid "sudo a2enmod ssl"
2350
msgstr ""
2351
2352
#: serverguide/C/web-servers.xml:574(para)
2353
msgid ""
2354
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2355
"available/default-ssl</filename>. In order for "
2356
"<application>Apache2</application> to provide HTTPS, a "
2357
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2358
"needed. The default HTTPS configuration will use a certificate and key "
2359
"generated by the <application>ssl-cert</application> package. They are good "
2360
"for testing, but the auto-generated certificate and key should be replaced "
2361
"by a certificate specific to the site or server. For information on "
2362
"generating a key and obtaining a certificate see <xref "
2363
"linkend=\"certificates-and-security\"/>"
2364
msgstr ""
2365
2366
#: serverguide/C/web-servers.xml:584(para)
2367
msgid ""
2368
"To configure <application>Apache2</application> for HTTPS, enter the "
2369
"following:"
2370
msgstr ""
2371
2372
#: serverguide/C/web-servers.xml:589(command)
2373
msgid "sudo a2ensite default-ssl"
2374
msgstr ""
2375
2376
#: serverguide/C/web-servers.xml:593(para)
2377
msgid ""
2378
"The directories <filename>/etc/ssl/certs</filename> and "
2379
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2380
"install the certificate and key in another directory make sure to change "
2381
"<emphasis>SSLCertificateFile</emphasis> and "
2382
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2383
msgstr ""
2384
2385
#: serverguide/C/web-servers.xml:600(para)
2386
msgid ""
2387
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2388
"settings:"
2389
msgstr ""
2390
2391
#: serverguide/C/web-servers.xml:611(para)
2392
msgid ""
2393
"Depending on how you obtained your certificate you may need to enter a "
2394
"passphrase when <application>Apache2</application> starts."
2395
msgstr ""
2396
2397
#: serverguide/C/web-servers.xml:617(para)
2398
msgid ""
2399
"You can access the secure server pages by typing https://your_hostname/url/ "
2400
"in your browser address bar."
2401
msgstr ""
2402
2403
#: serverguide/C/web-servers.xml:628(para)
2404
msgid ""
2405
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2406
"Documentation</ulink> contains in depth information on Apache2 configuration "
2407
"directives. Also, see the <application>apache2-doc</application> package for "
2408
"the official Apache2 docs."
2409
msgstr ""
2410
2411
#: serverguide/C/web-servers.xml:635(para)
2412
msgid ""
2413
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2414
"Documentation</ulink> site for more SSL related information."
2415
msgstr ""
2416
2417
#: serverguide/C/web-servers.xml:641(para)
2418
msgid ""
2419
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2420
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2421
"configurations."
2422
msgstr ""
2423
2424
#: serverguide/C/web-servers.xml:647(para)
2425
msgid ""
2426
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2427
"server</emphasis> IRC channel on <ulink "
2428
"url=\"http://freenode.net/\">freenode.net</ulink>."
2429
msgstr ""
2430
2431
#: serverguide/C/web-servers.xml:653(para)
2432
msgid ""
2433
"Usually integrated with PHP and MySQL the <ulink "
2434
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2435
"Ubuntu Wiki </ulink> page is a good resource."
2436
msgstr ""
2437
2438
#: serverguide/C/web-servers.xml:664(title)
2439
msgid "PHP5 - Scripting Language"
2440
msgstr ""
2441
2442
#: serverguide/C/web-servers.xml:665(para)
2443
msgid ""
2444
"PHP is a general-purpose scripting language suited for Web development. The "
2445
"PHP script can be embedded into HTML. This section explains how to install "
2446
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2447
msgstr ""
2448
2449
#: serverguide/C/web-servers.xml:669(para)
2450
msgid ""
2451
"This section assumes you have installed and configured Apache2 Web Server "
2452
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2453
"sections in this document to install and configure Apache2 and MySQL "
2454
"respectively."
2455
msgstr ""
2456
2457
#: serverguide/C/web-servers.xml:676(para)
2458
msgid "The PHP5 is available in Ubuntu Linux."
2459
msgstr ""
2460
2461
#: serverguide/C/web-servers.xml:678(para)
2462
msgid ""
2463
"To install PHP5 you can enter the following command in the terminal prompt: "
2464
"<screen>\n"
2465
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2466
"</screen>"
2467
msgstr ""
2468
2469
#: serverguide/C/web-servers.xml:687(para)
2470
msgid ""
2471
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2472
"line you should install <application>php5-cli</application> package. To "
2473
"install <application>php5-cli</application> you can enter the following "
2474
"command in the terminal prompt: <screen>\n"
2475
"<command>sudo apt-get install php5-cli</command>\n"
2476
"</screen>"
2477
msgstr ""
2478
2479
#: serverguide/C/web-servers.xml:696(para)
2480
msgid ""
2481
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2482
"accomplish this, you should install <application>php5-cgi</application> "
2483
"package. You can run the following command in a terminal prompt to install "
2484
"<application>php5-cgi</application> package: <screen>\n"
2485
"<command>sudo apt-get install php5-cgi</command>\n"
2486
"</screen>"
2487
msgstr ""
2488
2489
#: serverguide/C/web-servers.xml:706(para)
2490
msgid ""
2491
"To use <application>MySQL</application> with PHP5 you should install "
2492
"<application>php5-mysql</application> package. To install <application>php5-"
2493
"mysql</application> you can enter the following command in the terminal "
2494
"prompt: <screen>\n"
2495
"<command>sudo apt-get install php5-mysql</command>\n"
2496
"</screen>"
2497
msgstr ""
2498
2499
#: serverguide/C/web-servers.xml:714(para)
2500
msgid ""
2501
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2502
"install <application>php5-pgsql</application> package. To install "
2503
"<application>php5-pgsql</application> you can enter the following command in "
2504
"the terminal prompt: <screen>\n"
2505
"<command>sudo apt-get install php5-pgsql</command>\n"
2506
"</screen>"
2507
msgstr ""
2508
2509
#: serverguide/C/web-servers.xml:727(para)
2510
msgid ""
2511
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2512
"you have installed <application>php5-cli</application> package, you can run "
2513
"PHP5 scripts from your command prompt."
2514
msgstr ""
2515
2516
#: serverguide/C/web-servers.xml:734(para)
2517
msgid ""
2518
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2519
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2520
"when you install the module. Please verify if the files "
2521
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2522
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2523
"not exists, you can enable the module using <command>a2enmod</command> "
2524
"command."
2525
msgstr ""
2526
2527
#: serverguide/C/web-servers.xml:745(para)
2528
msgid ""
2529
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2530
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2531
"following command at a terminal prompt to restart your web server: "
2532
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2533
msgstr ""
2534
2535
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2536
msgid "Testing"
2537
msgstr ""
2538
2539
#: serverguide/C/web-servers.xml:754(para)
2540
msgid ""
2541
"To verify your installation, you can run following PHP5 phpinfo script:"
2542
msgstr ""
2543
2544
#: serverguide/C/web-servers.xml:757(programlisting)
2545
#, no-wrap
2546
msgid ""
2547
"\n"
2548
"<?php\n"
2549
" phpinfo();\n"
2550
"?>\n"
2551
msgstr ""
2552
2553
#: serverguide/C/web-servers.xml:762(para)
2554
msgid ""
2555
"You can save the content in a file <filename>phpinfo.php</filename> and "
2556
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2557
"server. When point your browser to "
2558
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2559
"various PHP5 configuration parameters."
2560
msgstr ""
2561
2562
#: serverguide/C/web-servers.xml:776(para)
2563
msgid ""
2564
"For more in depth information see <ulink "
2565
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2566
msgstr ""
2567
2568
#: serverguide/C/web-servers.xml:781(para)
2569
msgid ""
2570
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2571
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2572
"5</ulink> and the <ulink "
2573
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2574
msgstr ""
2575
2576
#: serverguide/C/web-servers.xml:788(para)
2577
msgid ""
2578
"Also, see the <ulink "
2579
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2580
"Ubuntu Wiki</ulink> page for more information."
2581
msgstr ""
2582
2583
#: serverguide/C/web-servers.xml:799(title)
2584
msgid "Squid - Proxy Server"
2585
msgstr ""
2586
2587
#: serverguide/C/web-servers.xml:800(para)
2588
msgid ""
2589
"Squid is a full-featured web proxy cache server application which provides "
2590
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2591
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2592
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2593
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2594
"caching. Squid also supports a wide variety of caching protocols, such as "
2595
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2596
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2597
"Protocol. (WCCP)"
2598
msgstr ""
2599
2600
#: serverguide/C/web-servers.xml:808(para)
2601
msgid ""
2602
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2603
"and caching server needs, and scales from the branch office to enterprise "
2604
"level networks while providing extensive, granular access control mechanisms "
2605
"and monitoring of critical parameters via the Simple Network Management "
2606
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2607
"Squid proxy, or caching servers, ensure your system is configured with a "
2608
"large amount of physical memory, as Squid maintains an in-memory cache for "
2609
"increased performance."
2610
msgstr ""
2611
2612
#: serverguide/C/web-servers.xml:817(para)
2613
msgid ""
2614
"At a terminal prompt, enter the following command to install the Squid "
2615
"server:"
2616
msgstr ""
2617
2618
#: serverguide/C/web-servers.xml:822(command)
2619
msgid "sudo apt-get install squid"
2620
msgstr ""
2621
2622
#: serverguide/C/web-servers.xml:828(para)
2623
msgid ""
2624
"Squid is configured by editing the directives contained within the "
2625
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2626
"examples illustrate some of the directives which may be modified to affect "
2627
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2628
"see the References section."
2629
msgstr ""
2630
2631
#: serverguide/C/web-servers.xml:834(para)
2632
msgid ""
2633
"Prior to editing the configuration file, you should make a copy of the "
2634
"original file and protect it from writing so you will have the original "
2635
"settings as a reference, and to re-use as necessary."
2636
msgstr ""
2637
2638
#: serverguide/C/web-servers.xml:837(para)
2639
msgid ""
2640
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2641
"writing with the following commands entered at a terminal prompt:"
2642
msgstr ""
2643
2644
#: serverguide/C/web-servers.xml:842(command)
2645
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2646
msgstr ""
2647
2648
#: serverguide/C/web-servers.xml:843(command)
2649
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2650
msgstr ""
2651
2652
#: serverguide/C/web-servers.xml:849(para)
2653
msgid ""
2654
"To set your Squid server to listen on TCP port 8888 instead of the default "
2655
"TCP port 3128, change the http_port directive as such:"
2656
msgstr ""
2657
2658
#: serverguide/C/web-servers.xml:853(programlisting)
2659
#, no-wrap
2660
msgid ""
2661
"\n"
2662
"http_port 8888\n"
2663
msgstr ""
2664
2665
#: serverguide/C/web-servers.xml:858(para)
2666
msgid ""
2667
"Change the visible_hostname directive in order to give the Squid server a "
2668
"specific hostname. This hostname does not necessarily need to be the "
2669
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2670
msgstr ""
2671
2672
#: serverguide/C/web-servers.xml:862(programlisting)
2673
#, no-wrap
2674
msgid ""
2675
"\n"
2676
"visible_hostname weezie\n"
2677
msgstr ""
2678
2679
#: serverguide/C/web-servers.xml:867(para)
2680
msgid ""
2681
"Using Squid's access control, you may configure use of Internet services "
2682
"proxied by Squid to be available only users with certain Internet Protocol "
2683
"(IP) addresses. For example, we will illustrate access by users of the "
2684
"192.168.42.0/24 subnetwork only:"
2685
msgstr ""
2686
2687
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2688
msgid ""
2689
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2690
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2691
msgstr ""
2692
2693
#: serverguide/C/web-servers.xml:875(programlisting)
2694
#, no-wrap
2695
msgid ""
2696
"\n"
2697
"acl fortytwo_network src 192.168.42.0/24\n"
2698
msgstr ""
2699
2700
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2701
msgid ""
2702
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2703
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2704
msgstr ""
2705
2706
#: serverguide/C/web-servers.xml:882(programlisting)
2707
#, no-wrap
2708
msgid ""
2709
"\n"
2710
"http_access allow fortytwo_network\n"
2711
msgstr ""
2712
2713
#: serverguide/C/web-servers.xml:887(para)
2714
msgid ""
2715
"Using the excellent access control features of Squid, you may configure use "
2716
"of Internet services proxied by Squid to be available only during normal "
2717
"business hours. For example, we'll illustrate access by employees of a "
2718
"business which is operating between 9:00AM and 5:00PM, Monday through "
2719
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2720
msgstr ""
2721
2722
#: serverguide/C/web-servers.xml:895(programlisting)
2723
#, no-wrap
2724
msgid ""
2725
"\n"
2726
"acl biz_network src 10.1.42.0/24\n"
2727
"acl biz_hours time M T W T F 9:00-17:00\n"
2728
msgstr ""
2729
2730
#: serverguide/C/web-servers.xml:903(programlisting)
2731
#, no-wrap
2732
msgid ""
2733
"\n"
2734
"http_access allow biz_network biz_hours\n"
2735
msgstr ""
2736
2737
#: serverguide/C/web-servers.xml:910(para)
2738
msgid ""
2739
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2740
"save the file and restart the <application>squid</application> server "
2741
"application to effect the changes using the following command entered at a "
2742
"terminal prompt:"
2743
msgstr ""
2744
2745
#: serverguide/C/web-servers.xml:917(command)
2746
msgid "sudo /etc/init.d/squid restart"
2747
msgstr ""
2748
2749
#: serverguide/C/web-servers.xml:924(ulink)
2750
msgid "Squid Website"
2751
msgstr ""
2752
2753
#: serverguide/C/web-servers.xml:926(para)
2754
msgid ""
2755
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2756
"Squid</ulink> page."
2757
msgstr ""
2758
2759
#: serverguide/C/web-servers.xml:933(title)
2760
msgid "Ruby on Rails"
2761
msgstr ""
2762
2763
#: serverguide/C/web-servers.xml:934(para)
2764
msgid ""
2765
"Ruby on Rails is an open source web framework for developing database backed "
2766
"web applications. It is optimized for sustainable productivity of the "
2767
"programmer since it lets the programmer to write code by favouring "
2768
"convention over configuration."
2769
msgstr ""
2770
2771
#: serverguide/C/web-servers.xml:941(para)
2772
msgid ""
2773
"Before installing <application>Rails</application> you should install "
2774
"<application>Apache</application> and <application>MySQL</application>. To "
2775
"install the <application>Apache</application> package, please refer to <xref "
2776
"linkend=\"httpd\"/>. For instructions on installing "
2777
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2778
msgstr ""
2779
2780
#: serverguide/C/web-servers.xml:949(para)
2781
msgid ""
2782
"Once you have <application>Apache</application> and "
2783
"<application>MySQL</application> packages installed, you are ready to "
2784
"install <application>Ruby on Rails</application> package."
2785
msgstr ""
2786
2787
#: serverguide/C/web-servers.xml:956(para)
2788
msgid ""
2789
"To install the <application>Ruby</application> base packages and "
2790
"<application>Ruby on Rails</application>, you can enter the following "
2791
"command in the terminal prompt:"
2792
msgstr ""
2793
2794
#: serverguide/C/web-servers.xml:962(command)
2795
msgid "sudo apt-get install rails"
2796
msgstr ""
2797
2798
#: serverguide/C/web-servers.xml:968(para)
2799
msgid ""
2800
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2801
"configuration file to setup your domains."
2802
msgstr ""
2803
2804
#: serverguide/C/web-servers.xml:972(para)
2805
msgid ""
2806
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2807
msgstr ""
2808
2809
#: serverguide/C/web-servers.xml:976(programlisting)
2810
#, no-wrap
2811
msgid ""
2812
"\n"
2813
"DocumentRoot /path/to/rails/application/public\n"
2814
msgstr ""
2815
2816
#: serverguide/C/web-servers.xml:979(para)
2817
msgid ""
2818
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2819
"directive:"
2820
msgstr ""
2821
2822
#: serverguide/C/web-servers.xml:983(programlisting)
2823
#, no-wrap
2824
msgid ""
2825
"\n"
2826
"<Directory \"/path/to/rails/application/public\">\n"
2827
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2828
" AllowOverride All\n"
2829
" Order allow,deny\n"
2830
" allow from all\n"
2831
" AddHandler cgi-script .cgi\n"
2832
"</Directory>\n"
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:993(para)
2836
msgid ""
2837
"You should also enable the <application>mod_rewrite</application> module for "
2838
"Apache. To enable <application>mod_rewrite</application> module, please "
2839
"enter the following command in a terminal prompt:"
2840
msgstr ""
2841
2842
#: serverguide/C/web-servers.xml:999(command)
2843
msgid "sudo a2enmod rewrite"
2844
msgstr ""
2845
2846
#: serverguide/C/web-servers.xml:1002(para)
2847
msgid ""
2848
"Finally you will need to change the ownership of the "
2849
"<filename>/path/to/rails/application/public</filename> and "
2850
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2851
"used to run the <application>Apache</application> process:"
2852
msgstr ""
2853
2854
#: serverguide/C/web-servers.xml:1008(command)
2855
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2856
msgstr ""
2857
2858
#: serverguide/C/web-servers.xml:1009(command)
2859
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2860
msgstr ""
2861
2862
#: serverguide/C/web-servers.xml:1012(para)
2863
msgid ""
2864
"That's it! Now you have your Server ready for your <application>Ruby on "
2865
"Rails</application> applications."
2866
msgstr ""
2867
2868
#: serverguide/C/web-servers.xml:1021(para)
2869
msgid ""
2870
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2871
"for more information."
2872
msgstr ""
2873
2874
#: serverguide/C/web-servers.xml:1026(para)
2875
msgid ""
2876
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2877
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2878
"resource."
2879
msgstr ""
2880
2881
#: serverguide/C/web-servers.xml:1032(para)
2882
msgid ""
2883
"Another place for more information is the <ulink "
2884
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2885
"Wiki</ulink> page."
2886
msgstr ""
2887
2888
#: serverguide/C/web-servers.xml:1043(title)
2889
msgid "Apache Tomcat"
2890
msgstr ""
2891
2892
#: serverguide/C/web-servers.xml:1044(para)
2893
msgid ""
2894
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2895
"JSP (Java Server Pages) web applications."
2896
msgstr ""
2897
2898
#: serverguide/C/web-servers.xml:1046(para)
2899
msgid ""
2900
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2901
"different ways of running Tomcat. You can install them as a classic unique "
2902
"system-wide instance, that will be started at boot time and will run as the "
2903
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2904
"will run with your own user rights, and that you should start and stop by "
2905
"yourself. This second way is particularly useful in a development server "
2906
"context where multiple users need to test on their own private Tomcat "
2907
"instances."
2908
msgstr ""
2909
2910
#: serverguide/C/web-servers.xml:1056(title)
2911
msgid "System-wide installation"
2912
msgstr ""
2913
2914
#: serverguide/C/web-servers.xml:1057(para)
2915
msgid ""
2916
"To install the <application>Tomcat</application> server, you can enter the "
2917
"following command in the terminal prompt:"
2918
msgstr ""
2919
2920
#: serverguide/C/web-servers.xml:1060(command)
2921
msgid "sudo apt-get install tomcat6"
2922
msgstr ""
2923
2924
#: serverguide/C/web-servers.xml:1062(para)
2925
msgid ""
2926
"This will install a Tomcat server with just a default ROOT webapp that "
2927
"displays a minimal \"It works\" page by default."
2928
msgstr ""
2929
2930
#: serverguide/C/web-servers.xml:1068(para)
2931
msgid ""
2932
"Tomcat configuration files can be found in "
2933
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2934
"will be described here, please see <ulink "
2935
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2936
"documentation</ulink> for more."
2937
msgstr ""
2938
2939
#: serverguide/C/web-servers.xml:1074(title)
2940
msgid "Changing default ports"
2941
msgstr ""
2942
2943
#: serverguide/C/web-servers.xml:1075(para)
2944
msgid ""
2945
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2946
"connector on port 8009. You might want to change those default ports to "
2947
"avoid conflict with another server on the system. This is done by changing "
2948
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2949
msgstr ""
2950
2951
#: serverguide/C/web-servers.xml:1080(programlisting)
2952
#, no-wrap
2953
msgid ""
2954
"\n"
2955
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2956
" connectionTimeout=\"20000\" \n"
2957
" redirectPort=\"8443\" />\n"
2958
"...\n"
2959
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2960
"/>\n"
2961
msgstr ""
2962
2963
#: serverguide/C/web-servers.xml:1089(title)
2964
msgid "Changing JVM used"
2965
msgstr ""
2966
2967
#: serverguide/C/web-servers.xml:1090(para)
2968
msgid ""
2969
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2970
"then try some other JVMs. If you have various JVMs installed, you can set "
2971
"which should be used by setting JAVA_HOME in "
2972
"<filename>/etc/default/tomcat6</filename>:"
2973
msgstr ""
2974
2975
#: serverguide/C/web-servers.xml:1094(programlisting)
2976
#, no-wrap
2977
msgid ""
2978
"\n"
2979
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2980
msgstr ""
2981
2982
#: serverguide/C/web-servers.xml:1099(title)
2983
msgid "Declaring users and roles"
2984
msgstr ""
2985
2986
#: serverguide/C/web-servers.xml:1100(para)
2987
msgid ""
2988
"Usernames, passwords and roles (groups) can be defined centrally in a "
2989
"Servlet container. In Tomcat 6.0 this is done in the "
2990
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:1103(programlisting)
2994
#, no-wrap
2995
msgid ""
2996
"\n"
2997
"<role rolename=\"admin\"/>\n"
2998
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:1111(title)
3002
msgid "Using Tomcat standard webapps"
3003
msgstr ""
3004
3005
#: serverguide/C/web-servers.xml:1112(para)
3006
msgid ""
3007
"Tomcat is shipped with webapps that you can install for documentation, "
3008
"administration or demo purposes."
3009
msgstr ""
3010
3011
#: serverguide/C/web-servers.xml:1115(title)
3012
msgid "Tomcat documentation"
3013
msgstr ""
3014
3015
#: serverguide/C/web-servers.xml:1116(para)
3016
msgid ""
3017
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3018
"documentation, packaged as a webapp that you can access by default at "
3019
"http://yourserver:8080/docs. You can install it by entering the following "
3020
"command in the terminal prompt:"
3021
msgstr ""
3022
3023
#: serverguide/C/web-servers.xml:1121(command)
3024
msgid "sudo apt-get install tomcat6-docs"
3025
msgstr ""
3026
3027
#: serverguide/C/web-servers.xml:1125(title)
3028
msgid "Tomcat administration webapps"
3029
msgstr ""
3030
3031
#: serverguide/C/web-servers.xml:1126(para)
3032
msgid ""
3033
"The <application>tomcat6-admin</application> package contains two webapps "
3034
"that can be used to administer the Tomcat server using a web interface. You "
3035
"can install them by entering the following command in the terminal prompt:"
3036
msgstr ""
3037
3038
#: serverguide/C/web-servers.xml:1131(command)
3039
msgid "sudo apt-get install tomcat6-admin"
3040
msgstr ""
3041
3042
#: serverguide/C/web-servers.xml:1133(para)
3043
msgid ""
3044
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3045
"access by default at http://yourserver:8080/manager/html. It is primarily "
3046
"used to get server status and restart webapps."
3047
msgstr ""
3048
3049
#: serverguide/C/web-servers.xml:1136(para)
3050
msgid ""
3051
"Access to the <emphasis>manager</emphasis> application is protected by "
3052
"default: you need to define a user with the role \"manager\" in "
3053
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3054
msgstr ""
3055
3056
#: serverguide/C/web-servers.xml:1140(para)
3057
msgid ""
3058
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3059
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3060
"used to create virtual hosts dynamically."
3061
msgstr ""
3062
3063
#: serverguide/C/web-servers.xml:1144(para)
3064
msgid ""
3065
"Access to the <emphasis>host-manager</emphasis> application is also "
3066
"protected by default: you need to define a user with the role \"admin\" in "
3067
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3068
msgstr ""
3069
3070
#: serverguide/C/web-servers.xml:1149(para)
3071
msgid ""
3072
"For security reasons, the tomcat6 user cannot write to the "
3073
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3074
"these admin webapps (application deployment, virtual host creation) need "
3075
"write access to that directory. If you want to use these features execute "
3076
"the following, to give users in the tomcat6 group the necessary rights:"
3077
msgstr ""
3078
3079
#: serverguide/C/web-servers.xml:1156(command)
3080
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3081
msgstr ""
3082
3083
#: serverguide/C/web-servers.xml:1157(command)
3084
msgid "sudo chmod -R g+w /etc/tomcat6"
3085
msgstr ""
3086
3087
#: serverguide/C/web-servers.xml:1162(title)
3088
msgid "Tomcat examples webapps"
3089
msgstr ""
3090
3091
#: serverguide/C/web-servers.xml:1163(para)
3092
msgid ""
3093
"The <application>tomcat6-examples</application> package contains two webapps "
3094
"that can be used to test or demonstrate Servlets and JSP features, which you "
3095
"can access them by default at http://yourserver:8080/examples. You can "
3096
"install them by entering the following command in the terminal prompt:"
3097
msgstr ""
3098
3099
#: serverguide/C/web-servers.xml:1169(command)
3100
msgid "sudo apt-get install tomcat6-examples"
3101
msgstr ""
3102
3103
#: serverguide/C/web-servers.xml:1175(title)
3104
msgid "Using private instances"
3105
msgstr ""
3106
3107
#: serverguide/C/web-servers.xml:1176(para)
3108
msgid ""
3109
"Tomcat is heavily used in development and testing scenarios where using a "
3110
"single system-wide instance doesn't meet the requirements of multiple users "
3111
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3112
"help deploy your own user-oriented instances, allowing every user on a "
3113
"system to run (without root rights) separate private instances while still "
3114
"using the system-installed libraries."
3115
msgstr ""
3116
3117
#: serverguide/C/web-servers.xml:1183(para)
3118
msgid ""
3119
"It is possible to run the system-wide instance and the private instances in "
3120
"parallel, as long as they do not use the same TCP ports."
3121
msgstr ""
3122
3123
#: serverguide/C/web-servers.xml:1187(title)
3124
msgid "Installing private instance support"
3125
msgstr ""
3126
3127
#: serverguide/C/web-servers.xml:1188(para)
3128
msgid ""
3129
"You can install everything necessary to run private instances by entering "
3130
"the following command in the terminal prompt:"
3131
msgstr ""
3132
3133
#: serverguide/C/web-servers.xml:1191(command)
3134
msgid "sudo apt-get install tomcat6-user"
3135
msgstr ""
3136
3137
#: serverguide/C/web-servers.xml:1195(title)
3138
msgid "Creating a private instance"
3139
msgstr ""
3140
3141
#: serverguide/C/web-servers.xml:1196(para)
3142
msgid ""
3143
"You can create a private instance directory by entering the following "
3144
"command in the terminal prompt:"
3145
msgstr ""
3146
3147
#: serverguide/C/web-servers.xml:1199(command)
3148
msgid "tomcat6-instance-create my-instance"
3149
msgstr ""
3150
3151
#: serverguide/C/web-servers.xml:1201(para)
3152
msgid ""
3153
"This will create a new <filename>my-instance</filename> directory with all "
3154
"the necessary subdirectories and scripts. You can for example install your "
3155
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3156
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3157
"are deployed by default."
3158
msgstr ""
3159
3160
#: serverguide/C/web-servers.xml:1209(title)
3161
msgid "Configuring your private instance"
3162
msgstr ""
3163
3164
#: serverguide/C/web-servers.xml:1210(para)
3165
msgid ""
3166
"You will find the classic Tomcat configuration files for your private "
3167
"instance in the <filename>conf/</filename> subdirectory. You should for "
3168
"example certainly edit the <filename>conf/server.xml</filename> file to "
3169
"change the default ports used by your private Tomcat instance to avoid "
3170
"conflict with other instances that might be running."
3171
msgstr ""
3172
3173
#: serverguide/C/web-servers.xml:1218(title)
3174
msgid "Starting/stopping your private instance"
3175
msgstr ""
3176
3177
#: serverguide/C/web-servers.xml:1219(para)
3178
msgid ""
3179
"You can start your private instance by entering the following command in the "
3180
"terminal prompt (supposing your instance is located in the <filename>my-"
3181
"instance</filename> directory):"
3182
msgstr ""
3183
3184
#: serverguide/C/web-servers.xml:1223(command)
3185
msgid "my-instance/bin/startup.sh"
3186
msgstr ""
3187
3188
#: serverguide/C/web-servers.xml:1225(para)
3189
msgid ""
3190
"You should check the <filename>logs/</filename> subdirectory for any error. "
3191
"If you have a <emphasis>java.net.BindException: Address already in "
3192
"use<null>:8080</emphasis> error, it means that the port you're using "
3193
"is already taken and that you should change it."
3194
msgstr ""
3195
3196
#: serverguide/C/web-servers.xml:1230(para)
3197
msgid ""
3198
"You can stop your instance by entering the following command in the terminal "
3199
"prompt (supposing your instance is located in the <filename>my-"
3200
"instance</filename> directory):"
3201
msgstr ""
3202
3203
#: serverguide/C/web-servers.xml:1234(command)
3204
msgid "my-instance/bin/shutdown.sh"
3205
msgstr ""
3206
3207
#: serverguide/C/web-servers.xml:1243(para)
3208
msgid ""
3209
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3210
"website for more information."
3211
msgstr ""
3212
3213
#: serverguide/C/web-servers.xml:1248(para)
3214
msgid ""
3215
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3216
"Definitive Guide</ulink> is a good resource for building web applications "
3217
"with Tomcat."
3218
msgstr ""
3219
3220
#: serverguide/C/web-servers.xml:1254(para)
3221
msgid ""
3222
"For additional books see the <ulink "
3223
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3224
"page."
3225
msgstr ""
3226
3227
#: serverguide/C/web-servers.xml:1259(para)
3228
msgid ""
3229
"Also, see the<ulink "
3230
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3231
"Tomcat</ulink> page."
3232
msgstr ""
3233
3234
#: serverguide/C/vpn.xml:13(title)
3235
msgid "VPN"
3236
msgstr ""
3237
3238
#: serverguide/C/vpn.xml:15(para)
3239
msgid ""
3240
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3241
"network connection between two or more networks. There are several ways to "
3242
"create a VPN using software as well as dedicated hardware appliances. This "
3243
"chapter will cover installing and configuring "
3244
"<application>OpenVPN</application> to create a VPN between two servers."
3245
msgstr ""
3246
3247
#: serverguide/C/vpn.xml:23(title)
3248
msgid "OpenVPN"
3249
msgstr ""
3250
3251
#: serverguide/C/vpn.xml:25(para)
3252
msgid ""
3253
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3254
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3255
"clients through a bridge interface on the VPN server. This guide will assume "
3256
"that one VPN node, the server in this case, has a bridge interface "
3257
"configured. For more information on setting up a bridge see <xref "
3258
"linkend=\"bridging\"/>."
3259
msgstr ""
3260
3261
#: serverguide/C/vpn.xml:35(para)
3262
msgid "To install <application>openvpn</application> in a terminal enter:"
3263
msgstr ""
3264
3265
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3266
msgid "sudo apt-get install openvpn"
3267
msgstr ""
3268
3269
#: serverguide/C/vpn.xml:45(title)
3270
msgid "Server Certificates"
3271
msgstr ""
3272
3273
#: serverguide/C/vpn.xml:47(para)
3274
msgid ""
3275
"Now that the <application>openvpn</application> package is installed, the "
3276
"certificates for the VPN server need to be created."
3277
msgstr ""
3278
3279
#: serverguide/C/vpn.xml:52(para)
3280
msgid ""
3281
"First, copy the <filename>easy-rsa</filename> directory to "
3282
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3283
"scripts will not be lost when the package is updated. You will also need to "
3284
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3285
"the current user permission to create files. From a terminal enter:"
3286
msgstr ""
3287
3288
#: serverguide/C/vpn.xml:59(command)
3289
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3290
msgstr ""
3291
3292
#: serverguide/C/vpn.xml:60(command)
3293
msgid ""
3294
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3295
"rsa/"
3296
msgstr ""
3297
3298
#: serverguide/C/vpn.xml:61(command)
3299
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3300
msgstr ""
3301
3302
#: serverguide/C/vpn.xml:64(para)
3303
msgid ""
3304
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3305
"following to your environment:"
3306
msgstr ""
3307
3308
#: serverguide/C/vpn.xml:68(programlisting)
3309
#, no-wrap
3310
msgid ""
3311
"\n"
3312
"export KEY_COUNTRY=\"US\"\n"
3313
"export KEY_PROVINCE=\"NC\"\n"
3314
"export KEY_CITY=\"Winston-Salem\"\n"
3315
"export KEY_ORG=\"Example Company\"\n"
3316
"export KEY_EMAIL=\"steve@example.com\"\n"
3317
msgstr ""
3318
3319
#: serverguide/C/vpn.xml:76(para)
3320
msgid "Enter the following to create the server certificates:"
3321
msgstr ""
3322
3323
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3324
msgid "cd /etc/openvpn/easy-rsa/"
3325
msgstr ""
3326
3327
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3328
msgid "source vars"
3329
msgstr ""
3330
3331
#: serverguide/C/vpn.xml:83(command)
3332
msgid "./clean-all"
3333
msgstr ""
3334
3335
#: serverguide/C/vpn.xml:84(command)
3336
msgid "./build-dh"
3337
msgstr ""
3338
3339
#: serverguide/C/vpn.xml:85(command)
3340
msgid "./pkitool --initca"
3341
msgstr ""
3342
3343
#: serverguide/C/vpn.xml:86(command)
3344
msgid "./pkitool --server server"
3345
msgstr ""
3346
3347
#: serverguide/C/vpn.xml:87(command)
3348
msgid "cd keys"
3349
msgstr ""
3350
3351
#: serverguide/C/vpn.xml:88(command)
3352
msgid "openvpn --genkey --secret ta.key"
3353
msgstr ""
3354
3355
#: serverguide/C/vpn.xml:89(command)
3356
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3357
msgstr ""
3358
3359
#: serverguide/C/vpn.xml:94(title)
3360
msgid "Client Certificates"
3361
msgstr ""
3362
3363
#: serverguide/C/vpn.xml:96(para)
3364
msgid ""
3365
"The VPN client will also need a certificate to authenticate itself to the "
3366
"server. To create the certificate, enter the following in a terminal:"
3367
msgstr ""
3368
3369
#: serverguide/C/vpn.xml:104(command)
3370
msgid "./pkitool hostname"
3371
msgstr ""
3372
3373
#: serverguide/C/vpn.xml:108(para)
3374
msgid ""
3375
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3376
"machine connecting to the VPN."
3377
msgstr ""
3378
3379
#: serverguide/C/vpn.xml:113(para)
3380
msgid "Copy the following files to the client:"
3381
msgstr ""
3382
3383
#: serverguide/C/vpn.xml:118(para)
3384
msgid "/etc/openvpn/ca.crt"
3385
msgstr ""
3386
3387
#: serverguide/C/vpn.xml:119(para)
3388
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3389
msgstr ""
3390
3391
#: serverguide/C/vpn.xml:120(para)
3392
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3393
msgstr ""
3394
3395
#: serverguide/C/vpn.xml:121(para)
3396
msgid "/etc/openvpn/ta.key"
3397
msgstr ""
3398
3399
#: serverguide/C/vpn.xml:125(para)
3400
msgid ""
3401
"Remember to adjust the above file names for your client machine's "
3402
"<emphasis>hostname</emphasis>."
3403
msgstr ""
3404
3405
#: serverguide/C/vpn.xml:130(para)
3406
msgid ""
3407
"It is best to use a secure method to copy the certificate and key files. The "
3408
"<application>scp</application> utility is a good choice, but copying the "
3409
"files to removable media then to the client, also works well."
3410
msgstr ""
3411
3412
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3413
msgid "Server Configuration"
3414
msgstr ""
3415
3416
#: serverguide/C/vpn.xml:143(para)
3417
msgid ""
3418
"Now configure the <application>openvpn</application> server by creating "
3419
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3420
"terminal enter:"
3421
msgstr ""
3422
3423
#: serverguide/C/vpn.xml:149(command)
3424
msgid ""
3425
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3426
"/etc/openvpn/"
3427
msgstr ""
3428
3429
#: serverguide/C/vpn.xml:150(command)
3430
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3431
msgstr ""
3432
3433
#: serverguide/C/vpn.xml:153(para)
3434
msgid ""
3435
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3436
"options to:"
3437
msgstr ""
3438
3439
#: serverguide/C/vpn.xml:157(programlisting)
3440
#, no-wrap
3441
msgid ""
3442
"\n"
3443
"local 172.18.100.101\n"
3444
"dev tap0\n"
3445
"up \"/etc/openvpn/up.sh br0\"\n"
3446
"down \"/etc/openvpn/down.sh br0\"\n"
3447
";server 10.8.0.0 255.255.255.0\n"
3448
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3449
"push \"route 172.18.100.1 255.255.255.0\"\n"
3450
"push \"dhcp-option DNS 172.18.100.20\"\n"
3451
"push \"dhcp-option DOMAIN example.com\"\n"
3452
"tls-auth ta.key 0 # This file is secret\n"
3453
"user nobody\n"
3454
"group nogroup\n"
3455
msgstr ""
3456
3457
#: serverguide/C/vpn.xml:174(para)
3458
msgid ""
3459
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3460
msgstr ""
3461
3462
#: serverguide/C/vpn.xml:179(para)
3463
msgid ""
3464
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3465
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3466
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3467
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3468
"to clients."
3469
msgstr ""
3470
3471
#: serverguide/C/vpn.xml:186(para)
3472
msgid ""
3473
"<emphasis>push</emphasis>: are directives to add networking options for "
3474
"clients."
3475
msgstr ""
3476
3477
#: serverguide/C/vpn.xml:191(para)
3478
msgid ""
3479
"<emphasis>user and group</emphasis>: configure which user and group the "
3480
"<application>openvpn</application> daemon executes as."
3481
msgstr ""
3482
3483
#: serverguide/C/vpn.xml:198(para)
3484
msgid ""
3485
"Replace all IP addresses and domain names above with those of your network."
3486
msgstr ""
3487
3488
#: serverguide/C/vpn.xml:203(para)
3489
msgid ""
3490
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3491
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3492
msgstr ""
3493
3494
#: serverguide/C/vpn.xml:207(programlisting)
3495
#, no-wrap
3496
msgid ""
3497
"\n"
3498
"#!/bin/sh\n"
3499
"\n"
3500
"BR=$1\n"
3501
"DEV=$2\n"
3502
"MTU=$3\n"
3503
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3504
"/usr/sbin/brctl addif $BR $DEV\n"
3505
msgstr ""
3506
3507
#: serverguide/C/vpn.xml:217(para)
3508
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3509
msgstr ""
3510
3511
#: serverguide/C/vpn.xml:221(programlisting)
3512
#, no-wrap
3513
msgid ""
3514
"\n"
3515
"#!/bin/sh\n"
3516
"\n"
3517
"BR=$1\n"
3518
"DEV=$2\n"
3519
"\n"
3520
"/usr/sbin/brctl delif $BR $DEV\n"
3521
"/sbin/ifconfig $DEV down\n"
3522
msgstr ""
3523
3524
#: serverguide/C/vpn.xml:231(para)
3525
msgid "Then make them executable:"
3526
msgstr ""
3527
3528
#: serverguide/C/vpn.xml:236(command)
3529
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3530
msgstr ""
3531
3532
#: serverguide/C/vpn.xml:237(command)
3533
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3534
msgstr ""
3535
3536
#: serverguide/C/vpn.xml:240(para)
3537
msgid ""
3538
"After configuring the server, restart <application>openvpn</application> by "
3539
"entering:"
3540
msgstr ""
3541
3542
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3543
msgid "sudo /etc/init.d/openvpn restart"
3544
msgstr ""
3545
3546
#: serverguide/C/vpn.xml:250(title)
3547
msgid "Client Configuration"
3548
msgstr ""
3549
3550
#: serverguide/C/vpn.xml:252(para)
3551
msgid "First, install <application>openvpn</application> on the client:"
3552
msgstr ""
3553
3554
#: serverguide/C/vpn.xml:260(para)
3555
msgid ""
3556
"Then with the server configured and the client certificates copied to the "
3557
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3558
"file by copying the example. In a terminal on the client machine enter:"
3559
msgstr ""
3560
3561
#: serverguide/C/vpn.xml:266(command)
3562
msgid ""
3563
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3564
"/etc/openvpn"
3565
msgstr ""
3566
3567
#: serverguide/C/vpn.xml:269(para)
3568
msgid ""
3569
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3570
"following options:"
3571
msgstr ""
3572
3573
#: serverguide/C/vpn.xml:273(programlisting)
3574
#, no-wrap
3575
msgid ""
3576
"\n"
3577
"dev tap\n"
3578
"remote vpn.example.com 1194\n"
3579
"cert hostname.crt\n"
3580
"key hostname.key\n"
3581
"tls-auth ta.key 1\n"
3582
msgstr ""
3583
3584
#: serverguide/C/vpn.xml:282(para)
3585
msgid ""
3586
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3587
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3588
"key filenames."
3589
msgstr ""
3590
3591
#: serverguide/C/vpn.xml:288(para)
3592
msgid "Finally, restart <application>openvpn</application>:"
3593
msgstr ""
3594
3595
#: serverguide/C/vpn.xml:296(para)
3596
msgid "You should now be able to connect to the remote LAN through the VPN."
3597
msgstr ""
3598
3599
#: serverguide/C/vpn.xml:307(para)
3600
msgid ""
3601
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3602
"additional information."
3603
msgstr ""
3604
3605
#: serverguide/C/vpn.xml:312(para)
3606
msgid ""
3607
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3608
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3609
msgstr ""
3610
3611
#: serverguide/C/vpn.xml:318(para)
3612
msgid ""
3613
"Another source of further information is the <ulink "
3614
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3615
"OpenVPN</ulink> page."
3616
msgstr ""
3617
3618
#: serverguide/C/virtualization.xml:13(title)
3619
msgid "Virtualization"
3620
msgstr ""
3621
3622
#: serverguide/C/virtualization.xml:14(para)
3623
msgid ""
3624
"Virtualization is being adopted in many different environments and "
3625
"situations. If you are a developer, virtualization can provide you with a "
3626
"contained environment where you can safely do almost any sort of development "
3627
"safe from messing up your main working environment. If you are a systems "
3628
"administrator, you can use virtualization to more easily separate your "
3629
"services and move them around based on demand."
3630
msgstr ""
3631
3632
#: serverguide/C/virtualization.xml:20(para)
3633
msgid ""
3634
"The default virtualization technology supported in Ubuntu is "
3635
"<application>KVM</application>, a technology that takes advantage of "
3636
"virtualization extensions built into Intel and AMD hardware. For hardware "
3637
"without virtualization extensions <application>Xen</application> and "
3638
"<application>Qemu</application> are popular solutions."
3639
msgstr ""
3640
3641
#: serverguide/C/virtualization.xml:27(title)
3642
msgid "libvirt"
3643
msgstr ""
3644
3645
#: serverguide/C/virtualization.xml:28(para)
3646
msgid ""
3647
"The <application>libvirt</application> library is used to interface with "
3648
"different virtualization technologies. Before getting started with "
3649
"<application>libvirt</application> it is best to make sure your hardware "
3650
"supports the necessary virtualization extensions for "
3651
"<application>KVM</application>. Enter the following from a terminal prompt:"
3652
msgstr ""
3653
3654
#: serverguide/C/virtualization.xml:35(command)
3655
msgid "kvm-ok"
3656
msgstr ""
3657
3658
#: serverguide/C/virtualization.xml:37(para)
3659
msgid ""
3660
"A message will be printed informing you if your CPU "
3661
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3662
"virtualization."
3663
msgstr ""
3664
3665
#: serverguide/C/virtualization.xml:41(para)
3666
msgid ""
3667
"On most computer whose processor supports virtualization, it is necessary to "
3668
"activate an option in the BIOS to enable it."
3669
msgstr ""
3670
3671
#: serverguide/C/virtualization.xml:47(title)
3672
msgid "Virtual Networking"
3673
msgstr ""
3674
3675
#: serverguide/C/virtualization.xml:49(para)
3676
msgid ""
3677
"There are a few different ways to allow a virtual machine access to the "
3678
"external network. The default virtual network configuration is "
3679
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3680
"traffic is NATed through the host interface to the outside network."
3681
msgstr ""
3682
3683
#: serverguide/C/virtualization.xml:54(para)
3684
msgid ""
3685
"To enable external hosts to directly access services on virtual machines a "
3686
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3687
"interfaces to connect to the outside network through the physical interface, "
3688
"making them appear as normal hosts to the rest of the network. For "
3689
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3690
msgstr ""
3691
3692
#: serverguide/C/virtualization.xml:63(para)
3693
msgid "To install the necessary packages, from a terminal prompt enter:"
3694
msgstr ""
3695
3696
#: serverguide/C/virtualization.xml:67(command)
3697
msgid "sudo apt-get install kvm libvirt-bin"
3698
msgstr ""
3699
3700
#: serverguide/C/virtualization.xml:69(para)
3701
msgid ""
3702
"After installing <application>libvirt-bin</application>, the user used to "
3703
"manage virtual machines will need to be added to the "
3704
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3705
"the advanced networking options."
3706
msgstr ""
3707
3708
#: serverguide/C/virtualization.xml:73(para)
3709
msgid "In a terminal enter:"
3710
msgstr ""
3711
3712
#: serverguide/C/virtualization.xml:77(command)
3713
msgid "sudo adduser $USER libvirtd"
3714
msgstr ""
3715
3716
#: serverguide/C/virtualization.xml:80(para)
3717
msgid ""
3718
"If the user chosen is the current user, you will need to log out and back in "
3719
"for the new group membership to take effect."
3720
msgstr ""
3721
3722
#: serverguide/C/virtualization.xml:84(para)
3723
msgid ""
3724
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3725
"Installing a virtual machine follows the same process as installing the "
3726
"operating system directly on the hardware. You either need a way to automate "
3727
"the installation, or a keyboard and monitor will need to be attached to the "
3728
"physical machine."
3729
msgstr ""
3730
3731
#: serverguide/C/virtualization.xml:89(para)
3732
msgid ""
3733
"In the case of virtual machines a Graphical User Interface (GUI) is "
3734
"analogous to using a physical keyboard and mouse. Instead of installing a "
3735
"GUI the <application>virt-viewer</application> application can be used to "
3736
"connect to a virtual machine's console using <application>VNC</application>. "
3737
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3738
msgstr ""
3739
3740
#: serverguide/C/virtualization.xml:94(para)
3741
msgid ""
3742
"There are several ways to automate the Ubuntu installation process, for "
3743
"example using preseeds, kickstart, etc. Refer to the <ulink "
3744
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3745
"Installation Guide</ulink> for details."
3746
msgstr ""
3747
3748
#: serverguide/C/virtualization.xml:98(para)
3749
msgid ""
3750
"Yet another way to install an Ubuntu virtual machine is to use "
3751
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3752
"builder</application> allows you to setup advanced partitions, execute "
3753
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3754
"vmbuilder\"/>"
3755
msgstr ""
3756
3757
#: serverguide/C/virtualization.xml:104(title)
3758
msgid "virt-install"
3759
msgstr ""
3760
3761
#: serverguide/C/virtualization.xml:105(para)
3762
msgid ""
3763
"<application>virt-install</application> is part of the <application>python-"
3764
"virtinst</application> package. To install it, from a terminal prompt enter:"
3765
msgstr ""
3766
3767
#: serverguide/C/virtualization.xml:109(command)
3768
msgid "sudo apt-get install python-virtinst"
3769
msgstr ""
3770
3771
#: serverguide/C/virtualization.xml:111(para)
3772
msgid ""
3773
"There are several options available when using <application>virt-"
3774
"install</application>. For example:"
3775
msgstr ""
3776
3777
#: serverguide/C/virtualization.xml:115(command)
3778
msgid ""
3779
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3780
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3781
msgstr ""
3782
3783
#: serverguide/C/virtualization.xml:122(para)
3784
msgid ""
3785
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3786
"be <emphasis>web_devel</emphasis> in this example."
3787
msgstr ""
3788
3789
#: serverguide/C/virtualization.xml:127(para)
3790
msgid ""
3791
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3792
"machine will use."
3793
msgstr ""
3794
3795
#: serverguide/C/virtualization.xml:132(para)
3796
msgid ""
3797
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3798
"disk which can be a file, partition, or logical volume. In this example a "
3799
"file named <filename>web_devel.img</filename>."
3800
msgstr ""
3801
3802
#: serverguide/C/virtualization.xml:138(para)
3803
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3804
msgstr ""
3805
3806
#: serverguide/C/virtualization.xml:143(para)
3807
msgid ""
3808
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3809
"file can be either an ISO file or the path to the host's CDROM device."
3810
msgstr ""
3811
3812
#: serverguide/C/virtualization.xml:149(para)
3813
msgid ""
3814
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3815
"technologies."
3816
msgstr ""
3817
3818
#: serverguide/C/virtualization.xml:154(para)
3819
msgid ""
3820
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3821
msgstr ""
3822
3823
#: serverguide/C/virtualization.xml:159(para)
3824
msgid ""
3825
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3826
"virtual machine's console."
3827
msgstr ""
3828
3829
#: serverguide/C/virtualization.xml:164(para)
3830
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3831
msgstr ""
3832
3833
#: serverguide/C/virtualization.xml:169(para)
3834
msgid ""
3835
"After launching <application>virt-install</application> you can connect to "
3836
"the virtual machine's console either locally using a GUI or with the "
3837
"<application>virt-viewer</application> utility."
3838
msgstr ""
3839
3840
#: serverguide/C/virtualization.xml:175(title)
3841
msgid "virt-clone"
3842
msgstr ""
3843
3844
#: serverguide/C/virtualization.xml:176(para)
3845
msgid ""
3846
"The <application>virt-clone</application> application can be used to copy "
3847
"one virtual machine to another. For example:"
3848
msgstr ""
3849
3850
#: serverguide/C/virtualization.xml:180(command)
3851
msgid ""
3852
"sudo virt-clone -o web_devel -n database_devel -f "
3853
"/path/to/database_devel.img --connect=qemu:///system"
3854
msgstr ""
3855
3856
#: serverguide/C/virtualization.xml:184(para)
3857
msgid "<emphasis>-o:</emphasis> original virtual machine."
3858
msgstr ""
3859
3860
#: serverguide/C/virtualization.xml:189(para)
3861
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3862
msgstr ""
3863
3864
#: serverguide/C/virtualization.xml:194(para)
3865
msgid ""
3866
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3867
"be used by the new virtual machine."
3868
msgstr ""
3869
3870
#: serverguide/C/virtualization.xml:199(para)
3871
msgid ""
3872
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3873
msgstr ""
3874
3875
#: serverguide/C/virtualization.xml:204(para)
3876
msgid ""
3877
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3878
"help troubleshoot problems with <application>virt-clone</application>."
3879
msgstr ""
3880
3881
#: serverguide/C/virtualization.xml:209(para)
3882
msgid ""
3883
"Replace <emphasis>web_devel</emphasis> and "
3884
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3885
msgstr ""
3886
3887
#: serverguide/C/virtualization.xml:215(title)
3888
msgid "Virtual Machine Management"
3889
msgstr ""
3890
3891
#: serverguide/C/virtualization.xml:217(title)
3892
msgid "virsh"
3893
msgstr ""
3894
3895
#: serverguide/C/virtualization.xml:218(para)
3896
msgid ""
3897
"There are several utilities available to manage virtual machines and "
3898
"<application>libvirt</application>. The <application>virsh</application> "
3899
"utility can be used from the command line. Some examples:"
3900
msgstr ""
3901
3902
#: serverguide/C/virtualization.xml:224(para)
3903
msgid "To list running virtual machines:"
3904
msgstr ""
3905
3906
#: serverguide/C/virtualization.xml:228(command)
3907
msgid "virsh -c qemu:///system list"
3908
msgstr ""
3909
3910
#: serverguide/C/virtualization.xml:232(para)
3911
msgid "To start a virtual machine:"
3912
msgstr ""
3913
3914
#: serverguide/C/virtualization.xml:236(command)
3915
msgid "virsh -c qemu:///system start web_devel"
3916
msgstr ""
3917
3918
#: serverguide/C/virtualization.xml:240(para)
3919
msgid "Similarly, to start a virtual machine at boot:"
3920
msgstr ""
3921
3922
#: serverguide/C/virtualization.xml:244(command)
3923
msgid "virsh -c qemu:///system autostart web_devel"
3924
msgstr ""
3925
3926
#: serverguide/C/virtualization.xml:248(para)
3927
msgid "Reboot a virtual machine with:"
3928
msgstr ""
3929
3930
#: serverguide/C/virtualization.xml:252(command)
3931
msgid "virsh -c qemu:///system reboot web_devel"
3932
msgstr ""
3933
3934
#: serverguide/C/virtualization.xml:256(para)
3935
msgid ""
3936
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3937
"order to be restored later. The following will save the virtual machine "
3938
"state into a file named according to the date:"
3939
msgstr ""
3940
3941
#: serverguide/C/virtualization.xml:261(command)
3942
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3943
msgstr ""
3944
3945
#: serverguide/C/virtualization.xml:263(para)
3946
msgid "Once saved the virtual machine will no longer be running."
3947
msgstr ""
3948
3949
#: serverguide/C/virtualization.xml:268(para)
3950
msgid "A saved virtual machine can be restored using:"
3951
msgstr ""
3952
3953
#: serverguide/C/virtualization.xml:272(command)
3954
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3955
msgstr ""
3956
3957
#: serverguide/C/virtualization.xml:276(para)
3958
msgid "To shutdown a virtual machine do:"
3959
msgstr ""
3960
3961
#: serverguide/C/virtualization.xml:280(command)
3962
msgid "virsh -c qemu:///system shutdown web_devel"
3963
msgstr ""
3964
3965
#: serverguide/C/virtualization.xml:284(para)
3966
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3967
msgstr ""
3968
3969
#: serverguide/C/virtualization.xml:288(command)
3970
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3971
msgstr ""
3972
3973
#: serverguide/C/virtualization.xml:293(para)
3974
msgid ""
3975
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3976
"appropriate virtual machine name, and <filename>web_devel-"
3977
"022708.state</filename> with a descriptive file name."
3978
msgstr ""
3979
3980
#: serverguide/C/virtualization.xml:300(title)
3981
msgid "Virtual Machine Manager"
3982
msgstr ""
3983
3984
#: serverguide/C/virtualization.xml:301(para)
3985
msgid ""
3986
"The <application>virt-manager</application> package contains a graphical "
3987
"utility to manage local and remote virtual machines. To install virt-manager "
3988
"enter:"
3989
msgstr ""
3990
3991
#: serverguide/C/virtualization.xml:306(command)
3992
msgid "sudo apt-get install virt-manager"
3993
msgstr ""
3994
3995
#: serverguide/C/virtualization.xml:308(para)
3996
msgid ""
3997
"Since <application>virt-manager</application> requires a Graphical User "
3998
"Interface (GUI) environment it is recommended to be installed on a "
3999
"workstation or test machine instead of a production server. To connect to "
4000
"the local <application>libvirt</application> service enter:"
4001
msgstr ""
4002
4003
#: serverguide/C/virtualization.xml:314(command)
4004
msgid "virt-manager -c qemu:///system"
4005
msgstr ""
4006
4007
#: serverguide/C/virtualization.xml:316(para)
4008
msgid ""
4009
"You can connect to the <application>libvirt</application> service running on "
4010
"another host by entering the following in a terminal prompt:"
4011
msgstr ""
4012
4013
#: serverguide/C/virtualization.xml:320(command)
4014
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4015
msgstr ""
4016
4017
#: serverguide/C/virtualization.xml:323(para)
4018
msgid ""
4019
"The above example assumes that <application>SSH</application> connectivity "
4020
"between the management system and virtnode1.mydomain.com has already been "
4021
"configured, and uses SSH keys for authentication. SSH "
4022
"<emphasis>keys</emphasis> are needed because "
4023
"<application>libvirt</application> sends the password prompt to another "
4024
"process. For details on configuring <application>SSH</application> see <xref "
4025
"linkend=\"openssh-server\"/>"
4026
msgstr ""
4027
4028
#: serverguide/C/virtualization.xml:333(title)
4029
msgid "Virtual Machine Viewer"
4030
msgstr ""
4031
4032
#: serverguide/C/virtualization.xml:334(para)
4033
msgid ""
4034
"The <application>virt-viewer</application> application allows you to connect "
4035
"to a virtual machine's console. <application>virt-viewer</application> does "
4036
"require a Graphical User Interface (GUI) to interface with the virtual "
4037
"machine."
4038
msgstr ""
4039
4040
#: serverguide/C/virtualization.xml:338(para)
4041
msgid ""
4042
"To install <application>virt-viewer</application> from a terminal enter:"
4043
msgstr ""
4044
4045
#: serverguide/C/virtualization.xml:342(command)
4046
msgid "sudo apt-get install virt-viewer"
4047
msgstr ""
4048
4049
#: serverguide/C/virtualization.xml:344(para)
4050
msgid ""
4051
"Once a virtual machine is installed and running you can connect to the "
4052
"virtual machine's console by using:"
4053
msgstr ""
4054
4055
#: serverguide/C/virtualization.xml:348(command)
4056
msgid "virt-viewer -c qemu:///system web_devel"
4057
msgstr ""
4058
4059
#: serverguide/C/virtualization.xml:350(para)
4060
msgid ""
4061
"Similar to <application>virt-manager</application>, <application>virt-"
4062
"viewer</application> can connect to a remote host using "
4063
"<emphasis>SSH</emphasis> with key authentication, as well:"
4064
msgstr ""
4065
4066
#: serverguide/C/virtualization.xml:355(command)
4067
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4068
msgstr ""
4069
4070
#: serverguide/C/virtualization.xml:357(para)
4071
msgid ""
4072
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4073
"appropriate virtual machine name."
4074
msgstr ""
4075
4076
#: serverguide/C/virtualization.xml:360(para)
4077
msgid ""
4078
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4079
"can also setup <application>SSH</application> access to the virtual machine. "
4080
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4081
"more details."
4082
msgstr ""
4083
4084
#: serverguide/C/virtualization.xml:369(para)
4085
msgid ""
4086
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4087
"for more details."
4088
msgstr ""
4089
4090
#: serverguide/C/virtualization.xml:374(para)
4091
msgid ""
4092
"For more information on <application>libvirt</application> see the <ulink "
4093
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4094
msgstr ""
4095
4096
#: serverguide/C/virtualization.xml:379(para)
4097
msgid ""
4098
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4099
"Manager</ulink> site has more information on <application>virt-"
4100
"manager</application> development."
4101
msgstr ""
4102
4103
#: serverguide/C/virtualization.xml:385(para)
4104
msgid ""
4105
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4106
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4107
"technology in Ubuntu."
4108
msgstr ""
4109
4110
#: serverguide/C/virtualization.xml:391(para)
4111
msgid ""
4112
"Another good resource is the <ulink "
4113
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4114
msgstr ""
4115
4116
#: serverguide/C/virtualization.xml:399(title)
4117
msgid "JeOS and vmbuilder"
4118
msgstr ""
4119
4120
#: serverguide/C/virtualization.xml:405(title)
4121
msgid "What is JeOS"
4122
msgstr ""
4123
4124
#: serverguide/C/virtualization.xml:407(para)
4125
msgid ""
4126
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4127
"variant of the Ubuntu Server operating system, configured specifically for "
4128
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4129
"only as an option either:"
4130
msgstr ""
4131
4132
#: serverguide/C/virtualization.xml:414(para)
4133
msgid ""
4134
"While installing from the Server Edition ISO (pressing "
4135
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4136
"installation\", which is the package selection equivalent to JeOS)."
4137
msgstr ""
4138
4139
#: serverguide/C/virtualization.xml:420(para)
4140
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4141
msgstr ""
4142
4143
#: serverguide/C/virtualization.xml:426(para)
4144
msgid ""
4145
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4146
"kernel that only contains the base elements needed to run within a "
4147
"virtualized environment."
4148
msgstr ""
4149
4150
#: serverguide/C/virtualization.xml:431(para)
4151
msgid ""
4152
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4153
"in the latest virtualization products from VMware. This combination of "
4154
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4155
"delivers a highly efficient use of server resources in large virtual "
4156
"deployments."
4157
msgstr ""
4158
4159
#: serverguide/C/virtualization.xml:437(para)
4160
msgid ""
4161
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4162
"can configure their supporting OS exactly as they require. They have the "
4163
"peace of mind that updates, whether for security or enhancement reasons, "
4164
"will be limited to the bare minimum of what is required in their specific "
4165
"environment. In turn, users deploying virtual appliances built on top of "
4166
"JeOS will have to go through fewer updates and therefore less maintenance "
4167
"than they would have had to with a standard full installation of a server."
4168
msgstr ""
4169
4170
#: serverguide/C/virtualization.xml:446(title)
4171
msgid "What is vmbuilder"
4172
msgstr ""
4173
4174
#: serverguide/C/virtualization.xml:448(para)
4175
msgid ""
4176
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4177
"will fetch the various package and build a virtual machine tailored for your "
4178
"needs in about a minute. vmbuilder is a script that automates the process of "
4179
"creating a ready to use Linux based VM. The currently supported hypervisors "
4180
"are KVM and Xen."
4181
msgstr ""
4182
4183
#: serverguide/C/virtualization.xml:454(para)
4184
msgid ""
4185
"You can pass command line options to add extra packages, remove packages, "
4186
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4187
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4188
"a local mirror, you can bootstrap a VM in less than a minute."
4189
msgstr ""
4190
4191
#: serverguide/C/virtualization.xml:460(para)
4192
msgid ""
4193
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4194
"vm-builder</application> started with little emphasis as a hack to help "
4195
"developers test their new code in a virtual machine without having to "
4196
"restart from scratch each time. As a few Ubuntu administrators started to "
4197
"notice this script, a few of them went on improving it and adapting it for "
4198
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4199
"virtualization specialist, not the golf player) decided to rewrite it from "
4200
"scratch for Intrepid as a python script with a few new design goals:"
4201
msgstr ""
4202
4203
#: serverguide/C/virtualization.xml:470(para)
4204
msgid "Develop it so that it can be reused by other distributions."
4205
msgstr ""
4206
4207
#: serverguide/C/virtualization.xml:475(para)
4208
msgid ""
4209
"Use a plugin mechanisms for all virtualization interactions so that others "
4210
"can easily add logic for other virtualization environments."
4211
msgstr ""
4212
4213
#: serverguide/C/virtualization.xml:480(para)
4214
msgid ""
4215
"Provide an easy to maintain web interface as an option to the command line "
4216
"interface."
4217
msgstr ""
4218
4219
#: serverguide/C/virtualization.xml:486(para)
4220
msgid "But the general principles and commands remain the same."
4221
msgstr ""
4222
4223
#: serverguide/C/virtualization.xml:493(title)
4224
msgid "Initial Setup"
4225
msgstr ""
4226
4227
#: serverguide/C/virtualization.xml:495(para)
4228
msgid ""
4229
"It is assumed that you have installed and configured "
4230
"<application>libvirt</application> and <application>KVM</application> "
4231
"locally on the machine you are using. For details on how to perform this, "
4232
"please refer to:"
4233
msgstr ""
4234
4235
#: serverguide/C/virtualization.xml:507(para)
4236
msgid ""
4237
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4238
"page."
4239
msgstr ""
4240
4241
#: serverguide/C/virtualization.xml:513(para)
4242
msgid ""
4243
"We also assume that you know how to use a text based text editor such as "
4244
"nano or vi. If you have not used any of them before, you can get an overview "
4245
"of the various text editors available by reading the <ulink "
4246
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4247
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4248
"principle should remain on other virtualization technologies."
4249
msgstr ""
4250
4251
#: serverguide/C/virtualization.xml:521(title)
4252
msgid "Install vmbuilder"
4253
msgstr ""
4254
4255
#: serverguide/C/virtualization.xml:523(para)
4256
msgid ""
4257
"The name of the package that we need to install is <application>python-vm-"
4258
"builder</application>. In a terminal prompt enter:"
4259
msgstr ""
4260
4261
#: serverguide/C/virtualization.xml:528(command)
4262
msgid "sudo apt-get install python-vm-builder"
4263
msgstr ""
4264
4265
#: serverguide/C/virtualization.xml:532(para)
4266
msgid ""
4267
"If you are running Hardy, you can still perform most of this using the older "
4268
"version of the package named <application>ubuntu-vm-builder</application>, "
4269
"there are only a few changes to the syntax of the tool."
4270
msgstr ""
4271
4272
#: serverguide/C/virtualization.xml:541(title)
4273
msgid "Defining Your Virtual Machine"
4274
msgstr ""
4275
4276
#: serverguide/C/virtualization.xml:543(para)
4277
msgid ""
4278
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4279
"are a few thing to consider:"
4280
msgstr ""
4281
4282
#: serverguide/C/virtualization.xml:549(para)
4283
msgid ""
4284
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4285
"will know how to extend disk size to fit their need, so either plan for a "
4286
"large virtual disk to allow for your appliance to grow, or explain fairly "
4287
"well in your documentation how to allocate more space. It might actually be "
4288
"a good idea to store data on some separate external storage."
4289
msgstr ""
4290
4291
#: serverguide/C/virtualization.xml:556(para)
4292
msgid ""
4293
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4294
"whatever you think is a safe minimum for your appliance."
4295
msgstr ""
4296
4297
#: serverguide/C/virtualization.xml:562(para)
4298
msgid ""
4299
"The <application>vmbuilder</application> command has 2 main parameters: the "
4300
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4301
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4302
"and can be found using the following command:"
4303
msgstr ""
4304
4305
#: serverguide/C/virtualization.xml:568(command)
4306
msgid "vmbuilder --help"
4307
msgstr ""
4308
4309
#: serverguide/C/virtualization.xml:572(title)
4310
msgid "Base Parameters"
4311
msgstr ""
4312
4313
#: serverguide/C/virtualization.xml:574(para)
4314
msgid ""
4315
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4316
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4317
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:580(command)
4321
msgid ""
4322
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4323
"-libvirt qemu:///system"
4324
msgstr ""
4325
4326
#: serverguide/C/virtualization.xml:583(para)
4327
msgid ""
4328
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4329
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4330
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4331
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4332
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4333
"libvirt</emphasis> tells to inform the local virtualization environment to "
4334
"add the resulting VM to the list of available machines."
4335
msgstr ""
4336
4337
#: serverguide/C/virtualization.xml:591(para)
4338
msgid "Notes:"
4339
msgstr ""
4340
4341
#: serverguide/C/virtualization.xml:597(para)
4342
msgid ""
4343
"Because of the nature of operations performed by vmbuilder, it needs to have "
4344
"root privilege, hence the use of sudo."
4345
msgstr ""
4346
4347
#: serverguide/C/virtualization.xml:602(para)
4348
msgid ""
4349
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4350
"a 64 bit machine (--arch amd64)."
4351
msgstr ""
4352
4353
#: serverguide/C/virtualization.xml:607(para)
4354
msgid ""
4355
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4356
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4357
"use <emphasis>--flavour</emphasis> server instead."
4358
msgstr ""
4359
4360
#: serverguide/C/virtualization.xml:615(title)
4361
msgid "JeOS Installation Parameters"
4362
msgstr ""
4363
4364
#: serverguide/C/virtualization.xml:618(title)
4365
msgid "JeOS Networking"
4366
msgstr ""
4367
4368
#: serverguide/C/virtualization.xml:621(title)
4369
msgid "Assigning a fixed IP address"
4370
msgstr ""
4371
4372
#: serverguide/C/virtualization.xml:623(para)
4373
msgid ""
4374
"As a virtual appliance that may be deployed on various very different "
4375
"networks, it is very difficult to know what the actual network will look "
4376
"like. In order to simplify configuration, it is a good idea to take an "
4377
"approach similar to what network hardware vendors usually do, namely "
4378
"assigning an initial fixed IP address to the appliance in a private class "
4379
"network that you will provide in your documentation. An address in the range "
4380
"192.168.0.0/255 is usually a good choice."
4381
msgstr ""
4382
4383
#: serverguide/C/virtualization.xml:630(para)
4384
msgid "To do this we'll use the following parameters:"
4385
msgstr ""
4386
4387
#: serverguide/C/virtualization.xml:636(para)
4388
msgid ""
4389
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4390
"dhcp if not specified)"
4391
msgstr ""
4392
4393
#: serverguide/C/virtualization.xml:641(para)
4394
msgid ""
4395
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4396
"255.255.255.0)"
4397
msgstr ""
4398
4399
#: serverguide/C/virtualization.xml:646(para)
4400
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4401
msgstr ""
4402
4403
#: serverguide/C/virtualization.xml:651(para)
4404
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4405
msgstr ""
4406
4407
#: serverguide/C/virtualization.xml:656(para)
4408
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4409
msgstr ""
4410
4411
#: serverguide/C/virtualization.xml:661(para)
4412
msgid ""
4413
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4414
msgstr ""
4415
4416
#: serverguide/C/virtualization.xml:667(para)
4417
msgid ""
4418
"We assume for now that default values are good enough, so the resulting "
4419
"invocation becomes:"
4420
msgstr ""
4421
4422
#: serverguide/C/virtualization.xml:672(command)
4423
msgid ""
4424
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4425
"-libvirt qemu:///system --ip 192.168.0.100"
4426
msgstr ""
4427
4428
#: serverguide/C/virtualization.xml:677(title)
4429
msgid "Modifying the libvirt Template to use Bridging"
4430
msgstr ""
4431
4432
#: serverguide/C/virtualization.xml:679(para)
4433
msgid ""
4434
"Because our appliance will be likely to need to be accessed by remote hosts, "
4435
"we need to configure libvirt so that the appliance uses bridge networking. "
4436
"To do this we use vmbuilder template mechanism to modify the default one."
4437
msgstr ""
4438
4439
#: serverguide/C/virtualization.xml:684(para)
4440
msgid ""
4441
"In our working directory we create the template hierarchy and copy the "
4442
"default template:"
4443
msgstr ""
4444
4445
#: serverguide/C/virtualization.xml:689(command)
4446
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4447
msgstr ""
4448
4449
#: serverguide/C/virtualization.xml:690(command)
4450
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4451
msgstr ""
4452
4453
#: serverguide/C/virtualization.xml:693(para)
4454
msgid ""
4455
"We can then edit "
4456
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4457
"change:"
4458
msgstr ""
4459
4460
#: serverguide/C/virtualization.xml:697(programlisting)
4461
#, no-wrap
4462
msgid ""
4463
"\n"
4464
" <interface type='network'>\n"
4465
" <source network='default'/>\n"
4466
" </interface>\n"
4467
msgstr ""
4468
4469
#: serverguide/C/virtualization.xml:703(para)
4470
msgid "To:"
4471
msgstr ""
4472
4473
#: serverguide/C/virtualization.xml:707(programlisting)
4474
#, no-wrap
4475
msgid ""
4476
"\n"
4477
" <interface type='bridge'>\n"
4478
" <source bridge='br0'/>\n"
4479
" </interface>\n"
4480
msgstr ""
4481
4482
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4483
msgid "Partitioning"
4484
msgstr ""
4485
4486
#: serverguide/C/virtualization.xml:719(para)
4487
msgid ""
4488
"Partitioning of the virtual appliance will have to take into consideration "
4489
"what you are planning to do with is. Because most appliances want to have a "
4490
"separate storage for data, having a separate <filename>/var</filename> would "
4491
"make sense."
4492
msgstr ""
4493
4494
#: serverguide/C/virtualization.xml:724(para)
4495
msgid ""
4496
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4497
msgstr ""
4498
4499
#: serverguide/C/virtualization.xml:728(programlisting)
4500
#, no-wrap
4501
msgid ""
4502
"\n"
4503
"--part PATH\n"
4504
" Allows you to specify a partition table in a partition file, located at "
4505
"PATH. Each line of the partition file should specify\n"
4506
" (root first):\n"
4507
" mountpoint size\n"
4508
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4509
"disk starts on a\n"
4510
" line with ’---’. ie :\n"
4511
" root 1000\n"
4512
" /opt 1000\n"
4513
" swap 256\n"
4514
" ---\n"
4515
" /var 2000\n"
4516
" /log 1500\n"
4517
msgstr ""
4518
4519
#: serverguide/C/virtualization.xml:743(para)
4520
msgid ""
4521
"In our case we will define a text file name "
4522
"<filename>vmbuilder.partition</filename> which will contain the following:"
4523
msgstr ""
4524
4525
#: serverguide/C/virtualization.xml:747(programlisting)
4526
#, no-wrap
4527
msgid ""
4528
"\n"
4529
"root 8000\n"
4530
"swap 4000\n"
4531
"---\n"
4532
"/var 20000\n"
4533
msgstr ""
4534
4535
#: serverguide/C/virtualization.xml:755(para)
4536
msgid ""
4537
"Note that as we are using virtual disk images, the actual sizes that we put "
4538
"here are maximum sizes for these volumes."
4539
msgstr ""
4540
4541
#: serverguide/C/virtualization.xml:760(para)
4542
msgid "Our command line now looks like:"
4543
msgstr ""
4544
4545
#: serverguide/C/virtualization.xml:765(command)
4546
msgid ""
4547
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4548
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4549
msgstr ""
4550
4551
#: serverguide/C/virtualization.xml:770(para)
4552
msgid ""
4553
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4554
"next line."
4555
msgstr ""
4556
4557
#: serverguide/C/virtualization.xml:777(title)
4558
msgid "User and Password"
4559
msgstr ""
4560
4561
#: serverguide/C/virtualization.xml:779(para)
4562
msgid ""
4563
"Again setting up a virtual appliance, you will need to provide a default "
4564
"user and password that is generic so that you can include it in your "
4565
"documentation. We will see later on in this tutorial how we will provide "
4566
"some security by defining a script that will be run the first time a user "
4567
"actually logs in the appliance, that will, among other things, ask him to "
4568
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4569
"as my user name, and <emphasis>'default'</emphasis> as the password."
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:787(para)
4573
msgid "To do this we use the following optional parameters:"
4574
msgstr ""
4575
4576
#: serverguide/C/virtualization.xml:793(para)
4577
msgid ""
4578
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4579
"Default: ubuntu."
4580
msgstr ""
4581
4582
#: serverguide/C/virtualization.xml:798(para)
4583
msgid ""
4584
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4585
"added. Default: Ubuntu."
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:803(para)
4589
msgid ""
4590
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4591
"Default: ubuntu."
4592
msgstr ""
4593
4594
#: serverguide/C/virtualization.xml:809(para)
4595
msgid "Our resulting command line becomes:"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:814(command)
4599
msgid ""
4600
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4601
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4602
"-user user --name user --pass default"
4603
msgstr ""
4604
4605
#: serverguide/C/virtualization.xml:822(title)
4606
msgid "Installing Required Packages"
4607
msgstr ""
4608
4609
#: serverguide/C/virtualization.xml:824(para)
4610
msgid ""
4611
"In this example we will be installing a package "
4612
"<application>(Limesurvey)</application> that accesses a "
4613
"<application>MySQL</application> database and has a web interface. We will "
4614
"therefore require our OS to provide us with:"
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:831(para)
4618
msgid "Apache"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:832(para)
4622
msgid "PHP"
4623
msgstr ""
4624
4625
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4626
msgid "MySQL"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4630
msgid "OpenSSH Server"
4631
msgstr ""
4632
4633
#: serverguide/C/virtualization.xml:835(para)
4634
msgid "Limesurvey (as an example application that we have packaged)"
4635
msgstr ""
4636
4637
#: serverguide/C/virtualization.xml:838(para)
4638
msgid ""
4639
"This is done using vmbuilder by specifying the --addpkg option multiple "
4640
"times:"
4641
msgstr ""
4642
4643
#: serverguide/C/virtualization.xml:842(programlisting)
4644
#, no-wrap
4645
msgid ""
4646
"\n"
4647
"--addpkg PKG\n"
4648
" Install PKG into the guest (can be specfied multiple times)\n"
4649
msgstr ""
4650
4651
#: serverguide/C/virtualization.xml:847(para)
4652
msgid ""
4653
"However, due to the way vmbuilder operates, packages that have to ask "
4654
"questions to the user during the post install phase are not supported and "
4655
"should instead be installed while interactivity can occur. This is the case "
4656
"of Limesurvey, which we will have to install later, once the user logs in."
4657
msgstr ""
4658
4659
#: serverguide/C/virtualization.xml:853(para)
4660
msgid ""
4661
"Other packages that ask simple debconf question, such as <application>mysql-"
4662
"server</application> asking to set a password, the package can be installed "
4663
"immediately, but we will have to reconfigure it the first time the user logs "
4664
"in."
4665
msgstr ""
4666
4667
#: serverguide/C/virtualization.xml:859(para)
4668
msgid ""
4669
"If some packages that we need to install are not in main, we need to enable "
4670
"the additional repositories using --comp and --ppa:"
4671
msgstr ""
4672
4673
#: serverguide/C/virtualization.xml:863(programlisting)
4674
#, no-wrap
4675
msgid ""
4676
"\n"
4677
"--components COMP1,COMP2,...,COMPN\n"
4678
" A comma separated list of distro components to include (e.g. "
4679
"main,universe). This defaults\n"
4680
" to \"main\"\n"
4681
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4682
msgstr ""
4683
4684
#: serverguide/C/virtualization.xml:870(para)
4685
msgid ""
4686
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4687
"PPA (personal package archive) address so that it is added to the VM "
4688
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4689
"to the command line:"
4690
msgstr ""
4691
4692
#: serverguide/C/virtualization.xml:876(command)
4693
msgid ""
4694
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4695
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4696
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4697
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4698
"server --ppa nijaba"
4699
msgstr ""
4700
4701
#: serverguide/C/virtualization.xml:883(title)
4702
msgid "OpenSSH"
4703
msgstr ""
4704
4705
#: serverguide/C/virtualization.xml:885(para)
4706
msgid ""
4707
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4708
"it will allow our admins to access the appliance remotely. However, pushing "
4709
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4710
"security risk as all these server will share the same secret key, making it "
4711
"very easy for hackers to target our appliance with all the tools they need "
4712
"to crack it open in a breeze. As for the user password, we will instead rely "
4713
"on a script that will install OpenSSH the first time a user logs in so that "
4714
"the key generated will be different for each appliance. For this we'll use a "
4715
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4716
"interaction."
4717
msgstr ""
4718
4719
#: serverguide/C/virtualization.xml:897(title)
4720
msgid "Speed Considerations"
4721
msgstr ""
4722
4723
#: serverguide/C/virtualization.xml:900(title)
4724
msgid "Package Caching"
4725
msgstr ""
4726
4727
#: serverguide/C/virtualization.xml:902(para)
4728
msgid ""
4729
"When vmbuilder creates builds your system, it has to go fetch each one of "
4730
"the packages that composes it over the network to one of the official "
4731
"repositories, which, depending on your internet connection speed and the "
4732
"load of the mirror, can have a big impact on the actual build time. In order "
4733
"to reduce this, it is recommended to either have a local repository (which "
4734
"can be created using <application>apt-mirror</application>) or using a "
4735
"caching proxy such as <application>apt-proxy</application>. The later option "
4736
"being much simpler to implement and requiring less disk space, it is the one "
4737
"we will pick in this tutorial. To install it, simply type:"
4738
msgstr ""
4739
4740
#: serverguide/C/virtualization.xml:912(command)
4741
msgid "sudo apt-get install apt-proxy"
4742
msgstr ""
4743
4744
#: serverguide/C/virtualization.xml:915(para)
4745
msgid ""
4746
"Once this is complete, your (empty) proxy is ready for use on "
4747
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4748
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4749
"option:"
4750
msgstr ""
4751
4752
#: serverguide/C/virtualization.xml:920(programlisting)
4753
#, no-wrap
4754
msgid ""
4755
"\n"
4756
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4757
" is http://archive.ubuntu.com/ubuntu for official\n"
4758
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4759
" otherwise\n"
4760
msgstr ""
4761
4762
#: serverguide/C/virtualization.xml:927(para)
4763
msgid "So we add to the command line:"
4764
msgstr ""
4765
4766
#: serverguide/C/virtualization.xml:932(command)
4767
msgid "--mirror http://mirroraddress:9999/ubuntu"
4768
msgstr ""
4769
4770
#: serverguide/C/virtualization.xml:936(para)
4771
msgid ""
4772
"The mirror address specified here will also be used in the "
4773
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4774
"is useful to specify here an address that can be resolved by the guest or to "
4775
"plan on reseting this address later on, such as in a <emphasis>--"
4776
"firstboot</emphasis> script."
4777
msgstr ""
4778
4779
#: serverguide/C/virtualization.xml:945(title)
4780
msgid "Install a Local Mirror"
4781
msgstr ""
4782
4783
#: serverguide/C/virtualization.xml:947(para)
4784
msgid ""
4785
"If we are in a larger environment, it may make sense to setup a local mirror "
4786
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4787
"script that will handle the mirroring for you. You should plan on having "
4788
"about 20 gigabyte of free space per supported release and architecture."
4789
msgstr ""
4790
4791
#: serverguide/C/virtualization.xml:953(para)
4792
msgid ""
4793
"By default, <application>apt-mirror</application> uses the configuration "
4794
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4795
"replicate only the architecture of the local machine. If you would like to "
4796
"support other architectures on your mirror, simply duplicate the lines "
4797
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4798
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4799
"archives as well, you will have:"
4800
msgstr ""
4801
4802
#: serverguide/C/virtualization.xml:960(programlisting)
4803
#, no-wrap
4804
msgid ""
4805
"\n"
4806
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4807
"multiverse \n"
4808
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4809
"universe multiverse\n"
4810
"\n"
4811
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4812
"universe multiverse \n"
4813
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4814
"universe multiverse \n"
4815
"\n"
4816
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4817
"universe multiverse \n"
4818
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4819
"restricted universe multiverse \n"
4820
"\n"
4821
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4822
"universe multiverse \n"
4823
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4824
"restricted universe multiverse \n"
4825
"\n"
4826
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4827
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4828
"installer \n"
4829
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4830
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4831
"installer \n"
4832
msgstr ""
4833
4834
#: serverguide/C/virtualization.xml:977(para)
4835
msgid ""
4836
"Notice that the source packages are not mirrored as they are seldom used "
4837
"compared to the binaries and they do take a lot more space, but they can be "
4838
"easily added to the list."
4839
msgstr ""
4840
4841
#: serverguide/C/virtualization.xml:982(para)
4842
msgid ""
4843
"Once the mirror has finished replicating (and this can be quite long), you "
4844
"need to configure Apache so that your mirror files (in "
4845
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4846
"default), are published by your Apache server. For more information on "
4847
"Apache see <xref linkend=\"httpd\"/>."
4848
msgstr ""
4849
4850
#: serverguide/C/virtualization.xml:991(title)
4851
msgid "Installing in a RAM Disk"
4852
msgstr ""
4853
4854
#: serverguide/C/virtualization.xml:993(para)
4855
msgid ""
4856
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4857
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4858
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4859
"-tmpfs</emphasis> will help you do just that:"
4860
msgstr ""
4861
4862
#: serverguide/C/virtualization.xml:999(programlisting)
4863
#, no-wrap
4864
msgid ""
4865
"\n"
4866
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4867
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4868
msgstr ""
4869
4870
#: serverguide/C/virtualization.xml:1004(para)
4871
msgid ""
4872
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4873
"have 1G of free ram."
4874
msgstr ""
4875
4876
#: serverguide/C/virtualization.xml:1011(title)
4877
msgid "Package the Application"
4878
msgstr ""
4879
4880
#: serverguide/C/virtualization.xml:1013(para)
4881
msgid "Two option are available to us:"
4882
msgstr ""
4883
4884
#: serverguide/C/virtualization.xml:1019(para)
4885
msgid ""
4886
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4887
"package. Since this is outside of the scope of this tutorial, we will not "
4888
"perform this here and invite the reader to read the documentation on how to "
4889
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4890
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4891
"repository for your package so that updates can be conveniently pulled from "
4892
"it. See the <ulink url=\"http://www.debian-"
4893
"administration.org/articles/286\">Debian Administration</ulink> article for "
4894
"a tutorial on this."
4895
msgstr ""
4896
4897
#: serverguide/C/virtualization.xml:1028(para)
4898
msgid ""
4899
"Manually install the application under <filename>/opt</filename> as "
4900
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4901
"guidelines</ulink>."
4902
msgstr ""
4903
4904
#: serverguide/C/virtualization.xml:1035(para)
4905
msgid ""
4906
"In our case we'll use <application>Limesurvey</application> as example web "
4907
"application for which we wish to provide a virtual appliance. As noted "
4908
"before, we've made a version of the package available in a PPA (Personal "
4909
"Package Archive)."
4910
msgstr ""
4911
4912
#: serverguide/C/virtualization.xml:1042(title)
4913
msgid "Finishing Install"
4914
msgstr ""
4915
4916
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4917
msgid "First Boot"
4918
msgstr ""
4919
4920
#: serverguide/C/virtualization.xml:1047(para)
4921
msgid ""
4922
"As we mentioned earlier, the first time the machine boots we'll need to "
4923
"install <application>openssh-server</application> so that the key generated "
4924
"for it is unique for each machine. To do this, we'll write a script called "
4925
"<filename>boot.sh</filename> as follows:"
4926
msgstr ""
4927
4928
#: serverguide/C/virtualization.xml:1053(programlisting)
4929
#, no-wrap
4930
msgid ""
4931
"\n"
4932
"# This script will run the first time the virtual machine boots\n"
4933
"# It is ran as root.\n"
4934
"\n"
4935
"apt-get update\n"
4936
"apt-get install -qqy --force-yes openssh-server\n"
4937
msgstr ""
4938
4939
#: serverguide/C/virtualization.xml:1061(para)
4940
msgid ""
4941
"And we add the <command>--firstboot boot.sh</command> option to our command "
4942
"line."
4943
msgstr ""
4944
4945
#: serverguide/C/virtualization.xml:1067(title)
4946
msgid "First Login"
4947
msgstr ""
4948
4949
#: serverguide/C/virtualization.xml:1069(para)
4950
msgid ""
4951
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4952
"set them up the first time a user logs in using a script named login.sh. "
4953
"We'll also use this script to let the user specify:"
4954
msgstr ""
4955
4956
#: serverguide/C/virtualization.xml:1075(para)
4957
msgid "His own password"
4958
msgstr ""
4959
4960
#: serverguide/C/virtualization.xml:1076(para)
4961
msgid "Define the keyboard and other locale info he wants to use"
4962
msgstr ""
4963
4964
#: serverguide/C/virtualization.xml:1079(para)
4965
msgid "So we'll define <filename>login.sh</filename> as follows:"
4966
msgstr ""
4967
4968
#: serverguide/C/virtualization.xml:1083(programlisting)
4969
#, no-wrap
4970
msgid ""
4971
"\n"
4972
"# This script is ran the first time a user logs in\n"
4973
"\n"
4974
"echo \"Your appliance is about to be finished to be set up.\"\n"
4975
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4976
"echo \"starting by changing your user password.\"\n"
4977
"\n"
4978
"passwd\n"
4979
"\n"
4980
"#give the opportunity to change the keyboard\n"
4981
"sudo dpkg-reconfigure console-setup\n"
4982
"\n"
4983
"#configure the mysql server root password\n"
4984
"sudo dpkg-reconfigure mysql-server-5.0\n"
4985
"\n"
4986
"#install limesurvey\n"
4987
"sudo apt-get install -qqy --force-yes limesurvey\n"
4988
"\n"
4989
"echo \"Your appliance is now configured. To use it point your\"\n"
4990
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4991
msgstr ""
4992
4993
#: serverguide/C/virtualization.xml:1105(para)
4994
msgid ""
4995
"And we add the <command>--firstlogin login.sh</command> option to our "
4996
"command line."
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:1112(title)
5000
msgid "Useful Additions"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:1115(title)
5004
msgid "Configuring Automatic Updates"
5005
msgstr ""
5006
5007
#: serverguide/C/virtualization.xml:1117(para)
5008
msgid ""
5009
"To have your system be configured to update itself on a regular basis, we "
5010
"will just install <application>unattended-upgrades</application>, so we add "
5011
"the following option to our command line:"
5012
msgstr ""
5013
5014
#: serverguide/C/virtualization.xml:1123(command)
5015
msgid "--addpkg unattended-upgrades"
5016
msgstr ""
5017
5018
#: serverguide/C/virtualization.xml:1126(para)
5019
msgid ""
5020
"As we have put our application package in a PPA, the process will update not "
5021
"only the system, but also the application each time we update the version in "
5022
"the PPA."
5023
msgstr ""
5024
5025
#: serverguide/C/virtualization.xml:1133(title)
5026
msgid "ACPI Event Handling"
5027
msgstr ""
5028
5029
#: serverguide/C/virtualization.xml:1135(para)
5030
msgid ""
5031
"For your virtual machine to be able to handle restart and shutdown events it "
5032
"is being sent, it is a good idea to install the acpid package as well. To do "
5033
"this we just add the following option:"
5034
msgstr ""
5035
5036
#: serverguide/C/virtualization.xml:1141(command)
5037
msgid "--addpkg acpid"
5038
msgstr ""
5039
5040
#: serverguide/C/virtualization.xml:1147(title)
5041
msgid "Final Command"
5042
msgstr ""
5043
5044
#: serverguide/C/virtualization.xml:1149(para)
5045
msgid "Here is the command with all the options discussed above:"
5046
msgstr ""
5047
5048
#: serverguide/C/virtualization.xml:1154(command)
5049
msgid ""
5050
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5051
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5052
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5053
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5054
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5055
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5056
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5057
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5058
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5059
"firstlogin login.sh"
5060
msgstr ""
5061
5062
#: serverguide/C/virtualization.xml:1169(para)
5063
msgid ""
5064
"If you are interested in learning more, have questions or suggestions, "
5065
"please contact the Ubuntu Server Team at:"
5066
msgstr ""
5067
5068
#: serverguide/C/virtualization.xml:1174(para)
5069
msgid "IRC: #ubuntu-server on freenode"
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:1179(para)
5073
msgid ""
5074
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5075
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5076
msgstr ""
5077
5078
#: serverguide/C/virtualization.xml:1184(para)
5079
msgid ""
5080
"Also, see the <ulink "
5081
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5082
"Wiki</ulink> page."
