« back to all changes in this revision
Viewing changes to serverguide/po/ms.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/ms.po
1
# Malay translation for ubuntu-docs
2
# Copyright (c) 2007 Rosetta Contributors and Canonical Ltd 2007
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2007.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-04-25 16:06+0000\n"
12
"Last-Translator: Launchpad Translations Administrators "
13
"<rosetta@launchpad.net>\n"
14
"Language-Team: Malay <ms@li.org>\n"
15
"MIME-Version: 1.0\n"
16
"Content-Type: text/plain; charset=UTF-8\n"
17
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2010-09-18 10:45+0000\n"
19
"X-Generator: Launchpad (build Unknown)\n"
20
21
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
22
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
msgstr "ubuntu-doc@lists.ubuntu.com (Projek Dokumentasi Ubuntu)"
24
25
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
msgid "Ubuntu Server Guide"
27
msgstr ""
28
29
#: serverguide/C/serverguide-C.omf:9(date)
30
msgid "2007-09-30"
31
msgstr "2007-09-30"
32
33
#: serverguide/C/windows-networking.xml:13(title)
34
msgid "Windows Networking"
35
msgstr "Rangkaian Windows"
36
37
#: serverguide/C/windows-networking.xml:15(para)
38
msgid ""
39
"Computer networks are often comprised of diverse systems, and while "
40
"operating a network made up entirely of Ubuntu desktop and server computers "
41
"would certainly be fun, some network environments must consist of both "
42
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
43
"class=\"registered\">Windows</trademark> systems working together in "
44
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
45
"principles and tools used in configuring your Ubuntu Server for sharing "
46
"network resources with Windows computers."
47
msgstr ""
48
49
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
50
msgid "Introduction"
51
msgstr "Pengenalan"
52
53
#: serverguide/C/windows-networking.xml:27(para)
54
msgid ""
55
"Successfully networking your Ubuntu system with Windows clients involves "
56
"providing and integrating with services common to Windows environments. Such "
57
"services assist the sharing of data and information about the computers and "
58
"users involved in the network, and may be classified under three major "
59
"categories of functionality:"
60
msgstr ""
61
62
#: serverguide/C/windows-networking.xml:35(para)
63
msgid ""
64
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
65
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
66
"folders, volumes, and the sharing of printers throughout the network."
67
msgstr ""
68
69
#: serverguide/C/windows-networking.xml:41(para)
70
msgid ""
71
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
72
"information about the computers and users of the network with such "
73
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
74
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
75
msgstr ""
76
77
#: serverguide/C/windows-networking.xml:48(para)
78
msgid ""
79
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
80
"the identity of a computer or user of the network and determining the "
81
"information the computer or user is authorized to access using such "
82
"principles and technologies as file permissions, group policies, and the "
83
"Kerberos authentication service."
84
msgstr ""
85
86
#: serverguide/C/windows-networking.xml:56(para)
87
msgid ""
88
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
89
"clients and share network resources among them. One of the principal pieces "
90
"of software your Ubuntu system includes for Windows networking is the Samba "
91
"suite of SMB server applications and tools."
92
msgstr ""
93
94
#: serverguide/C/windows-networking.xml:62(para)
95
msgid ""
96
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
97
"of the common Samba use cases, and how to install and configure the "
98
"necessary packages. Additional detailed documentation and information on "
99
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
100
"website</ulink>."
101
msgstr ""
102
103
#: serverguide/C/windows-networking.xml:70(title)
104
msgid "Samba File Server"
105
msgstr "Pelayan Fail Samba"
106
107
#: serverguide/C/windows-networking.xml:72(para)
108
msgid ""
109
"One of the most common ways to network Ubuntu and Windows computers is to "
110
"configure Samba as a File Server. This section covers setting up a "
111
"<application>Samba</application> server to share files with Windows clients."
112
msgstr ""
113
114
#: serverguide/C/windows-networking.xml:77(para)
115
msgid ""
116
"The server will be configured to share files with any client on the network "
117
"without prompting for a password. If your environment requires stricter "
118
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
119
msgstr ""
120
121
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
122
msgid "Installation"
123
msgstr "Pemasangan"
124
125
#: serverguide/C/windows-networking.xml:85(para)
126
msgid ""
127
"The first step is to install the <application>samba</application> package. "
128
"From a terminal prompt enter:"
129
msgstr ""
130
131
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
132
msgid "sudo apt-get install samba"
133
msgstr "sudo apt-get install samba"
134
135
#: serverguide/C/windows-networking.xml:93(para)
136
msgid ""
137
"That's all there is to it; you are now ready to configure Samba to share "
138
"files."