5083
msgstr ""
5084
5085
#: serverguide/C/virtualization.xml:1192(title)
5086
msgid "UEC"
5087
msgstr ""
5088
5089
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5090
msgid "Overview"
5091
msgstr ""
5092
5093
#: serverguide/C/virtualization.xml:1197(para)
5094
msgid ""
5095
"This tutorial covers <application>UEC</application> installation from the "
5096
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5097
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5098
"and one or more nodes attached."
5099
msgstr ""
5100
5101
#: serverguide/C/virtualization.xml:1202(para)
5102
msgid ""
5103
"From this Tutorial you will learn how to install, configure, register and "
5104
"perform several operations on a basic <application>UEC</application> setup "
5105
"that results in a cloud with a one controller <emphasis>\"front-"
5106
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5107
"instances. You will also use examples to help get you started using your own "
5108
"private compute cloud."
5109
msgstr ""
5110
5111
#: serverguide/C/virtualization.xml:1210(title)
5112
msgid "Prerequisites"
5113
msgstr ""
5114
5115
#: serverguide/C/virtualization.xml:1212(para)
5116
msgid ""
5117
"To deploy a minimal cloud infrastructure, you’ll need at least "
5118
"<emphasis>two</emphasis> dedicated systems:"
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:1218(para)
5122
msgid "A front end."
5123
msgstr ""
5124
5125
#: serverguide/C/virtualization.xml:1223(para)
5126
msgid "One or more node(s)."
5127
msgstr ""
5128
5129
#: serverguide/C/virtualization.xml:1229(para)
5130
msgid ""
5131
"The following are recommendations, rather than fixed requirements. However, "
5132
"our experience in developing this documentation indicated the following "
5133
"suggestions."
5134
msgstr ""
5135
5136
#: serverguide/C/virtualization.xml:1234(title)
5137
msgid "Front End Requirements"
5138
msgstr ""
5139
5140
#: serverguide/C/virtualization.xml:1236(para)
5141
msgid "Use the following table for a system that will run one or more of:"
5142
msgstr ""
5143
5144
#: serverguide/C/virtualization.xml:1241(para)
5145
msgid "Cloud Controller (CLC)"
5146
msgstr ""
5147
5148
#: serverguide/C/virtualization.xml:1242(para)
5149
msgid "Cluster Controller (CC)"
5150
msgstr ""
5151
5152
#: serverguide/C/virtualization.xml:1243(para)
5153
msgid "Walrus (the S3-like storage service)"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1244(para)
5157
msgid "Storage Controller (SC)"
5158
msgstr ""
5159
5160
#: serverguide/C/virtualization.xml:1248(title)
5161
msgid "UEC Front End Requirements"
5162
msgstr ""
5163
5164
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5165
msgid "Hardware"
5166
msgstr ""
5167
5168
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5169
msgid "Minimum"
5170
msgstr ""
5171
5172
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5173
msgid "Suggested"
5174
msgstr ""
5175
5176
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5177
msgid "Notes"
5178
msgstr ""
5179
5180
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5181
msgid "CPU"
5182
msgstr ""
5183
5184
#: serverguide/C/virtualization.xml:1265(para)
5185
msgid "1 GHz"
5186
msgstr ""
5187
5188
#: serverguide/C/virtualization.xml:1266(para)
5189
msgid "2 x 2 GHz"
5190
msgstr ""
5191
5192
#: serverguide/C/virtualization.xml:1267(para)
5193
msgid ""
5194
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5195
"a dual core processor."
5196
msgstr ""
5197
5198
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5199
msgid "Memory"
5200
msgstr ""
5201
5202
#: serverguide/C/virtualization.xml:1271(para)
5203
msgid "2 GB"
5204
msgstr ""
5205
5206
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5207
msgid "4 GB"
5208
msgstr ""
5209
5210
#: serverguide/C/virtualization.xml:1273(para)
5211
msgid "The Java web front end benefits from lots of available memory."
5212
msgstr ""
5213
5214
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5215
msgid "Disk"
5216
msgstr ""
5217
5218
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5219
msgid "5400 RPM IDE"
5220
msgstr ""
5221
5222
#: serverguide/C/virtualization.xml:1278(para)
5223
msgid "7200 RPM SATA"
5224
msgstr ""
5225
5226
#: serverguide/C/virtualization.xml:1279(para)
5227
msgid ""
5228
"Slower disks will work, but will yield much longer instance startup times."
5229
msgstr ""
5230
5231
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5232
msgid "Disk Space"
5233
msgstr ""
5234
5235
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5236
msgid "40 GB"
5237
msgstr ""
5238
5239
#: serverguide/C/virtualization.xml:1284(para)
5240
msgid "200 GB"
5241
msgstr ""
5242
5243
#: serverguide/C/virtualization.xml:1285(para)
5244
msgid ""
5245
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5246
"does not like to run out of disk space."
5247
msgstr ""
5248
5249
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5250
msgid "Networking"
5251
msgstr ""
5252
5253
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5254
msgid "100 Mbps"
5255
msgstr ""
5256
5257
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5258
msgid "1000 Mbps"
5259
msgstr ""
5260
5261
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5262
msgid ""
5263
"Machine images are hundreds of MB, and need to be copied over the network to "
5264
"nodes."
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:1299(title)
5268
msgid "Node Requirements"
5269
msgstr ""
5270
5271
#: serverguide/C/virtualization.xml:1301(para)
5272
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5273
msgstr ""
5274
5275
#: serverguide/C/virtualization.xml:1306(para)
5276
msgid "the Node Controller (NC)"
5277
msgstr ""
5278
5279
#: serverguide/C/virtualization.xml:1310(title)
5280
msgid "UEC Node Requirements"
5281
msgstr ""
5282
5283
#: serverguide/C/virtualization.xml:1327(para)
5284
msgid "VT Extensions"
5285
msgstr ""
5286
5287
#: serverguide/C/virtualization.xml:1328(para)
5288
msgid "VT, 64-bit, Multicore"
5289
msgstr ""
5290
5291
#: serverguide/C/virtualization.xml:1329(para)
5292
msgid ""
5293
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5294
"only run 1 VM per CPU core on a Node."
5295
msgstr ""
5296
5297
#: serverguide/C/virtualization.xml:1333(para)
5298
msgid "1 GB"
5299
msgstr ""
5300
5301
#: serverguide/C/virtualization.xml:1335(para)
5302
msgid "Additional memory means more, and larger guests."
5303
msgstr ""
5304
5305
#: serverguide/C/virtualization.xml:1340(para)
5306
msgid "7200 RPM SATA or SCSI"
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:1341(para)
5310
msgid ""
5311
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5312
"bottleneck."
5313
msgstr ""
5314
5315
#: serverguide/C/virtualization.xml:1346(para)
5316
msgid "100 GB"
5317
msgstr ""
5318
5319
#: serverguide/C/virtualization.xml:1347(para)
5320
msgid ""
5321
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5322
"space."
5323
msgstr ""
5324
5325
#: serverguide/C/virtualization.xml:1363(title)
5326
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5327
msgstr ""
5328
5329
#: serverguide/C/virtualization.xml:1367(para)
5330
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5331
msgstr ""
5332
5333
#: serverguide/C/virtualization.xml:1372(para)
5334
msgid ""
5335
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5336
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5337
"components are present."
5338
msgstr ""
5339
5340
#: serverguide/C/virtualization.xml:1377(para)
5341
msgid ""
5342
"You can then choose which components to install, based on your chosen <ulink "
5343
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5344
msgstr ""
5345
5346
#: serverguide/C/virtualization.xml:1382(para)
5347
msgid ""
5348
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5349
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5350
msgstr ""
5351
5352
#: serverguide/C/virtualization.xml:1388(para)
5353
msgid ""
5354
"It will ask two other cloud-specific questions during the course of the "
5355
"install:"
5356
msgstr ""
5357
5358
#: serverguide/C/virtualization.xml:1393(para)
5359
msgid "Name of your cluster."
5360
msgstr ""
5361
5362
#: serverguide/C/virtualization.xml:1396(para)
5363
msgid "e.g. <emphasis>cluster1</emphasis>."
5364
msgstr ""
5365
5366
#: serverguide/C/virtualization.xml:1399(para)
5367
msgid ""
5368
"A range of public IP addresses on the LAN that the cloud can allocate to "
5369
"instances."
5370
msgstr ""
5371
5372
#: serverguide/C/virtualization.xml:1402(para)
5373
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5374
msgstr ""
5375
5376
#: serverguide/C/virtualization.xml:1410(title)
5377
msgid "Installing the Node Controller(s)"
5378
msgstr ""
5379
5380
#: serverguide/C/virtualization.xml:1412(para)
5381
msgid ""
5382
"The node controller install is even simpler. Just make sure that you are "
5383
"connected to the network on which the cloud/cluster controller is already "
5384
"running."
5385
msgstr ""
5386
5387
#: serverguide/C/virtualization.xml:1418(para)
5388
msgid "Boot from the same ISO on the node(s)."
5389
msgstr ""
5390
5391
#: serverguide/C/virtualization.xml:1423(para)
5392
msgid ""
5393
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1428(para)
5397
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5398
msgstr ""
5399
5400
#: serverguide/C/virtualization.xml:1433(para)
5401
msgid ""
5402
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5403
"install for you."
5404
msgstr ""
5405
5406
#: serverguide/C/virtualization.xml:1438(para)
5407
msgid "Confirm the partitioning scheme."
5408
msgstr ""
5409
5410
#: serverguide/C/virtualization.xml:1443(para)
5411
msgid ""
5412
"The rest of the installation should proceed uninterrupted; complete the "
5413
"installation and reboot the node."
5414
msgstr ""
5415
5416
#: serverguide/C/virtualization.xml:1451(title)
5417
msgid "Register the Node(s)"
5418
msgstr ""
5419
5420
#: serverguide/C/virtualization.xml:1456(para)
5421
msgid ""
5422
"Nodes are the physical systems within <application>UEC</application> that "
5423
"actually run the virtual machine instances of the cloud."
5424
msgstr ""
5425
5426
#: serverguide/C/virtualization.xml:1460(para)
5427
msgid "All component registration should be automatic, assuming:"
5428
msgstr ""
5429
5430
#: serverguide/C/virtualization.xml:1466(para)
5431
msgid "Public SSH keys have been exchanged properly."
5432
msgstr ""
5433
5434
#: serverguide/C/virtualization.xml:1471(para)
5435
msgid "The services are configured properly."
5436
msgstr ""
5437
5438
#: serverguide/C/virtualization.xml:1476(para)
5439
msgid ""
5440
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5441
msgstr ""
5442
5443
#: serverguide/C/virtualization.xml:1481(para)
5444
msgid "Verify Registration."
5445
msgstr ""
5446
5447
#: serverguide/C/virtualization.xml:1487(para)
5448
msgid ""
5449
"Steps a to e should only be required if you're using the <ulink "
5450
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5451
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5452
"should already be completed automatically for you, and therefore you can "
5453
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5454
msgstr ""
5455
5456
#: serverguide/C/virtualization.xml:1495(para)
5457
msgid "Exchange Public Keys"
5458
msgstr ""
5459
5460
#: serverguide/C/virtualization.xml:1497(para)
5461
msgid ""
5462
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5463
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5464
"Controller as the eucalyptus user."
5465
msgstr ""
5466
5467
#: serverguide/C/virtualization.xml:1502(para)
5468
msgid ""
5469
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5470
"ssh key by:"
5471
msgstr ""
5472
5473
#: serverguide/C/virtualization.xml:1508(para)
5474
msgid ""
5475
"On the target controller, temporarily set a password for the eucalyptus user:"
5476
msgstr ""
5477
5478
#: serverguide/C/virtualization.xml:1512(command)
5479
msgid "sudo passwd eucalyptus"
5480
msgstr ""
5481
5482
#: serverguide/C/virtualization.xml:1516(para)
5483
msgid "Then, on the Cloud Controller:"
5484
msgstr ""
5485
5486
#: serverguide/C/virtualization.xml:1520(command)
5487
msgid ""
5488
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5489
"eucalyptus@<IP_OF_NODE>"
5490
msgstr ""
5491
5492
#: serverguide/C/virtualization.xml:1524(para)
5493
msgid ""
5494
"You can now remove the password of the eucalyptus account on the target "
5495
"controller, if you wish:"
5496
msgstr ""
5497
5498
#: serverguide/C/virtualization.xml:1528(command)
5499
msgid "sudo passwd -d eucalyptus"
5500
msgstr ""
5501
5502
#: serverguide/C/virtualization.xml:1535(para)
5503
msgid "Configuring the Services"
5504
msgstr ""
5505
5506
#: serverguide/C/virtualization.xml:1537(para)
5507
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5508
msgstr ""
5509
5510
#: serverguide/C/virtualization.xml:1543(para)
5511
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5512
msgstr ""
5513
5514
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5515
msgid ""
5516
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5517
"cc.conf</filename>"
5518
msgstr ""
5519
5520
#: serverguide/C/virtualization.xml:1549(para)
5521
msgid ""
5522
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5523
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5524
"addresses."
5525
msgstr ""
5526
5527
#: serverguide/C/virtualization.xml:1556(para)
5528
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5529
msgstr ""
5530
5531
#: serverguide/C/virtualization.xml:1560(para)
5532
msgid ""
5533
"Define the shell variable WALRUS_IP_ADDR in "
5534
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5535
"address."
5536
msgstr ""
5537
5538
#: serverguide/C/virtualization.xml:1565(para)
5539
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5540
msgstr ""
5541
5542
#: serverguide/C/virtualization.xml:1571(para)
5543
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5544
msgstr ""
5545
5546
#: serverguide/C/virtualization.xml:1577(para)
5547
msgid ""
5548
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5549
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5550
"addresses."
5551
msgstr ""
5552
5553
#: serverguide/C/virtualization.xml:1587(para)
5554
msgid "Publish"
5555
msgstr ""
5556
5557
#: serverguide/C/virtualization.xml:1589(para)
5558
msgid "Now start the publication services."
5559
msgstr ""
5560
5561
#: serverguide/C/virtualization.xml:1595(emphasis)
5562
msgid "Walrus Controller:"
5563
msgstr ""
5564
5565
#: serverguide/C/virtualization.xml:1597(command)
5566
msgid "sudo start eucalyptus-walrus-publication"
5567
msgstr ""
5568
5569
#: serverguide/C/virtualization.xml:1601(emphasis)
5570
msgid "Cluster Controller:"
5571
msgstr ""
5572
5573
#: serverguide/C/virtualization.xml:1603(command)
5574
msgid "sudo start eucalyptus-cc-publication"
5575
msgstr ""
5576
5577
#: serverguide/C/virtualization.xml:1607(emphasis)
5578
msgid "Storage Controller:"
5579
msgstr ""
5580
5581
#: serverguide/C/virtualization.xml:1609(command)
5582
msgid "sudo start eucalyptus-sc-publication"
5583
msgstr ""
5584
5585
#: serverguide/C/virtualization.xml:1613(emphasis)
5586
msgid "Node Controller:"
5587
msgstr ""
5588
5589
#: serverguide/C/virtualization.xml:1615(command)
5590
msgid "sudo start eucalyptus-nc-publication"
5591
msgstr ""
5592
5593
#: serverguide/C/virtualization.xml:1622(para)
5594
msgid "Start the Listener"
5595
msgstr ""
5596
5597
#: serverguide/C/virtualization.xml:1624(para)
5598
msgid ""
5599
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5600
"Controller(s)</emphasis>, run:"
5601
msgstr ""
5602
5603
#: serverguide/C/virtualization.xml:1629(command)
5604
msgid "sudo start uec-component-listener"
5605
msgstr ""
5606
5607
#: serverguide/C/virtualization.xml:1634(para)
5608
msgid "Verify Registration"
5609
msgstr ""
5610
5611
#: serverguide/C/virtualization.xml:1637(command)
5612
msgid "cat /var/log/eucalyptus/registration.log"
5613
msgstr ""
5614
5615
#: serverguide/C/virtualization.xml:1638(computeroutput)
5616
#, no-wrap
5617
msgid ""
5618
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5619
"10.1.1.75\n"
5620
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5621
"0\n"
5622
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5623
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5624
"0\n"
5625
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5626
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5627
"returned 0\n"
5628
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5629
"10.1.1.71\n"
5630
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5631
msgstr ""
5632
5633
#: serverguide/C/virtualization.xml:1649(para)
5634
msgid "The output on your machine will vary from the example above."
5635
msgstr ""
5636
5637
#: serverguide/C/virtualization.xml:1659(title)
5638
msgid "Obtain Credentials"
5639
msgstr ""
5640
5641
#: serverguide/C/virtualization.xml:1661(para)
5642
msgid ""
5643
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5644
"users of the cloud will need to retrieve their credentials. This can be done "
5645
"either through a web browser, or at the command line."
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:1667(title)
5649
msgid "From a Web Browser"
5650
msgstr ""
5651
5652
#: serverguide/C/virtualization.xml:1671(para)
5653
msgid ""
5654
"From your web browser (either remotely or on your Ubuntu server) access the "
5655
"following URL:"
5656
msgstr ""
5657
5658
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5659
#, no-wrap
5660
msgid ""
5661
"\n"
5662
"https://<cloud-controller-ip-address>:8443/\n"
5663
msgstr ""
5664
5665
#: serverguide/C/virtualization.xml:1679(para)
5666
msgid ""
5667
"You must use a secure connection, so make sure you use \"https\" not "
5668
"\"http\" in your URL. You will get a security certificate warning. You will "
5669
"have to add an exception to view the page. If you do not accept it you will "
5670
"not be able to view the Eucalyptus configuration page."
5671
msgstr ""
5672
5673
#: serverguide/C/virtualization.xml:1687(para)
5674
msgid ""
5675
"Use username <emphasis>'admin'</emphasis> and password "
5676
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5677
"to change your password)."
5678
msgstr ""
5679
5680
#: serverguide/C/virtualization.xml:1693(para)
5681
msgid ""
5682
"Then follow the on-screen instructions to update the admin password and "
5683
"email address."
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1698(para)
5687
msgid ""
5688
"Once the first time configuration process is completed, click the "
5689
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5690
"the screen."
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1704(para)
5694
msgid ""
5695
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5696
"certificates."
5697
msgstr ""
5698
5699
#: serverguide/C/virtualization.xml:1709(para)
5700
msgid "Save them to <filename>~/.euca</filename>."
5701
msgstr ""
5702
5703
#: serverguide/C/virtualization.xml:1714(para)
5704
msgid ""
5705
"Unzip the downloaded zip file into a safe location "
5706
"(<filename>~/.euca</filename>)."
5707
msgstr ""
5708
5709
#: serverguide/C/virtualization.xml:1718(command)
5710
msgid "unzip -d ~/.euca mycreds.zip"
5711
msgstr ""
5712
5713
#: serverguide/C/virtualization.xml:1725(title)
5714
msgid "From a Command Line"
5715
msgstr ""
5716
5717
#: serverguide/C/virtualization.xml:1729(para)
5718
msgid ""
5719
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5720
"Controller</emphasis>, you can run:"
5721
msgstr ""
5722
5723
#: serverguide/C/virtualization.xml:1733(command)
5724
msgid "mkdir -p ~/.euca"
5725
msgstr ""
5726
5727
#: serverguide/C/virtualization.xml:1734(command)
5728
msgid "chmod 700 ~/.euca"
5729
msgstr ""
5730
5731
#: serverguide/C/virtualization.xml:1735(command)
5732
msgid "cd ~/.euca"
5733
msgstr ""
5734
5735
#: serverguide/C/virtualization.xml:1736(command)
5736
msgid "sudo euca_conf --get-credentials mycreds.zip"
5737
msgstr ""
5738
5739
#: serverguide/C/virtualization.xml:1737(command)
5740
msgid "unzip mycreds.zip"
5741
msgstr ""
5742
5743
#: serverguide/C/virtualization.xml:1738(command)
5744
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5745
msgstr ""
5746
5747
#: serverguide/C/virtualization.xml:1739(command)
5748
msgid "cd -"
5749
msgstr ""
5750
5751
#: serverguide/C/virtualization.xml:1746(title)
5752
msgid "Extracting and Using Your Credentials"
5753
msgstr ""
5754
5755
#: serverguide/C/virtualization.xml:1748(para)
5756
msgid ""
5757
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5758
"certificates."
5759
msgstr ""
5760
5761
#: serverguide/C/virtualization.xml:1754(para)
5762
msgid "Install the required cloud user tools:"
5763
msgstr ""
5764
5765
#: serverguide/C/virtualization.xml:1758(command)
5766
msgid "sudo apt-get install euca2ools"
5767
msgstr ""
5768
5769
#: serverguide/C/virtualization.xml:1762(para)
5770
msgid ""
5771
"To validate that everything is working correctly, get the local cluster "
5772
"availability details:"
5773
msgstr ""
5774
5775
#: serverguide/C/virtualization.xml:1766(command)
5776
msgid ". ~/.euca/eucarc"
5777
msgstr ""
5778
5779
#: serverguide/C/virtualization.xml:1767(command)
5780
msgid "euca-describe-availability-zones verbose"
5781
msgstr ""
5782
5783
#: serverguide/C/virtualization.xml:1768(computeroutput)
5784
#, no-wrap
5785
msgid ""
5786
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5787
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5788
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5789
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5790
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5791
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5792
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5793
msgstr ""
5794
5795
#: serverguide/C/virtualization.xml:1778(para)
5796
msgid "Your output from the above command will vary."
5797
msgstr ""
5798
5799
#: serverguide/C/virtualization.xml:1788(title)
5800
msgid "Install an Image from the Store"
5801
msgstr ""
5802
5803
#: serverguide/C/virtualization.xml:1790(para)
5804
msgid ""
5805
"The following is by far the simplest way to install an image. However, "
5806
"advanced users may be interested in learning how to <ulink "
5807
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5808
"own image</ulink>."
5809
msgstr ""
5810
5811
#: serverguide/C/virtualization.xml:1795(para)
5812
msgid ""
5813
"The simplest way to add an image to <application>UEC</application> is to "
5814
"install it from the Image Store on the UEC web interface."
5815
msgstr ""
5816
5817
#: serverguide/C/virtualization.xml:1801(para)
5818
msgid ""
5819
"Access the web interface at the following URL (Make sure you specify https):"
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1809(para)
5823
msgid ""
5824
"Enter your login and password (if requested, as you may still be logged in "
5825
"from earlier)."
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1814(para)
5829
msgid "Click on the <emphasis>Store</emphasis> tab."
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1819(para)
5833
msgid "Browse available images."
5834
msgstr ""
5835
5836
#: serverguide/C/virtualization.xml:1824(para)
5837
msgid "Click on <emphasis>install</emphasis> for the image you want."
5838
msgstr ""
5839
5840
#: serverguide/C/virtualization.xml:1830(para)
5841
msgid ""
5842
"Once the image has been downloaded and installed, you can click on "
5843
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5844
"button to view the command to execute to instantiate (start) this image. The "
5845
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5846
"tab."
5847
msgstr ""
5848
5849
#: serverguide/C/virtualization.xml:1838(title)
5850
msgid "Run an Image"
5851
msgstr ""
5852
5853
#: serverguide/C/virtualization.xml:1840(para)
5854
msgid "There are multiple ways to instantiate an image in UEC:"
5855
msgstr ""
5856
5857
#: serverguide/C/virtualization.xml:1845(para)
5858
msgid "Use the command line."
5859
msgstr ""
5860
5861
#: serverguide/C/virtualization.xml:1846(para)
5862
msgid ""
5863
"Use one of the UEC compatible management tools such as "
5864
"<emphasis>Landscape</emphasis>."
5865
msgstr ""
5866
5867
#: serverguide/C/virtualization.xml:1848(para)
5868
msgid ""
5869
"Use the <ulink "
5870
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5871
"extension to Firefox."
5872
msgstr ""
5873
5874
#: serverguide/C/virtualization.xml:1854(para)
5875
msgid "Here we will describe the process from the command line:"
5876
msgstr ""
5877
5878
#: serverguide/C/virtualization.xml:1860(para)
5879
msgid ""
5880
"Before running an instance of your image, you should first create a "
5881
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5882
"instance as root, once it boots. The key is stored, so you will only have to "
5883
"do this once."
5884
msgstr ""
5885
5886
#: serverguide/C/virtualization.xml:1864(para)
5887
msgid "Run the following command:"
5888
msgstr ""
5889
5890
#: serverguide/C/virtualization.xml:1867(programlisting)
5891
#, no-wrap
5892
msgid ""
5893
"\n"
5894
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5895
" mkdir -p -m 700 ~/.euca\n"
5896
" touch ~/.euca/mykey.priv\n"
5897
" chmod 0600 ~/.euca/mykey.priv\n"
5898
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5899
"fi\n"
5900
msgstr ""
5901
5902
#: serverguide/C/virtualization.xml:1876(para)
5903
msgid ""
5904
"You can call your key whatever you like (in this example, the key is called "
5905
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5906
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5907
"a list of created keys stored in the system."
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:1883(para)
5911
msgid "You must also allow access to port 22 in your instances:"
5912
msgstr ""
5913
5914
#: serverguide/C/virtualization.xml:1887(command)
5915
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5916
msgstr ""
5917
5918
#: serverguide/C/virtualization.xml:1891(para)
5919
msgid "Next, you can create instances of your registered image:"
5920
msgstr ""
5921
5922
#: serverguide/C/virtualization.xml:1895(command)
5923
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5924
msgstr ""
5925
5926
#: serverguide/C/virtualization.xml:1898(para)
5927
msgid ""
5928
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5929
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5930
"on the <emphasis>Store</emphasis> page to see the sample command."
5931
msgstr ""
5932
5933
#: serverguide/C/virtualization.xml:1905(para)
5934
msgid ""
5935
"The first time you run an instance, the system will be setting up caches for "
5936
"the image from which it will be created. This can often take some time the "
5937
"first time an instance is run given that VM images are usually quite large."
5938
msgstr ""
5939
5940
#: serverguide/C/virtualization.xml:1909(para)
5941
msgid "To monitor the state of your instance, run:"
5942
msgstr ""
5943
5944
#: serverguide/C/virtualization.xml:1913(command)
5945
msgid "watch -n5 euca-describe-instances"
5946
msgstr ""
5947
5948
#: serverguide/C/virtualization.xml:1915(para)
5949
msgid ""
5950
"In the output, you should see information about the instance, including its "
5951
"state. While first-time caching is being performed, the instance's state "
5952
"will be <emphasis>'pending'</emphasis>."
5953
msgstr ""
5954
5955
#: serverguide/C/virtualization.xml:1921(para)
5956
msgid ""
5957
"When the instance is fully started, the above state will become "
5958
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5959
"instance in the output, then connect to it:"
5960
msgstr ""
5961
5962
#: serverguide/C/virtualization.xml:1926(command)
5963
msgid ""
5964
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5965
"'{print $4}')"
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:1927(command)
5969
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5970
msgstr ""
5971
5972
#: serverguide/C/virtualization.xml:1931(para)
5973
msgid ""
5974
"And when you are done with this instance, exit your SSH connection, then "
5975
"terminate your instance:"
5976
msgstr ""
5977
5978
#: serverguide/C/virtualization.xml:1935(command)
5979
msgid ""
5980
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5981
"awk '{print $2}')"
5982
msgstr ""
5983
5984
#: serverguide/C/virtualization.xml:1936(command)
5985
msgid "euca-terminate-instances $INSTANCEID"
5986
msgstr ""
5987
5988
#: serverguide/C/virtualization.xml:1944(para)
5989
msgid ""
5990
"The <application>cloud-init</application> package provides \"first boot\" "
5991
"functionality for the Ubuntu UEC images. It is in charge of taking the "
5992
"generic filesystem image that is booting and customizing it for this "
5993
"particular instance. That includes things like:"
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1952(para)
5997
msgid "Setting the hostname."
5998
msgstr ""
5999
6000
#: serverguide/C/virtualization.xml:1957(para)
6001
msgid ""
6002
"Putting the provided ssh public keys into "
6003
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6004
msgstr ""
6005
6006
#: serverguide/C/virtualization.xml:1962(para)
6007
msgid "Running a user provided script, or otherwise modifying the image."
6008
msgstr ""
6009
6010
#: serverguide/C/virtualization.xml:1968(para)
6011
msgid ""
6012
"Setting hostname and configuring a system so the person who launched it can "
6013
"actually log into it are not terribly interesting. The interesting things "
6014
"that can be done with <application>cloud-init</application> are made "
6015
"possible by data provided at launch time called <ulink "
6016
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6017
"85\">user-data</ulink>."
6018
msgstr ""
6019
6020
#: serverguide/C/virtualization.xml:1974(para)
6021
msgid "First, install the <application>cloud-init</application> package:"
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1979(command)
6025
msgid "sudo apt-get install cloud-init"
6026
msgstr ""
6027
6028
#: serverguide/C/virtualization.xml:1982(para)
6029
msgid ""
6030
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6031
"stored and executed as root late in the boot process of the instance's first "
6032
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6033
"directed to the console."
6034
msgstr ""
6035
6036
#: serverguide/C/virtualization.xml:1987(para)
6037
msgid ""
6038
"For example, create a file named <filename>ud.txt</filename> containing:"
6039
msgstr ""
6040
6041
#: serverguide/C/virtualization.xml:1991(programlisting)
6042
#, no-wrap
6043
msgid ""
6044
"\n"
6045
"#!/bin/sh\n"
6046
"echo ========== Hello World: $(date) ==========\n"
6047
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6048
msgstr ""
6049
6050
#: serverguide/C/virtualization.xml:1997(para)
6051
msgid ""
6052
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6053
msgstr ""
6054
6055
#: serverguide/C/virtualization.xml:2002(command)
6056
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6057
msgstr ""
6058
6059
#: serverguide/C/virtualization.xml:2005(para)
6060
msgid ""
6061
"Wait now for the system to come up and console to be available. To see the "
6062
"result of the data file commands enter:"
6063
msgstr ""
6064
6065
#: serverguide/C/virtualization.xml:2010(command)
6066
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6067
msgstr ""
6068
6069
#: serverguide/C/virtualization.xml:2011(computeroutput)
6070
#, no-wrap
6071
msgid ""
6072
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6073
"I have been up for 28.26 sec"
6074
msgstr ""
6075
6076
#: serverguide/C/virtualization.xml:2016(para)
6077
msgid "Your output may vary."
6078
msgstr ""
6079
6080
#: serverguide/C/virtualization.xml:2021(para)
6081
msgid ""
6082
"The simple approach shown above gives a great deal of power. The user-data "
6083
"can contain a script in any language where an interpreter already exists in "
6084
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6085
")."
6086
msgstr ""
6087
6088
#: serverguide/C/virtualization.xml:2026(para)
6089
msgid ""
6090
"For many cases, the user may not be interested in writing a program. For "
6091
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6092
"configuration based approach towards customization. To utilize the cloud-"
6093
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6094
"config'</emphasis>."
6095
msgstr ""
6096
6097
#: serverguide/C/virtualization.xml:2031(para)
6098
msgid ""
6099
"For example, create a text file named <filename>clout-config.txt</filename> "
6100
"containing:"
6101
msgstr ""
6102
6103
#: serverguide/C/virtualization.xml:2035(programlisting)
6104
#, no-wrap
6105
msgid ""
6106
"\n"
6107
"#cloud-config\n"
6108
"apt_upgrade: true\n"
6109
"apt_sources:\n"
6110
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6111
"\n"
6112
"packages:\n"
6113
"- build-essential\n"
6114
"- pastebinit\n"
6115
"\n"
6116
"runcmd:\n"
6117
"- echo ======= Hello World =====\n"
6118
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6119
msgstr ""
6120
6121
#: serverguide/C/virtualization.xml:2050(para)
6122
msgid "Create a new instance:"
6123
msgstr ""
6124
6125
#: serverguide/C/virtualization.xml:2055(command)
6126
msgid ""
6127
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6128
"config.txt"
6129
msgstr ""
6130
6131
#: serverguide/C/virtualization.xml:2058(para)
6132
msgid "Now, when the above system is booted, it will have:"
6133
msgstr ""
6134
6135
#: serverguide/C/virtualization.xml:2063(para)
6136
msgid "Added the Apache Edgers PPA."
6137
msgstr ""
6138
6139
#: serverguide/C/virtualization.xml:2064(para)
6140
msgid "Run an upgrade to get all updates available"
6141
msgstr ""
6142
6143
#: serverguide/C/virtualization.xml:2065(para)
6144
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6145
msgstr ""
6146
6147
#: serverguide/C/virtualization.xml:2066(para)
6148
msgid "Printed a similar message to the script above"
6149
msgstr ""
6150
6151
#: serverguide/C/virtualization.xml:2070(para)
6152
msgid ""
6153
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6154
"the latest version of Apache from upstream source repositories. Package "
6155
"versions in the PPA are unsupported, and depending on your situation, this "
6156
"may or may not be desirable. See the <ulink "
6157
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6158
"Edgers</ulink> web page for more details."
6159
msgstr ""
6160
6161
#: serverguide/C/virtualization.xml:2077(para)
6162
msgid ""
6163
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6164
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6165
"It is present to allow you to get the full power of a scripting language if "
6166
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6167
msgstr ""
6168
6169
#: serverguide/C/virtualization.xml:2082(para)
6170
msgid ""
6171
"For more information on what kinds of things can be done with "
6172
"<application>cloud-config</application>, see <ulink "
6173
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6174
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6175
msgstr ""
6176
6177
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6178
msgid "More Information"
6179
msgstr ""
6180
6181
#: serverguide/C/virtualization.xml:2093(para)
6182
msgid ""
6183
"How to use the <ulink "
6184
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6185
"Controller</ulink>"
6186
msgstr ""
6187
6188
#: serverguide/C/virtualization.xml:2097(para)
6189
msgid "Controlling eucalyptus services:"
6190
msgstr ""
6191
6192
#: serverguide/C/virtualization.xml:2102(para)
6193
msgid ""
6194
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6195
msgstr ""
6196
6197
#: serverguide/C/virtualization.xml:2103(para)
6198
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6199
msgstr ""
6200
6201
#: serverguide/C/virtualization.xml:2106(para)
6202
msgid "Locations of some important files:"
6203
msgstr ""
6204
6205
#: serverguide/C/virtualization.xml:2113(emphasis)
6206
msgid "Log files:"
6207
msgstr ""
6208
6209
#: serverguide/C/virtualization.xml:2116(para)
6210
msgid "/var/log/eucalyptus"
6211
msgstr ""
6212
6213
#: serverguide/C/virtualization.xml:2121(emphasis)
6214
msgid "Configuration files:"
6215
msgstr ""
6216
6217
#: serverguide/C/virtualization.xml:2124(para)
6218
msgid "/etc/eucalyptus"
6219
msgstr ""
6220
6221
#: serverguide/C/virtualization.xml:2129(emphasis)
6222
msgid "Database:"
6223
msgstr ""
6224
6225
#: serverguide/C/virtualization.xml:2132(para)
6226
msgid "/var/lib/eucalyptus/db"
6227
msgstr ""
6228
6229
#: serverguide/C/virtualization.xml:2137(emphasis)
6230
msgid "Keys:"
6231
msgstr ""
6232
6233
#: serverguide/C/virtualization.xml:2140(para)
6234
msgid "/var/lib/eucalyptus"
6235
msgstr ""
6236
6237
#: serverguide/C/virtualization.xml:2141(para)
6238
msgid "/var/lib/eucalyptus/.ssh"
6239
msgstr ""
6240
6241
#: serverguide/C/virtualization.xml:2147(para)
6242
msgid ""
6243
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6244
"running the client tools."
6245
msgstr ""
6246
6247
#: serverguide/C/virtualization.xml:2158(para)
6248
msgid ""
6249
"For information on loading instances see the <ulink "
6250
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6251
"page."
6252
msgstr ""
6253
6254
#: serverguide/C/virtualization.xml:2163(para)
6255
msgid ""
6256
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6257
"documentation, downloads)</ulink>."
6258
msgstr ""
6259
6260
#: serverguide/C/virtualization.xml:2168(para)
6261
msgid ""
6262
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6263
"(bugs, code)</ulink>."
6264
msgstr ""
6265
6266
#: serverguide/C/virtualization.xml:2173(para)
6267
msgid ""
6268
"<ulink "
6269
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6270
"ptus Troubleshooting (1.5)</ulink>."
6271
msgstr ""
6272
6273
#: serverguide/C/virtualization.xml:2178(para)
6274
msgid ""
6275
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6276
"Cloud_Infrastructures/Eucalyptus/03-"
6277
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6278
"RightScale</ulink>."
6279
msgstr ""
6280
6281
#: serverguide/C/virtualization.xml:2184(para)
6282
msgid ""
6283
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6284
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6285
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6286
msgstr ""
6287
6288
#: serverguide/C/virtualization.xml:2193(title)
6289
msgid "Glossary"
6290
msgstr ""
6291
6292
#: serverguide/C/virtualization.xml:2195(para)
6293
msgid ""
6294
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6295
"unfamiliar to some readers. This page is intended to provide a glossary of "
6296
"such terms and acronyms."
6297
msgstr ""
6298
6299
#: serverguide/C/virtualization.xml:2202(para)
6300
msgid ""
6301
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6302
"computing resources through virtual machines, provisioned and recollected "
6303
"dynamically."
6304
msgstr ""
6305
6306
#: serverguide/C/virtualization.xml:2208(para)
6307
msgid ""
6308
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6309
"provides the web UI (an https server on port 8443), and implements the "
6310
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6311
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6312
"cloud</application> package."
6313
msgstr ""
6314
6315
#: serverguide/C/virtualization.xml:2215(para)
6316
msgid ""
6317
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6318
"Cluster Controller. There can be more than one Cluster in an installation of "
6319
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6320
"floor2, floor2)."
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:2221(para)
6324
msgid ""
6325
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6326
"manages collections of node resources. This service is provided by the "
6327
"Ubuntu <application>eucalyptus-cc</application> package."
6328
msgstr ""
6329
6330
#: serverguide/C/virtualization.xml:2227(para)
6331
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6332
msgstr ""
6333
6334
#: serverguide/C/virtualization.xml:2232(para)
6335
msgid ""
6336
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6337
"pay-by-the-gigabyte public cloud computing offering."
6338
msgstr ""
6339
6340
#: serverguide/C/virtualization.xml:2237(para)
6341
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6342
msgstr ""
6343
6344
#: serverguide/C/virtualization.xml:2242(para)
6345
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6346
msgstr ""
6347
6348
#: serverguide/C/virtualization.xml:2247(para)
6349
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6350
msgstr ""
6351
6352
#: serverguide/C/virtualization.xml:2252(para)
6353
msgid ""
6354
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6355
"Linking Your Programs To Useful Systems. An open source project originally "
6356
"from the University of California at Santa Barbara, now supported by "
6357
"Eucalyptus Systems, a Canonical Partner."
6358
msgstr ""
6359
6360
#: serverguide/C/virtualization.xml:2259(para)
6361
msgid ""
6362
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6363
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6364
"cluster controller)."
6365
msgstr ""
6366
6367
#: serverguide/C/virtualization.xml:2265(para)
6368
msgid ""
6369
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6370
"running virtual machines, running a node controller. Within Ubuntu, this "
6371
"generally means that the CPU has VT extensions, and can run the KVM "
6372
"hypervisor."
6373
msgstr ""
6374
6375
#: serverguide/C/virtualization.xml:2271(para)
6376
msgid ""
6377
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6378
"on nodes which host the virtual machines that comprise the cloud. This "
6379
"service is provided by the Ubuntu package <application>eucalyptus-"
6380
"nc</application>."
6381
msgstr ""
6382
6383
#: serverguide/C/virtualization.xml:2277(para)
6384
msgid ""
6385
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6386
"gigabyte persistent storage solution for EC2."
6387
msgstr ""
6388
6389
#: serverguide/C/virtualization.xml:2282(para)
6390
msgid ""
6391
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6392
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6393
"installation can have its own Storage Controller. This component is provided "
6394
"by the <application>eucalyptus-sc</application> package."
6395
msgstr ""
6396
6397
#: serverguide/C/virtualization.xml:2289(para)
6398
msgid ""
6399
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6400
"solution, based on Eucalyptus."
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:2294(para)
6404
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:2299(para)
6408
msgid ""
6409
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6410
"some modern CPUs, allowing for accelerated virtual machine hosting."
6411
msgstr ""
6412
6413
#: serverguide/C/virtualization.xml:2304(para)
6414
msgid ""
6415
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6416
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6417
"put/get abstractions."
6418
msgstr ""
6419
6420
#: serverguide/C/vcs.xml:13(title)
6421
msgid "Version Control System"
6422
msgstr ""
6423
6424
#: serverguide/C/vcs.xml:14(para)
6425
msgid ""
6426
"Version control is the art of managing changes to information. It has long "
6427
"been a critical tool for programmers, who typically spend their time making "
6428
"small changes to software and then undoing those changes the next day. But "
6429
"the usefulness of version control software extends far beyond the bounds of "
6430
"the software development world. Anywhere you can find people using computers "
6431
"to manage information that changes often, there is room for version control."
6432
msgstr ""
6433
6434
#: serverguide/C/vcs.xml:17(title)
6435
msgid "Bazaar"
6436
msgstr ""
6437
6438
#: serverguide/C/vcs.xml:18(para)
6439
msgid ""
6440
"Bazaar is a new version control system sponsored by Canonical, the "
6441
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6442
"support a central repository model, Bazaar also supports "
6443
"<emphasis>distributed version control</emphasis>, giving people the ability "
6444
"to collaborate more efficiently. In particular, Bazaar is designed to "
6445
"maximize the level of community participation in open source projects."
6446
msgstr ""
6447
6448
#: serverguide/C/vcs.xml:29(para)
6449
msgid ""
6450
"At a terminal prompt, enter the following command to install "
6451
"<application>bzr</application>: <screen>\n"
6452
"<command>sudo apt-get install bzr</command>\n"
6453
"</screen>"
6454
msgstr ""
6455
6456
#: serverguide/C/vcs.xml:40(para)
6457
msgid ""
6458
"To introduce yourself to <application>bzr</application>, use the "
6459
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6460
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6461
"</screen>"
6462
msgstr ""
6463
6464
#: serverguide/C/vcs.xml:49(title)
6465
msgid "Learning Bazaar"
6466
msgstr ""
6467
6468
#: serverguide/C/vcs.xml:50(para)
6469
msgid ""
6470
"Bazaar comes with bundled documentation installed into "
6471
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6472
"is a good place to start. The <application>bzr</application> command also "
6473
"comes with built-in help: <screen>\n"
6474
"<command>$ bzr help</command>\n"
6475
"</screen>"
6476
msgstr ""
6477
6478
#: serverguide/C/vcs.xml:60(para)
6479
msgid ""
6480
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6481
"<command>$ bzr help foo</command>\n"
6482
"</screen>"
6483
msgstr ""
6484
6485
#: serverguide/C/vcs.xml:68(title)
6486
msgid "Launchpad Integration"
6487
msgstr ""
6488
6489
#: serverguide/C/vcs.xml:69(para)
6490
msgid ""
6491
"While highly useful as a stand-alone system, Bazaar has good, optional "
6492
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6493
"the collaborative development system used by Canonical and the broader open "
6494
"source community to manage and extend Ubuntu itself. For information on how "
6495
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6496
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6497
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6498
msgstr ""
6499
6500
#: serverguide/C/vcs.xml:81(title)
6501
msgid "Subversion"
6502
msgstr ""
6503
6504
#: serverguide/C/vcs.xml:82(para)
6505
msgid ""
6506
"Subversion is an open source version control system. Using Subversion, you "
6507
"can record the history of source files and documents. It manages files and "
6508
"directories over time. A tree of files is placed into a central repository. "
6509
"The repository is much like an ordinary file server, except that it "
6510
"remembers every change ever made to files and directories."
6511
msgstr ""
6512
6513
#: serverguide/C/vcs.xml:87(para)
6514
msgid ""
6515
"To access Subversion repository using the HTTP protocol, you must install "
6516
"and configure a web server. Apache2 is proven to work with Subversion. "
6517
"Please refer to the HTTP subsection in the Apache2 section to install and "
6518
"configure Apache2. To access the Subversion repository using the HTTPS "
6519
"protocol, you must install and configure a digital certificate in your "
6520
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6521
"section to install and configure the digital certificate."
6522
msgstr ""
6523
6524
#: serverguide/C/vcs.xml:96(para)
6525
msgid ""
6526
"To install Subversion, run the following command from a terminal prompt:"
6527
msgstr ""
6528
6529
#: serverguide/C/vcs.xml:101(command)
6530
msgid "sudo apt-get install subversion libapache2-svn"
6531
msgstr ""
6532
6533
#: serverguide/C/vcs.xml:108(para)
6534
msgid ""
6535
"This step assumes you have installed above mentioned packages on your "
6536
"system. This section explains how to create a Subversion repository and "
6537
"access the project."
6538
msgstr ""
6539
6540
#: serverguide/C/vcs.xml:111(title)
6541
msgid "Create Subversion Repository"
6542
msgstr ""
6543
6544
#: serverguide/C/vcs.xml:112(para)
6545
msgid ""
6546
"The Subversion repository can be created using the following command from a "
6547
"terminal prompt:"
6548
msgstr ""
6549
6550
#: serverguide/C/vcs.xml:116(command)
6551
msgid "svnadmin create /path/to/repos/project"
6552
msgstr ""
6553
6554
#: serverguide/C/vcs.xml:121(title)
6555
msgid "Importing Files"
6556
msgstr ""
6557
6558
#: serverguide/C/vcs.xml:122(para)
6559
msgid ""
6560
"Once you create the repository you can <emphasis>import</emphasis> files "
6561
"into the repository. To import a directory, enter the following from a "
6562
"terminal prompt: <screen>\n"
6563
"<command>svn import /path/to/import/directory "
6564
"file:///path/to/repos/project</command>\n"
6565
"</screen>"
6566
msgstr ""
6567
6568
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6569
msgid "Access Methods"
6570
msgstr ""
6571
6572
#: serverguide/C/vcs.xml:135(para)
6573
msgid ""
6574
"Subversion repositories can be accessed (checked out) through many different "
6575
"methods --on local disk, or through various network protocols. A repository "
6576
"location, however, is always a URL. The table describes how different URL "
6577
"schemes map to the available access methods."
6578
msgstr ""
6579
6580
#: serverguide/C/vcs.xml:146(para)
6581
msgid "Schema"
6582
msgstr ""
6583
6584
#: serverguide/C/vcs.xml:147(para)
6585
msgid "Access Method"
6586
msgstr ""
6587
6588
#: serverguide/C/vcs.xml:152(para)
6589
msgid "file://"
6590
msgstr ""
6591
6592
#: serverguide/C/vcs.xml:153(para)
6593
msgid "direct repository access (on local disk)"
6594
msgstr ""
6595
6596
#: serverguide/C/vcs.xml:156(para)
6597
msgid "http://"
6598
msgstr ""
6599
6600
#: serverguide/C/vcs.xml:157(para)
6601
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6602
msgstr ""
6603
6604
#: serverguide/C/vcs.xml:160(para)
6605
msgid "https://"
6606
msgstr ""
6607
6608
#: serverguide/C/vcs.xml:161(para)
6609
msgid "Same as http://, but with SSL encryption"
6610
msgstr ""
6611
6612
#: serverguide/C/vcs.xml:164(para)
6613
msgid "svn://"
6614
msgstr ""
6615
6616
#: serverguide/C/vcs.xml:165(para)
6617
msgid "Access via custom protocol to an svnserve server"
6618
msgstr ""
6619
6620
#: serverguide/C/vcs.xml:168(para)
6621
msgid "svn+ssh://"
6622
msgstr ""
6623
6624
#: serverguide/C/vcs.xml:169(para)
6625
msgid "Same as svn://, but through an SSH tunnel"
6626
msgstr ""
6627
6628
#: serverguide/C/vcs.xml:175(para)
6629
msgid ""
6630
"In this section, we will see how to configure Subversion for all these "
6631
"access methods. Here, we cover the basics. For more advanced usage details, "
6632
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6633
msgstr ""
6634
6635
#: serverguide/C/vcs.xml:182(title)
6636
msgid "Direct repository access (file://)"
6637
msgstr ""
6638
6639
#: serverguide/C/vcs.xml:183(para)
6640
msgid ""
6641
"This is the simplest of all access methods. It does not require any "
6642
"Subversion server process to be running. This access method is used to "
6643
"access Subversion from the same machine. The syntax of the command, entered "
6644
"at a terminal prompt, is as follows:"
6645
msgstr ""
6646
6647
#: serverguide/C/vcs.xml:190(command)
6648
msgid "svn co file:///path/to/repos/project"
6649
msgstr ""
6650
6651
#: serverguide/C/vcs.xml:193(para)
6652
msgid "or"
6653
msgstr ""
6654
6655
#: serverguide/C/vcs.xml:196(command)
6656
msgid "svn co file://localhost/path/to/repos/project"
6657
msgstr ""
6658
6659
#: serverguide/C/vcs.xml:200(para)
6660
msgid ""
6661
"If you do not specify the hostname, there are three forward slashes (///) -- "
6662
"two for the protocol (file, in this case) plus the leading slash in the "
6663
"path. If you specify the hostname, you must use two forward slashes (//)."
6664
msgstr ""
6665
6666
#: serverguide/C/vcs.xml:202(para)
6667
msgid ""
6668
"The repository permissions depend on filesystem permissions. If the user has "
6669
"read/write permission, he can checkout from and commit to the repository."
6670
msgstr ""
6671
6672
#: serverguide/C/vcs.xml:205(title)
6673
msgid "Access via WebDAV protocol (http://)"
6674
msgstr ""
6675
6676
#: serverguide/C/vcs.xml:206(para)
6677
msgid ""
6678
"To access the Subversion repository via WebDAV protocol, you must configure "
6679
"your Apache 2 web server. Add the following snippet between the "
6680
"<emphasis><VirtualHost></emphasis> and "
6681
"<emphasis></VirtualHost></emphasis> elements in "
6682
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6683
"VirtualHost file:"
6684
msgstr ""
6685
6686
#: serverguide/C/vcs.xml:212(programlisting)
6687
#, no-wrap
6688
msgid ""
6689
"\n"
6690
" <Location /svn>\n"
6691
" DAV svn\n"
6692
" SVNPath /home/svn\n"
6693
" AuthType Basic\n"
6694
" AuthName \"Your repository name\"\n"
6695
" AuthUserFile /etc/subversion/passwd\n"
6696
" Require valid-user\n"
6697
" </Location> \n"
6698
msgstr ""
6699
6700
#: serverguide/C/vcs.xml:223(para)
6701
msgid ""
6702
"The above configuration snippet assumes that Subversion repositories are "
6703
"created under <filename>/home/svn/</filename> directory using "
6704
"<command>svnadmin</command> command. They can be accessible using "
6705
"<command>http://hostname/svn/repos_name</command> url."
6706
msgstr ""
6707
6708
#: serverguide/C/vcs.xml:229(para)
6709
msgid ""
6710
"To import or commit files to your Subversion repository over HTTP, the "
6711
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6712
"HTTP user is <command>www-data</command>. To change the ownership of the "
6713
"repository files enter the following command from terminal prompt:"
6714
msgstr ""
6715
6716
#: serverguide/C/vcs.xml:238(command)
6717
msgid "sudo chown -R www-data:www-data /path/to/repos"
6718
msgstr ""
6719
6720
#: serverguide/C/vcs.xml:241(para)
6721
msgid ""
6722
"By changing the ownership of repository as <command>www-data</command> you "
6723
"will not be able to import or commit files into the repository by running "
6724
"<command>svn import file:///</command> command as any user other than "
6725
"<command>www-data</command>."
6726
msgstr ""
6727
6728
#: serverguide/C/vcs.xml:250(para)
6729
msgid ""
6730
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6731
"that will contain user authentication details. To create a file issue the "
6732
"following command at a command prompt (which will create the file and add "
6733
"the first user):"
6734
msgstr ""
6735
6736
#: serverguide/C/vcs.xml:256(command)
6737
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6738
msgstr ""
6739
6740
#: serverguide/C/vcs.xml:259(para)
6741
msgid ""
6742
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6743
"option replaces the old file. Instead use this form:"
6744
msgstr ""
6745
6746
#: serverguide/C/vcs.xml:264(command)
6747
msgid "sudo htpasswd /etc/subversion/password user_name"
6748
msgstr ""
6749
6750
#: serverguide/C/vcs.xml:268(para)
6751
msgid ""
6752
"This command will prompt you to enter the password. Once you enter the "
6753
"password, the user is added. Now, to access the repository you can run the "
6754
"following command:"
6755
msgstr ""
6756
6757
#: serverguide/C/vcs.xml:269(command)
6758
msgid "svn co http://servername/svn"
6759
msgstr ""
6760
6761
#: serverguide/C/vcs.xml:271(para)
6762
msgid ""
6763
"The password is transmitted as plain text. If you are worried about password "
6764
"snooping, you are advised to use SSL encryption. For details, please refer "
6765
"next section."
6766
msgstr ""
6767
6768
#: serverguide/C/vcs.xml:277(title)
6769
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6770
msgstr ""
6771
6772
#: serverguide/C/vcs.xml:278(para)
6773
msgid ""
6774
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6775
"(https://) is similar to http:// except that you must install and configure "
6776
"the digital certificate in your Apache2 web server. To use SSL with "
6777
"Subversion add the above Apache2 configuration to "
6778
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6779
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6780
"configuration\"/>."
6781
msgstr ""
6782
6783
#: serverguide/C/vcs.xml:287(para)
6784
msgid ""
6785
"You can install a digital certificate issued by a signing authority. "
6786
"Alternatively, you can install your own self-signed certificate."
6787
msgstr ""
6788
6789
#: serverguide/C/vcs.xml:292(para)
6790
msgid ""
6791
"This step assumes you have installed and configured a digital certificate in "
6792
"your Apache 2 web server. Now, to access the Subversion repository, please "
6793
"refer to the above section! The access methods are exactly the same, except "
6794
"the protocol. You must use https:// to access the Subversion repository."
6795
msgstr ""
6796
6797
#: serverguide/C/vcs.xml:302(title)
6798
msgid "Access via custom protocol (svn://)"
6799
msgstr ""
6800
6801
#: serverguide/C/vcs.xml:303(para)
6802
msgid ""
6803
"Once the Subversion repository is created, you can configure the access "
6804
"control. You can edit the <filename> "
6805
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6806
"access control. For example, to set up authentication, you can uncomment the "
6807
"following lines in the configuration file:"
6808
msgstr ""
6809
6810
#: serverguide/C/vcs.xml:310(programlisting)
6811
#, no-wrap
6812
msgid ""
6813
"# [general]\n"
6814
"# password-db = passwd"
6815
msgstr ""
6816
6817
#: serverguide/C/vcs.xml:313(para)
6818
msgid ""
6819
"After uncommenting the above lines, you can maintain the user list in the "
6820
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6821
"directory and add the new user. The syntax is as follows:"
6822
msgstr ""
6823
6824
#: serverguide/C/vcs.xml:319(programlisting)
6825
#, no-wrap
6826
msgid "username = password"
6827
msgstr ""
6828
6829
#: serverguide/C/vcs.xml:320(para)
6830
msgid "For more details, please refer to the file."
6831
msgstr ""
6832
6833
#: serverguide/C/vcs.xml:324(para)
6834
msgid ""
6835
"Now, to access Subversion via the svn:// custom protocol, either from the "
6836
"same machine or a different machine, you can run svnserver using svnserve "
6837
"command. The syntax is as follows:"
6838
msgstr ""
6839
6840
#: serverguide/C/vcs.xml:329(programlisting)
6841
#, no-wrap
6842
msgid ""
6843
"$ svnserve -d --foreground -r /path/to/repos\n"
6844
"# -d -- daemon mode\n"
6845
"# --foreground -- run in foreground (useful for debugging)\n"
6846
"# -r -- root of directory to serve\n"
6847
"\n"
6848
"For more usage details, please refer to:\n"
6849
"$ svnserve --help"
6850
msgstr ""
6851
6852
#: serverguide/C/vcs.xml:337(para)
6853
msgid ""
6854
"Once you run this command, Subversion starts listening on default port "
6855
"(3690). To access the project repository, you must run the following command "
6856
"from a terminal prompt:"
6857
msgstr ""
6858
6859
#: serverguide/C/vcs.xml:340(command)
6860
msgid "svn co svn://hostname/project project --username user_name"
6861
msgstr ""
6862
6863
#: serverguide/C/vcs.xml:343(para)
6864
msgid ""
6865
"Based on server configuration, it prompts for password. Once you are "
6866
"authenticated, it checks out the code from Subversion repository. To "
6867
"synchronize the project repository with the local copy, you can run the "
6868
"<command>update</command> sub-command. The syntax of the command, entered at "
6869
"a terminal prompt, is as follows:"
6870
msgstr ""
6871
6872
#: serverguide/C/vcs.xml:351(command)
6873
msgid "cd project_dir ; svn update"
6874
msgstr ""
6875
6876
#: serverguide/C/vcs.xml:354(para)
6877
msgid ""
6878
"For more details about using each Subversion sub-command, you can refer to "
6879
"the manual. For example, to learn more about the co (checkout) command, "
6880
"please run the following command from a terminal prompt:"
6881
msgstr ""
6882
6883
#: serverguide/C/vcs.xml:358(command)
6884
msgid "svn co help"
6885
msgstr ""
6886
6887
#: serverguide/C/vcs.xml:362(title)
6888
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6889
msgstr ""
6890
6891
#: serverguide/C/vcs.xml:363(para)
6892
msgid ""
6893
"The configuration and server process is same as in the svn:// method. For "
6894
"details, please refer to the above section. This step assumes you have "
6895
"followed the above step and started the Subversion server using "
6896
"<application>svnserve</application> command."
6897
msgstr ""
6898
6899
#: serverguide/C/vcs.xml:369(para)
6900
msgid ""
6901
"It is also assumed that the ssh server is running on that machine and that "
6902
"it is allowing incoming connections. To confirm, please try to login to that "
6903
"machine using ssh. If you can login, everything is perfect. If you cannot "
6904
"login, please address it before continuing further."
6905
msgstr ""
6906
6907
#: serverguide/C/vcs.xml:375(para)
6908
msgid ""
6909
"The svn+ssh:// protocol is used to access the Subversion repository using "
6910
"SSL encryption. The data transfer is encrypted using this method. To access "
6911
"the project repository (for example with a checkout), you must use the "
6912
"following command syntax:"
6913
msgstr ""
6914
6915
#: serverguide/C/vcs.xml:382(command)
6916
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6917
msgstr ""
6918
6919
#: serverguide/C/vcs.xml:386(para)
6920
msgid ""
6921
"You must use the full path (/path/to/repos/project) to access the Subversion "
6922
"repository using this access method."
6923
msgstr ""
6924
6925
#: serverguide/C/vcs.xml:389(para)
6926
msgid ""
6927
"Based on server configuration, it prompts for password. You must enter the "
6928
"password you use to login via ssh. Once you are authenticated, it checks out "
6929
"the code from the Subversion repository."
6930
msgstr ""
6931
6932
#: serverguide/C/vcs.xml:399(title)
6933
msgid "CVS Server"
6934
msgstr ""
6935
6936
#: serverguide/C/vcs.xml:400(para)
6937
msgid ""
6938
"CVS is a version control system. You can use it to record the history of "
6939
"source files."
6940
msgstr ""
6941
6942
#: serverguide/C/vcs.xml:406(para)
6943
msgid ""
6944
"To install <application>CVS</application>, run the following command from a "
6945
"terminal prompt: <screen>\n"
6946
"<command>sudo apt-get install cvs</command>\n"
6947
"</screen> After you install <application>cvs</application>, you should "
6948
"install <application>xinetd</application> to start/stop the cvs server. At "
6949
"the prompt, enter the following command to install "
6950
"<application>xinetd</application>: <screen>\n"
6951
"<command>sudo apt-get install xinetd</command>\n"
6952
"</screen>"
6953
msgstr ""
6954
6955
#: serverguide/C/vcs.xml:439(programlisting)
6956
#, no-wrap
6957
msgid ""
6958
"\n"
6959
"service cvspserver\n"
6960
"{\n"
6961
" port = 2401\n"
6962
" socket_type = stream\n"
6963
" protocol = tcp\n"
6964
" user = root\n"
6965
" wait = no\n"
6966
" type = UNLISTED\n"
6967
" server = /usr/bin/cvs\n"
6968
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6969
" disable = no\n"
6970
"}\n"
6971
msgstr ""
6972
6973
#: serverguide/C/vcs.xml:455(para)
6974
msgid ""
6975
"Be sure to edit the repository if you have changed the default repository "
6976
"(<application>/var/lib/cvs</application>) directory."
6977
msgstr ""
6978
6979
#: serverguide/C/vcs.xml:424(para)
6980
msgid ""
6981
"Once you install cvs, the repository will be automatically initialized. By "
6982
"default, the repository resides under the "
6983
"<application>/var/lib/cvs</application> directory. You can change this path "
6984
"by running following command: <screen>\n"
6985
"<command>cvs -d /your/new/cvs/repo init</command>\n"
6986
"</screen> Once the initial repository is set up, you can configure "
6987
"<application>xinetd</application> to start the CVS server. You can copy the "
6988
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
6989
"<placeholder-1/><placeholder-2/> Once you have configured "
6990
"<application>xinetd</application> you can start the cvs server by running "
6991
"following command: <screen>\n"
6992
"<command>sudo /etc/init.d/xinetd restart</command>\n"
6993
"</screen>"
6994
msgstr ""
6995
6996
#: serverguide/C/vcs.xml:468(para)
6997
msgid ""
6998
"You can confirm that the CVS server is running by issuing the following "
6999
"command:"
7000
msgstr ""
7001
7002
#: serverguide/C/vcs.xml:475(command)
7003
msgid "sudo netstat -tap | grep cvs"
7004
msgstr ""
7005
7006
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7007
msgid ""
7008
"When you run this command, you should see the following line or something "
7009
"similar:"
7010
msgstr ""
7011
7012
#: serverguide/C/vcs.xml:484(programlisting)
7013
#, no-wrap
7014
msgid ""
7015
"\n"
7016
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7017
msgstr ""
7018
7019
#: serverguide/C/vcs.xml:488(para)
7020
msgid ""
7021
"From here you can continue to add users, add new projects, and manage the "
7022
"CVS server."
7023
msgstr ""
7024
7025
#: serverguide/C/vcs.xml:493(para)
7026
msgid ""
7027
"CVS allows the user to add users independently of the underlying OS "
7028
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7029
"although it has potential security issues. Please refer to the CVS manual "
7030
"for details."
7031
msgstr ""
7032
7033
#: serverguide/C/vcs.xml:503(title)
7034
msgid "Add Projects"
7035
msgstr ""
7036
7037
#: serverguide/C/vcs.xml:515(para)
7038
msgid ""
7039
"You can use the CVSROOT environment variable to store the CVS root "
7040
"directory. Once you export the CVSROOT environment variable, you can avoid "
7041
"using -d option in the above cvs command."
7042
msgstr ""
7043
7044
#: serverguide/C/vcs.xml:527(para)
7045
msgid ""
7046
"When you add a new project, the CVS user you use must have write access to "
7047
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7048
"the <application>src</application> group has write access to the CVS "
7049
"repository. So, you can add the user to this group, and he can then add and "
7050
"manage projects in the CVS repository."
7051
msgstr ""
7052
7053
#: serverguide/C/vcs.xml:504(para)
7054
msgid ""
7055
"This section explains how to add new project to the CVS repository. Create "
7056
"the directory and add necessary document and source files to the directory. "
7057
"Now, run the following command to add this project to CVS repository: "
7058
"<screen>\n"
7059
"<command>cd your/project</command>\n"
7060
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7061
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7062
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7063
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7064
"purpose in this context, but since CVS requires them, they must be present. "
7065
"<placeholder-2/>"
7066
msgstr ""
7067
7068
#: serverguide/C/vcs.xml:540(ulink)
7069
msgid "Bazaar Home Page"
7070
msgstr ""
7071
7072
#: serverguide/C/vcs.xml:541(ulink)
7073
msgid "Launchpad"
7074
msgstr ""
7075
7076
#: serverguide/C/vcs.xml:542(ulink)
7077
msgid "Subversion Home Page"
7078
msgstr ""
7079
7080
#: serverguide/C/vcs.xml:543(ulink)
7081
msgid "Subversion Book"
7082
msgstr ""
7083
7084
#: serverguide/C/vcs.xml:545(ulink)
7085
msgid "CVS Manual"
7086
msgstr ""
7087
7088
#: serverguide/C/vcs.xml:546(ulink)
7089
msgid "Easy Bazaar Ubuntu Wiki page"
7090
msgstr ""
7091
7092
#: serverguide/C/vcs.xml:547(ulink)
7093
msgid "Ubuntu Wiki Subversion page"
7094
msgstr ""
7095
7096
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7097
msgid "Credits and License"
7098
msgstr ""
7099
7100
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7101
msgid ""
7102
"This document is maintained by the Ubuntu documentation team "
7103
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7104
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7105
msgstr ""
7106
7107
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7108
msgid ""
7109
"This document is made available under the Creative Commons ShareAlike 2.5 "
7110
"License (CC-BY-SA)."
7111
msgstr ""
7112
7113
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7114
msgid ""
7115
"You are free to modify, extend, and improve the Ubuntu documentation source "
7116
"code under the terms of this license. All derivative works must be released "
7117
"under this license."
7118
msgstr ""
7119
7120
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7121
msgid ""
7122
"This documentation is distributed in the hope that it will be useful, but "
7123
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7124
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7125
msgstr ""
7126
7127
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7128
msgid ""
7129
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7130
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7131
msgstr ""
7132
7133
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7134
msgid "2010"
7135
msgstr ""
7136
7137
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7138
msgid "Ubuntu Documentation Project"
7139
msgstr ""
7140
7141
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7142
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7143
msgstr ""
7144
7145
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7146
msgid "The Ubuntu Documentation Project"
7147
msgstr ""
7148
7149
#: serverguide/C/serverguide.xml:17(para)
7150
msgid ""
7151
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7152
"information on how to install and configure various server applications on "
7153
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7154
"guide for configuring and customizing your system."
7155
msgstr ""
7156
7157
#: serverguide/C/security.xml:13(title)
7158
msgid "Security"
7159
msgstr ""
7160
7161
#: serverguide/C/security.xml:14(para)
7162
msgid ""
7163
"Security should always be considered when installing, deploying, and using "
7164
"any type of computer system. Although a fresh installation of Ubuntu is "
7165
"relatively safe for immediate use on the Internet, it is important to have a "
7166
"balanced understanding of your systems security posture based on how it will "
7167
"be used after deployment."
7168
msgstr ""
7169
7170
#: serverguide/C/security.xml:17(para)
7171
msgid ""
7172
"This chapter provides an overview of security related topics as they pertain "
7173
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7174
"protect your server and network from any number of potential security "
7175
"threats."
7176
msgstr ""
7177
7178
#: serverguide/C/security.xml:21(title)
7179
msgid "User Management"
7180
msgstr ""
7181
7182
#: serverguide/C/security.xml:22(para)
7183
msgid ""
7184
"User management is a critical part of maintaining a secure system. "
7185
"Ineffective user and privilege management often lead many systems into being "
7186
"compromised. Therefore, it is important that you understand how you can "
7187
"protect your server through simple and effective user account management "
7188
"techniques."
7189
msgstr ""
7190
7191
#: serverguide/C/security.xml:26(title)
7192
msgid "Where is root?"
7193
msgstr ""
7194
7195
#: serverguide/C/security.xml:27(para)
7196
msgid ""
7197
"Ubuntu developers made a conscientious decision to disable the "
7198
"administrative root account by default in all Ubuntu installations. This "
7199
"does not mean that the root account has been deleted or that it may not be "
7200
"accessed. It merely has been given a password which matches no possible "
7201
"encrypted value, therefore may not log in directly by itself."
7202
msgstr ""
7203
7204
#: serverguide/C/security.xml:30(para)
7205
msgid ""
7206
"Instead, users are encouraged to make use of a tool by the name of "
7207
"<application>sudo</application> to carry out system administrative duties. "
7208
"<application>Sudo</application> allows an authorized user to temporarily "
7209
"elevate their privileges using their own password instead of having to know "
7210
"the password belonging to the root account. This simple yet effective "
7211
"methodology provides accountability for all user actions, and gives the "
7212
"administrator granular control over which actions a user can perform with "
7213
"said privileges."
7214
msgstr ""
7215
7216
#: serverguide/C/security.xml:35(para)
7217
msgid ""
7218
"If for some reason you wish to enable the root account, simply give it a "
7219
"password:"
7220
msgstr ""
7221
7222
#: serverguide/C/security.xml:39(command)
7223
msgid "sudo passwd"
7224
msgstr ""
7225
7226
#: serverguide/C/security.xml:41(para)
7227
msgid ""
7228
"Sudo will prompt you for your password, and then ask you to supply a new "
7229
"password for root as shown below:"
7230
msgstr ""
7231
7232
#: serverguide/C/security.xml:44(userinput)
7233
#, no-wrap
7234
msgid "(enter your own password)"
7235
msgstr ""
7236
7237
#: serverguide/C/security.xml:45(userinput)
7238
#, no-wrap
7239
msgid "(enter a new password for root)"
7240
msgstr ""
7241
7242
#: serverguide/C/security.xml:46(userinput)
7243
#, no-wrap
7244
msgid "(repeat new password for root)"
7245
msgstr ""
7246
7247
#: serverguide/C/security.xml:44(computeroutput)
7248
#, no-wrap
7249
msgid ""
7250
"[sudo] password for username: <placeholder-1/>\n"
7251
"Enter new UNIX password: <placeholder-2/>\n"
7252
"Retype new UNIX password: <placeholder-3/>\n"
7253
"passwd: password updated successfully"
7254
msgstr ""
7255
7256
#: serverguide/C/security.xml:51(para)
7257
msgid "To disable the root account, use the following passwd syntax:"
7258
msgstr ""
7259
7260
#: serverguide/C/security.xml:55(command)
7261
msgid "sudo passwd -l root"
7262
msgstr ""
7263
7264
#: serverguide/C/security.xml:59(para)
7265
msgid ""
7266
"You should read more on <application>Sudo</application> by checking out it's "
7267
"man page:"
7268
msgstr ""
7269
7270
#: serverguide/C/security.xml:63(command)
7271
msgid "man sudo"
7272
msgstr ""
7273
7274
#: serverguide/C/security.xml:67(para)
7275
msgid ""
7276
"By default, the initial user created by the Ubuntu installer is a member of "
7277
"the group \"admin\" which is added to the file "
7278
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7279
"give any other account full root access through "
7280
"<application>sudo</application>, simply add them to the admin group."
7281
msgstr ""
7282
7283
#: serverguide/C/security.xml:73(title)
7284
msgid "Adding and Deleting Users"
7285
msgstr ""
7286
7287
#: serverguide/C/security.xml:74(para)
7288
msgid ""
7289
"The process for managing local users and groups is straight forward and "
7290
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7291
"other Debian based distributions, encourage the use of the \"adduser\" "
7292
"package for account management."
7293
msgstr ""
7294
7295
#: serverguide/C/security.xml:79(para)
7296
msgid ""
7297
"To add a user account, use the following syntax, and follow the prompts to "
7298
"give the account a password and identifiable characteristics such as a full "
7299
"name, phone number, etc."
7300
msgstr ""
7301
7302
#: serverguide/C/security.xml:83(command)
7303
msgid "sudo adduser username"
7304
msgstr ""
7305
7306
#: serverguide/C/security.xml:87(para)
7307
msgid ""
7308
"To delete a user account and its primary group, use the following syntax:"
7309
msgstr ""
7310
7311
#: serverguide/C/security.xml:91(command)
7312
msgid "sudo deluser username"
7313
msgstr ""
7314
7315
#: serverguide/C/security.xml:93(para)
7316
msgid ""
7317
"Deleting an account does not remove their respective home folder. It is up "
7318
"to you whether or not you wish to delete the folder manually or keep it "
7319
"according to your desired retention policies."
7320
msgstr ""
7321
7322
#: serverguide/C/security.xml:96(para)
7323
msgid ""
7324
"Remember, any user added later on with the same UID/GID as the previous "
7325
"owner will now have access to this folder if you have not taken the "
7326
"necessary precautions."
7327
msgstr ""
7328
7329
#: serverguide/C/security.xml:99(para)
7330
msgid ""
7331
"You may want to change these UID/GID values to something more appropriate, "
7332
"such as the root account, and perhaps even relocate the folder to avoid "
7333
"future conflicts:"
7334
msgstr ""
7335
7336
#: serverguide/C/security.xml:103(command)
7337
msgid "sudo chown -R root:root /home/username/"
7338
msgstr ""
7339
7340
#: serverguide/C/security.xml:104(command)
7341
msgid "sudo mkdir /home/archived_users/"
7342
msgstr ""
7343
7344
#: serverguide/C/security.xml:105(command)
7345
msgid "sudo mv /home/username /home/archived_users/"
7346
msgstr ""
7347
7348
#: serverguide/C/security.xml:109(para)
7349
msgid ""
7350
"To temporarily lock or unlock a user account, use the following syntax, "
7351
"respectively:"
7352
msgstr ""
7353
7354
#: serverguide/C/security.xml:113(command)
7355
msgid "sudo passwd -l username"
7356
msgstr ""
7357
7358
#: serverguide/C/security.xml:114(command)
7359
msgid "sudo passwd -u username"
7360
msgstr ""
7361
7362
#: serverguide/C/security.xml:118(para)
7363
msgid ""
7364
"To add or delete a personalized group, use the following syntax, "
7365
"respectively:"
7366
msgstr ""
7367
7368
#: serverguide/C/security.xml:122(command)
7369
msgid "sudo addgroup groupname"
7370
msgstr ""
7371
7372
#: serverguide/C/security.xml:123(command)
7373
msgid "sudo delgroup groupname"
7374
msgstr ""
7375
7376
#: serverguide/C/security.xml:127(para)
7377
msgid "To add a user to a group, use the following syntax:"
7378
msgstr ""
7379
7380
#: serverguide/C/security.xml:131(command)
7381
msgid "sudo adduser username groupname"
7382
msgstr ""
7383
7384
#: serverguide/C/security.xml:138(title)
7385
msgid "User Profile Security"
7386
msgstr ""
7387
7388
#: serverguide/C/security.xml:139(para)
7389
msgid ""
7390
"When a new user is created, the adduser utility creates a brand new home "
7391
"directory named <filename class=\"directory\">/home/username</filename>, "
7392
"respectively. The default profile is modeled after the contents found in the "
7393
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7394
"includes all profile basics."
7395
msgstr ""
7396
7397
#: serverguide/C/security.xml:142(para)
7398
msgid ""
7399
"If your server will be home to multiple users, you should pay close "
7400
"attention to the user home directory permissions to ensure confidentiality. "
7401
"By default, user home directories in Ubuntu are created with world "
7402
"read/execute permissions. This means that all users can browse and access "
7403
"the contents of other users home directories. This may not be suitable for "
7404
"your environment."
7405
msgstr ""
7406
7407
#: serverguide/C/security.xml:147(para)
7408
msgid ""
7409
"To verify your current users home directory permissions, use the following "
7410
"syntax:"
7411
msgstr ""
7412
7413
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7414
msgid "ls -ld /home/username"
7415
msgstr ""
7416
7417
#: serverguide/C/security.xml:153(para)
7418
msgid ""
7419
"The following output shows that the directory <filename "
7420
"class=\"directory\">/home/username</filename> has world readable permissions:"
7421
msgstr ""
7422
7423
#: serverguide/C/security.xml:156(computeroutput)
7424
#, no-wrap
7425
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7426
msgstr ""
7427
7428
#: serverguide/C/security.xml:160(para)
7429
msgid ""
7430
"You can remove the world readable permissions using the following syntax:"
7431
msgstr ""
7432
7433
#: serverguide/C/security.xml:164(command)
7434
msgid "sudo chmod 0750 /home/username"
7435
msgstr ""
7436
7437
#: serverguide/C/security.xml:167(para)
7438
msgid ""
7439
"Some people tend to use the recursive option (-R) indiscriminately which "
7440
"modifies all child folders and files, but this is not necessary, and may "
7441
"yield other undesirable results. The parent directory alone is sufficient "
7442
"for preventing unauthorized access to anything below the parent."
7443
msgstr ""
7444
7445
#: serverguide/C/security.xml:171(para)
7446
msgid ""
7447
"A much more efficient approach to the matter would be to modify the "
7448
"<application>adduser</application> global default permissions when creating "
7449
"user home folders. Simply edit the file "
7450
"<filename>/etc/adduser.conf</filename> and modify the "
7451
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7452
"new home directories will receive the correct permissions."
7453
msgstr ""
7454
7455
#: serverguide/C/security.xml:174(programlisting)
7456
#, no-wrap
7457
msgid ""
7458
"\n"
7459
"DIR_MODE=0750\n"
7460
msgstr ""
7461
7462
#: serverguide/C/security.xml:179(para)
7463
msgid ""
7464
"After correcting the directory permissions using any of the previously "
7465
"mentioned techniques, verify the results using the following syntax:"
7466
msgstr ""
7467
7468
#: serverguide/C/security.xml:185(para)
7469
msgid ""
7470
"The results below show that world readable permissions have been removed:"
7471
msgstr ""
7472
7473
#: serverguide/C/security.xml:188(computeroutput)
7474
#, no-wrap
7475
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7476
msgstr ""
7477
7478
#: serverguide/C/security.xml:195(title)
7479
msgid "Password Policy"
7480
msgstr ""
7481
7482
#: serverguide/C/security.xml:196(para)
7483
msgid ""
7484
"A strong password policy is one of the most important aspects of your "
7485
"security posture. Many successful security breaches involve simple brute "
7486
"force and dictionary attacks against weak passwords. If you intend to offer "
7487
"any form of remote access involving your local password system, make sure "
7488
"you adequately address minimum password complexity requirements, maximum "
7489
"password lifetimes, and frequent audits of your authentication systems."
7490
msgstr ""
7491
7492
#: serverguide/C/security.xml:200(title)
7493
msgid "Minimum Password Length"
7494
msgstr ""
7495
7496
#: serverguide/C/security.xml:201(para)
7497
msgid ""
7498
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7499
"well as some basic entropy checks. These values are controlled in the file "
7500
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7501
msgstr ""
7502
7503
#: serverguide/C/security.xml:204(programlisting)
7504
#, no-wrap
7505
msgid ""
7506
"\n"
7507
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7508
msgstr ""
7509
7510
#: serverguide/C/security.xml:207(para)
7511
msgid ""
7512
"If you would like to adjust the minimum length to 8 characters, change the "
7513
"appropriate variable to min=8. The modification is outlined below."
7514
msgstr ""
7515
7516
#: serverguide/C/security.xml:210(programlisting)
7517
#, no-wrap
7518
msgid ""
7519
"\n"
7520
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7521
"min=8\n"
7522
msgstr ""
7523
7524
#: serverguide/C/security.xml:215(title)
7525
msgid "Password Expiration"
7526
msgstr ""
7527
7528
#: serverguide/C/security.xml:216(para)
7529
msgid ""
7530
"When creating user accounts, you should make it a policy to have a minimum "
7531
"and maximum password age forcing users to change their passwords when they "
7532
"expire."
7533
msgstr ""
7534
7535
#: serverguide/C/security.xml:221(para)
7536
msgid ""
7537
"To easily view the current status of a user account, use the following "
7538
"syntax:"
7539
msgstr ""
7540
7541
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7542
msgid "sudo chage -l username"
7543
msgstr ""
7544
7545
#: serverguide/C/security.xml:227(para)
7546
msgid ""
7547
"The output below shows interesting facts about the user account, namely that "
7548
"there are no policies applied:"
7549
msgstr ""
7550
7551
#: serverguide/C/security.xml:230(computeroutput)
7552
#, no-wrap
7553
msgid ""
7554
"Last password change : Jan 20, 2008\n"
7555
"Password expires : never\n"
7556
"Password inactive : never\n"
7557
"Account expires : never\n"
7558
"Minimum number of days between password change : 0\n"
7559
"Maximum number of days between password change : 99999\n"
7560
"Number of days of warning before password expires : 7"
7561
msgstr ""
7562
7563
#: serverguide/C/security.xml:240(para)
7564
msgid ""
7565
"To set any of these values, simply use the following syntax, and follow the "
7566
"interactive prompts:"
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:244(command)
7570
msgid "sudo chage username"
7571
msgstr ""
7572
7573
#: serverguide/C/security.xml:246(para)
7574
msgid ""
7575
"The following is also an example of how you can manually change the explicit "
7576
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7577
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7578
"password expiration, and a warning time period (-W) of 14 days before "
7579
"password expiration."
7580
msgstr ""
7581
7582
#: serverguide/C/security.xml:250(command)
7583
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7584
msgstr ""
7585
7586
#: serverguide/C/security.xml:254(para)
7587
msgid "To verify changes, use the same syntax as mentioned previously:"
7588
msgstr ""
7589
7590
#: serverguide/C/security.xml:260(para)
7591
msgid ""
7592
"The output below shows the new policies that have been established for the "
7593
"account:"
7594
msgstr ""
7595
7596
#: serverguide/C/security.xml:263(computeroutput)
7597
#, no-wrap
7598
msgid ""
7599
"Last password change : Jan 20, 2008\n"
7600
"Password expires : Apr 19, 2008\n"
7601
"Password inactive : May 19, 2008\n"
7602
"Account expires : Jan 31, 2008\n"
7603
"Minimum number of days between password change : 5\n"
7604
"Maximum number of days between password change : 90\n"
7605
"Number of days of warning before password expires : 14"
7606
msgstr ""
7607
7608
#: serverguide/C/security.xml:279(title)
7609
msgid "Other Security Considerations"
7610
msgstr ""
7611
7612
#: serverguide/C/security.xml:280(para)
7613
msgid ""
7614
"Many applications use alternate authentication mechanisms that can be easily "
7615
"overlooked by even experienced system administrators. Therefore, it is "
7616
"important to understand and control how users authenticate and gain access "
7617
"to services and applications on your server."
7618
msgstr ""
7619
7620
#: serverguide/C/security.xml:285(title)
7621
msgid "SSH Access by Disabled Users"
7622
msgstr ""
7623
7624
#: serverguide/C/security.xml:286(para)
7625
msgid ""
7626
"Simply disabling/locking a user account will not prevent a user from logging "
7627
"into your server remotely if they have previously set up RSA public key "
7628
"authentication. They will still be able to gain shell access to the server, "
7629
"without the need for any password. Remember to check the users home "
7630
"directory for files that will allow for this type of authenticated SSH "
7631
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7632
msgstr ""
7633
7634
#: serverguide/C/security.xml:289(para)
7635
msgid ""
7636
"Remove or rename the directory <filename "
7637
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7638
"further SSH authentication capabilities."
7639
msgstr ""
7640
7641
#: serverguide/C/security.xml:292(para)
7642
msgid ""
7643
"Be sure to check for any established SSH connections by the disabled user, "
7644
"as it is possible they may have existing inbound or outbound connections. "
7645
"Kill any that are found."
7646
msgstr ""
7647
7648
#: serverguide/C/security.xml:295(para)
7649
msgid ""
7650
"Restrict SSH access to only user accounts that should have it. For example, "
7651
"you may create a group called \"sshlogin\" and add the group name as the "
7652
"value associated with the <varname>AllowGroups</varname> variable located in "
7653
"the file <filename>/etc/ssh/sshd_config</filename>."
7654
msgstr ""
7655
7656
#: serverguide/C/security.xml:298(programlisting)
7657
#, no-wrap
7658
msgid ""
7659
"\n"
7660
"AllowGroups sshlogin\n"
7661
msgstr ""
7662
7663
#: serverguide/C/security.xml:301(para)
7664
msgid ""
7665
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7666
"SSH service."
7667
msgstr ""
7668
7669
#: serverguide/C/security.xml:305(command)
7670
msgid "sudo adduser username sshlogin"
7671
msgstr ""
7672
7673
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7674
msgid "sudo /etc/init.d/ssh restart"
7675
msgstr ""
7676
7677
#: serverguide/C/security.xml:310(title)
7678
msgid "External User Database Authentication"
7679
msgstr ""
7680
7681
#: serverguide/C/security.xml:311(para)
7682
msgid ""
7683
"Most enterprise networks require centralized authentication and access "
7684
"controls for all system resources. If you have configured your server to "
7685
"authenticate users against external databases, be sure to disable the user "
7686
"accounts both externally and locally, this way you ensure that local "
7687
"fallback authentication is not possible."
7688
msgstr ""
7689
7690
#: serverguide/C/security.xml:320(title)
7691
msgid "Console Security"
7692
msgstr ""
7693
7694
#: serverguide/C/security.xml:321(para)
7695
msgid ""
7696
"As with any other security barrier you put in place to protect your server, "
7697
"it is pretty tough to defend against untold damage caused by someone with "
7698
"physical access to your environment, for example, theft of hard drives, "
7699
"power or service disruption and so on. Therefore, console security should be "
7700
"addressed merely as one component of your overall physical security "
7701
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7702
"very least slow down a determined one, so it is still advisable to perform "
7703
"basic precautions with regard to console security."
7704
msgstr ""
7705
7706
#: serverguide/C/security.xml:324(para)
7707
msgid ""
7708
"The following instructions will help defend your server against issues that "
7709
"could otherwise yield very serious consequences."
7710
msgstr ""
7711
7712
#: serverguide/C/security.xml:329(title)
7713
msgid "Disable Ctrl+Alt+Delete"
7714
msgstr ""
7715
7716
#: serverguide/C/security.xml:330(para)
7717
msgid ""
7718
"First and foremost, anyone that has physical access to the keyboard can "
7719
"simply use the "
7720
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7721
"eycombo> key combination to reboot the server without having to log on. "
7722
"Sure, someone could simply unplug the power source, but you should still "
7723
"prevent the use of this key combination on a production server. This forces "
7724
"an attacker to take more drastic measures to reboot the server, and will "
7725
"prevent accidental reboots at the same time."
7726
msgstr ""
7727
7728
#: serverguide/C/security.xml:335(para)
7729
msgid ""
7730
"To disable the reboot action taken by pressing the "
7731
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7732
"eycombo> key combination, comment out the following line in the file "
7733
"<filename>/etc/init/control-alt-delete.conf</filename>."
7734
msgstr ""
7735
7736
#: serverguide/C/security.xml:338(programlisting)
7737
#, no-wrap
7738
msgid ""
7739
"\n"
7740
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7741
msgstr ""
7742
7743
#: serverguide/C/security.xml:347(title)
7744
msgid "Firewall"
7745
msgstr ""
7746
7747
#: serverguide/C/security.xml:350(para)
7748
msgid ""
7749
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7750
"which is used to manipulate or decide the fate of network traffic headed "
7751
"into or through your server. All modern Linux firewall solutions use this "
7752
"system for packet filtering."
7753
msgstr ""
7754
7755
#: serverguide/C/security.xml:355(para)
7756
msgid ""
7757
"The kernel's packet filtering system would be of little use to "
7758
"administrators without a userspace interface to manage it. This is the "
7759
"purpose of iptables. When a packet reaches your server, it will be handed "
7760
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7761
"based on the rules supplied to it from userspace via iptables. Thus, "
7762
"iptables is all you need to manage your firewall if you're familiar with it, "
7763
"but many frontends are available to simplify the task."
7764
msgstr ""
7765
7766
#: serverguide/C/security.xml:365(title)
7767
msgid "ufw - Uncomplicated Firewall"
7768
msgstr ""
7769
7770
#: serverguide/C/security.xml:366(para)
7771
msgid ""
7772
"The default firewall configuration tool for Ubuntu is "
7773
"<application>ufw</application>. Developed to ease iptables firewall "
7774
"configuration, <application>ufw</application> provides a user friendly way "
7775
"to create an IPv4 or IPv6 host-based firewall."
7776
msgstr ""
7777
7778
#: serverguide/C/security.xml:370(para)
7779
msgid ""
7780
"<application>ufw</application> by default is initially disabled. From the "
7781
"<application>ufw</application> man page:"
7782
msgstr ""
7783
7784
#: serverguide/C/security.xml:374(quote)
7785
msgid ""
7786
"ufw is not intended to provide complete firewall functionality via its "
7787
"command interface, but instead provides an easy way to add or remove simple "
7788
"rules. It is currently mainly used for host-based firewalls."
7789
msgstr ""
7790
7791
#: serverguide/C/security.xml:378(para)
7792
msgid ""
7793
"The following are some examples of how to use <application>ufw</application>:"
7794
msgstr ""
7795
7796
#: serverguide/C/security.xml:383(para)
7797
msgid ""
7798
"First, <application>ufw</application> needs to be enabled. From a terminal "
7799
"prompt enter:"
7800
msgstr ""
7801
7802
#: serverguide/C/security.xml:387(command)
7803
msgid "sudo ufw enable"
7804
msgstr ""
7805
7806
#: serverguide/C/security.xml:391(para)
7807
msgid "To open a port (ssh in this example):"
7808
msgstr ""
7809
7810
#: serverguide/C/security.xml:395(command)
7811
msgid "sudo ufw allow 22"
7812
msgstr ""
7813
7814
#: serverguide/C/security.xml:399(para)
7815
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7816
msgstr ""
7817
7818
#: serverguide/C/security.xml:403(command)
7819
msgid "sudo ufw insert 1 allow 80"
7820
msgstr ""
7821
7822
#: serverguide/C/security.xml:407(para)
7823
msgid "Similarly, to close an opened port:"
7824
msgstr ""
7825
7826
#: serverguide/C/security.xml:411(command)
7827
msgid "sudo ufw deny 22"
7828
msgstr ""
7829
7830
#: serverguide/C/security.xml:415(para)
7831
msgid "To remove a rule, use delete followed by the rule:"
7832
msgstr ""
7833
7834
#: serverguide/C/security.xml:419(command)
7835
msgid "sudo ufw delete deny 22"
7836
msgstr ""
7837
7838
#: serverguide/C/security.xml:423(para)
7839
msgid ""
7840
"It is also possible to allow access from specific hosts or networks to a "
7841
"port. The following example allows ssh access from host 192.168.0.2 to any "
7842
"ip address on this host:"
7843
msgstr ""
7844
7845
#: serverguide/C/security.xml:428(command)
7846
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7847
msgstr ""
7848
7849
#: serverguide/C/security.xml:430(para)
7850
msgid ""
7851
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7852
"subnet."