139
msgstr ""
140
141
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
142
msgid "Configuration"
143
msgstr "Konfigurasi"
144
145
#: serverguide/C/windows-networking.xml:101(para)
146
msgid ""
147
"The main Samba configuration file is located in "
148
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
149
"a significant amount of comments in order to document various configuration "
150
"directives."
151
msgstr ""
152
153
#: serverguide/C/windows-networking.xml:106(para)
154
msgid ""
155
"Not all the available options are included in the default configuration "
156
"file. See the <filename>smb.conf</filename><application>man</application> "
157
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
158
"Collection/\">Samba HOWTO Collection</ulink> for more details."
159
msgstr ""
160
161
#: serverguide/C/windows-networking.xml:116(para)
162
msgid ""
163
"First, edit the following key/value pairs in the "
164
"<emphasis>[global]</emphasis> section of "
165
"<filename>/etc/samba/smb.conf</filename>:"
166
msgstr ""
167
168
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
169
#, no-wrap
170
msgid ""
171
"\n"
172
" workgroup = EXAMPLE\n"
173
" ...\n"
174
" security = user\n"
175
msgstr ""
176
177
#: serverguide/C/windows-networking.xml:127(para)
178
msgid ""
179
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
180
"section, and is commented by default. Also, change "
181
"<emphasis>EXAMPLE</emphasis> to better match your environment."
182
msgstr ""
183
184
#: serverguide/C/windows-networking.xml:135(para)
185
msgid ""
186
"Create a new section at the bottom of the file, or uncomment one of the "
187
"examples, for the directory to be shared:"
188
msgstr ""
189
190
#: serverguide/C/windows-networking.xml:139(programlisting)
191
#, no-wrap
192
msgid ""
193
"\n"
194
"[share]\n"
195
" comment = Ubuntu File Server Share\n"
196
" path = /srv/samba/share\n"
197
" browsable = yes\n"
198
" guest ok = yes\n"
199
" read only = no\n"
200
" create mask = 0755\n"
201
msgstr ""
202
203
#: serverguide/C/windows-networking.xml:151(para)
204
msgid ""
205
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
206
"fit your needs."
207
msgstr ""
208
209
#: serverguide/C/windows-networking.xml:156(para)
210
msgid "<emphasis>path:</emphasis> the path to the directory to share."
211
msgstr ""
212
213
#: serverguide/C/windows-networking.xml:159(para)
214
msgid ""
215
"This example uses <filename>/srv/samba/sharename</filename> because, "
216
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
217
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
218
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
219
"specific data should be served. Technically Samba shares can be placed "
220
"anywhere on the filesystem as long as the permissions are correct, but "
221
"adhering to standards is recommended."
222
msgstr ""
223
224
#: serverguide/C/windows-networking.xml:168(para)
225
msgid ""
226
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
227
"directory using <application>Windows Explorer</application>."
228
msgstr ""
229
230
#: serverguide/C/windows-networking.xml:174(para)
231
msgid ""
232
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
233
"without supplying a password."
234
msgstr ""
235
236
#: serverguide/C/windows-networking.xml:179(para)
237
msgid ""
238
"<emphasis>read only:</emphasis> determines if the share is read only or if "
239
"write privileges are granted. Write privileges are allowed only when the "
240
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
241
"is <emphasis>yes</emphasis>, then access to the share is read only."
242
msgstr ""
243
244
#: serverguide/C/windows-networking.xml:184(para)
245
msgid ""
246
"<emphasis>create mask:</emphasis> determines the permissions new files will "
247
"have when created."
248
msgstr ""
249
250
#: serverguide/C/windows-networking.xml:193(para)
251
msgid ""
252
"Now that <application>Samba</application> is configured, the directory needs "
253
"to be created and the permissions changed. From a terminal enter:"
254
msgstr ""
255
256
#: serverguide/C/windows-networking.xml:199(command)
257
msgid "sudo mkdir -p /srv/samba/share"
258
msgstr "sudo mkdir -p /srv/samba/share"
259
260
#: serverguide/C/windows-networking.xml:200(command)
261
msgid "sudo chown nobody.nogroup /srv/samba/share/"
262
msgstr ""
263
264
#: serverguide/C/windows-networking.xml:204(para)
265
msgid ""
266
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
267
"directory tree if it doesn't exist. Change the share name to fit your "
268
"environment."
269
msgstr ""
270
271
#: serverguide/C/windows-networking.xml:213(para)
272
msgid ""
273
"Finally, restart the <application>samba</application> services to enable the "
274
"new configuration:"
275
msgstr ""
276
277
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
278
msgid "sudo restart smbd"
279
msgstr "sudo restart smbd"
280
281
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
282
msgid "sudo restart nmbd"
283
msgstr "sudo restart nmbd"
284
285
#: serverguide/C/windows-networking.xml:226(para)
286
msgid ""
287
"Once again, the above configuration gives all access to any client on the "
288
"local network. For a more secure configuration see <xref linkend=\"samba-"
289
"fileprint-security\"/>."
290
msgstr ""
291
292
#: serverguide/C/windows-networking.xml:232(para)
293
msgid ""
294
"From a Windows client you should now be able to browse to the Ubuntu file "
295
"server and see the shared directory. To check that everything is working try "
296
"creating a directory from Windows."
297
msgstr ""
298
299
#: serverguide/C/windows-networking.xml:237(para)
300
msgid ""
301
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
302
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
303
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
304
"share actually exists and the permissions are correct."
305
msgstr ""
306
307
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
308
msgid "Resources"
309
msgstr "Sumber-sumber"
310
311
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
312
msgid ""
313
"For in depth Samba configurations see the <ulink "
314
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
315
"Collection</ulink>"
316
msgstr ""
317
318
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
319
msgid ""
320
"The guide is also available in <ulink "
321
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
322
"format</ulink>."
323
msgstr ""
324
325
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
326
msgid ""
327
"O'Reilly's <ulink "
328
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
329
"another good reference."
330
msgstr ""
331
332
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
333
msgid ""
334
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
335
"</ulink> page."
336
msgstr ""
337
338
#: serverguide/C/windows-networking.xml:275(title)
339
msgid "Samba Print Server"
340
msgstr "Pelayan Pencetak Samba"
341
342
#: serverguide/C/windows-networking.xml:277(para)
343
msgid ""
344
"Another common use of Samba is to configure it to share printers installed, "
345
"either locally or over the network, on an Ubuntu server. Similar to <xref "
346
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
347
"any client on the local network to use the installed printers without "
348
"prompting for a username and password."
349
msgstr ""
350
351
#: serverguide/C/windows-networking.xml:283(para)
352
msgid ""
353
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
354
"security\"/>."
355
msgstr ""
356
357
#: serverguide/C/windows-networking.xml:290(para)
358
msgid ""
359
"Before installing and configuring Samba it is best to already have a working "
360
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
361
"for details."
362
msgstr ""
363
364
#: serverguide/C/windows-networking.xml:295(para)
365
msgid ""
366
"To install the <application>samba</application> package, from a terminal "
367
"enter:"
368
msgstr ""
369
370
#: serverguide/C/windows-networking.xml:306(para)
371
msgid ""
372
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
373
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
374
"network, and change <emphasis>security</emphasis> to <emphasis "
375
"role=\"italic\">share</emphasis>:"
376
msgstr ""
377
378
#: serverguide/C/windows-networking.xml:318(para)
379
msgid ""
380
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
381
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
382
msgstr ""
383
384
#: serverguide/C/windows-networking.xml:322(programlisting)
385
#, no-wrap
386
msgid ""
387
"\n"
388
" browsable = yes\n"
389
" guest ok = yes\n"
390
msgstr ""
391
392
#: serverguide/C/windows-networking.xml:327(para)
393
msgid "After editing <filename>smb.conf</filename> restart Samba:"
394
msgstr ""
395
396
#: serverguide/C/windows-networking.xml:336(para)
397
msgid ""
398
"The default Samba configuration will automatically share any printers "
399
"installed. Simply install the printer locally on your Windows clients."
400
msgstr ""
401
402
#: serverguide/C/windows-networking.xml:365(para)
403
msgid ""
404
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
405
"more information on configuring CUPS."
406
msgstr ""
407
408
#: serverguide/C/windows-networking.xml:379(title)
409
msgid "Securing a Samba File and Print Server"
410
msgstr ""
411
412
#: serverguide/C/windows-networking.xml:382(title)
413
msgid "Samba Security Modes"
414
msgstr ""
415
416
#: serverguide/C/windows-networking.xml:384(para)
417
msgid ""
418
"There are two security levels available to the Common Internet Filesystem "
419
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
420
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
421
"allows more flexibility, providing four ways of implementing user-level "
422
"security and one way to implement share-level:"
423
msgstr ""
424
425
#: serverguide/C/windows-networking.xml:393(para)
426
msgid ""
427
"<emphasis>security = user:</emphasis> requires clients to supply a username "
428
"and password to connect to shares. Samba user accounts are separate from "
429
"system accounts, but the <application>libpam-smbpass</application> package "
430
"will sync system users and passwords with the Samba user database."