7853
msgstr ""
7854
7855
#: serverguide/C/security.xml:436(para)
7856
msgid ""
7857
"Adding the <emphasis>--dry-run</emphasis> option to a "
7858
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7859
"apply them. For example, the following is what would be applied if opening "
7860
"the HTTP port:"
7861
msgstr ""
7862
7863
#: serverguide/C/security.xml:442(command)
7864
msgid "sudo ufw --dry-run allow http"
7865
msgstr ""
7866
7867
#: serverguide/C/security.xml:446(computeroutput)
7868
#, no-wrap
7869
msgid ""
7870
"*filter\n"
7871
":ufw-user-input - [0:0]\n"
7872
":ufw-user-output - [0:0]\n"
7873
":ufw-user-forward - [0:0]\n"
7874
":ufw-user-limit - [0:0]\n"
7875
":ufw-user-limit-accept - [0:0]\n"
7876
"### RULES ###\n"
7877
"\n"
7878
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7879
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7880
"\n"
7881
"### END RULES ###\n"
7882
"-A ufw-user-input -j RETURN\n"
7883
"-A ufw-user-output -j RETURN\n"
7884
"-A ufw-user-forward -j RETURN\n"
7885
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7886
"LIMIT]: \"\n"
7887
"-A ufw-user-limit -j REJECT\n"
7888
"-A ufw-user-limit-accept -j ACCEPT\n"
7889
"COMMIT\n"
7890
"Rules updated"
7891
msgstr ""
7892
7893
#: serverguide/C/security.xml:470(para)
7894
msgid "<application>ufw</application> can be disabled by:"
7895
msgstr ""
7896
7897
#: serverguide/C/security.xml:474(command)
7898
msgid "sudo ufw disable"
7899
msgstr ""
7900
7901
#: serverguide/C/security.xml:478(para)
7902
msgid "To see the firewall status, enter:"
7903
msgstr ""
7904
7905
#: serverguide/C/security.xml:482(command)
7906
msgid "sudo ufw status"
7907
msgstr ""
7908
7909
#: serverguide/C/security.xml:486(para)
7910
msgid "And for more verbose status information use:"
7911
msgstr ""
7912
7913
#: serverguide/C/security.xml:490(command)
7914
msgid "sudo ufw status verbose"
7915
msgstr ""
7916
7917
#: serverguide/C/security.xml:494(para)
7918
msgid "To view the <emphasis>numbered</emphasis> format:"
7919
msgstr ""
7920
7921
#: serverguide/C/security.xml:498(command)
7922
msgid "sudo ufw status numbered"
7923
msgstr ""
7924
7925
#: serverguide/C/security.xml:503(para)
7926
msgid ""
7927
"If the port you want to open or close is defined in "
7928
"<filename>/etc/services</filename>, you can use the port name instead of the "
7929
"number. In the above examples, replace <emphasis>22</emphasis> with "
7930
"<emphasis>ssh</emphasis>."
7931
msgstr ""
7932
7933
#: serverguide/C/security.xml:509(para)
7934
msgid ""
7935
"This is a quick introduction to using <application>ufw</application>. Please "
7936
"refer to the <application>ufw</application> man page for more information."
7937
msgstr ""
7938
7939
#: serverguide/C/security.xml:515(title)
7940
msgid "ufw Application Integration"
7941
msgstr ""
7942
7943
#: serverguide/C/security.xml:517(para)
7944
msgid ""
7945
"Applications that open ports can include an <application>ufw</application> "
7946
"profile, which details the ports needed for the application to function "
7947
"properly. The profiles are kept in <filename "
7948
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7949
"the default ports have been changed."
7950
msgstr ""
7951
7952
#: serverguide/C/security.xml:526(para)
7953
msgid ""
7954
"To view which applications have installed a profile, enter the following in "
7955
"a terminal:"
7956
msgstr ""
7957
7958
#: serverguide/C/security.xml:531(command)
7959
msgid "sudo ufw app list"
7960
msgstr ""
7961
7962
#: serverguide/C/security.xml:537(para)
7963
msgid ""
7964
"Similar to allowing traffic to a port, using an application profile is "
7965
"accomplished by entering:"
7966
msgstr ""
7967
7968
#: serverguide/C/security.xml:542(command)
7969
msgid "sudo ufw allow Samba"
7970
msgstr ""
7971
7972
#: serverguide/C/security.xml:548(para)
7973
msgid "An extended syntax is available as well:"
7974
msgstr ""
7975
7976
#: serverguide/C/security.xml:553(command)
7977
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7978
msgstr ""
7979
7980
#: serverguide/C/security.xml:556(para)
7981
msgid ""
7982
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7983
"with the application profile you are using and the IP range for your network."
7984
msgstr ""
7985
7986
#: serverguide/C/security.xml:562(para)
7987
msgid ""
7988
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7989
"application, because that information is detailed in the profile. Also, note "
7990
"that the <emphasis>app</emphasis> name replaces the "
7991
"<emphasis>port</emphasis> number."
7992
msgstr ""
7993
7994
#: serverguide/C/security.xml:571(para)
7995
msgid ""
7996
"To view details about which ports, protocols, etc are defined for an "
7997
"application, enter:"
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:576(command)
8001
msgid "sudo ufw app info Samba"
8002
msgstr ""
8003
8004
#: serverguide/C/security.xml:582(para)
8005
msgid ""
8006
"Not all applications that require opening a network port come with "
8007
"<application>ufw</application> profiles, but if you have profiled an "
8008
"application and want the file to be included with the package, please file a "
8009
"bug against the package in <ulink "
8010
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8011
msgstr ""
8012
8013
#: serverguide/C/security.xml:591(title)
8014
msgid "IP Masquerading"
8015
msgstr ""
8016
8017
#: serverguide/C/security.xml:592(para)
8018
msgid ""
8019
"The purpose of IP Masquerading is to allow machines with private, non-"
8020
"routable IP addresses on your network to access the Internet through the "
8021
"machine doing the masquerading. Traffic from your private network destined "
8022
"for the Internet must be manipulated for replies to be routable back to the "
8023
"machine that made the request. To do this, the kernel must modify the "
8024
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8025
"be routed back to it, rather than to the private IP address that made the "
8026
"request, which is impossible over the Internet. Linux uses "
8027
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8028
"connections belong to which machines and reroute each return packet "
8029
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8030
"having originated from your Ubuntu gateway machine. This process is referred "
8031
"to in Microsoft documentation as Internet Connection Sharing."
8032
msgstr ""
8033
8034
#: serverguide/C/security.xml:608(title)
8035
msgid "ufw Masquerading"
8036
msgstr ""
8037
8038
#: serverguide/C/security.xml:609(para)
8039
msgid ""
8040
"IP Masquerading can be achieved using custom <application>ufw</application> "
8041
"rules. This is possible because the current back-end for "
8042
"<application>ufw</application> is <application>iptables-"
8043
"restore</application> with the rules files located in "
8044
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8045
"legacy iptables rules used without <application>ufw</application>, and rules "
8046
"that are more network gateway or bridge related."
8047
msgstr ""
8048
8049
#: serverguide/C/security.xml:615(para)
8050
msgid ""
8051
"The rules are split into two different files, rules that should be executed "
8052
"before <application>ufw</application> command line rules, and rules that are "
8053
"executed after <application>ufw</application> command line rules."
8054
msgstr ""
8055
8056
#: serverguide/C/security.xml:621(para)
8057
msgid ""
8058
"First, packet forwarding needs to be enabled in "
8059
"<application>ufw</application>. Two configuration files will need to be "
8060
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8061
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8062
msgstr ""
8063
8064
#: serverguide/C/security.xml:625(programlisting)
8065
#, no-wrap
8066
msgid ""
8067
"\n"
8068
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:628(para)
8072
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8073
msgstr ""
8074
8075
#: serverguide/C/security.xml:631(programlisting)
8076
#, no-wrap
8077
msgid ""
8078
"\n"
8079
"net/ipv4/ip_forward=1\n"
8080
msgstr ""
8081
8082
#: serverguide/C/security.xml:634(para)
8083
msgid "Similarly, for IPv6 forwarding uncomment:"
8084
msgstr ""
8085
8086
#: serverguide/C/security.xml:637(programlisting)
8087
#, no-wrap
8088
msgid ""
8089
"\n"
8090
"net/ipv6/conf/default/forwarding=1\n"
8091
msgstr ""
8092
8093
#: serverguide/C/security.xml:642(para)
8094
msgid ""
8095
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8096
"file. The default rules only configure the <emphasis>filter</emphasis> "
8097
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8098
"need to be configured. Add the following to the top of the file just after "
8099
"the header comments:"
8100
msgstr ""
8101
8102
#: serverguide/C/security.xml:647(programlisting)
8103
#, no-wrap
8104
msgid ""
8105
"\n"
8106
"# nat Table rules\n"
8107
"*nat\n"
8108
":POSTROUTING ACCEPT [0:0]\n"
8109
"\n"
8110
"# Forward traffic from eth1 through eth0.\n"
8111
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8112
"\n"
8113
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8114
"processed\n"
8115
"COMMIT\n"
8116
msgstr ""
8117
8118
#: serverguide/C/security.xml:658(para)
8119
msgid ""
8120
"The comments are not strictly necessary, but it is considered good practice "
8121
"to document your configuration. Also, when modifying any of the "
8122
"<emphasis>rules</emphasis> files in <filename "
8123
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8124
"line for each table modified:"
8125
msgstr ""
8126
8127
#: serverguide/C/security.xml:664(programlisting)
8128
#, no-wrap
8129
msgid ""
8130
"\n"
8131
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8132
"COMMIT\n"
8133
msgstr ""
8134
8135
#: serverguide/C/security.xml:669(para)
8136
msgid ""
8137
"For each <emphasis>Table</emphasis> a corresponding "
8138
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8139
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8140
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8141
"<emphasis>mangle</emphasis> tables."
8142
msgstr ""
8143
8144
#: serverguide/C/security.xml:676(para)
8145
msgid ""
8146
"In the above example replace <emphasis>eth0</emphasis>, "
8147
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8148
"appropriate interfaces and IP range for your network."
8149
msgstr ""
8150
8151
#: serverguide/C/security.xml:684(para)
8152
msgid ""
8153
"Finally, disable and re-enable <application>ufw</application> to apply the "
8154
"changes:"
8155
msgstr ""
8156
8157
#: serverguide/C/security.xml:688(command)
8158
msgid "sudo ufw disable && sudo ufw enable"
8159
msgstr ""
8160
8161
#: serverguide/C/security.xml:692(para)
8162
msgid ""
8163
"IP Masquerading should now be enabled. You can also add any additional "
8164
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8165
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8166
"forward</emphasis> chain."
8167
msgstr ""
8168
8169
#: serverguide/C/security.xml:699(title)
8170
msgid "iptables Masquerading"
8171
msgstr ""
8172
8173
#: serverguide/C/security.xml:700(para)
8174
msgid ""
8175
"<application>iptables</application> can also be used to enable masquerading."
8176
msgstr ""
8177
8178
#: serverguide/C/security.xml:705(para)
8179
msgid ""
8180
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8181
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8182
"uncomment the following line"
8183
msgstr ""
8184
8185
#: serverguide/C/security.xml:709(programlisting)
8186
#, no-wrap
8187
msgid ""
8188
"\n"
8189
"net.ipv4.ip_forward=1\n"
8190
msgstr ""
8191
8192
#: serverguide/C/security.xml:712(para)
8193
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8194
msgstr ""
8195
8196
#: serverguide/C/security.xml:715(programlisting)
8197
#, no-wrap
8198
msgid ""
8199
"\n"
8200
"net.ipv6.conf.default.forwarding=1\n"
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:720(para)
8204
msgid ""
8205
"Next, execute the <application>sysctl</application> command to enable the "
8206
"new settings in the configuration file:"
8207
msgstr ""
8208
8209
#: serverguide/C/security.xml:724(command)
8210
msgid "sudo sysctl -p"
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:728(para)
8214
msgid ""
8215
"IP Masquerading can now be accomplished with a single iptables rule, which "
8216
"may differ slightly based on your network configuration:"
8217
msgstr ""
8218
8219
#: serverguide/C/security.xml:731(screen)
8220
#, no-wrap
8221
msgid ""
8222
"\n"
8223
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8224
msgstr ""
8225
8226
#: serverguide/C/security.xml:734(para)
8227
msgid ""
8228
"The above command assumes that your private address space is 192.168.0.0/16 "
8229
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8230
"follows:"
8231
msgstr ""
8232
8233
#: serverguide/C/security.xml:739(para)
8234
msgid "-t nat -- the rule is to go into the nat table"
8235
msgstr ""
8236
8237
#: serverguide/C/security.xml:740(para)
8238
msgid ""
8239
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8240
msgstr ""
8241
8242
#: serverguide/C/security.xml:741(para)
8243
msgid ""
8244
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8245
"specified address space"
8246
msgstr ""
8247
8248
#: serverguide/C/security.xml:742(para)
8249
msgid ""
8250
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8251
"specified network device"
8252
msgstr ""
8253
8254
#: serverguide/C/security.xml:744(para)
8255
msgid ""
8256
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8257
"MASQUERADE target to be manipulated as described above"
8258
msgstr ""
8259
8260
#: serverguide/C/security.xml:752(para)
8261
msgid ""
8262
"Also, each chain in the filter table (the default table, and where most or "
8263
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8264
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8265
"you may have set the policies to DROP or REJECT, in which case your "
8266
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8267
"above rule to work:"
8268
msgstr ""
8269
8270
#: serverguide/C/security.xml:759(screen)
8271
#, no-wrap
8272
msgid ""
8273
"\n"
8274
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8275
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8276
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8277
msgstr ""
8278
8279
#: serverguide/C/security.xml:763(para)
8280
msgid ""
8281
"The above commands will allow all connections from your local network to the "
8282
"Internet and all traffic related to those connections to return to the "
8283
"machine that initiated them."
8284
msgstr ""
8285
8286
#: serverguide/C/security.xml:770(para)
8287
msgid ""
8288
"If you want masquerading to be enabled on reboot, which you probably do, "
8289
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8290
"example add the first command with no filtering:"
8291
msgstr ""
8292
8293
#: serverguide/C/security.xml:774(screen)
8294
#, no-wrap
8295
msgid ""
8296
"\n"
8297
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8298
msgstr ""
8299
8300
#: serverguide/C/security.xml:782(title)
8301
msgid "Logs"
8302
msgstr ""
8303
8304
#: serverguide/C/security.xml:783(para)
8305
msgid ""
8306
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8307
"firewall rules, and noticing unusual activity on your network. You must "
8308
"include logging rules in your firewall for them to be generated, though, and "
8309
"logging rules must come before any applicable terminating rule (a rule with "
8310
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8311
"REJECT)."
8312
msgstr ""
8313
8314
#: serverguide/C/security.xml:790(para)
8315
msgid ""
8316
"If you are using <application>ufw</application>, you can turn on logging by "
8317
"entering the following in a terminal:"
8318
msgstr ""
8319
8320
#: serverguide/C/security.xml:794(command)
8321
msgid "sudo ufw logging on"
8322
msgstr ""
8323
8324
#: serverguide/C/security.xml:796(para)
8325
msgid ""
8326
"To turn logging off in <application>ufw</application>, simply replace "
8327
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8328
"role=\"italic\">off</emphasis> in the above command."
8329
msgstr ""
8330
8331
#: serverguide/C/security.xml:799(para)
8332
msgid ""
8333
"If using <application>iptables</application> instead of "
8334
"<application>ufw</application>, enter:"
8335
msgstr ""
8336
8337
#: serverguide/C/security.xml:802(screen)
8338
#, no-wrap
8339
msgid ""
8340
"\n"
8341
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8342
"prefix \"NEW_HTTP_CONN: \"\n"
8343
msgstr ""
8344
8345
#: serverguide/C/security.xml:805(para)
8346
msgid ""
8347
"A request on port 80 from the local machine, then, would generate a log in "
8348
"dmesg that looks like this:"
8349
msgstr ""
8350
8351
#: serverguide/C/security.xml:810(programlisting)
8352
#, no-wrap
8353
msgid ""
8354
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8355
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8356
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8357
"WINDOW=32767 RES=0x00 SYN URGP=0"
8358
msgstr ""
8359
8360
#: serverguide/C/security.xml:812(para)
8361
msgid ""
8362
"The above log will also appear in <filename>/var/log/messages</filename>, "
8363
"<filename>/var/log/syslog</filename>, and "
8364
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8365
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8366
"and configuring <application>ulogd</application> and using the ULOG target "
8367
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8368
"server that listens for logging instructions from the kernel specifically "
8369
"for firewalls, and can log to any file you like, or even to a "
8370
"<application>PostgreSQL</application> or <application>MySQL</application> "
8371
"database. Making sense of your firewall logs can be simplified by using a "
8372
"log analyzing tool such as <application>fwanalog</application>, "
8373
"<application> fwlogwatch</application>, or <application>lire</application>."
8374
msgstr ""
8375
8376
#: serverguide/C/security.xml:827(title)
8377
msgid "Other Tools"
8378
msgstr ""
8379
8380
#: serverguide/C/security.xml:828(para)
8381
msgid ""
8382
"There are many tools available to help you construct a complete firewall "
8383
"without intimate knowledge of iptables. For the GUI-inclined:"
8384
msgstr ""
8385
8386
#: serverguide/C/security.xml:834(para)
8387
msgid ""
8388
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8389
"popular and easy to use."
8390
msgstr ""
8391
8392
#: serverguide/C/security.xml:839(para)
8393
msgid ""
8394
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8395
"and will look familiar to an administrator who has used a commercial "
8396
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8397
msgstr ""
8398
8399
#: serverguide/C/security.xml:845(para)
8400
msgid ""
8401
"If you prefer a command-line tool with plain-text configuration files:"
8402
msgstr ""
8403
8404
#: serverguide/C/security.xml:850(para)
8405
msgid ""
8406
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8407
"powerful solution to help you configure an advanced firewall for any network."
8408
msgstr ""
8409
8410
#: serverguide/C/security.xml:856(para)
8411
msgid ""
8412
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8413
"a working firewall \"out of the box\" with zero configuration, and will "
8414
"allow you to easily set up a more advanced firewall by editing simple, well-"
8415
"documented configuration files."
8416
msgstr ""
8417
8418
#: serverguide/C/security.xml:863(para)
8419
msgid ""
8420
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8421
"designed to be a desktop firewall application. It is made up of a server "
8422
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8423
"like many popular interactive firewall applications for Windows."
8424
msgstr ""
8425
8426
#: serverguide/C/security.xml:875(para)
8427
msgid ""
8428
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8429
"Firewall</ulink> wiki page contains information on the development of "
8430
"<application>ufw</application>."
8431
msgstr ""
8432
8433
#: serverguide/C/security.xml:881(para)
8434
msgid ""
8435
"Also, the <application>ufw</application> manual page contains some very "
8436
"useful information: <command>man ufw</command>."
8437
msgstr ""
8438
8439
#: serverguide/C/security.xml:886(para)
8440
msgid ""
8441
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8442
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8443
"on using <application>iptables</application>."
8444
msgstr ""
8445
8446
#: serverguide/C/security.xml:892(para)
8447
msgid ""
8448
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8449
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8450
msgstr ""
8451
8452
#: serverguide/C/security.xml:898(para)
8453
msgid ""
8454
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8455
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8456
msgstr ""
8457
8458
#: serverguide/C/security.xml:906(title)
8459
msgid "AppArmor"
8460
msgstr ""
8461
8462
#: serverguide/C/security.xml:907(para)
8463
msgid ""
8464
"<application>AppArmor</application> is a Linux Security Module "
8465
"implementation of name-based mandatory access controls. AppArmor confines "
8466
"individual programs to a set of listed files and posix 1003.1e draft "
8467
"capabilities."
8468
msgstr ""
8469
8470
#: serverguide/C/security.xml:911(para)
8471
msgid ""
8472
"<application>AppArmor</application> is installed and loaded by default. It "
8473
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8474
"and permissions the application requires. Some packages will install their "
8475
"own profiles, and additional profiles can be found in the "
8476
"<application>apparmor-profiles</application> package."
8477
msgstr ""
8478
8479
#: serverguide/C/security.xml:916(para)
8480
msgid ""
8481
"To install the <application>apparmor-profiles</application> package from a "
8482
"terminal prompt:"
8483
msgstr ""
8484
8485
#: serverguide/C/security.xml:922(para)
8486
msgid "AppArmor profiles have two modes of execution:"
8487
msgstr ""
8488
8489
#: serverguide/C/security.xml:927(para)
8490
msgid ""
8491
"Complaining/Learning: profile violations are permitted and logged. Useful "
8492
"for testing and developing new profiles."
8493
msgstr ""
8494
8495
#: serverguide/C/security.xml:932(para)
8496
msgid ""
8497
"Enforced/Confined: enforces profile policy as well as logging the violation."
8498
msgstr ""
8499
8500
#: serverguide/C/security.xml:938(title)
8501
msgid "Using AppArmor"
8502
msgstr ""
8503
8504
#: serverguide/C/security.xml:939(para)
8505
msgid ""
8506
"The <application>apparmor-utils</application> package contains command line "
8507
"utilities that you can use to change the <application>AppArmor</application> "
8508
"execution mode, find the status of a profile, create new profiles, etc."
8509
msgstr ""
8510
8511
#: serverguide/C/security.xml:945(para)
8512
msgid ""
8513
"<application>apparmor_status</application> is used to view the current "
8514
"status of AppArmor profiles."
8515
msgstr ""
8516
8517
#: serverguide/C/security.xml:949(command)
8518
msgid "sudo apparmor_status"
8519
msgstr ""
8520
8521
#: serverguide/C/security.xml:953(para)
8522
msgid ""
8523
"<application>aa-complain</application> places a profile into "
8524
"<emphasis>complain</emphasis> mode."
8525
msgstr ""
8526
8527
#: serverguide/C/security.xml:957(command)
8528
msgid "sudo aa-complain /path/to/bin"
8529
msgstr ""
8530
8531
#: serverguide/C/security.xml:961(para)
8532
msgid ""
8533
"<application>aa-enforce</application> places a profile into "
8534
"<emphasis>enforce</emphasis> mode."
8535
msgstr ""
8536
8537
#: serverguide/C/security.xml:965(command)
8538
msgid "sudo aa-enforce /path/to/bin"
8539
msgstr ""
8540
8541
#: serverguide/C/security.xml:969(para)
8542
msgid ""
8543
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8544
"profiles are located. It can be used to manipulate the "
8545
"<emphasis>mode</emphasis> of all profiles."
8546
msgstr ""
8547
8548
#: serverguide/C/security.xml:973(para)
8549
msgid "Enter the following to place all profiles into complain mode:"
8550
msgstr ""
8551
8552
#: serverguide/C/security.xml:977(command)
8553
msgid "sudo aa-complain /etc/apparmor.d/*"
8554
msgstr ""
8555
8556
#: serverguide/C/security.xml:979(para)
8557
msgid "To place all profiles in enforce mode:"
8558
msgstr ""
8559
8560
#: serverguide/C/security.xml:983(command)
8561
msgid "sudo aa-enforce /etc/apparmor.d/*"
8562
msgstr ""
8563
8564
#: serverguide/C/security.xml:987(para)
8565
msgid ""
8566
"<application>apparmor_parser</application> is used to load a profile into "
8567
"the kernel. It can also be used to reload a currently loaded profile using "
8568
"the <emphasis>-r</emphasis> option. To load a profile:"
8569
msgstr ""
8570
8571
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8572
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8573
msgstr ""
8574
8575
#: serverguide/C/security.xml:994(para)
8576
msgid "To reload a profile:"
8577
msgstr ""
8578
8579
#: serverguide/C/security.xml:998(command)
8580
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8581
msgstr ""
8582
8583
#: serverguide/C/security.xml:1002(para)
8584
msgid ""
8585
"<filename>/etc/init.d/apparmor</filename> can be used to "
8586
"<emphasis>reload</emphasis> all profiles:"
8587
msgstr ""
8588
8589
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8590
msgid "sudo /etc/init.d/apparmor reload"
8591
msgstr ""
8592
8593
#: serverguide/C/security.xml:1010(para)
8594
msgid ""
8595
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8596
"with the <application>apparmor_parser -R</application> option to "
8597
"<emphasis>disable</emphasis> a profile."
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:1015(command)
8601
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8602
msgstr ""
8603
8604
#: serverguide/C/security.xml:1016(command)
8605
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8606
msgstr ""
8607
8608
#: serverguide/C/security.xml:1018(para)
8609
msgid ""
8610
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8611
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8612
"load the profile using the <emphasis>-a</emphasis> option."
8613
msgstr ""
8614
8615
#: serverguide/C/security.xml:1023(command)
8616
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8617
msgstr ""
8618
8619
#: serverguide/C/security.xml:1028(para)
8620
msgid ""
8621
"<application>AppArmor</application> can be disabled, and the kernel module "
8622
"unloaded by entering the following:"
8623
msgstr ""
8624
8625
#: serverguide/C/security.xml:1032(command)
8626
msgid "sudo /etc/init.d/apparmor stop"
8627
msgstr ""
8628
8629
#: serverguide/C/security.xml:1033(command)
8630
msgid "sudo update-rc.d -f apparmor remove"
8631
msgstr ""
8632
8633
#: serverguide/C/security.xml:1037(para)
8634
msgid "To re-enable <application>AppArmor</application> enter:"
8635
msgstr ""
8636
8637
#: serverguide/C/security.xml:1041(command)
8638
msgid "sudo /etc/init.d/apparmor start"
8639
msgstr ""
8640
8641
#: serverguide/C/security.xml:1042(command)
8642
msgid "sudo update-rc.d apparmor defaults"
8643
msgstr ""
8644
8645
#: serverguide/C/security.xml:1047(para)
8646
msgid ""
8647
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8648
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8649
"the actual executable file path. For example for the "
8650
"<application>ping</application> command use <filename>/bin/ping</filename>"
8651
msgstr ""
8652
8653
#: serverguide/C/security.xml:1055(title)
8654
msgid "Profiles"
8655
msgstr ""
8656
8657
#: serverguide/C/security.xml:1056(para)
8658
msgid ""
8659
"<application>AppArmor</application> profiles are simple text files located "
8660
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8661
"path to the executable they profile replacing the \"/\" with \".\". For "
8662
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8663
"profile for the <filename>/bin/ping</filename> command."
8664
msgstr ""
8665
8666
#: serverguide/C/security.xml:1062(para)
8667
msgid "There are two main type of rules used in profiles:"
8668
msgstr ""
8669
8670
#: serverguide/C/security.xml:1067(para)
8671
msgid ""
8672
"<emphasis>Path entries:</emphasis> which detail which files an application "
8673
"can access in the file system."
8674
msgstr ""
8675
8676
#: serverguide/C/security.xml:1072(para)
8677
msgid ""
8678
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8679
"confined process is allowed to use."
8680
msgstr ""
8681
8682
#: serverguide/C/security.xml:1077(para)
8683
msgid ""
8684
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8685
msgstr ""
8686
8687
#: serverguide/C/security.xml:1080(programlisting)
8688
#, no-wrap
8689
msgid ""
8690
"\n"
8691
"#include <tunables/global>\n"
8692
"/bin/ping flags=(complain) {\n"
8693
" #include <abstractions/base>\n"
8694
" #include <abstractions/consoles>\n"
8695
" #include <abstractions/nameservice>\n"
8696
"\n"
8697
" capability net_raw,\n"
8698
" capability setuid,\n"
8699
" network inet raw,\n"
8700
" \n"
8701
" /bin/ping mixr,\n"
8702
" /etc/modules.conf r,\n"
8703
"}\n"
8704
msgstr ""
8705
8706
#: serverguide/C/security.xml:1097(para)
8707
msgid ""
8708
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8709
"from other files. This allows statements pertaining to multiple applications "
8710
"to be placed in a common file."
8711
msgstr ""
8712
8713
#: serverguide/C/security.xml:1103(para)
8714
msgid ""
8715
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8716
"program, also setting the mode to <emphasis>complain</emphasis>."
8717
msgstr ""
8718
8719
#: serverguide/C/security.xml:1109(para)
8720
msgid ""
8721
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8722
"the CAP_NET_RAW Posix.1e capability."
8723
msgstr ""
8724
8725
#: serverguide/C/security.xml:1114(para)
8726
msgid ""
8727
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8728
"execute access to the file."
8729
msgstr ""
8730
8731
#: serverguide/C/security.xml:1120(para)
8732
msgid ""
8733
"After editing a profile file the profile must be reloaded. See <xref "
8734
"linkend=\"apparmor-usage\"/> for details."
8735
msgstr ""
8736
8737
#: serverguide/C/security.xml:1125(title)
8738
msgid "Creating a Profile"
8739
msgstr ""
8740
8741
#: serverguide/C/security.xml:1128(para)
8742
msgid ""
8743
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8744
"application should be exercised. The test plan should be divided into small "
8745
"test cases. Each test case should have a small description and list the "
8746
"steps to follow."
8747
msgstr ""
8748
8749
#: serverguide/C/security.xml:1132(para)
8750
msgid "Some standard test cases are:"
8751
msgstr ""
8752
8753
#: serverguide/C/security.xml:1137(para)
8754
msgid "Starting the program."
8755
msgstr ""
8756
8757
#: serverguide/C/security.xml:1142(para)
8758
msgid "Stopping the program."
8759
msgstr ""
8760
8761
#: serverguide/C/security.xml:1147(para)
8762
msgid "Reloading the program."
8763
msgstr ""
8764
8765
#: serverguide/C/security.xml:1152(para)
8766
msgid "Testing all the commands supported by the init script."
8767
msgstr ""
8768
8769
#: serverguide/C/security.xml:1159(para)
8770
msgid ""
8771
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8772
"genprof</application> to generate a new profile. From a terminal:"
8773
msgstr ""
8774
8775
#: serverguide/C/security.xml:1164(command)
8776
msgid "sudo aa-genprof executable"
8777
msgstr ""
8778
8779
#: serverguide/C/security.xml:1166(para)
8780
msgid "For example:"
8781
msgstr ""
8782
8783
#: serverguide/C/security.xml:1170(command)
8784
msgid "sudo aa-genprof slapd"
8785
msgstr ""
8786
8787
#: serverguide/C/security.xml:1174(para)
8788
msgid ""
8789
"To get your new profile included in the <application>apparmor-"
8790
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8791
"against the <ulink "
8792
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8793
"/ulink> package:"
8794
msgstr ""
8795
8796
#: serverguide/C/security.xml:1181(para)
8797
msgid "Include your test plan and test cases."
8798
msgstr ""
8799
8800
#: serverguide/C/security.xml:1186(para)
8801
msgid "Attach your new profile to the bug."
8802
msgstr ""
8803
8804
#: serverguide/C/security.xml:1195(title)
8805
msgid "Updating Profiles"
8806
msgstr ""
8807
8808
#: serverguide/C/security.xml:1196(para)
8809
msgid ""
8810
"When the program is misbehaving, audit messages are sent to the log files. "
8811
"The program <application>aa-logprof</application> can be used to scan log "
8812
"files for <application>AppArmor</application> audit messages, review them "
8813
"and update the profiles. From a terminal:"
8814
msgstr ""
8815
8816
#: serverguide/C/security.xml:1201(command)
8817
msgid "sudo aa-logprof"
8818
msgstr ""
8819
8820
#: serverguide/C/security.xml:1209(para)
8821
msgid ""
8822
"See the <ulink "
8823
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8824
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8825
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8826
"configuration options."
8827
msgstr ""
8828
8829
#: serverguide/C/security.xml:1216(para)
8830
msgid ""
8831
"For details using AppArmor with other Ubuntu releases see the <ulink "
8832
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8833
"Wiki</ulink> page."
8834
msgstr ""
8835
8836
#: serverguide/C/security.xml:1224(para)
8837
msgid ""
8838
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8839
"page is another introduction to AppArmor."
8840
msgstr ""
8841
8842
#: serverguide/C/security.xml:1231(para)
8843
msgid ""
8844
"A great place to ask for <application>AppArmor</application> assistance, and "
8845
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8846
"server</emphasis> IRC channel on <ulink "
8847
"url=\"http://freenode.net\">freenode</ulink>."
8848
msgstr ""
8849
8850
#: serverguide/C/security.xml:1241(title)
8851
msgid "Certificates"
8852
msgstr ""
8853
8854
#: serverguide/C/security.xml:1242(para)
8855
msgid ""
8856
"One of the most common forms of cryptography today is <emphasis>public-"
8857
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8858
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8859
"system works by <emphasis>encrypting</emphasis> information using the public "
8860
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8861
"the private key."
8862
msgstr ""
8863
8864
#: serverguide/C/security.xml:1248(para)
8865
msgid ""
8866
"A common use for public-key cryptography is encrypting application traffic "
8867
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8868
"connection. For example, configuring Apache to provide "
8869
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8870
"encrypt traffic using a protocol that does not itself provide encryption."
8871
msgstr ""
8872
8873
#: serverguide/C/security.xml:1253(para)
8874
msgid ""
8875
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8876
"<emphasis>public key</emphasis> and other information about a server and the "
8877
"organization who is responsible for it. Certificates can be digitally signed "
8878
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8879
"third party that has confirmed that the information contained in the "
8880
"certificate is accurate."
8881
msgstr ""
8882
8883
#: serverguide/C/security.xml:1260(title)
8884
msgid "Types of Certificates"
8885
msgstr ""
8886
8887
#: serverguide/C/security.xml:1261(para)
8888
msgid ""
8889
"To set up a secure server using public-key cryptography, in most cases, you "
8890
"send your certificate request (including your public key), proof of your "
8891
"company's identity, and payment to a CA. The CA verifies the certificate "
8892
"request and your identity, and then sends back a certificate for your secure "
8893
"server. Alternatively, you can create your own <emphasis>self-"
8894
"signed</emphasis> certificate."
8895
msgstr ""
8896
8897
#: serverguide/C/security.xml:1271(para)
8898
msgid ""
8899
"Note, that self-signed certificates should not be used in most production "
8900
"environments."
8901
msgstr ""
8902
8903
#: serverguide/C/security.xml:1275(para)
8904
msgid ""
8905
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8906
"capabilities that a self-signed certificate does not:"
8907
msgstr ""
8908
8909
#: serverguide/C/security.xml:1282(para)
8910
msgid ""
8911
"Browsers (usually) automatically recognize the certificate and allow a "
8912
"secure connection to be made without prompting the user."
8913
msgstr ""
8914
8915
#: serverguide/C/security.xml:1289(para)
8916
msgid ""
8917
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8918
"the organization that is providing the web pages to the browser."
8919
msgstr ""
8920
8921
#: serverguide/C/security.xml:1297(para)
8922
msgid ""
8923
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8924
"certificates they automatically accept. If a browser encounters a "
8925
"certificate whose authorizing CA is not in the list, the browser asks the "
8926
"user to either accept or decline the connection. Also, other applications "
8927
"may generate an error message when using a self-singed certificate."
8928
msgstr ""
8929
8930
#: serverguide/C/security.xml:1305(para)
8931
msgid ""
8932
"The process of getting a certificate from a CA is fairly easy. A quick "
8933
"overview is as follows:"
8934
msgstr ""
8935
8936
#: serverguide/C/security.xml:1312(para)
8937
msgid "Create a private and public encryption key pair."
8938
msgstr ""
8939
8940
#: serverguide/C/security.xml:1315(para)
8941
msgid ""
8942
"Create a certificate request based on the public key. The certificate "
8943
"request contains information about your server and the company hosting it."
8944
msgstr ""
8945
8946
#: serverguide/C/security.xml:1320(para)
8947
msgid ""
8948
"Send the certificate request, along with documents proving your identity, to "
8949
"a CA. We cannot tell you which certificate authority to choose. Your "
8950
"decision may be based on your past experiences, or on the experiences of "
8951
"your friends or colleagues, or purely on monetary factors."
8952
msgstr ""
8953
8954
#: serverguide/C/security.xml:1326(para)
8955
msgid ""
8956
"Once you have decided upon a CA, you need to follow the instructions they "
8957
"provide on how to obtain a certificate from them."
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:1331(para)
8961
msgid ""
8962
"When the CA is satisfied that you are indeed who you claim to be, they send "
8963
"you a digital certificate."
8964
msgstr ""
8965
8966
#: serverguide/C/security.xml:1335(para)
8967
msgid ""
8968
"Install this certificate on your secure server, and configure the "
8969
"appropriate applications to use the certificate."
8970
msgstr ""
8971
8972
#: serverguide/C/security.xml:1344(title)
8973
msgid "Generating a Certificate Signing Request (CSR)"
8974
msgstr ""
8975
8976
#: serverguide/C/security.xml:1346(para)
8977
msgid ""
8978
"Whether you are getting a certificate from a CA or generating your own self-"
8979
"signed certificate, the first step is to generate a key."
8980
msgstr ""
8981
8982
#: serverguide/C/security.xml:1351(para)
8983
msgid ""
8984
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8985
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8986
"passphrase allows the services to start without manual intervention, usually "
8987
"the preferred way to start a daemon."
8988
msgstr ""
8989
8990
#: serverguide/C/security.xml:1357(para)
8991
msgid ""
8992
"This section will cover generating a key with a passphrase, and one without. "
8993
"The non-passphrase key will then be used to generate a certificate that can "
8994
"be used with various service daemons."
8995
msgstr ""
8996
8997
#: serverguide/C/security.xml:1363(para)
8998
msgid ""
8999
"Running your secure service without a passphrase is convenient because you "
9000
"will not need to enter the passphrase every time you start your secure "
9001
"service. But it is insecure and a compromise of the key means a compromise "
9002
"of the server as well."
9003
msgstr ""
9004
9005
#: serverguide/C/security.xml:1370(para)
9006
msgid ""
9007
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9008
"Request (CSR) run the following command from a terminal prompt:"
9009
msgstr ""
9010
9011
#: serverguide/C/security.xml:1376(command)
9012
msgid "openssl genrsa -des3 -out server.key 1024"
9013
msgstr ""
9014
9015
#: serverguide/C/security.xml:1379(programlisting)
9016
#, no-wrap
9017
msgid ""
9018
"\n"
9019
"Generating RSA private key, 1024 bit long modulus\n"
9020
".....................++++++\n"
9021
".................++++++\n"
9022
"unable to write 'random state'\n"
9023
"e is 65537 (0x10001)\n"
9024
"Enter pass phrase for server.key:\n"
9025
msgstr ""
9026
9027
#: serverguide/C/security.xml:1388(para)
9028
msgid ""
9029
"You can now enter your passphrase. For best security, it should at least "
9030
"contain eight characters. The minimum length when specifying -des3 is four "
9031
"characters. It should include numbers and/or punctuation and not be a word "
9032
"in a dictionary. Also remember that your passphrase is case-sensitive."
9033
msgstr ""
9034
9035
#: serverguide/C/security.xml:1396(para)
9036
msgid ""
9037
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9038
"server key is generated and stored in the <filename>server.key</filename> "
9039
"file."
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:1402(para)
9043
msgid ""
9044
"Now create the insecure key, the one without a passphrase, and shuffle the "
9045
"key names:"
9046
msgstr ""
9047
9048
#: serverguide/C/security.xml:1408(command)
9049
msgid "openssl rsa -in server.key -out server.key.insecure"
9050
msgstr ""
9051
9052
#: serverguide/C/security.xml:1409(command)
9053
msgid "mv server.key server.key.secure"
9054
msgstr ""
9055
9056
#: serverguide/C/security.xml:1410(command)
9057
msgid "mv server.key.insecure server.key"
9058
msgstr ""
9059
9060
#: serverguide/C/security.xml:1413(para)
9061
msgid ""
9062
"The insecure key is now named <filename>server.key</filename>, and you can "
9063
"use this file to generate the CSR without passphrase."
9064
msgstr ""
9065
9066
#: serverguide/C/security.xml:1418(para)
9067
msgid "To create the CSR, run the following command at a terminal prompt:"
9068
msgstr ""
9069
9070
#: serverguide/C/security.xml:1423(command)
9071
msgid "openssl req -new -key server.key -out server.csr"
9072
msgstr ""
9073
9074
#: serverguide/C/security.xml:1426(para)
9075
msgid ""
9076
"It will prompt you enter the passphrase. If you enter the correct "
9077
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9078
"etc. Once you enter all these details, your CSR will be created and it will "
9079
"be stored in the <filename>server.csr</filename> file."
9080
msgstr ""
9081
9082
#: serverguide/C/security.xml:1434(para)
9083
msgid ""
9084
"You can now submit this CSR file to a CA for processing. The CA will use "
9085
"this CSR file and issue the certificate. On the other hand, you can create "
9086
"self-signed certificate using this CSR."
9087
msgstr ""
9088
9089
#: serverguide/C/security.xml:1442(title)
9090
msgid "Creating a Self-Signed Certificate"
9091
msgstr ""
9092
9093
#: serverguide/C/security.xml:1443(para)
9094
msgid ""
9095
"To create the self-signed certificate, run the following command at a "
9096
"terminal prompt:"
9097
msgstr ""
9098
9099
#: serverguide/C/security.xml:1448(command)
9100
msgid ""
9101
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9102
"server.crt"
9103
msgstr ""
9104
9105
#: serverguide/C/security.xml:1451(para)
9106
msgid ""
9107
"The above command will prompt you to enter the passphrase. Once you enter "
9108
"the correct passphrase, your certificate will be created and it will be "
9109
"stored in the <filename>server.crt</filename> file."
9110
msgstr ""
9111
9112
#: serverguide/C/security.xml:1456(para)
9113
msgid ""
9114
"If your secure server is to be used in a production environment, you "
9115
"probably need a CA-signed certificate. It is not recommended to use self-"
9116
"signed certificate."
9117
msgstr ""
9118
9119
#: serverguide/C/security.xml:1464(title)
9120
msgid "Installing the Certificate"
9121
msgstr ""
9122
9123
#: serverguide/C/security.xml:1466(para)
9124
msgid ""
9125
"You can install the key file <filename>server.key</filename> and certificate "
9126
"file <filename>server.crt</filename>, or the certificate file issued by your "
9127
"CA, by running following commands at a terminal prompt:"
9128
msgstr ""
9129
9130
#: serverguide/C/security.xml:1472(command)
9131
msgid "sudo cp server.crt /etc/ssl/certs"
9132
msgstr ""
9133
9134
#: serverguide/C/security.xml:1473(command)
9135
msgid "sudo cp server.key /etc/ssl/private"
9136
msgstr ""
9137
9138
#: serverguide/C/security.xml:1475(para)
9139
msgid ""
9140
"Now simply configure any applications, with the ability to use public-key "
9141
"cryptography, to use the <emphasis>certificate</emphasis> and "
9142
"<emphasis>key</emphasis> files. For example, "
9143
"<application>Apache</application> can provide HTTPS, "
9144
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9145
msgstr ""
9146
9147
#: serverguide/C/security.xml:1482(title)
9148
msgid "Certification Authority"
9149
msgstr ""
9150
9151
#: serverguide/C/security.xml:1484(para)
9152
msgid ""
9153
"If the services on your network require more than a few self-signed "
9154
"certificates it may be worth the additional effort to setup your own "
9155
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9156
"certificates signed by your own CA, allows the various services using the "
9157
"certificates to easily trust other services using certificates issued from "
9158
"the same CA."
9159
msgstr ""
9160
9161
#: serverguide/C/security.xml:1494(para)
9162
msgid ""
9163
"First, create the directories to hold the CA certificate and related files:"
9164
msgstr ""
9165
9166
#: serverguide/C/security.xml:1499(command)
9167
msgid "sudo mkdir /etc/ssl/CA"
9168
msgstr ""
9169
9170
#: serverguide/C/security.xml:1500(command)
9171
msgid "sudo mkdir /etc/ssl/newcerts"
9172
msgstr ""
9173
9174
#: serverguide/C/security.xml:1506(para)
9175
msgid ""
9176
"The CA needs a few additional files to operate, one to keep track of the "
9177
"last serial number used by the CA, each certificate must have a unique "
9178
"serial number, and another file to record which certificates have been "
9179
"issued:"
9180
msgstr ""
9181
9182
#: serverguide/C/security.xml:1513(command)
9183
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9184
msgstr ""
9185
9186
#: serverguide/C/security.xml:1514(command)
9187
msgid "sudo touch /etc/ssl/CA/index.txt"
9188
msgstr ""
9189
9190
#: serverguide/C/security.xml:1520(para)
9191
msgid ""
9192
"The third file is a CA configuration file. Though not strictly necessary, it "
9193
"is very convenient when issuing multiple certificates. Edit "
9194
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9195
"]</emphasis> change:"
9196
msgstr ""
9197
9198
#: serverguide/C/security.xml:1526(programlisting)
9199
#, no-wrap
9200
msgid ""
9201
"\n"
9202
"dir = /etc/ssl/ # Where everything is kept\n"
9203
"database = $dir/CA/index.txt # database index file.\n"
9204
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9205
"serial = $dir/CA/serial # The current serial number\n"
9206
"private_key = $dir/private/cakey.pem# The private key\n"
9207
msgstr ""
9208
9209
#: serverguide/C/security.xml:1537(para)
9210
msgid "Next, create the self-singed root certificate:"
9211
msgstr ""
9212
9213
#: serverguide/C/security.xml:1542(command)
9214
msgid ""
9215
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9216
"days 3650"
9217
msgstr ""
9218
9219
#: serverguide/C/security.xml:1545(para)
9220
msgid "You will then be asked to enter the details about the certificate."
9221
msgstr ""
9222
9223
#: serverguide/C/security.xml:1552(para)
9224
msgid "Now install the root certificate and key:"
9225
msgstr ""
9226
9227
#: serverguide/C/security.xml:1557(command)
9228
msgid "sudo mv cakey.pem /etc/ssl/private/"
9229
msgstr ""
9230
9231
#: serverguide/C/security.xml:1558(command)
9232
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9233
msgstr ""
9234
9235
#: serverguide/C/security.xml:1564(para)
9236
msgid ""
9237
"You are now ready to start signing certificates. The first item needed is a "
9238
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9239
"for details. Once you have a CSR, enter the following to generate a "
9240
"certificate signed by the CA:"
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:1571(command)
9244
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9245
msgstr ""
9246
9247
#: serverguide/C/security.xml:1574(para)
9248
msgid ""
9249
"After entering the password for the CA key, you will be prompted to sign the "
9250
"certificate, and again to commit the new certificate. You should then see a "
9251
"somewhat large amount of output related to the certificate creation."
9252
msgstr ""
9253
9254
#: serverguide/C/security.xml:1583(para)
9255
msgid ""
9256
"There should now be a new file, "
9257
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9258
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9259
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9260
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9261
"the server where the certificate will be installed. For example "
9262
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9263
msgstr ""
9264
9265
#: serverguide/C/security.xml:1591(para)
9266
msgid ""
9267
"Subsequent certificates will be named <filename>02.pem</filename>, "
9268
"<filename>03.pem</filename>, etc."
9269
msgstr ""
9270
9271
#: serverguide/C/security.xml:1596(para)
9272
msgid ""
9273
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9274
"name."
9275
msgstr ""
9276
9277
#: serverguide/C/security.xml:1604(para)
9278
msgid ""
9279
"Finally, copy the new certificate to the host that needs it, and configure "
9280
"the appropriate applications to use it. The default location to install "
9281
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9282
"enables multiple services to use the same certificate without overly "
9283
"complicated file permissions."
9284
msgstr ""
9285
9286
#: serverguide/C/security.xml:1610(para)
9287
msgid ""
9288
"For applications that can be configured to use a CA certificate, you should "
9289
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9290
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9291
"server."
9292
msgstr ""
9293
9294
#: serverguide/C/security.xml:1624(para)
9295
msgid ""
9296
"For more detailed instructions on using cryptography see the <ulink "
9297
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9298
"Certificates HOWTO</ulink> by tlpd.org"
9299
msgstr ""
9300
9301
#: serverguide/C/security.xml:1630(para)
9302
msgid ""
9303
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9304
"of Certificate Authorities."
9305
msgstr ""
9306
9307
#: serverguide/C/security.xml:1635(para)
9308
msgid ""
9309
"The Wikipedia <ulink "
9310
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9311
"information regarding HTTPS."
9312
msgstr ""
9313
9314
#: serverguide/C/security.xml:1640(para)
9315
msgid ""
9316
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9317
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9318
msgstr ""
9319
9320
#: serverguide/C/security.xml:1645(para)
9321
msgid ""
9322
"Also, O'Reilly's <ulink "
9323
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9324
"OpenSSL</ulink> is a good in depth reference."
9325
msgstr ""
9326
9327
#: serverguide/C/security.xml:1654(title)
9328
msgid "eCryptfs"
9329
msgstr ""
9330
9331
#: serverguide/C/security.xml:1656(para)
9332
msgid ""
9333
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9334
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9335
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9336
"filesystem, partition type, etc."
9337
msgstr ""
9338
9339
#: serverguide/C/security.xml:1662(para)
9340
msgid ""
9341
"During installation there is an option to encrypt the <filename "
9342
"role=\"directory\">/home</filename> partition. This will automatically "
9343
"configure everything needed to encrypt and mount the partition."
9344
msgstr ""
9345
9346
#: serverguide/C/security.xml:1667(para)
9347
msgid ""
9348
"As an example, this section will cover configuring <filename "
9349
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9350
msgstr ""
9351
9352
#: serverguide/C/security.xml:1672(title)
9353
msgid "Using eCryptfs"
9354
msgstr ""
9355
9356
#: serverguide/C/security.xml:1674(para)
9357
msgid "First, install the necessary packages. From a terminal prompt enter:"
9358
msgstr ""
9359
9360
#: serverguide/C/security.xml:1679(command)
9361
msgid "sudo apt-get install ecryptfs-utils"
9362
msgstr ""
9363
9364
#: serverguide/C/security.xml:1682(para)
9365
msgid "Now mount the partition to be encrypted:"
9366
msgstr ""
9367
9368
#: serverguide/C/security.xml:1687(command)
9369
msgid "sudo mount -t ecryptfs /srv /srv"
9370
msgstr ""
9371
9372
#: serverguide/C/security.xml:1690(para)
9373
msgid ""
9374
"You will then be prompted for some details on how "
9375
"<application>ecryptfs</application> should encrypt the data."
9376
msgstr ""
9377
9378
#: serverguide/C/security.xml:1694(para)
9379
msgid ""
9380
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9381
"copy the <filename>/etc/default</filename> folder to "
9382
"<filename>/srv</filename>:"
9383
msgstr ""
9384
9385
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9386
msgid "sudo cp -r /etc/default /srv"
9387
msgstr ""
9388
9389
#: serverguide/C/security.xml:1703(para)
9390
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9391
msgstr ""
9392
9393
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9394
msgid "sudo umount /srv"
9395
msgstr ""
9396
9397
#: serverguide/C/security.xml:1709(command)
9398
msgid "cat /srv/default/cron"
9399
msgstr ""
9400
9401
#: serverguide/C/security.xml:1712(para)
9402
msgid ""
9403
"Remounting <filename>/srv</filename> using "
9404
"<application>ecryptfs</application> will make the data viewable once again."
9405
msgstr ""
9406
9407
#: serverguide/C/security.xml:1718(title)
9408
msgid "Automatically Mounting Encrypted Partitions"
9409
msgstr ""
9410
9411
#: serverguide/C/security.xml:1720(para)
9412
msgid ""
9413
"There are a couple of ways to automatically mount an "
9414
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9415
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9416
"mount options, along with a passphrase file residing on a USB key."
9417
msgstr ""
9418
9419
#: serverguide/C/security.xml:1726(para)
9420
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9421
msgstr ""
9422
9423
#: serverguide/C/security.xml:1730(programlisting)
9424
#, no-wrap
9425
msgid ""
9426
"\n"
9427
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9428
"ecryptfs_sig=5826dd62cf81c615\n"
9429
"ecryptfs_cipher=aes\n"
9430
"ecryptfs_key_bytes=16\n"
9431
"ecryptfs_passthrough=n\n"
9432
"ecryptfs_enable_filename_crypto=n\n"
9433
msgstr ""
9434
9435
#: serverguide/C/security.xml:1740(para)
9436
msgid ""
9437
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9438
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9439
msgstr ""
9440
9441
#: serverguide/C/security.xml:1745(para)
9442
msgid ""
9443
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9444
"file:"
9445
msgstr ""
9446
9447
#: serverguide/C/security.xml:1749(programlisting)
9448
#, no-wrap
9449
msgid ""
9450
"\n"
9451
"passphrase_passwd=[secrets]\n"
9452
msgstr ""
9453
9454
#: serverguide/C/security.xml:1753(para)
9455
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9456
msgstr ""
9457
9458
#: serverguide/C/security.xml:1757(programlisting)
9459
#, no-wrap
9460
msgid ""
9461
"\n"
9462
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9463
"/srv /srv ecryptfs defaults 0 0\n"
9464
msgstr ""
9465
9466
#: serverguide/C/security.xml:1762(para)
9467
msgid "Make sure the USB drive is mounted before the encrypted partition."
9468
msgstr ""
9469
9470
#: serverguide/C/security.xml:1766(para)
9471
msgid ""
9472
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9473
"ecryptfs."
9474
msgstr ""
9475
9476
#: serverguide/C/security.xml:1774(para)
9477
msgid ""
9478
"The <application>ecryptfs-utils</application> package includes several other "
9479
"useful utilities:"
9480
msgstr ""
9481
9482
#: serverguide/C/security.xml:1780(para)
9483
msgid ""
9484
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9485
"<filename>~/Private</filename> directory to contain encrypted information. "
9486
"This utility can be run by unprivileged users to keep data private from "
9487
"other users on the system."
9488
msgstr ""
9489
9490
#: serverguide/C/security.xml:1787(para)
9491
msgid ""
9492
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9493
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9494
"directory."
9495
msgstr ""
9496
9497
#: serverguide/C/security.xml:1793(para)
9498
msgid ""
9499
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9500
"kernel keyring."
9501
msgstr ""
9502
9503
#: serverguide/C/security.xml:1798(para)
9504
msgid ""
9505
"<emphasis>ecryptfs-manager:</emphasis> manages "
9506
"<application>eCryptfs</application> objects such as keys."
9507
msgstr ""
9508
9509
#: serverguide/C/security.xml:1803(para)
9510
msgid ""
9511
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9512
"<application>ecryptfs</application> meta information for a file."
9513
msgstr ""
9514
9515
#: serverguide/C/security.xml:1816(para)
9516
msgid ""
9517
"For more information on eCryptfs see the <ulink "
9518
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9519
msgstr ""
9520
9521
#: serverguide/C/security.xml:1821(para)
9522
msgid ""
9523
"There is also a <ulink "
9524
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9525
"article covering eCryptfs."
9526
msgstr ""
9527
9528
#: serverguide/C/security.xml:1826(para)
9529
msgid ""
9530
"Also, for more <application>ecryptfs</application> options see the <ulink "
9531
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9532
"ecryptfs man page</ulink>."
9533
msgstr ""
9534
9535
#: serverguide/C/security.xml:1832(para)
9536
msgid ""
9537
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9538
"Ubuntu Wiki</ulink> page also has more details."
9539
msgstr ""
9540
9541
#: serverguide/C/reporting-bugs.xml:13(title)
9542
msgid "Appendix"
9543
msgstr ""
9544
9545
#: serverguide/C/reporting-bugs.xml:16(title)
9546
msgid "Reporting Bugs in Ubuntu Server Edition"
9547
msgstr ""
9548
9549
#: serverguide/C/reporting-bugs.xml:18(para)
9550
msgid ""
9551
"While the Ubuntu Project attempts to release software with as few bugs as "
9552
"possible, they do occur. You can help fix these bugs by reporting ones that "
9553
"you find to the project. The Ubuntu Project uses <ulink "
9554
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9555
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9556
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9557
"account</ulink>."
9558
msgstr ""
9559
9560
#: serverguide/C/reporting-bugs.xml:30(title)
9561
msgid "Reporting Bugs With ubuntu-bug"
9562
msgstr ""
9563
9564
#: serverguide/C/reporting-bugs.xml:32(para)
9565
msgid ""
9566
"The preferred way to report a bug is with the <application>ubuntu-"
9567
"bug</application> command. The ubuntu-bug tool gathers information about the "
9568
"system useful to developers in diagnosing the reported problem that will "
9569
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9570
"need to be filed against a specific software package, thus the name of the "
9571
"package that the bug occurs in needs to be given to ubuntu-bug:"
9572
msgstr ""
9573
9574
#: serverguide/C/reporting-bugs.xml:43(command)
9575
msgid "ubuntu-bug PACKAGENAME"
9576
msgstr ""
9577
9578
#: serverguide/C/reporting-bugs.xml:46(para)
9579
msgid ""
9580
"For example, to file a bug against the openssh-server package, you would do:"
9581
msgstr ""
9582
9583
#: serverguide/C/reporting-bugs.xml:51(command)
9584
msgid "ubuntu-bug openssh-server"
9585
msgstr ""
9586
9587
#: serverguide/C/reporting-bugs.xml:54(para)
9588
msgid ""
9589
"You can specify either a binary package or the source package for ubuntu-"
9590
"bug. Again using openssh-server as an example, you could also generate the "
9591
"report against the source package for openssh-server, openssh:"
9592
msgstr ""
9593
9594
#: serverguide/C/reporting-bugs.xml:62(command)
9595
msgid "ubuntu-bug openssh"
9596
msgstr ""
9597
9598
#: serverguide/C/reporting-bugs.xml:66(para)
9599
msgid ""
9600
"See <xref linkend=\"package-management\"/> for more information about "
9601
"packages in Ubuntu."
9602
msgstr ""
9603
9604
#: serverguide/C/reporting-bugs.xml:72(para)
9605
msgid ""
9606
"The ubuntu-bug command will gather information about the system in question, "
9607
"possibly including information specific to the specified package, and then "
9608
"ask you what you would like to do with collected information:"
9609
msgstr ""
9610
9611
#: serverguide/C/reporting-bugs.xml:80(command)
9612
msgid "ubuntu-bug postgresql"
9613
msgstr ""
9614
9615
#: serverguide/C/reporting-bugs.xml:79(screen)
9616
#, no-wrap
9617
msgid ""
9618
"\n"
9619
"<placeholder-1/>\n"
9620
"\n"
9621
"*** Collecting problem information\n"
9622
"\n"
9623
"The collected information can be sent to the developers to improve the\n"
9624
"application. This might take a few minutes.\n"
9625
"..........\n"
9626
"\n"
9627
"*** Send problem report to the developers?\n"
9628
"\n"
9629
"After the problem report has been sent, please fill out the form in the\n"
9630
"automatically opened web browser.\n"
9631
"\n"
9632
"What would you like to do? Your options are:\n"
9633
" S: Send report (1.7 KiB)\n"
9634
" V: View report\n"
9635
" K: Keep report file for sending later or copying to somewhere else\n"
9636
" C: Cancel\n"
9637
"Please choose (S/V/K/C):\n"
9638
msgstr ""
9639
9640
#: serverguide/C/reporting-bugs.xml:101(para)
9641
msgid "The options available are:"
9642
msgstr ""
9643
9644
#: serverguide/C/reporting-bugs.xml:108(para)
9645
msgid ""
9646
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9647
"the collected information to Launchpad as part of the the process of filing "
9648
"a bug report. You will be given the opportunity to describe the situation "
9649
"that led up to the occurrence of the bug."
9650
msgstr ""
9651
9652
#: serverguide/C/reporting-bugs.xml:115(screen)
9653
#, no-wrap
9654
msgid ""
9655
"\n"
9656
"*** Uploading problem information\n"
9657
"\n"
9658
"The collected information is being sent to the bug tracking system.\n"
9659
"This might take a few minutes.\n"
9660
"91%\n"
9661
"\n"
9662
"*** To continue, you must visit the following URL:\n"
9663
"\n"
9664
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9665
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9666
"\n"
9667
"You can launch a browser now, or copy this URL into a browser on another\n"
9668
"computer.\n"
9669
"\n"
9670
"Choices:\n"
9671
" 1: Launch a browser now\n"
9672
" C: Cancel\n"
9673
"Please choose (1/C):\n"
9674
msgstr ""
9675
9676
#: serverguide/C/reporting-bugs.xml:135(para)
9677
msgid ""
9678
"If you choose to start a browser, by default the text based web browser "
9679
"<application>w3m</application> will be used to finish filing the bug report. "
9680
"Alternately, you can copy the given URL to a currently running web browser."
9681
msgstr ""
9682
9683
#: serverguide/C/reporting-bugs.xml:144(para)
9684
msgid ""
9685
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9686
"the collected information to be displayed to the terminal for review."
9687
msgstr ""
9688
9689
#: serverguide/C/reporting-bugs.xml:150(screen)
9690
#, no-wrap
9691
msgid ""
9692
"\n"
9693
"Package: postgresql 8.4.2-2\n"
9694
"PackageArchitecture: all\n"
9695
"Tags: lucid\n"
9696
"ProblemType: Bug\n"
9697
"ProcEnviron:\n"
9698
" LANG=en_US.UTF-8\n"
9699
" SHELL=/bin/bash\n"
9700
"Uname: Linux 2.6.32-16-server x86_64\n"
9701
"Dependencies:\n"
9702
" adduser 3.112ubuntu1\n"
9703
" base-files 5.0.0ubuntu10\n"
9704
" base-passwd 3.5.22\n"
9705
" coreutils 7.4-2ubuntu2\n"
9706
"...\n"
9707
msgstr ""
9708
9709
#: serverguide/C/reporting-bugs.xml:167(para)
9710
msgid ""
9711
"After viewing the report, you will be brought back to the same menu asking "
9712
"what you would like to do with the report."
9713
msgstr ""
9714
9715
#: serverguide/C/reporting-bugs.xml:174(para)
9716
msgid ""
9717
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9718
"File causes the gathered information to be written to a file. This file can "
9719
"then be used to later file a bug report or transferred to a different Ubuntu "
9720
"system for reporting. To submit the report file, simply give it as an "
9721
"argument to the ubuntu-bug command:"
9722
msgstr ""
9723
9724
#: serverguide/C/reporting-bugs.xml:189(userinput)
9725
#, no-wrap
9726
msgid "k"
9727
msgstr ""
9728
9729
#: serverguide/C/reporting-bugs.xml:192(command)
9730
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9731
msgstr ""
9732
9733
#: serverguide/C/reporting-bugs.xml:183(screen)
9734
#, no-wrap
9735
msgid ""
9736
"\n"
9737
"What would you like to do? Your options are:\n"
9738
" S: Send report (1.7 KiB)\n"
9739
" V: View report\n"
9740
" K: Keep report file for sending later or copying to somewhere else\n"
9741
" C: Cancel\n"
9742
"Please choose (S/V/K/C): <placeholder-1/>\n"
9743
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9744
"\n"
9745
"<placeholder-2/>\n"
9746
"\n"
9747
"*** Send problem report to the developers?\n"
9748
"...\n"
9749
msgstr ""
9750
9751
#: serverguide/C/reporting-bugs.xml:200(para)
9752
msgid ""
9753
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9754
"collected information to be discarded."
9755
msgstr ""
9756
9757
#: serverguide/C/reporting-bugs.xml:210(title)
9758
msgid "Reporting Application Crashes"
9759
msgstr ""
9760
9761
#: serverguide/C/reporting-bugs.xml:212(para)
9762
msgid ""
9763
"The software package that provides the ubuntu-bug utility, "
9764
"<application>apport</application>, can be configured to trigger when "
9765
"applications crash. This is disabled by default, as capturing a crash can be "
9766
"resource intensive depending on how much memory the application that crashed "
9767
"was using as apport captures and processes the core dump."
9768
msgstr ""
9769
9770
#: serverguide/C/reporting-bugs.xml:221(para)
9771
msgid ""
9772
"Configuring apport to capture information about crashing applications "
9773
"requires a couple of steps. First, <application>gdb</application> needs to "
9774
"be installed; it is not installed by default in Ubuntu Server Edition."
9775
msgstr ""
9776
9777
#: serverguide/C/reporting-bugs.xml:229(command)
9778
msgid "sudo apt-get install gdb"
9779
msgstr ""
9780
9781
#: serverguide/C/reporting-bugs.xml:232(para)
9782
msgid ""
9783
"See <xref linkend=\"package-management\"/> for more information about "
9784
"managing packages in Ubuntu."
9785
msgstr ""
9786
9787
#: serverguide/C/reporting-bugs.xml:237(para)
9788
msgid ""
9789
"Once you have ensured that gdb is installed, open the file "
9790
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9791
"<emphasis>enabled</emphasis> setting to be <emphasis "
9792
"role=\"bold\">1</emphasis> like so:"
9793
msgstr ""
9794
9795
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9796
#, no-wrap
9797
msgid ""
9798
"\n"
9799
"# set this to 0 to disable apport, or to 1 to enable it\n"
9800
"# you can temporarily override this with\n"
9801
"# sudo service apport start force_start=1\n"
9802
"enabled=<userinput>1</userinput>\n"
9803
"\n"
9804
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9805
"maxsize=209715200\n"
9806
msgstr ""
9807
9808
#: serverguide/C/reporting-bugs.xml:254(para)
9809
msgid ""
9810
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9811
"start the apport service:"
9812
msgstr ""
9813
9814
#: serverguide/C/reporting-bugs.xml:261(command)
9815
msgid "sudo start apport"
9816
msgstr ""
9817
9818
#: serverguide/C/reporting-bugs.xml:264(para)
9819
msgid ""
9820
"After an application crashes, use the <application>apport-cli</application> "
9821
"command to search for the existing saved crash report information:"
9822
msgstr ""
9823
9824
#: serverguide/C/reporting-bugs.xml:271(command)
9825
msgid "apport-cli"
9826
msgstr ""
9827
9828
#: serverguide/C/reporting-bugs.xml:270(screen)
9829
#, no-wrap
9830
msgid ""
9831
"\n"
9832
"<placeholder-1/>\n"
9833
"\n"
9834
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9835
"\n"
9836
"If you were not doing anything confidential (entering passwords or other\n"
9837
"private information), you can help to improve the application by\n"
9838
"reporting\n"
9839
"the problem.\n"
9840
"\n"
9841
"What would you like to do? Your options are:\n"
9842
" R: Report Problem...\n"
9843
" I: Cancel and ignore future crashes of this program version\n"
9844
" C: Cancel\n"
9845
"Please choose (R/I/C):\n"
9846
msgstr ""
9847
9848
#: serverguide/C/reporting-bugs.xml:287(para)
9849
msgid ""
9850
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9851
"steps as when using ubuntu-bug. One important difference is that a crash "
9852
"report will be marked as private when filed on Launchpad, meaning that it "
9853
"will be visible to only a limited set of bug triagers. These triagers will "
9854
"review the gathered data for private information before making the bug "
9855
"report publicly visible."
9856
msgstr ""
9857
9858
#: serverguide/C/reporting-bugs.xml:307(para)
9859
msgid ""
9860
"See the <ulink "
9861
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9862
"Bugs</ulink> Ubuntu wiki page."
9863
msgstr ""
9864
9865
#: serverguide/C/reporting-bugs.xml:313(para)
9866
msgid ""
9867
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9868
"has some useful information. Though some of it pertains to using a GUI."
9869
msgstr ""
9870
9871
#: serverguide/C/remote-administration.xml:13(title)
9872
msgid "Remote Administration"
9873
msgstr ""
9874
9875
#: serverguide/C/remote-administration.xml:14(para)
9876
msgid ""
9877
"There are many ways to remotely administer a Linux server. This chapter will "
9878
"cover one of the most popular <application>OpenSSH</application>."
9879
msgstr ""
9880
9881
#: serverguide/C/remote-administration.xml:22(para)
9882
msgid ""
9883
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9884
"tools for the remote control of networked computers and transfer of data "
9885
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9886
"also learn about some of the configuration settings possible with the "
9887
"OpenSSH server application and how to change them on your Ubuntu system."
9888
msgstr ""
9889
9890
#: serverguide/C/remote-administration.xml:29(para)
9891
msgid ""
9892
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9893
"family of tools for remotely controlling a computer or transferring files "
9894
"between computers. Traditional tools used to accomplish these functions, "
9895
"such as <application>telnet</application> or <application>rcp</application>, "
9896
"are insecure and transmit the user's password in cleartext when used. "
9897
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9898
"encrypted remote control and file transfer operations, effectively replacing "
9899
"the legacy tools."
9900
msgstr ""
9901
9902
#: serverguide/C/remote-administration.xml:38(para)
9903
msgid ""
9904
"The OpenSSH server component, <application>sshd</application>, listens "
9905
"continuously for client connections from any of the client tools. When a "
9906
"connection request occurs, <application>sshd</application> sets up the "
9907
"correct connection depending on the type of client tool connecting. For "
9908
"example, if the remote computer is connecting with the "
9909
"<application>ssh</application> client application, the OpenSSH server sets "
9910
"up a remote control session after authentication. If a remote user connects "
9911
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9912
"daemon initiates a secure copy of files between the server and client after "
9913
"authentication. OpenSSH can use many authentication methods, including plain "
9914
"password, public key, and <application>Kerberos</application> tickets."
9915
msgstr ""
9916
9917
#: serverguide/C/remote-administration.xml:52(para)
9918
msgid ""
9919
"Installation of the OpenSSH client and server applications is simple. To "
9920
"install the OpenSSH client applications on your Ubuntu system, use this "
9921
"command at a terminal prompt:"
9922
msgstr ""
9923
9924
#: serverguide/C/remote-administration.xml:58(command)
9925
msgid "sudo apt-get install openssh-client"
9926
msgstr ""
9927
9928
#: serverguide/C/remote-administration.xml:60(para)
9929
msgid ""
9930
"To install the OpenSSH server application, and related support files, use "
9931
"this command at a terminal prompt:"
9932
msgstr ""
9933
9934
#: serverguide/C/remote-administration.xml:65(command)
9935
msgid "sudo apt-get install openssh-server"
9936
msgstr ""
9937
9938
#: serverguide/C/remote-administration.xml:67(para)
9939
msgid ""
9940
"The <application>openssh-server</application> package can also be selected "
9941
"to install during the Server Edition installation process."
9942
msgstr ""
9943
9944
#: serverguide/C/remote-administration.xml:74(para)
9945
msgid ""
9946
"You may configure the default behavior of the OpenSSH server application, "
9947
"<application>sshd</application>, by editing the file "
9948
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9949
"configuration directives used in this file, you may view the appropriate "
9950
"manual page with the following command, issued at a terminal prompt:"
9951
msgstr ""
9952
9953
#: serverguide/C/remote-administration.xml:82(command)
9954
msgid "man sshd_config"
9955
msgstr ""
9956
9957
#: serverguide/C/remote-administration.xml:84(para)
9958
msgid ""
9959
"There are many directives in the <application>sshd</application> "
9960
"configuration file controlling such things as communication settings and "
9961
"authentication modes. The following are examples of configuration directives "
9962
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9963
"file."
9964
msgstr ""
9965
9966
#: serverguide/C/remote-administration.xml:91(para)
9967
msgid ""
9968
"Prior to editing the configuration file, you should make a copy of the "
9969
"original file and protect it from writing so you will have the original "
9970
"settings as a reference and to reuse as necessary."
9971
msgstr ""
9972
9973
#: serverguide/C/remote-administration.xml:95(para)
9974
msgid ""
9975
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
9976
"writing with the following commands, issued at a terminal prompt:"
9977
msgstr ""
9978
9979
#: serverguide/C/remote-administration.xml:100(command)
9980
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
9981
msgstr ""
9982
9983
#: serverguide/C/remote-administration.xml:101(command)
9984
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
9985
msgstr ""
9986
9987
#: serverguide/C/remote-administration.xml:103(para)
9988
msgid ""
9989
"The following are examples of configuration directives you may change:"
9990
msgstr ""
9991
9992
#: serverguide/C/remote-administration.xml:108(para)
9993
msgid ""
9994
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
9995
"port 22, change the Port directive as such:"
9996
msgstr ""
9997
9998
#: serverguide/C/remote-administration.xml:112(para)
9999
msgid "Port 2222"
10000
msgstr ""
10001
10002
#: serverguide/C/remote-administration.xml:117(para)
10003
msgid ""
10004
"To have <application>sshd</application> allow public key-based login "
10005
"credentials, simply add or modify the line:"
10006
msgstr ""
10007
10008
#: serverguide/C/remote-administration.xml:121(para)
10009
msgid "PubkeyAuthentication yes"
10010
msgstr ""
10011
10012
#: serverguide/C/remote-administration.xml:124(para)
10013
msgid ""
10014
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10015
"present, ensure the line is not commented out."
10016
msgstr ""
10017
10018
#: serverguide/C/remote-administration.xml:130(para)
10019
msgid ""
10020
"To make your OpenSSH server display the contents of the "
10021
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10022
"or modify the line:"
10023
msgstr ""
10024
10025
#: serverguide/C/remote-administration.xml:135(para)
10026
msgid "Banner /etc/issue.net"
10027
msgstr ""
10028
10029
#: serverguide/C/remote-administration.xml:138(para)
10030
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10031
msgstr ""
10032
10033
#: serverguide/C/remote-administration.xml:143(para)
10034
msgid ""
10035
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10036
"save the file, and restart the <application>sshd</application> server "
10037
"application to effect the changes using the following command at a terminal "
10038
"prompt:"
10039
msgstr ""
10040
10041
#: serverguide/C/remote-administration.xml:152(para)
10042
msgid ""
10043
"Many other configuration directives for <application>sshd</application> are "
10044
"available for changing the server application's behavior to fit your needs. "
10045
"Be advised, however, if your only method of access to a server is "
10046
"<application>ssh</application>, and you make a mistake in configuring "
10047
"<application>sshd</application> via the "
10048
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10049
"out of the server upon restarting it, or that the "
10050
"<application>sshd</application> server refuses to start due to an incorrect "
10051
"configuration directive, so be extra careful when editing this file on a "
10052
"remote server."
10053
msgstr ""
10054
10055
#: serverguide/C/remote-administration.xml:167(title)
10056
msgid "SSH Keys"
10057
msgstr ""
10058
10059
#: serverguide/C/remote-administration.xml:168(para)
10060
msgid ""
10061
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10062
"the need of a password. SSH key authentication uses two keys a "
10063
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10064
msgstr ""
10065
10066
#: serverguide/C/remote-administration.xml:172(para)
10067
msgid "To generate the keys, from a terminal prompt enter:"
10068
msgstr ""
10069
10070
#: serverguide/C/remote-administration.xml:176(command)
10071
msgid "ssh-keygen -t dsa"
10072
msgstr ""
10073
10074
#: serverguide/C/remote-administration.xml:178(para)
10075
msgid ""
10076
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10077
"identity of the user. During the process you will be prompted for a "
10078
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10079
"key."
10080
msgstr ""
10081
10082
#: serverguide/C/remote-administration.xml:182(para)
10083
msgid ""
10084
"By default the <emphasis>public</emphasis> key is saved in the file "
10085
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10086
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10087
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10088
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10089
msgstr ""
10090
10091
#: serverguide/C/remote-administration.xml:188(command)
10092
msgid "ssh-copy-id username@remotehost"
10093
msgstr ""
10094
10095
#: serverguide/C/remote-administration.xml:190(para)
10096
msgid ""
10097
"Finally, double check the permissions on the "
10098
"<filename>authorized_keys</filename> file, only the authenticated user "
10099
"should have read and write permissions. If the permissions are not correct "
10100
"change them by:"
10101
msgstr ""
10102
10103
#: serverguide/C/remote-administration.xml:195(command)
10104
msgid "chmod 600 .ssh/authorized_keys"
10105
msgstr ""
10106
10107
#: serverguide/C/remote-administration.xml:197(para)
10108
msgid ""
10109
"You should now be able to SSH to the host without being prompted for a "
10110
"password."
10111
msgstr ""
10112
10113
#: serverguide/C/remote-administration.xml:206(para)
10114
msgid ""
10115
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10116
"page."
10117
msgstr ""
10118
10119
#: serverguide/C/remote-administration.xml:212(ulink)
10120
msgid "OpenSSH Website"
10121
msgstr ""
10122
10123
#: serverguide/C/remote-administration.xml:217(ulink)
10124
msgid "Advanced OpenSSH Wiki Page"
10125
msgstr ""
10126
10127
#: serverguide/C/package-management.xml:13(title)
10128
msgid "Package Management"
10129
msgstr ""
10130
10131
#: serverguide/C/package-management.xml:14(para)
10132
msgid ""
10133
"Ubuntu features a comprehensive package management system for the "
10134
"installation, upgrade, configuration, and removal of software. In addition "
10135
"to providing access to an organized base of over 24,000 software packages "
10136
"for your Ubuntu computer, the package management facilities also feature "
10137
"dependency resolution capabilities and software update checking."
10138
msgstr ""
10139
10140
#: serverguide/C/package-management.xml:16(para)
10141
msgid ""
10142
"Several tools are available for interacting with Ubuntu's package management "
10143
"system, from simple command-line utilities which may be easily automated by "
10144
"system administrators, to a simple graphical interface which is easy to use "
10145
"by those new to Ubuntu."
10146
msgstr ""
10147
10148
#: serverguide/C/package-management.xml:21(para)
10149
msgid ""
10150
"Ubuntu's package management system is derived from the same system used by "
10151
"the Debian GNU/Linux distribution. The package files contain all of the "
10152
"necessary files, meta-data, and instructions to implement a particular "
10153
"functionality or software application on your Ubuntu computer."
10154
msgstr ""
10155
10156
#: serverguide/C/package-management.xml:24(para)
10157
msgid ""
10158
"Debian package files typically have the extension '.deb', and typically "
10159
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10160
"collections of packages found on various media, such as CD-ROM discs, or "
10161
"online. Packages are normally of the pre-compiled binary format; thus "
10162
"installation is quick and requires no compiling of software."
10163
msgstr ""
10164
10165
#: serverguide/C/package-management.xml:27(para)
10166
msgid ""
10167
"Many complex packages use the concept of <emphasis "
10168
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10169
"packages required by the principal package in order to function properly. "
10170
"For example, the speech synthesis package "
10171
"<application>Festival</application> depends upon the package "
10172
"<application>libasound2</application>, which is a package supplying the "
10173
"<application>ALSA</application> sound library needed for audio playback. In "
10174
"order for <application>Festival</application> to function, it and all of its "
10175
"dependencies must be installed. The software management tools in Ubuntu will "
10176
"do this automatically."
10177
msgstr ""
10178
10179
#: serverguide/C/package-management.xml:32(title)
10180
msgid "dpkg"
10181
msgstr ""
10182
10183
#: serverguide/C/package-management.xml:34(para)
10184
msgid ""
10185
"<application>dpkg</application> is a package manager for "
10186
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10187
"packages, but unlike other package management system's it can not "
10188
"automatically download and install packages and their dependencies. This "
10189
"section covers using <application>dpkg</application> to manage locally "
10190
"installed packages:"
10191
msgstr ""
10192
10193
#: serverguide/C/package-management.xml:43(para)
10194
msgid ""
10195
"To list all packages installed on the system, from a terminal prompt enter:"
10196
msgstr ""
10197
10198
#: serverguide/C/package-management.xml:48(command)
10199
msgid "dpkg -l"
10200
msgstr ""
10201
10202
#: serverguide/C/package-management.xml:54(para)
10203
msgid ""
10204
"Depending on the amount of packages on your system, this can generate a "
10205
"large amount of output. Pipe the output through "
10206
"<application>grep</application> to see if a specific package is installed:"
10207
msgstr ""
10208
10209
#: serverguide/C/package-management.xml:60(command)
10210
msgid "dpkg -l | grep apache2"
10211
msgstr ""
10212
10213
#: serverguide/C/package-management.xml:63(para)
10214
msgid ""
10215
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10216
"package name, or other regular expression."
10217
msgstr ""
10218
10219
#: serverguide/C/package-management.xml:70(para)
10220
msgid ""
10221
"To list the files installed by a package, in this case the "
10222
"<application>ufw</application> package, enter:"
10223
msgstr ""
10224
10225
#: serverguide/C/package-management.xml:75(command)
10226
msgid "dpkg -L ufw"
10227
msgstr ""
10228
10229
#: serverguide/C/package-management.xml:81(para)
10230
msgid ""
10231
"If you are not sure which package installed a file, <application>dpkg -"
10232
"S</application> may be able to tell you. For example:"
10233
msgstr ""
10234
10235
#: serverguide/C/package-management.xml:87(command)
10236
msgid "dpkg -S /etc/host.conf"
10237
msgstr ""
10238
10239
#: serverguide/C/package-management.xml:88(computeroutput)
10240
#, no-wrap
10241
msgid "base-files: /etc/host.conf"
10242
msgstr ""
10243
10244
#: serverguide/C/package-management.xml:91(para)
10245
msgid ""
10246
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10247
"<application>base-files</application> package."
10248
msgstr ""
10249
10250
#: serverguide/C/package-management.xml:96(para)
10251
msgid ""
10252
"Many files are automatically generated during the package install process, "
10253
"and even though they are on the filesystem <command>dpkg -S</command> may "
10254
"not know which package they belong to."
10255
msgstr ""
10256
10257
#: serverguide/C/package-management.xml:105(para)
10258
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10259
msgstr ""
10260
10261
#: serverguide/C/package-management.xml:110(command)
10262
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10263
msgstr ""
10264
10265
#: serverguide/C/package-management.xml:113(para)
10266
msgid ""
10267
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10268
"the local .deb file."
10269
msgstr ""
10270
10271
#: serverguide/C/package-management.xml:120(para)
10272
msgid "Uninstalling a package can be accomplished by:"
10273
msgstr ""
10274
10275
#: serverguide/C/package-management.xml:125(command)
10276
msgid "sudo dpkg -r zip"
10277
msgstr ""
10278
10279
#: serverguide/C/package-management.xml:129(para)
10280
msgid ""
10281
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10282
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10283
"manager that handles dependencies, to ensure that the system is in a "
10284
"consistent state. For example using <command>dpkg -r</command> you can "
10285
"remove the <application>zip</application> package, but any packages that "
10286
"depend on it will still be installed and may no longer function correctly."
10287
msgstr ""
10288
10289
#: serverguide/C/package-management.xml:140(para)
10290
msgid ""
10291
"For more <application>dpkg</application> options see the man page: "
10292
"<command>man dpkg</command>."
10293
msgstr ""
10294
10295
#: serverguide/C/package-management.xml:146(title)
10296
msgid "Apt-Get"
10297
msgstr ""
10298
10299
#: serverguide/C/package-management.xml:147(para)
10300
msgid ""
10301
"The <application>apt-get</application> command is a powerful command-line "
10302
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10303
"(APT) performing such functions as installation of new software packages, "
10304
"upgrade of existing software packages, updating of the package list index, "
10305
"and even upgrading the entire Ubuntu system."
10306
msgstr ""
10307
10308
#: serverguide/C/package-management.xml:150(para)
10309
msgid ""
10310
"Being a simple command-line tool, <application>apt-get</application> has "
10311
"numerous advantages over other package management tools available in Ubuntu "
10312
"for server administrators. Some of these advantages include ease of use over "
10313
"simple terminal connections (SSH) and the ability to be used in system "
10314
"administration scripts, which can in turn be automated by the "
10315
"<application>cron</application> scheduling utility."
10316
msgstr ""
10317
10318
#: serverguide/C/package-management.xml:157(para)
10319
msgid ""
10320
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10321
"packages using the <application>apt-get</application> tool is quite simple. "
10322
"For example, to install the network scanner <emphasis "
10323
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10324
"<command>sudo apt-get install nmap</command>\n"
10325
"</screen>"
10326
msgstr ""
10327
10328
#: serverguide/C/package-management.xml:165(para)
10329
msgid ""
10330
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10331
"packages is also a straightforward and simple process. To remove the nmap "
10332
"package installed in the previous example, type the following: <screen>\n"
10333
"<command>sudo apt-get remove nmap</command>\n"
10334
"</screen>"
10335
msgstr ""
10336
10337
#: serverguide/C/package-management.xml:172(para)
10338
msgid ""
10339
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10340
"multiple packages to be installed or removed, separated by spaces."
10341
msgstr ""
10342
10343
#: serverguide/C/package-management.xml:175(para)
10344
msgid ""
10345
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10346
"remove</command> will remove the package configuration files as well. This "
10347
"may or may not be the desired effect so use with caution."
10348
msgstr ""
10349
10350
#: serverguide/C/package-management.xml:181(para)
10351
msgid ""
10352
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10353
"index is essentially a database of available packages from the repositories "
10354
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10355
"the local package index with the latest changes made in repositories, type "
10356
"the following: <screen>\n"
10357
"<command>sudo apt-get update</command>\n"
10358
"</screen>"
10359
msgstr ""
10360
10361
#: serverguide/C/package-management.xml:189(para)
10362
msgid ""
10363
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10364
"versions of packages currently installed on your computer may become "
10365
"available from the package repositories (for example security updates). To "
10366
"upgrade your system, first update your package index as outlined above, and "
10367
"then type: <screen>\n"
10368
"<command>sudo apt-get upgrade</command>\n"
10369
"</screen>"
10370
msgstr ""
10371
10372
#: serverguide/C/package-management.xml:195(para)
10373
msgid ""
10374
"For information on upgrading to a new Ubuntu release see <xref "
10375
"linkend=\"installing-upgrading\"/>."
10376
msgstr ""
10377
10378
#: serverguide/C/package-management.xml:153(para)
10379
msgid ""
10380
"Some examples of popular uses for the <application>apt-get</application> "
10381
"utility: <placeholder-1/>"
10382
msgstr ""
10383
10384
#: serverguide/C/package-management.xml:201(para)
10385
msgid ""
10386
"Actions of the <application>apt-get</application> command, such as "
10387
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10388
"log file."
10389
msgstr ""
10390
10391
#: serverguide/C/package-management.xml:204(para)
10392
msgid ""
10393
"For further information about the use of <application>APT</application>, "
10394
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10395
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10396
"help</screen>"
10397
msgstr ""
10398
10399
#: serverguide/C/package-management.xml:208(title)
10400
msgid "Aptitude"
10401
msgstr ""
10402
10403
#: serverguide/C/package-management.xml:209(para)
10404
msgid ""
10405
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10406
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10407
"the common package management functions, such as installation, removal, and "
10408
"upgrade, are performed in <application>Aptitude</application> with single-"
10409
"key commands, which are typically lowercase letters."
10410
msgstr ""
10411
10412
#: serverguide/C/package-management.xml:212(para)
10413
msgid ""
10414
"<application>Aptitude</application> is best suited for use in a non-"
10415
"graphical terminal environment to ensure proper functioning of the command "
10416
"keys. You may start <application>Aptitude</application> as a normal user "
10417
"with the following command at a terminal prompt: <screen>\n"
10418
"<command>sudo aptitude</command>\n"
10419
"</screen>"
10420
msgstr ""
10421
10422
#: serverguide/C/package-management.xml:219(para)
10423
msgid ""
10424
"When <application>Aptitude</application> starts, you will see a menu bar at "
10425
"the top of the screen and two panes below the menu bar. The top pane "
10426
"contains package categories, such as <emphasis role=\"italics\">New "
10427
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10428
"Packages</emphasis>. The bottom pane contains information related to the "
10429
"packages and package categories."
10430
msgstr ""
10431
10432
#: serverguide/C/package-management.xml:222(para)
10433
msgid ""
10434
"Using <application>Aptitude</application> for package management is "
10435
"relatively straightforward, and the user interface makes common tasks simple "
10436
"to perform. The following are examples of common package management "
10437
"functions as performed in <application>Aptitude</application>:"
10438
msgstr ""
10439
10440
#: serverguide/C/package-management.xml:226(para)
10441
msgid ""
10442
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10443
"locate the package via the Not Installed Packages package category, for "
10444
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10445
"key, and highlight the package you wish to install. After highlighting the "
10446
"package you wish to install, press the <keycap>+</keycap> key, and the "
10447
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10448
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10449
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10450
"again, and you will be prompted to become root to complete the installation. "
10451
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10452
"your user password to become root. Finally, press <keycap>g</keycap> once "
10453
"more and you'll be prompted to download the package. Press "
10454
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10455
"prompt, and downloading and installation of the package will commence."
10456
msgstr ""
10457
10458
#: serverguide/C/package-management.xml:230(para)
10459
msgid ""
10460
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10461
"locate the package via the Installed Packages package category, for example, "
10462
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10463
"highlight the package you wish to remove. After highlighting the package you "
10464
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10465
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10466
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10467
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10468
"prompted to become root to complete the installation. Press "
10469
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10470
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10471
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10472
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10473
"the package will commence."
10474
msgstr ""
10475
10476
#: serverguide/C/package-management.xml:234(para)
10477
msgid ""
10478
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10479
"package index, simply press the <keycap>u</keycap> key and you will be "
10480
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10481
"which will result in a Password: prompt. Enter your user password to become "
10482
"root. Updating of the package index will commence. Press "
10483
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10484
"presented to complete the process."
10485
msgstr ""
10486
10487
#: serverguide/C/package-management.xml:238(para)
10488
msgid ""
10489
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10490
"perform the update of the package index as detailed above, and then press "
10491
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10492
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10493
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10494
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10495
"result in a Password: prompt. Enter your user password to become root. "
10496
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10497
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10498
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10499
"will commence."
10500
msgstr ""
10501
10502
#: serverguide/C/package-management.xml:245(para)
10503
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10504
msgstr ""
10505
10506
#: serverguide/C/package-management.xml:250(para)
10507
msgid ""
10508
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10509
"configuration remains on system"
10510
msgstr ""
10511
10512
#: serverguide/C/package-management.xml:254(para)
10513
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10514
msgstr ""
10515
10516
#: serverguide/C/package-management.xml:258(para)
10517
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10518
msgstr ""
10519
10520
#: serverguide/C/package-management.xml:262(para)
10521
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10522
msgstr ""
10523
10524
#: serverguide/C/package-management.xml:266(para)
10525
msgid ""
10526
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10527
"configured"
10528
msgstr ""
10529
10530
#: serverguide/C/package-management.xml:270(para)
10531
msgid ""
10532
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10533
"and requires fix"
10534
msgstr ""
10535
10536
#: serverguide/C/package-management.xml:274(para)
10537
msgid ""
10538
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10539
"requires fix"
10540
msgstr ""
10541
10542
#: serverguide/C/package-management.xml:242(para)
10543
msgid ""
10544
"The first column of information displayed in the package list in the top "
10545
"pane, when actually viewing packages lists the current state of the package, "
10546
"and uses the following key to describe the state of the package: "
10547
"<placeholder-1/>"
10548
msgstr ""
10549
10550
#: serverguide/C/package-management.xml:280(para)
10551
msgid ""
10552
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10553
"wish to exit. Many other functions are available from the Aptitude menu by "
10554
"pressing the <keycap>F10</keycap> key."