431
msgstr ""
432
433
#: serverguide/C/windows-networking.xml:400(para)
434
msgid ""
435
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
436
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
437
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
438
"linkend=\"samba-dc\"/> for further information."
439
msgstr ""
440
441
#: serverguide/C/windows-networking.xml:407(para)
442
msgid ""
443
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
444
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
445
"integration\"/> for details."
446
msgstr ""
447
448
#: serverguide/C/windows-networking.xml:413(para)
449
msgid ""
450
"<emphasis>security = server:</emphasis> this mode is left over from before "
451
"Samba could become a member server, and due to some security issues should "
452
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
453
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
454
"of the Samba guide for more details."
455
msgstr ""
456
457
#: serverguide/C/windows-networking.xml:421(para)
458
msgid ""
459
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
460
"without supplying a username and password."
461
msgstr ""
462
463
#: serverguide/C/windows-networking.xml:428(para)
464
msgid ""
465
"The security mode you choose will depend on your environment and what you "
466
"need the Samba server to accomplish."
467
msgstr ""
468
469
#: serverguide/C/windows-networking.xml:434(title)
470
msgid "Security = User"
471
msgstr ""
472
473
#: serverguide/C/windows-networking.xml:436(para)
474
msgid ""
475
"This section will reconfigure the Samba file and print server, from <xref "
476
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
477
"require authentication."
478
msgstr ""
479
480
#: serverguide/C/windows-networking.xml:441(para)
481
msgid ""
482
"First, install the <application>libpam-smbpass</application> package which "
483
"will sync the system users to the Samba user database:"
484
msgstr ""
485
486
#: serverguide/C/windows-networking.xml:447(command)
487
msgid "sudo apt-get install libpam-smbpass"
488
msgstr ""
489
490
#: serverguide/C/windows-networking.xml:451(para)
491
msgid ""
492
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
493
"<application>libpam-smbpass</application> is already installed."
494
msgstr ""
495
496
#: serverguide/C/windows-networking.xml:457(para)
497
msgid ""
498
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
499
"<emphasis>[share]</emphasis> section change:"
500
msgstr ""
501
502
#: serverguide/C/windows-networking.xml:461(programlisting)
503
#, no-wrap
504
msgid ""
505
"\n"
506
" guest ok = no\n"
507
msgstr ""
508
509
#: serverguide/C/windows-networking.xml:465(para)
510
msgid "Finally, restart Samba for the new settings to take effect:"
511
msgstr ""
512
513
#: serverguide/C/windows-networking.xml:474(para)
514
msgid ""
515
"Now when connecting to the shared directories or printers you should be "
516
"prompted for a username and password."
517
msgstr ""
518
519
#: serverguide/C/windows-networking.xml:479(para)
520
msgid ""
521
"If you choose to map a network drive to the share you can check the "
522
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
523
"enter the username and password once, at least until the password changes."
524
msgstr ""
525
526
#: serverguide/C/windows-networking.xml:487(title)
527
msgid "Share Security"
528
msgstr ""
529
530
#: serverguide/C/windows-networking.xml:489(para)
531
msgid ""
532
"There are several options available to increase the security for each "
533
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
534
"this section will cover some common options."
535
msgstr ""
536
537
#: serverguide/C/windows-networking.xml:495(title)
538
msgid "Groups"
539
msgstr "Kumpulan"
540
541
#: serverguide/C/windows-networking.xml:497(para)
542
msgid ""
543
"Groups define a collection of computers or users which have a common level "
544
"of access to particular network resources and offer a level of granularity "
545
"in controlling access to such resources. For example, if a group <emphasis "
546
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
547
"role=\"italic\">freda</emphasis>, <emphasis "
548
"role=\"italic\">danika</emphasis>, and <emphasis "
549
"role=\"italic\">rob</emphasis> and a second group <emphasis "
550
"role=\"italic\">support</emphasis> is defined and consists of users "
551
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
552
"role=\"italic\">jeremy</emphasis>, and <emphasis "
553
"role=\"italic\">vincent</emphasis> then certain network resources configured "
554
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
555
"subsequently enable access by freda, danika, and rob, but not jeremy or "
556
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
557
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
558
"role=\"italic\">support</emphasis> groups, she will be able to access "
559
"resources configured for access by both groups, whereas all other users will "
560
"have only access to resources explicitly allowing the group they are part of."
561
msgstr ""
562
563
#: serverguide/C/windows-networking.xml:511(para)
564
msgid ""
565
"By default Samba looks for the local system groups defined in "
566
"<filename>/etc/group</filename> to determine which users belong to which "
567
"groups. For more information on adding and removing users from groups see "
568
"<xref linkend=\"adding-deleting-users\"/>."
569
msgstr ""
570
571
#: serverguide/C/windows-networking.xml:517(para)
572
msgid ""
573
"When defining groups in the Samba configuration file, "
574
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
575
"preface the group name with an \"@\" symbol. For example, if you wished to "
576
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
577
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
578
"do so by entering the group name as <emphasis "
579
"role=\"bold\">@sysadmin</emphasis>."
580
msgstr ""
581
582
#: serverguide/C/windows-networking.xml:526(title)
583
msgid "File Permissions"
584
msgstr ""
585
586
#: serverguide/C/windows-networking.xml:528(para)
587
msgid ""
588
"File Permissions define the explicit rights a computer or user has to a "
589
"particular directory, file, or set of files. Such permissions may be defined "
590
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
591
"the explicit permissions of a defined file share."
592
msgstr ""
593
594
#: serverguide/C/windows-networking.xml:534(para)
595
msgid ""
596
"For example, if you have defined a Samba share called "
597
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
598
"only</emphasis> permissions to the group of users known as <emphasis "
599
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
600
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
601
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
602
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
603
"under the <emphasis>[share]</emphasis> entry:"
604
msgstr ""
605
606
#: serverguide/C/windows-networking.xml:543(programlisting)
607
#, no-wrap
608
msgid ""
609
"\n"
610
" read list = @qa\n"
611
" write list = @sysadmin, vincent\n"
612
msgstr ""
613
614
#: serverguide/C/windows-networking.xml:548(para)
615
msgid ""
616
"Another possible Samba permission is to declare "
617
"<emphasis>administrative</emphasis> permissions to a particular shared "
618
"resource. Users having administrative permissions may read, write, or modify "
619
"any information contained in the resource the user has been given explicit "
620
"administrative permissions to."
621
msgstr ""
622
623
#: serverguide/C/windows-networking.xml:554(para)
624
msgid ""
625
"For example, if you wanted to give the user <emphasis "
626
"role=\"italic\">melissa</emphasis> administrative permissions to the "
627
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
628
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
629
"under the <emphasis>[share]</emphasis> entry:"
630
msgstr ""
631
632
#: serverguide/C/windows-networking.xml:561(programlisting)
633
#, no-wrap
634
msgid ""
635
"\n"
636
" admin users = melissa\n"
637
msgstr ""
638
639
#: serverguide/C/windows-networking.xml:565(para)
640
msgid ""
641
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
642
"the changes to take effect:"
643
msgstr ""
644
645
#: serverguide/C/windows-networking.xml:575(para)
646
msgid ""
647
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
648
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
649
"<emphasis role=\"italic\">security = share</emphasis>"
650
msgstr ""
651
652
#: serverguide/C/windows-networking.xml:581(para)
653
msgid ""
654
"Now that Samba has been configured to limit which groups have access to the "
655
"shared directory, the filesystem permissions need to be updated."
656
msgstr ""
657
658
#: serverguide/C/windows-networking.xml:586(para)
659
msgid ""
660
"Traditional Linux file permissions do not map well to Windows NT Access "
661
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
662
"providing more fine grained control. For example, to enable ACLs on "
663
"<filename>/srv</filename> an EXT3 filesystem, edit "
664
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
665
msgstr ""
666
667
#: serverguide/C/windows-networking.xml:593(programlisting)
668
#, no-wrap
669
msgid ""
670
"\n"
671
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
672
"0 1\n"
673
msgstr ""
674
675
#: serverguide/C/windows-networking.xml:597(para)
676
msgid "Then remount the partition:"
677
msgstr ""
678
679
#: serverguide/C/windows-networking.xml:602(command)
680
msgid "sudo mount -v -o remount /srv"
681
msgstr ""
682
683
#: serverguide/C/windows-networking.xml:606(para)
684
msgid ""
685
"The above example assumes <filename>/srv</filename> on a separate partition. "
686
"If <filename>/srv</filename>, or wherever you have configured your share "
687
"path, is part of the <filename>/</filename> partition a reboot may be "
688
"required."