10555
msgstr ""
10556
10557
#: serverguide/C/package-management.xml:285(title)
10558
msgid "Automatic Updates"
10559
msgstr ""
10560
10561
#: serverguide/C/package-management.xml:287(para)
10562
msgid ""
10563
"The <application>unattended-upgrades</application> package can be used to "
10564
"automatically install updated packages, and can be configured to update all "
10565
"packages or just install security updates. First, install the package by "
10566
"entering the following in a terminal:"
10567
msgstr ""
10568
10569
#: serverguide/C/package-management.xml:293(command)
10570
msgid "sudo apt-get install unattended-upgrades"
10571
msgstr ""
10572
10573
#: serverguide/C/package-management.xml:296(para)
10574
msgid ""
10575
"To configure <application>unattended-upgrades</application>, edit "
10576
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10577
"the following to fit your needs:"
10578
msgstr ""
10579
10580
#: serverguide/C/package-management.xml:301(programlisting)
10581
#, no-wrap
10582
msgid ""
10583
"\n"
10584
"Unattended-Upgrade::Allowed-Origins {\n"
10585
" \"Ubuntu maverick-security\";\n"
10586
"// \"Ubuntu maverick-updates\";\n"
10587
"};\n"
10588
msgstr ""
10589
10590
#: serverguide/C/package-management.xml:308(para)
10591
msgid ""
10592
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10593
"will not be automatically updated. To blacklist a package, add it to the "
10594
"list:"
10595
msgstr ""
10596
10597
#: serverguide/C/package-management.xml:313(programlisting)
10598
#, no-wrap
10599
msgid ""
10600
"\n"
10601
"Unattended-Upgrade::Package-Blacklist {\n"
10602
"// \"vim\";\n"
10603
"// \"libc6\";\n"
10604
"// \"libc6-dev\";\n"
10605
"// \"libc6-i686\";\n"
10606
"};\n"
10607
msgstr ""
10608
10609
#: serverguide/C/package-management.xml:323(para)
10610
msgid ""
10611
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10612
"whatever follows \"//\" will not be evaluated."
10613
msgstr ""
10614
10615
#: serverguide/C/package-management.xml:328(para)
10616
msgid ""
10617
"To enable automatic updates, edit "
10618
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10619
"<application>apt</application> configuration options:"
10620
msgstr ""
10621
10622
#: serverguide/C/package-management.xml:332(programlisting)
10623
#, no-wrap
10624
msgid ""
10625
"\n"
10626
"APT::Periodic::Update-Package-Lists \"1\";\n"
10627
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10628
"APT::Periodic::AutocleanInterval \"7\";\n"
10629
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10630
msgstr ""
10631
10632
#: serverguide/C/package-management.xml:339(para)
10633
msgid ""
10634
"The above configuration updates the package list, downloads, and installs "
10635
"available upgrades every day. The local download archive is cleaned every "
10636
"week."
10637
msgstr ""
10638
10639
#: serverguide/C/package-management.xml:345(para)
10640
msgid ""
10641
"You can read more about <application>apt</application> Periodic "
10642
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10643
"header."
10644
msgstr ""
10645
10646
#: serverguide/C/package-management.xml:350(para)
10647
msgid ""
10648
"The results of <application>unattended-upgrades</application> will be logged "
10649
"to <filename>/var/log/unattended-upgrades</filename>."
10650
msgstr ""
10651
10652
#: serverguide/C/package-management.xml:355(title)
10653
msgid "Notifications"
10654
msgstr ""
10655
10656
#: serverguide/C/package-management.xml:357(para)
10657
msgid ""
10658
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10659
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10660
"<application>unattended-upgrades</application> to email an administrator "
10661
"detailing any packages that need upgrading or have problems."
10662
msgstr ""
10663
10664
#: serverguide/C/package-management.xml:362(para)
10665
msgid ""
10666
"Another useful package is <application>apticron</application>. "
10667
"<application>apticron</application> will configure a "
10668
"<application>cron</application> job to email an administrator information "
10669
"about any packages on the system that have updates available, as well as a "
10670
"summary of changes in each package."
10671
msgstr ""
10672
10673
#: serverguide/C/package-management.xml:368(para)
10674
msgid ""
10675
"To install the <application>apticron</application> package, in a terminal "
10676
"enter:"
10677
msgstr ""
10678
10679
#: serverguide/C/package-management.xml:373(command)
10680
msgid "sudo apt-get install apticron"
10681
msgstr ""
10682
10683
#: serverguide/C/package-management.xml:376(para)
10684
msgid ""
10685
"Once the package is installed edit "
10686
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10687
"and other options:"
10688
msgstr ""
10689
10690
#: serverguide/C/package-management.xml:380(programlisting)
10691
#, no-wrap
10692
msgid ""
10693
"\n"
10694
"EMAIL=\"root@example.com\"\n"
10695
msgstr ""
10696
10697
#: serverguide/C/package-management.xml:389(para)
10698
msgid ""
10699
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10700
"system repositories is stored in the /etc/apt/sources.list configuration "
10701
"file. An example of this file is referenced here, along with information on "
10702
"adding or removing repository references from the file."
10703
msgstr ""
10704
10705
#: serverguide/C/package-management.xml:395(para)
10706
msgid ""
10707
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10708
"typical <filename>/etc/apt/sources.list</filename> file."
10709
msgstr ""
10710
10711
#: serverguide/C/package-management.xml:399(para)
10712
msgid ""
10713
"You may edit the file to enable repositories or disable them. For example, "
10714
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10715
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10716
"which appears at the top of the file:"
10717
msgstr ""
10718
10719
#: serverguide/C/package-management.xml:404(screen)
10720
#, no-wrap
10721
msgid ""
10722
"\n"
10723
"# no more prompting for CD-ROM please\n"
10724
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10725
"main restricted\n"
10726
msgstr ""
10727
10728
#: serverguide/C/package-management.xml:410(title)
10729
msgid "Extra Repositories"
10730
msgstr ""
10731
10732
#: serverguide/C/package-management.xml:411(para)
10733
msgid ""
10734
"In addition to the officially supported package repositories available for "
10735
"Ubuntu, there exist additional community-maintained repositories which add "
10736
"thousands more potential packages for installation. Two of the most popular "
10737
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10738
"repositories. These repositories are not officially supported by Ubuntu, but "
10739
"because they are maintained by the community they generally provide packages "
10740
"which are safe for use with your Ubuntu computer."
10741
msgstr ""
10742
10743
#: serverguide/C/package-management.xml:414(para)
10744
msgid ""
10745
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10746
"licensing issues that prevent them from being distributed with a free "
10747
"operating system, and they may be illegal in your locality."
10748
msgstr ""
10749
10750
#: serverguide/C/package-management.xml:416(para)
10751
msgid ""
10752
"Be advised that neither the <emphasis>Universe</emphasis> or "
10753
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10754
"packages. In particular, there may not be security updates for these "
10755
"packages."
10756
msgstr ""
10757
10758
#: serverguide/C/package-management.xml:420(para)
10759
msgid ""
10760
"Many other package sources are available, sometimes even offering only one "
10761
"package, as in the case of package sources provided by the developer of a "
10762
"single application. You should always be very careful and cautious when "
10763
"using non-standard package sources, however. Research the source and "
10764
"packages carefully before performing any installation, as some package "
10765
"sources and their packages could render your system unstable or non-"
10766
"functional in some respects."
10767
msgstr ""
10768
10769
#: serverguide/C/package-management.xml:423(para)
10770
msgid ""
10771
"By default, the <emphasis>Universe</emphasis> and "
10772
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10773
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10774
"comment the following lines:"
10775
msgstr ""
10776
10777
#: serverguide/C/package-management.xml:430(programlisting)
10778
#, no-wrap
10779
msgid ""
10780
"\n"
10781
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10782
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10783
"\n"
10784
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10785
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10786
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10787
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10788
"\n"
10789
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10790
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10791
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10792
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10793
"\n"
10794
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10795
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10796
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10797
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10798
msgstr ""
10799
10800
#: serverguide/C/package-management.xml:456(para)
10801
msgid ""
10802
"Most of the material covered in this chapter is available in "
10803
"<application>man</application> pages, many of which are available online."
10804
msgstr ""
10805
10806
#: serverguide/C/package-management.xml:463(para)
10807
msgid ""
10808
"The <ulink "
10809
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10810
"re</ulink> Ubuntu wiki page has more information."
10811
msgstr ""
10812
10813
#: serverguide/C/package-management.xml:468(para)
10814
msgid ""
10815
"For more <application>dpkg</application> details see the <ulink "
10816
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10817
" man page</ulink>."
10818
msgstr ""
10819
10820
#: serverguide/C/package-management.xml:474(para)
10821
msgid ""
10822
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10823
"HOWTO</ulink> and <ulink "
10824
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10825
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10826
"<application>apt-get</application> usage."
10827
msgstr ""
10828
10829
#: serverguide/C/package-management.xml:481(para)
10830
msgid ""
10831
"See the <ulink "
10832
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10833
"itude man page</ulink> for more <application>aptitude</application> options."
10834
msgstr ""
10835
10836
#: serverguide/C/package-management.xml:487(para)
10837
msgid ""
10838
"The <ulink "
10839
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10840
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10841
"adding repositories."
10842
msgstr ""
10843
10844
#: serverguide/C/other-apps.xml:13(title)
10845
msgid "Other Useful Applications"
10846
msgstr ""
10847
10848
#: serverguide/C/other-apps.xml:15(para)
10849
msgid ""
10850
"There are many very useful applications developed by the Ubuntu Server Team, "
10851
"and others that are well integrated with Ubuntu Server Edition, that might "
10852
"not be well known. This chapter will showcase some useful applications that "
10853
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10854
"easier."
10855
msgstr ""
10856
10857
#: serverguide/C/other-apps.xml:23(title)
10858
msgid "pam_motd"
10859
msgstr ""
10860
10861
#: serverguide/C/other-apps.xml:25(para)
10862
msgid ""
10863
"When logging into an Ubuntu server you may have noticed the informative "
10864
"Message Of The Day (MOTD). This information is obtained and displayed using "
10865
"a couple of packages:"
10866
msgstr ""
10867
10868
#: serverguide/C/other-apps.xml:32(para)
10869
msgid ""
10870
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10871
"<application>landscape-client</application>, which can be used to manage "
10872
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10873
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10874
"utility which is used to gather the information displayed in the MOTD."
10875
msgstr ""
10876
10877
#: serverguide/C/other-apps.xml:40(para)
10878
msgid ""
10879
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10880
"the MOTD via <application>pam_motd</application> module."
10881
msgstr ""
10882
10883
#: serverguide/C/other-apps.xml:46(para)
10884
msgid ""
10885
"<application>pam_motd</application> executes the scripts in "
10886
"<filename>/etc/update-motd.d</filename> in order based on the number "
10887
"prepended to the script. The output of the scripts is written to "
10888
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10889
"concatenated with <filename>/etc/motd.tail</filename>."
10890
msgstr ""
10891
10892
#: serverguide/C/other-apps.xml:52(para)
10893
msgid ""
10894
"You can add your own dynamic information to the MOTD. For example, to add "
10895
"local weather information:"
10896
msgstr ""
10897
10898
#: serverguide/C/other-apps.xml:58(para)
10899
msgid "First, install the <application>weather-util</application> package:"
10900
msgstr ""
10901
10902
#: serverguide/C/other-apps.xml:63(command)
10903
msgid "sudo apt-get install weather-util"
10904
msgstr ""
10905
10906
#: serverguide/C/other-apps.xml:68(para)
10907
msgid ""
10908
"The <application>weather</application> utility uses METAR data from the "
10909
"National Oceanic and Atmospheric Administration and forecasts from the "
10910
"National Weather Service. In order to find local information you will need "
10911
"the 4-character ICAO location indicator. This can be determined by browsing "
10912
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
10913
"Weather Service</ulink> site."
10914
msgstr ""
10915
10916
#: serverguide/C/other-apps.xml:75(para)
10917
msgid ""
10918
"Although the National Weather Service is a United States government agency "
10919
"there are weather stations available world wide. However, local weather "
10920
"information for all locations outside the U.S. may not be available."
10921
msgstr ""
10922
10923
#: serverguide/C/other-apps.xml:81(para)
10924
msgid ""
10925
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
10926
"script to use <application>weather</application> with your local ICAO "
10927
"indicator:"
10928
msgstr ""
10929
10930
#: serverguide/C/other-apps.xml:86(programlisting)
10931
#, no-wrap
10932
msgid ""
10933
"\n"
10934
"#!/bin/sh\n"
10935
"#\n"
10936
"#\n"
10937
"# Prints the local weather information for the MOTD.\n"
10938
"#\n"
10939
"#\n"
10940
"\n"
10941
"# Replace KINT with your local weather station.\n"
10942
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
10943
"\n"
10944
"echo\n"
10945
"weather -i KINT\n"
10946
"echo\n"
10947
"\n"
10948
msgstr ""
10949
10950
#: serverguide/C/other-apps.xml:104(para)
10951
msgid "Make the script executable:"
10952
msgstr ""
10953
10954
#: serverguide/C/other-apps.xml:109(command)
10955
msgid "sudo chmod 755 /usr/local/bin/local-weather"
10956
msgstr ""
10957
10958
#: serverguide/C/other-apps.xml:113(para)
10959
msgid ""
10960
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
10961
"weather</filename>:"
10962
msgstr ""
10963
10964
#: serverguide/C/other-apps.xml:118(command)
10965
msgid ""
10966
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
10967
msgstr ""
10968
10969
#: serverguide/C/other-apps.xml:122(para)
10970
msgid "Finally, exit the server and re-login to view the new MOTD."
10971
msgstr ""
10972
10973
#: serverguide/C/other-apps.xml:128(para)
10974
msgid ""
10975
"You should now be greeted with some useful information, and some information "
10976
"about the local weather that may not be quite so useful. Hopefully the "
10977
"<application>local-weather</application> example demonstrates the "
10978
"flexibility of <application>pam_motd</application>."
10979
msgstr ""
10980
10981
#: serverguide/C/other-apps.xml:136(title)
10982
msgid "etckeeper"
10983
msgstr ""
10984
10985
#: serverguide/C/other-apps.xml:138(para)
10986
msgid ""
10987
"<application>etckeeper</application> allows the contents of <filename "
10988
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10989
"System (VCS) repository. It hooks into <application>apt</application> to "
10990
"automatically commit changes to <filename>/etc</filename> when packages are "
10991
"installed or upgraded. Placing <filename>/etc</filename> under version "
10992
"control is considered an industry best practice, and the goal of "
10993
"<application>etckeeper</application> is to make this process as painless as "
10994
"possible."
10995
msgstr ""
10996
10997
#: serverguide/C/other-apps.xml:146(para)
10998
msgid ""
10999
"Install <application>etckeeper</application> by entering the following in a "
11000
"terminal:"
11001
msgstr ""
11002
11003
#: serverguide/C/other-apps.xml:151(command)
11004
msgid "sudo apt-get install etckeeper"
11005
msgstr ""
11006
11007
#: serverguide/C/other-apps.xml:154(para)
11008
msgid ""
11009
"The main configuration file, "
11010
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11011
"main option is which VCS to use. By default "
11012
"<application>etckeeper</application> is configured to use "
11013
"<application>bzr</application> for version control. The repository is "
11014
"automatically initialized (and committed for the first time) during package "
11015
"installation. It is possible to undo this by entering the following command:"
11016
msgstr ""
11017
11018
#: serverguide/C/other-apps.xml:164(command)
11019
msgid "sudo etckeeper uninit"
11020
msgstr ""
11021
11022
#: serverguide/C/other-apps.xml:167(para)
11023
msgid ""
11024
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11025
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11026
"It will also automatically commit changes before and after package "
11027
"installation. For a more precise tracking of changes, it is recommended to "
11028
"commit your changes manually, together with a commit message, using:"
11029
msgstr ""
11030
11031
#: serverguide/C/other-apps.xml:176(command)
11032
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11033
msgstr ""
11034
11035
#: serverguide/C/other-apps.xml:179(para)
11036
msgid ""
11037
"Using the VCS commands you can view log information about files in "
11038
"<filename>/etc</filename>:"
11039
msgstr ""
11040
11041
#: serverguide/C/other-apps.xml:184(command)
11042
msgid "sudo bzr log /etc/passwd"
11043
msgstr ""
11044
11045
#: serverguide/C/other-apps.xml:187(para)
11046
msgid ""
11047
"To demonstrate the integration with the package management system, install "
11048
"<application>postfix</application>:"
11049
msgstr ""
11050
11051
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11052
msgid "sudo apt-get install postfix"
11053
msgstr ""
11054
11055
#: serverguide/C/other-apps.xml:195(para)
11056
msgid ""
11057
"When the installation is finished, all the "
11058
"<application>postfix</application> configuration files should be committed "
11059
"to the repository:"
11060
msgstr ""
11061
11062
#: serverguide/C/other-apps.xml:201(computeroutput)
11063
#, no-wrap
11064
msgid ""
11065
"Committing to: /etc/\n"
11066
"added aliases.db\n"
11067
"modified group\n"
11068
"modified group-\n"
11069
"modified gshadow\n"
11070
"modified gshadow-\n"
11071
"modified passwd\n"
11072
"modified passwd-\n"
11073
"added postfix\n"
11074
"added resolvconf\n"
11075
"added rsyslog.d\n"
11076
"modified shadow\n"
11077
"modified shadow-\n"
11078
"added init.d/postfix\n"
11079
"added network/if-down.d/postfix\n"
11080
"added network/if-up.d/postfix\n"
11081
"added postfix/dynamicmaps.cf\n"
11082
"added postfix/main.cf\n"
11083
"added postfix/master.cf\n"
11084
"added postfix/post-install\n"
11085
"added postfix/postfix-files\n"
11086
"added postfix/postfix-script\n"
11087
"added postfix/sasl\n"
11088
"added ppp/ip-down.d\n"
11089
"added ppp/ip-down.d/postfix\n"
11090
"added ppp/ip-up.d/postfix\n"
11091
"added rc0.d/K20postfix\n"
11092
"added rc1.d/K20postfix\n"
11093
"added rc2.d/S20postfix\n"
11094
"added rc3.d/S20postfix\n"
11095
"added rc4.d/S20postfix\n"
11096
"added rc5.d/S20postfix\n"
11097
"added rc6.d/K20postfix\n"
11098
"added resolvconf/update-libc.d\n"
11099
"added resolvconf/update-libc.d/postfix\n"
11100
"added rsyslog.d/postfix.conf\n"
11101
"added ufw/applications.d/postfix\n"
11102
"Committed revision 2."
11103
msgstr ""
11104
11105
#: serverguide/C/other-apps.xml:241(para)
11106
msgid ""
11107
"For an example of how <application>etckeeper</application> tracks manual "
11108
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11109
"<application>bzr</application> you can see which files have been modified:"
11110
msgstr ""
11111
11112
#: serverguide/C/other-apps.xml:247(command)
11113
msgid "sudo bzr status /etc/"
11114
msgstr ""
11115
11116
#: serverguide/C/other-apps.xml:248(computeroutput)
11117
#, no-wrap
11118
msgid ""
11119
"modified:\n"
11120
" hosts"
11121
msgstr ""
11122
11123
#: serverguide/C/other-apps.xml:252(para)
11124
msgid "Now commit the changes:"
11125
msgstr ""
11126
11127
#: serverguide/C/other-apps.xml:257(command)
11128
msgid "sudo etckeeper commit \"new host\""
11129
msgstr ""
11130
11131
#: serverguide/C/other-apps.xml:260(para)
11132
msgid ""
11133
"For more information on <application>bzr</application> see <xref "
11134
"linkend=\"bazaar\"/>."
11135
msgstr ""
11136
11137
#: serverguide/C/other-apps.xml:266(title)
11138
msgid "Byobu"
11139
msgstr ""
11140
11141
#: serverguide/C/other-apps.xml:268(para)
11142
msgid ""
11143
"One of the most useful applications for any system administrator is "
11144
"<application>screen</application>. It allows the execution of multiple "
11145
"shells in one terminal. To make some of the advanced "
11146
"<application>screen</application> features more user friendly, and provide "
11147
"some useful information about the system, the "
11148
"<application>byobu</application> package was created."
11149
msgstr ""
11150
11151
#: serverguide/C/other-apps.xml:275(para)
11152
msgid ""
11153
"When executing <application>byobu</application> pressing the "
11154
"<emphasis>F9</emphasis> key will bring up the "
11155
"<application>Configuration</application> menu. This menu will allow you to:"
11156
msgstr ""
11157
11158
#: serverguide/C/other-apps.xml:281(para)
11159
msgid "View the Help menu"
11160
msgstr ""
11161
11162
#: serverguide/C/other-apps.xml:282(para)
11163
msgid "Change Byobu's background color"
11164
msgstr ""
11165
11166
#: serverguide/C/other-apps.xml:283(para)
11167
msgid "Change Byobu's foreground color"
11168
msgstr ""
11169
11170
#: serverguide/C/other-apps.xml:284(para)
11171
msgid "Toggle status notifications"
11172
msgstr ""
11173
11174
#: serverguide/C/other-apps.xml:285(para)
11175
msgid "Change the key binding set"
11176
msgstr ""
11177
11178
#: serverguide/C/other-apps.xml:286(para)
11179
msgid "Change the escape sequence"
11180
msgstr ""
11181
11182
#: serverguide/C/other-apps.xml:287(para)
11183
msgid "Create new windows"
11184
msgstr ""
11185
11186
#: serverguide/C/other-apps.xml:288(para)
11187
msgid "Manage the default windows"
11188
msgstr ""
11189
11190
#: serverguide/C/other-apps.xml:289(para)
11191
msgid "Byobu currently does not launch at login (toggle on)"
11192
msgstr ""
11193
11194
#: serverguide/C/other-apps.xml:292(para)
11195
msgid ""
11196
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11197
"sequence, new window, change window, etc. There are two key binding sets to "
11198
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11199
"keys</emphasis>. If you wish to use the original key bindings choose the "
11200
"<emphasis>none</emphasis> set."
11201
msgstr ""
11202
11203
#: serverguide/C/other-apps.xml:298(para)
11204
msgid ""
11205
"<application>byobu</application> provides a menu which displays the Ubuntu "
11206
"release, processor information, memory information, and the time and date. "
11207
"The effect is similar to a desktop menu."
11208
msgstr ""
11209
11210
#: serverguide/C/other-apps.xml:303(para)
11211
msgid ""
11212
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11213
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11214
"executed any time a terminal is opened. Changes made to "
11215
"<application>byobu</application> are on a per user basis, and will not "
11216
"affect other users on the system."
11217
msgstr ""
11218
11219
#: serverguide/C/other-apps.xml:309(para)
11220
msgid ""
11221
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11222
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11223
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11224
"commands. Here is a quick list of movement commands:"
11225
msgstr ""
11226
11227
#: serverguide/C/other-apps.xml:316(para)
11228
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11229
msgstr ""
11230
11231
#: serverguide/C/other-apps.xml:317(para)
11232
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11233
msgstr ""
11234
11235
#: serverguide/C/other-apps.xml:318(para)
11236
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11237
msgstr ""
11238
11239
#: serverguide/C/other-apps.xml:319(para)
11240
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11241
msgstr ""
11242
11243
#: serverguide/C/other-apps.xml:320(para)
11244
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11245
msgstr ""
11246
11247
#: serverguide/C/other-apps.xml:321(para)
11248
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11249
msgstr ""
11250
11251
#: serverguide/C/other-apps.xml:322(para)
11252
msgid ""
11253
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11254
"the buffer)"
11255
msgstr ""
11256
11257
#: serverguide/C/other-apps.xml:323(para)
11258
msgid "<emphasis>/</emphasis> - Search forward"
11259
msgstr ""
11260
11261
#: serverguide/C/other-apps.xml:324(para)
11262
msgid "<emphasis>?</emphasis> - Search backward"
11263
msgstr ""
11264
11265
#: serverguide/C/other-apps.xml:325(para)
11266
msgid ""
11267
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11268
msgstr ""
11269
11270
#: serverguide/C/other-apps.xml:334(para)
11271
msgid ""
11272
"See the <ulink "
11273
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11274
"motd.1.html\">update-motd man page</ulink> for more options available to "
11275
"<application>update-motd</application>."
11276
msgstr ""
11277
11278
#: serverguide/C/other-apps.xml:340(para)
11279
msgid ""
11280
"The Debian Package of the Day <ulink "
11281
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11282
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11283
"details about using the <application>weather</application>utility."
11284
msgstr ""
11285
11286
#: serverguide/C/other-apps.xml:347(para)
11287
msgid ""
11288
"See the <ulink "
11289
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11290
"more details on using <application>etckeeper</application>."
11291
msgstr ""
11292
11293
#: serverguide/C/other-apps.xml:353(para)
11294
msgid ""
11295
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11296
"Ubuntu Wiki</ulink> page."
11297
msgstr ""
11298
11299
#: serverguide/C/other-apps.xml:358(para)
11300
msgid ""
11301
"For the latest news and information about <application>bzr</application> see "
11302
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11303
msgstr ""
11304
11305
#: serverguide/C/other-apps.xml:363(para)
11306
msgid ""
11307
"For more information on <application>screen</application> see the <ulink "
11308
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11309
msgstr ""
11310
11311
#: serverguide/C/other-apps.xml:368(para)
11312
msgid ""
11313
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11314
"screen</ulink> page."
11315
msgstr ""
11316
11317
#: serverguide/C/other-apps.xml:373(para)
11318
msgid ""
11319
"Also, see the <application>byobu</application><ulink "
11320
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11321
"information."
11322
msgstr ""
11323
11324
#: serverguide/C/network-config.xml:14(para)
11325
msgid ""
11326
"Networks consist of two or more devices, such as computer systems, printers, "
11327
"and related equipment which are connected by either physical cabling or "
11328
"wireless links for the purpose of sharing and distributing information among "
11329
"the connected devices."
11330
msgstr ""
11331
11332
#: serverguide/C/network-config.xml:20(para)
11333
msgid ""
11334
"This section provides general and specific information pertaining to "
11335
"networking, including an overview of network concepts and detailed "
11336
"discussion of popular network protocols."
11337
msgstr ""
11338
11339
#: serverguide/C/network-config.xml:27(title)
11340
msgid "Network Configuration"
11341
msgstr ""
11342
11343
#: serverguide/C/network-config.xml:28(para)
11344
msgid ""
11345
"Ubuntu ships with a number of graphical utilities to configure your network "
11346
"devices. This document is geared toward server administrators and will focus "
11347
"on managing your network on the command line."
11348
msgstr ""
11349
11350
#: serverguide/C/network-config.xml:35(title)
11351
msgid "Ethernet Interfaces"
11352
msgstr ""
11353
11354
#: serverguide/C/network-config.xml:36(para)
11355
msgid ""
11356
"Ethernet interfaces are identified by the system using the naming convention "
11357
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11358
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11359
"interface is typically identified as <emphasis "
11360
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11361
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11362
"order."
11363
msgstr ""
11364
11365
#: serverguide/C/network-config.xml:46(title)
11366
msgid "Identify Ethernet Interfaces"
11367
msgstr ""
11368
11369
#: serverguide/C/network-config.xml:47(para)
11370
msgid ""
11371
"To quickly identify all available Ethernet interfaces, you can use the "
11372
"<application>ifconfig</application> command as shown below."
11373
msgstr ""
11374
11375
#: serverguide/C/network-config.xml:52(userinput)
11376
#, no-wrap
11377
msgid "ifconfig -a | grep eth"
11378
msgstr ""
11379
11380
#: serverguide/C/network-config.xml:51(screen)
11381
#, no-wrap
11382
msgid ""
11383
"\n"
11384
"<placeholder-1/>\n"
11385
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11386
msgstr ""
11387
11388
#: serverguide/C/network-config.xml:55(para)
11389
msgid ""
11390
"Another application that can help identify all network interfaces available "
11391
"to your system is the <application>lshw</application> command. In the "
11392
"example below, <application>lshw</application> shows a single Ethernet "
11393
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11394
"along with bus information, driver details and all supported capabilities."
11395
msgstr ""
11396
11397
#: serverguide/C/network-config.xml:62(userinput)
11398
#, no-wrap
11399
msgid "sudo lshw -class network"
11400
msgstr ""
11401
11402
#: serverguide/C/network-config.xml:61(screen)
11403
#, no-wrap
11404
msgid ""
11405
"\n"
11406
"<placeholder-1/>\n"
11407
" *-network\n"
11408
" description: Ethernet interface\n"
11409
" product: BCM4401-B0 100Base-TX\n"
11410
" vendor: Broadcom Corporation\n"
11411
" physical id: 0\n"
11412
" bus info: pci@0000:03:00.0\n"
11413
" logical name: eth0\n"
11414
" version: 02\n"
11415
" serial: 00:15:c5:4a:16:5a\n"
11416
" size: 10MB/s\n"
11417
" capacity: 100MB/s\n"
11418
" width: 32 bits\n"
11419
" clock: 33MHz\n"
11420
" capabilities: (snipped for brevity)\n"
11421
" configuration: (snipped for brevity)\n"
11422
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11423
msgstr ""
11424
11425
#: serverguide/C/network-config.xml:83(title)
11426
msgid "Ethernet Interface Logical Names"
11427
msgstr ""
11428
11429
#: serverguide/C/network-config.xml:84(para)
11430
msgid ""
11431
"Interface logical names are configured in the file "
11432
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11433
"like control which interface receives a particular logical name, find the "
11434
"line matching the interfaces physical MAC address and modify the value of "
11435
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11436
"Reboot the system to commit your changes."
11437
msgstr ""
11438
11439
#: serverguide/C/network-config.xml:92(programlisting)
11440
#, no-wrap
11441
msgid ""
11442
"\n"
11443
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11444
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11445
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11446
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11447
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11448
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11449
msgstr ""
11450
11451
#: serverguide/C/network-config.xml:99(title)
11452
msgid "Ethernet Interface Settings"
11453
msgstr ""
11454
11455
#: serverguide/C/network-config.xml:100(para)
11456
msgid ""
11457
"<application>ethtool</application> is a program that displays and changes "
11458
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11459
"and Wake-on-LAN. It is not installed by default, but is available for "
11460
"installation in the repositories."
11461
msgstr ""
11462
11463
#: serverguide/C/network-config.xml:106(userinput)
11464
#, no-wrap
11465
msgid "sudo apt-get install ethtool"
11466
msgstr ""
11467
11468
#: serverguide/C/network-config.xml:108(para)
11469
msgid ""
11470
"The following is an example of how to view supported features and configured "
11471
"settings of an Ethernet interface."
11472
msgstr ""
11473
11474
#: serverguide/C/network-config.xml:113(userinput)
11475
#, no-wrap
11476
msgid "sudo ethtool eth0"
11477
msgstr ""
11478
11479
#: serverguide/C/network-config.xml:112(screen)
11480
#, no-wrap
11481
msgid ""
11482
"\n"
11483
"<placeholder-1/>\n"
11484
"Settings for eth0:\n"
11485
" Supported ports: [ TP ]\n"
11486
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11487
" 100baseT/Half 100baseT/Full \n"
11488
" 1000baseT/Half 1000baseT/Full \n"
11489
" Supports auto-negotiation: Yes\n"
11490
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11491
" 100baseT/Half 100baseT/Full \n"
11492
" 1000baseT/Half 1000baseT/Full \n"
11493
" Advertised auto-negotiation: Yes\n"
11494
" Speed: 1000Mb/s\n"
11495
" Duplex: Full\n"
11496
" Port: Twisted Pair\n"
11497
" PHYAD: 1\n"
11498
" Transceiver: internal\n"
11499
" Auto-negotiation: on\n"
11500
" Supports Wake-on: g\n"
11501
" Wake-on: d\n"
11502
" Current message level: 0x000000ff (255)\n"
11503
" Link detected: yes\n"
11504
msgstr ""
11505
11506
#: serverguide/C/network-config.xml:135(para)
11507
msgid ""
11508
"Changes made with the <application>ethtool</application> command are "
11509
"temporary and will be lost after a reboot. If you would like to retain "
11510
"settings, simply add the desired <application>ethtool</application> command "
11511
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11512
"configuration file <filename>/etc/network/interfaces</filename>."
11513
msgstr ""
11514
11515
#: serverguide/C/network-config.xml:141(para)
11516
msgid ""
11517
"The following is an example of how the interface identified as <emphasis "
11518
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11519
"speed of 1000Mb/s running in full duplex mode."
11520
msgstr ""
11521
11522
#: serverguide/C/network-config.xml:145(programlisting)
11523
#, no-wrap
11524
msgid ""
11525
"\n"
11526
"auto eth0\n"
11527
"iface eth0 inet static\n"
11528
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11529
msgstr ""
11530
11531
#: serverguide/C/network-config.xml:151(para)
11532
msgid ""
11533
"Although the example above shows the interface configured to use the "
11534
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11535
"other methods as well, such as DHCP. The example is meant to demonstrate "
11536
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11537
"statement in relation to the rest of the interface configuration."
11538
msgstr ""
11539
11540
#: serverguide/C/network-config.xml:163(title)
11541
msgid "IP Addressing"
11542
msgstr ""
11543
11544
#: serverguide/C/network-config.xml:164(para)
11545
msgid ""
11546
"The following section describes the process of configuring your systems IP "
11547
"address and default gateway needed for communicating on a local area network "
11548
"and the Internet."
11549
msgstr ""
11550
11551
#: serverguide/C/network-config.xml:171(title)
11552
msgid "Temporary IP Address Assignment"
11553
msgstr ""
11554
11555
#: serverguide/C/network-config.xml:172(para)
11556
msgid ""
11557
"For temporary network configurations, you can use standard commands such as "
11558
"<application>ip</application>, <application>ifconfig</application> and "
11559
"<application>route</application>, which are also found on most other "
11560
"GNU/Linux operating systems. These commands allow you to configure settings "
11561
"which take effect immediately, however they are not persistent and will be "
11562
"lost after a reboot."
11563
msgstr ""
11564
11565
#: serverguide/C/network-config.xml:180(para)
11566
msgid ""
11567
"To temporarily configure an IP address, you can use the "
11568
"<application>ifconfig</application> command in the following manner. Just "
11569
"modify the IP address and subnet mask to match your network requirements."
11570
msgstr ""
11571
11572
#: serverguide/C/network-config.xml:186(userinput)
11573
#, no-wrap
11574
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11575
msgstr ""
11576
11577
#: serverguide/C/network-config.xml:188(para)
11578
msgid ""
11579
"To verify the IP address configuration of <application>eth0</application>, "
11580
"you can use the <application>ifconfig</application> command in the following "
11581
"manner."
11582
msgstr ""
11583
11584
#: serverguide/C/network-config.xml:193(userinput)
11585
#, no-wrap
11586
msgid "ifconfig eth0"
11587
msgstr ""
11588
11589
#: serverguide/C/network-config.xml:192(screen)
11590
#, no-wrap
11591
msgid ""
11592
"\n"
11593
"<placeholder-1/>\n"
11594
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11595
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11596
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11597
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11598
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11599
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11600
" collisions:0 txqueuelen:1000 \n"
11601
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11602
" Interrupt:16 \n"
11603
msgstr ""
11604
11605
#: serverguide/C/network-config.xml:204(para)
11606
msgid ""
11607
"To configure a default gateway, you can use the "
11608
"<application>route</application> command in the following manner. Modify the "
11609
"default gateway address to match your network requirements."
11610
msgstr ""
11611
11612
#: serverguide/C/network-config.xml:210(userinput)
11613
#, no-wrap
11614
msgid "sudo route add default gw 10.0.0.1 eth0"
11615
msgstr ""
11616
11617
#: serverguide/C/network-config.xml:212(para)
11618
msgid ""
11619
"To verify your default gateway configuration, you can use the "
11620
"<application>route</application> command in the following manner."
11621
msgstr ""
11622
11623
#: serverguide/C/network-config.xml:217(userinput)
11624
#, no-wrap
11625
msgid "route -n"
11626
msgstr ""
11627
11628
#: serverguide/C/network-config.xml:216(screen)
11629
#, no-wrap
11630
msgid ""
11631
"\n"
11632
"<placeholder-1/>\n"
11633
"Kernel IP routing table\n"
11634
"Destination Gateway Genmask Flags Metric Ref Use "
11635
"Iface\n"
11636
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11637
"eth0\n"
11638
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11639
"eth0\n"
11640
msgstr ""
11641
11642
#: serverguide/C/network-config.xml:223(para)
11643
msgid ""
11644
"If you require DNS for your temporary network configuration, you can add DNS "
11645
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11646
"example below shows how to enter two DNS servers to "
11647
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11648
"appropriate for your network. A more lengthy description of DNS client "
11649
"configuration is in a following section."
11650
msgstr ""
11651
11652
#: serverguide/C/network-config.xml:230(programlisting)
11653
#, no-wrap
11654
msgid ""
11655
"\n"
11656
"nameserver 8.8.8.8\n"
11657
"nameserver 8.8.4.4\n"
11658
msgstr ""
11659
11660
#: serverguide/C/network-config.xml:234(para)
11661
msgid ""
11662
"If you no longer need this configuration and wish to purge all IP "
11663
"configuration from an interface, you can use the "
11664
"<application>ip</application> command with the flush option as shown below."
11665
msgstr ""
11666
11667
#: serverguide/C/network-config.xml:240(userinput)
11668
#, no-wrap
11669
msgid "ip addr flush eth0"
11670
msgstr ""
11671
11672
#: serverguide/C/network-config.xml:243(para)
11673
msgid ""
11674
"Flushing the IP configuration using the <application>ip</application> "
11675
"command does not clear the contents of "
11676
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11677
"entries manually."
11678
msgstr ""
11679
11680
#: serverguide/C/network-config.xml:251(title)
11681
msgid "Dynamic IP Address Assignment (DHCP Client)"
11682
msgstr ""
11683
11684
#: serverguide/C/network-config.xml:252(para)
11685
msgid ""
11686
"To configure your server to use DHCP for dynamic address assignment, add the "
11687
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11688
"statement for the appropriate interface in the file "
11689
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11690
"are configuring your first Ethernet interface identified as <emphasis "
11691
"role=\"italic\">eth0</emphasis>."
11692
msgstr ""
11693
11694
#: serverguide/C/network-config.xml:259(programlisting)
11695
#, no-wrap
11696
msgid ""
11697
"\n"
11698
"auto eth0\n"
11699
"iface eth0 inet dhcp\n"
11700
msgstr ""
11701
11702
#: serverguide/C/network-config.xml:263(para)
11703
msgid ""
11704
"By adding an interface configuration as shown above, you can manually enable "
11705
"the interface through the <application>ifup</application> command which "
11706
"initiates the DHCP process via <application>dhclient</application>."
11707
msgstr ""
11708
11709
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11710
#, no-wrap
11711
msgid "sudo ifup eth0"
11712
msgstr ""
11713
11714
#: serverguide/C/network-config.xml:271(para)
11715
msgid ""
11716
"To manually disable the interface, you can use the "
11717
"<application>ifdown</application> command, which in turn will initiate the "
11718
"DHCP release process and shut down the interface."
11719
msgstr ""
11720
11721
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11722
#, no-wrap
11723
msgid "sudo ifdown eth0"
11724
msgstr ""
11725
11726
#: serverguide/C/network-config.xml:282(title)
11727
msgid "Static IP Address Assignment"
11728
msgstr ""
11729
11730
#: serverguide/C/network-config.xml:283(para)
11731
msgid ""
11732
"To configure your system to use a static IP address assignment, add the "
11733
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11734
"family statement for the appropriate interface in the file "
11735
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11736
"are configuring your first Ethernet interface identified as <emphasis "
11737
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11738
"role=\"italic\">address</emphasis>, <emphasis "
11739
"role=\"italic\">netmask</emphasis>, and <emphasis "
11740
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11741
"network."
11742
msgstr ""
11743
11744
#: serverguide/C/network-config.xml:292(programlisting)
11745
#, no-wrap
11746
msgid ""
11747
"\n"
11748
"auto eth0\n"
11749
"iface eth0 inet static\n"
11750
"address 10.0.0.100\n"
11751
"netmask 255.255.255.0\n"
11752
"gateway 10.0.0.1\n"
11753
msgstr ""
11754
11755
#: serverguide/C/network-config.xml:299(para)
11756
msgid ""
11757
"By adding an interface configuration as shown above, you can manually enable "
11758
"the interface through the <application>ifup</application> command."
11759
msgstr ""
11760
11761
#: serverguide/C/network-config.xml:306(para)
11762
msgid ""
11763
"To manually disable the interface, you can use the "
11764
"<application>ifdown</application> command."
11765
msgstr ""
11766
11767
#: serverguide/C/network-config.xml:316(title)
11768
msgid "Loopback Interface"
11769
msgstr ""
11770
11771
#: serverguide/C/network-config.xml:317(para)
11772
msgid ""
11773
"The loopback interface is identified by the system as <emphasis "
11774
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11775
"can be viewed using the ifconfig command."
11776
msgstr ""
11777
11778
#: serverguide/C/network-config.xml:322(userinput)
11779
#, no-wrap
11780
msgid "ifconfig lo"
11781
msgstr ""
11782
11783
#: serverguide/C/network-config.xml:321(screen)
11784
#, no-wrap
11785
msgid ""
11786
"\n"
11787
"<placeholder-1/>\n"
11788
"lo Link encap:Local Loopback \n"
11789
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11790
" inet6 addr: ::1/128 Scope:Host\n"
11791
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11792
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11793
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11794
" collisions:0 txqueuelen:0 \n"
11795
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11796
msgstr ""
11797
11798
#: serverguide/C/network-config.xml:332(para)
11799
msgid ""
11800
"By default, there should be two lines in "
11801
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11802
"configuring your loopback interface. It is recommended that you keep the "
11803
"default settings unless you have a specific purpose for changing them. An "
11804
"example of the two default lines are shown below."
11805
msgstr ""
11806
11807
#: serverguide/C/network-config.xml:338(programlisting)
11808
#, no-wrap
11809
msgid ""
11810
"\n"
11811
"auto lo\n"
11812
"iface lo inet loopback\n"
11813
msgstr ""
11814
11815
#: serverguide/C/network-config.xml:347(title)
11816
msgid "Name Resolution"
11817
msgstr ""
11818
11819
#: serverguide/C/network-config.xml:348(para)
11820
msgid ""
11821
"Name resolution as it relates to IP networking is the process of mapping IP "
11822
"addresses to hostnames, making it easier to identify resources on a network. "
11823
"The following section will explain how to properly configure your system for "
11824
"name resolution using DNS and static hostname records."
11825
msgstr ""
11826
11827
#: serverguide/C/network-config.xml:356(title)
11828
msgid "DNS Client Configuration"
11829
msgstr ""
11830
11831
#: serverguide/C/network-config.xml:357(para)
11832
msgid ""
11833
"To configure your system to use DNS for name resolution, add the IP "
11834
"addresses of the DNS servers that are appropriate for your network in the "
11835
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11836
"suffix search-lists to match your network domain names."
11837
msgstr ""
11838
11839
#: serverguide/C/network-config.xml:362(para)
11840
msgid ""
11841
"Below is an example of a typical configuration of "
11842
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11843
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11844
msgstr ""
11845
11846
#: serverguide/C/network-config.xml:367(programlisting)
11847
#, no-wrap
11848
msgid ""
11849
"\n"
11850
"search example.com\n"
11851
"nameserver 8.8.8.8\n"
11852
"nameserver 8.8.4.4\n"
11853
msgstr ""
11854
11855
#: serverguide/C/network-config.xml:372(para)
11856
msgid ""
11857
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11858
"multiple domain names so that DNS queries will be appended in the order in "
11859
"which they are entered. For example, your network may have multiple sub-"
11860
"domains to search; a parent domain of <emphasis "
11861
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11862
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11863
"role=\"italic\">dev.example.com</emphasis>."
11864
msgstr ""
11865
11866
#: serverguide/C/network-config.xml:380(para)
11867
msgid ""
11868
"If you have multiple domains you wish to search, your configuration might "
11869
"look like the following."
11870
msgstr ""
11871
11872
#: serverguide/C/network-config.xml:383(programlisting)
11873
#, no-wrap
11874
msgid ""
11875
"\n"
11876
"search example.com sales.example.com dev.example.com\n"
11877
"nameserver 8.8.8.8\n"
11878
"nameserver 8.8.4.4\n"
11879
msgstr ""
11880
11881
#: serverguide/C/network-config.xml:388(para)
11882
msgid ""
11883
"If you try to ping a host with the name of <emphasis "
11884
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11885
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11886
msgstr ""
11887
11888
#: serverguide/C/network-config.xml:394(para)
11889
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11890
msgstr ""
11891
11892
#: serverguide/C/network-config.xml:399(para)
11893
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11894
msgstr ""
11895
11896
#: serverguide/C/network-config.xml:404(para)
11897
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11898
msgstr ""
11899
11900
#: serverguide/C/network-config.xml:409(para)
11901
msgid ""
11902
"If no matches are found, the DNS server will provide a result of <emphasis "
11903
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11904
msgstr ""
11905
11906
#: serverguide/C/network-config.xml:416(title)
11907
msgid "Static Hostnames"
11908
msgstr ""
11909
11910
#: serverguide/C/network-config.xml:417(para)
11911
msgid ""
11912
"Static hostnames are locally defined hostname-to-IP mappings located in the "
11913
"file <filename>/etc/hosts</filename>. Entries in the "
11914
"<filename>hosts</filename> file will have precedence over DNS by default. "
11915
"This means that if your system tries to resolve a hostname and it matches an "
11916
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
11917
"some configurations, especially when Internet access is not required, "
11918
"servers that communicate with a limited number of resources can be "
11919
"conveniently set to use static hostnames instead of DNS."
11920
msgstr ""
11921
11922
#: serverguide/C/network-config.xml:424(para)
11923
msgid ""
11924
"The following is an example of a <filename>hosts</filename> file where a "
11925
"number of local servers have been identified by simple hostnames, aliases "
11926
"and their equivalent Fully Qualified Domain Names (FQDN's)."
11927
msgstr ""
11928
11929
#: serverguide/C/network-config.xml:428(programlisting)
11930
#, no-wrap
11931
msgid ""
11932
"\n"
11933
"127.0.0.1\tlocalhost\n"
11934
"127.0.1.1\tubuntu-server\n"
11935
"10.0.0.11\tserver1 vpn server1.example.com\n"
11936
"10.0.0.12\tserver2 mail server2.example.com\n"
11937
"10.0.0.13\tserver3 www server3.example.com\n"
11938
"10.0.0.14\tserver4 file server4.example.com\n"
11939
msgstr ""
11940
11941
#: serverguide/C/network-config.xml:437(para)
11942
msgid ""
11943
"In the above example, notice that each of the servers have been given "
11944
"aliases in addition to their proper names and FQDN's. <emphasis "
11945
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
11946
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
11947
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
11948
"role=\"italic\">server3</emphasis> as <emphasis "
11949
"role=\"italic\">www</emphasis>, and <emphasis "
11950
"role=\"italic\">server4</emphasis> as <emphasis "
11951
"role=\"italic\">file</emphasis>."
11952
msgstr ""
11953
11954
#: serverguide/C/network-config.xml:449(title)
11955
msgid "Name Service Switch Configuration"
11956
msgstr ""
11957
11958
#: serverguide/C/network-config.xml:450(para)
11959
msgid ""
11960
"The order in which your system selects a method of resolving hostnames to IP "
11961
"addresses is controlled by the Name Service Switch (NSS) configuration file "
11962
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
11963
"section, typically static hostnames defined in the systems "
11964
"<filename>/etc/hosts</filename> file have precedence over names resolved "
11965
"from DNS. The following is an example of the line responsible for this order "
11966
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
11967
msgstr ""
11968
11969
#: serverguide/C/network-config.xml:458(programlisting)
11970
#, no-wrap
11971
msgid ""
11972
"\n"
11973
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
11974
msgstr ""
11975
11976
#: serverguide/C/network-config.xml:464(para)
11977
msgid ""
11978
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
11979
"hostnames located in <filename>/etc/hosts</filename>."
11980
msgstr ""
11981
11982
#: serverguide/C/network-config.xml:470(para)
11983
msgid ""
11984
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
11985
"name using Multicast DNS."
11986
msgstr ""
11987
11988
#: serverguide/C/network-config.xml:475(para)
11989
msgid ""
11990
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
11991
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
11992
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
11993
"authoritative and that the system should not try to continue hunting for an "
11994
"answer."
11995
msgstr ""
11996
11997
#: serverguide/C/network-config.xml:483(para)
11998
msgid ""
11999
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12000
msgstr ""
12001
12002
#: serverguide/C/network-config.xml:488(para)
12003
msgid ""
12004
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12005
msgstr ""
12006
12007
#: serverguide/C/network-config.xml:494(para)
12008
msgid ""
12009
"To modify the order of the above mentioned name resolution methods, you can "
12010
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12011
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12012
"versus Multicast DNS, you can change the string in "
12013
"<filename>/etc/nsswitch.conf</filename> as shown below."
12014
msgstr ""
12015
12016
#: serverguide/C/network-config.xml:501(programlisting)
12017
#, no-wrap
12018
msgid ""
12019
"\n"
12020
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12021
msgstr ""
12022
12023
#: serverguide/C/network-config.xml:508(title)
12024
msgid "Bridging"
12025
msgstr ""
12026
12027
#: serverguide/C/network-config.xml:510(para)
12028
msgid ""
12029
"Bridging multiple interfaces is a more advanced configuration, but is very "
12030
"useful in multiple scenarios. One scenario is setting up a bridge with "
12031
"multiple network interfaces, then using a firewall to filter traffic between "
12032
"two network segments. Another scenario is using bridge on a system with one "
12033
"interface to allow virtual machines direct access to the outside network. "
12034
"The following example covers the latter scenario."
12035
msgstr ""
12036
12037
#: serverguide/C/network-config.xml:517(para)
12038
msgid ""
12039
"Before configuring a bridge you will need to install the <application>bridge-"
12040
"utils</application> package. To install the package, in a terminal enter:"
12041
msgstr ""
12042
12043
#: serverguide/C/network-config.xml:523(command)
12044
msgid "sudo apt-get install bridge-utils"
12045
msgstr ""
12046
12047
#: serverguide/C/network-config.xml:526(para)
12048
msgid ""
12049
"Next, configure the bridge by editing "
12050
"<filename>/etc/network/interfaces</filename>:"
12051
msgstr ""
12052
12053
#: serverguide/C/network-config.xml:530(programlisting)
12054
#, no-wrap
12055
msgid ""
12056
"\n"
12057
"auto lo\n"
12058
"iface lo inet loopback\n"
12059
"\n"
12060
"auto br0\n"
12061
"iface br0 inet static\n"
12062
" address 192.168.0.10\n"
12063
" network 192.168.0.0\n"
12064
" netmask 255.255.255.0\n"
12065
" broadcast 192.168.0.255\n"
12066
" gateway 192.168.0.1\n"
12067
" bridge_ports eth0\n"
12068
" bridge_fd 9\n"
12069
" bridge_hello 2\n"
12070
" bridge_maxage 12\n"
12071
" bridge_stp off\n"
12072
msgstr ""
12073
12074
#: serverguide/C/network-config.xml:549(para)
12075
msgid "Enter the appropriate values for your physical interface and network."
12076
msgstr ""
12077
12078
#: serverguide/C/network-config.xml:554(para)
12079
msgid "Now restart networking to enable the bridge interface:"
12080
msgstr ""
12081
12082
#: serverguide/C/network-config.xml:561(para)
12083
msgid ""
12084
"The new bridge interface should now be up and running. The "
12085
"<application>brctl</application> provides useful information about the state "
12086
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12087
"<command>man brctl</command> for more information."
12088
msgstr ""
12089
12090
#: serverguide/C/network-config.xml:577(para)
12091
msgid ""
12092
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12093
"Network page</ulink> has links to articles covering more advanced network "
12094
"configuration."
12095
msgstr ""
12096
12097
#: serverguide/C/network-config.xml:583(para)
12098
msgid ""
12099
"The <ulink "
12100
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12101
"\">interfaces man page</ulink> has details on more options for "
12102
"<filename>/etc/network/interfaces</filename>."
12103
msgstr ""
12104
12105
#: serverguide/C/network-config.xml:589(para)
12106
msgid ""
12107
"The <ulink "
12108
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12109
"dhclient man page</ulink> has details on more options for configuring DHCP "
12110
"client settings."
12111
msgstr ""
12112
12113
#: serverguide/C/network-config.xml:595(para)
12114
msgid ""
12115
"For more information on DNS client configuration see the <ulink "
12116
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12117
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12118
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12119
"Administrator's Guide</ulink> is a good source of resolver and name service "
12120
"configuration information."
12121
msgstr ""
12122
12123
#: serverguide/C/network-config.xml:603(para)
12124
msgid ""
12125
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12126
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12127
"tl man page</ulink> and the Linux Foundation's <ulink "
12128
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12129
msgstr ""
12130
12131
#: serverguide/C/network-config.xml:614(title)
12132
msgid "TCP/IP"
12133
msgstr ""
12134
12135
#: serverguide/C/network-config.xml:615(para)
12136
msgid ""
12137
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12138
"standard set of protocols developed in the late 1970s by the Defense "
12139
"Advanced Research Projects Agency (DARPA) as a means of communication "
12140
"between different types of computers and computer networks. TCP/IP is the "
12141
"driving force of the Internet, and thus it is the most popular set of "
12142
"network protocols on Earth."
12143
msgstr ""
12144
12145
#: serverguide/C/network-config.xml:623(title)
12146
msgid "TCP/IP Introduction"
12147
msgstr ""
12148
12149
#: serverguide/C/network-config.xml:624(para)
12150
msgid ""
12151
"The two protocol components of TCP/IP deal with different aspects of "
12152
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12153
"TCP/IP is a connectionless protocol which deals only with network packet "
12154
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12155
"basic unit of networking information. The IP Datagram consists of a header "
12156
"followed by a message. The <emphasis> Transmission Control "
12157
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12158
"establish connections which may be used to exchange data streams. TCP also "
12159
"guarantees that the data between connections is delivered and that it "
12160
"arrives at one network host in the same order as sent from another network "
12161
"host."
12162
msgstr ""
12163
12164
#: serverguide/C/network-config.xml:637(title)
12165
msgid "TCP/IP Configuration"
12166
msgstr ""
12167
12168
#: serverguide/C/network-config.xml:638(para)
12169
msgid ""
12170
"The TCP/IP protocol configuration consists of several elements which must be "
12171
"set by editing the appropriate configuration files, or deploying solutions "
12172
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12173
"can be configured to provide the proper TCP/IP configuration settings to "
12174
"network clients automatically. These configuration values must be set "
12175
"correctly in order to facilitate the proper network operation of your Ubuntu "
12176
"system."
12177
msgstr ""
12178
12179
#: serverguide/C/network-config.xml:650(para)
12180
msgid ""
12181
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12182
"identifying string expressed as four decimal numbers ranging from zero (0) "
12183
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12184
"four numbers representing eight (8) bits of the address for a total length "
12185
"of thirty-two (32) bits for the whole address. This format is called "
12186
"<emphasis>dotted quad notation</emphasis>."
12187
msgstr ""
12188
12189
#: serverguide/C/network-config.xml:660(para)
12190
msgid ""
12191
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12192
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12193
"separate the portions of an IP address significant to the network from the "
12194
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12195
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12196
"three bytes of the IP address and allows the last byte of the IP address to "
12197
"remain available for specifying hosts on the subnetwork."
12198
msgstr ""
12199
12200
#: serverguide/C/network-config.xml:671(para)
12201
msgid ""
12202
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12203
"represents the bytes comprising the network portion of an IP address. For "
12204
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12205
"network address, where twelve (12) represents the first byte of the IP "
12206
"address, (the network part) and zeroes (0) in all of the remaining three "
12207
"bytes to represent the potential host values. A network host using the "
12208
"private IP address 192.168.1.100 would in turn use a Network Address of "
12209
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12210
"network and a zero (0) for all the possible hosts on the network."
12211
msgstr ""
12212
12213
#: serverguide/C/network-config.xml:684(para)
12214
msgid ""
12215
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12216
"is an IP address which allows network data to be sent simultaneously to all "
12217
"hosts on a given subnetwork rather than specifying a particular host. The "
12218
"standard general broadcast address for IP networks is 255.255.255.255, but "
12219
"this broadcast address cannot be used to send a broadcast message to every "
12220
"host on the Internet because routers block it. A more appropriate broadcast "
12221
"address is set to match a specific subnetwork. For example, on the private "
12222
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12223
"Broadcast messages are typically produced by network protocols such as the "
12224
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12225
msgstr ""
12226
12227
#: serverguide/C/network-config.xml:697(para)
12228
msgid ""
12229
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12230
"IP address through which a particular network, or host on a network, may be "
12231
"reached. If one network host wishes to communicate with another network "
12232
"host, and that host is not located on the same network, then a "
12233
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12234
"Address will be that of a router on the same network, which will in turn "
12235
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12236
"value of the Gateway Address setting must be correct, or your system will "
12237
"not be able to reach any hosts beyond those on the same network."
12238
msgstr ""
12239
12240
#: serverguide/C/network-config.xml:708(para)
12241
msgid ""
12242
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12243
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12244
"resolve network hostnames into IP addresses. There are three levels of "
12245
"Nameserver Addresses, which may be specified in order of precedence: The "
12246
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12247
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12248
"your system to be able to resolve network hostnames into their corresponding "
12249
"IP addresses, you must specify valid Nameserver Addresses which you are "
12250
"authorized to use in your system's TCP/IP configuration. In many cases these "
12251
"addresses can and will be provided by your network service provider, but "
12252
"many free and publicly accessible nameservers are available for use, such as "
12253
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12254
msgstr ""
12255
12256
#: serverguide/C/network-config.xml:722(para)
12257
msgid ""
12258
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12259
"Address are typically specified via the appropriate directives in the file "
12260
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12261
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12262
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12263
"system manual page for <filename>interfaces</filename> or "
12264
"<filename>resolv.conf</filename> respectively, with the following commands "
12265
"typed at a terminal prompt:"
12266
msgstr ""
12267
12268
#: serverguide/C/network-config.xml:729(para)
12269
msgid ""
12270
"Access the system manual page for <filename>interfaces</filename> with the "
12271
"following command:"
12272
msgstr ""
12273
12274
#: serverguide/C/network-config.xml:734(command)
12275
msgid "man interfaces"
12276
msgstr ""
12277
12278
#: serverguide/C/network-config.xml:737(para)
12279
msgid ""
12280
"Access the system manual page for <filename>resolv.conf</filename> with the "
12281
"following command:"
12282
msgstr ""
12283
12284
#: serverguide/C/network-config.xml:741(command)
12285
msgid "man resolv.conf"
12286
msgstr ""
12287
12288
#: serverguide/C/network-config.xml:646(para)
12289
msgid ""
12290
"The common configuration elements of TCP/IP and their purposes are as "
12291
"follows: <placeholder-1/>"
12292
msgstr ""
12293
12294
#: serverguide/C/network-config.xml:748(title)
12295
msgid "IP Routing"
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:749(para)
12299
msgid ""
12300
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12301
"network along which network data may be sent. Routing uses a set of "
12302
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12303
"packets from their source to the destination, often via many intermediary "
12304
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12305
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12306
"<emphasis>Dynamic Routing.</emphasis>"
12307
msgstr ""
12308
12309
#: serverguide/C/network-config.xml:758(para)
12310
msgid ""
12311
"Static routing involves manually adding IP routes to the system's routing "
12312
"table, and this is usually done by manipulating the routing table with the "
12313
"<application>route</application> command. Static routing enjoys many "
12314
"advantages over dynamic routing, such as simplicity of implementation on "
12315
"smaller networks, predictability (the routing table is always computed in "
12316
"advance, and thus the route is precisely the same each time it is used), and "
12317
"low overhead on other routers and network links due to the lack of a dynamic "
12318
"routing protocol. However, static routing does present some disadvantages as "
12319
"well. For example, static routing is limited to small networks and does not "
12320
"scale well. Static routing also fails completely to adapt to network outages "
12321
"and failures along the route due to the fixed nature of the route."
12322
msgstr ""
12323
12324
#: serverguide/C/network-config.xml:768(para)
12325
msgid ""
12326
"Dynamic routing depends on large networks with multiple possible IP routes "
12327
"from a source to a destination and makes use of special routing protocols, "
12328
"such as the Router Information Protocol (RIP), which handle the automatic "
12329
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12330
"routing has several advantages over static routing, such as superior "
12331
"scalability and the ability to adapt to failures and outages along network "
12332
"routes. Additionally, there is less manual configuration of the routing "
12333
"tables, since routers learn from one another about their existence and "
12334
"available routes. This trait also eliminates the possibility of introducing "
12335
"mistakes in the routing tables via human error. Dynamic routing is not "
12336
"perfect, however, and presents disadvantages such as heightened complexity "
12337
"and additional network overhead from router communications, which does not "
12338
"immediately benefit the end users, but still consumes network bandwidth."
12339
msgstr ""
12340
12341
#: serverguide/C/network-config.xml:782(title)
12342
msgid "TCP and UDP"
12343
msgstr ""
12344
12345
#: serverguide/C/network-config.xml:783(para)
12346
msgid ""
12347
"TCP is a connection-based protocol, offering error correction and guaranteed "
12348
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12349
"Flow control determines when the flow of a data stream needs to be stopped, "
12350
"and previously sent data packets should to be re-sent due to problems such "
12351
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12352
"accurate delivery of the data. TCP is typically used in the exchange of "
12353
"important information such as database transactions."
12354
msgstr ""
12355
12356
#: serverguide/C/network-config.xml:791(para)
12357
msgid ""
12358
"The User Datagram Protocol (UDP), on the other hand, is a "
12359
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12360
"transmission of important data because it lacks flow control or any other "
12361
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12362
"applications as audio and video streaming, where it is considerably faster "
12363
"than TCP due to the lack of error correction and flow control, and where the "
12364
"loss of a few packets is not generally catastrophic."
12365
msgstr ""
12366
12367
#: serverguide/C/network-config.xml:801(title)
12368
msgid "ICMP"
12369
msgstr ""
12370
12371
#: serverguide/C/network-config.xml:802(para)
12372
msgid ""
12373
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12374
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12375
"supports network packets containing control, error, and informational "
12376
"messages. ICMP is used by such network applications as the "
12377
"<application>ping</application> utility, which can determine the "
12378
"availability of a network host or device. Examples of some error messages "
12379
"returned by ICMP which are useful to both network hosts and devices such as "
12380
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12381
"<emphasis>Time Exceeded</emphasis>."
12382
msgstr ""
12383
12384
#: serverguide/C/network-config.xml:812(title)
12385
msgid "Daemons"
12386
msgstr ""
12387
12388
#: serverguide/C/network-config.xml:813(para)
12389
msgid ""
12390
"Daemons are special system applications which typically execute continuously "
12391
"in the background and await requests for the functions they provide from "
12392
"other applications. Many daemons are network-centric; that is, a large "
12393
"number of daemons executing in the background on an Ubuntu system may "
12394
"provide network-related functionality. Some examples of such network daemons "
12395
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12396
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12397
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12398
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12399
"Daemon</emphasis> (imapd), which provides E-Mail services."
12400
msgstr ""
12401
12402
#: serverguide/C/network-config.xml:828(para)
12403
msgid ""
12404
"There are man pages for <ulink "
12405
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12406
"ulink> and <ulink "
12407
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12408
"> that contain more useful information."
12409
msgstr ""
12410
12411
#: serverguide/C/network-config.xml:834(para)
12412
msgid ""
12413
"Also, see the <ulink "
12414
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12415
"and Technical Overview</ulink> IBM Redbook."
12416
msgstr ""
12417
12418
#: serverguide/C/network-config.xml:840(para)
12419
msgid ""
12420
"Another resource is O'Reilly's <ulink "
12421
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12422
"Administration</ulink>."
12423
msgstr ""
12424
12425
#: serverguide/C/network-config.xml:849(title)
12426
msgid "Dynamic Host Configuration Protocol (DHCP)"
12427
msgstr ""
12428
12429
#: serverguide/C/network-config.xml:850(para)
12430
msgid ""
12431
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12432
"enables host computers to be automatically assigned settings from a server "
12433
"as opposed to manually configuring each network host. Computers configured "
12434
"to be DHCP clients have no control over the settings they receive from the "
12435
"DHCP server, and the configuration is transparent to the computer's user."
12436
msgstr ""
12437
12438
#: serverguide/C/network-config.xml:857(para)
12439
msgid ""
12440
"The most common settings provided by a DHCP server to DHCP clients include:"
12441
msgstr ""
12442
12443
#: serverguide/C/network-config.xml:862(para)
12444
msgid "IP-Address and Netmask"
12445
msgstr ""
12446
12447
#: serverguide/C/network-config.xml:865(para)
12448
msgid "DNS"
12449
msgstr ""
12450
12451
#: serverguide/C/network-config.xml:868(para)
12452
msgid "WINS"
12453
msgstr ""
12454
12455
#: serverguide/C/network-config.xml:871(para)
12456
msgid ""
12457
"However, a DHCP server can also supply configuration properties such as:"
12458
msgstr ""
12459
12460
#: serverguide/C/network-config.xml:876(para)
12461
msgid "Host Name"
12462
msgstr ""
12463
12464
#: serverguide/C/network-config.xml:879(para)
12465
msgid "Domain Name"
12466
msgstr ""
12467
12468
#: serverguide/C/network-config.xml:882(para)
12469
msgid "Default Gateway"
12470
msgstr ""
12471
12472
#: serverguide/C/network-config.xml:885(para)
12473
msgid "Time Server"
12474
msgstr ""
12475
12476
#: serverguide/C/network-config.xml:888(para)
12477
msgid "Print Server"
12478
msgstr ""
12479
12480
#: serverguide/C/network-config.xml:891(para)
12481
msgid ""
12482
"The advantage of using DHCP is that changes to the network, for example a "
12483
"change in the address of the DNS server, need only be changed at the DHCP "
12484
"server, and all network hosts will be reconfigured the next time their DHCP "
12485
"clients poll the DHCP server. As an added advantage, it is also easier to "
12486
"integrate new computers into the network, as there is no need to check for "
12487
"the availability of an IP address. Conflicts in IP address allocation are "
12488
"also reduced."
12489
msgstr ""
12490
12491
#: serverguide/C/network-config.xml:899(para)
12492
msgid "A DHCP server can provide configuration settings using two methods:"
12493
msgstr ""
12494
12495
#: serverguide/C/network-config.xml:904(term)
12496
msgid "MAC Address"
12497
msgstr ""
12498
12499
#: serverguide/C/network-config.xml:906(para)
12500
msgid ""
12501
"This method entails using DHCP to identify the unique hardware address of "
12502
"each network card connected to the network and then continually supplying a "
12503
"constant configuration each time the DHCP client makes a request to the DHCP "
12504
"server using that network device."
12505
msgstr ""
12506
12507
#: serverguide/C/network-config.xml:915(term)
12508
msgid "Address Pool"
12509
msgstr ""
12510
12511
#: serverguide/C/network-config.xml:917(para)
12512
msgid ""
12513
"This method entails defining a pool (sometimes also called a range or scope) "
12514
"of IP addresses from which DHCP clients are supplied their configuration "
12515
"properties dynamically and on a \"first come, first served\" basis. When a "
12516
"DHCP client is no longer on the network for a specified period, the "
12517
"configuration is expired and released back to the address pool for use by "
12518
"other DHCP Clients."
12519
msgstr ""
12520
12521
#: serverguide/C/network-config.xml:928(para)
12522
msgid ""
12523
"Ubuntu is shipped with both DHCP server and client. The server is "
12524
"<application>dhcpd</application> (dynamic host configuration protocol "
12525
"daemon). The client provided with Ubuntu is "
12526
"<application>dhclient</application> and should be installed on all computers "
12527
"required to be automatically configured. Both programs are easy to install "
12528
"and configure and will be automatically started at system boot."
12529
msgstr ""
12530
12531
#: serverguide/C/network-config.xml:938(para)
12532
msgid ""
12533
"At a terminal prompt, enter the following command to install "
12534
"<application>dhcpd</application>:"
12535
msgstr ""
12536
12537
#: serverguide/C/network-config.xml:943(command)
12538
msgid "sudo apt-get install dhcp3-server"
12539
msgstr ""
12540
12541
#: serverguide/C/network-config.xml:945(para)
12542
msgid ""
12543
"You will probably need to change the default configuration by editing "
12544
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12545
msgstr ""
12546
12547
#: serverguide/C/network-config.xml:949(para)
12548
msgid ""
12549
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12550
"dhcpd should listen to. By default it listens to eth0."
12551
msgstr ""
12552
12553
#: serverguide/C/network-config.xml:953(para)
12554
msgid ""
12555
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12556
"messages."
12557
msgstr ""
12558
12559
#: serverguide/C/network-config.xml:960(para)
12560
msgid ""
12561
"The error message the installation ends with might be a little confusing, "
12562
"but the following steps will help you configure the service:"
12563
msgstr ""
12564
12565
#: serverguide/C/network-config.xml:964(para)
12566
msgid ""
12567
"Most commonly, what you want to do is assign an IP address randomly. This "
12568
"can be done with settings as follows:"
12569
msgstr ""
12570
12571
#: serverguide/C/network-config.xml:968(programlisting)
12572
#, no-wrap
12573
msgid ""
12574
"\n"
12575
"# Sample /etc/dhcpd.conf\n"
12576
"# (add your comments here) \n"
12577
"default-lease-time 600;\n"
12578
"max-lease-time 7200;\n"
12579
"option subnet-mask 255.255.255.0;\n"
12580
"option broadcast-address 192.168.1.255;\n"
12581
"option routers 192.168.1.254;\n"
12582
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12583
"option domain-name \"mydomain.example\";\n"
12584
"\n"
12585
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12586
"range 192.168.1.10 192.168.1.100;\n"
12587
"range 192.168.1.150 192.168.1.200;\n"
12588
"} \n"
12589
msgstr ""
12590
12591
#: serverguide/C/network-config.xml:984(para)
12592
msgid ""
12593
"This will result in the DHCP server giving a client an IP address from the "
12594
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12595
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12596
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12597
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12598
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12599
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12600
msgstr ""
12601
12602
#: serverguide/C/network-config.xml:993(para)
12603
msgid ""
12604
"If you need to specify a WINS server for your Windows clients, you will need "
12605
"to include the netbios-name-servers option, e.g."
12606
msgstr ""
12607
12608
#: serverguide/C/network-config.xml:997(programlisting)
12609
#, no-wrap
12610
msgid ""
12611
"\n"
12612
"option netbios-name-servers 192.168.1.1; \n"
12613
msgstr ""
12614
12615
#: serverguide/C/network-config.xml:1000(para)
12616
msgid ""
12617
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12618
"be found <ulink "
12619
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12620
msgstr ""
12621
12622
#: serverguide/C/network-config.xml:1010(para)
12623
msgid ""
12624
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12625
"server Ubuntu Wiki</ulink> page has more information."
12626
msgstr ""
12627
12628
#: serverguide/C/network-config.xml:1015(para)
12629
msgid ""
12630
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12631
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12632
"\">dhcpd.conf man page</ulink>."
12633
msgstr ""
12634
12635
#: serverguide/C/network-config.xml:1021(para)
12636
msgid ""
12637
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12638
"FAQ</ulink>"
12639
msgstr ""
12640
12641
#: serverguide/C/network-config.xml:1031(title)
12642
msgid "Time Synchronisation with NTP"
12643
msgstr ""
12644
12645
#: serverguide/C/network-config.xml:1032(para)
12646
msgid ""
12647
"This page describes methods for keeping your computer's time accurate. This "
12648
"is useful for servers, but is not necessary (or desirable) for desktop "
12649
"machines."
12650
msgstr ""
12651
12652
#: serverguide/C/network-config.xml:1035(para)
12653
msgid ""
12654
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12655
"client requests the current time from a server, and uses it to set its own "
12656
"clock."
12657
msgstr ""
12658
12659
#: serverguide/C/network-config.xml:1038(para)
12660
msgid ""
12661
"Behind this simple description, there is a lot of complexity - there are "
12662
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12663
"clocks (often via GPS), and tier two and three servers spreading the load of "
12664
"actually handling requests across the Internet. Also the client software is "
12665
"a lot more complex than you might think - it has to factor out communication "
12666
"delays, and adjust the time in a way that does not upset all the other "
12667
"processes that run on the server. But luckily all that complexity is hidden "
12668
"from you!"
12669
msgstr ""
12670
12671
#: serverguide/C/network-config.xml:1041(para)
12672
msgid ""
12673
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12674
msgstr ""
12675
12676
#: serverguide/C/network-config.xml:1046(title)
12677
msgid "ntpdate"
12678
msgstr ""
12679
12680
#: serverguide/C/network-config.xml:1047(para)
12681
msgid ""
12682
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12683
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12684
"is likely to drift considerably between reboots, so it makes sense to "
12685
"correct the time occasionally. The easiest way to do this is to get cron to "
12686
"run ntpdate every day. With your favorite editor, as root, create a file "
12687
"<code>/etc/cron.daily/ntpdate</code> containing:"
12688
msgstr ""
12689
12690
#: serverguide/C/network-config.xml:1052(screen)
12691
#, no-wrap
12692
msgid "ntpdate ntp.ubuntu.com\n"
12693
msgstr ""
12694
12695
#: serverguide/C/network-config.xml:1054(para)
12696
msgid ""
12697
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12698
msgstr ""
12699
12700
#: serverguide/C/network-config.xml:1057(screen)
12701
#, no-wrap
12702
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12703
msgstr ""
12704
12705
#: serverguide/C/network-config.xml:1061(title)
12706
msgid "ntpd"
12707
msgstr ""
12708
12709
#: serverguide/C/network-config.xml:1062(para)
12710
msgid ""
12711
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12712
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12713
"calculates the drift of your system clock and continuously adjusts it, so "
12714
"there are no large corrections that could lead to inconsistent logs for "
12715
"instance. The cost is a little processing power and memory, but for a modern "
12716
"server this is negligible."
12717
msgstr ""
12718
12719
#: serverguide/C/network-config.xml:1065(para)
12720
msgid "To set up ntpd:"
12721
msgstr ""
12722
12723
#: serverguide/C/network-config.xml:1066(screen)
12724
#, no-wrap
12725
msgid "sudo apt-get install ntp\n"
12726
msgstr ""
12727
12728
#: serverguide/C/network-config.xml:1071(title)
12729
msgid "Changing Time Servers"
12730
msgstr ""
12731
12732
#: serverguide/C/network-config.xml:1072(para)
12733
msgid ""
12734
"In both cases above, your system will use Ubuntu's NTP server at "
12735
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12736
"use several servers to increase accuracy and resilience, and you may want to "
12737
"use time servers that are geographically closer to you. to do this for "
12738
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12739
msgstr ""
12740
12741
#: serverguide/C/network-config.xml:1079(screen)
12742
#, no-wrap
12743
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12744
msgstr ""
12745
12746
#: serverguide/C/network-config.xml:1081(para)
12747
msgid ""
12748
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12749
"lines:"
12750
msgstr ""
12751
12752
#: serverguide/C/network-config.xml:1086(screen)
12753
#, no-wrap
12754
msgid ""
12755
"server ntp.ubuntu.com\n"
12756
"server pool.ntp.org\n"
12757
msgstr ""
12758
12759
#: serverguide/C/network-config.xml:1089(para)
12760
msgid ""
12761
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12762
"really good idea which uses round-robin DNS to return an NTP server from a "
12763
"pool, spreading the load between several different servers. Even better, "
12764
"they have pools for different regions - for instance, if you are in New "
12765
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12766
"<code>pool.ntp.org</code> . Look at <ulink "
12767
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12768
"details."
12769
msgstr ""
12770
12771
#: serverguide/C/network-config.xml:1100(para)
12772
msgid ""
12773
"You can also Google for NTP servers in your region, and add these to your "
12774
"configuration. To test that a server works, just type <code>sudo ntpdate "
12775
"ntp.server.name</code> and see what happens."
12776
msgstr ""
12777
12778
#: serverguide/C/network-config.xml:1111(para)
12779
msgid ""
12780
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12781
"Time</ulink> wiki page for more information."
12782
msgstr ""
12783
12784
#: serverguide/C/network-config.xml:1117(ulink)
12785
msgid "NTP Support"
12786
msgstr ""
12787
12788
#: serverguide/C/network-config.xml:1122(ulink)
12789
msgid "The NTP FAQ and HOWTO"
12790
msgstr ""
12791
12792
#: serverguide/C/network-auth.xml:13(title)
12793
msgid "Network Authentication"
12794
msgstr ""
12795
12796
#: serverguide/C/network-auth.xml:15(para)
12797
msgid "This section explains various Network Authentication protocols."
12798
msgstr ""
12799
12800
#: serverguide/C/network-auth.xml:19(title)
12801
msgid "OpenLDAP Server"
12802
msgstr ""
12803
12804
#: serverguide/C/network-auth.xml:20(para)
12805
msgid ""
12806
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12807
"simplified version of the X.500 protocol. The directory setup in this "
12808
"section will be used for authentication. Nevertheless, LDAP can be used in "
12809
"numerous ways: authentication, shared directory (for mail clients), address "
12810
"book, etc."
12811
msgstr ""
12812
12813
#: serverguide/C/network-auth.xml:28(para)
12814
msgid ""
12815
"To describe LDAP quickly, all information is stored in a tree structure. "
12816
"With <application>OpenLDAP</application> you have freedom to determine the "
12817
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12818
"We will begin with a basic tree containing two nodes below the root:"
12819
msgstr ""
12820
12821
#: serverguide/C/network-auth.xml:37(para)
12822
msgid "\"People\" node where your users will be stored"
12823
msgstr ""
12824
12825
#: serverguide/C/network-auth.xml:40(para)
12826
msgid "\"Groups\" node where your groups will be stored"
12827
msgstr ""
12828
12829
#: serverguide/C/network-auth.xml:44(para)
12830
msgid ""
12831
"Before beginning, you should determine what the root of your LDAP directory "
12832
"will be. By default, your tree will be determined by your Fully Qualified "
12833
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12834
"example), your root node will be dc=example,dc=com."
12835
msgstr ""
12836
12837
#: serverguide/C/network-auth.xml:54(para)
12838
msgid ""
12839
"First, install the <application>OpenLDAP</application> server daemon "
12840
"<application>slapd</application> and <application>ldap-utils</application>, "
12841
"a package containing LDAP management utilities:"
12842
msgstr ""
12843
12844
#: serverguide/C/network-auth.xml:60(command)
12845
msgid "sudo apt-get install slapd ldap-utils"
12846
msgstr ""
12847
12848
#: serverguide/C/network-auth.xml:63(para)
12849
msgid ""
12850
"By default <application>slapd</application> is configured with minimal "
12851
"options needed to run the <application>slapd</application> daemon."
12852
msgstr ""
12853
12854
#: serverguide/C/network-auth.xml:68(para)
12855
msgid ""
12856
"The configuration example in the following sections will match the domain "
12857
"name of the server. For example, if the machine's Fully Qualified Domain "
12858
"Name (FQDN) is ldap.example.com, the default suffix will be "
12859
"<emphasis>dc=example,dc=com</emphasis>."
12860
msgstr ""
12861
12862
#: serverguide/C/network-auth.xml:76(title)
12863
msgid "Populating LDAP"
12864
msgstr ""
12865
12866
#: serverguide/C/network-auth.xml:78(para)
12867
msgid ""
12868
"<application>OpenLDAP</application> uses a separate directory which contains "
12869
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12870
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12871
"<application>slapd</application> daemon, allowing the modification of schema "
12872
"definitions, indexes, ACLs, etc without stopping the service."
12873
msgstr ""
12874
12875
#: serverguide/C/network-auth.xml:86(para)
12876
msgid ""
12877
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12878
"configuration and will need additional configuration options in order to "
12879
"populate the frontend directory. The frontend will be populated with a "
12880
"\"classical\" scheme that will be compatible with address book applications "
12881
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12882
"various applications, such as web applications, email Mail Transfer Agent "
12883
"(MTA) applications, etc."
12884
msgstr ""
12885
12886
#: serverguide/C/network-auth.xml:95(para)
12887
msgid ""
12888
"For external applications to authenticate using LDAP they will each need to "
12889
"be specifically configured to do so. Refer to the individual application "
12890
"documentation for details."
12891
msgstr ""
12892
12893
#: serverguide/C/network-auth.xml:103(para)
12894
msgid ""
12895
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12896
"examples to match your LDAP configuration."
12897
msgstr ""
12898
12899
#: serverguide/C/network-auth.xml:108(para)
12900
msgid ""
12901
"First, some additional schema files need to be loaded. In a terminal enter:"
12902
msgstr ""
12903
12904
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12905
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12906
msgstr ""
12907
12908
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12909
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
12910
msgstr ""
12911
12912
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
12913
msgid ""
12914
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
12915
msgstr ""
12916
12917
#: serverguide/C/network-auth.xml:118(para)
12918
msgid ""
12919
"Next, copy the following example LDIF file, naming it "
12920
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
12921
msgstr ""
12922
12923
#: serverguide/C/network-auth.xml:123(programlisting)
12924
#, no-wrap
12925
msgid ""
12926
"\n"
12927
"# Load dynamic backend modules\n"
12928
"dn: cn=module,cn=config\n"
12929
"objectClass: olcModuleList\n"
12930
"cn: module\n"
12931
"olcModulepath: /usr/lib/ldap\n"
12932
"olcModuleload: back_hdb\n"
12933
"\n"
12934
"# Database settings\n"
12935
"dn: olcDatabase=hdb,cn=config\n"
12936
"objectClass: olcDatabaseConfig\n"
12937
"objectClass: olcHdbConfig\n"
12938
"olcDatabase: {1}hdb\n"
12939
"olcSuffix: dc=example,dc=com\n"
12940
"olcDbDirectory: /var/lib/ldap\n"
12941
"olcRootDN: cn=admin,dc=example,dc=com\n"
12942
"olcRootPW: secret\n"
12943
"olcDbConfig: set_cachesize 0 2097152 0\n"
12944
"olcDbConfig: set_lk_max_objects 1500\n"
12945
"olcDbConfig: set_lk_max_locks 1500\n"
12946
"olcDbConfig: set_lk_max_lockers 1500\n"
12947
"olcDbIndex: objectClass eq\n"
12948
"olcLastMod: TRUE\n"
12949
"olcDbCheckpoint: 512 30\n"
12950
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
12951
"by anonymous auth by self write by * none\n"
12952
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
12953
"olcAccess: to dn.base=\"\" by * read\n"
12954
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12955
"\n"
12956
msgstr ""
12957
12958
#: serverguide/C/network-auth.xml:155(para)
12959
msgid ""
12960
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
12961
msgstr ""
12962
12963
#: serverguide/C/network-auth.xml:160(para)
12964
msgid "Now add the LDIF to the directory:"
12965
msgstr ""
12966
12967
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
12968
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
12969
msgstr ""
12970
12971
#: serverguide/C/network-auth.xml:168(para)
12972
msgid ""
12973
"The frontend directory is now ready to be populated. Create a "
12974
"<filename>frontend.example.com.ldif</filename> with the following contents:"
12975
msgstr ""
12976
12977
#: serverguide/C/network-auth.xml:173(programlisting)
12978
#, no-wrap
12979
msgid ""
12980
"\n"
12981
"# Create top-level object in domain\n"
12982
"dn: dc=example,dc=com\n"
12983
"objectClass: top\n"
12984
"objectClass: dcObject\n"
12985
"objectclass: organization\n"
12986
"o: Example Organization\n"
12987
"dc: Example\n"
12988
"description: LDAP Example \n"
12989
"\n"
12990
"# Admin user.\n"
12991
"dn: cn=admin,dc=example,dc=com\n"
12992
"objectClass: simpleSecurityObject\n"
12993
"objectClass: organizationalRole\n"
12994
"cn: admin\n"
12995
"description: LDAP administrator\n"
12996
"userPassword: secret\n"
12997
"\n"
12998
"dn: ou=people,dc=example,dc=com\n"
12999
"objectClass: organizationalUnit\n"
13000
"ou: people\n"
13001
"\n"
13002
"dn: ou=groups,dc=example,dc=com\n"
13003
"objectClass: organizationalUnit\n"
13004
"ou: groups\n"
13005
"\n"
13006
"dn: uid=john,ou=people,dc=example,dc=com\n"
13007
"objectClass: inetOrgPerson\n"
13008
"objectClass: posixAccount\n"
13009
"objectClass: shadowAccount\n"
13010
"uid: john\n"
13011
"sn: Doe\n"
13012
"givenName: John\n"
13013
"cn: John Doe\n"
13014
"displayName: John Doe\n"
13015
"uidNumber: 1000\n"
13016
"gidNumber: 10000\n"
13017
"userPassword: password\n"
13018
"gecos: John Doe\n"
13019
"loginShell: /bin/bash\n"
13020
"homeDirectory: /home/john\n"
13021
"shadowExpire: -1\n"
13022
"shadowFlag: 0\n"
13023
"shadowWarning: 7\n"
13024
"shadowMin: 8\n"
13025
"shadowMax: 999999\n"
13026
"shadowLastChange: 10877\n"
13027
"mail: john.doe@example.com\n"
13028
"postalCode: 31000\n"
13029
"l: Toulouse\n"
13030
"o: Example\n"
13031
"mobile: +33 (0)6 xx xx xx xx\n"
13032
"homePhone: +33 (0)5 xx xx xx xx\n"
13033
"title: System Administrator\n"
13034
"postalAddress: \n"
13035
"initials: JD\n"
13036
"\n"
13037
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13038
"objectClass: posixGroup\n"
13039
"cn: example\n"
13040
"gidNumber: 10000\n"
13041
msgstr ""
13042
13043
#: serverguide/C/network-auth.xml:236(para)
13044
msgid ""
13045
"In this example the directory structure, a user, and a group have been "
13046
"setup. In other examples you might see the <emphasis>objectClass: "
13047
"top</emphasis> added in every entry, but that is the default behaviour so "
13048
"you do not have to add it explicitly."
13049
msgstr ""
13050
13051
#: serverguide/C/network-auth.xml:243(para)
13052
msgid "Add the entries to the LDAP directory:"
13053
msgstr ""
13054
13055
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13056
msgid ""
13057
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13058
msgstr ""
13059
13060
#: serverguide/C/network-auth.xml:252(para)
13061
msgid ""
13062
"We can check that the content has been correctly added with the "
13063
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13064
"directory:"
13065
msgstr ""
13066
13067
#: serverguide/C/network-auth.xml:258(command)
13068
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13069
msgstr ""
13070
13071
#: serverguide/C/network-auth.xml:259(computeroutput)
13072
#, no-wrap
13073
msgid ""
13074
"\n"
13075
"dn: uid=john,ou=people,dc=example,dc=com\n"
13076
"cn: John Doe\n"
13077
"sn: Doe\n"
13078
"givenName: John\n"
13079
msgstr ""
13080
13081
#: serverguide/C/network-auth.xml:267(para)
13082
msgid "Just a quick explanation:"
13083
msgstr ""
13084
13085
#: serverguide/C/network-auth.xml:273(para)
13086
msgid ""
13087
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13088
"the default."
13089
msgstr ""
13090
13091
#: serverguide/C/network-auth.xml:279(para)
13092
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13093
msgstr ""
13094
13095
#: serverguide/C/network-auth.xml:287(title)
13096
msgid "Further Configuration"
13097
msgstr ""
13098
13099
#: serverguide/C/network-auth.xml:290(para)
13100
msgid ""
13101
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13102
"utilities in the <application>ldap-utils</application> package. For example:"
13103
msgstr ""
13104
13105
#: serverguide/C/network-auth.xml:298(para)
13106
msgid ""
13107
"Use <application>ldapsearch</application> to view the tree, entering the "
13108
"admin password set during installation or reconfiguration:"
13109
msgstr ""
13110
13111
#: serverguide/C/network-auth.xml:304(command)
13112
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13113
msgstr ""
13114
13115
#: serverguide/C/network-auth.xml:308(computeroutput)
13116
#, no-wrap
13117
msgid ""
13118
"\n"
13119
"SASL/EXTERNAL authentication started\n"
13120
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13121
"SASL SSF: 0\n"
13122
"dn: cn=config\n"
13123
"\n"
13124
"dn: cn=module{0},cn=config\n"
13125
"\n"
13126
"dn: cn=schema,cn=config\n"
13127
"\n"
13128
"dn: cn={0}core,cn=schema,cn=config\n"
13129
"\n"
13130
"dn: cn={1}cosine,cn=schema,cn=config\n"
13131
"\n"
13132
"dn: cn={2}nis,cn=schema,cn=config\n"
13133
"\n"
13134
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13135
"\n"
13136
"dn: olcDatabase={-1}frontend,cn=config\n"
13137
"\n"
13138
"dn: olcDatabase={0}config,cn=config\n"
13139
"\n"
13140
"dn: olcDatabase={1}hdb,cn=config\n"
13141
msgstr ""
13142
13143
#: serverguide/C/network-auth.xml:334(para)
13144
msgid ""
13145
"The output above is the current configuration options for the "
13146
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13147
msgstr ""
13148
13149
#: serverguide/C/network-auth.xml:342(para)
13150
msgid ""
13151
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13152
"another attribute to the index list using "
13153
"<application>ldapmodify</application>:"
13154
msgstr ""
13155
13156
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13157
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13158
msgstr ""
13159
13160
#: serverguide/C/network-auth.xml:356(userinput)
13161
#, no-wrap
13162
msgid ""
13163
"dn: olcDatabase={1}hdb,cn=config\n"
13164
"add: olcDbIndex\n"
13165
"olcDbIndex: uidNumber eq"
13166
msgstr ""
13167
13168
#: serverguide/C/network-auth.xml:352(computeroutput)
13169
#, no-wrap
13170
msgid ""
13171
"\n"
13172
"SASL/EXTERNAL authentication started\n"
13173
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13174
"SASL SSF: 0\n"
13175
"<placeholder-1/>\n"
13176
"\n"
13177
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13178
msgstr ""
13179
13180
#: serverguide/C/network-auth.xml:364(para)
13181
msgid ""
13182
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13183
"exit the utility."
13184
msgstr ""
13185
13186
#: serverguide/C/network-auth.xml:371(para)
13187
msgid ""
13188
"<application>ldapmodify</application> can also read the changes from a file. "
13189
"Copy and paste the following into a file named "
13190
"<filename>uid_index.ldif</filename>:"
13191
msgstr ""
13192
13193
#: serverguide/C/network-auth.xml:376(programlisting)
13194
#, no-wrap
13195
msgid ""
13196
"\n"
13197
"dn: olcDatabase={1}hdb,cn=config\n"
13198
"add: olcDbIndex\n"
13199
"olcDbIndex: uid eq,pres,sub\n"
13200
msgstr ""
13201
13202
#: serverguide/C/network-auth.xml:382(para)
13203
msgid "Then execute <application>ldapmodify</application>:"
13204
msgstr ""
13205
13206
#: serverguide/C/network-auth.xml:387(command)
13207
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13208
msgstr ""
13209
13210
#: serverguide/C/network-auth.xml:391(computeroutput)
13211
#, no-wrap
13212
msgid ""
13213
"\n"
13214
"SASL/EXTERNAL authentication started\n"
13215
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13216
"SASL SSF: 0\n"
13217
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13218
msgstr ""
13219
13220
#: serverguide/C/network-auth.xml:399(para)
13221
msgid "The file method is very useful for large changes."
13222
msgstr ""
13223
13224
#: serverguide/C/network-auth.xml:406(para)
13225
msgid ""
13226
"Adding additional <emphasis>schemas</emphasis> to "
13227
"<application>slapd</application> requires the schema to be converted to LDIF "
13228
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13229
"directory contains some schema files already converted to LDIF format as "
13230
"demonstrated in the previous section. Fortunately, the "
13231
"<application>slapd</application> program can be used to automate the "
13232
"conversion. The following example will add the "
13233
"<emphasis>dyngroup.schema</emphasis>:"
13234
msgstr ""
13235
13236
#: serverguide/C/network-auth.xml:416(para)
13237
msgid ""
13238
"First, create a conversion <filename>schema_convert.conf</filename> file "
13239
"containing the following lines:"
13240
msgstr ""
13241
13242
#: serverguide/C/network-auth.xml:421(programlisting)
13243
#, no-wrap
13244
msgid ""
13245
"\n"
13246
"include /etc/ldap/schema/core.schema\n"
13247
"include /etc/ldap/schema/collective.schema\n"
13248
"include /etc/ldap/schema/corba.schema\n"
13249
"include /etc/ldap/schema/cosine.schema\n"
13250
"include /etc/ldap/schema/duaconf.schema\n"
13251
"include /etc/ldap/schema/dyngroup.schema\n"
13252
"include /etc/ldap/schema/inetorgperson.schema\n"
13253
"include /etc/ldap/schema/java.schema\n"
13254
"include /etc/ldap/schema/misc.schema\n"
13255
"include /etc/ldap/schema/nis.schema\n"
13256
"include /etc/ldap/schema/openldap.schema\n"
13257
"include /etc/ldap/schema/ppolicy.schema\n"
13258
msgstr ""
13259
13260
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13261
msgid "Next, create a temporary directory to hold the output:"
13262
msgstr ""
13263
13264
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13265
msgid "mkdir /tmp/ldif_output"
13266
msgstr ""
13267
13268
#: serverguide/C/network-auth.xml:450(para)
13269
msgid ""
13270
"Now using <application>slapcat</application> convert the schema files to "
13271
"LDIF:"
13272
msgstr ""
13273
13274
#: serverguide/C/network-auth.xml:455(command)
13275
msgid ""
13276
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13277
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13278
msgstr ""
13279
13280
#: serverguide/C/network-auth.xml:458(para)
13281
msgid ""
13282
"Adjust the configuration file name and temporary directory names if yours "
13283
"are different. Also, it may be worthwhile to keep the "
13284
"<filename>ldif_output</filename> directory around in case you want to add "
13285
"additional schemas in the future."
13286
msgstr ""
13287
13288
#: serverguide/C/network-auth.xml:467(para)
13289
msgid ""
13290
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13291
"following attributes:"
13292
msgstr ""
13293
13294
#: serverguide/C/network-auth.xml:471(programlisting)
13295
#, no-wrap
13296
msgid ""
13297
"\n"
13298
"dn: cn=dyngroup,cn=schema,cn=config\n"
13299
"...\n"
13300
"cn: dyngroup\n"
13301
msgstr ""
13302
13303
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13304
msgid "And remove the following lines from the bottom of the file:"
13305
msgstr ""
13306
13307
#: serverguide/C/network-auth.xml:481(programlisting)
13308
#, no-wrap
13309
msgid ""
13310
"\n"
13311
"structuralObjectClass: olcSchemaConfig\n"
13312
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13313
"creatorsName: cn=config\n"
13314
"createTimestamp: 20080826021140Z\n"
13315
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13316
"modifiersName: cn=config\n"
13317
"modifyTimestamp: 20080826021140Z\n"
13318
msgstr ""
13319
13320
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13321
msgid ""
13322
"The attribute values will vary, just be sure the attributes are removed."
13323
msgstr ""
13324
13325
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13326
msgid ""
13327
"Finally, using the <application>ldapadd</application> utility, add the new "
13328
"schema to the directory:"
13329
msgstr ""
13330
13331
#: serverguide/C/network-auth.xml:506(command)
13332
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13333
msgstr ""
13334
13335
#: serverguide/C/network-auth.xml:512(para)
13336
msgid ""
13337
"There should now be a <emphasis>dn: "
13338
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13339
msgstr ""
13340
13341
#: serverguide/C/network-auth.xml:522(title)
13342
msgid "LDAP Replication"
13343
msgstr ""
13344
13345
#: serverguide/C/network-auth.xml:524(para)
13346
msgid ""
13347
"LDAP often quickly becomes a highly critical service to the network. "
13348
"Multiple systems will come to depend on LDAP for authentication, "
13349
"authorization, configuration, etc. It is a good idea to setup a redundant "
13350
"system through replication."
13351
msgstr ""
13352
13353
#: serverguide/C/network-auth.xml:530(para)
13354
msgid ""
13355
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13356
"Syncrepl allows the changes to be synced using a "
13357
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13358
"provider sends directory changes to consumers."
13359
msgstr ""
13360
13361
#: serverguide/C/network-auth.xml:537(title)
13362
msgid "Provider Configuration"
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:539(para)
13366
msgid ""
13367
"The following is an example of a <emphasis>Single-Master</emphasis> "
13368
"configuration. In this configuration one OpenLDAP server is configured as a "
13369
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13370
msgstr ""
13371
13372
#: serverguide/C/network-auth.xml:547(para)
13373
msgid ""
13374
"First, configure the provider server. Copy the following to a file named "
13375
"<filename>provider_sync.ldif</filename>:"
13376
msgstr ""
13377
13378
#: serverguide/C/network-auth.xml:552(programlisting)
13379
#, no-wrap
13380
msgid ""
13381
"\n"
13382
"# Add indexes to the frontend db.\n"
13383
"dn: olcDatabase={1}hdb,cn=config\n"
13384
"changetype: modify\n"
13385
"add: olcDbIndex\n"
13386
"olcDbIndex: entryCSN eq\n"
13387
"-\n"
13388
"add: olcDbIndex\n"
13389
"olcDbIndex: entryUUID eq\n"
13390
"\n"
13391
"#Load the syncprov and accesslog modules.\n"
13392
"dn: cn=module{0},cn=config\n"
13393
"changetype: modify\n"
13394
"add: olcModuleLoad\n"
13395
"olcModuleLoad: syncprov\n"
13396
"-\n"
13397
"add: olcModuleLoad\n"
13398
"olcModuleLoad: accesslog\n"
13399
"\n"
13400
"# Accesslog database definitions\n"
13401
"dn: olcDatabase={2}hdb,cn=config\n"
13402
"objectClass: olcDatabaseConfig\n"
13403
"objectClass: olcHdbConfig\n"
13404
"olcDatabase: {2}hdb\n"
13405
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13406
"olcSuffix: cn=accesslog\n"
13407
"olcRootDN: cn=admin,dc=example,dc=com\n"
13408
"olcDbIndex: default eq\n"
13409
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13410
"\n"
13411
"# Accesslog db syncprov.\n"
13412
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13413
"changetype: add\n"
13414
"objectClass: olcOverlayConfig\n"
13415
"objectClass: olcSyncProvConfig\n"
13416
"olcOverlay: syncprov\n"
13417
"olcSpNoPresent: TRUE\n"
13418
"olcSpReloadHint: TRUE\n"
13419
"\n"
13420
"# syncrepl Provider for primary db\n"
13421
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13422
"changetype: add\n"
13423
"objectClass: olcOverlayConfig\n"
13424
"objectClass: olcSyncProvConfig\n"
13425
"olcOverlay: syncprov\n"
13426
"olcSpNoPresent: TRUE\n"
13427
"\n"
13428
"# accesslog overlay definitions for primary db\n"
13429
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13430
"objectClass: olcOverlayConfig\n"
13431
"objectClass: olcAccessLogConfig\n"
13432
"olcOverlay: accesslog\n"
13433
"olcAccessLogDB: cn=accesslog\n"
13434
"olcAccessLogOps: writes\n"
13435
"olcAccessLogSuccess: TRUE\n"
13436
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13437
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13438
msgstr ""
13439
13440
#: serverguide/C/network-auth.xml:614(para)
13441
msgid ""
13442
"The <application>AppArmor</application> profile for "
13443
"<application>slapd</application> will need to be adjusted for the accesslog "
13444
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13445
"adding:"
13446
msgstr ""
13447
13448
#: serverguide/C/network-auth.xml:619(programlisting)
13449
#, no-wrap
13450
msgid ""
13451
"\n"
13452
" /var/lib/ldap/accesslog/ r,\n"
13453
" /var/lib/ldap/accesslog/** rwk,\n"
13454
msgstr ""
13455
13456
#: serverguide/C/network-auth.xml:624(para)
13457
msgid ""
13458
"Then create the directory, reload the <application>apparmor</application> "
13459
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13460
msgstr ""
13461
13462
#: serverguide/C/network-auth.xml:630(command)
13463
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13464
msgstr ""
13465
13466
#: serverguide/C/network-auth.xml:631(command)
13467
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13468
msgstr ""
13469
13470
#: serverguide/C/network-auth.xml:636(para)
13471
msgid ""
13472
"Using the <emphasis>-u openldap</emphasis> option with the "
13473
"<application>sudo</application> commands above removes the need to adjust "
13474
"permissions for the new directory later."
13475
msgstr ""
13476
13477
#: serverguide/C/network-auth.xml:645(para)
13478
msgid ""
13479
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13480
"directory:"
13481
msgstr ""
13482
13483
#: serverguide/C/network-auth.xml:649(programlisting)
13484
#, no-wrap
13485
msgid ""
13486
"\n"
13487
"olcRootDN: cn=admin,dc=example,dc=com\n"
13488
msgstr ""
13489
13490
#: serverguide/C/network-auth.xml:657(para)
13491
msgid ""
13492
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13493
msgstr ""
13494
13495
#: serverguide/C/network-auth.xml:662(command)
13496
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13497
msgstr ""
13498
13499
#: serverguide/C/network-auth.xml:669(para)
13500
msgid "Restart <application>slapd</application>:"
13501
msgstr ""
13502
13503
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13504
msgid "sudo /etc/init.d/slapd restart"
13505
msgstr ""
13506
13507
#: serverguide/C/network-auth.xml:680(para)
13508
msgid ""
13509
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13510
"to configure a <emphasis>Consumer</emphasis> server."
13511
msgstr ""
13512
13513
#: serverguide/C/network-auth.xml:687(title)
13514
msgid "Consumer Configuration"
13515
msgstr ""
13516
13517
#: serverguide/C/network-auth.xml:692(para)
13518
msgid ""
13519
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13520
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13521
"configuration steps."
13522
msgstr ""
13523
13524
#: serverguide/C/network-auth.xml:697(para)
13525
msgid "Add the additional schema files:"
13526
msgstr ""
13527
13528
#: serverguide/C/network-auth.xml:707(para)
13529
msgid ""
13530
"Also, create, or copy from the provider server, the "
13531
"<filename>backend.example.com.ldif</filename>"
13532
msgstr ""
13533
13534
#: serverguide/C/network-auth.xml:711(programlisting)
13535
#, no-wrap
13536
msgid ""
13537
"\n"
13538
"# Load dynamic backend modules\n"
13539
"dn: cn=module,cn=config\n"
13540
"objectClass: olcModuleList\n"
13541
"cn: module\n"
13542
"olcModulepath: /usr/lib/ldap\n"
13543
"olcModuleload: back_hdb\n"
13544
"\n"
13545
"# Database settings\n"
13546
"dn: olcDatabase=hdb,cn=config\n"
13547
"objectClass: olcDatabaseConfig\n"
13548
"objectClass: olcHdbConfig\n"
13549
"olcDatabase: {1}hdb\n"
13550
"olcSuffix: dc=example,dc=com\n"
13551
"olcDbDirectory: /var/lib/ldap\n"
13552
"olcRootDN: cn=admin,dc=example,dc=com\n"
13553
"olcRootPW: secret\n"
13554
"olcDbConfig: set_cachesize 0 2097152 0\n"
13555
"olcDbConfig: set_lk_max_objects 1500\n"
13556
"olcDbConfig: set_lk_max_locks 1500\n"
13557
"olcDbConfig: set_lk_max_lockers 1500\n"
13558
"olcDbIndex: objectClass eq\n"
13559
"olcLastMod: TRUE\n"
13560
"olcDbCheckpoint: 512 30\n"
13561
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13562
"by anonymous auth by self write by * none\n"
13563
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13564
"olcAccess: to dn.base=\"\" by * read\n"
13565
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13566
msgstr ""
13567
13568
#: serverguide/C/network-auth.xml:741(para)
13569
msgid "And add the LDIF by entering:"
13570
msgstr ""
13571
13572
#: serverguide/C/network-auth.xml:752(para)
13573
msgid ""
13574
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13575
"listed above, and add it:"
13576
msgstr ""
13577
13578
#: serverguide/C/network-auth.xml:760(para)
13579
msgid ""
13580
"The two severs should now have the same configuration except for the "
13581
"<emphasis>Syncrepl</emphasis> options."
13582
msgstr ""
13583
13584
#: serverguide/C/network-auth.xml:768(para)
13585
msgid ""
13586
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13587
msgstr ""
13588
13589
#: serverguide/C/network-auth.xml:772(programlisting)
13590
#, no-wrap
13591
msgid ""
13592
"\n"
13593
"#Load the syncprov module.\n"
13594
"dn: cn=module{0},cn=config\n"
13595
"changetype: modify\n"
13596
"add: olcModuleLoad\n"
13597
"olcModuleLoad: syncprov\n"
13598
"\n"
13599
"# syncrepl specific indices\n"
13600
"dn: olcDatabase={1}hdb,cn=config\n"
13601
"changetype: modify\n"
13602
"add: olcDbIndex\n"
13603
"olcDbIndex: entryUUID eq\n"
13604
"-\n"
13605
"add: olcSyncRepl\n"
13606
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13607
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13608
" credentials=secret searchbase=\"dc=example,dc=com\" "
13609
"logbase=\"cn=accesslog\" \n"
13610
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13611
"schemachecking=on \n"
13612
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13613
"-\n"
13614
"add: olcUpdateRef\n"
13615
"olcUpdateRef: ldap://ldap01.example.com\n"
13616
msgstr ""
13617
13618
#: serverguide/C/network-auth.xml:795(para)
13619
msgid "You will probably want to change the following attributes:"
13620
msgstr ""
13621
13622
#: serverguide/C/network-auth.xml:800(para)
13623
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13624
msgstr ""
13625
13626
#: serverguide/C/network-auth.xml:801(emphasis)
13627
msgid "binddn"
13628
msgstr ""
13629
13630
#: serverguide/C/network-auth.xml:802(emphasis)
13631
msgid "credentials"
13632
msgstr ""
13633
13634
#: serverguide/C/network-auth.xml:803(emphasis)
13635
msgid "searchbase"
13636
msgstr ""
13637
13638
#: serverguide/C/network-auth.xml:804(emphasis)
13639
msgid "olcUpdateRef:"
13640
msgstr ""
13641
13642
#: serverguide/C/network-auth.xml:810(para)
13643
msgid "Add the LDIF file to the configuration tree:"
13644
msgstr ""
13645
13646
#: serverguide/C/network-auth.xml:815(command)
13647
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13648
msgstr ""
13649
13650
#: serverguide/C/network-auth.xml:821(para)
13651
msgid ""
13652
"The frontend database should now sync between servers. You can add "
13653
"additional servers using the steps above as the need arises."
13654
msgstr ""
13655
13656
#: serverguide/C/network-auth.xml:831(programlisting)
13657
#, no-wrap
13658
msgid "127.0.0.1\tldap01.example.com ldap01"
13659
msgstr ""
13660
13661
#: serverguide/C/network-auth.xml:827(para)
13662
msgid ""
13663
"The <application>slapd</application> daemon will send log information to "
13664
"<filename>/var/log/syslog</filename> by default. So if all does "
13665
"<emphasis>not</emphasis> go well check there for errors and other "
13666
"troubleshooting information. Also, be sure that each server knows it's Fully "
13667
"Qualified Domain Name (FQDN). This is configured in "
13668
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13669
msgstr ""
13670
13671
#: serverguide/C/network-auth.xml:839(title)
13672
msgid "Setting up ACL"
13673
msgstr ""
13674
13675
#: serverguide/C/network-auth.xml:841(para)
13676
msgid ""
13677
"Authentication requires access to the password field, that should be not "
13678
"accessible by default. Also, in order for users to change their own "
13679
"password, using <command>passwd</command> or other utilities, "
13680
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13681
"authenticated."
13682
msgstr ""
13683
13684
#: serverguide/C/network-auth.xml:848(para)
13685
msgid ""
13686
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13687
"tree, use the <application>ldapsearch</application> utility:"
13688
msgstr ""
13689
13690
#: serverguide/C/network-auth.xml:854(command)
13691
msgid ""
13692
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13693
"olcDatabase=config olcAccess"
13694
msgstr ""
13695
13696
#: serverguide/C/network-auth.xml:858(computeroutput)
13697
#, no-wrap
13698
msgid ""
13699
"SASL/EXTERNAL authentication started\n"
13700
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13701
"SASL SSF: 0\n"
13702
"dn: olcDatabase={0}config,cn=config\n"
13703
"olcAccess: {0}to * by "
13704
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13705
" ,cn=auth manage by * break\n"
13706
msgstr ""
13707
13708
#: serverguide/C/network-auth.xml:867(para)
13709
msgid "To see the ACL for the frontend tree enter:"
13710
msgstr ""
13711
13712
#: serverguide/C/network-auth.xml:872(command)
13713
msgid ""
13714
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13715
"olcDatabase={1}hdb olcAccess"
13716
msgstr ""
13717
13718
#: serverguide/C/network-auth.xml:878(title)
13719
msgid "TLS and SSL"
13720
msgstr ""
13721
13722
#: serverguide/C/network-auth.xml:880(para)
13723
msgid ""
13724
"When authenticating to an OpenLDAP server it is best to do so using an "
13725
"encrypted session. This can be accomplished using Transport Layer Security "
13726
"(TLS) and/or Secure Sockets Layer (SSL)."
13727
msgstr ""
13728
13729
#: serverguide/C/network-auth.xml:885(para)
13730
msgid ""
13731
"The first step in the process is to obtain or create a "
13732
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13733
"is compiled using the <application>gnutls</application> library, the "
13734
"<application>certtool</application> utility will be used to create "
13735
"certificates."
13736
msgstr ""
13737
13738
#: serverguide/C/network-auth.xml:894(para)
13739
msgid ""
13740
"First, install <application>gnutls-bin</application> by entering the "
13741
"following in a terminal:"
13742
msgstr ""
13743
13744
#: serverguide/C/network-auth.xml:899(command)
13745
msgid "sudo apt-get install gnutls-bin"
13746
msgstr ""
13747
13748
#: serverguide/C/network-auth.xml:905(para)
13749
msgid ""
13750
"Next, create a private key for the <emphasis>Certificate "
13751
"Authority</emphasis> (CA):"
13752
msgstr ""
13753
13754
#: serverguide/C/network-auth.xml:910(command)
13755
msgid ""
13756
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13757
msgstr ""
13758
13759
#: serverguide/C/network-auth.xml:916(para)
13760
msgid ""
13761
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13762
"CA certificate containing:"
13763
msgstr ""
13764
13765
#: serverguide/C/network-auth.xml:920(programlisting)
13766
#, no-wrap
13767
msgid ""
13768
"\n"
13769
"cn = Example Company\n"
13770
"ca\n"
13771
"cert_signing_key\n"
13772
msgstr ""
13773
13774
#: serverguide/C/network-auth.xml:929(para)
13775
msgid "Now create the self-signed CA certificate:"
13776
msgstr ""
13777
13778
#: serverguide/C/network-auth.xml:934(command)
13779
msgid ""
13780
"sudo certtool --generate-self-signed --load-privkey "
13781
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13782
"/etc/ssl/certs/cacert.pem"
13783
msgstr ""
13784
13785
#: serverguide/C/network-auth.xml:941(para)
13786
msgid "Make a private key for the server:"
13787
msgstr ""
13788
13789
#: serverguide/C/network-auth.xml:946(command)
13790
msgid ""
13791
"sudo sh -c \"certtool --generate-privkey > "
13792
"/etc/ssl/private/ldap01_slapd_key.pem\""
13793
msgstr ""
13794
13795
#: serverguide/C/network-auth.xml:950(para)
13796
msgid ""
13797
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13798
"hostname. Naming the certificate and key for the host and service that will "
13799
"be using them will help keep filenames and paths straight."
13800
msgstr ""
13801
13802
#: serverguide/C/network-auth.xml:959(para)
13803
msgid ""
13804
"To sign the server's certificate with the CA, create the "
13805
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13806
msgstr ""
13807
13808
#: serverguide/C/network-auth.xml:963(programlisting)
13809
#, no-wrap
13810
msgid ""
13811
"\n"
13812
"organization = Example Company\n"
13813
"cn = ldap01.example.com\n"
13814
"tls_www_server\n"
13815
"encryption_key\n"
13816
"signing_key\n"
13817
msgstr ""
13818
13819
#: serverguide/C/network-auth.xml:974(para)
13820
msgid "Create the server's certificate:"
13821
msgstr ""
13822
13823
#: serverguide/C/network-auth.xml:979(command)
13824
msgid ""
13825
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13826
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13827
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13828
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13829
msgstr ""
13830
13831
#: serverguide/C/network-auth.xml:987(para)
13832
msgid ""
13833
"Once you have a certificate, key, and CA cert installed, use "
13834
"<application>ldapmodify</application> to add the new configuration options:"
13835
msgstr ""
13836
13837
#: serverguide/C/network-auth.xml:998(userinput)
13838
#, no-wrap
13839
msgid ""
13840
"dn: cn=config\n"
13841
"add: olcTLSCACertificateFile\n"
13842
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13843
"-\n"
13844
"add: olcTLSCertificateFile\n"
13845
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13846
"-\n"
13847
"add: olcTLSCertificateKeyFile\n"
13848
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13849
msgstr ""
13850
13851
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13852
#, no-wrap
13853
msgid ""
13854
"Enter LDAP Password:\n"
13855
"<placeholder-1/>\n"
13856
"\n"
13857
"modifying entry \"cn=config\"\n"
13858
msgstr ""
13859
13860
#: serverguide/C/network-auth.xml:1013(para)
13861
msgid ""
13862
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13863
"<filename>ldap01_slapd_key.pem</filename>, and "
13864
"<filename>cacert.pem</filename> names if yours are different."
13865
msgstr ""
13866
13867
#: serverguide/C/network-auth.xml:1019(para)
13868
msgid ""
13869
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13870
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13871
msgstr ""
13872
13873
#: serverguide/C/network-auth.xml:1023(programlisting)
13874
#, no-wrap
13875
msgid ""
13876
"\n"
13877
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13878
msgstr ""
13879
13880
#: serverguide/C/network-auth.xml:1027(para)
13881
msgid ""
13882
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13883
msgstr ""
13884
13885
#: serverguide/C/network-auth.xml:1032(command)
13886
msgid "sudo adduser openldap ssl-cert"
13887
msgstr ""
13888
13889
#: serverguide/C/network-auth.xml:1033(command)
13890
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13891
msgstr ""
13892
13893
#: serverguide/C/network-auth.xml:1034(command)
13894
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13895
msgstr ""
13896
13897
#: serverguide/C/network-auth.xml:1038(para)
13898
msgid ""
13899
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13900
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13901
"adjust the commands appropriately."
13902
msgstr ""
13903
13904
#: serverguide/C/network-auth.xml:1044(para)
13905
msgid "Finally, restart <application>slapd</application>:"
13906
msgstr ""
13907
13908
#: serverguide/C/network-auth.xml:1052(para)
13909
msgid ""
13910
"The <application>slapd</application> daemon should now be listening for "
13911
"LDAPS connections and be able to use STARTTLS during authentication."
13912
msgstr ""
13913
13914
#: serverguide/C/network-auth.xml:1058(para)
13915
msgid ""
13916
"If you run into troubles with the server not starting, check the "
13917
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
13918
"it is likely there is a configuration problem. Check that the certificate is "
13919
"signed by the authority from in the files configured, and that the ssl-cert "
13920
"group has read permissions on the private key."
13921
msgstr ""
13922
13923
#: serverguide/C/network-auth.xml:1070(title)
13924
msgid "TLS Replication"
13925
msgstr ""
13926
13927
#: serverguide/C/network-auth.xml:1072(para)
13928
msgid ""
13929
"If you have setup <application>Syncrepl</application> between servers, it is "
13930
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
13931
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
13932
"linkend=\"openldap-server-replication\"/>."
13933
msgstr ""
13934
13935
#: serverguide/C/network-auth.xml:1078(para)
13936
msgid ""
13937
"Assuming you have followed the above instructions and created a CA "
13938
"certificate and server certificate on the <emphasis>Provider</emphasis> "
13939
"server. Follow the following instructions to create a certificate and key "
13940
"for the <emphasis>Consumer</emphasis> server."
13941
msgstr ""
13942
13943
#: serverguide/C/network-auth.xml:1087(para)
13944
msgid "Create a new key for the Consumer server:"
13945
msgstr ""
13946
13947
#: serverguide/C/network-auth.xml:1092(command)
13948
msgid "mkdir ldap02-ssl"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:1093(command)
13952
msgid "cd ldap02-ssl"
13953
msgstr ""
13954
13955
#: serverguide/C/network-auth.xml:1094(command)
13956
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
13957
msgstr ""
13958
13959
#: serverguide/C/network-auth.xml:1098(para)
13960
msgid ""
13961
"Creating a new directory is not strictly necessary, but it will help keep "
13962
"things organized and make it easier to copy the files to the Consumer server."
13963
msgstr ""
13964
13965
#: serverguide/C/network-auth.xml:1107(para)
13966
msgid ""
13967
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
13968
"server, changing the attributes to match your locality and server:"
13969
msgstr ""
13970
13971
#: serverguide/C/network-auth.xml:1112(programlisting)
13972
#, no-wrap
13973
msgid ""
13974
"\n"
13975
"country = US\n"
13976
"state = North Carolina\n"
13977
"locality = Winston-Salem\n"
13978
"organization = Example Company\n"
13979
"cn = ldap02.salem.edu\n"
13980
"tls_www_client\n"
13981
"encryption_key\n"
13982
"signing_key\n"
13983
msgstr ""
13984
13985
#: serverguide/C/network-auth.xml:1126(para)
13986
msgid "Create the certificate:"
13987
msgstr ""
13988
13989
#: serverguide/C/network-auth.xml:1131(command)
13990
msgid ""
13991
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
13992
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
13993
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
13994
"ldap02_slapd_cert.pem"
13995
msgstr ""
13996
13997
#: serverguide/C/network-auth.xml:1139(para)
13998
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
13999
msgstr ""
14000
14001
#: serverguide/C/network-auth.xml:1144(command)
14002
msgid "cp /etc/ssl/certs/cacert.pem ."
14003
msgstr ""
14004
14005
#: serverguide/C/network-auth.xml:1150(para)
14006
msgid ""
14007
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14008
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14009
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14010
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14011
"<filename>/etc/ssl/private</filename>."
14012
msgstr ""
14013
14014
#: serverguide/C/network-auth.xml:1159(para)
14015
msgid ""
14016
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14017
"by entering:"
14018
msgstr ""
14019
14020
#: serverguide/C/network-auth.xml:1169(userinput)
14021
#, no-wrap
14022
msgid ""
14023
"dn: cn=config\n"
14024
"add: olcTLSCACertificateFile\n"
14025
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14026
"-\n"
14027
"add: olcTLSCertificateFile\n"
14028
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14029
"-\n"
14030
"add: olcTLSCertificateKeyFile\n"
14031
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:1186(para)
14035
msgid ""
14036
"As with the Provider you can now edit "
14037
"<filename>/etc/default/slapd</filename> and add the "
14038
"<emphasis>ldaps:///</emphasis> parameter to the "
14039
"<emphasis>SLAPD_SERVICES</emphasis> option."
14040
msgstr ""
14041
14042
#: serverguide/C/network-auth.xml:1194(para)
14043
msgid ""
14044
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14045
"modify the <emphasis>Consumer</emphasis> server's "
14046
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14047
msgstr ""
14048
14049
#: serverguide/C/network-auth.xml:1207(userinput)
14050
#, no-wrap
14051
msgid ""
14052
"\n"
14053
"dn: olcDatabase={1}hdb,cn=config\n"
14054
"replace: olcSyncrepl\n"
14055
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14056
"binddn=\"cn=ad\n"
14057
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14058
"logbas\n"
14059
" e=\"cn=accesslog\" "
14060
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14061
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14062
"starttls=yes"
14063
msgstr ""
14064
14065
#: serverguide/C/network-auth.xml:1204(computeroutput)
14066
#, no-wrap
14067
msgid ""
14068
"SASL/EXTERNAL authentication started\n"
14069
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14070
"SASL SSF: 0\n"
14071
"<placeholder-1/>\n"
14072
"\n"
14073
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14074
msgstr ""
14075
14076
#: serverguide/C/network-auth.xml:1219(para)
14077
msgid ""
14078
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14079
"(FQDN) in the certificate, you may have to edit "
14080
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14081
msgstr ""
14082
14083
#: serverguide/C/network-auth.xml:1224(programlisting)
14084
#, no-wrap
14085
msgid ""
14086
"\n"
14087
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14088
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14089
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14090
msgstr ""
14091
14092
#: serverguide/C/network-auth.xml:1231(para)
14093
msgid ""
14094
"Finally, restart <application>slapd</application> on each of the servers:"
14095
msgstr ""
14096
14097
#: serverguide/C/network-auth.xml:1244(title)
14098
msgid "LDAP Authentication"
14099
msgstr ""
14100
14101
#: serverguide/C/network-auth.xml:1246(para)
14102
msgid ""
14103
"Once you have a working LDAP server, the <application>auth-client-"
14104
"config</application> and <application>libnss-ldap</application> packages "
14105
"take the pain out of configuring an Ubuntu client to authenticate using "
14106
"LDAP. To install the packages from, a terminal prompt enter:"
14107
msgstr ""
14108
14109
#: serverguide/C/network-auth.xml:1253(command)
14110
msgid "sudo apt-get install libnss-ldap"
14111
msgstr ""
14112
14113
#: serverguide/C/network-auth.xml:1256(para)
14114
msgid ""
14115
"During the install a menu dialog will ask you connection details about your "
14116
"LDAP server."
14117
msgstr ""
14118
14119
#: serverguide/C/network-auth.xml:1260(para)
14120
msgid ""
14121
"If you make a mistake when entering your information you can execute the "
14122
"dialog again using:"
14123
msgstr ""
14124
14125
#: serverguide/C/network-auth.xml:1265(command)
14126
msgid "sudo dpkg-reconfigure ldap-auth-config"
14127
msgstr ""
14128
14129
#: serverguide/C/network-auth.xml:1268(para)
14130
msgid ""
14131
"The results of the dialog can be seen in "
14132
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14133
"covered in the menu edit this file accordingly."
14134
msgstr ""
14135
14136
#: serverguide/C/network-auth.xml:1273(para)
14137
msgid ""
14138
"Now that <application>libnss-ldap</application> is configured enable the "
14139
"<application>auth-client-config</application> LDAP profile by entering:"
14140
msgstr ""
14141
14142
#: serverguide/C/network-auth.xml:1279(command)
14143
msgid "sudo auth-client-config -t nss -p lac_ldap"
14144
msgstr ""
14145
14146
#: serverguide/C/network-auth.xml:1284(para)
14147
msgid ""
14148
"<emphasis>-t:</emphasis> only modifies "
14149
"<filename>/etc/nsswitch.conf</filename>."
14150
msgstr ""
14151
14152
#: serverguide/C/network-auth.xml:1289(para)
14153
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14154
msgstr ""
14155
14156
#: serverguide/C/network-auth.xml:1294(para)
14157
msgid ""
14158
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14159
"config</application> profile that is part of the <application>ldap-auth-"
14160
"config</application> package."
14161
msgstr ""
14162
14163
#: serverguide/C/network-auth.xml:1301(para)
14164
msgid ""
14165
"Using the <application>pam-auth-update</application> utility, configure the "
14166
"system to use LDAP for authentication:"
14167
msgstr ""
14168
14169
#: serverguide/C/network-auth.xml:1306(command)
14170
msgid "sudo pam-auth-update"
14171
msgstr ""
14172
14173
#: serverguide/C/network-auth.xml:1309(para)
14174
msgid ""
14175
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14176
"any other authentication mechanisms you need."
14177
msgstr ""
14178
14179
#: serverguide/C/network-auth.xml:1313(para)
14180
msgid ""
14181
"You should now be able to login using user credentials stored in the LDAP "
14182
"directory."
14183
msgstr ""
14184
14185
#: serverguide/C/network-auth.xml:1318(para)
14186
msgid ""
14187
"If you are going to use LDAP to store Samba users you will need to configure "
14188
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14189
"for details."
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:1326(title)
14193
msgid "User and Group Management"
14194
msgstr ""
14195
14196
#: serverguide/C/network-auth.xml:1328(para)
14197
msgid ""
14198
"The <application>ldap-utils</application> package comes with multiple "
14199
"utilities to manage the directory, but the long string of options needed, "
14200
"can make them a burden to use. The <application>ldapscripts</application> "
14201
"package contains configurable scripts to easily manage LDAP users and groups."
14202
msgstr ""
14203
14204
#: serverguide/C/network-auth.xml:1334(para)
14205
msgid "To install the package, from a terminal enter:"
14206
msgstr ""
14207
14208
#: serverguide/C/network-auth.xml:1339(command)
14209
msgid "sudo apt-get install ldapscripts"
14210
msgstr ""
14211
14212
#: serverguide/C/network-auth.xml:1342(para)
14213
msgid ""
14214
"Next, edit the config file "
14215
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14216
"changing the following to match your environment:"
14217
msgstr ""
14218
14219
#: serverguide/C/network-auth.xml:1347(programlisting)
14220
#, no-wrap
14221
msgid ""
14222
"\n"
14223
"SERVER=localhost\n"
14224
"BINDDN='cn=admin,dc=example,dc=com'\n"
14225
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14226
"SUFFIX='dc=example,dc=com'\n"
14227
"GSUFFIX='ou=Groups'\n"
14228
"USUFFIX='ou=People'\n"
14229
"MSUFFIX='ou=Computers'\n"
14230
"GIDSTART=10000\n"
14231
"UIDSTART=10000\n"
14232
"MIDSTART=10000\n"
14233
msgstr ""
14234
14235
#: serverguide/C/network-auth.xml:1360(para)
14236
msgid ""
14237
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14238
"authenticated access to the directory:"
14239
msgstr ""
14240
14241
#: serverguide/C/network-auth.xml:1365(command)
14242
msgid ""
14243
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14244
msgstr ""
14245
14246
#: serverguide/C/network-auth.xml:1366(command)
14247
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14248
msgstr ""
14249
14250
#: serverguide/C/network-auth.xml:1370(para)
14251
msgid ""
14252
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14253
"user."
14254
msgstr ""
14255
14256
#: serverguide/C/network-auth.xml:1375(para)
14257
msgid ""
14258
"The <application>ldapscripts</application> are now ready to help manage your "
14259
"directory. The following are some examples of how to use the scripts:"
14260
msgstr ""
14261
14262
#: serverguide/C/network-auth.xml:1382(para)
14263
msgid "Create a new user:"
14264
msgstr ""
14265
14266
#: serverguide/C/network-auth.xml:1386(command)
14267
msgid "sudo ldapadduser george example"
14268
msgstr ""
14269
14270
#: serverguide/C/network-auth.xml:1388(para)
14271
msgid ""
14272
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14273
"and set the user's primary group (gid) to <emphasis "
14274
"role=\"italic\">example</emphasis>"
14275
msgstr ""
14276
14277
#: serverguide/C/network-auth.xml:1394(para)
14278
msgid "Change a user's password:"
14279
msgstr ""
14280
14281
#: serverguide/C/network-auth.xml:1398(command)
14282
msgid "sudo ldapsetpasswd george"
14283
msgstr ""
14284
14285
#: serverguide/C/network-auth.xml:1399(computeroutput)
14286
#, no-wrap
14287
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14288
msgstr ""
14289
14290
#: serverguide/C/network-auth.xml:1400(userinput)
14291
#, no-wrap
14292
msgid "New Password: "
14293
msgstr ""
14294
14295
#: serverguide/C/network-auth.xml:1401(userinput)
14296
#, no-wrap
14297
msgid "New Password (verify): "
14298
msgstr ""
14299
14300
#: serverguide/C/network-auth.xml:1405(para)
14301
msgid "Delete a user:"
14302
msgstr ""
14303
14304
#: serverguide/C/network-auth.xml:1409(command)
14305
msgid "sudo ldapdeleteuser george"
14306
msgstr ""
14307
14308
#: serverguide/C/network-auth.xml:1414(para)
14309
msgid "Add a group:"
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:1418(command)
14313
msgid "sudo ldapaddgroup qa"
14314
msgstr ""
14315
14316
#: serverguide/C/network-auth.xml:1422(para)
14317
msgid "Delete a group:"
14318
msgstr ""
14319
14320
#: serverguide/C/network-auth.xml:1426(command)
14321
msgid "sudo ldapdeletegroup qa"
14322
msgstr ""
14323
14324
#: serverguide/C/network-auth.xml:1430(para)
14325
msgid "Add a user to a group:"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:1434(command)
14329
msgid "sudo ldapaddusertogroup george qa"
14330
msgstr ""
14331
14332
#: serverguide/C/network-auth.xml:1436(para)
14333
msgid ""
14334
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14335
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14336
"role=\"italic\">george</emphasis>."
14337
msgstr ""
14338
14339
#: serverguide/C/network-auth.xml:1442(para)
14340
msgid "Remove a user from a group:"
14341
msgstr ""
14342
14343
#: serverguide/C/network-auth.xml:1446(command)
14344
msgid "sudo ldapdeleteuserfromgroup george qa"
14345
msgstr ""
14346
14347
#: serverguide/C/network-auth.xml:1448(para)
14348
msgid ""
14349
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14350
"<emphasis role=\"italic\">qa</emphasis> group."
14351
msgstr ""
14352
14353
#: serverguide/C/network-auth.xml:1454(para)
14354
msgid ""
14355
"The <application>ldapmodifyuser</application> script allows you to add, "
14356
"remove, or replace a user's attributes. The script uses the same syntax as "
14357
"the <application>ldapmodify</application> utility. For example:"
14358
msgstr ""
14359
14360
#: serverguide/C/network-auth.xml:1459(command)
14361
msgid "sudo ldapmodifyuser george"
14362
msgstr ""
14363
14364
#: serverguide/C/network-auth.xml:1460(computeroutput)
14365
#, no-wrap
14366
msgid ""
14367
"# About to modify the following entry :\n"
14368
"dn: uid=george,ou=People,dc=example,dc=com\n"
14369
"objectClass: account\n"
14370
"objectClass: posixAccount\n"
14371
"cn: george\n"
14372
"uid: george\n"
14373
"uidNumber: 1001\n"
14374
"gidNumber: 1001\n"
14375
"homeDirectory: /home/george\n"
14376
"loginShell: /bin/bash\n"
14377
"gecos: george\n"
14378
"description: User account\n"
14379
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14380
"\n"
14381
"# Enter your modifications here, end with CTRL-D.\n"
14382
"dn: uid=george,ou=People,dc=example,dc=com"
14383
msgstr ""
14384
14385
#: serverguide/C/network-auth.xml:1476(userinput)
14386
#, no-wrap
14387
msgid ""
14388
"replace: gecos\n"
14389
"gecos: George Carlin"
14390
msgstr ""
14391
14392
#: serverguide/C/network-auth.xml:1479(para)
14393
msgid ""
14394
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14395
"Carlin</quote>."
14396
msgstr ""
14397
14398
#: serverguide/C/network-auth.xml:1484(para)
14399
msgid ""
14400
"Another great feature of <application>ldapscripts</application>, is the "
14401
"template system. Templates allow you to customize the attributes of user, "
14402
"group, and machine objectes. For example, to enable the "
14403
"<emphasis>user</emphasis> template edit "
14404
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14405
msgstr ""
14406
14407
#: serverguide/C/network-auth.xml:1491(programlisting)
14408
#, no-wrap
14409
msgid ""
14410
"\n"
14411
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14412
msgstr ""
14413
14414
#: serverguide/C/network-auth.xml:1495(para)
14415
msgid ""
14416
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14417
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14418
"<filename>ldapadduser.template.sample</filename> file to "
14419
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14420
msgstr ""
14421
14422
#: serverguide/C/network-auth.xml:1502(command)
14423
msgid ""
14424
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14425
"/etc/ldapscripts/ldapadduser.template"
14426
msgstr ""
14427
14428
#: serverguide/C/network-auth.xml:1505(para)
14429
msgid ""
14430
"Edit the new template to add the desired attributes. The following will "
14431
"create new user's as with an <emphasis>objectClass</emphasis> of "
14432
"<emphasis>inetOrgPerson</emphasis>:"
14433
msgstr ""
14434
14435
#: serverguide/C/network-auth.xml:1510(programlisting)
14436
#, no-wrap
14437
msgid ""
14438
"\n"
14439
"dn: uid=<user>,<usuffix>,<suffix>\n"
14440
"objectClass: inetOrgPerson\n"
14441
"objectClass: posixAccount\n"
14442
"cn: <user>\n"
14443
"sn: <ask>\n"
14444
"uid: <user>\n"
14445
"uidNumber: <uid>\n"
14446
"gidNumber: <gid>\n"
14447
"homeDirectory: <home>\n"
14448
"loginShell: <shell>\n"
14449
"gecos: <user>\n"
14450
"description: User account\n"
14451
"title: Employee\n"
14452
msgstr ""
14453
14454
#: serverguide/C/network-auth.xml:1526(para)
14455
msgid ""
14456
"Notice the <emphasis><ask></emphasis> option used for the "
14457
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14458
"<application>ldapadduser</application> to prompt you for the attribute value "
14459
"during user creation."
14460
msgstr ""
14461
14462
#: serverguide/C/network-auth.xml:1534(para)
14463
msgid ""
14464
"There are more useful scripts in the package, to see a full list enter: "
14465
"<command>dpkg -L ldapscripts | grep bin</command>"
14466
msgstr ""
14467
14468
#: serverguide/C/network-auth.xml:1543(para)
14469
msgid ""
14470
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14471
"Ubuntu Wiki</ulink> page has more details."
14472
msgstr ""
14473
14474
#: serverguide/C/network-auth.xml:1548(para)
14475
msgid ""
14476
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14477
"Home Page</ulink>"
14478
msgstr ""
14479
14480
#: serverguide/C/network-auth.xml:1553(para)
14481
msgid ""
14482
"Though starting to show it's age, a great source for in depth LDAP "
14483
"information is O'Reilly's <ulink "
14484
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14485
"Administration</ulink>"
14486
msgstr ""
14487
14488
#: serverguide/C/network-auth.xml:1559(para)
14489
msgid ""
14490
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14491
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14492
"newer versions of OpenLDAP."
14493
msgstr ""
14494
14495
#: serverguide/C/network-auth.xml:1565(para)
14496
msgid ""
14497
"For more information on <application>auth-client-config</application> see "
14498
"the man page: <command>man auth-client-config</command>."
14499
msgstr ""
14500
14501
#: serverguide/C/network-auth.xml:1570(para)
14502
msgid ""
14503
"For more details regarding the <application>ldapscripts</application> "
14504
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14505
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14506
msgstr ""
14507
14508
#: serverguide/C/network-auth.xml:1580(title)
14509
msgid "Samba and LDAP"
14510
msgstr ""
14511
14512
#: serverguide/C/network-auth.xml:1582(para)
14513
msgid ""
14514
"This section covers configuring Samba to use LDAP for user, group, and "
14515
"machine account information and authentication. The assumption is, you "
14516
"already have a working OpenLDAP directory installed and the server is "
14517
"configured to use it for authentication. See <xref linkend=\"openldap-"
14518
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14519
"setting up OpenLDAP. For more information on installing and configuring "
14520
"Samba see <xref linkend=\"windows-networking\"/>."
14521
msgstr ""
14522
14523
#: serverguide/C/network-auth.xml:1592(para)
14524
msgid ""
14525
"There are three packages needed when integrating Samba with LDAP. "
14526
"<application>samba</application>, <application>samba-doc</application>, and "
14527
"<application>smbldap-tools</application> packages . To install the packages, "
14528
"from a terminal enter:"
14529
msgstr ""
14530
14531
#: serverguide/C/network-auth.xml:1598(command)
14532
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14533
msgstr ""
14534
14535
#: serverguide/C/network-auth.xml:1601(para)
14536
msgid ""
14537
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14538
"needed, but unless you have another package or custom scripts, a method of "
14539
"managing users, groups, and computer accounts is needed."
14540
msgstr ""
14541
14542
#: serverguide/C/network-auth.xml:1608(title)
14543
msgid "OpenLDAP Configuration"
14544
msgstr ""
14545
14546
#: serverguide/C/network-auth.xml:1610(para)
14547
msgid ""
14548
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14549
"the user objects in the directory will need additional attributes. This "
14550
"section assumes you want Samba to be configured as a Windows NT domain "
14551
"controller, and will add the necessary LDAP objects and attributes."
14552
msgstr ""
14553
14554
#: serverguide/C/network-auth.xml:1618(para)
14555
msgid ""
14556
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14557
"file which is part of the <application>samba-doc</application> package. The "
14558
"schema file needs to be unzipped and copied to "
14559
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14560
msgstr ""
14561
14562
#: serverguide/C/network-auth.xml:1625(command)
14563
msgid ""
14564
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14565
"/etc/ldap/schema/"
14566
msgstr ""
14567
14568
#: serverguide/C/network-auth.xml:1626(command)
14569
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14570
msgstr ""
14571
14572
#: serverguide/C/network-auth.xml:1632(para)
14573
msgid ""
14574
"The <emphasis>samba</emphasis> schema needs to be added to the "
14575
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14576
"<application>slapd</application> is also detailed in <xref "
14577
"linkend=\"openldap-configuration\"/>."
14578
msgstr ""
14579
14580
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14581
msgid ""
14582
"First, create a configuration file named "
14583
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14584
"containing the following lines:"
14585
msgstr ""
14586
14587
#: serverguide/C/network-auth.xml:1645(programlisting)
14588
#, no-wrap
14589
msgid ""
14590
"\n"
14591
"include /etc/ldap/schema/core.schema\n"
14592
"include /etc/ldap/schema/collective.schema\n"
14593
"include /etc/ldap/schema/corba.schema\n"
14594
"include /etc/ldap/schema/cosine.schema\n"
14595
"include /etc/ldap/schema/duaconf.schema\n"
14596
"include /etc/ldap/schema/dyngroup.schema\n"
14597
"include /etc/ldap/schema/inetorgperson.schema\n"
14598
"include /etc/ldap/schema/java.schema\n"
14599
"include /etc/ldap/schema/misc.schema\n"
14600
"include /etc/ldap/schema/nis.schema\n"
14601
"include /etc/ldap/schema/openldap.schema\n"
14602
"include /etc/ldap/schema/ppolicy.schema\n"
14603
"include /etc/ldap/schema/samba.schema\n"
14604
msgstr ""
14605
14606
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14607
msgid ""
14608
"Now use <application>slapcat</application> to convert the schema files:"
14609
msgstr ""
14610
14611
#: serverguide/C/network-auth.xml:1680(command)
14612
msgid ""
14613
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14614
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14618
msgid ""
14619
"Change the above file and path names to match your own if they are different."
14620
msgstr ""
14621
14622
#: serverguide/C/network-auth.xml:1690(para)
14623
msgid ""
14624
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14625
"the following attributes:"
14626
msgstr ""
14627
14628
#: serverguide/C/network-auth.xml:1694(programlisting)
14629
#, no-wrap
14630
msgid ""
14631
"\n"
14632
"dn: cn=samba,cn=schema,cn=config\n"
14633
"...\n"
14634
"cn: samba\n"
14635
msgstr ""
14636
14637
#: serverguide/C/network-auth.xml:1704(programlisting)
14638
#, no-wrap
14639
msgid ""
14640
"\n"
14641
"structuralObjectClass: olcSchemaConfig\n"
14642
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14643
"creatorsName: cn=config\n"
14644
"createTimestamp: 20080827045234Z\n"
14645
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14646
"modifiersName: cn=config\n"
14647
"modifyTimestamp: 20080827045234Z\n"
14648
msgstr ""
14649
14650
#: serverguide/C/network-auth.xml:1729(command)
14651
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14652
msgstr ""
14653
14654
#: serverguide/C/network-auth.xml:1735(para)
14655
msgid ""
14656
"There should now be a <emphasis>dn: "
14657
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14658
"sequential schema, entry in the cn=config tree."
14659
msgstr ""
14660
14661
#: serverguide/C/network-auth.xml:1743(para)
14662
msgid ""
14663
"Copy and paste the following into a file named "
14664
"<filename>samba_indexes.ldif</filename>:"
14665
msgstr ""
14666
14667
#: serverguide/C/network-auth.xml:1747(programlisting)
14668
#, no-wrap
14669
msgid ""
14670
"\n"
14671
"dn: olcDatabase={1}hdb,cn=config\n"
14672
"changetype: modify\n"
14673
"add: olcDbIndex\n"
14674
"olcDbIndex: uidNumber eq\n"
14675
"olcDbIndex: gidNumber eq\n"
14676
"olcDbIndex: loginShell eq\n"
14677
"olcDbIndex: uid eq,pres,sub\n"
14678
"olcDbIndex: memberUid eq,pres,sub\n"
14679
"olcDbIndex: uniqueMember eq,pres\n"
14680
"olcDbIndex: sambaSID eq\n"
14681
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14682
"olcDbIndex: sambaGroupType eq\n"
14683
"olcDbIndex: sambaSIDList eq\n"
14684
"olcDbIndex: sambaDomainName eq\n"
14685
"olcDbIndex: default sub\n"
14686
msgstr ""
14687
14688
#: serverguide/C/network-auth.xml:1765(para)
14689
msgid ""
14690
"Using the <application>ldapmodify</application> utility load the new indexes:"
14691
msgstr ""
14692
14693
#: serverguide/C/network-auth.xml:1770(command)
14694
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14695
msgstr ""
14696
14697
#: serverguide/C/network-auth.xml:1772(para)
14698
msgid ""
14699
"If all went well you should see the new indexes using "
14700
"<application>ldapsearch</application>:"
14701
msgstr ""
14702
14703
#: serverguide/C/network-auth.xml:1777(command)
14704
msgid ""
14705
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14706
msgstr ""
14707
14708
#: serverguide/C/network-auth.xml:1783(para)
14709
msgid ""
14710
"Next, configure the <application>smbldap-tools</application> package to "
14711
"match your environment. The package comes with a configuration script that "
14712
"will ask questions about the needed options. To run the script enter:"
14713
msgstr ""
14714
14715
#: serverguide/C/network-auth.xml:1789(command)
14716
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14717
msgstr ""
14718
14719
#: serverguide/C/network-auth.xml:1790(command)
14720
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14721
msgstr ""
14722
14723
#: serverguide/C/network-auth.xml:1793(para)
14724
msgid ""
14725
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14726
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14727
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14728
"configure script, so if you made any mistakes while executing the script it "
14729
"may be simpler to edit the file appropriately."
14730
msgstr ""
14731
14732
#: serverguide/C/network-auth.xml:1803(para)
14733
msgid ""
14734
"The <application>smbldap-populate</application> script will add the "
14735
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14736
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14737
"<application>slapcat</application> before executing the command:"
14738
msgstr ""
14739
14740
#: serverguide/C/network-auth.xml:1810(command)
14741
msgid "sudo slapcat -l backup.ldif"
14742
msgstr ""
14743
14744
#: serverguide/C/network-auth.xml:1816(para)
14745
msgid ""
14746
"Once you have a current backup execute <application>smbldap-"
14747
"populate</application> by entering:"
14748
msgstr ""
14749
14750
#: serverguide/C/network-auth.xml:1821(command)
14751
msgid "sudo smbldap-populate"
14752
msgstr ""
14753
14754
#: serverguide/C/network-auth.xml:1825(para)
14755
msgid ""
14756
"You can create an LDIF file containing the new Samba objects by executing "
14757
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14758
"look over the changes making sure everything is correct."
14759
msgstr ""
14760
14761
#: serverguide/C/network-auth.xml:1833(para)
14762
msgid ""
14763
"Your LDAP directory now has the necessary domain information to authenticate "
14764
"Samba users."
14765
msgstr ""
14766
14767
#: serverguide/C/network-auth.xml:1839(title)
14768
msgid "Samba Configuration"
14769
msgstr ""
14770
14771
#: serverguide/C/network-auth.xml:1841(para)
14772
msgid ""
14773
"There a multiple ways to configure Samba for details on some common "
14774
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14775
"Samba to use LDAP, edit the main Samba configuration file "
14776
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14777
"backend</emphasis> option and adding the following:"
14778
msgstr ""
14779
14780
#: serverguide/C/network-auth.xml:1847(programlisting)
14781
#, no-wrap
14782
msgid ""
14783
"\n"
14784
"# passdb backend = tdbsam\n"
14785
"\n"
14786
"# LDAP Settings\n"
14787
" passdb backend = ldapsam:ldap://hostname\n"
14788
" ldap suffix = dc=example,dc=com\n"
14789
" ldap user suffix = ou=People\n"
14790
" ldap group suffix = ou=Groups\n"
14791
" ldap machine suffix = ou=Computers\n"
14792
" ldap idmap suffix = ou=Idmap\n"
14793
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14794
" ldap ssl = start tls\n"
14795
" ldap passwd sync = yes\n"
14796
"...\n"
14797
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14798
msgstr ""
14799
14800
#: serverguide/C/network-auth.xml:1864(para)
14801
msgid "Restart <application>samba</application> to enable the new settings:"
14802
msgstr ""
14803
14804
#: serverguide/C/network-auth.xml:1873(para)
14805
msgid ""
14806
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14807
"enter:"
14808
msgstr ""
14809
14810
#: serverguide/C/network-auth.xml:1878(command)
14811
msgid "sudo smbpasswd -w secret"
14812
msgstr ""
14813
14814
#: serverguide/C/network-auth.xml:1882(para)
14815
msgid ""
14816
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14817
"password."
14818
msgstr ""
14819
14820
#: serverguide/C/network-auth.xml:1887(para)
14821
msgid ""
14822
"If you currently have users in LDAP, and you want them to authenticate using "
14823
"Samba, they will need some Samba attributes defined in the "
14824
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14825
"users using the <application>smbpasswd</application> utility, replacing "
14826
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14827
msgstr ""
14828
14829
#: serverguide/C/network-auth.xml:1895(command)
14830
msgid "sudo smbpasswd -a username"
14831
msgstr ""
14832
14833
#: serverguide/C/network-auth.xml:1898(para)
14834
msgid "You will then be asked to enter the user's password."
14835
msgstr ""
14836
14837
#: serverguide/C/network-auth.xml:1902(para)
14838
msgid ""
14839
"To add new user, group, and machine accounts use the utilities from the "
14840
"<application>smbldap-tools</application> package. Here are some examples:"
14841
msgstr ""
14842
14843
#: serverguide/C/network-auth.xml:1909(para)
14844
msgid ""
14845
"To add a new user to LDAP with Samba attributes enter the following, "
14846
"replacing username with an actual username:"
14847
msgstr ""
14848
14849
#: serverguide/C/network-auth.xml:1913(command)
14850
msgid "sudo smbldap-useradd -a -P username"
14851
msgstr ""
14852
14853
#: serverguide/C/network-auth.xml:1915(para)
14854
msgid ""
14855
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14856
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14857
"passwd</application> utility after the user is created allowing you to enter "
14858
"a password for the user."
14859
msgstr ""
14860
14861
#: serverguide/C/network-auth.xml:1921(para)
14862
msgid "To remove a user from the directory enter:"
14863
msgstr ""
14864
14865
#: serverguide/C/network-auth.xml:1925(command)
14866
msgid "sudo smbldap-userdel username"
14867
msgstr ""
14868
14869
#: serverguide/C/network-auth.xml:1927(para)
14870
msgid ""
14871
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14872
"r</emphasis> option to remove the user's home directory."
14873
msgstr ""
14874
14875
#: serverguide/C/network-auth.xml:1932(para)
14876
msgid ""
14877
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14878
"groupname with an appropriate group:"
14879
msgstr ""
14880
14881
#: serverguide/C/network-auth.xml:1936(command)
14882
msgid "sudo smbldap-groupadd -a groupname"
14883
msgstr ""
14884
14885
#: serverguide/C/network-auth.xml:1938(para)
14886
msgid ""
14887
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14888
"a</emphasis> adds the Samba attributes."
14889
msgstr ""
14890
14891
#: serverguide/C/network-auth.xml:1943(para)
14892
msgid ""
14893
"To add a user to a group use <application>smbldap-groupmod</application>:"
14894
msgstr ""
14895
14896
#: serverguide/C/network-auth.xml:1947(command)
14897
msgid "sudo smbldap-groupmod -m username groupname"
14898
msgstr ""
14899
14900
#: serverguide/C/network-auth.xml:1949(para)
14901
msgid ""
14902
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14903
"<emphasis>-m</emphasis> option can add more than one user at a time by "
14904
"listing them in <emphasis>comma separated</emphasis> format."
14905
msgstr ""
14906
14907
#: serverguide/C/network-auth.xml:1955(para)
14908
msgid ""
14909
"<application>smbldap-groupmod</application> can also be used to remove a "
14910
"user from a group:"
14911
msgstr ""
14912
14913
#: serverguide/C/network-auth.xml:1959(command)
14914
msgid "sudo smbldap-groupmod -x username groupname"
14915
msgstr ""
14916
14917
#: serverguide/C/network-auth.xml:1963(para)
14918
msgid ""
14919
"Additionally, the <application>smbldap-useradd</application> utility can add "
14920
"Samba machine accounts:"
14921
msgstr ""
14922
14923
#: serverguide/C/network-auth.xml:1967(command)
14924
msgid "sudo smbldap-useradd -t 0 -w username"
14925
msgstr ""
14926
14927
#: serverguide/C/network-auth.xml:1969(para)
14928
msgid ""
14929
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
14930
"<emphasis>-t 0</emphasis> option creates the machine account without a "
14931
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
14932
"machine account. Also, note the <emphasis>add machine script</emphasis> "
14933
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
14934
"<application>smbldap-useradd</application>."
14935
msgstr ""
14936
14937
#: serverguide/C/network-auth.xml:1978(para)
14938
msgid ""
14939
"There are more useful utilities and options in the <application>smbldap-"
14940
"tools</application> package. The man page for each utility provides more "
14941
"details."
14942
msgstr ""
14943
14944
#: serverguide/C/network-auth.xml:1989(para)
14945
msgid ""
14946
"There are multiple places where LDAP and Samba is documented in the <ulink "
14947
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
14948
"Collection</ulink>."
14949
msgstr ""
14950
14951
#: serverguide/C/network-auth.xml:1995(para)
14952
msgid ""
14953
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
14954
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
14955
msgstr ""
14956
14957
#: serverguide/C/network-auth.xml:2001(para)
14958
msgid ""
14959
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
14960
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
14961
msgstr ""
14962
14963
#: serverguide/C/network-auth.xml:2007(para)
14964
msgid ""
14965
"Again, for more information on <application>smbldap-tools</application> see "
14966
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
14967
"groupadd</command>, <command>man smbldap-populate</command>, etc."
14968
msgstr ""
14969
14970
#: serverguide/C/network-auth.xml:2014(para)
14971
msgid ""
14972
"Also, there is a list of <ulink "
14973
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
14974
"wiki</ulink> articles with more information."
14975
msgstr ""
14976
14977
#: serverguide/C/network-auth.xml:2023(title)
14978
msgid "Kerberos"
14979
msgstr ""
14980
14981
#: serverguide/C/network-auth.xml:2025(para)
14982
msgid ""
14983
"<application>Kerberos</application> is a network authentication system based "
14984
"on the principal of a trusted third party. The other two parties being the "
14985
"user and the service the user wishes to authenticate to. Not all services "
14986
"and applications can use Kerberos, but for those that can, it brings the "
14987
"network environment one step closer to being Single Sign On (SSO)."
14988
msgstr ""
14989
14990
#: serverguide/C/network-auth.xml:2031(para)
14991
msgid ""
14992
"This section covers installation and configuration of a Kerberos server, and "
14993
"some example client configurations."
14994
msgstr ""
14995
14996
#: serverguide/C/network-auth.xml:2038(para)
14997
msgid ""
14998
"If you are new to Kerberos there are a few terms that are good to understand "
14999
"before setting up a Kerberos server. Most of the terms will relate to things "
15000
"you may be familiar with in other environments:"
15001
msgstr ""
15002
15003
#: serverguide/C/network-auth.xml:2045(para)
15004
msgid ""
15005
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15006
"by servers need to be defined as Kerberos Principals."
15007
msgstr ""
15008
15009
#: serverguide/C/network-auth.xml:2050(para)
15010
msgid ""
15011
"<emphasis>Instances:</emphasis> are used for service principals and special "
15012
"administrative principals."
15013
msgstr ""
15014
15015
#: serverguide/C/network-auth.xml:2055(para)
15016
msgid ""
15017
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15018
"Kerberos installation. Usually the DNS domain converted to uppercase "
15019
"(EXAMPLE.COM)."
15020
msgstr ""
15021
15022
#: serverguide/C/network-auth.xml:2061(para)
15023
msgid ""
15024
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15025
"a database of all principals, the authentication server, and the ticket "
15026
"granting server. For each realm there must be at least one KDC."
15027
msgstr ""
15028
15029
#: serverguide/C/network-auth.xml:2067(para)
15030
msgid ""
15031
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15032
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15033
"password which is known only to the user and the KDC."
15034
msgstr ""
15035
15036
#: serverguide/C/network-auth.xml:2073(para)
15037
msgid ""
15038
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15039
"clients upon request."
15040
msgstr ""
15041
15042
#: serverguide/C/network-auth.xml:2078(para)
15043
msgid ""
15044
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15045
"One principal being a user and the other a service requested by the user. "
15046
"Tickets establish an encryption key used for secure communication during the "
15047
"authenticated session."
15048
msgstr ""
15049
15050
#: serverguide/C/network-auth.xml:2084(para)
15051
msgid ""
15052
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15053
"principal database and contain the encryption key for a service or host."
15054
msgstr ""
15055
15056
#: serverguide/C/network-auth.xml:2091(para)
15057
msgid ""
15058
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15059
"redundancy, which contains a database of Principals. When a user principal "
15060
"logs into a workstation, configured for Kerberos authentication, the KDC "
15061
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15062
"match, the user is authenticated and can then request tickets for Kerberized "
15063
"services from the Ticket Granting Server (TGS). The service tickets allow "
15064
"the user to authenticate to the service without entering another username "
15065
"and password."
15066
msgstr ""
15067
15068
#: serverguide/C/network-auth.xml:2100(title)
15069
msgid "Kerberos Server"
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:2104(para)
15073
msgid ""
15074
"Before installing the Kerberos server a properly configured DNS server is "
15075
"needed for your domain. Since the Kerberos Realm by convention matches the "
15076
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15077
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:2110(para)
15081
msgid ""
15082
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15083
"between a client machine and the server differs by more than five minutes "
15084
"(by default), the workstation will not be able to authenticate. To correct "
15085
"the problem all hosts should have their time synchronized using the "
15086
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15087
"NTP see <xref linkend=\"NTP\"/>."
15088
msgstr ""
15089
15090
#: serverguide/C/network-auth.xml:2117(para)
15091
msgid ""
15092
"The first step in installing a Kerberos Realm is to install the "
15093
"<application>krb5-kdc</application> and <application>krb5-admin-"
15094
"server</application> packages. From a terminal enter:"
15095
msgstr ""
15096
15097
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15098
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15099
msgstr ""
15100
15101
#: serverguide/C/network-auth.xml:2126(para)
15102
msgid ""
15103
"You will be asked at the end of the install to supply a name for the "
15104
"Kerberos and Admin servers, which may or may not be the same server, for the "
15105
"realm."
15106
msgstr ""
15107
15108
#: serverguide/C/network-auth.xml:2131(para)
15109
msgid ""
15110
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15111
"utility:"
15112
msgstr ""
15113
15114
#: serverguide/C/network-auth.xml:2136(command)
15115
msgid "sudo krb5_newrealm"
15116
msgstr ""
15117
15118
#: serverguide/C/network-auth.xml:2143(para)
15119
msgid ""
15120
"The questions asked during installation are used to configure the "
15121
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15122
"Distribution Center (KDC) settings simply edit the file and restart the "
15123
"<application>krb5-kdc</application> daemon."
15124
msgstr ""
15125
15126
#: serverguide/C/network-auth.xml:2151(para)
15127
msgid ""
15128
"Now that the KDC running an admin user is needed. It is recommended to use a "
15129
"different username from your everyday username. Using the "
15130
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15131
msgstr ""
15132
15133
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15134
msgid "sudo kadmin.local"
15135
msgstr ""
15136
15137
#: serverguide/C/network-auth.xml:2158(computeroutput)
15138
#, no-wrap
15139
msgid ""
15140
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15141
"kadmin.local:"
15142
msgstr ""
15143
15144
#: serverguide/C/network-auth.xml:2159(userinput)
15145
#, no-wrap
15146
msgid " addprinc steve/admin"
15147
msgstr ""
15148
15149
#: serverguide/C/network-auth.xml:2160(computeroutput)
15150
#, no-wrap
15151
msgid ""
15152
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15153
"policy\n"
15154
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15155
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15156
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15157
"kadmin.local:"
15158
msgstr ""
15159
15160
#: serverguide/C/network-auth.xml:2164(userinput)
15161
#, no-wrap
15162
msgid " quit"
15163
msgstr ""
15164
15165
#: serverguide/C/network-auth.xml:2167(para)
15166
msgid ""
15167
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15168
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15169
"is an <emphasis>Instance</emphasis>, and <emphasis "
15170
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15171
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15172
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15173
"rights."
15174
msgstr ""
15175
15176
#: serverguide/C/network-auth.xml:2175(para)
15177
msgid ""
15178
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15179
"your Realm and admin username."
15180
msgstr ""
15181
15182
#: serverguide/C/network-auth.xml:2183(para)
15183
msgid ""
15184
"Next, the new admin user needs to have the appropriate Access Control List "
15185
"(ACL) permissions. The permissions are configured in the "
15186
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15187
msgstr ""
15188
15189
#: serverguide/C/network-auth.xml:2188(programlisting)
15190
#, no-wrap
15191
msgid ""
15192
"\n"
15193
"steve/admin@EXAMPLE.COM *\n"
15194
msgstr ""
15195
15196
#: serverguide/C/network-auth.xml:2192(para)
15197
msgid ""
15198
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15199
"any operation on all principals in the realm."
15200
msgstr ""
15201
15202
#: serverguide/C/network-auth.xml:2199(para)
15203
msgid ""
15204
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15205
"to take affect:"
15206
msgstr ""
15207
15208
#: serverguide/C/network-auth.xml:2204(command)
15209
msgid "sudo /etc/init.d/krb5-admin-server restart"
15210
msgstr ""
15211
15212
#: serverguide/C/network-auth.xml:2210(para)
15213
msgid ""
15214
"The new user principal can be tested using the <application>kinit "
15215
"utility</application>:"
15216
msgstr ""
15217
15218
#: serverguide/C/network-auth.xml:2215(command)
15219
msgid "kinit steve/admin"
15220
msgstr ""
15221
15222
#: serverguide/C/network-auth.xml:2216(computeroutput)
15223
#, no-wrap
15224
msgid "steve/admin@EXAMPLE.COM's Password:"
15225
msgstr ""
15226
15227
#: serverguide/C/network-auth.xml:2219(para)
15228
msgid ""
15229
"After entering the password, use the <application>klist</application> "
15230
"utility to view information about the Ticket Granting Ticket (TGT):"
15231
msgstr ""
15232
15233
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15234
msgid "klist"
15235
msgstr ""
15236
15237
#: serverguide/C/network-auth.xml:2226(computeroutput)
15238
#, no-wrap
15239
msgid ""
15240
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15241
" Principal: steve/admin@EXAMPLE.COM\n"
15242
"\n"
15243
" Issued Expires Principal\n"
15244
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15245
msgstr ""
15246
15247
#: serverguide/C/network-auth.xml:2233(para)
15248
msgid ""
15249
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15250
"the KDC. For example:"
15251
msgstr ""
15252
15253
#: serverguide/C/network-auth.xml:2237(programlisting)
15254
#, no-wrap
15255
msgid ""
15256
"\n"
15257
"192.168.0.1 kdc01.example.com kdc01\n"
15258
msgstr ""
15259
15260
#: serverguide/C/network-auth.xml:2241(para)
15261
msgid ""
15262
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15263
msgstr ""
15264
15265
#: serverguide/C/network-auth.xml:2248(para)
15266
msgid ""
15267
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15268
"are needed. Add the following to "
15269
"<filename>/etc/named/db.example.com</filename>:"
15270
msgstr ""
15271
15272
#: serverguide/C/network-auth.xml:2253(programlisting)
15273
#, no-wrap
15274
msgid ""
15275
"\n"
15276
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15277
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15278
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15279
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15280
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15281
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15282
msgstr ""
15283
15284
#: serverguide/C/network-auth.xml:2263(para)
15285
msgid ""
15286
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15287
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15288
"KDC."
15289
msgstr ""
15290
15291
#: serverguide/C/network-auth.xml:2269(para)
15292
msgid ""
15293
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15294
msgstr ""
15295
15296
#: serverguide/C/network-auth.xml:2276(para)
15297
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15298
msgstr ""
15299
15300
#: serverguide/C/network-auth.xml:2283(title)
15301
msgid "Secondary KDC"
15302
msgstr ""
15303
15304
#: serverguide/C/network-auth.xml:2285(para)
15305
msgid ""
15306
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15307
"practice to have a Secondary KDC in case the primary becomes unavailable."
15308
msgstr ""
15309
15310
#: serverguide/C/network-auth.xml:2293(para)
15311
msgid ""
15312
"First, install the packages, and when asked for the Kerberos and Admin "
15313
"server names enter the name of the Primary KDC:"
15314
msgstr ""
15315
15316
#: serverguide/C/network-auth.xml:2304(para)
15317
msgid ""
15318
"Once you have the packages installed, create the Secondary KDC's host "
15319
"principal. From a terminal prompt, enter:"
15320
msgstr ""
15321
15322
#: serverguide/C/network-auth.xml:2309(command)
15323
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15324
msgstr ""
15325
15326
#: serverguide/C/network-auth.xml:2313(para)
15327
msgid ""
15328
"After, issuing any <application>kadmin</application> commands you will be "
15329
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15330
"password."
15331
msgstr ""
15332
15333
#: serverguide/C/network-auth.xml:2322(para)
15334
msgid "Extract the <emphasis>keytab</emphasis> file:"
15335
msgstr ""
15336
15337
#: serverguide/C/network-auth.xml:2327(command)
15338
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15339
msgstr ""
15340
15341
#: serverguide/C/network-auth.xml:2333(para)
15342
msgid ""
15343
"There should now be a <filename>keytab.kdc02</filename> in the current "
15344
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15345
msgstr ""
15346
15347
#: serverguide/C/network-auth.xml:2339(command)
15348
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15349
msgstr ""
15350
15351
#: serverguide/C/network-auth.xml:2343(para)
15352
msgid ""
15353
"If the path to the <filename>keytab.kdc02</filename> file is different "
15354
"adjust accordingly."
15355
msgstr ""
15356
15357
#: serverguide/C/network-auth.xml:2348(para)
15358
msgid ""
15359
"Also, you can list the principals in a Keytab file, which can be useful when "
15360
"troubleshooting, using the <application>klist</application> utility:"
15361
msgstr ""
15362
15363
#: serverguide/C/network-auth.xml:2354(command)
15364
msgid "sudo klist -k /etc/krb5.keytab"
15365
msgstr ""
15366
15367
#: serverguide/C/network-auth.xml:2360(para)
15368
msgid ""
15369
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15370
"that lists all KDCs for the Realm. For example, on both primary and "
15371
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15372
msgstr ""
15373
15374
#: serverguide/C/network-auth.xml:2365(programlisting)
15375
#, no-wrap
15376
msgid ""
15377
"\n"
15378
"host/kdc01.example.com@EXAMPLE.COM\n"
15379
"host/kdc02.example.com@EXAMPLE.COM\n"
15380
msgstr ""
15381
15382
#: serverguide/C/network-auth.xml:2373(para)
15383
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15384
msgstr ""
15385
15386
#: serverguide/C/network-auth.xml:2378(command)
15387
msgid "sudo kdb5_util -s create"
15388
msgstr ""
15389
15390
#: serverguide/C/network-auth.xml:2384(para)
15391
msgid ""
15392
"Now start the <application>kpropd</application> daemon, which listens for "
15393
"connections from the <application>kprop</application> utility. "
15394
"<application>kprop</application> is used to transfer dump files:"
15395
msgstr ""
15396
15397
#: serverguide/C/network-auth.xml:2391(command)
15398
msgid "sudo kpropd -S"
15399
msgstr ""
15400
15401
#: serverguide/C/network-auth.xml:2397(para)
15402
msgid ""
15403
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15404
"of the principal database:"
15405
msgstr ""
15406
15407
#: serverguide/C/network-auth.xml:2402(command)
15408
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15409
msgstr ""
15410
15411
#: serverguide/C/network-auth.xml:2408(para)
15412
msgid ""
15413
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15414
"<filename>/etc/krb5.keytab</filename>:"
15415
msgstr ""
15416
15417
#: serverguide/C/network-auth.xml:2413(command)
15418
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15419
msgstr ""
15420
15421
#: serverguide/C/network-auth.xml:2414(command)
15422
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15423
msgstr ""
15424
15425
#: serverguide/C/network-auth.xml:2418(para)
15426
msgid ""
15427
"Make sure there is a <emphasis>host</emphasis> for "
15428
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15429
msgstr ""
15430
15431
#: serverguide/C/network-auth.xml:2426(para)
15432
msgid ""
15433
"Using the <application>kprop</application> utility push the database to the "
15434
"Secondary KDC:"
15435
msgstr ""
15436
15437
#: serverguide/C/network-auth.xml:2431(command)
15438
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15439
msgstr ""
15440
15441
#: serverguide/C/network-auth.xml:2435(para)
15442
msgid ""
15443
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15444
"worked. If there is an error message check "
15445
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15446
"information."
15447
msgstr ""
15448
15449
#: serverguide/C/network-auth.xml:2441(para)
15450
msgid ""
15451
"You may also want to create a <application>cron</application> job to "
15452
"periodically update the database on the Secondary KDC. For example, the "
15453
"following will push the database every hour:"
15454
msgstr ""
15455
15456
#: serverguide/C/network-auth.xml:2446(programlisting)
15457
#, no-wrap
15458
msgid ""
15459
"\n"
15460
"# m h dom mon dow command\n"
15461
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15462
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15463
msgstr ""
15464
15465
#: serverguide/C/network-auth.xml:2454(para)
15466
msgid ""
15467
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15468
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15469
msgstr ""
15470
15471
#: serverguide/C/network-auth.xml:2460(command)
15472
msgid "sudo kdb5_util stash"
15473
msgstr ""
15474
15475
#: serverguide/C/network-auth.xml:2466(para)
15476
msgid ""
15477
"Finally, start the <application>krb5-kdc</application> daemon on the "
15478
"Secondary KDC:"
15479
msgstr ""
15480
15481
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15482
msgid "sudo /etc/init.d/krb5-kdc start"
15483
msgstr ""
15484
15485
#: serverguide/C/network-auth.xml:2477(para)
15486
msgid ""
15487
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15488
"for the Realm. You can test this by stopping the <application>krb5-"
15489
"kdc</application> daemon on the Primary KDC, then use "
15490
"<application>kinit</application> to request a ticket. If all goes well you "
15491
"should receive a ticket from the Secondary KDC."
15492
msgstr ""
15493
15494
#: serverguide/C/network-auth.xml:2485(title)
15495
msgid "Kerberos Linux Client"
15496
msgstr ""
15497
15498
#: serverguide/C/network-auth.xml:2487(para)
15499
msgid ""
15500
"This section covers configuring a Linux system as a "
15501
"<application>Kerberos</application> client. This will allow access to any "
15502
"kerberized services once a user has successfully logged into the system."
15503
msgstr ""
15504
15505
#: serverguide/C/network-auth.xml:2495(para)
15506
msgid ""
15507
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15508
"user</application> and <application>libpam-krb5</application> packages are "
15509
"needed, along with a few others that are not strictly necessary but make "
15510
"life easier. To install the packages enter the following in a terminal "
15511
"prompt:"
15512
msgstr ""
15513
15514
#: serverguide/C/network-auth.xml:2502(command)
15515
msgid ""
15516
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15517
msgstr ""
15518
15519
#: serverguide/C/network-auth.xml:2505(para)
15520
msgid ""
15521
"The <application>auth-client-config</application> package allows simple "
15522
"configuration of PAM for authentication from multiple sources, and the "
15523
"<application>libpam-ccreds</application> will cache authentication "
15524
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15525
"is unavailable. This package is also useful for laptops that may "
15526
"authenticate using Kerberos while on the corporate network, but will need to "
15527
"be accessed off the network as well."
15528
msgstr ""
15529
15530
#: serverguide/C/network-auth.xml:2516(para)
15531
msgid "To configure the client in a terminal enter:"
15532
msgstr ""
15533
15534
#: serverguide/C/network-auth.xml:2521(command)
15535
msgid "sudo dpkg-reconfigure krb5-config"
15536
msgstr ""
15537
15538
#: serverguide/C/network-auth.xml:2524(para)
15539
msgid ""
15540
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15541
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15542
"records, the menu will prompt you for the hostname of the Key Distribution "
15543
"Center (KDC) and Realm Administration server."
15544
msgstr ""
15545
15546
#: serverguide/C/network-auth.xml:2530(para)
15547
msgid ""
15548
"The <application>dpkg-reconfigure</application> adds entries to the "
15549
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15550
"entries similar to the following:"
15551
msgstr ""
15552
15553
#: serverguide/C/network-auth.xml:2535(programlisting)
15554
#, no-wrap
15555
msgid ""
15556
"\n"
15557
"[libdefaults]\n"
15558
" default_realm = EXAMPLE.COM\n"
15559
"...\n"
15560
"[realms]\n"
15561
" EXAMPLE.COM = } \n"
15562
" kdc = 192.168.0.1 \n"
15563
" admin_server = 192.168.0.1\n"
15564
" }\n"
15565
msgstr ""
15566
15567
#: serverguide/C/network-auth.xml:2546(para)
15568
msgid ""
15569
"You can test the configuration by requesting a ticket using the "
15570
"<application>kinit</application> utility. For example:"
15571
msgstr ""
15572
15573
#: serverguide/C/network-auth.xml:2551(command)
15574
msgid "kinit steve@EXAMPLE.COM"
15575
msgstr ""
15576
15577
#: serverguide/C/network-auth.xml:2552(computeroutput)
15578
#, no-wrap
15579
msgid "Password for steve@EXAMPLE.COM:"
15580
msgstr ""
15581
15582
#: serverguide/C/network-auth.xml:2555(para)
15583
msgid ""
15584
"When a ticket has been granted, the details can be viewed using "
15585
"<application>klist</application>:"
15586
msgstr ""
15587
15588
#: serverguide/C/network-auth.xml:2561(computeroutput)
15589
#, no-wrap
15590
msgid ""
15591
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15592
"Default principal: steve@EXAMPLE.COM\n"
15593
"\n"
15594
"Valid starting Expires Service principal\n"
15595
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15596
" renew until 07/25/08 05:18:57\n"
15597
"\n"
15598
"\n"
15599
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15600
"klist: You have no tickets cached"
15601
msgstr ""
15602
15603
#: serverguide/C/network-auth.xml:2573(para)
15604
msgid ""
15605
"Next, use the <application>auth-client-config</application> to configure the "
15606
"<application>libpam-krb5</application> module to request a ticket during "
15607
"login:"
15608
msgstr ""
15609
15610
#: serverguide/C/network-auth.xml:2579(command)
15611
msgid "sudo auth-client-config -a -p kerberos_example"
15612
msgstr ""
15613
15614
#: serverguide/C/network-auth.xml:2582(para)
15615
msgid ""
15616
"You will should now receive a ticket upon successful login authentication."
15617
msgstr ""
15618
15619
#: serverguide/C/network-auth.xml:2593(para)
15620
msgid ""
15621
"For more information on Kerberos see the <ulink "
15622
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15623
msgstr ""
15624
15625
#: serverguide/C/network-auth.xml:2598(para)
15626
msgid ""
15627
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15628
"Kerberos</ulink> page has more details."
15629
msgstr ""
15630
15631
#: serverguide/C/network-auth.xml:2603(para)
15632
msgid ""
15633
"O'Reilly's <ulink "
15634
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15635
"Guide</ulink> is a great reference when setting up Kerberos."
15636
msgstr ""
15637
15638
#: serverguide/C/network-auth.xml:2609(para)
15639
msgid ""
15640
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15641
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15642
"Kerberos questions."
15643
msgstr ""
15644
15645
#: serverguide/C/network-auth.xml:2619(title)
15646
msgid "Kerberos and LDAP"
15647
msgstr ""
15648
15649
#: serverguide/C/network-auth.xml:2621(para)
15650
msgid ""
15651
"Replicating a Kerberos principal database between two servers can be "
15652
"complicated, and adds an additional user database to your network. "
15653
"Fortunately, MIT Kerberos can be configured to use an "
15654
"<application>LDAP</application> directory as a principal database. This "
15655
"section covers configuring a primary and secondary kerberos server to use "
15656
"<application>OpenLDAP</application> for the principal database."
15657
msgstr ""
15658
15659
#: serverguide/C/network-auth.xml:2629(title)
15660
msgid "Configuring OpenLDAP"
15661
msgstr ""
15662
15663
#: serverguide/C/network-auth.xml:2631(para)
15664
msgid ""
15665
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15666
"<application>OpenLDAP</application> server that has network connectivity to "
15667
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15668
"also have LDAP replication configured between at least two servers. For "
15669
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15670
msgstr ""
15671
15672
#: serverguide/C/network-auth.xml:2638(para)
15673
msgid ""
15674
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15675
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15676
"linkend=\"openldap-tls\"/> for details."
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:2645(para)
15680
msgid ""
15681
"To load the schema into LDAP, on the LDAP server install the "
15682
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15683
msgstr ""
15684
15685
#: serverguide/C/network-auth.xml:2651(command)
15686
msgid "sudo apt-get install krb5-kdc-ldap"
15687
msgstr ""
15688
15689
#: serverguide/C/network-auth.xml:2656(para)
15690
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15691
msgstr ""
15692
15693
#: serverguide/C/network-auth.xml:2661(command)
15694
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15695
msgstr ""
15696
15697
#: serverguide/C/network-auth.xml:2662(command)
15698
msgid ""
15699
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15700
msgstr ""
15701
15702
#: serverguide/C/network-auth.xml:2668(para)
15703
msgid ""
15704
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15705
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15706
"<application>slapd</application> is also detailed in <xref "
15707
"linkend=\"openldap-configuration\"/>."
15708
msgstr ""
15709
15710
#: serverguide/C/network-auth.xml:2681(programlisting)
15711
#, no-wrap
15712
msgid ""
15713
"\n"
15714
"include /etc/ldap/schema/core.schema\n"
15715
"include /etc/ldap/schema/collective.schema\n"
15716
"include /etc/ldap/schema/corba.schema\n"
15717
"include /etc/ldap/schema/cosine.schema\n"
15718
"include /etc/ldap/schema/duaconf.schema\n"
15719
"include /etc/ldap/schema/dyngroup.schema\n"
15720
"include /etc/ldap/schema/inetorgperson.schema\n"
15721
"include /etc/ldap/schema/java.schema\n"
15722
"include /etc/ldap/schema/misc.schema\n"
15723
"include /etc/ldap/schema/nis.schema\n"
15724
"include /etc/ldap/schema/openldap.schema\n"
15725
"include /etc/ldap/schema/ppolicy.schema\n"
15726
"include /etc/ldap/schema/kerberos.schema\n"
15727
msgstr ""
15728
15729
#: serverguide/C/network-auth.xml:2701(para)
15730
msgid "Create a temporary directory to hold the LDIF files:"
15731
msgstr ""
15732
15733
#: serverguide/C/network-auth.xml:2716(command)
15734
msgid ""
15735
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15736
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15737
msgstr ""
15738
15739
#: serverguide/C/network-auth.xml:2726(para)
15740
msgid ""
15741
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15742
"changing the following attributes:"
15743
msgstr ""
15744
15745
#: serverguide/C/network-auth.xml:2730(programlisting)
15746
#, no-wrap
15747
msgid ""
15748
"\n"
15749
"dn: cn=kerberos,cn=schema,cn=config\n"
15750
"...\n"
15751
"cn: kerberos\n"
15752
msgstr ""
15753
15754
#: serverguide/C/network-auth.xml:2736(para)
15755
msgid "And remove the following lines from the end of the file:"
15756
msgstr ""
15757
15758
#: serverguide/C/network-auth.xml:2740(programlisting)
15759
#, no-wrap
15760
msgid ""
15761
"\n"
15762
"structuralObjectClass: olcSchemaConfig\n"
15763
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15764
"creatorsName: cn=config\n"
15765
"createTimestamp: 20090111203515Z\n"
15766
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15767
"modifiersName: cn=config\n"
15768
"modifyTimestamp: 20090111203515Z\n"
15769
msgstr ""
15770
15771
#: serverguide/C/network-auth.xml:2759(para)
15772
msgid "Load the new schema with <application>ldapadd</application>:"
15773
msgstr ""
15774
15775
#: serverguide/C/network-auth.xml:2764(command)
15776
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15777
msgstr ""
15778
15779
#: serverguide/C/network-auth.xml:2770(para)
15780
msgid ""
15781
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15782
msgstr ""
15783
15784
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15785
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15786
msgstr ""
15787
15788
#: serverguide/C/network-auth.xml:2777(userinput)
15789
#, no-wrap
15790
msgid ""
15791
"dn: olcDatabase={1}hdb,cn=config\n"
15792
"add: olcDbIndex\n"
15793
"olcDbIndex: krbPrincipalName eq,pres,sub"
15794
msgstr ""
15795
15796
#: serverguide/C/network-auth.xml:2776(computeroutput)
15797
#, no-wrap
15798
msgid ""
15799
"Enter LDAP Password:\n"
15800
"<placeholder-1/>\n"
15801
"\n"
15802
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15803
msgstr ""
15804
15805
#: serverguide/C/network-auth.xml:2787(para)
15806
msgid "Finally, update the Access Control Lists (ACL):"
15807
msgstr ""
15808
15809
#: serverguide/C/network-auth.xml:2794(userinput)
15810
#, no-wrap
15811
msgid ""
15812
"dn: olcDatabase={1}hdb,cn=config\n"
15813
"replace: olcAccess\n"
15814
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15815
"dn=\"cn=admin,dc=exampl\n"
15816
" e,dc=com\" write by anonymous auth by self write by * none\n"
15817
"-\n"
15818
"add: olcAccess\n"
15819
"olcAccess: to dn.base=\"\" by * read\n"
15820
"-\n"
15821
"add: olcAccess\n"
15822
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15823
msgstr ""
15824
15825
#: serverguide/C/network-auth.xml:2793(computeroutput)
15826
#, no-wrap
15827
msgid ""
15828
"Enter LDAP Password: \n"
15829
"<placeholder-1/>\n"
15830
"\n"
15831
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15832
msgstr ""
15833
15834
#: serverguide/C/network-auth.xml:2814(para)
15835
msgid ""
15836
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15837
"database."
15838
msgstr ""
15839
15840
#: serverguide/C/network-auth.xml:2820(title)
15841
msgid "Primary KDC Configuration"
15842
msgstr ""
15843
15844
#: serverguide/C/network-auth.xml:2822(para)
15845
msgid ""
15846
"With <application>OpenLDAP</application> configured it is time to configure "
15847
"the KDC."
15848
msgstr ""
15849
15850
#: serverguide/C/network-auth.xml:2828(para)
15851
msgid "First, install the necessary packages, from a terminal enter:"
15852
msgstr ""
15853
15854
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15855
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15856
msgstr ""
15857
15858
#: serverguide/C/network-auth.xml:2839(para)
15859
msgid ""
15860
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15861
"under the appropriate sections:"
15862
msgstr ""
15863
15864
#: serverguide/C/network-auth.xml:2843(programlisting)
15865
#, no-wrap
15866
msgid ""
15867
"\n"
15868
"[libdefaults]\n"
15869
" default_realm = EXAMPLE.COM\n"
15870
"\n"
15871
"...\n"
15872
"\n"
15873
"[realms]\n"
15874
" EXAMPLE.COM = {\n"
15875
" kdc = kdc01.example.com\n"
15876
" kdc = kdc02.example.com\n"
15877
" admin_server = kdc01.example.com\n"
15878
" admin_server = kdc02.example.com\n"
15879
" default_domain = example.com\n"
15880
" database_module = openldap_ldapconf\n"
15881
" }\n"
15882
"\n"
15883
"...\n"
15884
"\n"
15885
"[domain_realm]\n"
15886
" .example.com = EXAMPLE.COM\n"
15887
"\n"
15888
"\n"
15889
"...\n"
15890
"\n"
15891
"[dbdefaults]\n"
15892
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15893
"\n"
15894
"[dbmodules]\n"
15895
" openldap_ldapconf = {\n"
15896
" db_library = kldap\n"
15897
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15898
"\n"
15899
" # this object needs to have read rights on\n"
15900
" # the realm container, principal container and realm sub-"
15901
"trees\n"
15902
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
15903
"\n"
15904
" # this object needs to have read and write rights on\n"
15905
" # the realm container, principal container and realm sub-"
15906
"trees\n"
15907
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
15908
" ldap_servers = ldaps://ldap01.example.com "
15909
"ldaps://ldap02.example.com\n"
15910
" ldap_conns_per_server = 5\n"
15911
" }\n"
15912
msgstr ""
15913
15914
#: serverguide/C/network-auth.xml:2888(para)
15915
msgid ""
15916
"Change <emphasis>example.com</emphasis>, "
15917
"<emphasis>dc=example,dc=com</emphasis>, "
15918
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
15919
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
15920
"object, and LDAP server for your network."
15921
msgstr ""
15922
15923
#: serverguide/C/network-auth.xml:2897(para)
15924
msgid ""
15925
"Next, use the <application>kdb5_ldap_util</application> utility to create "
15926
"the realm:"
15927
msgstr ""
15928
15929
#: serverguide/C/network-auth.xml:2902(command)
15930
msgid ""
15931
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
15932
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
15933
msgstr ""
15934
15935
#: serverguide/C/network-auth.xml:2908(para)
15936
msgid ""
15937
"Create a stash of the password used to bind to the LDAP server. This "
15938
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
15939
"<emphasis>ldap_kadmin_dn</emphasis> options in "
15940
"<filename>/etc/krb5.conf</filename>:"
15941
msgstr ""
15942
15943
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
15944
msgid ""
15945
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
15946
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
15947
msgstr ""
15948
15949
#: serverguide/C/network-auth.xml:2920(para)
15950
msgid "Copy the CA certificate from the LDAP server:"
15951
msgstr ""
15952
15953
#: serverguide/C/network-auth.xml:2925(command)
15954
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
15955
msgstr ""
15956
15957
#: serverguide/C/network-auth.xml:2926(command)
15958
msgid "sudo cp cacert.pem /etc/ssl/certs"
15959
msgstr ""
15960
15961
#: serverguide/C/network-auth.xml:2929(para)
15962
msgid ""
15963
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
15964
msgstr ""
15965
15966
#: serverguide/C/network-auth.xml:2933(programlisting)
15967
#, no-wrap
15968
msgid ""
15969
"\n"
15970
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15971
msgstr ""
15972
15973
#: serverguide/C/network-auth.xml:2938(para)
15974
msgid ""
15975
"The certificate will also need to be copied to the Secondary KDC, to allow "
15976
"the connection to the LDAP servers using LDAPS."
15977
msgstr ""
15978
15979
#: serverguide/C/network-auth.xml:2947(para)
15980
msgid ""
15981
"You can now add Kerberos principals to the LDAP database, and they will be "
15982
"copied to any other LDAP servers configured for replication. To add a "
15983
"principal using the <application>kadmin.local</application> utility enter:"
15984
msgstr ""
15985
15986
#: serverguide/C/network-auth.xml:2955(userinput)
15987
#, no-wrap
15988
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
15989
msgstr ""
15990
15991
#: serverguide/C/network-auth.xml:2954(computeroutput)
15992
#, no-wrap
15993
msgid ""
15994
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15995
"kadmin.local: <placeholder-1/>\n"
15996
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
15997
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
15998
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
15999
"Principal \"steve@EXAMPLE.COM\" created."
16000
msgstr ""
16001
16002
#: serverguide/C/network-auth.xml:2962(para)
16003
msgid ""
16004
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16005
"krbExtraData attributes added to the "
16006
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16007
"the <application>kinit</application> and <application>klist</application> "
16008
"utilities to test that the user is indeed issued a ticket."
16009
msgstr ""
16010
16011
#: serverguide/C/network-auth.xml:2969(para)
16012
msgid ""
16013
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16014
"option is needed to add the Kerberos attributes. Otherwise a new "
16015
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16016
msgstr ""
16017
16018
#: serverguide/C/network-auth.xml:2977(title)
16019
msgid "Secondary KDC Configuration"
16020
msgstr ""
16021
16022
#: serverguide/C/network-auth.xml:2979(para)
16023
msgid ""
16024
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16025
"one using the normal Kerberos database."
16026
msgstr ""
16027
16028
#: serverguide/C/network-auth.xml:2985(para)
16029
msgid "First, install the necessary packages. In a terminal enter:"
16030
msgstr ""
16031
16032
#: serverguide/C/network-auth.xml:2996(para)
16033
msgid ""
16034
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16035
msgstr ""
16036
16037
#: serverguide/C/network-auth.xml:3000(programlisting)
16038
#, no-wrap
16039
msgid ""
16040
"\n"
16041
"[libdefaults]\n"
16042
" default_realm = EXAMPLE.COM\n"
16043
"\n"
16044
"...\n"
16045
"\n"
16046
"[realms]\n"
16047
" EXAMPLE.COM = {\n"
16048
" kdc = kdc01.example.com\n"
16049
" kdc = kdc02.example.com\n"
16050
" admin_server = kdc01.example.com\n"
16051
" admin_server = kdc02.example.com\n"
16052
" default_domain = example.com\n"
16053
" database_module = openldap_ldapconf\n"
16054
" }\n"
16055
"\n"
16056
"...\n"
16057
"\n"
16058
"[domain_realm]\n"
16059
" .example.com = EXAMPLE.COM\n"
16060
"\n"
16061
"...\n"
16062
"\n"
16063
"[dbdefaults]\n"
16064
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16065
"\n"
16066
"[dbmodules]\n"
16067
" openldap_ldapconf = {\n"
16068
" db_library = kldap\n"
16069
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16070
"\n"
16071
" # this object needs to have read rights on\n"
16072
" # the realm container, principal container and realm sub-"
16073
"trees\n"
16074
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16075
"\n"
16076
" # this object needs to have read and write rights on\n"
16077
" # the realm container, principal container and realm sub-"
16078
"trees\n"
16079
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16080
" ldap_servers = ldaps://ldap01.example.com "
16081
"ldaps://ldap02.example.com\n"
16082
" ldap_conns_per_server = 5\n"
16083
" }\n"
16084
msgstr ""
16085
16086
#: serverguide/C/network-auth.xml:3047(para)
16087
msgid "Create the stash for the LDAP bind password:"
16088
msgstr ""
16089
16090
#: serverguide/C/network-auth.xml:3058(para)
16091
msgid ""
16092
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16093
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16094
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16095
"encrypted connection such as <application>scp</application>, or on physical "
16096
"media."
16097
msgstr ""
16098
16099
#: serverguide/C/network-auth.xml:3065(command)
16100
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16101
msgstr ""
16102
16103
#: serverguide/C/network-auth.xml:3066(command)
16104
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16105
msgstr ""
16106
16107
#: serverguide/C/network-auth.xml:3070(para)
16108
msgid ""
16109
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16110
msgstr ""
16111
16112
#: serverguide/C/network-auth.xml:3078(para)
16113
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16114
msgstr ""
16115
16116
#: serverguide/C/network-auth.xml:3089(para)
16117
msgid ""
16118
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16119
"you should be able to continue to authenticate users if one LDAP server, one "
16120
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16121
msgstr ""
16122
16123
#: serverguide/C/network-auth.xml:3101(para)
16124
msgid ""
16125
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16126
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16127
"Guide</ulink> has some additional details."
16128
msgstr ""
16129
16130
#: serverguide/C/network-auth.xml:3107(para)
16131
msgid ""
16132
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16133
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16134
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16135
"5.6</ulink> and the <ulink "
16136
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16137
"tml\">kdb5_ldap_util man page</ulink>."
16138
msgstr ""
16139
16140
#: serverguide/C/network-auth.xml:3115(para)
16141
msgid ""
16142
"Another useful link is the <ulink "
16143
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16144
">krb5.conf man page</ulink>."
16145
msgstr ""
16146
16147
#: serverguide/C/network-auth.xml:3120(para)
16148
msgid ""
16149
"Also, see the <ulink "
16150
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16151
"and LDAP</ulink> Ubuntu wiki page."
16152
msgstr ""
16153
16154
#: serverguide/C/monitoring.xml:13(title)
16155
msgid "Monitoring"
16156
msgstr ""
16157
16158
#: serverguide/C/monitoring.xml:17(para)
16159
msgid ""
16160
"The monitoring of essential servers and services is an important part of "
16161
"system administration. Most network services are monitored for performance, "
16162
"availability, or both. This section will cover installation and "
16163
"configuration of <application>Nagios</application> for availability "
16164
"monitoring, and <application>Munin</application> for performance monitoring."
16165
msgstr ""
16166
16167
#: serverguide/C/monitoring.xml:24(para)
16168
msgid ""
16169
"The examples in this section will use two servers with hostnames "
16170
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16171
"<emphasis>Server01</emphasis> will be configured with "
16172
"<application>Nagios</application> to monitor services on itself and "
16173
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16174
"<application>munin</application> package to gather information from the "
16175
"network. Using the <application>munin-node</application> package, "
16176
"<emphasis>server02</emphasis> will be configured to send information to "
16177
"<emphasis>server01</emphasis>."
16178
msgstr ""
16179
16180
#: serverguide/C/monitoring.xml:33(para)
16181
msgid ""
16182
"Hopefully these simple examples will allow you to monitor additional servers "
16183
"and services on your network."
16184
msgstr ""
16185
16186
#: serverguide/C/monitoring.xml:39(title)
16187
msgid "Nagios"
16188
msgstr ""
16189
16190
#: serverguide/C/monitoring.xml:44(para)
16191
msgid ""
16192
"First, on <emphasis>server01</emphasis> install the "
16193
"<application>nagios</application> package. In a terminal enter:"
16194
msgstr ""
16195
16196
#: serverguide/C/monitoring.xml:50(command)
16197
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16198
msgstr ""
16199
16200
#: serverguide/C/monitoring.xml:53(para)
16201
msgid ""
16202
"You will be asked to enter a password for the "
16203
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16204
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16205
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16206
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16207
"of the <application>apache2-utils</application> package."
16208
msgstr ""
16209
16210
#: serverguide/C/monitoring.xml:60(para)
16211
msgid ""
16212
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16213
"user enter:"
16214
msgstr ""
16215
16216
#: serverguide/C/monitoring.xml:65(command)
16217
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16218
msgstr ""
16219
16220
#: serverguide/C/monitoring.xml:68(para)
16221
msgid "To add a user:"
16222
msgstr ""
16223
16224
#: serverguide/C/monitoring.xml:73(command)
16225
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16226
msgstr ""
16227
16228
#: serverguide/C/monitoring.xml:76(para)
16229
msgid ""
16230
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16231
"server</application> package. From a terminal on server02 enter:"
16232
msgstr ""
16233
16234
#: serverguide/C/monitoring.xml:82(command)
16235
msgid "sudo apt-get install nagios-nrpe-server"
16236
msgstr ""
16237
16238
#: serverguide/C/monitoring.xml:86(para)
16239
msgid ""
16240
"<application>NRPE</application> allows you to execute local checks on remote "
16241
"hosts. There are other ways of accomplishing this through other Nagios "
16242
"plugins as well as other checks."
16243
msgstr ""
16244
16245
#: serverguide/C/monitoring.xml:94(title)
16246
msgid "Configuration Overview"
16247
msgstr ""
16248
16249
#: serverguide/C/monitoring.xml:96(para)
16250
msgid ""
16251
"There are a couple of directories containing "
16252
"<application>Nagios</application> configuration and check files."
16253
msgstr ""
16254
16255
#: serverguide/C/monitoring.xml:102(para)
16256
msgid ""
16257
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16258
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16259
"etc."
16260
msgstr ""
16261
16262
#: serverguide/C/monitoring.xml:108(para)
16263
msgid ""
16264
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16265
"service checks."
16266
msgstr ""
16267
16268
#: serverguide/C/monitoring.xml:113(para)
16269
msgid ""
16270
"<filename>/etc/nagios</filename>: on the remote host contains the "
16271
"<application>nagios-nrpe-server</application> configuration files."
16272
msgstr ""
16273
16274
#: serverguide/C/monitoring.xml:118(para)
16275
msgid ""
16276
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16277
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16278
msgstr ""
16279
16280
#: serverguide/C/monitoring.xml:123(para)
16281
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16282
msgstr ""
16283
16284
#: serverguide/C/monitoring.xml:129(para)
16285
msgid ""
16286
"There are a plethora of checks <application>Nagios</application> can be "
16287
"configured to execute for any given host. For this example Nagios will be "
16288
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16289
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16290
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16291
msgstr ""
16292
16293
#: serverguide/C/monitoring.xml:136(para)
16294
msgid ""
16295
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16296
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16297
msgstr ""
16298
16299
#: serverguide/C/monitoring.xml:141(para)
16300
msgid ""
16301
"Additionally, there are some terms that once explained will hopefully make "
16302
"understanding Nagios configuration easier:"
16303
msgstr ""
16304
16305
#: serverguide/C/monitoring.xml:147(para)
16306
msgid ""
16307
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16308
"is being monitored."
16309
msgstr ""
16310
16311
#: serverguide/C/monitoring.xml:152(para)
16312
msgid ""
16313
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16314
"could group all web servers, file server, etc."
16315
msgstr ""
16316
16317
#: serverguide/C/monitoring.xml:157(para)
16318
msgid ""
16319
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16320
"as HTTP, DNS, NFS, etc."
16321
msgstr ""
16322
16323
#: serverguide/C/monitoring.xml:162(para)
16324
msgid ""
16325
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16326
"together. This is useful for grouping multiple HTTP for example."
16327
msgstr ""
16328
16329
#: serverguide/C/monitoring.xml:168(para)
16330
msgid ""
16331
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16332
"place. Nagios can be configured to send emails, SMS messages, etc."
16333
msgstr ""
16334
16335
#: serverguide/C/monitoring.xml:174(para)
16336
msgid ""
16337
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16338
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16339
"will also <application>ping</application> check the "
16340
"<emphasis>gateway</emphasis>."
16341
msgstr ""
16342
16343
#: serverguide/C/monitoring.xml:179(para)
16344
msgid ""
16345
"Large Nagios installations can be quite complex to configure. It is usually "
16346
"best to start small, one or two hosts, get things configured the way you "
16347
"like then expand."
16348
msgstr ""
16349
16350
#: serverguide/C/monitoring.xml:194(para)
16351
msgid ""
16352
"First, create a <emphasis>host</emphasis> configuration file for "
16353
"<emphasis>server02</emphasis>. In a terminal enter:"
16354
msgstr ""
16355
16356
#: serverguide/C/monitoring.xml:199(command)
16357
msgid ""
16358
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16359
"/etc/nagios3/conf.d/server02.cfg"
16360
msgstr ""
16361
16362
#: serverguide/C/monitoring.xml:203(para)
16363
msgid ""
16364
"In the above and following command examples, replace "
16365
"<emphasis>\"server01\"</emphasis>, "
16366
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16367
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16368
"your servers."
16369
msgstr ""
16370
16371
#: serverguide/C/monitoring.xml:212(para)
16372
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16373
msgstr ""
16374
16375
#: serverguide/C/monitoring.xml:216(programlisting)
16376
#, no-wrap
16377
msgid ""
16378
"\n"
16379
"define host{\n"
16380
" use generic-host ; Name of host "
16381
"template to use\n"
16382
" host_name server02\n"
16383
" alias Server 02\n"
16384
" address 172.18.100.101\n"
16385
"}\n"
16386
"\n"
16387
"# check DNS service.\n"
16388
"define service {\n"
16389
" use generic-service\n"
16390
" host_name server02\n"
16391
" service_description DNS\n"
16392
" check_command check_dns!172.18.100.101\n"
16393
"}\n"
16394
msgstr ""
16395
16396
#: serverguide/C/monitoring.xml:236(para)
16397
msgid ""
16398
"Restart the <application>nagios</application> daemon to enable the new "
16399
"configuration:"
16400
msgstr ""
16401
16402
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16403
msgid "sudo /etc/init.d/nagios3 restart"
16404
msgstr ""
16405
16406
#: serverguide/C/monitoring.xml:251(para)
16407
msgid ""
16408
"Now add a service definition for the MySQL check by adding the following to "
16409
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16410
msgstr ""
16411
16412
#: serverguide/C/monitoring.xml:255(programlisting)
16413
#, no-wrap
16414
msgid ""
16415
"\n"
16416
"# check MySQL servers.\n"
16417
"define service {\n"
16418
" hostgroup_name mysql-servers\n"
16419
" service_description MySQL\n"
16420
" check_command "
16421
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16422
" use generic-service\n"
16423
" notification_interval 0 ; set > 0 if you want to be "
16424
"renotified\n"
16425
"}\n"
16426
msgstr ""
16427
16428
#: serverguide/C/monitoring.xml:269(para)
16429
msgid ""
16430
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16431
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16432
msgstr ""
16433
16434
#: serverguide/C/monitoring.xml:274(programlisting)
16435
#, no-wrap
16436
msgid ""
16437
"\n"
16438
"# MySQL hostgroup.\n"
16439
"define hostgroup {\n"
16440
" hostgroup_name mysql-servers\n"
16441
" alias MySQL servers\n"
16442
" members localhost, server02\n"
16443
" }\n"
16444
msgstr ""
16445
16446
#: serverguide/C/monitoring.xml:286(para)
16447
msgid ""
16448
"The Nagios check needs to authenticate to MySQL. To add a "
16449
"<emphasis>nagios</emphasis> user to MySQL enter:"
16450
msgstr ""
16451
16452
#: serverguide/C/monitoring.xml:291(command)
16453
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16454
msgstr ""
16455
16456
#: serverguide/C/monitoring.xml:295(para)
16457
msgid ""
16458
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16459
"<emphasis>mysql-servers</emphasis> hostgroup."
16460
msgstr ""
16461
16462
#: serverguide/C/monitoring.xml:303(para)
16463
msgid ""
16464
"Restart <application>nagios</application> to start checking the MySQL "
16465
"servers."
16466
msgstr ""
16467
16468
#: serverguide/C/monitoring.xml:318(para)
16469
msgid ""
16470
"Lastly configure NRPE to check the disk space on "
16471
"<emphasis>server02</emphasis>."
16472
msgstr ""
16473
16474
#: serverguide/C/monitoring.xml:322(para)
16475
msgid ""
16476
"On <emphasis>server01</emphasis> add the service check to "
16477
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16478
msgstr ""
16479
16480
#: serverguide/C/monitoring.xml:327(programlisting)
16481
#, no-wrap
16482
msgid ""
16483
"\n"
16484
"# NRPE disk check.\n"
16485
"define service {\n"
16486
" use generic-service\n"
16487
" host_name server02\n"
16488
" service_description nrpe-disk\n"
16489
" check_command "
16490
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16491
"}\n"
16492
msgstr ""
16493
16494
#: serverguide/C/monitoring.xml:340(para)
16495
msgid ""
16496
"Now on <emphasis>server02</emphasis> edit "
16497
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16498
msgstr ""
16499
16500
#: serverguide/C/monitoring.xml:344(programlisting)
16501
#, no-wrap
16502
msgid ""
16503
"\n"
16504
"allowed_hosts=172.18.100.100\n"
16505
msgstr ""
16506
16507
#: serverguide/C/monitoring.xml:348(para)
16508
msgid "And below in the command definition area add:"
16509
msgstr ""
16510
16511
#: serverguide/C/monitoring.xml:352(programlisting)
16512
#, no-wrap
16513
msgid ""
16514
"\n"
16515
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16516
"e\n"
16517
msgstr ""
16518
16519
#: serverguide/C/monitoring.xml:359(para)
16520
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16521
msgstr ""
16522
16523
#: serverguide/C/monitoring.xml:364(command)
16524
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16525
msgstr ""
16526
16527
#: serverguide/C/monitoring.xml:370(para)
16528
msgid ""
16529
"Also, on <emphasis>server01</emphasis> restart "
16530
"<application>nagios</application>:"
16531
msgstr ""
16532
16533
#: serverguide/C/monitoring.xml:383(para)
16534
msgid ""
16535
"You should now be able to see the host and service checks in the Nagios CGI "
16536
"files. To access them point a browser to http://server01/nagios3. You will "
16537
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16538
"password."
16539
msgstr ""
16540
16541
#: serverguide/C/monitoring.xml:393(para)
16542
msgid ""
16543
"This section has just scratched the surface of Nagios' features. The "
16544
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16545
"plugins</application> contain many more service checks."
16546
msgstr ""
16547
16548
#: serverguide/C/monitoring.xml:400(para)
16549
msgid ""
16550
"For more information see <ulink "
16551
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16552
msgstr ""
16553
16554
#: serverguide/C/monitoring.xml:405(para)
16555
msgid ""
16556
"Specifically the <ulink "
16557
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16558
"site."
16559
msgstr ""
16560
16561
#: serverguide/C/monitoring.xml:410(para)
16562
msgid ""
16563
"There is also a list of <ulink "
16564
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16565
"Nagios and network monitoring:"
16566
msgstr ""
16567
16568
#: serverguide/C/monitoring.xml:416(para)
16569
msgid ""
16570
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16571
"Wiki</ulink> page also has more details."
16572
msgstr ""
16573
16574
#: serverguide/C/monitoring.xml:425(title)
16575
msgid "Munin"
16576
msgstr ""
16577
16578
#: serverguide/C/monitoring.xml:430(para)
16579
msgid ""
16580
"Before installing <application>Munin</application> on "
16581
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16582
"be installed. The default configuration is fine for running a "
16583
"<application>munin</application> server. For more information see <xref "
16584
"linkend=\"httpd\"/>."
16585
msgstr ""
16586
16587
#: serverguide/C/monitoring.xml:436(para)
16588
msgid ""
16589
"First, on <emphasis>server01</emphasis> install "
16590
"<application>munin</application>. In a terminal enter:"
16591
msgstr ""
16592
16593
#: serverguide/C/monitoring.xml:441(command)
16594
msgid "sudo apt-get install munin"
16595
msgstr ""
16596
16597
#: serverguide/C/monitoring.xml:444(para)
16598
msgid ""
16599
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16600
"node</application> package:"
16601
msgstr ""
16602
16603
#: serverguide/C/monitoring.xml:449(command)
16604
msgid "sudo apt-get install munin-node"
16605
msgstr ""
16606
16607
#: serverguide/C/monitoring.xml:456(para)
16608
msgid ""
16609
"On <emphasis>server01</emphasis> edit the "
16610
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16611
"<emphasis>server02</emphasis>:"
16612
msgstr ""
16613
16614
#: serverguide/C/monitoring.xml:461(programlisting)
16615
#, no-wrap
16616
msgid ""
16617
"\n"
16618
"## First our \"normal\" host.\n"
16619
"[server02]\n"
16620
" address 172.18.100.101\n"
16621
msgstr ""
16622
16623
#: serverguide/C/monitoring.xml:468(para)
16624
msgid ""
16625
"Replace <emphasis>server02</emphasis> and "
16626
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16627
"for your server."
16628
msgstr ""
16629
16630
#: serverguide/C/monitoring.xml:474(para)
16631
msgid ""
16632
"Next, configure <application>munin-node</application> on "
16633
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16634
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16635
msgstr ""
16636
16637
#: serverguide/C/monitoring.xml:479(programlisting)
16638
#, no-wrap
16639
msgid ""
16640
"\n"
16641
"allow ^172\\.18\\.100\\.100$\n"
16642
msgstr ""
16643
16644
#: serverguide/C/monitoring.xml:484(para)
16645
msgid ""
16646
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16647
"<application>munin</application> server."
16648
msgstr ""
16649
16650
#: serverguide/C/monitoring.xml:489(para)
16651
msgid ""
16652
"Now restart <application>munin-node</application> on "
16653
"<emphasis>server02</emphasis> for the changes to take effect:"
16654
msgstr ""
16655
16656
#: serverguide/C/monitoring.xml:494(command)
16657
msgid "sudo /etc/init.d/munin-node restart"
16658
msgstr ""
16659
16660
#: serverguide/C/monitoring.xml:497(para)
16661
msgid ""
16662
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16663
"you should see links to nice graphs displaying information from the standard "
16664
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16665
msgstr ""
16666
16667
#: serverguide/C/monitoring.xml:503(para)
16668
msgid ""
16669
"Since this is a new install it may take some time for the graphs to display "
16670
"anything useful."
16671
msgstr ""
16672
16673
#: serverguide/C/monitoring.xml:510(title)
16674
msgid "Additional Plugins"
16675
msgstr ""
16676
16677
#: serverguide/C/monitoring.xml:512(para)
16678
msgid ""
16679
"The <application>munin-plugins-extra</application> package contains "
16680
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16681
"install the package, from a terminal enter:"
16682
msgstr ""
16683
16684
#: serverguide/C/monitoring.xml:518(command)
16685
msgid "sudo apt-get install munin-plugins-extra"
16686
msgstr ""
16687
16688
#: serverguide/C/monitoring.xml:521(para)
16689
msgid "Be sure to install the package on both the server and node machines."
16690
msgstr ""
16691
16692
#: serverguide/C/monitoring.xml:531(para)
16693
msgid ""
16694
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16695
"website for more details."
16696
msgstr ""
16697
16698
#: serverguide/C/monitoring.xml:536(para)
16699
msgid ""
16700
"Specifically the <ulink "
16701
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16702
"Documentation</ulink> page includes information on additional plugins, "
16703
"writing plugins, etc."
16704
msgstr ""
16705
16706
#: serverguide/C/monitoring.xml:542(para)
16707
msgid ""
16708
"Also, there is a book in German by Open Source Press: <ulink "
16709
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16710
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16711
msgstr ""
16712
16713
#: serverguide/C/monitoring.xml:548(para)
16714
msgid ""
16715
"Another resource is the <ulink "
16716
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16717
"page."
16718
msgstr ""
16719
16720
#: serverguide/C/mail.xml:13(title)
16721
msgid "Email Services"
16722
msgstr ""
16723
16724
#: serverguide/C/mail.xml:14(para)
16725
msgid ""
16726
"The process of getting an email from one person to another over a network or "
16727
"the Internet involves many systems working together. Each of these systems "
16728
"must be correctly configured for the process to work. The sender uses a "
16729
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16730
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16731
"the last of which will hand it off to a <emphasis>Mail Delivery "
16732
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16733
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16734
"IMAP server."
16735
msgstr ""
16736
16737
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16738
msgid "Postfix"
16739
msgstr ""
16740
16741
#: serverguide/C/mail.xml:25(para)
16742
msgid ""
16743
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16744
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16745
"compatible with the MTA <application>sendmail</application>. This section "
16746
"explains how to install and configure <application>postfix</application>. It "
16747
"also explains how to set it up as an SMTP server using a secure connection "
16748
"(for sending emails securely)."
16749
msgstr ""
16750
16751
#: serverguide/C/mail.xml:34(para)
16752
msgid ""
16753
"This guide does not cover setting up Postfix <emphasis>Virtual "
16754
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16755
"configurations see <xref linkend=\"postfix-references\"/>."
16756
msgstr ""
16757
16758
#: serverguide/C/mail.xml:41(para)
16759
msgid ""
16760
"To install <application>postfix</application> run the following command:"
16761
msgstr ""
16762
16763
#: serverguide/C/mail.xml:47(para)
16764
msgid ""
16765
"Simply press return when the installation process asks questions, the "
16766
"configuration will be done in greater detail in the next stage."
16767
msgstr ""
16768
16769
#: serverguide/C/mail.xml:52(title)
16770
msgid "Basic Configuration"
16771
msgstr ""
16772
16773
#: serverguide/C/mail.xml:53(para)
16774
msgid ""
16775
"To configure <application>postfix</application>, run the following command:"
16776
msgstr ""
16777
16778
#: serverguide/C/mail.xml:57(command)
16779
msgid "sudo dpkg-reconfigure postfix"
16780
msgstr ""
16781
16782
#: serverguide/C/mail.xml:63(para)
16783
msgid "Internet Site"
16784
msgstr ""
16785
16786
#: serverguide/C/mail.xml:64(para)
16787
msgid "mail.example.com"
16788
msgstr ""
16789
16790
#: serverguide/C/mail.xml:65(para)
16791
msgid "steve"
16792
msgstr ""
16793
16794
#: serverguide/C/mail.xml:66(para)
16795
msgid "mail.example.com, localhost.localdomain, localhost"
16796
msgstr ""
16797
16798
#: serverguide/C/mail.xml:67(para)
16799
msgid "No"
16800
msgstr ""
16801
16802
#: serverguide/C/mail.xml:68(para)
16803
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16804
msgstr ""
16805
16806
#: serverguide/C/mail.xml:69(para)
16807
msgid "0"
16808
msgstr ""
16809
16810
#: serverguide/C/mail.xml:70(para)
16811
msgid "+"
16812
msgstr ""
16813
16814
#: serverguide/C/mail.xml:71(para)
16815
msgid "all"
16816
msgstr ""
16817
16818
#: serverguide/C/mail.xml:59(para)
16819
msgid ""
16820
"The user interface will be displayed. On each screen, select the following "
16821
"values: <placeholder-1/>"
16822
msgstr ""
16823
16824
#: serverguide/C/mail.xml:75(para)
16825
msgid ""
16826
"Replace mail.example.com with the domain for which you'll accept email, "
16827
"192.168.0.0/24 with the actual network and class range of your mail server, "
16828
"and steve with the appropriate username."
16829
msgstr ""
16830
16831
#: serverguide/C/mail.xml:81(para)
16832
msgid ""
16833
"Now is a good time to decide which mailbox format you want to use. By "
16834
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16835
"mailbox format. Rather than editing the configuration file directly, you can "
16836
"use the <command>postconf</command> command to configure all "
16837
"<application>postfix</application> parameters. The configuration parameters "
16838
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16839
"you wish to re-configure a particular parameter, you can either run the "
16840
"command or change it manually in the file."
16841
msgstr ""
16842
16843
#: serverguide/C/mail.xml:92(para)
16844
msgid ""
16845
"To configure the mailbox format for <emphasis "
16846
"role=\"strong\">Maildir:</emphasis>"
16847
msgstr ""
16848
16849
#: serverguide/C/mail.xml:97(command)
16850
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16851
msgstr ""
16852
16853
#: serverguide/C/mail.xml:100(para)
16854
msgid ""
16855
"This will place new mail in /home/<emphasis "
16856
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16857
"your Mail Delivery Agent (MDA) to use the same path."
16858
msgstr ""
16859
16860
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16861
msgid "SMTP Authentication"
16862
msgstr ""
16863
16864
#: serverguide/C/mail.xml:110(para)
16865
msgid ""
16866
"SMTP-AUTH allows a client to identify itself through an authentication "
16867
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16868
"the authentication process. Once authenticated the SMTP server will allow "
16869
"the client to relay mail."
16870
msgstr ""
16871
16872
#: serverguide/C/mail.xml:117(para)
16873
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16874
msgstr ""
16875
16876
#: serverguide/C/mail.xml:120(screen)
16877
#, no-wrap
16878
msgid ""
16879
"\n"
16880
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16881
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16882
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16883
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16884
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16885
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16886
"sudo postconf -e 'smtpd_recipient_restrictions = "
16887
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16888
"sudo postconf -e 'inet_interfaces = all'\n"
16889
msgstr ""
16890
16891
#: serverguide/C/mail.xml:131(para)
16892
msgid ""
16893
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
16894
"the Postfix queue directory."
16895
msgstr ""
16896
16897
#: serverguide/C/mail.xml:137(para)
16898
msgid ""
16899
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
16900
"and-security\"/> for details. This example also uses a Certificate Authority "
16901
"(CA). For information on generating a CA certificate see <xref "
16902
"linkend=\"certificate-authority\"/>."
16903
msgstr ""
16904
16905
#: serverguide/C/mail.xml:143(para)
16906
msgid ""
16907
"You can get the digital certificate from a certificate authority. But unlike "
16908
"web clients, SMTP clients rarely complain about \"self-signed "
16909
"certificates\", so alternatively, you can create the certificate yourself. "
16910
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
16911
"details."
16912
msgstr ""
16913
16914
#: serverguide/C/mail.xml:155(para)
16915
msgid ""
16916
"Once you have a certificate, configure Postfix to provide TLS encryption for "
16917
"both incoming and outgoing mail:"
16918
msgstr ""
16919
16920
#: serverguide/C/mail.xml:158(screen)
16921
#, no-wrap
16922
msgid ""
16923
"\n"
16924
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
16925
"sudo postconf -e 'smtp_use_tls = yes'\n"
16926
"sudo postconf -e 'smtpd_use_tls = yes'\n"
16927
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
16928
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
16929
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
16930
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
16931
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
16932
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
16933
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
16934
"sudo postconf -e 'myhostname = mail.example.com'\n"
16935
msgstr ""
16936
16937
#: serverguide/C/mail.xml:173(para)
16938
msgid ""
16939
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
16940
"the certificate enter:"
16941
msgstr ""
16942
16943
#: serverguide/C/mail.xml:177(command)
16944
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
16945
msgstr ""
16946
16947
#: serverguide/C/mail.xml:180(para)
16948
msgid ""
16949
"Again, for more details about certificates see <xref linkend=\"certificates-"
16950
"and-security\"/>."
16951
msgstr ""
16952
16953
#: serverguide/C/mail.xml:186(para)
16954
msgid ""
16955
"After running all the commands, <application>Postfix</application> is "
16956
"configured for SMTP-AUTH and a self-signed certificate has been created for "
16957
"TLS encryption."
16958
msgstr ""
16959
16960
#: serverguide/C/mail.xml:191(para)
16961
msgid ""
16962
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
16963
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
16964
msgstr ""
16965
16966
#: serverguide/C/mail.xml:195(para)
16967
msgid ""
16968
"The postfix initial configuration is complete. Run the following command to "
16969
"restart the postfix daemon:"
16970
msgstr ""
16971
16972
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
16973
msgid "sudo /etc/init.d/postfix restart"
16974
msgstr ""
16975
16976
#: serverguide/C/mail.xml:204(para)
16977
msgid ""
16978
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
16979
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
16980
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
16981
"However it is still necessary to set up SASL authentication before you can "
16982
"use SMTP-AUTH."
16983
msgstr ""
16984
16985
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
16986
msgid "Configuring SASL"
16987
msgstr ""
16988
16989
#: serverguide/C/mail.xml:215(para)
16990
msgid ""
16991
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
16992
"enable Dovecot SASL the <application>dovecot-common</application> package "
16993
"will need to be installed. From a terminal prompt enter the following:"
16994
msgstr ""
16995
16996
#: serverguide/C/mail.xml:221(command)
16997
msgid "sudo apt-get install dovecot-common"
16998
msgstr ""
16999
17000
#: serverguide/C/mail.xml:223(para)
17001
msgid ""
17002
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17003
"In the <emphasis>auth default</emphasis> section uncomment the "
17004
"<emphasis>socket listen</emphasis> option and change the following:"
17005
msgstr ""
17006
17007
#: serverguide/C/mail.xml:227(programlisting)
17008
#, no-wrap
17009
msgid ""
17010
"\n"
17011
" socket listen {\n"
17012
" #master {\n"
17013
" # Master socket provides access to userdb information. It's typically\n"
17014
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17015
" # can find mailbox locations.\n"
17016
" #path = /var/run/dovecot/auth-master\n"
17017
" #mode = 0600\n"
17018
" # Default user/group is the one who started dovecot-auth (root)\n"
17019
" #user = \n"
17020
" #group = \n"
17021
" #}\n"
17022
" client {\n"
17023
" # The client socket is generally safe to export to everyone. Typical "
17024
"use\n"
17025
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17026
" # using it.\n"
17027
" path = /var/spool/postfix/private/auth-client\n"
17028
" mode = 0660\n"
17029
" user = postfix\n"
17030
" group = postfix\n"
17031
" }\n"
17032
" }\n"
17033
msgstr ""
17034
17035
#: serverguide/C/mail.xml:251(para)
17036
msgid ""
17037
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17038
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17039
"add <emphasis>\"login\"</emphasis>:"
17040
msgstr ""
17041
17042
#: serverguide/C/mail.xml:256(programlisting)
17043
#, no-wrap
17044
msgid ""
17045
"\n"
17046
" mechanisms = plain login\n"
17047
msgstr ""
17048
17049
#: serverguide/C/mail.xml:260(para)
17050
msgid ""
17051
"Once you have <application>Dovecot</application> configured restart it with:"
17052
msgstr ""
17053
17054
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17055
msgid "sudo /etc/init.d/dovecot restart"
17056
msgstr ""
17057
17058
#: serverguide/C/mail.xml:269(title)
17059
msgid "Postfix-Dovecot"
17060
msgstr ""
17061
17062
#: serverguide/C/mail.xml:271(para)
17063
msgid ""
17064
"Another option for configuring <application>Postfix</application> for SMTP-"
17065
"AUTH is using the <application>dovecot-postfix</application> package. This "
17066
"package will install <application>Dovecot</application> and configure "
17067
"<application>Postfix</application> to use it for both SASL authentication "
17068
"and as a Mail Delivery Agent (MDA). The package also configures "
17069
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17070
msgstr ""
17071
17072
#: serverguide/C/mail.xml:280(para)
17073
msgid ""
17074
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17075
"server. For example, if you are configuring your server to be a mail "
17076
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17077
"the above commands to configure Postfix for SMTPAUTH."
17078
msgstr ""
17079
17080
#: serverguide/C/mail.xml:287(para)
17081
msgid "To install the package, from a terminal prompt enter:"
17082
msgstr ""
17083
17084
#: serverguide/C/mail.xml:292(command)
17085
msgid "sudo apt-get install dovecot-postfix"
17086
msgstr ""
17087
17088
#: serverguide/C/mail.xml:295(para)
17089
msgid ""
17090
"You should now have a working mail server, but there are a few options that "
17091
"you may wish to further customize. For example, the package uses the "
17092
"certificate and key from the <application>ssl-cert</application> package, "
17093
"and in a production environment you should use a certificate and key "
17094
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17095
"for more details."
17096
msgstr ""
17097
17098
#: serverguide/C/mail.xml:301(para)
17099
msgid ""
17100
"Once you have a customized certificate and key for the host, change the "
17101
"following options in <filename>/etc/postfix/main.cf</filename>:"
17102
msgstr ""
17103
17104
#: serverguide/C/mail.xml:305(programlisting)
17105
#, no-wrap
17106
msgid ""
17107
"\n"
17108
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17109
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17110
msgstr ""
17111
17112
#: serverguide/C/mail.xml:310(para)
17113
msgid "Then restart Postfix:"
17114
msgstr ""
17115
17116
#: serverguide/C/mail.xml:321(para)
17117
msgid ""
17118
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17119
msgstr ""
17120
17121
#: serverguide/C/mail.xml:324(para)
17122
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17123
msgstr ""
17124
17125
#: serverguide/C/mail.xml:329(command)
17126
msgid "telnet mail.example.com 25"
17127
msgstr ""
17128
17129
#: serverguide/C/mail.xml:331(para)
17130
msgid ""
17131
"After you have established the connection to the postfix mail server, type:"
17132
msgstr ""
17133
17134
#: serverguide/C/mail.xml:335(screen)
17135
#, no-wrap
17136
msgid ""
17137
"\n"
17138
"ehlo mail.example.com\n"
17139
msgstr ""
17140
17141
#: serverguide/C/mail.xml:338(para)
17142
msgid ""
17143
"If you see the following lines among others, then everything is working "
17144
"perfectly. Type <command>quit</command> to exit."
17145
msgstr ""
17146
17147
#: serverguide/C/mail.xml:342(programlisting)
17148
#, no-wrap
17149
msgid ""
17150
"\n"
17151
"250-STARTTLS\n"
17152
"250-AUTH LOGIN PLAIN\n"
17153
"250-AUTH=LOGIN PLAIN\n"
17154
"250 8BITMIME\n"
17155
msgstr ""
17156
17157
#: serverguide/C/mail.xml:352(para)
17158
msgid ""
17159
"This section introduces some common ways to determine the cause if problems "
17160
"arise."
17161
msgstr ""
17162
17163
#: serverguide/C/mail.xml:356(title)
17164
msgid "Escaping chroot"
17165
msgstr ""
17166
17167
#: serverguide/C/mail.xml:357(para)
17168
msgid ""
17169
"The Ubuntu <application>postfix</application> package will by default "
17170
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17171
"This can add greater complexity when troubleshooting problems."
17172
msgstr ""
17173
17174
#: serverguide/C/mail.xml:361(para)
17175
msgid ""
17176
"To turn off the chroot operation locate for the following line in the "
17177
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17178
msgstr ""
17179
17180
#: serverguide/C/mail.xml:365(screen)
17181
#, no-wrap
17182
msgid ""
17183
"\n"
17184
"smtp inet n - - - - smtpd\n"
17185
msgstr ""
17186
17187
#: serverguide/C/mail.xml:368(para)
17188
msgid "and modify it as follows:"
17189
msgstr ""
17190
17191
#: serverguide/C/mail.xml:371(screen)
17192
#, no-wrap
17193
msgid ""
17194
"\n"
17195
"smtp inet n - n - - smtpd\n"
17196
msgstr ""
17197
17198
#: serverguide/C/mail.xml:374(para)
17199
msgid ""
17200
"You will then need to restart Postfix to use the new configuration. From a "
17201
"terminal prompt enter:"
17202
msgstr ""
17203
17204
#: serverguide/C/mail.xml:382(title)
17205
msgid "Log Files"
17206
msgstr ""
17207
17208
#: serverguide/C/mail.xml:383(para)
17209
msgid ""
17210
"<application>Postfix</application> sends all log messages to "
17211
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17212
"can sometimes get lost in the normal log output so they are also logged to "
17213
"<filename>/var/log/mail.err</filename> and "
17214
"<filename>/var/log/mail.warn</filename> respectively."
17215
msgstr ""
17216
17217
#: serverguide/C/mail.xml:388(para)
17218
msgid ""
17219
"To see messages entered into the logs in real time you can use the "
17220
"<application>tail -f</application> command:"
17221
msgstr ""
17222
17223
#: serverguide/C/mail.xml:393(command)
17224
msgid "tail -f /var/log/mail.err"
17225
msgstr ""
17226
17227
#: serverguide/C/mail.xml:395(para)
17228
msgid ""
17229
"The amount of detail that is recorded in the logs can be increased. Below "
17230
"are some configuration options for increasing the log level for some of the "
17231
"areas covered above."
17232
msgstr ""
17233
17234
#: serverguide/C/mail.xml:401(para)
17235
msgid ""
17236
"To increase <emphasis>TLS</emphasis> activity logging set the "
17237
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17238
msgstr ""
17239
17240
#: serverguide/C/mail.xml:405(command)
17241
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17242
msgstr ""
17243
17244
#: serverguide/C/mail.xml:409(para)
17245
msgid ""
17246
"If you are having trouble sending or receiving mail from a specific domain "
17247
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17248
msgstr ""
17249
17250
#: serverguide/C/mail.xml:414(command)
17251
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17252
msgstr ""
17253
17254
#: serverguide/C/mail.xml:418(para)
17255
msgid ""
17256
"You can increase the verbosity of any <application>Postfix</application> "
17257
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17258
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17259
"<emphasis>smtp</emphasis> entry:"
17260
msgstr ""
17261
17262
#: serverguide/C/mail.xml:422(programlisting)
17263
#, no-wrap
17264
msgid ""
17265
"\n"
17266
"smtp unix - - - - - smtp -v\n"
17267
msgstr ""
17268
17269
#: serverguide/C/mail.xml:428(para)
17270
msgid ""
17271
"It is important to note that after making one of the logging changes above "
17272
"the <application>Postfix</application> process will need to be reloaded in "
17273
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17274
"reload</command>"
17275
msgstr ""
17276
17277
#: serverguide/C/mail.xml:435(para)
17278
msgid ""
17279
"To increase the amount of information logged when troubleshooting "
17280
"<emphasis>SASL</emphasis> issues you can set the following options in "
17281
"<filename>/etc/dovecot/dovecot.conf</filename>"
17282
msgstr ""
17283
17284
#: serverguide/C/mail.xml:439(programlisting)
17285
#, no-wrap
17286
msgid ""
17287
"\n"
17288
"auth_debug=yes\n"
17289
"auth_debug_passwords=yes\n"
17290
msgstr ""
17291
17292
#: serverguide/C/mail.xml:446(para)
17293
msgid ""
17294
"Just like <application>Postfix</application> if you change a "
17295
"<application>Dovecot</application> configuration the process will need to be "
17296
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17297
msgstr ""
17298
17299
#: serverguide/C/mail.xml:452(para)
17300
msgid ""
17301
"Some of the options above can drastically increase the amount of information "
17302
"sent to the log files. Remember to return the log level back to normal after "
17303
"you have corrected the problem. Then reload the appropriate daemon for the "
17304
"new configuration to take affect."
17305
msgstr ""
17306
17307
#: serverguide/C/mail.xml:460(para)
17308
msgid ""
17309
"Administering a <application>Postfix</application> server can be a very "
17310
"complicated task. At some point you may need to turn to the Ubuntu community "
17311
"for more experienced help."
17312
msgstr ""
17313
17314
#: serverguide/C/mail.xml:464(para)
17315
msgid ""
17316
"A great place to ask for <application>Postfix</application> assistance, and "
17317
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17318
"server</emphasis> IRC channel on <ulink "
17319
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17320
"one of the <ulink "
17321
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17322
msgstr ""
17323
17324
#: serverguide/C/mail.xml:469(para)
17325
msgid ""
17326
"For in depth <application>Postfix</application> information Ubuntu "
17327
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17328
"Book of Postfix</ulink>."
17329
msgstr ""
17330
17331
#: serverguide/C/mail.xml:473(para)
17332
msgid ""
17333
"Finally, the <ulink "
17334
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17335
"also has great documentation on all the different configuration options "
17336
"available."
17337
msgstr ""
17338
17339
#: serverguide/C/mail.xml:477(para)
17340
msgid ""
17341
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17342
"Wiki Postifx</ulink> page has more information."
17343
msgstr ""
17344
17345
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17346
msgid "Exim4"
17347
msgstr ""
17348
17349
#: serverguide/C/mail.xml:486(para)
17350
msgid ""
17351
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17352
"developed at the University of Cambridge for use on Unix systems connected "
17353
"to the Internet. Exim can be installed in place of "
17354
"<application>sendmail</application>, although the configuration of "
17355
"<application>exim</application> is quite different to that of "
17356
"<application>sendmail</application>."
17357
msgstr ""
17358
17359
#: serverguide/C/mail.xml:497(para)
17360
msgid ""
17361
"To install <application>exim4</application>, run the following command: "
17362
"<screen>\n"
17363
"<command>sudo apt-get install exim4</command>\n"
17364
"</screen>"
17365
msgstr ""
17366
17367
#: serverguide/C/mail.xml:506(para)
17368
msgid ""
17369
"To configure <application>Exim4</application>, run the following command:"
17370
msgstr ""
17371
17372
#: serverguide/C/mail.xml:510(command)
17373
msgid "sudo dpkg-reconfigure exim4-config"
17374
msgstr ""
17375
17376
#: serverguide/C/mail.xml:512(para)
17377
msgid ""
17378
"The user interface will be displayed. The user interface lets you configure "
17379
"many parameters. For example, In <application>Exim4</application> the "
17380
"configuration files are split among multiple files. If you wish to have them "
17381
"in one file you can configure accordingly in this user interface."
17382
msgstr ""
17383
17384
#: serverguide/C/mail.xml:520(para)
17385
msgid ""
17386
"All the parameters you configure in the user interface are stored in "
17387
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17388
"re-configure, either you re-run the configuration wizard or manually edit "
17389
"this file using your favorite editor. Once you configure, you can run the "
17390
"following command to generate the master configuration file:"
17391
msgstr ""
17392
17393
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17394
msgid "sudo update-exim4.conf"
17395
msgstr ""
17396
17397
#: serverguide/C/mail.xml:533(para)
17398
msgid ""
17399
"The master configuration file, is generated and it is stored in "
17400
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17401
msgstr ""
17402
17403
#: serverguide/C/mail.xml:539(para)
17404
msgid ""
17405
"At any time, you should not edit the master configuration file, "
17406
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17407
"updated automatically every time you run <command>update-exim4.conf</command>"
17408
msgstr ""
17409
17410
#: serverguide/C/mail.xml:547(para)
17411
msgid ""
17412
"You can run the following command to start <application>Exim4</application> "
17413
"daemon."
17414
msgstr ""
17415
17416
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17417
msgid "sudo /etc/init.d/exim4 start"
17418
msgstr ""
17419
17420
#: serverguide/C/mail.xml:557(para)
17421
msgid ""
17422
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17423
msgstr ""
17424
17425
#: serverguide/C/mail.xml:560(para)
17426
msgid ""
17427
"The first step is to create a certificate for use with TLS. Enter the "
17428
"following into a terminal prompt:"
17429
msgstr ""
17430
17431
#: serverguide/C/mail.xml:564(command)
17432
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17433
msgstr ""
17434
17435
#: serverguide/C/mail.xml:566(para)
17436
msgid ""
17437
"Now Exim4 needs to be configured for TLS by editing "
17438
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17439
"the following:"
17440
msgstr ""
17441
17442
#: serverguide/C/mail.xml:570(programlisting)
17443
#, no-wrap
17444
msgid ""
17445
"\n"
17446
"MAIN_TLS_ENABLE = yes\n"
17447
msgstr ""
17448
17449
#: serverguide/C/mail.xml:573(para)
17450
msgid ""
17451
"Next you need to configure <application>Exim4</application> to use the "
17452
"<application>saslauthd</application> for authentication. Edit "
17453
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17454
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17455
"<emphasis>login_saslauthd_server</emphasis> sections:"
17456
msgstr ""
17457
17458
#: serverguide/C/mail.xml:578(programlisting)
17459
#, no-wrap
17460
msgid ""
17461
"\n"
17462
" plain_saslauthd_server:\n"
17463
" driver = plaintext\n"
17464
" public_name = PLAIN\n"
17465
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17466
" server_set_id = $auth2\n"
17467
" server_prompts = :\n"
17468
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17469
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17470
" .endif\n"
17471
"#\n"
17472
" login_saslauthd_server:\n"
17473
" driver = plaintext\n"
17474
" public_name = LOGIN\n"
17475
" server_prompts = \"Username:: : Password::\"\n"
17476
" # don't send system passwords over unencrypted connections\n"
17477
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17478
" server_set_id = $auth1\n"
17479
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17480
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17481
" .endif\n"
17482
msgstr ""
17483
17484
#: serverguide/C/mail.xml:600(para)
17485
msgid "Finally, update the Exim4 configuration and restart the service:"
17486
msgstr ""
17487
17488
#: serverguide/C/mail.xml:605(command)
17489
msgid "sudo /etc/init.d/exim4 restart"
17490
msgstr ""
17491
17492
#: serverguide/C/mail.xml:610(para)
17493
msgid ""
17494
"This section provides details on configuring the saslauthd to provide "
17495
"authentication for <application>Exim4</application>."
17496
msgstr ""
17497
17498
#: serverguide/C/mail.xml:613(para)
17499
msgid ""
17500
"The first step is to install the sasl2-bin package. From a terminal prompt "
17501
"enter the following:"
17502
msgstr ""
17503
17504
#: serverguide/C/mail.xml:617(command)
17505
msgid "sudo apt-get install sasl2-bin"
17506
msgstr ""
17507
17508
#: serverguide/C/mail.xml:619(para)
17509
msgid ""
17510
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17511
"and set START=no to:"
17512
msgstr ""
17513
17514
#: serverguide/C/mail.xml:622(programlisting)
17515
#, no-wrap
17516
msgid ""
17517
"\n"
17518
"START=yes\n"
17519
msgstr ""
17520
17521
#: serverguide/C/mail.xml:625(para)
17522
msgid ""
17523
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17524
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17525
"service:"
17526
msgstr ""
17527
17528
#: serverguide/C/mail.xml:630(command)
17529
msgid "sudo adduser Debian-exim sasl"
17530
msgstr ""
17531
17532
#: serverguide/C/mail.xml:632(para)
17533
msgid "Now start the <application>saslauthd</application> service:"
17534
msgstr ""
17535
17536
#: serverguide/C/mail.xml:636(command)
17537
msgid "sudo /etc/init.d/saslauthd start"
17538
msgstr ""
17539
17540
#: serverguide/C/mail.xml:638(para)
17541
msgid ""
17542
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17543
"and SASL authentication."
17544
msgstr ""
17545
17546
#: serverguide/C/mail.xml:647(para)
17547
msgid ""
17548
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17549
"information."
17550
msgstr ""
17551
17552
#: serverguide/C/mail.xml:652(para)
17553
msgid ""
17554
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17555
"server\">Exim4 Book</ulink> available."
17556
msgstr ""
17557
17558
#: serverguide/C/mail.xml:657(para)
17559
msgid ""
17560
"Another resource is the <ulink "
17561
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17562
"page."
17563
msgstr ""
17564
17565
#: serverguide/C/mail.xml:666(title)
17566
msgid "Dovecot Server"
17567
msgstr ""
17568
17569
#: serverguide/C/mail.xml:667(para)
17570
msgid ""
17571
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17572
"security primarily in mind. It supports the major mailbox formats: mbox or "
17573
"Maildir. This section explain how to set it up as an imap or pop3 server."
17574
msgstr ""
17575
17576
#: serverguide/C/mail.xml:675(para)
17577
msgid ""
17578
"To install <application>dovecot</application>, run the following command in "
17579
"the command prompt:"
17580
msgstr ""
17581
17582
#: serverguide/C/mail.xml:680(command)
17583
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17584
msgstr ""
17585
17586
#: serverguide/C/mail.xml:685(para)
17587
msgid ""
17588
"To configure <application>dovecot</application>, you can edit the file "
17589
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17590
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17591
"secure). A description of these protocols is beyond the scope of this guide. "
17592
"For further information, refer to the Wikipedia articles on <ulink "
17593
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17594
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17595
"link>."
17596
msgstr ""
17597
17598
#: serverguide/C/mail.xml:695(para)
17599
msgid ""
17600
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17601
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17602
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17603
msgstr ""
17604
17605
#: serverguide/C/mail.xml:701(programlisting)
17606
#, no-wrap
17607
msgid ""
17608
"\n"
17609
"protocols = pop3 pop3s imap imaps\n"
17610
msgstr ""
17611
17612
#: serverguide/C/mail.xml:704(para)
17613
msgid ""
17614
"Next, choose the mailbox you would like to use. "
17615
"<application>Dovecot</application> supports <emphasis "
17616
"role=\"strong\">maildir</emphasis> and <emphasis "
17617
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17618
"mailbox formats. They both have their own benefits and are discussed on "
17619
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17620
"site</ulink>."
17621
msgstr ""
17622
17623
#: serverguide/C/mail.xml:712(para)
17624
msgid ""
17625
"Once you have chosen your mailbox type, edit the file "
17626
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17627
msgstr ""
17628
17629
#: serverguide/C/mail.xml:717(programlisting)
17630
#, no-wrap
17631
msgid ""
17632
"\n"
17633
"mail_location = maildir:~/Maildir # (for maildir)\n"
17634
"or\n"
17635
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17636
msgstr ""
17637
17638
#: serverguide/C/mail.xml:723(para)
17639
msgid ""
17640
"You should configure your Mail Transport Agent (MTA) to transfer the "
17641
"incoming mail to this type of mailbox if it is different from the one you "
17642
"have configured."
17643
msgstr ""
17644
17645
#: serverguide/C/mail.xml:729(para)
17646
msgid ""
17647
"Once you have configured dovecot, restart the "
17648
"<application>dovecot</application> daemon in order to test your setup:"
17649
msgstr ""
17650
17651
#: serverguide/C/mail.xml:738(para)
17652
msgid ""
17653
"If you have enabled imap, or pop3, you can also try to log in with the "
17654
"commands <command>telnet localhost pop3</command> or <command>telnet "
17655
"localhost imap2</command>. If you see something like the following, the "
17656
"installation has been successful:"
17657
msgstr ""
17658
17659
#: serverguide/C/mail.xml:745(programlisting)
17660
#, no-wrap
17661
msgid ""
17662
"\n"
17663
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17664
"Trying 127.0.0.1...\n"
17665
"Connected to localhost.localdomain.\n"
17666
"Escape character is '^]'.\n"
17667
"+OK Dovecot ready.\n"
17668
msgstr ""
17669
17670
#: serverguide/C/mail.xml:754(title)
17671
msgid "Dovecot SSL Configuration"
17672
msgstr ""
17673
17674
#: serverguide/C/mail.xml:755(para)
17675
msgid ""
17676
"To configure <application>dovecot</application> to use SSL, you can edit the "
17677
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17678
"lines:"
17679
msgstr ""
17680
17681
#: serverguide/C/mail.xml:760(programlisting)
17682
#, no-wrap
17683
msgid ""
17684
"\n"
17685
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17686
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17687
"ssl_disable = no\n"
17688
"disable_plaintext_auth = no\n"
17689
msgstr ""
17690
17691
#: serverguide/C/mail.xml:766(para)
17692
msgid ""
17693
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17694
"can create self signed SSL certificate. The latter is a good option for "
17695
"email, because SMTP clients rarely complain about \"self-signed "
17696
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17697
"security\"/> for details about how to create self signed SSL certificate. "
17698
"Once you create the certificate, you will have a key file and a certificate "
17699
"file. Please copy them to the location pointed in the "
17700
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17701
msgstr ""
17702
17703
#: serverguide/C/mail.xml:781(title)
17704
msgid "Firewall Configuration for an Email Server"
17705
msgstr ""
17706
17707
#: serverguide/C/mail.xml:787(para)
17708
msgid "IMAP - 143"
17709
msgstr ""
17710
17711
#: serverguide/C/mail.xml:788(para)
17712
msgid "IMAPS - 993"
17713
msgstr ""
17714
17715
#: serverguide/C/mail.xml:789(para)
17716
msgid "POP3 - 110"
17717
msgstr ""
17718
17719
#: serverguide/C/mail.xml:790(para)
17720
msgid "POP3S - 995"
17721
msgstr ""
17722
17723
#: serverguide/C/mail.xml:782(para)
17724
msgid ""
17725
"To access your mail server from another computer, you must configure your "
17726
"firewall to allow connections to the server on the necessary ports. "
17727
"<placeholder-1/>"
17728
msgstr ""
17729
17730
#: serverguide/C/mail.xml:799(para)
17731
msgid ""
17732
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17733
"more information."
17734
msgstr ""
17735
17736
#: serverguide/C/mail.xml:804(para)
17737
msgid ""
17738
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17739
"Ubuntu Wiki</ulink> page has more details."
17740
msgstr ""
17741
17742
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17743
msgid "Mailman"
17744
msgstr ""
17745
17746
#: serverguide/C/mail.xml:814(para)
17747
msgid ""
17748
"Mailman is an open source program for managing electronic mail discussions "
17749
"and e-newsletter lists. Many open source mailing lists (including all the "
17750
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17751
"Mailman as their mailing list software. It is powerful and easy to install "
17752
"and maintain."
17753
msgstr ""
17754
17755
#: serverguide/C/mail.xml:824(para)
17756
msgid ""
17757
"Mailman provides a web interface for the administrators and users, using an "
17758
"external mail server to send and receive emails. It works perfectly with the "
17759
"following mail servers:"
17760
msgstr ""
17761
17762
#: serverguide/C/mail.xml:835(application)
17763
msgid "Exim"
17764
msgstr ""
17765
17766
#: serverguide/C/mail.xml:838(application)
17767
msgid "Sendmail"
17768
msgstr ""
17769
17770
#: serverguide/C/mail.xml:841(application)
17771
msgid "Qmail"
17772
msgstr ""
17773
17774
#: serverguide/C/mail.xml:846(para)
17775
msgid ""
17776
"We will see how to install and configure Mailman with, the Apache web "
17777
"server, and either the Postfix or Exim mail server. If you wish to install "
17778
"Mailman with a different mail server, please refer to the references section."
17779
msgstr ""
17780
17781
#: serverguide/C/mail.xml:853(para)
17782
msgid ""
17783
"You only need to install one mail server and "
17784
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17785
msgstr ""
17786
17787
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17788
msgid "Apache2"
17789
msgstr ""
17790
17791
#: serverguide/C/mail.xml:859(para)
17792
msgid ""
17793
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17794
"installation\">HTTPD Installation</ulink> section for details."
17795
msgstr ""
17796
17797
#: serverguide/C/mail.xml:867(para)
17798
msgid ""
17799
"For instructions on installing and configuring Postfix refer to <xref "
17800
"linkend=\"postfix\"/>"
17801
msgstr ""
17802
17803
#: serverguide/C/mail.xml:873(para)
17804
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17805
msgstr ""
17806
17807
#: serverguide/C/mail.xml:884(application)
17808
msgid "dc_use_split_config='true'"
17809
msgstr ""
17810
17811
#: serverguide/C/mail.xml:876(para)
17812
msgid ""
17813
"Once exim4 is installed, the configuration files are stored in the "
17814
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17815
"configuration files are split across different files. You can change this "
17816
"behavior by changing the following variable in the "
17817
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17818
msgstr ""
17819
17820
#: serverguide/C/mail.xml:891(para)
17821
msgid ""
17822
"To install <application>Mailman</application>, run following command at a "
17823
"terminal prompt:"
17824
msgstr ""
17825
17826
#: serverguide/C/mail.xml:895(command)
17827
msgid "sudo apt-get install mailman"
17828
msgstr ""
17829
17830
#: serverguide/C/mail.xml:897(para)
17831
msgid ""
17832
"It copies the installation files in "
17833
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17834
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17835
"creates <emphasis>list</emphasis> linux user. It creates the "
17836
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17837
"this user."
17838
msgstr ""
17839
17840
#: serverguide/C/mail.xml:909(para)
17841
msgid ""
17842
"This section assumes you have successfully installed "
17843
"<application>mailman</application>, <application>apache2</application>, and "
17844
"<application>postfix</application> or <application>exim4</application>. Now "
17845
"you just need to configure them."
17846
msgstr ""
17847
17848
#: serverguide/C/mail.xml:918(para)
17849
msgid ""
17850
"An example Apache configuration file comes with "
17851
"<application>Mailman</application> and is placed in "
17852
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17853
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17854
"available</filename>:"
17855
msgstr ""
17856
17857
#: serverguide/C/mail.xml:924(command)
17858
msgid ""
17859
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17860
msgstr ""
17861
17862
#: serverguide/C/mail.xml:926(para)
17863
msgid ""
17864
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17865
"Mailman administration site. Now enable the new configuration and restart "
17866
"Apache:"
17867
msgstr ""
17868
17869
#: serverguide/C/mail.xml:931(command)
17870
msgid "sudo a2ensite mailman.conf"
17871
msgstr ""
17872
17873
#: serverguide/C/mail.xml:934(para)
17874
msgid ""
17875
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17876
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17877
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17878
"can make changes to the <filename>/etc/apache2/sites-"
17879
"available/mailman.conf</filename> file if you wish to change this behavior."
17880
msgstr ""
17881
17882
#: serverguide/C/mail.xml:945(para)
17883
msgid ""
17884
"For <application>Postfix</application> integration, we will associate the "
17885
"domain lists.example.com with the mailing lists. Please replace "
17886
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
17887
msgstr ""
17888
17889
#: serverguide/C/mail.xml:949(para)
17890
msgid ""
17891
"You can use the postconf command to add the necessary configuration to "
17892
"<filename>/etc/postfix/main.cf</filename>:"
17893
msgstr ""
17894
17895
#: serverguide/C/mail.xml:953(command)
17896
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
17897
msgstr ""
17898
17899
#: serverguide/C/mail.xml:954(command)
17900
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
17901
msgstr ""
17902
17903
#: serverguide/C/mail.xml:955(command)
17904
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
17905
msgstr ""
17906
17907
#: serverguide/C/mail.xml:957(para)
17908
msgid ""
17909
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
17910
"the following transport:"
17911
msgstr ""
17912
17913
#: serverguide/C/mail.xml:960(programlisting)
17914
#, no-wrap
17915
msgid ""
17916
"\n"
17917
"mailman unix - n n - - pipe\n"
17918
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
17919
" ${nexthop} ${user}\n"
17920
msgstr ""
17921
17922
#: serverguide/C/mail.xml:965(para)
17923
msgid ""
17924
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
17925
"is delivered to a list."
17926
msgstr ""
17927
17928
#: serverguide/C/mail.xml:968(para)
17929
msgid ""
17930
"Associate the domain lists.example.com to the Mailman transport with the "
17931
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
17932
msgstr ""
17933
17934
#: serverguide/C/mail.xml:971(programlisting)
17935
#, no-wrap
17936
msgid ""
17937
"\n"
17938
"lists.example.com mailman:\n"
17939
msgstr ""
17940
17941
#: serverguide/C/mail.xml:974(para)
17942
msgid ""
17943
"Now have <application>Postfix</application> build the transport map by "
17944
"entering the following from a terminal prompt:"
17945
msgstr ""
17946
17947
#: serverguide/C/mail.xml:978(command)
17948
msgid "sudo postmap -v /etc/postfix/transport"
17949
msgstr ""
17950
17951
#: serverguide/C/mail.xml:980(para)
17952
msgid "Then restart Postfix to enable the new configurations:"
17953
msgstr ""
17954
17955
#: serverguide/C/mail.xml:989(para)
17956
msgid ""
17957
"Once Exim4 is installed, you can start the Exim server using the following "
17958
"command from a terminal prompt:"
17959
msgstr ""
17960
17961
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
17962
msgid "Main"
17963
msgstr ""
17964
17965
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
17966
msgid "Transport"
17967
msgstr ""
17968
17969
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
17970
msgid "Router"
17971
msgstr ""
17972
17973
#: serverguide/C/mail.xml:996(para)
17974
msgid ""
17975
"In order to make mailman work with Exim4, you need to configure Exim4. As "
17976
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
17977
"different types. For details, please refer to the <ulink "
17978
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
17979
"add new a configuration file to the following configuration types: "
17980
"<placeholder-1/> Exim creates a master configuration file by sorting all "
17981
"these mini configuration files. So, the order of these configuration files "
17982
"is very important."
17983
msgstr ""
17984
17985
#: serverguide/C/mail.xml:1027(programlisting)
17986
#, no-wrap
17987
msgid ""
17988
"\n"
17989
"# start\n"
17990
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
17991
"# directory.\n"
17992
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
17993
"# This is normally the same as ~mailman\n"
17994
"MM_HOME=/var/lib/mailman\n"
17995
"#\n"
17996
"# User and group for Mailman, should match your --with-mail-gid\n"
17997
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
17998
"MM_UID=list\n"
17999
"MM_GID=list\n"
18000
"#\n"
18001
"# Domains that your lists are in - colon separated list\n"
18002
"# you may wish to add these into local_domains as well\n"
18003
"domainlist mm_domains=hostname.com\n"
18004
"#\n"
18005
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18006
"#\n"
18007
"# These values are derived from the ones above and should not need\n"
18008
"# editing unless you have munged your mailman installation\n"
18009
"#\n"
18010
"# The path of the Mailman mail wrapper script\n"
18011
"MM_WRAP=MM_HOME/mail/mailman\n"
18012
"#\n"
18013
"# The path of the list config file (used as a required file when\n"
18014
"# verifying list addresses)\n"
18015
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18016
"# end\n"
18017
msgstr ""
18018
18019
#: serverguide/C/mail.xml:1021(para)
18020
msgid ""
18021
"All the configuration files belonging to the main type are stored in the "
18022
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18023
"following content to a new file, named <filename>04_exim4-"
18024
"config_mailman</filename>: <placeholder-1/>"
18025
msgstr ""
18026
18027
#: serverguide/C/mail.xml:1067(programlisting)
18028
#, no-wrap
18029
msgid ""
18030
"\n"
18031
" mailman_transport:\n"
18032
" driver = pipe\n"
18033
" command = MM_WRAP \\\n"
18034
" '${if def:local_part_suffix \\\n"
18035
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18036
"\\\n"
18037
" {post}}' \\\n"
18038
" $local_part\n"
18039
" current_directory = MM_HOME\n"
18040
" home_directory = MM_HOME\n"
18041
" user = MM_UID\n"
18042
" group = MM_GID\n"
18043
msgstr ""
18044
18045
#: serverguide/C/mail.xml:1061(para)
18046
msgid ""
18047
"All the configuration files belonging to transport type are stored in the "
18048
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18049
"following content to a new file named <filename> 40_exim4-"
18050
"config_mailman</filename>: <placeholder-1/>"
18051
msgstr ""
18052
18053
#: serverguide/C/mail.xml:1088(programlisting)
18054
#, no-wrap
18055
msgid ""
18056
"\n"
18057
" mailman_router:\n"
18058
" driver = accept\n"
18059
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18060
" local_part_suffix_optional\n"
18061
" local_part_suffix = -bounces : -bounces+* : \\\n"
18062
" -confirm+* : -join : -leave : \\\n"
18063
" -owner : -request : -admin\n"
18064
" transport = mailman_transport\n"
18065
msgstr ""
18066
18067
#: serverguide/C/mail.xml:1084(para)
18068
msgid ""
18069
"All the configuration files belonging to router type are stored in the "
18070
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18071
"following content in to a new file named <filename>101_exim4-"
18072
"config_mailman</filename>: <placeholder-1/>"
18073
msgstr ""
18074
18075
#: serverguide/C/mail.xml:1101(para)
18076
msgid ""
18077
"The order of main and transport configuration files can be in any order. "
18078
"But, the order of router configuration files must be the same. This "
18079
"particular file must appear before the <application>200_exim4-"
18080
"config_primary</application> file. These two configuration files contain "
18081
"same type of information. The first file takes the precedence. For more "
18082
"details, please refer to the references section."
18083
msgstr ""
18084
18085
#: serverguide/C/mail.xml:1114(para)
18086
msgid ""
18087
"Once mailman is installed, you can run it using the following command:"
18088
msgstr ""
18089
18090
#: serverguide/C/mail.xml:1118(command)
18091
msgid "sudo /etc/init.d/mailman start"
18092
msgstr ""
18093
18094
#: serverguide/C/mail.xml:1120(para)
18095
msgid ""
18096
"Once mailman is installed, you should create the default mailing list. Run "
18097
"the following command to create the mailing list:"
18098
msgstr ""
18099
18100
#: serverguide/C/mail.xml:1126(command)
18101
msgid "sudo /usr/sbin/newlist mailman"
18102
msgstr ""
18103
18104
#: serverguide/C/mail.xml:1129(programlisting)
18105
#, no-wrap
18106
msgid ""
18107
"\n"
18108
" Enter the email address of the person running the list: bhuvan at "
18109
"ubuntu.com\n"
18110
" Initial mailman password:\n"
18111
" To finish creating your mailing list, you must edit your "
18112
"<filename>/etc/aliases</filename> (or\n"
18113
" equivalent) file by adding the following lines, and possibly running the\n"
18114
" `newaliases' program:\n"
18115
"\n"
18116
" ## mailman mailing list\n"
18117
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18118
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18119
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18120
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18121
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18122
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18123
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18124
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18125
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18126
"mailman\"\n"
18127
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18128
"mailman\"\n"
18129
"\n"
18130
" Hit enter to notify mailman owner...\n"
18131
"\n"
18132
" # \n"
18133
msgstr ""
18134
18135
#: serverguide/C/mail.xml:1152(para)
18136
msgid ""
18137
"We have configured either Postfix or Exim4 to recognize all emails from "
18138
"mailman. So, it is not mandatory to make any new entries in "
18139
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18140
"configuration files, please ensure that you restart those services before "
18141
"continuing to next section."
18142
msgstr ""
18143
18144
#: serverguide/C/mail.xml:1160(para)
18145
msgid ""
18146
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18147
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18148
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18149
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18150
msgstr ""
18151
18152
#: serverguide/C/mail.xml:1171(title)
18153
msgid "Administration"
18154
msgstr ""
18155
18156
#: serverguide/C/mail.xml:1172(para)
18157
msgid ""
18158
"We assume you have a default installation. The mailman cgi scripts are still "
18159
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18160
"Mailman provides a web based administration facility. To access this page, "
18161
"point your browser to the following url:"
18162
msgstr ""
18163
18164
#: serverguide/C/mail.xml:1180(para)
18165
msgid "http://hostname/cgi-bin/mailman/admin"
18166
msgstr ""
18167
18168
#: serverguide/C/mail.xml:1184(para)
18169
msgid ""
18170
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18171
"screen. If you click the mailing list name, it will ask for your "
18172
"authentication password. If you enter the correct password, you will be able "
18173
"to change administrative settings of this mailing list. You can create a new "
18174
"mailing list using the command line utility "
18175
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18176
"mailing list using the web interface."
18177
msgstr ""
18178
18179
#: serverguide/C/mail.xml:1197(title)
18180
msgid "Users"
18181
msgstr ""
18182
18183
#: serverguide/C/mail.xml:1198(para)
18184
msgid ""
18185
"Mailman provides a web based interface for users. To access this page, point "
18186
"your browser to the following url:"
18187
msgstr ""
18188
18189
#: serverguide/C/mail.xml:1203(para)
18190
msgid "http://hostname/cgi-bin/mailman/listinfo"
18191
msgstr ""
18192
18193
#: serverguide/C/mail.xml:1207(para)
18194
msgid ""
18195
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18196
"screen. If you click the mailing list name, it will display the subscription "
18197
"form. You can enter your email address, name (optional), and password to "
18198
"subscribe. An email invitation will be sent to you. You can follow the "
18199
"instructions in the email to subscribe."
18200
msgstr ""
18201
18202
#: serverguide/C/mail.xml:1219(ulink)
18203
msgid "GNU Mailman - Installation Manual"
18204
msgstr ""
18205
18206
#: serverguide/C/mail.xml:1223(ulink)
18207
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18208
msgstr ""
18209
18210
#: serverguide/C/mail.xml:1226(para)
18211
msgid ""
18212
"Also, see the <ulink "
18213
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18214
"Wiki</ulink> page."
18215
msgstr ""
18216
18217
#: serverguide/C/mail.xml:1232(title)
18218
msgid "Mail Filtering"
18219
msgstr ""
18220
18221
#: serverguide/C/mail.xml:1233(para)
18222
msgid ""
18223
"One of the largest issues with email today is the problem of Unsolicited "
18224
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18225
"and other forms of malware. According to some reports these messages make up "
18226
"the bulk of all email traffic on the Internet."
18227
msgstr ""
18228
18229
#: serverguide/C/mail.xml:1238(para)
18230
msgid ""
18231
"This section will cover integrating <application>Amavisd-new</application>, "
18232
"<application>Spamassassin</application>, and "
18233
"<application>ClamAV</application> with the "
18234
"<application>Postfix</application> Mail Transport Agent (MTA). "
18235
"<application>Postfix</application> can also check email validity by passing "
18236
"it through external content filters. These filters can sometimes determine "
18237
"if a message is spam without needing to process it with more resource "
18238
"intensive applications. Two common filters are "
18239
"<application>opendkim</application> and <application>python-policyd-"
18240
"spf</application>."
18241
msgstr ""
18242
18243
#: serverguide/C/mail.xml:1248(para)
18244
msgid ""
18245
"<application>Amavisd-new</application> is a wrapper program that can call "
18246
"any number of content filtering programs for spam detection, antivirus, etc."
18247
msgstr ""
18248
18249
#: serverguide/C/mail.xml:1254(para)
18250
msgid ""
18251
"<application>Spamassassin</application> uses a variety of mechanisms to "
18252
"filter email based on the message content."
18253
msgstr ""
18254
18255
#: serverguide/C/mail.xml:1259(para)
18256
msgid ""
18257
"<application>ClamAV</application> is an open source antivirus application."
18258
msgstr ""
18259
18260
#: serverguide/C/mail.xml:1264(para)
18261
msgid ""
18262
"<application>opendkim</application> implements a Sendmail Mail Filter "
18263
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18264
msgstr ""
18265
18266
#: serverguide/C/mail.xml:1270(para)
18267
msgid ""
18268
"<application>python-policyd-spf</application> enables Sender Policy "
18269
"Framework (SPF) checking with <application>Postfix</application>."
18270
msgstr ""
18271
18272
#: serverguide/C/mail.xml:1275(para)
18273
msgid "This is how the pieces fit together:"
18274
msgstr ""
18275
18276
#: serverguide/C/mail.xml:1280(para)
18277
msgid "An email message is accepted by <application>Postfix</application>."
18278
msgstr ""
18279
18280
#: serverguide/C/mail.xml:1285(para)
18281
msgid ""
18282
"The message is passed through any external filters "
18283
"<application>opendkim</application> and <application>python-policyd-"
18284
"spf</application> in this case."
18285
msgstr ""
18286
18287
#: serverguide/C/mail.xml:1291(para)
18288
msgid "<application>Amavisd-new</application> then processes the message."
18289
msgstr ""
18290
18291
#: serverguide/C/mail.xml:1296(para)
18292
msgid ""
18293
"<application>ClamAV</application> is used to scan the message. If the "
18294
"message contains a virus <application>Postfix</application> will reject the "
18295
"message."
18296
msgstr ""
18297
18298
#: serverguide/C/mail.xml:1302(para)
18299
msgid ""
18300
"Clean messages will then be analyzed by "
18301
"<application>Spamassassin</application> to find out if the message is spam. "
18302
"<application>Spamassassin</application> will then add X-Header lines "
18303
"allowing <application>Amavisd-new</application> to further manipulate the "
18304
"message."
18305
msgstr ""
18306
18307
#: serverguide/C/mail.xml:1309(para)
18308
msgid ""
18309
"For example, if a message has a Spam score of over fifty the message could "
18310
"be automatically dropped from the queue without the recipient ever having to "
18311
"be bothered. Another, way to handle flagged messages is to deliver them to "
18312
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18313
"see fit."
18314
msgstr ""
18315
18316
#: serverguide/C/mail.xml:1316(para)
18317
msgid ""
18318
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18319
"configuring Postfix."
18320
msgstr ""
18321
18322
#: serverguide/C/mail.xml:1319(para)
18323
msgid ""
18324
"To install the rest of the applications enter the following from a terminal "
18325
"prompt:"
18326
msgstr ""
18327
18328
#: serverguide/C/mail.xml:1323(command)
18329
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18330
msgstr ""
18331
18332
#: serverguide/C/mail.xml:1324(command)
18333
msgid "sudo apt-get install opendkim python-policyd-spf"
18334
msgstr ""
18335
18336
#: serverguide/C/mail.xml:1326(para)
18337
msgid ""
18338
"There are some optional packages that integrate with "
18339
"<application>Spamassassin</application> for better spam detection:"
18340
msgstr ""
18341
18342
#: serverguide/C/mail.xml:1330(command)
18343
msgid "sudo apt-get install pyzor razor"
18344
msgstr ""
18345
18346
#: serverguide/C/mail.xml:1332(para)
18347
msgid ""
18348
"Along with the main filtering applications compression utilities are needed "
18349
"to process some email attachments:"
18350
msgstr ""
18351
18352
#: serverguide/C/mail.xml:1336(command)
18353
msgid ""
18354
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18355
msgstr ""
18356
18357
#: serverguide/C/mail.xml:1339(para)
18358
msgid ""
18359
"If some packages are not found, check that the "
18360
"<emphasis>multiverse</emphasis> repository is enabled in "
18361
"<filename>/etc/apt/sources.list</filename>"
18362
msgstr ""
18363
18364
#: serverguide/C/mail.xml:1340(para)
18365
msgid ""
18366
"If you make changes to the file, be sure to run <command>sudo apt-get "
18367
"update</command> before trying to install again."
18368
msgstr ""
18369
18370
#: serverguide/C/mail.xml:1345(para)
18371
msgid "Now configure everything to work together and filter email."
18372
msgstr ""
18373
18374
#: serverguide/C/mail.xml:1349(title)
18375
msgid "ClamAV"
18376
msgstr ""
18377
18378
#: serverguide/C/mail.xml:1350(para)
18379
msgid ""
18380
"The default behaviour of <application>ClamAV</application> will fit our "
18381
"needs. For more ClamAV configuration options, check the configuration files "
18382
"in <filename>/etc/clamav</filename>."
18383
msgstr ""
18384
18385
#: serverguide/C/mail.xml:1355(para)
18386
msgid ""
18387
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18388
"group in order for <application>Amavisd-new</application> to have the "
18389
"appropriate access to scan files:"
18390
msgstr ""
18391
18392
#: serverguide/C/mail.xml:1360(command)
18393
msgid "sudo adduser clamav amavis"
18394
msgstr ""
18395
18396
#: serverguide/C/mail.xml:1364(title)
18397
msgid "Spamassassin"
18398
msgstr ""
18399
18400
#: serverguide/C/mail.xml:1365(para)
18401
msgid ""
18402
"Spamassassin automatically detects optional components and will use them if "
18403
"they are present. This means that there is no need to configure "
18404
"<application>pyzor</application> and <application>razor</application>."
18405
msgstr ""
18406
18407
#: serverguide/C/mail.xml:1369(para)
18408
msgid ""
18409
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18410
"<application>Spamassassin</application> daemon. Change "
18411
"<emphasis>ENABLED=0</emphasis> to:"
18412
msgstr ""
18413
18414
#: serverguide/C/mail.xml:1373(programlisting)
18415
#, no-wrap
18416
msgid ""
18417
"\n"
18418
"ENABLED=1\n"
18419
msgstr ""
18420
18421
#: serverguide/C/mail.xml:1376(para)
18422
msgid "Now start the daemon:"
18423
msgstr ""
18424
18425
#: serverguide/C/mail.xml:1380(command)
18426
msgid "sudo /etc/init.d/spamassassin start"
18427
msgstr ""
18428
18429
#: serverguide/C/mail.xml:1384(title)
18430
msgid "Amavisd-new"
18431
msgstr ""
18432
18433
#: serverguide/C/mail.xml:1385(para)
18434
msgid ""
18435
"First activate spam and antivirus detection in <application>Amavisd-"
18436
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18437
"content_filter_mode</filename>:"
18438
msgstr ""
18439
18440
#: serverguide/C/mail.xml:1389(programlisting)
18441
#, no-wrap
18442
msgid ""
18443
"\n"
18444
"use strict;\n"
18445
"\n"
18446
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18447
"# and to re-enable antivirus checking.\n"
18448
"\n"
18449
"#\n"
18450
"# Default antivirus checking mode\n"
18451
"# Uncomment the two lines below to enable it\n"
18452
"#\n"
18453
"\n"
18454
"@bypass_virus_checks_maps = (\n"
18455
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18456
"$bypass_virus_checks_re);\n"
18457
"\n"
18458
"\n"
18459
"#\n"
18460
"# Default SPAM checking mode\n"
18461
"# Uncomment the two lines below to enable it\n"
18462
"#\n"
18463
"\n"
18464
"@bypass_spam_checks_maps = (\n"
18465
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18466
"$bypass_spam_checks_re);\n"
18467
"\n"
18468
"1; # insure a defined return\n"
18469
msgstr ""
18470
18471
#: serverguide/C/mail.xml:1414(para)
18472
msgid ""
18473
"Bouncing spam can be a bad idea as the return address is often faked. "
18474
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18475
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18476
"D_BOUNCE, as follows:"
18477
msgstr ""
18478
18479
#: serverguide/C/mail.xml:1420(programlisting)
18480
#, no-wrap
18481
msgid ""
18482
"\n"
18483
"$final_spam_destiny = D_DISCARD;\n"
18484
msgstr ""
18485
18486
#: serverguide/C/mail.xml:1424(para)
18487
msgid ""
18488
"Additionally, you may want to adjust the following options to flag more "
18489
"messages as spam:"
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:1428(programlisting)
18493
#, no-wrap
18494
msgid ""
18495
"\n"
18496
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18497
"level\n"
18498
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18499
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18500
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18501
msgstr ""
18502
18503
#: serverguide/C/mail.xml:1435(para)
18504
msgid ""
18505
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18506
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18507
"option. Also, if the server receives mail for multiple domains the "
18508
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18509
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18510
msgstr ""
18511
18512
#: serverguide/C/mail.xml:1442(programlisting)
18513
#, no-wrap
18514
msgid ""
18515
"\n"
18516
"$myhostname = 'mail.example.com';\n"
18517
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18518
msgstr ""
18519
18520
#: serverguide/C/mail.xml:1447(para)
18521
msgid ""
18522
"After configuration <application>Amavisd-new</application> needs to be "
18523
"restarted:"
18524
msgstr ""
18525
18526
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18527
msgid "sudo /etc/init.d/amavis restart"
18528
msgstr ""
18529
18530
#: serverguide/C/mail.xml:1454(title)
18531
msgid "DKIM Whitelist"
18532
msgstr ""
18533
18534
#: serverguide/C/mail.xml:1456(para)
18535
msgid ""
18536
"<application>Amavisd-new</application> can be configured to automatically "
18537
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18538
"Keys. There are some pre-configured domains in the "
18539
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18540
msgstr ""
18541
18542
#: serverguide/C/mail.xml:1462(para)
18543
msgid "There are multiple ways to configure the Whitelist for a domain:"
18544
msgstr ""
18545
18546
#: serverguide/C/mail.xml:1468(para)
18547
msgid ""
18548
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18549
"address from the \"example.com\" domain."
18550
msgstr ""
18551
18552
#: serverguide/C/mail.xml:1473(para)
18553
msgid ""
18554
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18555
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18556
"have a valid signature."
18557
msgstr ""
18558
18559
#: serverguide/C/mail.xml:1479(para)
18560
msgid ""
18561
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18562
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18563
"role=\"italic\">example.com</emphasis> the parent domain."
18564
msgstr ""
18565
18566
#: serverguide/C/mail.xml:1485(para)
18567
msgid ""
18568
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18569
"that have a valid signature from \"example.com\". This is usually used for "
18570
"discussion groups that sign their messages."
18571
msgstr ""
18572
18573
#: serverguide/C/mail.xml:1492(para)
18574
msgid ""
18575
"A domain can also have multiple Whitelist configurations. After, editing the "
18576
"file restart <application>amaisd-new</application>:"
18577
msgstr ""
18578
18579
#: serverguide/C/mail.xml:1501(para)
18580
msgid ""
18581
"In this context, once a domain has been added to the Whitelist the message "
18582
"will not receive any anti-virus or spam filtering. This may or may not be "
18583
"the intended behavior you wish for a domain."
18584
msgstr ""
18585
18586
#: serverguide/C/mail.xml:1511(para)
18587
msgid ""
18588
"For <application>Postfix</application> integration, enter the following from "
18589
"a terminal prompt:"
18590
msgstr ""
18591
18592
#: serverguide/C/mail.xml:1515(command)
18593
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18594
msgstr ""
18595
18596
#: serverguide/C/mail.xml:1517(para)
18597
msgid ""
18598
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18599
"to the end of the file:"
18600
msgstr ""
18601
18602
#: serverguide/C/mail.xml:1520(programlisting)
18603
#, no-wrap
18604
msgid ""
18605
"\n"
18606
"smtp-amavis unix - - - - 2 smtp\n"
18607
" -o smtp_data_done_timeout=1200\n"
18608
" -o smtp_send_xforward_command=yes\n"
18609
" -o disable_dns_lookups=yes\n"
18610
" -o max_use=20\n"
18611
"\n"
18612
"127.0.0.1:10025 inet n - - - - smtpd\n"
18613
" -o content_filter=\n"
18614
" -o local_recipient_maps=\n"
18615
" -o relay_recipient_maps=\n"
18616
" -o smtpd_restriction_classes=\n"
18617
" -o smtpd_delay_reject=no\n"
18618
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18619
" -o smtpd_helo_restrictions=\n"
18620
" -o smtpd_sender_restrictions=\n"
18621
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18622
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18623
" -o smtpd_end_of_data_restrictions=\n"
18624
" -o mynetworks=127.0.0.0/8\n"
18625
" -o smtpd_error_sleep_time=0\n"
18626
" -o smtpd_soft_error_limit=1001\n"
18627
" -o smtpd_hard_error_limit=1000\n"
18628
" -o smtpd_client_connection_count_limit=0\n"
18629
" -o smtpd_client_connection_rate_limit=0\n"
18630
" -o "
18631
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18632
msgstr ""
18633
18634
#: serverguide/C/mail.xml:1547(para)
18635
msgid ""
18636
"Also add the following two lines immediately below the "
18637
"<emphasis>\"pickup\"</emphasis> transport service:"
18638
msgstr ""
18639
18640
#: serverguide/C/mail.xml:1550(programlisting)
18641
#, no-wrap
18642
msgid ""
18643
"\n"
18644
" -o content_filter=\n"
18645
" -o receive_override_options=no_header_body_checks\n"
18646
msgstr ""
18647
18648
#: serverguide/C/mail.xml:1554(para)
18649
msgid ""
18650
"This will prevent messages that are generated to report on spam from being "
18651
"classified as spam."
18652
msgstr ""
18653
18654
#: serverguide/C/mail.xml:1557(para)
18655
msgid "Now restart <application>Postfix</application>:"
18656
msgstr ""
18657
18658
#: serverguide/C/mail.xml:1563(para)
18659
msgid "Content filtering with spam and virus detection is now enabled."
18660
msgstr ""
18661
18662
#: serverguide/C/mail.xml:1569(title)
18663
msgid "Amavisd-new and Spamassassin"
18664
msgstr ""
18665
18666
#: serverguide/C/mail.xml:1571(para)
18667
msgid ""
18668
"When integrating <application>Amavisd-new</application> with "
18669
"<application>Spamassassin</application>, if you choose to disable the bayes "
18670
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18671
"<application>cron</application> to update the nightly rules, the result can "
18672
"cause a situation where a large amount of error messages are sent to the "
18673
"<emphasis>amavis</emphasis> user via the amavisd-new "
18674
"<application>cron</application> job."
18675
msgstr ""
18676
18677
#: serverguide/C/mail.xml:1578(para)
18678
msgid "There are several ways to handle this situation:"
18679
msgstr ""
18680
18681
#: serverguide/C/mail.xml:1584(para)
18682
msgid "Configure your MDA to filter messages you do not wish to see."
18683
msgstr ""
18684
18685
#: serverguide/C/mail.xml:1589(para)
18686
msgid ""
18687
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18688
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18689
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18690
"the top before the <emphasis>test</emphasis> statements:"
18691
msgstr ""
18692
18693
#: serverguide/C/mail.xml:1593(programlisting)
18694
#, no-wrap
18695
msgid ""
18696
"\n"
18697
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18698
"exit 0\n"
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:1603(para)
18702
msgid ""
18703
"First, test that the <application>Amavisd-new</application> SMTP is "
18704
"listening:"
18705
msgstr ""
18706
18707
#: serverguide/C/mail.xml:1606(programlisting)
18708
#, no-wrap
18709
msgid ""
18710
"\n"
18711
"telnet localhost 10024\n"
18712
"Trying 127.0.0.1...\n"
18713
"Connected to localhost.\n"
18714
"Escape character is '^]'.\n"
18715
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18716
"^]\n"
18717
msgstr ""
18718
18719
#: serverguide/C/mail.xml:1614(para)
18720
msgid ""
18721
"In the Header of messages that go through the content filter you should see:"
18722
msgstr ""
18723
18724
#: serverguide/C/mail.xml:1617(programlisting)
18725
#, no-wrap
18726
msgid ""
18727
"\n"
18728
"X-Spam-Level: \n"
18729
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18730
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18731
"BAYES_00\n"
18732
"X-Spam-Level: \n"
18733
msgstr ""
18734
18735
#: serverguide/C/mail.xml:1624(para)
18736
msgid ""
18737
"Your output will vary, but the important thing is that there are <emphasis>X-"
18738
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18739
msgstr ""
18740
18741
#: serverguide/C/mail.xml:1632(para)
18742
msgid ""
18743
"The best way to figure out why something is going wrong is to check the log "
18744
"files."
18745
msgstr ""
18746
18747
#: serverguide/C/mail.xml:1637(para)
18748
msgid ""
18749
"For instructions on <application>Postfix</application> logging see the <xref "
18750
"linkend=\"postfix-troubleshooting\"/> section."
18751
msgstr ""
18752
18753
#: serverguide/C/mail.xml:1643(para)
18754
msgid ""
18755
"<application>Amavisd-new</application> uses "
18756
"<application>Syslog</application> to send messages to "
18757
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18758
"increased by adding the <emphasis>$log_level</emphasis> option to "
18759
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18760
"1 to 5."
18761
msgstr ""
18762
18763
#: serverguide/C/mail.xml:1648(programlisting)
18764
#, no-wrap
18765
msgid ""
18766
"\n"
18767
"$log_level = 2;\n"
18768
msgstr ""
18769
18770
#: serverguide/C/mail.xml:1652(para)
18771
msgid ""
18772
"When the <application>Amavisd-new</application> log output is increased "
18773
"<application>Spamassassin</application> log output is also increased."
18774
msgstr ""
18775
18776
#: serverguide/C/mail.xml:1659(para)
18777
msgid ""
18778
"The <application>ClamAV</application> log level can be increased by editing "
18779
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18780
msgstr ""
18781
18782
#: serverguide/C/mail.xml:1663(programlisting)
18783
#, no-wrap
18784
msgid ""
18785
"\n"
18786
"LogVerbose true\n"
18787
msgstr ""
18788
18789
#: serverguide/C/mail.xml:1666(para)
18790
msgid ""
18791
"By default <application>ClamAV</application> will send log messages to "
18792
"<filename>/var/log/clamav/clamav.log</filename>."
18793
msgstr ""
18794
18795
#: serverguide/C/mail.xml:1672(para)
18796
msgid ""
18797
"After changing an applications log settings remember to restart the service "
18798
"for the new settings to take affect. Also, once the issue you are "
18799
"troubleshooting is resolved it is a good idea to change the log settings "
18800
"back to normal."
18801
msgstr ""
18802
18803
#: serverguide/C/mail.xml:1680(para)
18804
msgid "For more information on filtering mail see the following links:"
18805
msgstr ""
18806
18807
#: serverguide/C/mail.xml:1686(ulink)
18808
msgid "Amavisd-new Documentation"
18809
msgstr ""
18810
18811
#: serverguide/C/mail.xml:1690(para)
18812
msgid ""
18813
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18814
"Documentation</ulink> and <ulink "
18815
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18816
msgstr ""
18817
18818
#: serverguide/C/mail.xml:1697(ulink)
18819
msgid "Spamassassin Wiki"
18820
msgstr ""
18821
18822
#: serverguide/C/mail.xml:1702(ulink)
18823
msgid "Pyzor Homepage"
18824
msgstr ""
18825
18826
#: serverguide/C/mail.xml:1707(ulink)
18827
msgid "Razor Homepage"
18828
msgstr ""
18829
18830
#: serverguide/C/mail.xml:1712(ulink)
18831
msgid "DKIM.org"
18832
msgstr ""
18833
18834
#: serverguide/C/mail.xml:1717(ulink)
18835
msgid "Postfix Amavis New"
18836
msgstr ""
18837
18838
#: serverguide/C/mail.xml:1721(para)
18839
msgid ""
18840
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18841
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18842
msgstr ""
18843
18844
#: serverguide/C/lamp-applications.xml:13(title)
18845
msgid "LAMP Applications"
18846
msgstr ""
18847
18848
#: serverguide/C/lamp-applications.xml:19(para)
18849
msgid ""
18850
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18851
"Ubuntu servers. There is a plethora of Open Source applications written "
18852
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18853
"Content Management Systems, and Management Software such as phpMyAdmin."
18854
msgstr ""
18855
18856
#: serverguide/C/lamp-applications.xml:26(para)
18857
msgid ""
18858
"One advantage of LAMP is the substantial flexibility for different database, "
18859
"web server, and scripting languages. Popular substitutes for MySQL include "
18860
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18861
"instead of PHP."
18862
msgstr ""
18863
18864
#: serverguide/C/lamp-applications.xml:32(para)
18865
msgid ""
18866
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18867
"is:"
18868
msgstr ""
18869
18870
#: serverguide/C/lamp-applications.xml:38(para)
18871
msgid "Download an archive containing the application source files."
18872
msgstr ""
18873
18874
#: serverguide/C/lamp-applications.xml:43(para)
18875
msgid ""
18876
"Unpack the archive, usually in a directory accessible to a web server."
18877
msgstr ""
18878
18879
#: serverguide/C/lamp-applications.xml:48(para)
18880
msgid ""
18881
"Depending on where the source was extracted, configure a web server to serve "
18882
"the files."
18883
msgstr ""
18884
18885
#: serverguide/C/lamp-applications.xml:53(para)
18886
msgid "Configure the application to connect to the database."
18887
msgstr ""
18888
18889
#: serverguide/C/lamp-applications.xml:58(para)
18890
msgid ""
18891
"Run a script, or browse to a page of the application, to install the "
18892
"database needed by the application."
18893
msgstr ""
18894
18895
#: serverguide/C/lamp-applications.xml:63(para)
18896
msgid ""
18897
"Once the steps above, or similar steps, are completed you are ready to begin "
18898
"using the application."
18899
msgstr ""
18900
18901
#: serverguide/C/lamp-applications.xml:69(para)
18902
msgid ""
18903
"A disadvantage of using this approach is that the application files are not "
18904
"placed in the file system in a standard way, which can cause confusion as to "
18905
"where the application is installed. Another larger disadvantage is updating "
18906
"the application. When a new version is released, the same process used to "
18907
"install the application is needed to apply updates."
18908
msgstr ""
18909
18910
#: serverguide/C/lamp-applications.xml:76(para)
18911
msgid ""
18912
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
18913
"packaged for Ubuntu, and are available for installation in the same way as "
18914
"non-LAMP applications. Depending on the application some extra configuration "
18915
"and setup steps may be needed, however."
18916
msgstr ""
18917
18918
#: serverguide/C/lamp-applications.xml:82(para)
18919
msgid ""
18920
"This section covers howto install and configure the Wiki applications "
18921
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
18922
"and the MySQL management application <application>phpMyAdmin</application>."
18923
msgstr ""
18924
18925
#: serverguide/C/lamp-applications.xml:88(para)
18926
msgid ""
18927
"A Wiki is a website that allows the visitors to easily add, remove and "
18928
"modify available content easily. The ease of interaction and operation makes "
18929
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
18930
"also referred to the collaborative software."
18931
msgstr ""
18932
18933
#: serverguide/C/lamp-applications.xml:100(title)
18934
msgid "Moin Moin"
18935
msgstr ""
18936
18937
#: serverguide/C/lamp-applications.xml:102(para)
18938
msgid ""
18939
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
18940
"engine, and licensed under the GNU GPL."
18941
msgstr ""
18942
18943
#: serverguide/C/lamp-applications.xml:110(para)
18944
msgid ""
18945
"To install <application>MoinMoin</application>, run the following command in "
18946
"the command prompt:"
18947
msgstr ""
18948
18949
#: serverguide/C/lamp-applications.xml:116(command)
18950
msgid "sudo apt-get install python-moinmoin"
18951
msgstr ""
18952
18953
#: serverguide/C/lamp-applications.xml:119(para)
18954
msgid ""
18955
"You should also install <application>apache2</application> web server. For "
18956
"installing <application>apache2</application> web server, please refer to "
18957
"<xref linkend=\"http-installation\"/> sub-section in <xref "
18958
"linkend=\"httpd\"/> section."
18959
msgstr ""
18960
18961
#: serverguide/C/lamp-applications.xml:130(para)
18962
msgid ""
18963
"For configuring your first Wiki application, please run the following set of "
18964
"commands. Let us assume that you are creating a Wiki named "
18965
"<emphasis>mywiki</emphasis>:"
18966
msgstr ""
18967
18968
#: serverguide/C/lamp-applications.xml:137(command)
18969
msgid "cd /usr/share/moin"
18970
msgstr ""
18971
18972
#: serverguide/C/lamp-applications.xml:138(command)
18973
msgid "sudo mkdir mywiki"
18974
msgstr ""
18975
18976
#: serverguide/C/lamp-applications.xml:139(command)
18977
msgid "sudo cp -R data mywiki"
18978
msgstr ""
18979
18980
#: serverguide/C/lamp-applications.xml:140(command)
18981
msgid "sudo cp -R underlay mywiki"
18982
msgstr ""
18983
18984
#: serverguide/C/lamp-applications.xml:141(command)
18985
msgid "sudo cp server/moin.cgi mywiki"
18986
msgstr ""
18987
18988
#: serverguide/C/lamp-applications.xml:142(command)
18989
msgid "sudo chown -R www-data.www-data mywiki"
18990
msgstr ""
18991
18992
#: serverguide/C/lamp-applications.xml:143(command)
18993
msgid "sudo chmod -R ug+rwX mywiki"
18994
msgstr ""
18995
18996
#: serverguide/C/lamp-applications.xml:144(command)
18997
msgid "sudo chmod -R o-rwx mywiki"
18998
msgstr ""
18999
19000
#: serverguide/C/lamp-applications.xml:147(para)
19001
msgid ""
19002
"Now you should configure <application>MoinMoin</application> to find your "
19003
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19004
"<application>MoinMoin</application>, open "
19005
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19006
msgstr ""
19007
19008
#: serverguide/C/lamp-applications.xml:155(programlisting)
19009
#, no-wrap
19010
msgid "data_dir = '/org/mywiki/data'"
19011
msgstr ""
19012
19013
#: serverguide/C/lamp-applications.xml:157(para)
19014
msgid "to"
19015
msgstr ""
19016
19017
#: serverguide/C/lamp-applications.xml:161(programlisting)
19018
#, no-wrap
19019
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19020
msgstr ""
19021
19022
#: serverguide/C/lamp-applications.xml:163(para)
19023
msgid ""
19024
"Also, below the <emphasis>data_dir</emphasis> option add the "
19025
"<emphasis>data_underlay_dir</emphasis>:"
19026
msgstr ""
19027
19028
#: serverguide/C/lamp-applications.xml:167(programlisting)
19029
#, no-wrap
19030
msgid ""
19031
"\n"
19032
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19033
msgstr ""
19034
19035
#: serverguide/C/lamp-applications.xml:172(para)
19036
msgid ""
19037
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19038
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19039
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19040
"change."
19041
msgstr ""
19042
19043
#: serverguide/C/lamp-applications.xml:181(para)
19044
msgid ""
19045
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19046
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19047
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19048
"<quote>(\"mywiki\", r\".*\")</quote>."
19049
msgstr ""
19050
19051
#: serverguide/C/lamp-applications.xml:189(para)
19052
msgid ""
19053
"Once you have configured <application>MoinMoin</application> to find your "
19054
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19055
"<application>apache2</application> and make it ready for your Wiki "
19056
"application."
19057
msgstr ""
19058
19059
#: serverguide/C/lamp-applications.xml:196(para)
19060
msgid ""
19061
"You should add the following lines in <filename>/etc/apache2/sites-"
19062
"available/default</filename> file inside the <quote><VirtualHost "
19063
"*></quote> tag:"
19064
msgstr ""
19065
19066
#: serverguide/C/lamp-applications.xml:202(programlisting)
19067
#, no-wrap
19068
msgid ""
19069
"\n"
19070
"### moin\n"
19071
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19072
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19073
" <Directory /usr/share/moin/htdocs>\n"
19074
" Order allow,deny\n"
19075
" allow from all\n"
19076
" </Directory>\n"
19077
"### end moin\n"
19078
msgstr ""
19079
19080
#: serverguide/C/lamp-applications.xml:214(para)
19081
msgid ""
19082
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19083
"<emphasis>alias</emphasis> line above, to the "
19084
"<application>moinmoin</application> version installed."
19085
msgstr ""
19086
19087
#: serverguide/C/lamp-applications.xml:220(para)
19088
msgid ""
19089
"Once you configure the <application>apache2</application> web server and "
19090
"make it ready for your Wiki application, you should restart it. You can run "
19091
"the following command to restart the <application>apache2</application> web "
19092
"server:"
19093
msgstr ""
19094
19095
#: serverguide/C/lamp-applications.xml:233(title)
19096
msgid "Verification"
19097
msgstr ""
19098
19099
#: serverguide/C/lamp-applications.xml:235(para)
19100
msgid ""
19101
"You can verify the Wiki application and see if it works by pointing your web "
19102
"browser to the following URL:"
19103
msgstr ""
19104
19105
#: serverguide/C/lamp-applications.xml:239(programlisting)
19106
#, no-wrap
19107
msgid ""
19108
"\n"
19109
"http://localhost/mywiki\n"
19110
msgstr ""
19111
19112
#: serverguide/C/lamp-applications.xml:243(para)
19113
msgid ""
19114
"You can also run the test command by pointing your web browser to the "
19115
"following URL:"
19116
msgstr ""
19117
19118
#: serverguide/C/lamp-applications.xml:248(programlisting)
19119
#, no-wrap
19120
msgid ""
19121
"\n"
19122
"http://localhost/mywiki?action=test\n"
19123
msgstr ""
19124
19125
#: serverguide/C/lamp-applications.xml:252(para)
19126
msgid ""
19127
"For more details, please refer to the <ulink "
19128
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19129
msgstr ""
19130
19131
#: serverguide/C/lamp-applications.xml:263(para)
19132
msgid ""
19133
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19134
"Wiki</ulink>."
19135
msgstr ""
19136
19137
#: serverguide/C/lamp-applications.xml:268(para)
19138
msgid ""
19139
"Also, see the <ulink "
19140
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19141
"MoinMoin</ulink> page."
19142
msgstr ""
19143
19144
#: serverguide/C/lamp-applications.xml:277(title)
19145
msgid "MediaWiki"
19146
msgstr ""
19147
19148
#: serverguide/C/lamp-applications.xml:279(para)
19149
msgid ""
19150
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19151
"either use <application>MySQL</application> or "
19152
"<application>PostgreSQL</application> Database Management System."
19153
msgstr ""
19154
19155
#: serverguide/C/lamp-applications.xml:289(para)
19156
msgid ""
19157
"Before installing <application>MediaWiki</application> you should also "
19158
"install <application>Apache2</application>, the "
19159
"<application>PHP5</application> scripting language and Database a Management "
19160
"System. <application>MySQL</application> or "
19161
"<application>PostgreSQL</application> are the most common, choose one "
19162
"depending on your need. Please refer to those sections in this manual for "
19163
"installation instructions."
19164
msgstr ""
19165
19166
#: serverguide/C/lamp-applications.xml:297(para)
19167
msgid ""
19168
"To install <application>MediaWiki</application>, run the following command "
19169
"in the command prompt:"
19170
msgstr ""
19171
19172
#: serverguide/C/lamp-applications.xml:303(command)
19173
msgid "sudo apt-get install mediawiki php5-gd"
19174
msgstr ""
19175
19176
#: serverguide/C/lamp-applications.xml:306(para)
19177
msgid ""
19178
"For additional <application>MediaWiki</application> functionality see the "
19179
"<application>mediawiki-extensions</application> package."
19180
msgstr ""
19181
19182
#: serverguide/C/lamp-applications.xml:316(para)
19183
msgid ""
19184
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19185
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19186
"directory. You should uncomment the following line in this file to access "
19187
"MediaWiki application."
19188
msgstr ""
19189
19190
#: serverguide/C/lamp-applications.xml:324(screen)
19191
#, no-wrap
19192
msgid ""
19193
"\n"
19194
"# Alias /mediawiki /var/lib/mediawiki\n"
19195
msgstr ""
19196
19197
#: serverguide/C/lamp-applications.xml:328(para)
19198
msgid ""
19199
"After you uncomment the above line, restart Apache server and access "
19200
"MediaWiki using the following url:"
19201
msgstr ""
19202
19203
#: serverguide/C/lamp-applications.xml:333(programlisting)
19204
#, no-wrap
19205
msgid ""
19206
"\n"
19207
"http://localhost/mediawiki/config/index.php\n"
19208
msgstr ""
19209
19210
#: serverguide/C/lamp-applications.xml:338(para)
19211
msgid ""
19212
"Please read the <quote>Checking environment...</quote> section in this page. "
19213
"You should be able to fix many issues by carefully reading this section."
19214
msgstr ""
19215
19216
#: serverguide/C/lamp-applications.xml:345(para)
19217
msgid ""
19218
"Once the configuration is complete, you should copy the "
19219
"<filename>LocalSettings.php</filename> file to "
19220
"<filename>/etc/mediawiki</filename> directory:"
19221
msgstr ""
19222
19223
#: serverguide/C/lamp-applications.xml:352(command)
19224
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19225
msgstr ""
19226
19227
#: serverguide/C/lamp-applications.xml:355(para)
19228
msgid ""
19229
"You may also want to edit "
19230
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19231
msgstr ""
19232
19233
#: serverguide/C/lamp-applications.xml:360(programlisting)
19234
#, no-wrap
19235
msgid ""
19236
"\n"
19237
"ini_set( 'memory_limit', '64M' );\n"
19238
msgstr ""
19239
19240
#: serverguide/C/lamp-applications.xml:367(title)
19241
msgid "Extensions"
19242
msgstr ""
19243
19244
#: serverguide/C/lamp-applications.xml:368(para)
19245
msgid ""
19246
"The extensions add new features and enhancements for the MediaWiki "
19247
"application. The extensions give wiki administrators and end users the "
19248
"ability to customize MediaWiki to their requirements."
19249
msgstr ""
19250
19251
#: serverguide/C/lamp-applications.xml:374(para)
19252
msgid ""
19253
"You can download MediaWiki extensions as an archive file or checkout from "
19254
"the Subversion repository. You should copy it to "
19255
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19256
"also add the following line at the end of file: "
19257
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19258
msgstr ""
19259
19260
#: serverguide/C/lamp-applications.xml:382(programlisting)
19261
#, no-wrap
19262
msgid ""
19263
"\n"
19264
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19265
msgstr ""
19266
19267
#: serverguide/C/lamp-applications.xml:392(para)
19268
msgid ""
19269
"For more details, please refer to the <ulink "
19270
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19271
msgstr ""
19272
19273
#: serverguide/C/lamp-applications.xml:398(para)
19274
msgid ""
19275
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19276
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19277
"new MediaWiki administrators."
19278
msgstr ""
19279
19280
#: serverguide/C/lamp-applications.xml:404(para)
19281
msgid ""
19282
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19283
"Wiki MediaWiki</ulink> page is a good resource."
19284
msgstr ""
19285
19286
#: serverguide/C/lamp-applications.xml:414(title)
19287
msgid "phpMyAdmin"
19288
msgstr ""
19289
19290
#: serverguide/C/lamp-applications.xml:416(para)
19291
msgid ""
19292
"<application>phpMyAdmin</application> is a LAMP application specifically "
19293
"written for administering <application>MySQL</application> servers. Written "
19294
"in <application>PHP</application>, and accessed through a web browser, "
19295
"phpMyAdmin provides a graphical interface for database administration tasks."
19296
msgstr ""
19297
19298
#: serverguide/C/lamp-applications.xml:425(para)
19299
msgid ""
19300
"Before installing <application>phpMyAdmin</application> you will need access "
19301
"to a <application>MySQL</application> database either on the same host as "
19302
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19303
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19304
"enter:"
19305
msgstr ""
19306
19307
#: serverguide/C/lamp-applications.xml:432(command)
19308
msgid "sudo apt-get install phpmyadmin"
19309
msgstr ""
19310
19311
#: serverguide/C/lamp-applications.xml:435(para)
19312
msgid ""
19313
"At the prompt choose which web server to be configured for "
19314
"<application>phpMyAdmin</application>. The rest of this section will use "
19315
"<application>Apache2</application> for the web server."
19316
msgstr ""
19317
19318
#: serverguide/C/lamp-applications.xml:440(para)
19319
msgid ""
19320
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19321
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19322
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19323
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19324
"user if you any setup, and enter the <application>MySQL</application> user's "
19325
"password."
19326
msgstr ""
19327
19328
#: serverguide/C/lamp-applications.xml:447(para)
19329
msgid ""
19330
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19331
"needed, create users, create/destroy databases and tables, etc."
19332
msgstr ""
19333
19334
#: serverguide/C/lamp-applications.xml:455(para)
19335
msgid ""
19336
"The configuration files for <application>phpMyAdmin</application> are "
19337
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19338
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19339
"configuration options that apply globally to "
19340
"<application>phpMyAdmin</application>."
19341
msgstr ""
19342
19343
#: serverguide/C/lamp-applications.xml:461(para)
19344
msgid ""
19345
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19346
"hosted on another server, adjust the following in "
19347
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19348
msgstr ""
19349
19350
#: serverguide/C/lamp-applications.xml:466(programlisting)
19351
#, no-wrap
19352
msgid ""
19353
"\n"
19354
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19355
msgstr ""
19356
19357
#: serverguide/C/lamp-applications.xml:471(para)
19358
msgid ""
19359
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19360
"remote database server name or IP address. Also, be sure that the "
19361
"<application>phpMyAdmin</application> host has permissions to access the "
19362
"remote database."
19363
msgstr ""
19364
19365
#: serverguide/C/lamp-applications.xml:477(para)
19366
msgid ""
19367
"Once configured, log out of <application>phpMyAdmin</application> and back "
19368
"in, and you should be accessing the new server."
19369
msgstr ""
19370
19371
#: serverguide/C/lamp-applications.xml:481(para)
19372
msgid ""
19373
"The <filename>config.header.inc.php</filename> and "
19374
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19375
"header and footer to <application>phpMyAdmin</application>."
19376
msgstr ""
19377
19378
#: serverguide/C/lamp-applications.xml:486(para)
19379
msgid ""
19380
"Another important configuration file is "
19381
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19382
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19383
"configure <application>Apache2</application> to serve the "
19384
"<application>phpMyAdmin</application> site. The file contains directives for "
19385
"loading <application>PHP</application>, directory permissions, etc. For more "
19386
"information on configuring <application>Apache2</application> see <xref "
19387
"linkend=\"httpd\"/>."
19388
msgstr ""
19389
19390
#: serverguide/C/lamp-applications.xml:500(para)
19391
msgid ""
19392
"The <application>phpMyAdmin</application> documentation comes installed with "
19393
"the package and can be accessed from the <emphasis>phpMyAdmin "
19394
"Documentation</emphasis> link (a question mark with a box around it) under "
19395
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19396
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19397
msgstr ""
19398
19399
#: serverguide/C/lamp-applications.xml:507(para)
19400
msgid ""
19401
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19402
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19403
msgstr ""
19404
19405
#: serverguide/C/lamp-applications.xml:512(para)
19406
msgid ""
19407
"A third resource is the <ulink "
19408
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19409
"Wiki</ulink> page."
19410
msgstr ""
19411
19412
#: serverguide/C/introduction.xml:14(para)
19413
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19414
msgstr ""
19415
19416
#: serverguide/C/introduction.xml:15(para)
19417
msgid ""
19418
"Here you can find information on how to install and configure various server "
19419
"applications. It is a step-by-step, task-oriented guide for configuring and "
19420
"customizing your system."
19421
msgstr ""
19422
19423
#: serverguide/C/introduction.xml:19(para)
19424
msgid ""
19425
"This guide assumes you have a basic understanding of your Ubuntu system. "
19426
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19427
"but if you need detailed instructions installing Ubuntu please refer to the "
19428
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19429
"Installation Guide</ulink>."
19430
msgstr ""
19431
19432
#: serverguide/C/introduction.xml:25(para)
19433
msgid ""
19434
"A HTML version of the manual is available online at <ulink "
19435
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19436
"HTML files are also available in the <application>ubuntu-"
19437
"serverguide</application> package. See <xref linkend=\"package-"
19438
"management\"/> for details on installing packages."
19439
msgstr ""
19440
19441
#: serverguide/C/introduction.xml:32(para)
19442
msgid ""
19443
"If you choose to install the <application>ubuntu-serverguide</application> "
19444
"you can view this document from a console by:"
19445
msgstr ""
19446
19447
#: serverguide/C/introduction.xml:36(command)
19448
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19449
msgstr ""
19450
19451
#: serverguide/C/introduction.xml:39(para)
19452
msgid ""
19453
"If you are using a localized version of Ubuntu, replace "
19454
"<emphasis>C</emphasis> with your language localization (e.g. "
19455
"<emphasis>en_GB</emphasis>)."
19456
msgstr ""
19457
19458
#: serverguide/C/introduction.xml:53(title)
19459
msgid "Support"
19460
msgstr ""
19461
19462
#: serverguide/C/introduction.xml:55(para)
19463
msgid ""
19464
"There are a couple of different ways that Ubuntu Server Edition is "
19465
"supported, commercial support and community support. The main commercial "
19466
"support (and development funding) is available from Canonical Ltd. They "
19467
"supply reasonably priced support contracts on a per desktop or per server "
19468
"basis. For more information see the <ulink "
19469
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19470
"page."
19471
msgstr ""
19472
19473
#: serverguide/C/introduction.xml:62(para)
19474
msgid ""
19475
"Community support is also provided by dedicated individuals, and companies, "
19476
"that wish to make Ubuntu the best distribution possible. Support is provided "
19477
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19478
"large amount of information available can be overwhelming, but a good search "
19479
"engine query can usually provide an answer to your questions. See the <ulink "
19480
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19481
"information."
19482
msgstr ""
19483
19484
#: serverguide/C/installation.xml:14(para)
19485
msgid ""
19486
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19487
"Edition. For more detailed instructions, please refer to the <ulink "
19488
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19489
"Installation Guide</ulink>."
19490
msgstr ""
19491
19492
#: serverguide/C/installation.xml:19(title)
19493
msgid "Preparing to Install"
19494
msgstr ""
19495
19496
#: serverguide/C/installation.xml:20(para)
19497
msgid ""
19498
"This section explains various aspects to consider before starting the "
19499
"installation."
19500
msgstr ""
19501
19502
#: serverguide/C/installation.xml:24(title)
19503
msgid "System Requirements"
19504
msgstr ""
19505
19506
#: serverguide/C/installation.xml:25(para)
19507
msgid ""
19508
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19509
"and AMD64. The table below lists recommended hardware specifications. "
19510
"Depending on your needs, you might manage with less than this. However, most "
19511
"users risk being frustrated if they ignore these suggestions."
19512
msgstr ""
19513
19514
#: serverguide/C/installation.xml:27(title)
19515
msgid "Recommended Minimum Requirements"
19516
msgstr ""
19517
19518
#: serverguide/C/installation.xml:35(para)
19519
msgid "Install Type"
19520
msgstr ""
19521
19522
#: serverguide/C/installation.xml:36(para)
19523
msgid "RAM"
19524
msgstr ""
19525
19526
#: serverguide/C/installation.xml:37(para)
19527
msgid "Hard Drive Space"
19528
msgstr ""
19529
19530
#: serverguide/C/installation.xml:40(para)
19531
msgid "Base System"
19532
msgstr ""
19533
19534
#: serverguide/C/installation.xml:41(para)
19535
msgid "All Tasks Installed"
19536
msgstr ""
19537
19538
#: serverguide/C/installation.xml:46(para)
19539
msgid "Server"
19540
msgstr ""
19541
19542
#: serverguide/C/installation.xml:47(para)
19543
msgid "128 megabytes"
19544
msgstr ""
19545
19546
#: serverguide/C/installation.xml:48(para)
19547
msgid "500 megabytes"
19548
msgstr ""
19549
19550
#: serverguide/C/installation.xml:49(para)
19551
msgid "1 gigabyte"
19552
msgstr ""
19553
19554
#: serverguide/C/installation.xml:54(para)
19555
msgid ""
19556
"The Server Edition provides a common base for all sorts of server "
19557
"applications. It is a minimalist design providing a platform for the desired "
19558
"services, such as file/print services, web hosting, email hosting, etc."
19559
msgstr ""
19560
19561
#: serverguide/C/installation.xml:60(para)
19562
msgid ""
19563
"The requirements for UEC are slightly different for Front End requirements "
19564
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19565
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19566
msgstr ""
19567
19568
#: serverguide/C/installation.xml:68(title)
19569
msgid "Server and Desktop Differences"
19570
msgstr ""
19571
19572
#: serverguide/C/installation.xml:69(para)
19573
msgid ""
19574
"There are a few differences between the <emphasis>Ubuntu Server "
19575
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19576
"should be noted that both editions use the same "
19577
"<application>apt</application> repositories. Making it just as easy to "
19578
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19579
"Desktop Edition as it is on the Server Edition."
19580
msgstr ""
19581
19582
#: serverguide/C/installation.xml:75(para)
19583
msgid ""
19584
"The differences between the two editions are the lack of an X window "
19585
"environment in the Server Edition, the installation process, and different "
19586
"Kernel options."
19587
msgstr ""
19588
19589
#: serverguide/C/installation.xml:82(title)
19590
msgid "Kernel Differences:"
19591
msgstr ""
19592
19593
#: serverguide/C/installation.xml:85(para)
19594
msgid ""
19595
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19596
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19597
"Edition."
19598
msgstr ""
19599
19600
#: serverguide/C/installation.xml:91(para)
19601
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19602
msgstr ""
19603
19604
#: serverguide/C/installation.xml:96(para)
19605
msgid ""
19606
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19607
"Desktop Edition."
19608
msgstr ""
19609
19610
#: serverguide/C/installation.xml:102(para)
19611
msgid ""
19612
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19613
"limited by memory addressing space."
19614
msgstr ""
19615
19616
#: serverguide/C/installation.xml:107(para)
19617
msgid ""
19618
"To see all kernel configuration options you can look through "
19619
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19620
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19621
"is a great resource on the options available."
19622
msgstr ""
19623
19624
#: serverguide/C/installation.xml:116(title)
19625
msgid "Backing Up"
19626
msgstr ""
19627
19628
#: serverguide/C/installation.xml:119(para)
19629
msgid ""
19630
"Before installing <application>Ubuntu Server Edition</application> you "
19631
"should make sure all data on the system is backed up. See <xref "
19632
"linkend=\"backups\"/> for backup options."
19633
msgstr ""
19634
19635
#: serverguide/C/installation.xml:123(para)
19636
msgid ""
19637
"If this is not the first time an operating system has been installed on your "
19638
"computer, it is likely you will need to re-partition your disk to make room "
19639
"for Ubuntu."
19640
msgstr ""
19641
19642
#: serverguide/C/installation.xml:127(para)
19643
msgid ""
19644
"Any time you partition your disk, you should be prepared to lose everything "
19645
"on the disk should you make a mistake or something goes wrong during "
19646
"partitioning. The programs used in installation are quite reliable, most "
19647
"have seen years of use, but they also perform destructive actions."
19648
msgstr ""
19649
19650
#: serverguide/C/installation.xml:139(title)
19651
msgid "Installing from CD"
19652
msgstr ""
19653
19654
#: serverguide/C/installation.xml:140(para)
19655
msgid ""
19656
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19657
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19658
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19659
"a graphical installation program. Instead the Server Edition uses a console "
19660
"menu based process."
19661
msgstr ""
19662
19663
#: serverguide/C/installation.xml:147(para)
19664
msgid ""
19665
"First, download and burn the appropriate ISO file from the <ulink "
19666
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19667
msgstr ""
19668
19669
#: serverguide/C/installation.xml:153(para)
19670
msgid "Boot the system from the CD-ROM drive."
19671
msgstr ""
19672
19673
#: serverguide/C/installation.xml:158(para)
19674
msgid ""
19675
"At the boot prompt you will be asked to select the language. Afterwards the "
19676
"installation process begins by asking for your keyboard layout."
19677
msgstr ""
19678
19679
#: serverguide/C/installation.xml:164(para)
19680
msgid ""
19681
"From the main boot menu there are some additional options to install Ubuntu "
19682
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19683
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19684
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19685
"will cover the basic Ubuntu Server install."
19686
msgstr ""
19687
19688
#: serverguide/C/installation.xml:172(para)
19689
msgid ""
19690
"The installer then discovers your hardware configuration, and configures the "
19691
"network settings using DHCP. If you do not wish to use DHCP at the next "
19692
"screen choose \"Go Back\", and you have the option to \"Configure the "
19693
"network manually\"."
19694
msgstr ""
19695
19696
#: serverguide/C/installation.xml:179(para)
19697
msgid "Next, the installer asks for the system's hostname and Time Zone."
19698
msgstr ""
19699
19700
#: serverguide/C/installation.xml:184(para)
19701
msgid ""
19702
"You can then choose from several options to configure the hard drive layout. "
19703
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19704
msgstr ""
19705
19706
#: serverguide/C/installation.xml:190(para)
19707
msgid "The Ubuntu base system is then installed."
19708
msgstr ""
19709
19710
#: serverguide/C/installation.xml:195(para)
19711
msgid ""
19712
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19713
"through the <application>sudo</application> utility."
19714
msgstr ""
19715
19716
#: serverguide/C/installation.xml:201(para)
19717
msgid ""
19718
"After the user is setup, you will be asked to encrypt your <filename "
19719
"role=\"directory\">home</filename> directory."
19720
msgstr ""
19721
19722
#: serverguide/C/installation.xml:207(para)
19723
msgid ""
19724
"The next step in the installation process is to decide how you want to "
19725
"update the system. There are three options:"
19726
msgstr ""
19727
19728
#: serverguide/C/installation.xml:213(para)
19729
msgid ""
19730
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19731
"log into the machine and manually install updates."
19732
msgstr ""
19733
19734
#: serverguide/C/installation.xml:219(para)
19735
msgid ""
19736
"<emphasis>Install security updates Automatically</emphasis>: will install "
19737
"the <application>unattended-upgrades</application> package, which will "
19738
"install security updates without the intervention of an administrator. For "
19739
"more details see <xref linkend=\"automatic-updates\"/>."
19740
msgstr ""
19741
19742
#: serverguide/C/installation.xml:226(para)
19743
msgid ""
19744
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19745
"service provided by Canonical to help manage your Ubuntu machines. See the "
19746
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19747
"site for details."
19748
msgstr ""
19749
19750
#: serverguide/C/installation.xml:235(para)
19751
msgid ""
19752
"You now have the option to install, or not install, several package tasks. "
19753
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19754
"to launch <application>aptitude</application> to choose specific packages to "
19755
"install. For more information see <xref linkend=\"aptitude\"/>."
19756
msgstr ""
19757
19758
#: serverguide/C/installation.xml:243(para)
19759
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19760
msgstr ""
19761
19762
#: serverguide/C/installation.xml:249(para)
19763
msgid ""
19764
"If at any point during installation you are not satisfied by the default "
19765
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19766
"detailed installation menu that will allow you to modify the default "
19767
"settings."
19768
msgstr ""
19769
19770
#: serverguide/C/installation.xml:254(para)
19771
msgid ""
19772
"At some point during the installation process you may want to read the help "
19773
"screen provided by the installation system. To do this, press F1."
19774
msgstr ""
19775
19776
#: serverguide/C/installation.xml:259(para)
19777
msgid ""
19778
"Once again, for detailed instructions see the <ulink "
19779
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19780
"Installation Guide</ulink>."
19781
msgstr ""
19782
19783
#: serverguide/C/installation.xml:265(title)
19784
msgid "Package Tasks"
19785
msgstr ""
19786
19787
#: serverguide/C/installation.xml:266(para)
19788
msgid ""
19789
"During the Server Edition installation you have the option of installing "
19790
"additional packages from the CD. The packages are grouped by the type of "
19791
"service they provide."
19792
msgstr ""
19793
19794
#: serverguide/C/installation.xml:272(para)
19795
msgid "Cloud computing: Walrus storage service"
19796
msgstr ""
19797
19798
#: serverguide/C/installation.xml:277(para)
19799
msgid "Cloud computing: all-in-one cluster"
19800
msgstr ""
19801
19802
#: serverguide/C/installation.xml:282(para)
19803
msgid "Cloud computing: Cluster controller"
19804
msgstr ""
19805
19806
#: serverguide/C/installation.xml:287(para)
19807
msgid "Cloud computing: Node controller"
19808
msgstr ""
19809
19810
#: serverguide/C/installation.xml:292(para)
19811
msgid "Cloud computing: Storage controller"
19812
msgstr ""
19813
19814
#: serverguide/C/installation.xml:297(para)
19815
msgid "Cloud computing: top-level cloud controller"
19816
msgstr ""
19817
19818
#: serverguide/C/installation.xml:302(para)
19819
msgid "DNS server: Selects the BIND DNS server and its documentation."
19820
msgstr ""
19821
19822
#: serverguide/C/installation.xml:307(para)
19823
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19824
msgstr ""
19825
19826
#: serverguide/C/installation.xml:312(para)
19827
msgid ""
19828
"Mail server: This task selects a variety of package useful for a general "
19829
"purpose mail server system."
19830
msgstr ""
19831
19832
#: serverguide/C/installation.xml:317(para)
19833
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19834
msgstr ""
19835
19836
#: serverguide/C/installation.xml:322(para)
19837
msgid ""
19838
"PostgreSQL database: This task selects client and server packages for the "
19839
"PostgreSQL database."
19840
msgstr ""
19841
19842
#: serverguide/C/installation.xml:327(para)
19843
msgid "Print server: This task sets up your system to be a print server."
19844
msgstr ""
19845
19846
#: serverguide/C/installation.xml:332(para)
19847
msgid ""
19848
"Samba File server: This task sets up your system to be a Samba file server, "
19849
"which is especially suitable in networks with both Windows and Linux systems."
19850
msgstr ""
19851
19852
#: serverguide/C/installation.xml:338(para)
19853
msgid ""
19854
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19855
"etc."
19856
msgstr ""
19857
19858
#: serverguide/C/installation.xml:343(para)
19859
msgid ""
19860
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19861
msgstr ""
19862
19863
#: serverguide/C/installation.xml:348(para)
19864
msgid ""
19865
"Manually select packages: Executes <application>apptitude</application> "
19866
"allowing you to individually select packages."
19867
msgstr ""
19868
19869
#: serverguide/C/installation.xml:353(para)
19870
msgid ""
19871
"Installing the package groups is accomplished using the "
19872
"<application>tasksel</application> utility. One of the important difference "
19873
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19874
"installed, a package is also configured to reasonable defaults, eventually "
19875
"prompting you for additional required information. Likewise, when installing "
19876
"a task, the packages are not only installed, but also configured to provided "
19877
"a fully integrated service."
19878
msgstr ""
19879
19880
#: serverguide/C/installation.xml:360(para)
19881
msgid ""
19882
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19883
"<xref linkend=\"uec\"/>."
19884
msgstr ""
19885
19886
#: serverguide/C/installation.xml:363(para)
19887
msgid ""
19888
"Once the installation process has finished you can view a list of available "
19889
"tasks by entering the following from a terminal prompt:"
19890
msgstr ""
19891
19892
#: serverguide/C/installation.xml:368(command)
19893
msgid "tasksel --list-tasks"
19894
msgstr ""
19895
19896
#: serverguide/C/installation.xml:371(para)
19897
msgid ""
19898
"The output will list tasks from other Ubuntu based distributions such as "
19899
"Kubuntu and Edubuntu. Note that you can also invoke the "
19900
"<command>tasksel</command> command by itself, which will bring up a menu of "
19901
"the different tasks available."
19902
msgstr ""
19903
19904
#: serverguide/C/installation.xml:377(para)
19905
msgid ""
19906
"You can view a list of which packages are installed with each task using the "
19907
"<emphasis>--task-packages</emphasis> option. For example, to list the "
19908
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
19909
"following:"
19910
msgstr ""
19911
19912
#: serverguide/C/installation.xml:382(command)
19913
msgid "tasksel --task-packages dns-server"
19914
msgstr ""
19915
19916
#: serverguide/C/installation.xml:384(para)
19917
msgid "The output of the command should list:"
19918
msgstr ""
19919
19920
#: serverguide/C/installation.xml:387(programlisting)
19921
#, no-wrap
19922
msgid ""
19923
"\n"
19924
"bind9-doc \n"
19925
"bind9utils \n"
19926
"bind9\n"
19927
msgstr ""
19928
19929
#: serverguide/C/installation.xml:392(para)
19930
msgid ""
19931
"Also, if you did not install one of the tasks during the installation "
19932
"process, but for example you decide to make your new LAMP server a DNS "
19933
"server as well. Simply insert the installation CD and from a terminal:"
19934
msgstr ""
19935
19936
#: serverguide/C/installation.xml:397(command)
19937
msgid "sudo tasksel install dns-server"
19938
msgstr ""
19939
19940
#: serverguide/C/installation.xml:402(title)
19941
msgid "Upgrading"
19942
msgstr ""
19943
19944
#: serverguide/C/installation.xml:403(para)
19945
msgid ""
19946
"There are several ways to upgrade from one Ubuntu release to another. This "
19947
"section gives an overview of the recommended upgrade method."
19948
msgstr ""
19949
19950
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
19951
msgid "do-release-upgrade"
19952
msgstr ""
19953
19954
#: serverguide/C/installation.xml:408(para)
19955
msgid ""
19956
"The recommended way to upgrade a Server Edition installation is to use the "
19957
"<application>do-release-upgrade</application> utility. Part of the "
19958
"<emphasis>update-manager-core</emphasis> package, it does not have any "
19959
"graphical dependencies and is installed by default."
19960
msgstr ""
19961
19962
#: serverguide/C/installation.xml:413(para)
19963
msgid ""
19964
"Debian based systems can also be upgraded by using <command>apt-get dist-"
19965
"upgrade</command>. However, using <application>do-release-"
19966
"upgrade</application> is recommended because it has the ability to handle "
19967
"system configuration changes sometimes needed between releases."
19968
msgstr ""
19969
19970
#: serverguide/C/installation.xml:418(para)
19971
msgid "To upgrade to a newer release, from a terminal prompt enter:"
19972
msgstr ""
19973
19974
#: serverguide/C/installation.xml:424(para)
19975
msgid ""
19976
"It is also possible to use <application>do-release-upgrade</application> to "
19977
"upgrade to a development version of Ubuntu. To accomplish this use the "
19978
"<emphasis>-d</emphasis> switch:"
19979
msgstr ""
19980
19981
#: serverguide/C/installation.xml:429(command)
19982
msgid "do-release-upgrade -d"
19983
msgstr ""
19984
19985
#: serverguide/C/installation.xml:432(para)
19986
msgid ""
19987
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
19988
"for production environments."
19989
msgstr ""
19990
19991
#: serverguide/C/installation.xml:439(title)
19992
msgid "Advanced Installation"
19993
msgstr ""
19994
19995
#: serverguide/C/installation.xml:442(title)
19996
msgid "Software RAID"
19997
msgstr ""
19998
19999
#: serverguide/C/installation.xml:444(para)
20000
msgid ""
20001
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20002
"the probability of catastrophic data loss in case of drive failure. RAID is "
20003
"implemented in either software (where the operating system knows about both "
20004
"drives and actively maintains both of them) or hardware (where a special "
20005
"controller makes the OS think there's only one drive and maintains the "
20006
"drives 'invisibly')."
20007
msgstr ""
20008
20009
#: serverguide/C/installation.xml:451(para)
20010
msgid ""
20011
"The RAID software included with current versions of Linux (and Ubuntu) is "
20012
"based on the <application>'mdadm'</application> driver and works very well, "
20013
"better even than many so-called 'hardware' RAID controllers. This section "
20014
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20015
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20016
"another for <emphasis>swap</emphasis>."
20017
msgstr ""
20018
20019
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20020
msgid ""
20021
"Follow the installation steps until you get to the <emphasis>Partition "
20022
"disks</emphasis> step, then:"
20023
msgstr ""
20024
20025
#: serverguide/C/installation.xml:468(para)
20026
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20027
msgstr ""
20028
20029
#: serverguide/C/installation.xml:475(para)
20030
msgid ""
20031
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20032
"partition table on this device?\"</emphasis>."
20033
msgstr ""
20034
20035
#: serverguide/C/installation.xml:479(para)
20036
msgid ""
20037
"Repeat this step for each drive you wish to be part of the RAID array."
20038
msgstr ""
20039
20040
#: serverguide/C/installation.xml:486(para)
20041
msgid ""
20042
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20043
"select <emphasis>\"Create a new partition\"</emphasis>."
20044
msgstr ""
20045
20046
#: serverguide/C/installation.xml:493(para)
20047
msgid ""
20048
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20049
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20050
"size is twice that of RAM. Enter the partition size, then choose "
20051
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20052
msgstr ""
20053
20054
#: serverguide/C/installation.xml:502(para)
20055
msgid ""
20056
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20057
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20058
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20059
"<emphasis>\"Done setting up partition\"</emphasis>."
20060
msgstr ""
20061
20062
#: serverguide/C/installation.xml:511(para)
20063
msgid ""
20064
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20065
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20066
"partition\"</emphasis>."
20067
msgstr ""
20068
20069
#: serverguide/C/installation.xml:519(para)
20070
msgid ""
20071
"Use the rest of the free space on the drive and choose "
20072
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20073
msgstr ""
20074
20075
#: serverguide/C/installation.xml:526(para)
20076
msgid ""
20077
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20078
"at the top, changing it to <emphasis>\"physical volume for "
20079
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20080
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20081
"<emphasis>\"Done setting up partition\"</emphasis>."
20082
msgstr ""
20083
20084
#: serverguide/C/installation.xml:536(para)
20085
msgid "Repeat steps three through eight for the other disk and partitions."
20086
msgstr ""
20087
20088
#: serverguide/C/installation.xml:545(title)
20089
msgid "RAID Configuration"
20090
msgstr ""
20091
20092
#: serverguide/C/installation.xml:547(para)
20093
msgid "With the partitions setup the arrays are ready to be configured:"
20094
msgstr ""
20095
20096
#: serverguide/C/installation.xml:554(para)
20097
msgid ""
20098
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20099
"Software RAID\"</emphasis> at the top."
20100
msgstr ""
20101
20102
#: serverguide/C/installation.xml:561(para)
20103
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20104
msgstr ""
20105
20106
#: serverguide/C/installation.xml:568(para)
20107
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20108
msgstr ""
20109
20110
#: serverguide/C/installation.xml:575(para)
20111
msgid ""
20112
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20113
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20114
msgstr ""
20115
20116
#: serverguide/C/installation.xml:581(para)
20117
msgid ""
20118
"In order to use <emphasis>RAID5</emphasis> you need at least "
20119
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20120
"<emphasis>two</emphasis> drives are required."
20121
msgstr ""
20122
20123
#: serverguide/C/installation.xml:590(para)
20124
msgid ""
20125
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20126
"of hard drives you have, for the array. Then select "
20127
"<emphasis>\"Continue\"</emphasis>."
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:598(para)
20131
msgid ""
20132
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20133
"default, then choose <emphasis>\"Continue\"</emphasis>."
20134
msgstr ""
20135
20136
#: serverguide/C/installation.xml:605(para)
20137
msgid ""
20138
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20139
"etc. The numbers will usually match and the different letters correspond to "
20140
"different hard drives."
20141
msgstr ""
20142
20143
#: serverguide/C/installation.xml:610(para)
20144
msgid ""
20145
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20146
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20147
"go to the next step."
20148
msgstr ""
20149
20150
#: serverguide/C/installation.xml:618(para)
20151
msgid ""
20152
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20153
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20154
"and <emphasis>sdb2</emphasis>."
20155
msgstr ""
20156
20157
#: serverguide/C/installation.xml:626(para)
20158
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20159
msgstr ""
20160
20161
#: serverguide/C/installation.xml:636(title)
20162
msgid "Formatting"
20163
msgstr ""
20164
20165
#: serverguide/C/installation.xml:638(para)
20166
msgid ""
20167
"There should now be a list of hard drives and RAID devices. The next step is "
20168
"to format and set the mount point for the RAID devices. Treat the RAID "
20169
"device as a local hard drive, format and mount accordingly."
20170
msgstr ""
20171
20172
#: serverguide/C/installation.xml:646(para)
20173
msgid ""
20174
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20175
"#0\"</emphasis> partition."
20176
msgstr ""
20177
20178
#: serverguide/C/installation.xml:653(para)
20179
msgid ""
20180
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20181
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20182
msgstr ""
20183
20184
#: serverguide/C/installation.xml:661(para)
20185
msgid ""
20186
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20187
"#1\"</emphasis> partition."
20188
msgstr ""
20189
20190
#: serverguide/C/installation.xml:668(para)
20191
msgid ""
20192
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20193
"journaling file system\"</emphasis>."
20194
msgstr ""
20195
20196
#: serverguide/C/installation.xml:675(para)
20197
msgid ""
20198
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20199
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20200
"options as appropriate, then select <emphasis>\"Done setting up "
20201
"partition\"</emphasis>."
20202
msgstr ""
20203
20204
#: serverguide/C/installation.xml:683(para)
20205
msgid ""
20206
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20207
"disk\"</emphasis>."
20208
msgstr ""
20209
20210
#: serverguide/C/installation.xml:690(para)
20211
msgid ""
20212
"If you choose to place the root partition on a RAID array, the installer "
20213
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20214
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:695(para)
20218
msgid "The installation process will then continue normally."
20219
msgstr ""
20220
20221
#: serverguide/C/installation.xml:701(title)
20222
msgid "Degraded RAID"
20223
msgstr ""
20224
20225
#: serverguide/C/installation.xml:703(para)
20226
msgid ""
20227
"At some point in the life of the computer a disk failure event may occur. "
20228
"When this happens, using Software RAID, the operating system will place the "
20229
"array into what is known as a <emphasis>degraded</emphasis> state."
20230
msgstr ""
20231
20232
#: serverguide/C/installation.xml:708(para)
20233
msgid ""
20234
"If the array has become degraded, due to the chance of data corruption, by "
20235
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20236
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20237
"second prompt giving you the option to go ahead and boot the system, or "
20238
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20239
"the desired behavior, especially if the machine is in a remote location. "
20240
"Booting to a degraded array can be configured several ways:"
20241
msgstr ""
20242
20243
#: serverguide/C/installation.xml:719(para)
20244
msgid ""
20245
"The <application>dpkg-reconfigure</application> utility can be used to "
20246
"configure the default behavior, and during the process you will be queried "
20247
"about additional settings related to the array. Such as monitoring, email "
20248
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20249
"following:"
20250
msgstr ""
20251
20252
#: serverguide/C/installation.xml:726(command)
20253
msgid "sudo dpkg-reconfigure mdadm"
20254
msgstr ""
20255
20256
#: serverguide/C/installation.xml:732(para)
20257
msgid ""
20258
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20259
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20260
"The file has the advantage of being able to pre-configure the system's "
20261
"behavior, and can also be manually edited:"
20262
msgstr ""
20263
20264
#: serverguide/C/installation.xml:738(programlisting)
20265
#, no-wrap
20266
msgid ""
20267
"\n"
20268
"BOOT_DEGRADED=true\n"
20269
msgstr ""
20270
20271
#: serverguide/C/installation.xml:743(para)
20272
msgid "The configuration file can be overridden by using a Kernel argument."
20273
msgstr ""
20274
20275
#: serverguide/C/installation.xml:751(para)
20276
msgid ""
20277
"Using a Kernel argument will allow the system to boot to a degraded array as "
20278
"well:"
20279
msgstr ""
20280
20281
#: serverguide/C/installation.xml:757(para)
20282
msgid ""
20283
"When the server is booting press <keycap>Shift</keycap> to open the "
20284
"<application>Grub</application> menu."
20285
msgstr ""
20286
20287
#: serverguide/C/installation.xml:762(para)
20288
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20289
msgstr ""
20290
20291
#: serverguide/C/installation.xml:767(para)
20292
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20293
msgstr ""
20294
20295
#: serverguide/C/installation.xml:772(para)
20296
msgid ""
20297
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20298
"end of the line."
20299
msgstr ""
20300
20301
#: serverguide/C/installation.xml:777(para)
20302
msgid ""
20303
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20304
"the system."
20305
msgstr ""
20306
20307
#: serverguide/C/installation.xml:786(para)
20308
msgid ""
20309
"Once the system has booted you can either repair the array see <xref "
20310
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20311
"another machine due to major hardware failure."
20312
msgstr ""
20313
20314
#: serverguide/C/installation.xml:793(title)
20315
msgid "RAID Maintenance"
20316
msgstr ""
20317
20318
#: serverguide/C/installation.xml:795(para)
20319
msgid ""
20320
"The <application>mdadm</application> utility can be used to view the status "
20321
"of an array, add disks to an array, remove disks, etc:"
20322
msgstr ""
20323
20324
#: serverguide/C/installation.xml:802(para)
20325
msgid "To view the status of an array, from a terminal prompt enter:"
20326
msgstr ""
20327
20328
#: serverguide/C/installation.xml:806(command)
20329
msgid "sudo mdadm -D /dev/md0"
20330
msgstr ""
20331
20332
#: serverguide/C/installation.xml:809(para)
20333
msgid ""
20334
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20335
"display <emphasis>detailed</emphasis> information about the "
20336
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20337
"with the appropriate RAID device."
20338
msgstr ""
20339
20340
#: serverguide/C/installation.xml:815(para)
20341
msgid "To view the status of a disk in an array:"
20342
msgstr ""
20343
20344
#: serverguide/C/installation.xml:819(command)
20345
msgid "sudo mdadm -E /dev/sda1"
20346
msgstr ""
20347
20348
#: serverguide/C/installation.xml:821(para)
20349
msgid ""
20350
"The output if very similar to the <command>mdadm -D</command> command, "
20351
"adjust <filename>/dev/sda1</filename> for each disk."
20352
msgstr ""
20353
20354
#: serverguide/C/installation.xml:826(para)
20355
msgid "If a disk fails and needs to be removed from an array enter:"
20356
msgstr ""
20357
20358
#: serverguide/C/installation.xml:830(command)
20359
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20360
msgstr ""
20361
20362
#: serverguide/C/installation.xml:832(para)
20363
msgid ""
20364
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20365
"the appropriate RAID device and disk."
20366
msgstr ""
20367
20368
#: serverguide/C/installation.xml:837(para)
20369
msgid "Similarly, to add a new disk:"
20370
msgstr ""
20371
20372
#: serverguide/C/installation.xml:841(command)
20373
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20374
msgstr ""
20375
20376
#: serverguide/C/installation.xml:846(para)
20377
msgid ""
20378
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20379
"though there is nothing physically wrong with the drive. It is usually "
20380
"worthwhile to remove the drive from the array then re-add it. This will "
20381
"cause the drive to re-sync with the array. If the drive will not sync with "
20382
"the array, it is a good indication of hardware failure."
20383
msgstr ""
20384
20385
#: serverguide/C/installation.xml:852(para)
20386
msgid ""
20387
"The <filename>/proc/mdstat</filename> file also contains useful information "
20388
"about the system's RAID devices:"
20389
msgstr ""
20390
20391
#: serverguide/C/installation.xml:857(command)
20392
msgid "cat /proc/mdstat"
20393
msgstr ""
20394
20395
#: serverguide/C/installation.xml:858(computeroutput)
20396
#, no-wrap
20397
msgid ""
20398
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20399
"[raid10] \n"
20400
"md0 : active raid1 sda1[0] sdb1[1]\n"
20401
" 10016384 blocks [2/2] [UU]\n"
20402
" \n"
20403
"unused devices: <none>"
20404
msgstr ""
20405
20406
#: serverguide/C/installation.xml:865(para)
20407
msgid ""
20408
"The following command is great for watching the status of a syncing drive:"
20409
msgstr ""
20410
20411
#: serverguide/C/installation.xml:870(command)
20412
msgid "watch -n1 cat /proc/mdstat"
20413
msgstr ""
20414
20415
#: serverguide/C/installation.xml:873(para)
20416
msgid ""
20417
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20418
"<application>watch</application> command."
20419
msgstr ""
20420
20421
#: serverguide/C/installation.xml:877(para)
20422
msgid ""
20423
"If you do need to replace a faulty drive, after the drive has been replaced "
20424
"and synced, <application>grub</application> will need to be installed. To "
20425
"install <application>grub</application> on the new drive, enter the "
20426
"following:"
20427
msgstr ""
20428
20429
#: serverguide/C/installation.xml:883(command)
20430
msgid "sudo grub-install /dev/md0"
20431
msgstr ""
20432
20433
#: serverguide/C/installation.xml:886(para)
20434
msgid ""
20435
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20436
msgstr ""
20437
20438
#: serverguide/C/installation.xml:894(para)
20439
msgid ""
20440
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20441
"can be configured. Please see the following links for more information:"
20442
msgstr ""
20443
20444
#: serverguide/C/installation.xml:901(para)
20445
msgid ""
20446
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20447
"Wiki Articles on RAID</ulink>."
20448
msgstr ""
20449
20450
#: serverguide/C/installation.xml:907(ulink)
20451
msgid "Software RAID HOWTO"
20452
msgstr ""
20453
20454
#: serverguide/C/installation.xml:912(ulink)
20455
msgid "Managing RAID on Linux"
20456
msgstr ""
20457
20458
#: serverguide/C/installation.xml:919(title)
20459
msgid "Logical Volume Manager (LVM)"
20460
msgstr ""
20461
20462
#: serverguide/C/installation.xml:921(para)
20463
msgid ""
20464
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20465
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20466
"hard disks. LVM volumes can be created on both software RAID partitions and "
20467
"standard partitions residing on a single disk. Volumes can also be extended, "
20468
"giving greater flexibility to systems as requirements change."
20469
msgstr ""
20470
20471
#: serverguide/C/installation.xml:930(para)
20472
msgid ""
20473
"A side effect of LVM's power and flexibility is a greater degree of "
20474
"complication. Before diving into the LVM installation process, it is best to "
20475
"get familiar with some terms."
20476
msgstr ""
20477
20478
#: serverguide/C/installation.xml:937(para)
20479
msgid ""
20480
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20481
"Volumes (LV)."
20482
msgstr ""
20483
20484
#: serverguide/C/installation.xml:942(para)
20485
msgid ""
20486
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20487
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20488
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20489
msgstr ""
20490
20491
#: serverguide/C/installation.xml:948(para)
20492
msgid ""
20493
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20494
"RAID partition. The Volume Group can be extended by adding more PVs."
20495
msgstr ""
20496
20497
#: serverguide/C/installation.xml:959(para)
20498
msgid ""
20499
"As an example this section covers installing Ubuntu Server Edition with "
20500
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20501
"the initial install only one Physical Volume (PV) will be part of the Volume "
20502
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20503
"can be extended."
20504
msgstr ""
20505
20506
#: serverguide/C/installation.xml:965(para)
20507
msgid ""
20508
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20509
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20510
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20511
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20512
"partitions and configure LVM. At this time the only way to configure a "
20513
"system with both LVM and standard partitions, during installation, is to use "
20514
"the Manual approach."
20515
msgstr ""
20516
20517
#: serverguide/C/installation.xml:982(para)
20518
msgid ""
20519
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20520
"<emphasis>\"Manual\"</emphasis>."
20521
msgstr ""
20522
20523
#: serverguide/C/installation.xml:989(para)
20524
msgid ""
20525
"Select the hard disk and on the next screen choose \"yes\" to "
20526
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20527
msgstr ""
20528
20529
#: serverguide/C/installation.xml:996(para)
20530
msgid ""
20531
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20532
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20533
msgstr ""
20534
20535
#: serverguide/C/installation.xml:1004(para)
20536
msgid ""
20537
"For the LVM <emphasis>/srv</emphasis>, create a new "
20538
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20539
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20540
"<emphasis>\"Done setting up the partition\"</emphasis>."
20541
msgstr ""
20542
20543
#: serverguide/C/installation.xml:1012(para)
20544
msgid ""
20545
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20546
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20547
"disk."
20548
msgstr ""
20549
20550
#: serverguide/C/installation.xml:1020(para)
20551
msgid ""
20552
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20553
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20554
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20555
"After entering a name, select the partition configured for LVM, and choose "
20556
"<emphasis>\"Continue\"</emphasis>."
20557
msgstr ""
20558
20559
#: serverguide/C/installation.xml:1029(para)
20560
msgid ""
20561
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20562
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20563
"volume group, and enter a name for the new LV, for example "
20564
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20565
"a size, which may be the full partition because it can always be extended "
20566
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20567
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20568
msgstr ""
20569
20570
#: serverguide/C/installation.xml:1039(para)
20571
msgid ""
20572
"Now add a filesystem to the new LVM. Select the partition under "
20573
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20574
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20575
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20576
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20577
msgstr ""
20578
20579
#: serverguide/C/installation.xml:1048(para)
20580
msgid ""
20581
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20582
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20583
"the installation."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:1056(para)
20587
msgid "There are some useful utilities to view information about LVM:"
20588
msgstr ""
20589
20590
#: serverguide/C/installation.xml:1061(para)
20591
msgid ""
20592
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20593
msgstr ""
20594
20595
#: serverguide/C/installation.xml:1062(para)
20596
msgid ""
20597
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20598
msgstr ""
20599
20600
#: serverguide/C/installation.xml:1063(para)
20601
msgid ""
20602
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20603
"Physical Volumes."
20604
msgstr ""
20605
20606
#: serverguide/C/installation.xml:1068(title)
20607
msgid "Extending Volume Groups"
20608
msgstr ""
20609
20610
#: serverguide/C/installation.xml:1070(para)
20611
msgid ""
20612
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20613
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20614
"adding it to the volume group (VG), extending the logical volume <filename "
20615
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20616
"example assumes a second hard disk has been added to the system. This hard "
20617
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20618
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20619
"before issuing the commands below. You could lose some data if you issue "
20620
"those commands on a non-empty disk. In our example we will use the entire "
20621
"disk as a physical volume (you could choose to create partitions and use "
20622
"them as different physical volumes)"
20623
msgstr ""
20624
20625
#: serverguide/C/installation.xml:1082(para)
20626
msgid "First, create the physical volume, in a terminal execute:"
20627
msgstr ""
20628
20629
#: serverguide/C/installation.xml:1087(command)
20630
msgid "sudo pvcreate /dev/sdb"
20631
msgstr ""
20632
20633
#: serverguide/C/installation.xml:1093(para)
20634
msgid "Now extend the Volume Group (VG):"
20635
msgstr ""
20636
20637
#: serverguide/C/installation.xml:1098(command)
20638
msgid "sudo vgextend vg01 /dev/sdb"
20639
msgstr ""
20640
20641
#: serverguide/C/installation.xml:1104(para)
20642
msgid ""
20643
"Use <application>vgdisplay</application> to find out the free physical "
20644
"extents - Free PE / size (the size you can allocate). We will assume a free "
20645
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20646
"whole free space available. Use your own PE and/or free space."
20647
msgstr ""
20648
20649
#: serverguide/C/installation.xml:1110(para)
20650
msgid ""
20651
"The Logical Volume (LV) can now be extended by different methods, we will "
20652
"only see how to use the PE to extend the LV:"
20653
msgstr ""
20654
20655
#: serverguide/C/installation.xml:1115(command)
20656
msgid "sudo lvextend /dev/vg01/srv -l +511"
20657
msgstr ""
20658
20659
#: serverguide/C/installation.xml:1118(para)
20660
msgid ""
20661
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20662
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20663
"Gig, Tera, etc bytes."
20664
msgstr ""
20665
20666
#: serverguide/C/installation.xml:1126(para)
20667
msgid ""
20668
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20669
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20670
"practice to unmount it anyway and check the filesystem, so that you don't "
20671
"mess up the day you want to reduce a logical volume (in that case unmounting "
20672
"first is compulsory)."
20673
msgstr ""
20674
20675
#: serverguide/C/installation.xml:1132(para)
20676
msgid ""
20677
"The following commands are for an <emphasis>EXT3</emphasis> or "
20678
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20679
"there may be other utilities available."
20680
msgstr ""
20681
20682
#: serverguide/C/installation.xml:1139(command)
20683
msgid "sudo e2fsck -f /dev/vg01/srv"
20684
msgstr ""
20685
20686
#: serverguide/C/installation.xml:1142(para)
20687
msgid ""
20688
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20689
"forces checking even if the system seems clean."
20690
msgstr ""
20691
20692
#: serverguide/C/installation.xml:1149(para)
20693
msgid "Finally, resize the filesystem:"
20694
msgstr ""
20695
20696
#: serverguide/C/installation.xml:1154(command)
20697
msgid "sudo resize2fs /dev/vg01/srv"
20698
msgstr ""
20699
20700
#: serverguide/C/installation.xml:1160(para)
20701
msgid "Now mount the partition and check its size."
20702
msgstr ""
20703
20704
#: serverguide/C/installation.xml:1165(command)
20705
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20706
msgstr ""
20707
20708
#: serverguide/C/installation.xml:1177(para)
20709
msgid ""
20710
"See the <ulink "
20711
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20712
"Articles</ulink>."
20713
msgstr ""
20714
20715
#: serverguide/C/installation.xml:1182(para)
20716
msgid ""
20717
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20718
"HOWTO</ulink> for more information."
20719
msgstr ""
20720
20721
#: serverguide/C/installation.xml:1187(para)
20722
msgid ""
20723
"Another good article is <ulink "
20724
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20725
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20726
"linuxdevcenter.com site."
20727
msgstr ""
20728
20729
#: serverguide/C/installation.xml:1194(para)
20730
msgid ""
20731
"For more information on <application>fdisk</application> see the <ulink "
20732
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20733
"sk man page</ulink>."
20734
msgstr ""
20735
20736
#: serverguide/C/file-server.xml:13(title)
20737
msgid "File Servers"
20738
msgstr ""
20739
20740
#: serverguide/C/file-server.xml:15(para)
20741
msgid ""
20742
"If you have more than one computer on a single network. At some point you "
20743
"will probably need to share files between them. In this section we cover "
20744
"installing and configuring FTP, NFS, and CUPS."
20745
msgstr ""
20746
20747
#: serverguide/C/file-server.xml:22(title)
20748
msgid "FTP Server"
20749
msgstr ""
20750
20751
#: serverguide/C/file-server.xml:24(para)
20752
msgid ""
20753
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20754
"files between computers. FTP works on a client/server model. The server "
20755
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20756
"listens for FTP requests from remote clients. When a request is received, it "
20757
"manages the login and sets up the connection. For the duration of the "
20758
"session it executes any of commands sent by the FTP client."
20759
msgstr ""
20760
20761
#: serverguide/C/file-server.xml:33(para)
20762
msgid "Access to an FTP server can be managed in two ways:"
20763
msgstr ""
20764
20765
#: serverguide/C/file-server.xml:37(para)
20766
msgid "Anonymous"
20767
msgstr ""
20768
20769
#: serverguide/C/file-server.xml:40(para)
20770
msgid "Authenticated"
20771
msgstr ""
20772
20773
#: serverguide/C/file-server.xml:43(para)
20774
msgid ""
20775
"In the Anonymous mode, remote clients can access the FTP server by using the "
20776
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20777
"address as the password. In the Authenticated mode a user must have an "
20778
"account and a password. User access to the FTP server directories and files "
20779
"is dependent on the permissions defined for the account used at login. As a "
20780
"general rule, the FTP daemon will hide the root directory of the FTP server "
20781
"and change it to the FTP Home directory. This hides the rest of the file "
20782
"system from remote sessions."
20783
msgstr ""
20784
20785
#: serverguide/C/file-server.xml:55(title)
20786
msgid "vsftpd - FTP Server Installation"
20787
msgstr ""
20788
20789
#: serverguide/C/file-server.xml:57(para)
20790
msgid ""
20791
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20792
"and maintain. To install <application>vsftpd</application> you can run the "
20793
"following command:"
20794
msgstr ""
20795
20796
#: serverguide/C/file-server.xml:65(command)
20797
msgid "sudo apt-get install vsftpd"
20798
msgstr ""
20799
20800
#: serverguide/C/file-server.xml:71(title)
20801
msgid "Anonymous FTP Configuration"
20802
msgstr ""
20803
20804
#: serverguide/C/file-server.xml:73(para)
20805
msgid ""
20806
"By default <application>vsftpd</application> is configured to only allow "
20807
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20808
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20809
"default FTP directory."
20810
msgstr ""
20811
20812
#: serverguide/C/file-server.xml:80(para)
20813
msgid ""
20814
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20815
"example, simply create a directory in another location and change the "
20816
"<emphasis>ftp</emphasis> user's home directory:"
20817
msgstr ""
20818
20819
#: serverguide/C/file-server.xml:87(command)
20820
msgid "sudo mkdir /srv/ftp"
20821
msgstr ""
20822
20823
#: serverguide/C/file-server.xml:88(command)
20824
msgid "sudo usermod -d /srv/ftp ftp"
20825
msgstr ""
20826
20827
#: serverguide/C/file-server.xml:91(para)
20828
msgid "After making the change restart <application>vsftpd</application>:"
20829
msgstr ""
20830
20831
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20832
msgid "sudo /etc/init.d/vsftpd restart"
20833
msgstr ""
20834
20835
#: serverguide/C/file-server.xml:99(para)
20836
msgid ""
20837
"Finally, copy any files and directories you would like to make available "
20838
"through anonymous FTP to <filename>/srv/ftp</filename>."
20839
msgstr ""
20840
20841
#: serverguide/C/file-server.xml:106(title)
20842
msgid "User Authenticated FTP Configuration"
20843
msgstr ""
20844
20845
#: serverguide/C/file-server.xml:108(para)
20846
msgid ""
20847
"To configure <application>vsftpd</application> to authenticate system users "
20848
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20849
msgstr ""
20850
20851
#: serverguide/C/file-server.xml:114(programlisting)
20852
#, no-wrap
20853
msgid ""
20854
"\n"
20855
"local_enable=YES\n"
20856
"write_enable=YES\n"
20857
msgstr ""
20858
20859
#: serverguide/C/file-server.xml:119(para)
20860
msgid "Now restart <application>vsftpd</application>:"
20861
msgstr ""
20862
20863
#: serverguide/C/file-server.xml:127(para)
20864
msgid ""
20865
"Now when system users login to FTP they will start in their "
20866
"<emphasis>home</emphasis> directories where they can download, upload, "
20867
"create directories, etc."
20868
msgstr ""
20869
20870
#: serverguide/C/file-server.xml:133(para)
20871
msgid ""
20872
"Similarly, by default, the anonymous users are not allowed to upload files "
20873
"to FTP server. To change this setting, you should uncomment the following "
20874
"line, and restart <application>vsftpd</application>:"
20875
msgstr ""
20876
20877
#: serverguide/C/file-server.xml:140(programlisting)
20878
#, no-wrap
20879
msgid ""
20880
"\n"
20881
"anon_upload_enable=YES\n"
20882
msgstr ""
20883
20884
#: serverguide/C/file-server.xml:145(para)
20885
msgid ""
20886
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20887
"not enable anonymous upload on servers accessed directly from the Internet."
20888
msgstr ""
20889
20890
#: serverguide/C/file-server.xml:151(para)
20891
msgid ""
20892
"The configuration file consists of many configuration parameters. The "
20893
"information about each parameter is available in the configuration file. "
20894
"Alternatively, you can refer to the man page, <command>man 5 "
20895
"vsftpd.conf</command> for details of each parameter."
20896
msgstr ""
20897
20898
#: serverguide/C/file-server.xml:162(title)
20899
msgid "Securing FTP"
20900
msgstr ""
20901
20902
#: serverguide/C/file-server.xml:164(para)
20903
msgid ""
20904
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
20905
"<application>vsftpd</application> more secure. For example users can be "
20906
"limited to their home directories by uncommenting:"
20907
msgstr ""
20908
20909
#: serverguide/C/file-server.xml:170(programlisting)
20910
#, no-wrap
20911
msgid ""
20912
"\n"
20913
"chroot_local_user=YES\n"
20914
msgstr ""
20915
20916
#: serverguide/C/file-server.xml:174(para)
20917
msgid ""
20918
"You can also limit a specific list of users to just their home directories:"
20919
msgstr ""
20920
20921
#: serverguide/C/file-server.xml:178(programlisting)
20922
#, no-wrap
20923
msgid ""
20924
"\n"
20925
"chroot_list_enable=YES\n"
20926
"chroot_list_file=/etc/vsftpd.chroot_list\n"
20927
msgstr ""
20928
20929
#: serverguide/C/file-server.xml:183(para)
20930
msgid ""
20931
"After uncommenting the above options, create a "
20932
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
20933
"per line. Then restart <application>vsftpd</application>:"
20934
msgstr ""
20935
20936
#: serverguide/C/file-server.xml:192(para)
20937
msgid ""
20938
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
20939
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
20940
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
20941
"add them to the list."
20942
msgstr ""
20943
20944
#: serverguide/C/file-server.xml:199(para)
20945
msgid ""
20946
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
20947
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
20948
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
20949
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
20950
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
20951
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
20952
"with a shell may not be ideal for some environments, such as a shared web "
20953
"host."
20954
msgstr ""
20955
20956
#: serverguide/C/file-server.xml:208(para)
20957
msgid ""
20958
"To configure <emphasis>FTPS</emphasis>, edit "
20959
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
20960
msgstr ""
20961
20962
#: serverguide/C/file-server.xml:212(programlisting)
20963
#, no-wrap
20964
msgid ""
20965
"\n"
20966
"ssl_enable=Yes\n"
20967
msgstr ""
20968
20969
#: serverguide/C/file-server.xml:216(para)
20970
msgid "Also, notice the certificate and key related options:"
20971
msgstr ""
20972
20973
#: serverguide/C/file-server.xml:220(programlisting)
20974
#, no-wrap
20975
msgid ""
20976
"\n"
20977
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
20978
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
20979
msgstr ""
20980
20981
#: serverguide/C/file-server.xml:225(para)
20982
msgid ""
20983
"By default these options are set the certificate and key provided by the "
20984
"<application>ssl-cert</application> package. In a production environment "
20985
"these should be replaced with a certificate and key generated for the "
20986
"specific host. For more information on certificates see <xref "
20987
"linkend=\"certificates-and-security\"/>."
20988
msgstr ""
20989
20990
#: serverguide/C/file-server.xml:231(para)
20991
msgid ""
20992
"Now restart <application>vsftpd</application>, and non-anonymous users will "
20993
"be forced to use <emphasis>FTPS</emphasis>:"
20994
msgstr ""
20995
20996
#: serverguide/C/file-server.xml:240(para)
20997
msgid ""
20998
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
20999
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21000
"adding the <emphasis>nologin</emphasis> shell:"
21001
msgstr ""
21002
21003
#: serverguide/C/file-server.xml:245(programlisting)
21004
#, no-wrap
21005
msgid ""
21006
"\n"
21007
"# /etc/shells: valid login shells\n"
21008
"/bin/csh\n"
21009
"/bin/sh\n"
21010
"/usr/bin/es\n"
21011
"/usr/bin/ksh\n"
21012
"/bin/ksh\n"
21013
"/usr/bin/rc\n"
21014
"/usr/bin/tcsh\n"
21015
"/bin/tcsh\n"
21016
"/usr/bin/esh\n"
21017
"/bin/dash\n"
21018
"/bin/bash\n"
21019
"/bin/rbash\n"
21020
"/usr/bin/screen\n"
21021
"/usr/sbin/nologin\n"
21022
msgstr ""
21023
21024
#: serverguide/C/file-server.xml:263(para)
21025
msgid ""
21026
"This is necessary because, by default <application>vsftpd</application> uses "
21027
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21028
"configuration file contains:"
21029
msgstr ""
21030
21031
#: serverguide/C/file-server.xml:268(programlisting)
21032
#, no-wrap
21033
msgid ""
21034
"\n"
21035
"auth required pam_shells.so\n"
21036
msgstr ""
21037
21038
#: serverguide/C/file-server.xml:272(para)
21039
msgid ""
21040
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21041
"in the <filename>/etc/shells</filename> file."
21042
msgstr ""
21043
21044
#: serverguide/C/file-server.xml:277(para)
21045
msgid ""
21046
"Most popular FTP clients can be configured connect using FTPS. The "
21047
"<application>lftp</application> command line FTP client has the ability to "
21048
"use FTPS as well."
21049
msgstr ""
21050
21051
#: serverguide/C/file-server.xml:288(para)
21052
msgid ""
21053
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21054
"website</ulink> for more information."
21055
msgstr ""
21056
21057
#: serverguide/C/file-server.xml:293(para)
21058
msgid ""
21059
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21060
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21061
"\">vsftpd.conf man page</ulink>."
21062
msgstr ""
21063
21064
#: serverguide/C/file-server.xml:299(para)
21065
msgid ""
21066
"The CodeGurus article <ulink "
21067
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21068
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21069
"contrasting FTPS and SFTP."
21070
msgstr ""
21071
21072
#: serverguide/C/file-server.xml:305(para)
21073
msgid ""
21074
"Also, for more information see the <ulink "
21075
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21076
"page."
21077
msgstr ""
21078
21079
#: serverguide/C/file-server.xml:315(title)
21080
msgid "Network File System (NFS)"
21081
msgstr ""
21082
21083
#: serverguide/C/file-server.xml:316(para)
21084
msgid ""
21085
"NFS allows a system to share directories and files with others over a "
21086
"network. By using NFS, users and programs can access files on remote systems "
21087
"almost as if they were local files."
21088
msgstr ""
21089
21090
#: serverguide/C/file-server.xml:322(para)
21091
msgid "Some of the most notable benefits that NFS can provide are:"
21092
msgstr ""
21093
21094
#: serverguide/C/file-server.xml:328(para)
21095
msgid ""
21096
"Local workstations use less disk space because commonly used data can be "
21097
"stored on a single machine and still remain accessible to others over the "
21098
"network."
21099
msgstr ""
21100
21101
#: serverguide/C/file-server.xml:333(para)
21102
msgid ""
21103
"There is no need for users to have separate home directories on every "
21104
"network machine. Home directories could be set up on the NFS server and made "
21105
"available throughout the network."
21106
msgstr ""
21107
21108
#: serverguide/C/file-server.xml:339(para)
21109
msgid ""
21110
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21111
"be used by other machines on the network. This may reduce the number of "
21112
"removable media drives throughout the network."
21113
msgstr ""
21114
21115
#: serverguide/C/file-server.xml:349(para)
21116
msgid ""
21117
"At a terminal prompt enter the following command to install the NFS Server:"
21118
msgstr ""
21119
21120
#: serverguide/C/file-server.xml:355(command)
21121
msgid "sudo apt-get install nfs-kernel-server"
21122
msgstr ""
21123
21124
#: serverguide/C/file-server.xml:361(para)
21125
msgid ""
21126
"You can configure the directories to be exported by adding them to the "
21127
"<filename>/etc/exports</filename> file. For example:"
21128
msgstr ""
21129
21130
#: serverguide/C/file-server.xml:366(screen)
21131
#, no-wrap
21132
msgid ""
21133
"\n"
21134
"/ubuntu *(ro,sync,no_root_squash)\n"
21135
"/home *(rw,sync,no_root_squash)\n"
21136
msgstr ""
21137
21138
#: serverguide/C/file-server.xml:372(para)
21139
msgid ""
21140
"You can replace * with one of the hostname formats. Make the hostname "
21141
"declaration as specific as possible so unwanted systems cannot access the "
21142
"NFS mount."
21143
msgstr ""
21144
21145
#: serverguide/C/file-server.xml:378(para)
21146
msgid ""
21147
"To start the NFS server, you can run the following command at a terminal "
21148
"prompt:"
21149
msgstr ""
21150
21151
#: serverguide/C/file-server.xml:383(command)
21152
msgid "sudo /etc/init.d/nfs-kernel-server start"
21153
msgstr ""
21154
21155
#: serverguide/C/file-server.xml:388(title)
21156
msgid "NFS Client Configuration"
21157
msgstr ""
21158
21159
#: serverguide/C/file-server.xml:389(para)
21160
msgid ""
21161
"Use the <application>mount</application> command to mount a shared NFS "
21162
"directory from another machine, by typing a command line similar to the "
21163
"following at a terminal prompt:"
21164
msgstr ""
21165
21166
#: serverguide/C/file-server.xml:395(command)
21167
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21168
msgstr ""
21169
21170
#: serverguide/C/file-server.xml:399(para)
21171
msgid ""
21172
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21173
"There should be no files or subdirectories in the "
21174
"<filename>/local/ubuntu</filename> directory."
21175
msgstr ""
21176
21177
#: serverguide/C/file-server.xml:406(para)
21178
msgid ""
21179
"An alternate way to mount an NFS share from another machine is to add a line "
21180
"to the <filename>/etc/fstab</filename> file. The line must state the "
21181
"hostname of the NFS server, the directory on the server being exported, and "
21182
"the directory on the local machine where the NFS share is to be mounted."
21183
msgstr ""
21184
21185
#: serverguide/C/file-server.xml:414(para)
21186
msgid ""
21187
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21188
"as follows:"
21189
msgstr ""
21190
21191
#: serverguide/C/file-server.xml:420(programlisting)
21192
#, no-wrap
21193
msgid ""
21194
"\n"
21195
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21196
"rsize=8192,wsize=8192,timeo=14,intr\n"
21197
msgstr ""
21198
21199
#: serverguide/C/file-server.xml:424(para)
21200
msgid ""
21201
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21202
"common</application> package is installed on your client. To install "
21203
"<application>nfs-common</application> enter the following command at the "
21204
"terminal prompt: <screen>\n"
21205
"<command>sudo apt-get install nfs-common</command>\n"
21206
"</screen>"
21207
msgstr ""
21208
21209
#: serverguide/C/file-server.xml:437(ulink)
21210
msgid "Linux NFS faq"
21211
msgstr ""
21212
21213
#: serverguide/C/file-server.xml:439(ulink)
21214
msgid "Ubuntu Wiki NFS Howto"
21215
msgstr ""
21216
21217
#: serverguide/C/file-server.xml:445(title)
21218
msgid "CUPS - Print Server"
21219
msgstr ""
21220
21221
#: serverguide/C/file-server.xml:446(para)
21222
msgid ""
21223
"The primary mechanism for Ubuntu printing and print services is the "
21224
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21225
"printing system is a freely available, portable printing layer which has "
21226
"become the new standard for printing in most Linux distributions."
21227
msgstr ""
21228
21229
#: serverguide/C/file-server.xml:453(para)
21230
msgid ""
21231
"CUPS manages print jobs and queues and provides network printing using the "
21232
"standard Internet Printing Protocol (IPP), while offering support for a very "
21233
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21234
"also supports PostScript Printer Description (PPD) and auto-detection of "
21235
"network printers, and features a simple web-based configuration and "
21236
"administration tool."
21237
msgstr ""
21238
21239
#: serverguide/C/file-server.xml:463(para)
21240
msgid ""
21241
"To install CUPS on your Ubuntu computer, simply use "
21242
"<application>sudo</application> with the <application>apt-get</application> "
21243
"command and give the packages to install as the first parameter. A complete "
21244
"CUPS install has many package dependencies, but they may all be specified on "
21245
"the same command line. Enter the following at a terminal prompt to install "
21246
"CUPS:"
21247
msgstr ""
21248
21249
#: serverguide/C/file-server.xml:468(command)
21250
msgid "sudo apt-get install cups"
21251
msgstr ""
21252
21253
#: serverguide/C/file-server.xml:471(para)
21254
msgid ""
21255
"Upon authenticating with your user password, the packages should be "
21256
"downloaded and installed without error. Upon the conclusion of installation, "
21257
"the CUPS server will be started automatically."
21258
msgstr ""
21259
21260
#: serverguide/C/file-server.xml:476(para)
21261
msgid ""
21262
"For troubleshooting purposes, you can access CUPS server errors via the "
21263
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21264
"error log does not show enough information to troubleshoot any problems you "
21265
"encounter, the verbosity of the CUPS log can be increased by changing the "
21266
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21267
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21268
"everything, from the default of \"info\". If you make this change, remember "
21269
"to change it back once you've solved your problem, to prevent the log file "
21270
"from becoming overly large."
21271
msgstr ""
21272
21273
#: serverguide/C/file-server.xml:489(para)
21274
msgid ""
21275
"The Common UNIX Printing System server's behavior is configured through the "
21276
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21277
"The CUPS configuration file follows the same syntax as the primary "
21278
"configuration file for the Apache HTTP server, so users familiar with "
21279
"editing Apache's configuration file should feel at ease when editing the "
21280
"CUPS configuration file. Some examples of settings you may wish to change "
21281
"initially will be presented here."
21282
msgstr ""
21283
21284
#: serverguide/C/file-server.xml:499(para)
21285
msgid ""
21286
"Prior to editing the configuration file, you should make a copy of the "
21287
"original file and protect it from writing, so you will have the original "
21288
"settings as a reference, and to reuse as necessary."
21289
msgstr ""
21290
21291
#: serverguide/C/file-server.xml:503(para)
21292
msgid ""
21293
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21294
"writing with the following commands, issued at a terminal prompt:"
21295
msgstr ""
21296
21297
#: serverguide/C/file-server.xml:509(command)
21298
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21299
msgstr ""
21300
21301
#: serverguide/C/file-server.xml:510(command)
21302
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21303
msgstr ""
21304
21305
#: serverguide/C/file-server.xml:515(para)
21306
msgid ""
21307
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21308
"address of the designated administrator of the CUPS server, simply edit the "
21309
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21310
"preferred text editor, and add or modify the <emphasis "
21311
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21312
"you are the Administrator for the CUPS server, and your e-mail address is "
21313
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21314
"as such:"
21315
msgstr ""
21316
21317
#: serverguide/C/file-server.xml:526(screen)
21318
#, no-wrap
21319
msgid ""
21320
"\n"
21321
"ServerAdmin bjoy@somebigco.com\n"
21322
msgstr ""
21323
21324
#: serverguide/C/file-server.xml:532(para)
21325
msgid ""
21326
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21327
"server installation listens only on the loopback interface at IP address "
21328
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21329
"listen on an actual network adapter's IP address, you must specify either a "
21330
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21331
"addition of a Listen directive. For example, if your CUPS server resides on "
21332
"a local network at the IP address <emphasis "
21333
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21334
"accessible to the other systems on this subnetwork, you would edit the "
21335
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21336
"such:"
21337
msgstr ""
21338
21339
#: serverguide/C/file-server.xml:546(screen)
21340
#, no-wrap
21341
msgid ""
21342
"\n"
21343
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21344
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21345
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21346
"(IPP)\n"
21347
msgstr ""
21348
21349
#: serverguide/C/file-server.xml:552(para)
21350
msgid ""
21351
"In the example above, you may comment out or remove the reference to the "
21352
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21353
"</application> to listen on that interface, but would rather have it only "
21354
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21355
"listening for all network interfaces for which a certain hostname is bound, "
21356
"including the Loopback, you could create a Listen entry for the hostname "
21357
"<emphasis>socrates</emphasis> as such:"
21358
msgstr ""
21359
21360
#: serverguide/C/file-server.xml:562(screen)
21361
#, no-wrap
21362
msgid ""
21363
"\n"
21364
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21365
msgstr ""
21366
21367
#: serverguide/C/file-server.xml:566(para)
21368
msgid ""
21369
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21370
"instead, as in:"
21371
msgstr ""
21372
21373
#: serverguide/C/file-server.xml:568(screen)
21374
#, no-wrap
21375
msgid ""
21376
"\n"
21377
"Port 631 # Listen on port 631 on all interfaces\n"
21378
msgstr ""
21379
21380
#: serverguide/C/file-server.xml:575(para)
21381
msgid ""
21382
"For more examples of configuration directives in the CUPS server "
21383
"configuration file, view the associated system manual page by entering the "
21384
"following command at a terminal prompt:"
21385
msgstr ""
21386
21387
#: serverguide/C/file-server.xml:582(command)
21388
msgid "man cupsd.conf"
21389
msgstr ""
21390
21391
#: serverguide/C/file-server.xml:586(para)
21392
msgid ""
21393
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21394
"configuration file, you'll need to restart the CUPS server by typing the "
21395
"following command at a terminal prompt:"
21396
msgstr ""
21397
21398
#: serverguide/C/file-server.xml:592(command)
21399
msgid "sudo /etc/init.d/cups restart"
21400
msgstr ""
21401
21402
#: serverguide/C/file-server.xml:598(title)
21403
msgid "Web Interface"
21404
msgstr ""
21405
21406
#: serverguide/C/file-server.xml:600(para)
21407
msgid ""
21408
"CUPS can be configured and monitored using a web interface, which by default "
21409
"is available at <ulink "
21410
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21411
"web interface can be used to perform all printer management tasks."
21412
msgstr ""
21413
21414
#: serverguide/C/file-server.xml:604(para)
21415
msgid ""
21416
"In order to perform administrative tasks via the web interface, you must "
21417
"either have the root account enabled on your server, or authenticate as a "
21418
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21419
"reasons, CUPS won't authenticate a user that doesn't have a password."
21420
msgstr ""
21421
21422
#: serverguide/C/file-server.xml:607(para)
21423
msgid ""
21424
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21425
"at the terminal prompt: <screen>\n"
21426
"<command>sudo usermod -aG lpadmin username</command>\n"
21427
"</screen>"
21428
msgstr ""
21429
21430
#: serverguide/C/file-server.xml:613(para)
21431
msgid ""
21432
"Further documentation is available in the <emphasis "
21433
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21434
msgstr ""
21435
21436
#: serverguide/C/file-server.xml:621(ulink)
21437
msgid "CUPS Website"
21438
msgstr ""
21439
21440
#: serverguide/C/file-server.xml:624(ulink)
21441
msgid "Ubuntu Wiki CUPS page"
21442
msgstr ""
21443
21444
#: serverguide/C/dns.xml:13(title)
21445
msgid "Domain Name Service (DNS)"
21446
msgstr ""
21447
21448
#: serverguide/C/dns.xml:14(para)
21449
msgid ""
21450
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21451
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21452
"alleviates the need to remember IP addresses. Computers that run DNS are "
21453
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21454
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21455
"common program used for maintaining a name server on Linux."
21456
msgstr ""
21457
21458
#: serverguide/C/dns.xml:24(para)
21459
msgid ""
21460
"At a terminal prompt, enter the following command to install "
21461
"<application>dns</application>:"
21462
msgstr ""
21463
21464
#: serverguide/C/dns.xml:28(command)
21465
msgid "sudo apt-get install bind9"
21466
msgstr ""
21467
21468
#: serverguide/C/dns.xml:30(para)
21469
msgid ""
21470
"A very useful package for testing and troubleshooting DNS issues is the "
21471
"dnsutils package. To install <application>dnsutils</application> enter the "
21472
"following:"
21473
msgstr ""
21474
21475
#: serverguide/C/dns.xml:35(command)
21476
msgid "sudo apt-get install dnsutils"
21477
msgstr ""
21478
21479
#: serverguide/C/dns.xml:40(para)
21480
msgid ""
21481
"There are many ways to configure <application>BIND9</application>. Some of "
21482
"the most common configurations are a caching nameserver, primary master, and "
21483
"as a secondary master."
21484
msgstr ""
21485
21486
#: serverguide/C/dns.xml:46(para)
21487
msgid ""
21488
"When configured as a caching nameserver BIND9 will find the answer to name "
21489
"queries and remember the answer when the domain is queried again."
21490
msgstr ""
21491
21492
#: serverguide/C/dns.xml:52(para)
21493
msgid ""
21494
"As a primary master server BIND9 reads the data for a zone from a file on "
21495
"it's host and is authoritative for that zone."
21496
msgstr ""
21497
21498
#: serverguide/C/dns.xml:57(para)
21499
msgid ""
21500
"In a secondary master configuration BIND9 gets the zone data from another "
21501
"nameserver authoritative for the zone."
21502
msgstr ""
21503
21504
#: serverguide/C/dns.xml:65(para)
21505
msgid ""
21506
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21507
"directory. The primary configuration file is "
21508
"<filename>/etc/bind/named.conf</filename>."
21509
msgstr ""
21510
21511
#: serverguide/C/dns.xml:72(para)
21512
msgid ""
21513
"The <emphasis>include</emphasis> line specifies the filename which contains "
21514
"the DNS options. The <emphasis>directory</emphasis> line in the "
21515
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21516
"look for files. All files BIND uses will be relative to this directory."
21517
msgstr ""
21518
21519
#: serverguide/C/dns.xml:80(para)
21520
msgid ""
21521
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21522
"nameservers in the world. The servers change over time, so the "
21523
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21524
"This is usually done as updates to the <application>bind9</application> "
21525
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21526
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21527
msgstr ""
21528
21529
#: serverguide/C/dns.xml:90(para)
21530
msgid ""
21531
"It is possible to configure the same server to be a caching name server, "
21532
"primary master, and secondary master. A server can be the Start of Authority "
21533
"(SOA) for one zone, while providing secondary service for another zone. All "
21534
"the while providing caching services for hosts on the local LAN."
21535
msgstr ""
21536
21537
#: serverguide/C/dns.xml:98(title)
21538
msgid "Caching Nameserver"
21539
msgstr ""
21540
21541
#: serverguide/C/dns.xml:99(para)
21542
msgid ""
21543
"The default configuration is setup to act as a caching server. All that is "
21544
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21545
"uncomment and edit the following in "
21546
"<filename>/etc/bind/named.conf.options</filename>:"
21547
msgstr ""
21548
21549
#: serverguide/C/dns.xml:103(programlisting)
21550
#, no-wrap
21551
msgid ""
21552
"\n"
21553
"forwarders {\n"
21554
" 1.2.3.4;\n"
21555
" 5.6.7.8;\n"
21556
" };\n"
21557
msgstr ""
21558
21559
#: serverguide/C/dns.xml:110(para)
21560
msgid ""
21561
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21562
"the IP Adresses of actual nameservers."
21563
msgstr ""
21564
21565
#: serverguide/C/dns.xml:114(para)
21566
msgid ""
21567
"Now restart the DNS server, to enable the new configuration. From a terminal "
21568
"prompt:"
21569
msgstr ""
21570
21571
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21572
msgid "sudo /etc/init.d/bind9 restart"
21573
msgstr ""
21574
21575
#: serverguide/C/dns.xml:120(para)
21576
msgid ""
21577
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21578
"DNS server."
21579
msgstr ""
21580
21581
#: serverguide/C/dns.xml:125(title)
21582
msgid "Primary Master"
21583
msgstr ""
21584
21585
#: serverguide/C/dns.xml:126(para)
21586
msgid ""
21587
"In this section <application>BIND9</application> will be configured as the "
21588
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21589
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21590
"(Fully Qualified Domain Name)."
21591
msgstr ""
21592
21593
#: serverguide/C/dns.xml:132(title)
21594
msgid "Forward Zone File"
21595
msgstr ""
21596
21597
#: serverguide/C/dns.xml:133(para)
21598
msgid ""
21599
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21600
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21601
msgstr ""
21602
21603
#: serverguide/C/dns.xml:137(programlisting)
21604
#, no-wrap
21605
msgid ""
21606
"\n"
21607
"zone \"example.com\" {\n"
21608
"\ttype master;\n"
21609
" file \"/etc/bind/db.example.com\";\n"
21610
"};\n"
21611
msgstr ""
21612
21613
#: serverguide/C/dns.xml:143(para)
21614
msgid ""
21615
"Now use an existing zone file as a template to create the "
21616
"<filename>/etc/bind/db.example.com</filename> file:"
21617
msgstr ""
21618
21619
#: serverguide/C/dns.xml:147(command)
21620
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21621
msgstr ""
21622
21623
#: serverguide/C/dns.xml:149(para)
21624
msgid ""
21625
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21626
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21627
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21628
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21629
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21630
"leaving the \".\" at the end."
21631
msgstr ""
21632
21633
#: serverguide/C/dns.xml:155(para)
21634
msgid ""
21635
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21636
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21637
msgstr ""
21638
21639
#: serverguide/C/dns.xml:159(programlisting)
21640
#, no-wrap
21641
msgid ""
21642
"\n"
21643
";\n"
21644
"; BIND data file for local loopback interface\n"
21645
";\n"
21646
"$TTL 604800\n"
21647
"@ IN SOA ns.example.com. root.example.com. (\n"
21648
" 2 ; Serial\n"
21649
" 604800 ; Refresh\n"
21650
" 86400 ; Retry\n"
21651
" 2419200 ; Expire\n"
21652
" 604800 ) ; Negative Cache TTL\n"
21653
";\n"
21654
"@ IN NS ns.example.com.\n"
21655
"@ IN A 127.0.0.1\n"
21656
"@ IN AAAA ::1\n"
21657
"ns IN A 192.168.1.10\n"
21658
msgstr ""
21659
21660
#: serverguide/C/dns.xml:176(para)
21661
msgid ""
21662
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21663
"make changes to the zone file. If you make multiple changes before "
21664
"restarting BIND9, simply increment the Serial once."
21665
msgstr ""
21666
21667
#: serverguide/C/dns.xml:180(para)
21668
msgid ""
21669
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21670
"linkend=\"dns-record-types\"/> for details."
21671
msgstr ""
21672
21673
#: serverguide/C/dns.xml:184(para)
21674
msgid ""
21675
"Many admins like to use the last date edited as the serial of a zone, such "
21676
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21677
"<emphasis>ss</emphasis> is the Serial Number)"
21678
msgstr ""
21679
21680
#: serverguide/C/dns.xml:189(para)
21681
msgid ""
21682
"Once you have made a change to the zone file "
21683
"<application>BIND9</application> will need to be restarted for the changes "
21684
"to take effect:"
21685
msgstr ""
21686
21687
#: serverguide/C/dns.xml:198(title)
21688
msgid "Reverse Zone File"
21689
msgstr ""
21690
21691
#: serverguide/C/dns.xml:199(para)
21692
msgid ""
21693
"Now that the zone is setup and resolving names to IP Adresses a "
21694
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21695
"DNS to resolve an address to a name."
21696
msgstr ""
21697
21698
#: serverguide/C/dns.xml:203(para)
21699
msgid "Edit /etc/bind/named.conf.local and add the following:"
21700
msgstr ""
21701
21702
#: serverguide/C/dns.xml:206(programlisting)
21703
#, no-wrap
21704
msgid ""
21705
"\n"
21706
"zone \"1.168.192.in-addr.arpa\" {\n"
21707
" type master;\n"
21708
" notify no;\n"
21709
" file \"/etc/bind/db.192\";\n"
21710
"};\n"
21711
msgstr ""
21712
21713
#: serverguide/C/dns.xml:214(para)
21714
msgid ""
21715
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21716
"whatever network you are using. Also, name the zone file "
21717
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21718
"first octet of your network."
21719
msgstr ""
21720
21721
#: serverguide/C/dns.xml:219(para)
21722
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21723
msgstr ""
21724
21725
#: serverguide/C/dns.xml:223(command)
21726
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21727
msgstr ""
21728
21729
#: serverguide/C/dns.xml:225(para)
21730
msgid ""
21731
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21732
"same options as <filename>/etc/bind/db.example.com</filename>:"
21733
msgstr ""
21734
21735
#: serverguide/C/dns.xml:229(programlisting)
21736
#, no-wrap
21737
msgid ""
21738
"\n"
21739
";\n"
21740
"; BIND reverse data file for local loopback interface\n"
21741
";\n"
21742
"$TTL 604800\n"
21743
"@ IN SOA ns.example.com. root.example.com. (\n"
21744
" 2 ; Serial\n"
21745
" 604800 ; Refresh\n"
21746
" 86400 ; Retry\n"
21747
" 2419200 ; Expire\n"
21748
" 604800 ) ; Negative Cache TTL\n"
21749
";\n"
21750
"@ IN NS ns.\n"
21751
"10 IN PTR ns.example.com.\n"
21752
msgstr ""
21753
21754
#: serverguide/C/dns.xml:244(para)
21755
msgid ""
21756
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21757
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21758
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21759
"create a <emphasis>PTR record</emphasis> in "
21760
"<filename>/etc/bind/db.192</filename>."
21761
msgstr ""
21762
21763
#: serverguide/C/dns.xml:249(para)
21764
msgid ""
21765
"After creating the reverse zone file restart "
21766
"<application>BIND9</application>:"
21767
msgstr ""
21768
21769
#: serverguide/C/dns.xml:258(title)
21770
msgid "Secondary Master"
21771
msgstr ""
21772
21773
#: serverguide/C/dns.xml:259(para)
21774
msgid ""
21775
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21776
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21777
"availability of the domain should the Primary become unavailable."
21778
msgstr ""
21779
21780
#: serverguide/C/dns.xml:263(para)
21781
msgid ""
21782
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21783
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21784
"and Reverse zone definitions in "
21785
"<filename>/etc/bind/named.conf.local</filename>:"
21786
msgstr ""
21787
21788
#: serverguide/C/dns.xml:267(programlisting)
21789
#, no-wrap
21790
msgid ""
21791
"\n"
21792
"zone \"example.com\" {\n"
21793
" type master;\n"
21794
"\tfile \"/etc/bind/db.example.com\";\n"
21795
" allow-transfer { 192.168.1.11; };\n"
21796
"};\n"
21797
"\n"
21798
"zone \"1.168.192.in-addr.arpa\" {\n"
21799
" type master;\n"
21800
" notify no;\n"
21801
" file \"/etc/bind/db.192\";\n"
21802
"\tallow-transfer { 192.168.1.11; };\n"
21803
"};\n"
21804
msgstr ""
21805
21806
#: serverguide/C/dns.xml:282(para)
21807
msgid ""
21808
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21809
"Secondary nameserver."
21810
msgstr ""
21811
21812
#: serverguide/C/dns.xml:286(para)
21813
msgid ""
21814
"Next, on the Secondary Master, install the <application>bind9</application> "
21815
"package the same way as on the Primary. Then edit the "
21816
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21817
"declarations for the Forward and Reverse zones:"
21818
msgstr ""
21819
21820
#: serverguide/C/dns.xml:290(programlisting)
21821
#, no-wrap
21822
msgid ""
21823
"\n"
21824
"zone \"example.com\" {\n"
21825
"\ttype slave;\n"
21826
" file \"/var/cache/bind/db.example.com\";\n"
21827
" masters { 192.168.1.10; };\n"
21828
"}; \n"
21829
" \n"
21830
"zone \"1.168.192.in-addr.arpa\" {\n"
21831
"\ttype slave;\n"
21832
" file \"/var/cache/bind/db.192\";\n"
21833
" masters { 192.168.1.10; };\n"
21834
"};\n"
21835
msgstr ""
21836
21837
#: serverguide/C/dns.xml:304(para)
21838
msgid ""
21839
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21840
"Primary nameserver."
21841
msgstr ""
21842
21843
#: serverguide/C/dns.xml:308(para)
21844
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21845
msgstr ""
21846
21847
#: serverguide/C/dns.xml:314(para)
21848
msgid ""
21849
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21850
msgstr ""
21851
21852
#: serverguide/C/dns.xml:317(programlisting)
21853
#, no-wrap
21854
msgid ""
21855
"\n"
21856
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21857
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21858
msgstr ""
21859
21860
#: serverguide/C/dns.xml:322(para)
21861
msgid ""
21862
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21863
"on the Primary is larger than the one on the Secondary."
21864
msgstr ""
21865
21866
#: serverguide/C/dns.xml:328(para)
21867
msgid ""
21868
"The default directory for non-authoritative zone files is "
21869
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21870
"<application>AppArmor</application> to allow the "
21871
"<application>named</application> daemon to write to it. For more information "
21872
"on AppArmor see <xref linkend=\"apparmor\"/>."
21873
msgstr ""
21874
21875
#: serverguide/C/dns.xml:339(para)
21876
msgid ""
21877
"This section covers ways to help determine the cause when problems happen "
21878
"with DNS and <application>BIND9</application>."
21879
msgstr ""
21880
21881
#: serverguide/C/dns.xml:345(title)
21882
msgid "resolv.conf"
21883
msgstr ""
21884
21885
#: serverguide/C/dns.xml:346(para)
21886
msgid ""
21887
"The first step in testing <application>BIND9</application> is to add the "
21888
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
21889
"be configured as well as another host to double check things. Simply edit "
21890
"<filename>/etc/resolv.conf</filename> and add the following:"
21891
msgstr ""
21892
21893
#: serverguide/C/dns.xml:351(programlisting)
21894
#, no-wrap
21895
msgid ""
21896
"\n"
21897
"nameserver\t192.168.1.10\n"
21898
"nameserver\t192.168.1.11\n"
21899
msgstr ""
21900
21901
#: serverguide/C/dns.xml:356(para)
21902
msgid ""
21903
"You should also add the IP Address of the Secondary nameserver in case the "
21904
"Primary becomes unavailable."
21905
msgstr ""
21906
21907
#: serverguide/C/dns.xml:362(title)
21908
msgid "dig"
21909
msgstr ""
21910
21911
#: serverguide/C/dns.xml:363(para)
21912
msgid ""
21913
"If you installed the <application>dnsutils</application> package you can "
21914
"test your setup using the DNS lookup utility <application>dig</application>:"
21915
msgstr ""
21916
21917
#: serverguide/C/dns.xml:369(para)
21918
msgid ""
21919
"After installing <application>BIND9</application> use "
21920
"<application>dig</application> against the loopback interface to make sure "
21921
"it is listening on port 53. From a terminal prompt:"
21922
msgstr ""
21923
21924
#: serverguide/C/dns.xml:374(command)
21925
msgid "dig -x 127.0.0.1"
21926
msgstr ""
21927
21928
#: serverguide/C/dns.xml:376(para)
21929
msgid "You should see lines similar to the following in the command output:"
21930
msgstr ""
21931
21932
#: serverguide/C/dns.xml:379(programlisting)
21933
#, no-wrap
21934
msgid ""
21935
"\n"
21936
";; Query time: 1 msec\n"
21937
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
21938
msgstr ""
21939
21940
#: serverguide/C/dns.xml:385(para)
21941
msgid ""
21942
"If you have configured <application>BIND9</application> as a "
21943
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
21944
"the query time:"
21945
msgstr ""
21946
21947
#: serverguide/C/dns.xml:390(command)
21948
msgid "dig ubuntu.com"
21949
msgstr ""
21950
21951
#: serverguide/C/dns.xml:392(para)
21952
msgid "Note the query time toward the end of the command output:"
21953
msgstr ""
21954
21955
#: serverguide/C/dns.xml:395(programlisting)
21956
#, no-wrap
21957
msgid ""
21958
"\n"
21959
";; Query time: 49 msec\n"
21960
msgstr ""
21961
21962
#: serverguide/C/dns.xml:398(para)
21963
msgid "After a second dig there should be improvement:"
21964
msgstr ""
21965
21966
#: serverguide/C/dns.xml:401(programlisting)
21967
#, no-wrap
21968
msgid ""
21969
"\n"
21970
";; Query time: 1 msec\n"
21971
msgstr ""
21972
21973
#: serverguide/C/dns.xml:408(title)
21974
msgid "ping"
21975
msgstr ""
21976
21977
#: serverguide/C/dns.xml:410(para)
21978
msgid ""
21979
"Now to demonstrate how applications make use of DNS to resolve a host name "
21980
"use the <application>ping</application> utility to send an ICMP echo "
21981
"request. From a terminal prompt enter:"
21982
msgstr ""
21983
21984
#: serverguide/C/dns.xml:416(command)
21985
msgid "ping example.com"
21986
msgstr ""
21987
21988
#: serverguide/C/dns.xml:418(para)
21989
msgid ""
21990
"This tests if the nameserver can resolve the name "
21991
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
21992
"should resemble:"
21993
msgstr ""
21994
21995
#: serverguide/C/dns.xml:422(programlisting)
21996
#, no-wrap
21997
msgid ""
21998
"\n"
21999
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22000
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22001
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22002
msgstr ""
22003
22004
#: serverguide/C/dns.xml:429(title)
22005
msgid "named-checkzone"
22006
msgstr ""
22007
22008
#: serverguide/C/dns.xml:430(para)
22009
msgid ""
22010
"A great way to test your zone files is by using the <application>named-"
22011
"checkzone</application> utility installed with the "
22012
"<application>bind9</application> package. This utility allows you to make "
22013
"sure the configuration is correct before restarting "
22014
"<application>BIND9</application> and making the changes live."
22015
msgstr ""
22016
22017
#: serverguide/C/dns.xml:437(para)
22018
msgid ""
22019
"To test our example Forward zone file enter the following from a command "
22020
"prompt:"
22021
msgstr ""
22022
22023
#: serverguide/C/dns.xml:441(command)
22024
msgid "named-checkzone example.com /etc/bind/db.example.com"
22025
msgstr ""
22026
22027
#: serverguide/C/dns.xml:443(para)
22028
msgid ""
22029
"If everything is configured correctly you should see output similar to:"
22030
msgstr ""
22031
22032
#: serverguide/C/dns.xml:446(programlisting)
22033
#, no-wrap
22034
msgid ""
22035
"\n"
22036
"zone example.com/IN: loaded serial 6\n"
22037
"OK\n"
22038
msgstr ""
22039
22040
#: serverguide/C/dns.xml:452(para)
22041
msgid "Similarly, to test the Reverse zone file enter the following:"
22042
msgstr ""
22043
22044
#: serverguide/C/dns.xml:456(command)
22045
msgid "named-checkzone example.com /etc/bind/db.192"
22046
msgstr ""
22047
22048
#: serverguide/C/dns.xml:458(para)
22049
msgid "The output should be similar to:"
22050
msgstr ""
22051
22052
#: serverguide/C/dns.xml:461(programlisting)
22053
#, no-wrap
22054
msgid ""
22055
"\n"
22056
"zone example.com/IN: loaded serial 3\n"
22057
"OK\n"
22058
msgstr ""
22059
22060
#: serverguide/C/dns.xml:468(para)
22061
msgid ""
22062
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22063
"different."
22064
msgstr ""
22065
22066
#: serverguide/C/dns.xml:475(title)
22067
msgid "Logging"
22068
msgstr ""
22069
22070
#: serverguide/C/dns.xml:476(para)
22071
msgid ""
22072
"<application>BIND9</application> has a wide variety of logging configuration "
22073
"options available. There are two main options. The "
22074
"<emphasis>channel</emphasis> option configures where logs go, and the "
22075
"<emphasis>category</emphasis> option determines what information to log."
22076
msgstr ""
22077
22078
#: serverguide/C/dns.xml:480(para)
22079
msgid "If no logging option is configured the default option is:"
22080
msgstr ""
22081
22082
#: serverguide/C/dns.xml:483(programlisting)
22083
#, no-wrap
22084
msgid ""
22085
"\n"
22086
"logging {\n"
22087
" category default { default_syslog; default_debug; };\n"
22088
" category unmatched { null; };\n"
22089
"};\n"
22090
msgstr ""
22091
22092
#: serverguide/C/dns.xml:489(para)
22093
msgid ""
22094
"This section covers configuring <application>BIND9</application> to send "
22095
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22096
"file."
22097
msgstr ""
22098
22099
#: serverguide/C/dns.xml:494(para)
22100
msgid ""
22101
"First, we need to configure a channel to specify which file to send the "
22102
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22103
"the following:"
22104
msgstr ""
22105
22106
#: serverguide/C/dns.xml:498(programlisting)
22107
#, no-wrap
22108
msgid ""
22109
"\n"
22110
"logging {\n"
22111
" channel query.log { \n"
22112
" file \"/var/log/query.log\";\n"
22113
" severity debug 3; \n"
22114
" }; \n"
22115
"};\n"
22116
msgstr ""
22117
22118
#: serverguide/C/dns.xml:508(para)
22119
msgid "Next, configure a category to send all DNS queries to the query file:"
22120
msgstr ""
22121
22122
#: serverguide/C/dns.xml:511(programlisting)
22123
#, no-wrap
22124
msgid ""
22125
"\n"
22126
"logging {\n"
22127
" channel query.log { \n"
22128
" file \"/var/log/query.log\"; \n"
22129
" severity debug 3; \n"
22130
" }; \n"
22131
" <emphasis>category queries { query.log; };</emphasis> \n"
22132
"};\n"
22133
msgstr ""
22134
22135
#: serverguide/C/dns.xml:523(para)
22136
msgid ""
22137
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22138
"level isn't specified level 1 is the default."
22139
msgstr ""
22140
22141
#: serverguide/C/dns.xml:529(para)
22142
msgid ""
22143
"Since the <emphasis>named daemon</emphasis> runs as the "
22144
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22145
"file must be created and the ownership changed:"
22146
msgstr ""
22147
22148
#: serverguide/C/dns.xml:534(command)
22149
msgid "sudo touch /var/log/query.log"
22150
msgstr ""
22151
22152
#: serverguide/C/dns.xml:535(command)
22153
msgid "sudo chown bind /var/log/query.log"
22154
msgstr ""
22155
22156
#: serverguide/C/dns.xml:539(para)
22157
msgid ""
22158
"Before <application>named</application> daemon can write to the new log file "
22159
"the <application>AppArmor</application> profile must be updated. First, edit "
22160
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22161
msgstr ""
22162
22163
#: serverguide/C/dns.xml:543(programlisting)
22164
#, no-wrap
22165
msgid ""
22166
"\n"
22167
"/var/log/query.log w,\n"
22168
msgstr ""
22169
22170
#: serverguide/C/dns.xml:546(para)
22171
msgid "Next, reload the profile:"
22172
msgstr ""
22173
22174
#: serverguide/C/dns.xml:550(command)
22175
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22176
msgstr ""
22177
22178
#: serverguide/C/dns.xml:552(para)
22179
msgid ""
22180
"For more information on <application>AppArmor</application> see <xref "
22181
"linkend=\"apparmor\"/>"
22182
msgstr ""
22183
22184
#: serverguide/C/dns.xml:557(para)
22185
msgid ""
22186
"Now restart <application>BIND9</application> for the changes to take effect:"
22187
msgstr ""
22188
22189
#: serverguide/C/dns.xml:565(para)
22190
msgid ""
22191
"You should see the file <filename>/var/log/query.log</filename> fill with "
22192
"query information. This is a simple example of the "
22193
"<application>BIND9</application> logging options. For coverage of advanced "
22194
"options see <xref linkend=\"dns-more-info\"/>."
22195
msgstr ""
22196
22197
#: serverguide/C/dns.xml:574(title)
22198
msgid "Common Record Types"
22199
msgstr ""
22200
22201
#: serverguide/C/dns.xml:575(para)
22202
msgid "This section covers some of the most common DNS record types."
22203
msgstr ""
22204
22205
#: serverguide/C/dns.xml:580(para)
22206
msgid ""
22207
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22208
msgstr ""
22209
22210
#: serverguide/C/dns.xml:583(programlisting)
22211
#, no-wrap
22212
msgid ""
22213
"\n"
22214
"www IN A 192.168.1.12\n"
22215
msgstr ""
22216
22217
#: serverguide/C/dns.xml:588(para)
22218
msgid ""
22219
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22220
"record. You cannot create a CNAME record pointing to another CNAME record."
22221
msgstr ""
22222
22223
#: serverguide/C/dns.xml:591(programlisting)
22224
#, no-wrap
22225
msgid ""
22226
"\n"
22227
"web IN CNAME www\n"
22228
msgstr ""
22229
22230
#: serverguide/C/dns.xml:596(para)
22231
msgid ""
22232
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22233
"to. Must point to an A record, not a CNAME."
22234
msgstr ""
22235
22236
#: serverguide/C/dns.xml:599(programlisting)
22237
#, no-wrap
22238
msgid ""
22239
"\n"
22240
" IN MX 1 mail.example.com.\n"
22241
"mail IN A 192.168.1.13\n"
22242
msgstr ""
22243
22244
#: serverguide/C/dns.xml:605(para)
22245
msgid ""
22246
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22247
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22248
"Secondary servers are defined."
22249
msgstr ""
22250
22251
#: serverguide/C/dns.xml:609(programlisting)
22252
#, no-wrap
22253
msgid ""
22254
"\n"
22255
" IN NS ns.example.com.\n"
22256
"\tIN NS ns2.example.com.\n"
22257
"ns IN A 192.168.1.10\n"
22258
"ns2\tIN A\t 192.168.1.11\n"
22259
msgstr ""
22260
22261
#: serverguide/C/dns.xml:622(para)
22262
msgid ""
22263
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22264
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22265
msgstr ""
22266
22267
#: serverguide/C/dns.xml:627(para)
22268
msgid ""
22269
"For in depth coverage of <emphasis>DNS</emphasis> and "
22270
"<application>BIND9</application> see <ulink "
22271
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22272
msgstr ""
22273
22274
#: serverguide/C/dns.xml:632(para)
22275
msgid ""
22276
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22277
"BIND</ulink> is a popular book now in it's fifth edition."
22278
msgstr ""
22279
22280
#: serverguide/C/dns.xml:637(para)
22281
msgid ""
22282
"A great place to ask for <application>BIND9</application> assistance, and "
22283
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22284
"server</emphasis> IRC channel on <ulink "
22285
"url=\"http://freenode.net\">freenode</ulink>."
22286
msgstr ""
22287
22288
#: serverguide/C/dns.xml:643(para)
22289
msgid ""
22290
"Also, see the <ulink "
22291
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22292
"HOWTO</ulink> in the Ubuntu Wiki."
22293
msgstr ""
22294
22295
#: serverguide/C/databases.xml:13(title)
22296
msgid "Databases"
22297
msgstr ""
22298
22299
#: serverguide/C/databases.xml:14(para)
22300
msgid "Ubuntu provides two popular database servers. They are:"
22301
msgstr ""
22302
22303
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22304
msgid "PostgreSQL"
22305
msgstr ""
22306
22307
#: serverguide/C/databases.xml:25(para)
22308
msgid ""
22309
"They are available in the main repository. This section explains how to "
22310
"install and configure these database servers."
22311
msgstr ""
22312
22313
#: serverguide/C/databases.xml:32(para)
22314
msgid ""
22315
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22316
"It is intended for mission-critical, heavy-load production systems as well "
22317
"as for embedding into mass-deployed software."
22318
msgstr ""
22319
22320
#: serverguide/C/databases.xml:41(para)
22321
msgid "To install MySQL, run the following command from a terminal prompt:"
22322
msgstr ""
22323
22324
#: serverguide/C/databases.xml:46(command)
22325
msgid "sudo apt-get install mysql-server"
22326
msgstr ""
22327
22328
#: serverguide/C/databases.xml:48(para)
22329
msgid ""
22330
"During the installation process you will be prompted to enter a password for "
22331
"the <application>MySQL</application> root user."
22332
msgstr ""
22333
22334
#: serverguide/C/databases.xml:53(para)
22335
msgid ""
22336
"Once the installation is complete, the MySQL server should be started "
22337
"automatically. You can run the following command from a terminal prompt to "
22338
"check whether the MySQL server is running:"
22339
msgstr ""
22340
22341
#: serverguide/C/databases.xml:61(command)
22342
msgid "sudo netstat -tap | grep mysql"
22343
msgstr ""
22344
22345
#: serverguide/C/databases.xml:70(programlisting)
22346
#, no-wrap
22347
msgid ""
22348
"\n"
22349
"tcp 0 0 localhost:mysql *:* LISTEN "
22350
" 2556/mysqld\n"
22351
msgstr ""
22352
22353
#: serverguide/C/databases.xml:74(para)
22354
msgid ""
22355
"If the server is not running correctly, you can type the following command "
22356
"to start it:"
22357
msgstr ""
22358
22359
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22360
msgid "sudo /etc/init.d/mysql restart"
22361
msgstr ""
22362
22363
#: serverguide/C/databases.xml:85(para)
22364
msgid ""
22365
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22366
"the basic settings -- log file, port number, etc. For example, to configure "
22367
"<application>MySQL</application> to listen for connections from network "
22368
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22369
"server's IP address:"
22370
msgstr ""
22371
22372
#: serverguide/C/databases.xml:91(programlisting)
22373
#, no-wrap
22374
msgid ""
22375
"\n"
22376
"bind-address = 192.168.0.5\n"
22377
msgstr ""
22378
22379
#: serverguide/C/databases.xml:95(para)
22380
msgid "Replace 192.168.0.5 with the appropriate address."
22381
msgstr ""
22382
22383
#: serverguide/C/databases.xml:99(para)
22384
msgid ""
22385
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22386
"<application>mysql</application> daemon will need to be restarted:"
22387
msgstr ""
22388
22389
#: serverguide/C/databases.xml:107(para)
22390
msgid ""
22391
"If you would like to change the "
22392
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22393
"terminal enter:"
22394
msgstr ""
22395
22396
#: serverguide/C/databases.xml:113(command)
22397
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22398
msgstr ""
22399
22400
#: serverguide/C/databases.xml:116(para)
22401
msgid ""
22402
"The <application>mysql</application> daemon will be stopped, and you will be "
22403
"prompted to enter a new password."
22404
msgstr ""
22405
22406
#: serverguide/C/databases.xml:125(para)
22407
msgid ""
22408
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22409
"more information."
22410
msgstr ""
22411
22412
#: serverguide/C/databases.xml:130(para)
22413
msgid ""
22414
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22415
"<application>mysql-doc-5.0</application> package. To install the package "
22416
"enter the following in a terminal:"
22417
msgstr ""
22418
22419
#: serverguide/C/databases.xml:135(command)
22420
msgid "sudo apt-get install mysql-doc-5.0"
22421
msgstr ""
22422
22423
#: serverguide/C/databases.xml:137(para)
22424
msgid ""
22425
"The documentation is in HTML format, to view them enter "
22426
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22427
"chapter/index.html</command> in your browser's address bar."
22428
msgstr ""
22429
22430
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22431
msgid ""
22432
"For general SQL information see <ulink "
22433
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22434
"Special Edition</ulink> by Rafe Colburn."
22435
msgstr ""
22436
22437
#: serverguide/C/databases.xml:149(para)
22438
msgid ""
22439
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22440
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22441
msgstr ""
22442
22443
#: serverguide/C/databases.xml:158(para)
22444
msgid ""
22445
"PostgreSQL is an object-relational database system that has the features of "
22446
"traditional commercial database systems with enhancements to be found in "
22447
"next-generation DBMS systems."
22448
msgstr ""
22449
22450
#: serverguide/C/databases.xml:165(para)
22451
msgid ""
22452
"To install PostgreSQL, run the following command in the command prompt:"
22453
msgstr ""
22454
22455
#: serverguide/C/databases.xml:172(command)
22456
msgid "sudo apt-get install postgresql"
22457
msgstr ""
22458
22459
#: serverguide/C/databases.xml:176(para)
22460
msgid ""
22461
"Once the installation is complete, you should configure the PostgreSQL "
22462
"server based on your needs, although the default configuration is viable."
22463
msgstr ""
22464
22465
#: serverguide/C/databases.xml:184(para)
22466
msgid ""
22467
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22468
"client authentication methods. By default, IDENT authentication method is "
22469
"used for <application>postgres</application> and local users. Please refer "
22470
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22471
"PostgreSQL Administrator's Guide</ulink>."
22472
msgstr ""
22473
22474
#: serverguide/C/databases.xml:191(para)
22475
msgid ""
22476
"The following discussion assumes that you wish to enable TCP/IP connections "
22477
"and use the MD5 method for client authentication. PostgreSQL configuration "
22478
"files are stored in the "
22479
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22480
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22481
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22482
msgstr ""
22483
22484
#: serverguide/C/databases.xml:201(para)
22485
msgid ""
22486
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22487
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22488
msgstr ""
22489
22490
#: serverguide/C/databases.xml:208(para)
22491
msgid ""
22492
"To enable TCP/IP connections, edit the file "
22493
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22494
msgstr ""
22495
22496
#: serverguide/C/databases.xml:210(para)
22497
msgid ""
22498
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22499
"change it to:"
22500
msgstr ""
22501
22502
#: serverguide/C/databases.xml:213(programlisting)
22503
#, no-wrap
22504
msgid ""
22505
"\n"
22506
"listen_addresses = 'localhost'\n"
22507
msgstr ""
22508
22509
#: serverguide/C/databases.xml:217(para)
22510
msgid ""
22511
"To allow other computers to connect to your "
22512
"<application>PostgreSQL</application> server replace 'localhost' with the "
22513
"<emphasis>IP Address</emphasis> of your server."
22514
msgstr ""
22515
22516
#: serverguide/C/databases.xml:222(para)
22517
msgid ""
22518
"You may also edit all other parameters, if you know what you are doing! For "
22519
"details, refer to the configuration file or to the PostgreSQL documentation."
22520
msgstr ""
22521
22522
#: serverguide/C/databases.xml:227(para)
22523
msgid ""
22524
"Now that we can connect to our <application>PostgreSQL</application> server, "
22525
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22526
"user. Run the following command at a terminal prompt to connect to the "
22527
"default PostgreSQL template database:"
22528
msgstr ""
22529
22530
#: serverguide/C/databases.xml:234(command)
22531
msgid "sudo -u postgres psql template1"
22532
msgstr ""
22533
22534
#: serverguide/C/databases.xml:236(para)
22535
msgid ""
22536
"The above command connects to PostgreSQL database "
22537
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22538
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22539
"run the following SQL command at the <application>psql</application> prompt "
22540
"to configure the password for the user <emphasis "
22541
"role=\"italics\">postgres</emphasis>."
22542
msgstr ""
22543
22544
#: serverguide/C/databases.xml:244(command)
22545
msgid "ALTER USER postgres with encrypted password 'your_password';"
22546
msgstr ""
22547
22548
#: serverguide/C/databases.xml:246(para)
22549
msgid ""
22550
"After configuring the password, edit the file "
22551
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22552
"<emphasis>MD5</emphasis> authentication with the "
22553
"<emphasis>postgres</emphasis> user:"
22554
msgstr ""
22555
22556
#: serverguide/C/databases.xml:252(programlisting)
22557
#, no-wrap
22558
msgid ""
22559
"\n"
22560
"local all postgres md5\n"
22561
msgstr ""
22562
22563
#: serverguide/C/databases.xml:256(para)
22564
msgid ""
22565
"Finally, you should restart the <application>PostgreSQL</application> "
22566
"service to initialize the new configuration. From a terminal prompt enter "
22567
"the following to restart <application>PostgreSQL</application>:"
22568
msgstr ""
22569
22570
#: serverguide/C/databases.xml:262(command)
22571
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22572
msgstr ""
22573
22574
#: serverguide/C/databases.xml:265(para)
22575
msgid ""
22576
"The above configuration is not complete by any means. Please refer <ulink "
22577
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22578
"Administrator's Guide</ulink> to configure more parameters."
22579
msgstr ""
22580
22581
#: serverguide/C/databases.xml:276(para)
22582
msgid ""
22583
"As mentioned above the <ulink "
22584
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22585
"Guide</ulink> is an excellent resource. The guide is also available in the "
22586
"<application>postgresql-doc-8.4</application> package. Execute the following "
22587
"in a terminal to install the package:"
22588
msgstr ""
22589
22590
#: serverguide/C/databases.xml:282(command)
22591
msgid "sudo apt-get install postgresql-doc-8.4"
22592
msgstr ""
22593
22594
#: serverguide/C/databases.xml:284(para)
22595
msgid ""
22596
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22597
"8.4/html/index.html</command> into the address bar of your browser."
22598
msgstr ""
22599
22600
#: serverguide/C/databases.xml:296(para)
22601
msgid ""
22602
"Also, see the <ulink "
22603
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22604
"Wiki</ulink> page for more information."
22605
msgstr ""
22606
22607
#: serverguide/C/clustering.xml:13(title)
22608
msgid "Clustering"
22609
msgstr ""
22610
22611
#: serverguide/C/clustering.xml:16(title)
22612
msgid "DRBD"
22613
msgstr ""
22614
22615
#: serverguide/C/clustering.xml:18(para)
22616
msgid ""
22617
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22618
"multiple hosts. The replication is transparent to other applications on the "
22619
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22620
"volumes, etc can be mirrored."
22621
msgstr ""
22622
22623
#: serverguide/C/clustering.xml:24(para)
22624
msgid ""
22625
"To get started using <application>drbd</application>, first install the "
22626
"necessary packages. From a terminal enter:"
22627
msgstr ""
22628
22629
#: serverguide/C/clustering.xml:29(command)
22630
msgid "sudo apt-get install drbd8-utils"
22631
msgstr ""
22632
22633
#: serverguide/C/clustering.xml:33(para)
22634
msgid ""
22635
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22636
"virtual machine you will need to manually compile the "
22637
"<application>drbd</application> module. It may be easier to install the "
22638
"<application>linux-server</application> package inside the virtual machine."
22639
msgstr ""
22640
22641
#: serverguide/C/clustering.xml:40(para)
22642
msgid ""
22643
"This section covers setting up a <application>drbd</application> to "
22644
"replicate a separate <filename>/srv</filename> partition, with an "
22645
"<application>ext3</application> filesystem between two hosts. The partition "
22646
"size is not particularly relevant, but both partitions need to be the same "
22647
"size."
22648
msgstr ""
22649
22650
#: serverguide/C/clustering.xml:49(para)
22651
msgid ""
22652
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22653
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22654
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22655
"See <xref linkend=\"dns\"/> for details."
22656
msgstr ""
22657
22658
#: serverguide/C/clustering.xml:57(para)
22659
msgid ""
22660
"To configure <application>drbd</application>, on the first host edit "
22661
"<filename>/etc/drbd.conf</filename>:"
22662
msgstr ""
22663
22664
#: serverguide/C/clustering.xml:61(programlisting)
22665
#, no-wrap
22666
msgid ""
22667
"\n"
22668
"global { usage-count no; }\n"
22669
"common { syncer { rate 100M; } }\n"
22670
"resource r0 {\n"
22671
" protocol C;\n"
22672
" startup {\n"
22673
" wfc-timeout 15;\n"
22674
" degr-wfc-timeout 60;\n"
22675
" }\n"
22676
" net {\n"
22677
" cram-hmac-alg sha1;\n"
22678
" shared-secret \"secret\";\n"
22679
" }\n"
22680
" on drbd01 {\n"
22681
" device /dev/drbd0;\n"
22682
" disk /dev/sdb1;\n"
22683
" address 192.168.0.1:7788;\n"
22684
" meta-disk internal;\n"
22685
" }\n"
22686
" on drbd02 {\n"
22687
" device /dev/drbd0;\n"
22688
" disk /dev/sdb1;\n"
22689
" address 192.168.0.2:7788;\n"
22690
" meta-disk internal;\n"
22691
" }\n"
22692
"} \n"
22693
msgstr ""
22694
22695
#: serverguide/C/clustering.xml:90(para)
22696
msgid ""
22697
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22698
"this example their default values are fine."
22699
msgstr ""
22700
22701
#: serverguide/C/clustering.xml:98(para)
22702
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22703
msgstr ""
22704
22705
#: serverguide/C/clustering.xml:103(command)
22706
msgid "scp /etc/drbd.conf drbd02:~"
22707
msgstr ""
22708
22709
#: serverguide/C/clustering.xml:109(para)
22710
msgid ""
22711
"And, on <emphasis>drbd02</emphasis> move the file to "
22712
"<filename>/etc</filename>:"
22713
msgstr ""
22714
22715
#: serverguide/C/clustering.xml:114(command)
22716
msgid "sudo mv drbd.conf /etc/"
22717
msgstr ""
22718
22719
#: serverguide/C/clustering.xml:120(para)
22720
msgid ""
22721
"Next, on both hosts, start the <application>drbd</application> daemon:"
22722
msgstr ""
22723
22724
#: serverguide/C/clustering.xml:125(command)
22725
msgid "sudo /etc/init.d/drbd start"
22726
msgstr ""
22727
22728
#: serverguide/C/clustering.xml:131(para)
22729
msgid ""
22730
"Now using the <application>drbdadm</application> utility initialize the meta "
22731
"data storage. On each server execute:"
22732
msgstr ""
22733
22734
#: serverguide/C/clustering.xml:137(command)
22735
msgid "sudo drbdadm create-md r0"
22736
msgstr ""
22737
22738
#: serverguide/C/clustering.xml:143(para)
22739
msgid ""
22740
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22741
"primary, enter the following:"
22742
msgstr ""
22743
22744
#: serverguide/C/clustering.xml:148(command)
22745
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22746
msgstr ""
22747
22748
#: serverguide/C/clustering.xml:154(para)
22749
msgid ""
22750
"After executing the above command, the data will start syncing with the "
22751
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22752
"the following:"
22753
msgstr ""
22754
22755
#: serverguide/C/clustering.xml:160(command)
22756
msgid "watch -n1 cat /proc/drbd"
22757
msgstr ""
22758
22759
#: serverguide/C/clustering.xml:163(para)
22760
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22761
msgstr ""
22762
22763
#: serverguide/C/clustering.xml:170(para)
22764
msgid ""
22765
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22766
msgstr ""
22767
22768
#: serverguide/C/clustering.xml:175(command)
22769
msgid "sudo mkfs.ext3 /dev/drbd0"
22770
msgstr ""
22771
22772
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22773
msgid "sudo mount /dev/drbd0 /srv"
22774
msgstr ""
22775
22776
#: serverguide/C/clustering.xml:186(para)
22777
msgid ""
22778
"To test that the data is actually syncing between the hosts copy some files "
22779
"on the <emphasis>drbd01</emphasis>, the primary, to "
22780
"<filename>/srv</filename>:"
22781
msgstr ""
22782
22783
#: serverguide/C/clustering.xml:195(para)
22784
msgid "Next, unmount <filename>/srv</filename>:"
22785
msgstr ""
22786
22787
#: serverguide/C/clustering.xml:203(para)
22788
msgid ""
22789
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22790
"<emphasis>secondary</emphasis> role:"
22791
msgstr ""
22792
22793
#: serverguide/C/clustering.xml:208(command)
22794
msgid "sudo drbdadm secondary r0"
22795
msgstr ""
22796
22797
#: serverguide/C/clustering.xml:211(para)
22798
msgid ""
22799
"Now on the <emphasis>secondary</emphasis> server "
22800
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22801
msgstr ""
22802
22803
#: serverguide/C/clustering.xml:216(command)
22804
msgid "sudo drbdadm primary r0"
22805
msgstr ""
22806
22807
#: serverguide/C/clustering.xml:219(para)
22808
msgid "Lastly, mount the partition:"
22809
msgstr ""
22810
22811
#: serverguide/C/clustering.xml:227(para)
22812
msgid ""
22813
"Using <emphasis>ls</emphasis> you should see "
22814
"<filename>/srv/default</filename> copied from the former "
22815
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22816
msgstr ""
22817
22818
#: serverguide/C/clustering.xml:238(para)
22819
msgid ""
22820
"For more information on <application>DRBD</application> see the <ulink "
22821
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22822
msgstr ""
22823
22824
#: serverguide/C/clustering.xml:243(para)
22825
msgid ""
22826
"The <ulink "
22827
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22828
">drbd.conf man page</ulink> contains details on the options not covered in "
22829
"this guide."
22830
msgstr ""
22831
22832
#: serverguide/C/clustering.xml:249(para)
22833
msgid ""
22834
"Also, see the <ulink "
22835
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22836
"rbdadm man page</ulink>."
22837
msgstr ""
22838
22839
#: serverguide/C/clustering.xml:254(para)
22840
msgid ""
22841
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22842
"Wiki</ulink> page also has more information."
22843
msgstr ""
22844
22845
#: serverguide/C/chat.xml:13(title)
22846
msgid "Chat Applications"
22847
msgstr ""
22848
22849
#: serverguide/C/chat.xml:19(para)
22850
msgid ""
22851
"In this section, we will discuss how to install and configure a IRC server, "
22852
"<application>ircd-irc2</application>. We will also discuss how to install "
22853
"and configure Jabber, an instance messaging server."
22854
msgstr ""
22855
22856
#: serverguide/C/chat.xml:28(title)
22857
msgid "IRC Server"
22858
msgstr ""
22859
22860
#: serverguide/C/chat.xml:30(para)
22861
msgid ""
22862
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22863
"explains how to install and configure the original IRC server "
22864
"<application>ircd-irc2</application>."
22865
msgstr ""
22866
22867
#: serverguide/C/chat.xml:39(para)
22868
msgid ""
22869
"To install <application>ircd-irc2</application>, run the following command "
22870
"in the command prompt:"
22871
msgstr ""
22872
22873
#: serverguide/C/chat.xml:45(command)
22874
msgid "sudo apt-get install ircd-irc2"
22875
msgstr ""
22876
22877
#: serverguide/C/chat.xml:48(para)
22878
msgid ""
22879
"The configuration files are stored in <filename>/etc/ircd</filename> "
22880
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22881
"irc2</filename> directory."
22882
msgstr ""
22883
22884
#: serverguide/C/chat.xml:59(para)
22885
msgid ""
22886
"The IRC settings can be done in the configuration file "
22887
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
22888
"this file by editing the following line:"
22889
msgstr ""
22890
22891
#: serverguide/C/chat.xml:64(programlisting)
22892
#, no-wrap
22893
msgid ""
22894
"\n"
22895
"M:irc.localhost::Debian ircd default configuration::000A\n"
22896
msgstr ""
22897
22898
#: serverguide/C/chat.xml:68(para)
22899
msgid ""
22900
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
22901
"you set irc.livecipher.com as IRC host name, please make sure "
22902
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
22903
"name should not be same as the host name."
22904
msgstr ""
22905
22906
#: serverguide/C/chat.xml:75(para)
22907
msgid ""
22908
"The IRC admin details can be configured by editing the following line:"
22909
msgstr ""
22910
22911
#: serverguide/C/chat.xml:80(programlisting)
22912
#, no-wrap
22913
msgid ""
22914
"\n"
22915
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
22916
"Server::IRCnet:\n"
22917
msgstr ""
22918
22919
#: serverguide/C/chat.xml:84(para)
22920
msgid ""
22921
"You should add specific lines to configure the list of IRC ports to listen "
22922
"on, to configure Operator credentials, to configure client authentication, "
22923
"etc. For details, please refer to the example configuration file "
22924
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
22925
msgstr ""
22926
22927
#: serverguide/C/chat.xml:92(para)
22928
msgid ""
22929
"The IRC banner to be displayed in the IRC client, when the user connects to "
22930
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
22931
msgstr ""
22932
22933
#: serverguide/C/chat.xml:97(para)
22934
msgid ""
22935
"After making necessary changes to the configuration file, you can restart "
22936
"the IRC server using following command:"
22937
msgstr ""
22938
22939
#: serverguide/C/chat.xml:101(programlisting)
22940
#, no-wrap
22941
msgid ""
22942
"\n"
22943
"sudo /etc/init.d/ircd-irc2 restart\n"
22944
msgstr ""
22945
22946
#: serverguide/C/chat.xml:109(para)
22947
msgid ""
22948
"You may also be interested to take a look at other IRC servers available in "
22949
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
22950
"<application>ircd-hybrid</application>."
22951
msgstr ""
22952
22953
#: serverguide/C/chat.xml:117(para)
22954
msgid ""
22955
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
22956
"FAQ</ulink> for more details about the IRC Server."
22957
msgstr ""
22958
22959
#: serverguide/C/chat.xml:124(para)
22960
msgid ""
22961
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
22962
"IRCD</ulink> page has more information."
22963
msgstr ""
22964
22965
#: serverguide/C/chat.xml:132(title)
22966
msgid "Jabber Instant Messaging Server"
22967
msgstr ""
22968
22969
#: serverguide/C/chat.xml:134(para)
22970
msgid ""
22971
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
22972
"XMPP, an open standard for instant messaging, and used by many popular "
22973
"applications. This section covers setting up a <emphasis>Jabberd "
22974
"2</emphasis> server on a local LAN. This configuration can also be adapted "
22975
"to providing messaging services to users over the Internet."
22976
msgstr ""
22977
22978
#: serverguide/C/chat.xml:143(para)
22979
msgid "To install <application>jabberd2</application>, in a terminal enter:"
22980
msgstr ""
22981
22982
#: serverguide/C/chat.xml:148(command)
22983
msgid "sudo apt-get install jabberd2"
22984
msgstr ""
22985
22986
#: serverguide/C/chat.xml:155(para)
22987
msgid ""
22988
"A couple of XML configuration files will be used to configure "
22989
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
22990
"authentication. This is a very simple form of authentication. However, "
22991
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
22992
"Postgresql, etc for for user authentication."
22993
msgstr ""
22994
22995
#: serverguide/C/chat.xml:162(para)
22996
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
22997
msgstr ""
22998
22999
#: serverguide/C/chat.xml:166(programlisting)
23000
#, no-wrap
23001
msgid ""
23002
"\n"
23003
" <id>jabber.example.com</id>\n"
23004
msgstr ""
23005
23006
#: serverguide/C/chat.xml:171(para)
23007
msgid ""
23008
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23009
"id, of your server."
23010
msgstr ""
23011
23012
#: serverguide/C/chat.xml:176(para)
23013
msgid "Now in the <storage> section change the <driver> to:"
23014
msgstr ""
23015
23016
#: serverguide/C/chat.xml:180(programlisting)
23017
#, no-wrap
23018
msgid ""
23019
"\n"
23020
" <driver>db</driver>\n"
23021
msgstr ""
23022
23023
#: serverguide/C/chat.xml:184(para)
23024
msgid ""
23025
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23026
"<emphasis><local></emphasis> section change:"
23027
msgstr ""
23028
23029
#: serverguide/C/chat.xml:188(programlisting)
23030
#, no-wrap
23031
msgid ""
23032
"\n"
23033
" <id>jabber.example.com</id>\n"
23034
msgstr ""
23035
23036
#: serverguide/C/chat.xml:192(para)
23037
msgid ""
23038
"And in the <authreg> section adjust the <module> section to:"
23039
msgstr ""
23040
23041
#: serverguide/C/chat.xml:196(programlisting)
23042
#, no-wrap
23043
msgid ""
23044
"\n"
23045
" <module>db</module>\n"
23046
msgstr ""
23047
23048
#: serverguide/C/chat.xml:200(para)
23049
msgid ""
23050
"Finally, restart <application>jabberd2</application> to enable the new "
23051
"settings:"
23052
msgstr ""
23053
23054
#: serverguide/C/chat.xml:205(command)
23055
msgid "sudo /etc/init.d/jabberd2 restart"
23056
msgstr ""
23057
23058
#: serverguide/C/chat.xml:208(para)
23059
msgid ""
23060
"You should now be able to connect to the server using a Jabber client like "
23061
"<application>Pidgin</application> for example."
23062
msgstr ""
23063
23064
#: serverguide/C/chat.xml:213(para)
23065
msgid ""
23066
"The advantage of using Berkeley DB for user data is that after being "
23067
"configured no additional maintenance is required. If you need more control "
23068
"over user accounts and credentials another authentication method is "
23069
"recommended."
23070
msgstr ""
23071
23072
#: serverguide/C/chat.xml:225(para)
23073
msgid ""
23074
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23075
"Site</ulink> contains more details on configuring "
23076
"<application>Jabberd2</application>."
23077
msgstr ""
23078
23079
#: serverguide/C/chat.xml:231(para)
23080
msgid ""
23081
"For more authentication options see the <ulink "
23082
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23083
"Guide</ulink>."
23084
msgstr ""
23085
23086
#: serverguide/C/chat.xml:236(para)
23087
msgid ""
23088
"Also, the <ulink "
23089
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23090
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23091
msgstr ""
23092
23093
#: serverguide/C/backups.xml:13(title)
23094
msgid "Backups"
23095
msgstr ""
23096
23097
#: serverguide/C/backups.xml:14(para)
23098
msgid ""
23099
"There are many ways to backup an Ubuntu installation. The most important "
23100
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23101
"consisting of what to backup, where to back it up to, and how to restore it."
23102
msgstr ""
23103
23104
#: serverguide/C/backups.xml:18(para)
23105
msgid ""
23106
"The following sections discuss various ways of accomplishing these tasks."
23107
msgstr ""
23108
23109
#: serverguide/C/backups.xml:22(title)
23110
msgid "Shell Scripts"
23111
msgstr ""
23112
23113
#: serverguide/C/backups.xml:23(para)
23114
msgid ""
23115
"One of the simplest ways to backup a system is using a <emphasis>shell "
23116
"script</emphasis>. For example, a script can be used to configure which "
23117
"directories to backup, and use those directories as arguments to the "
23118
"<application>tar</application> utility creating an archive file. The archive "
23119
"file can then be moved or copied to another location. The archive can also "
23120
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23121
msgstr ""
23122
23123
#: serverguide/C/backups.xml:29(para)
23124
msgid ""
23125
"The <application>tar</application> utility creates one archive file out of "
23126
"many files or directories. <application>tar</application> can also filter "
23127
"the files through compression utilities reducing the size of the archive "
23128
"file."
23129
msgstr ""
23130
23131
#: serverguide/C/backups.xml:35(title)
23132
msgid "Simple Shell Script"
23133
msgstr ""
23134
23135
#: serverguide/C/backups.xml:36(para)
23136
msgid ""
23137
"The following shell script uses <application>tar</application> to create an "
23138
"archive file on a remotely mounted NFS file system. The archive filename is "
23139
"determined using additional command line utilities."
23140
msgstr ""
23141
23142
#: serverguide/C/backups.xml:40(programlisting)
23143
#, no-wrap
23144
msgid ""
23145
"\n"
23146
"#!/bin/sh\n"
23147
"####################################\n"
23148
"#\n"
23149
"# Backup to NFS mount script.\n"
23150
"#\n"
23151
"####################################\n"
23152
"\n"
23153
"# What to backup. \n"
23154
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23155
"\n"
23156
"# Where to backup to.\n"
23157
"dest=\"/mnt/backup\"\n"
23158
"\n"
23159
"# Create archive filename.\n"
23160
"day=$(date +%A)\n"
23161
"hostname=$(hostname -s)\n"
23162
"archive_file=\"$hostname-$day.tgz\"\n"
23163
"\n"
23164
"# Print start status message.\n"
23165
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23166
"date\n"
23167
"echo\n"
23168
"\n"
23169
"# Backup the files using tar.\n"
23170
"tar czf $dest/$archive_file $backup_files\n"
23171
"\n"
23172
"# Print end status message.\n"
23173
"echo\n"
23174
"echo \"Backup finished\"\n"
23175
"date\n"
23176
"\n"
23177
"# Long listing of files in $dest to check file sizes.\n"
23178
"ls -lh $dest\n"
23179
msgstr ""
23180
23181
#: serverguide/C/backups.xml:77(para)
23182
msgid ""
23183
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23184
"would like to backup. The list should be customized to fit your needs."
23185
msgstr ""
23186
23187
#: serverguide/C/backups.xml:83(para)
23188
msgid ""
23189
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23190
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23191
"day of the week, giving a backup history of seven days. There are other ways "
23192
"to accomplish this including other ways using the "
23193
"<application>date</application> utility."
23194
msgstr ""
23195
23196
#: serverguide/C/backups.xml:90(para)
23197
msgid ""
23198
"<emphasis>$hostname:</emphasis> variable containing the "
23199
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23200
"archive filename gives you the option of placing daily archive files from "
23201
"multiple systems in the same directory."
23202
msgstr ""
23203
23204
#: serverguide/C/backups.xml:97(para)
23205
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23206
msgstr ""
23207
23208
#: serverguide/C/backups.xml:102(para)
23209
msgid ""
23210
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23211
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23212
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23213
"details using <emphasis>NFS</emphasis>."
23214
msgstr ""
23215
23216
#: serverguide/C/backups.xml:109(para)
23217
msgid ""
23218
"<emphasis>status messages:</emphasis> optional messages printed to the "
23219
"console using the <application>echo</application> utility."
23220
msgstr ""
23221
23222
#: serverguide/C/backups.xml:115(para)
23223
msgid ""
23224
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23225
"<application>tar</application> command used to create the archive file."
23226
msgstr ""
23227
23228
#: serverguide/C/backups.xml:121(para)
23229
msgid "<emphasis>c:</emphasis> creates an archive."
23230
msgstr ""
23231
23232
#: serverguide/C/backups.xml:126(para)
23233
msgid ""
23234
"<emphasis>z:</emphasis> filter the archive through the "
23235
"<application>gzip</application> utility compressing the archive."
23236
msgstr ""
23237
23238
#: serverguide/C/backups.xml:131(para)
23239
msgid ""
23240
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23241
"<application>tar</application> output will be sent to STDOUT."
23242
msgstr ""
23243
23244
#: serverguide/C/backups.xml:138(para)
23245
msgid ""
23246
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23247
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23248
"of the destination directory. This is useful for a quick file size check of "
23249
"the archive file. This check should not replace testing the archive file."
23250
msgstr ""
23251
23252
#: serverguide/C/backups.xml:145(para)
23253
msgid ""
23254
"This is a simple example of a backup shell script. There are large amount of "
23255
"options that can be included in a backup script. See <xref linkend=\"backup-"
23256
"shellscript-references\"/> for links to resources providing more in depth "
23257
"shell scripting information."
23258
msgstr ""
23259
23260
#: serverguide/C/backups.xml:152(title)
23261
msgid "Executing the Script"
23262
msgstr ""
23263
23264
#: serverguide/C/backups.xml:154(title)
23265
msgid "Executing from a Terminal"
23266
msgstr ""
23267
23268
#: serverguide/C/backups.xml:155(para)
23269
msgid ""
23270
"The simplest way of executing the above backup script is to copy and paste "
23271
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23272
"from a terminal prompt:"
23273
msgstr ""
23274
23275
#: serverguide/C/backups.xml:160(command)
23276
msgid "sudo bash backup.sh"
23277
msgstr ""
23278
23279
#: serverguide/C/backups.xml:162(para)
23280
msgid ""
23281
"This is a great way to test the script to make sure everything works as "
23282
"expected."
23283
msgstr ""
23284
23285
#: serverguide/C/backups.xml:167(title)
23286
msgid "Executing with cron"
23287
msgstr ""
23288
23289
#: serverguide/C/backups.xml:168(para)
23290
msgid ""
23291
"The <application>cron</application> utility can be used to automate the "
23292
"script execution. The <application>cron</application> daemon allows the "
23293
"execution of scripts, or commands, at a specified time and date."
23294
msgstr ""
23295
23296
#: serverguide/C/backups.xml:172(para)
23297
msgid ""
23298
"<application>cron</application> is configured through entries in a "
23299
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23300
"separated into fields:"
23301
msgstr ""
23302
23303
#: serverguide/C/backups.xml:176(programlisting)
23304
#, no-wrap
23305
msgid ""
23306
"\n"
23307
"# m h dom mon dow command\n"
23308
msgstr ""
23309
23310
#: serverguide/C/backups.xml:181(para)
23311
msgid ""
23312
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23313
msgstr ""
23314
23315
#: serverguide/C/backups.xml:186(para)
23316
msgid ""
23317
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23318
msgstr ""
23319
23320
#: serverguide/C/backups.xml:191(para)
23321
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23322
msgstr ""
23323
23324
#: serverguide/C/backups.xml:196(para)
23325
msgid ""
23326
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23327
msgstr ""
23328
23329
#: serverguide/C/backups.xml:201(para)
23330
msgid ""
23331
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23332
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23333
"valid."
23334
msgstr ""
23335
23336
#: serverguide/C/backups.xml:206(para)
23337
msgid "<emphasis>command:</emphasis> the command to execute."
23338
msgstr ""
23339
23340
#: serverguide/C/backups.xml:211(para)
23341
msgid ""
23342
"To add or change entries in a <filename>crontab</filename> file the "
23343
"<application>crontab -e</application> command should be used. Also, the "
23344
"contents of a <filename>crontab</filename> file can be viewed using the "
23345
"<application>crontab -l</application> command."
23346
msgstr ""
23347
23348
#: serverguide/C/backups.xml:215(para)
23349
msgid ""
23350
"To execute the <application>backup.sh</application> script listed above "
23351
"using <application>cron</application>. Enter the following from a terminal "
23352
"prompt:"
23353
msgstr ""
23354
23355
#: serverguide/C/backups.xml:220(command)
23356
msgid "sudo crontab -e"
23357
msgstr ""
23358
23359
#: serverguide/C/backups.xml:223(para)
23360
msgid ""
23361
"Using <application>sudo</application> with the <application>crontab -"
23362
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23363
"This is necessary if you are backing up directories only the root user has "
23364
"access to."
23365
msgstr ""
23366
23367
#: serverguide/C/backups.xml:228(para)
23368
msgid "Add the following entry to the <filename>crontab</filename> file:"
23369
msgstr ""
23370
23371
#: serverguide/C/backups.xml:231(programlisting)
23372
#, no-wrap
23373
msgid ""
23374
"\n"
23375
"# m h dom mon dow command\n"
23376
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23377
msgstr ""
23378
23379
#: serverguide/C/backups.xml:235(para)
23380
msgid ""
23381
"The <application>backup.sh</application> script will now be executed every "
23382
"day at 12:00 am."
23383
msgstr ""
23384
23385
#: serverguide/C/backups.xml:239(para)
23386
msgid ""
23387
"The <application>backup.sh</application> script will need to be copied to "
23388
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23389
"to execute properly. The script can reside anywhere on the file system "
23390
"simply change the script path appropriately."
23391
msgstr ""
23392
23393
#: serverguide/C/backups.xml:244(para)
23394
msgid ""
23395
"For more in depth <application>crontab</application> options see <xref "
23396
"linkend=\"backup-shellscript-references\"/>."
23397
msgstr ""
23398
23399
#: serverguide/C/backups.xml:250(title)
23400
msgid "Restoring from the Archive"
23401
msgstr ""
23402
23403
#: serverguide/C/backups.xml:251(para)
23404
msgid ""
23405
"Once an archive has been created it is important to test the archive. The "
23406
"archive can be tested by listing the files it contains, but the best test is "
23407
"to <emphasis>restore</emphasis> a file from the archive."
23408
msgstr ""
23409
23410
#: serverguide/C/backups.xml:257(para)
23411
msgid "To see a listing of the archive contents. From a terminal prompt:"
23412
msgstr ""
23413
23414
#: serverguide/C/backups.xml:261(command)
23415
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23416
msgstr ""
23417
23418
#: serverguide/C/backups.xml:265(para)
23419
msgid "To restore a file from the archive to a different directory enter:"
23420
msgstr ""
23421
23422
#: serverguide/C/backups.xml:269(command)
23423
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23424
msgstr ""
23425
23426
#: serverguide/C/backups.xml:271(para)
23427
msgid ""
23428
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23429
"redirects the extracted files to the specified directory. The above example "
23430
"will extract the <filename>/etc/hosts</filename> file to "
23431
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23432
"recreates the directory structure that it contains."
23433
msgstr ""
23434
23435
#: serverguide/C/backups.xml:276(para)
23436
msgid ""
23437
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23438
"the file to restore."
23439
msgstr ""
23440
23441
#: serverguide/C/backups.xml:281(para)
23442
msgid "To restore all files in the archive enter the following:"
23443
msgstr ""
23444
23445
#: serverguide/C/backups.xml:285(command)
23446
msgid "cd /"
23447
msgstr ""
23448
23449
#: serverguide/C/backups.xml:286(command)
23450
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23451
msgstr ""
23452
23453
#: serverguide/C/backups.xml:291(para)
23454
msgid "This will overwrite the files currently on the file system."
23455
msgstr ""
23456
23457
#: serverguide/C/backups.xml:300(para)
23458
msgid ""
23459
"For more information on shell scripting see the <ulink "
23460
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23461
msgstr ""
23462
23463
#: serverguide/C/backups.xml:305(para)
23464
msgid ""
23465
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23466
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23467
"great resource for shell scripting."
23468
msgstr ""
23469
23470
#: serverguide/C/backups.xml:311(para)
23471
msgid ""
23472
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23473
"Wiki Page</ulink> contains details on advanced "
23474
"<application>cron</application> options."
23475
msgstr ""
23476
23477
#: serverguide/C/backups.xml:318(para)
23478
msgid ""
23479
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23480
"tar Manual</ulink> for more <application>tar</application> options."
23481
msgstr ""
23482
23483
#: serverguide/C/backups.xml:324(para)
23484
msgid ""
23485
"The Wikipedia <ulink "
23486
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23487
"Scheme</ulink> article contains information on other backup rotation schemes."
23488
msgstr ""
23489
23490
#: serverguide/C/backups.xml:330(para)
23491
msgid ""
23492
"The shell script uses <application>tar</application> to create the archive, "
23493
"but there many other command line utilities that can be used. For example:"
23494
msgstr ""
23495
23496
#: serverguide/C/backups.xml:336(para)
23497
msgid ""
23498
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23499
"files to and from archives."
23500
msgstr ""
23501
23502
#: serverguide/C/backups.xml:341(para)
23503
msgid ""
23504
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23505
"the <application>coreutils</application> package. A low level utility that "
23506
"can copy data from one format to another"
23507
msgstr ""
23508
23509
#: serverguide/C/backups.xml:347(para)
23510
msgid ""
23511
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23512
"snap shot utility used to create copies of an entire file system."
23513
msgstr ""
23514
23515
#: serverguide/C/backups.xml:358(title)
23516
msgid "Archive Rotation"
23517
msgstr ""
23518
23519
#: serverguide/C/backups.xml:359(para)
23520
msgid ""
23521
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23522
"allows for seven different archives. For a server whose data doesn't change "
23523
"often this may be enough. If the server has a large amount of data a more "
23524
"robust rotation scheme should be used."
23525
msgstr ""
23526
23527
#: serverguide/C/backups.xml:365(title)
23528
msgid "Rotating NFS Archives"
23529
msgstr ""
23530
23531
#: serverguide/C/backups.xml:366(para)
23532
msgid ""
23533
"In this section the shell script will be slightly modified to implement a "
23534
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23535
msgstr ""
23536
23537
#: serverguide/C/backups.xml:372(para)
23538
msgid ""
23539
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23540
"Friday."
23541
msgstr ""
23542
23543
#: serverguide/C/backups.xml:377(para)
23544
msgid ""
23545
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23546
"weekly backups a month."
23547
msgstr ""
23548
23549
#: serverguide/C/backups.xml:382(para)
23550
msgid ""
23551
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23552
"rotating two monthly backups based on if the month is odd or even."
23553
msgstr ""
23554
23555
#: serverguide/C/backups.xml:388(para)
23556
msgid "Here is the new script:"
23557
msgstr ""
23558
23559
#: serverguide/C/backups.xml:391(programlisting)
23560
#, no-wrap
23561
msgid ""
23562
"\n"
23563
"#!/bin/bash\n"
23564
"####################################\n"
23565
"#\n"
23566
"# Backup to NFS mount script with\n"
23567
"# grandfather-father-son rotation.\n"
23568
"#\n"
23569
"####################################\n"
23570
"\n"
23571
"# What to backup. \n"
23572
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23573
"\n"
23574
"# Where to backup to.\n"
23575
"dest=\"/mnt/backup\"\n"
23576
"\n"
23577
"# Setup variables for the archive filename.\n"
23578
"day=$(date +%A)\n"
23579
"hostname=$(hostname -s)\n"
23580
"\n"
23581
"# Find which week of the month 1-4 it is.\n"
23582
"day_num=$(date +%d)\n"
23583
"if (( $day_num <= 7 )); then\n"
23584
" week_file=\"$hostname-week1.tgz\"\n"
23585
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23586
" week_file=\"$hostname-week2.tgz\"\n"
23587
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23588
" week_file=\"$hostname-week3.tgz\"\n"
23589
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23590
" week_file=\"$hostname-week4.tgz\"\n"
23591
"fi\n"
23592
"\n"
23593
"# Find if the Month is odd or even.\n"
23594
"month_num=$(date +%m)\n"
23595
"month=$(expr $month_num % 2)\n"
23596
"if [ $month -eq 0 ]; then\n"
23597
" month_file=\"$hostname-month2.tgz\"\n"
23598
"else\n"
23599
" month_file=\"$hostname-month1.tgz\"\n"
23600
"fi\n"
23601
"\n"
23602
"# Create archive filename.\n"
23603
"if [ $day_num == 1 ]; then\n"
23604
"\tarchive_file=$month_file\n"
23605
"elif [ $day != \"Saturday\" ]; then\n"
23606
" archive_file=\"$hostname-$day.tgz\"\n"
23607
"else \n"
23608
"\tarchive_file=$week_file\n"
23609
"fi\n"
23610
"\n"
23611
"# Print start status message.\n"
23612
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23613
"date\n"
23614
"echo\n"
23615
"\n"
23616
"# Backup the files using tar.\n"
23617
"tar czf $dest/$archive_file $backup_files\n"
23618
"\n"
23619
"# Print end status message.\n"
23620
"echo\n"
23621
"echo \"Backup finished\"\n"
23622
"date\n"
23623
"\n"
23624
"# Long listing of files in $dest to check file sizes.\n"
23625
"ls -lh $dest/\n"
23626
msgstr ""
23627
23628
#: serverguide/C/backups.xml:456(para)
23629
msgid ""
23630
"The script can be executed using the same methods as in <xref "
23631
"linkend=\"backup-executing-shellscript\"/>."
23632
msgstr ""
23633
23634
#: serverguide/C/backups.xml:459(para)
23635
msgid ""
23636
"It is good practice to take backup media off site in case of a disaster. In "
23637
"the shell script example the backup media is another server providing an NFS "
23638
"share. In all likelihood taking the NFS server to another location would not "
23639
"be practical. Depending upon connection speeds it may be an option to copy "
23640
"the archive file over a WAN link to a server in another location."
23641
msgstr ""
23642
23643
#: serverguide/C/backups.xml:465(para)
23644
msgid ""
23645
"Another option is to copy the archive file to an external hard drive which "
23646
"can then be taken off site. Since the price of external hard drives continue "
23647
"to decrease it may be cost-effective to use two drives for each archive "
23648
"level. This would allow you to have one external drive attached to the "
23649
"backup server and one in another location."
23650
msgstr ""
23651
23652
#: serverguide/C/backups.xml:472(title)
23653
msgid "Tape Drives"
23654
msgstr ""
23655
23656
#: serverguide/C/backups.xml:473(para)
23657
msgid ""
23658
"A tape drive attached to the server can be used instead of a NFS share. "
23659
"Using a tape drive simplifies archive rotation, and taking the media off "
23660
"site as well."
23661
msgstr ""
23662
23663
#: serverguide/C/backups.xml:477(para)
23664
msgid ""
23665
"When using a tape drive the filename portions of the script aren't needed "
23666
"because the date is sent directly to the tape device. Some commands to "
23667
"manipulate the tape are needed. This is accomplished using "
23668
"<application>mt</application>, a magnetic tape control utility part of the "
23669
"<application>cpio</application> package."
23670
msgstr ""
23671
23672
#: serverguide/C/backups.xml:482(para)
23673
msgid "Here is the shell script modified to use a tape drive:"
23674
msgstr ""
23675
23676
#: serverguide/C/backups.xml:485(programlisting)
23677
#, no-wrap
23678
msgid ""
23679
"\n"
23680
"#!/bin/bash\n"
23681
"####################################\n"
23682
"#\n"
23683
"# Backup to tape drive script.\n"
23684
"#\n"
23685
"####################################\n"
23686
"\n"
23687
"# What to backup. \n"
23688
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23689
"\n"
23690
"# Where to backup to.\n"
23691
"dest=\"/dev/st0\"\n"
23692
"\n"
23693
"# Print start status message.\n"
23694
"echo \"Backing up $backup_files to $dest\"\n"
23695
"date\n"
23696
"echo\n"
23697
"\n"
23698
"# Make sure the tape is rewound.\n"
23699
"mt -f $dest rewind\n"
23700
"\n"
23701
"# Backup the files using tar.\n"
23702
"tar czf $dest $backup_files\n"
23703
"\n"
23704
"# Rewind and eject the tape.\n"
23705
"mt -f $dest rewoffl\n"
23706
"\n"
23707
"# Print end status message.\n"
23708
"echo\n"
23709
"echo \"Backup finished\"\n"
23710
"date\n"
23711
msgstr ""
23712
23713
#: serverguide/C/backups.xml:519(para)
23714
msgid ""
23715
"The default device name for a SCSI tape drive is "
23716
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23717
"system."
23718
msgstr ""
23719
23720
#: serverguide/C/backups.xml:524(para)
23721
msgid ""
23722
"Restoring from a tape drive is basically the same as restoring from a file. "
23723
"Simply rewind the tape and use the device path instead of a file path. For "
23724
"example to restore the <filename>/etc/hosts</filename> file to "
23725
"<filename>/tmp/etc/hosts</filename>:"
23726
msgstr ""
23727
23728
#: serverguide/C/backups.xml:529(command)
23729
msgid "mt -f /dev/st0 rewind"
23730
msgstr ""
23731
23732
#: serverguide/C/backups.xml:530(command)
23733
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23734
msgstr ""
23735
23736
#: serverguide/C/backups.xml:535(title)
23737
msgid "Bacula"
23738
msgstr ""
23739
23740
#: serverguide/C/backups.xml:536(para)
23741
msgid ""
23742
"<application>Bacula</application> is a backup program enabling you to "
23743
"backup, restore, and verify data across your network. There are Bacula "
23744
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23745
"wide solution."
23746
msgstr ""
23747
23748
#: serverguide/C/backups.xml:542(para)
23749
msgid ""
23750
"<application>Bacula</application> is made up of several components and "
23751
"services used to manage which files to backup and where to back them up to:"
23752
msgstr ""
23753
23754
#: serverguide/C/backups.xml:548(para)
23755
msgid ""
23756
"<application>Bacula Director:</application> a service that controls all "
23757
"backup, restore, verify, and archive operations."
23758
msgstr ""
23759
23760
#: serverguide/C/backups.xml:553(para)
23761
msgid ""
23762
"<application>Bacula Console:</application> an application allowing "
23763
"communication with the Director. There are three versions of the Console:"
23764
msgstr ""
23765
23766
#: serverguide/C/backups.xml:558(para)
23767
msgid "Text based command line version."
23768
msgstr ""
23769
23770
#: serverguide/C/backups.xml:559(para)
23771
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23772
msgstr ""
23773
23774
#: serverguide/C/backups.xml:560(para)
23775
msgid "wxWidgets GUI interface."
23776
msgstr ""
23777
23778
#: serverguide/C/backups.xml:564(para)
23779
msgid ""
23780
"<application>Bacula File:</application> also known as the "
23781
"<application>Bacula Client</application> program. This application is "
23782
"installed on machines to be backed up, and is responsible for the data "
23783
"requested by the Director."
23784
msgstr ""
23785
23786
#: serverguide/C/backups.xml:570(para)
23787
msgid ""
23788
"<application>Bacula Storage:</application> the programs that perform the "
23789
"storage and recovery of data to the physical media."
23790
msgstr ""
23791
23792
#: serverguide/C/backups.xml:575(para)
23793
msgid ""
23794
"<application>Bacula Catalog:</application> is responsible for maintaining "
23795
"the file indexes and volume databases for all files backed up, enabling "
23796
"quick location and restoration of archived files. The Catalog supports three "
23797
"different databases MySQL, PostgreSQL, and SQLite."
23798
msgstr ""
23799
23800
#: serverguide/C/backups.xml:581(para)
23801
msgid ""
23802
"<application>Bacula Monitor:</application> allows the monitoring of the "
23803
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23804
"available as a GTK+ GUI application."
23805
msgstr ""
23806
23807
#: serverguide/C/backups.xml:587(para)
23808
msgid ""
23809
"These services and applications can be run on multiple servers and clients, "
23810
"or they can be installed on one machine if backing up a single disk or "
23811
"volume."
23812
msgstr ""
23813
23814
#: serverguide/C/backups.xml:594(para)
23815
msgid ""
23816
"There are multiple packages containing the different "
23817
"<application>Bacula</application> components. To install Bacula, from a "
23818
"terminal prompt enter:"
23819
msgstr ""
23820
23821
#: serverguide/C/backups.xml:599(command)
23822
msgid "sudo apt-get install bacula"
23823
msgstr ""
23824
23825
#: serverguide/C/backups.xml:601(para)
23826
msgid ""
23827
"By default installing the <application>bacula</application> package will use "
23828
"a <application>MySQL</application> database for the Catalog. If you want to "
23829
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23830
"director-sqlite3</application> or <application>bacula-director-"
23831
"pgsql</application> respectively."
23832
msgstr ""
23833
23834
#: serverguide/C/backups.xml:607(para)
23835
msgid ""
23836
"During the install process you will be asked to supply credentials for the "
23837
"database <emphasis>administrator</emphasis> and the "
23838
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23839
"database administrator will need to have the appropriate rights to create a "
23840
"database, see <xref linkend=\"mysql\"/> for more information."
23841
msgstr ""
23842
23843
#: serverguide/C/backups.xml:617(para)
23844
msgid ""
23845
"<application>Bacula</application> configuration files are formatted based on "
23846
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23847
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23848
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23849
"directory."
23850
msgstr ""
23851
23852
#: serverguide/C/backups.xml:622(para)
23853
msgid ""
23854
"The various <application>Bacula</application> components must authorize "
23855
"themselves to each other. This is accomplished using the "
23856
"<emphasis>password</emphasis> directive. For example, the "
23857
"<emphasis>Storage</emphasis> resource password in the "
23858
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23859
"<emphasis>Director</emphasis> resource password in "
23860
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23861
msgstr ""
23862
23863
#: serverguide/C/backups.xml:628(para)
23864
msgid ""
23865
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23866
"to archive the <application>Bacula</application> Catalog. If you plan on "
23867
"using the server to backup more than one client you should change the name "
23868
"of this job to something more descriptive. To change the name edit "
23869
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23870
msgstr ""
23871
23872
#: serverguide/C/backups.xml:633(programlisting)
23873
#, no-wrap
23874
msgid ""
23875
"\n"
23876
"#\n"
23877
"# Define the main nightly save backup job\n"
23878
"# By default, this job will back up to disk in \n"
23879
"Job {\n"
23880
" Name = \"BackupServer\"\n"
23881
" JobDefs = \"DefaultJob\"\n"
23882
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23883
"}\n"
23884
msgstr ""
23885
23886
#: serverguide/C/backups.xml:644(para)
23887
msgid ""
23888
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
23889
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
23890
"your appropriate hostname, or other descriptive name."
23891
msgstr ""
23892
23893
#: serverguide/C/backups.xml:649(para)
23894
msgid ""
23895
"The <emphasis>Console</emphasis> can be used to query the "
23896
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
23897
"<emphasis>non-root</emphasis> user, the user needs to be in the "
23898
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
23899
"the following from a terminal:"
23900
msgstr ""
23901
23902
#: serverguide/C/backups.xml:655(command)
23903
msgid "sudo adduser $username bacula"
23904
msgstr ""
23905
23906
#: serverguide/C/backups.xml:658(para)
23907
msgid ""
23908
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
23909
"you are adding the current user to the group you should log out and back in "
23910
"for the new permissions to take effect."
23911
msgstr ""
23912
23913
#: serverguide/C/backups.xml:665(title)
23914
msgid "Localhost Backup"
23915
msgstr ""
23916
23917
#: serverguide/C/backups.xml:666(para)
23918
msgid ""
23919
"This section describes how to backup specified directories on a single host "
23920
"to a local tape drive."
23921
msgstr ""
23922
23923
#: serverguide/C/backups.xml:671(para)
23924
msgid ""
23925
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
23926
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
23927
msgstr ""
23928
23929
#: serverguide/C/backups.xml:674(programlisting)
23930
#, no-wrap
23931
msgid ""
23932
"\n"
23933
"Device {\n"
23934
" Name = \"Tape Drive\"\n"
23935
" Device Type = tape\n"
23936
" Media Type = DDS-4\n"
23937
" Archive Device = /dev/st0\n"
23938
" Hardware end of medium = No;\n"
23939
" AutomaticMount = yes; # when device opened, read it\n"
23940
" AlwaysOpen = Yes;\n"
23941
" RemovableMedia = yes;\n"
23942
" RandomAccess = no;\n"
23943
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
23944
"}\n"
23945
msgstr ""
23946
23947
#: serverguide/C/backups.xml:688(para)
23948
msgid ""
23949
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
23950
"Type and Archive Device to match your hardware."
23951
msgstr ""
23952
23953
#: serverguide/C/backups.xml:691(para)
23954
msgid "You could also uncomment one of the other examples in the file."
23955
msgstr ""
23956
23957
#: serverguide/C/backups.xml:696(para)
23958
msgid ""
23959
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
23960
"<application>Storage</application> daemon will need to be restarted:"
23961
msgstr ""
23962
23963
#: serverguide/C/backups.xml:701(command)
23964
msgid "sudo /etc/init.d/bacula-sd restart"
23965
msgstr ""
23966
23967
#: serverguide/C/backups.xml:705(para)
23968
msgid ""
23969
"Now add a <emphasis>Storage</emphasis> resource in "
23970
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
23971
msgstr ""
23972
23973
#: serverguide/C/backups.xml:708(programlisting)
23974
#, no-wrap
23975
msgid ""
23976
"\n"
23977
"# Definition of \"Tape Drive\" storage device\n"
23978
"Storage {\n"
23979
" Name = TapeDrive\n"
23980
" # Do not use \"localhost\" here \n"
23981
" Address = backupserver # N.B. Use a fully qualified name "
23982
"here\n"
23983
" SDPort = 9103\n"
23984
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
23985
" Device = \"Tape Drive\"\n"
23986
" Media Type = tape\n"
23987
"}\n"
23988
msgstr ""
23989
23990
#: serverguide/C/backups.xml:720(para)
23991
msgid ""
23992
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
23993
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
23994
"to the actual host name."
23995
msgstr ""
23996
23997
#: serverguide/C/backups.xml:724(para)
23998
msgid ""
23999
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24000
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24001
msgstr ""
24002
24003
#: serverguide/C/backups.xml:730(para)
24004
msgid ""
24005
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24006
"directories to backup, by adding:"
24007
msgstr ""
24008
24009
#: serverguide/C/backups.xml:733(programlisting)
24010
#, no-wrap
24011
msgid ""
24012
"\n"
24013
"# LocalhostBacup FileSet.\n"
24014
"FileSet {\n"
24015
" Name = \"LocalhostFiles\"\n"
24016
" Include {\n"
24017
" Options {\n"
24018
" signature = MD5\n"
24019
" compression=GZIP\n"
24020
" }\n"
24021
" File = /etc\n"
24022
" File = /home\n"
24023
" }\n"
24024
"}\n"
24025
msgstr ""
24026
24027
#: serverguide/C/backups.xml:747(para)
24028
msgid ""
24029
"This <emphasis>FileSet</emphasis> will backup the <filename "
24030
"role=\"directory\">/etc</filename> and <filename "
24031
"role=\"directory\">/home</filename> directories. The "
24032
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24033
"create a MD5 signature for each file backed up, and to compress the files "
24034
"using GZIP."
24035
msgstr ""
24036
24037
#: serverguide/C/backups.xml:754(para)
24038
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24039
msgstr ""
24040
24041
#: serverguide/C/backups.xml:757(programlisting)
24042
#, no-wrap
24043
msgid ""
24044
"\n"
24045
"# LocalhostBackup Schedule -- Daily.\n"
24046
"Schedule {\n"
24047
" Name = \"LocalhostDaily\"\n"
24048
" Run = Full daily at 00:01\n"
24049
"}\n"
24050
msgstr ""
24051
24052
#: serverguide/C/backups.xml:764(para)
24053
msgid ""
24054
"The job will run every day at 00:01 or 12:01 am. There are many other "
24055
"scheduling options available."
24056
msgstr ""
24057
24058
#: serverguide/C/backups.xml:769(para)
24059
msgid "Finally create the <emphasis>Job</emphasis>:"
24060
msgstr ""
24061
24062
#: serverguide/C/backups.xml:772(programlisting)
24063
#, no-wrap
24064
msgid ""
24065
"\n"
24066
"# Localhost backup.\n"
24067
"Job {\n"
24068
" Name = \"LocalhostBackup\"\n"
24069
" JobDefs = \"DefaultJob\"\n"
24070
" Enabled = yes\n"
24071
" Level = Full\n"
24072
" FileSet = \"LocalhostFiles\"\n"
24073
" Schedule = \"LocalhostDaily\"\n"
24074
" Storage = TapeDrive\n"
24075
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24076
"} \n"
24077
msgstr ""
24078
24079
#: serverguide/C/backups.xml:785(para)
24080
msgid ""
24081
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24082
"drive."
24083
msgstr ""
24084
24085
#: serverguide/C/backups.xml:790(para)
24086
msgid ""
24087
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24088
"current tape does not have a label <application>Bacula</application> will "
24089
"send an email letting you know. To label a tape using the "
24090
"<application>Console</application> enter the following from a terminal:"
24091
msgstr ""
24092
24093
#: serverguide/C/backups.xml:796(command)
24094
msgid "bconsole"
24095
msgstr ""
24096
24097
#: serverguide/C/backups.xml:800(para)
24098
msgid "At the Bacula Console prompt enter:"
24099
msgstr ""
24100
24101
#: serverguide/C/backups.xml:804(command)
24102
msgid "label"
24103
msgstr ""
24104
24105
#: serverguide/C/backups.xml:808(para)
24106
msgid ""
24107
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24108
msgstr ""
24109
24110
#: serverguide/C/backups.xml:818(userinput)
24111
#, no-wrap
24112
msgid "2"
24113
msgstr ""
24114
24115
#: serverguide/C/backups.xml:812(computeroutput)
24116
#, no-wrap
24117
msgid ""
24118
"\n"
24119
"Automatically selected Catalog: MyCatalog\n"
24120
"Using Catalog \"MyCatalog\"\n"
24121
"The defined Storage resources are:\n"
24122
" 1: File\n"
24123
" 2: TapeDrive\n"
24124
"Select Storage resource (1-2):<placeholder-1/>\n"
24125
msgstr ""
24126
24127
#: serverguide/C/backups.xml:823(para)
24128
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24129
msgstr ""
24130
24131
#: serverguide/C/backups.xml:828(userinput)
24132
#, no-wrap
24133
msgid "Sunday"
24134
msgstr ""
24135
24136
#: serverguide/C/backups.xml:827(computeroutput)
24137
#, no-wrap
24138
msgid ""
24139
"\n"
24140
"Enter new Volume name: <placeholder-1/>\n"
24141
"Defined Pools:\n"
24142
" 1: Default\n"
24143
" 2: Scratch"
24144
msgstr ""
24145
24146
#: serverguide/C/backups.xml:833(para)
24147
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24148
msgstr ""
24149
24150
#: serverguide/C/backups.xml:838(para)
24151
msgid "Now, select the <emphasis>Pool</emphasis>:"
24152
msgstr ""
24153
24154
#: serverguide/C/backups.xml:843(userinput)
24155
#, no-wrap
24156
msgid "1"
24157
msgstr ""
24158
24159
#: serverguide/C/backups.xml:842(computeroutput)
24160
#, no-wrap
24161
msgid ""
24162
"\n"
24163
"Select the Pool (1-2): <placeholder-1/>\n"
24164
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24165
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24166
msgstr ""
24167
24168
#: serverguide/C/backups.xml:850(para)
24169
msgid ""
24170
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24171
"backup the localhost to an attached tape drive."
24172
msgstr ""
24173
24174
#: serverguide/C/backups.xml:858(para)
24175
msgid ""
24176
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24177
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24178
"Manual</ulink>"
24179
msgstr ""
24180
24181
#: serverguide/C/backups.xml:864(para)
24182
msgid ""
24183
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24184
"the latest Bacula news and developments."
24185
msgstr ""
24186
24187
#: serverguide/C/backups.xml:869(para)
24188
msgid ""
24189
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24190
"Ubuntu Wiki</ulink> page."
24191
msgstr ""
24192
24193
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24194
#: serverguide/C/backups.xml:0(None)
24195
msgid "translator-credits"
24196
msgstr ""
Loggerhead is a web-based interface for Breezy
Version: 2.0.1