689
msgstr ""
690
691
#: serverguide/C/windows-networking.xml:613(para)
692
msgid ""
693
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
694
"group will be given read, write, and execute permissions to "
695
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
696
"will be given read and execute permissions, and the files will be owned by "
697
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
698
msgstr ""
699
700
#: serverguide/C/windows-networking.xml:621(command)
701
msgid "sudo chown -R melissa /srv/samba/share/"
702
msgstr ""
703
704
#: serverguide/C/windows-networking.xml:622(command)
705
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
706
msgstr ""
707
708
#: serverguide/C/windows-networking.xml:623(command)
709
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
710
msgstr ""
711
712
#: serverguide/C/windows-networking.xml:627(para)
713
msgid ""
714
"The <application>setfacl</application> command above gives "
715
"<emphasis>execute</emphasis> permissions to all files in the "
716
"<filename>/srv/samba/share</filename> directory, which you may or may not "
717
"want."
718
msgstr ""
719
720
#: serverguide/C/windows-networking.xml:633(para)
721
msgid ""
722
"Now from a Windows client you should notice the new file permissions are "
723
"implemented. See the <application>acl</application> and "
724
"<application>setfacl</application> man pages for more information on POSIX "
725
"ACLs."
726
msgstr ""
727
728
#: serverguide/C/windows-networking.xml:641(title)
729
msgid "Samba AppArmor Profile"
730
msgstr ""
731
732
#: serverguide/C/windows-networking.xml:643(para)
733
msgid ""
734
"Ubuntu comes with the <application>AppArmor</application> security module, "
735
"which provides mandatory access controls. The default AppArmor profile for "
736
"Samba will need to be adapted to your configuration. For more details on "
737
"using AppArmor see <xref linkend=\"apparmor\"/>."
738
msgstr ""
739
740
#: serverguide/C/windows-networking.xml:649(para)
741
msgid ""
742
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
743
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
744
"of the <application>apparmor-profiles</application> packages. To install the "
745
"package, from a terminal prompt enter:"
746
msgstr ""
747
748
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
749
msgid "sudo apt-get install apparmor-profiles"
750
msgstr ""
751
752
#: serverguide/C/windows-networking.xml:660(para)
753
msgid "This package contains profiles for several other binaries."
754
msgstr ""
755
756
#: serverguide/C/windows-networking.xml:665(para)
757
msgid ""
758
"By default the profiles for <application>smbd</application> and "
759
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
760
"allowing Samba to work without modifying the profile, and only logging "
761
"errors. To place the <application>smbd</application> profile into "
762
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
763
"profile will need to be modified to reflect any directories that are shared."
764
msgstr ""
765
766
#: serverguide/C/windows-networking.xml:672(para)
767
msgid ""
768
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
769
"for <emphasis>[share]</emphasis> from the file server example:"
770
msgstr ""
771
772
#: serverguide/C/windows-networking.xml:677(programlisting)
773
#, no-wrap
774
msgid ""
775
"\n"
776
" /srv/samba/share/ r,\n"
777
" /srv/samba/share/** rwkix,\n"
778
msgstr ""
779
780
#: serverguide/C/windows-networking.xml:682(para)
781
msgid ""
782
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
783
msgstr ""
784
785
#: serverguide/C/windows-networking.xml:687(command)
786
msgid "sudo aa-enforce /usr/sbin/smbd"
787
msgstr ""
788
789
#: serverguide/C/windows-networking.xml:688(command)
790
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
791
msgstr ""
792
793
#: serverguide/C/windows-networking.xml:691(para)
794
msgid ""
795
"You should now be able to read, write, and execute files in the shared "
796
"directory as normal, and the <application>smbd</application> binary will "
797
"have access to only the configured files and directories. Be sure to add "
798
"entries for each directory you configure Samba to share. Also, any errors "
799
"will be logged to <filename>/var/log/syslog</filename>."
800
msgstr ""
801
802
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
803
msgid ""
804
"O'Reilly's <ulink "
805
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
806
"also a good reference."
807
msgstr ""
808
809
#: serverguide/C/windows-networking.xml:722(para)
810
msgid ""
811
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
812
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
813
"security."
814
msgstr ""
815
816
#: serverguide/C/windows-networking.xml:728(para)
817
msgid ""
818
"For more information on Samba and ACLs see the <ulink "
819
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
820
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
821
msgstr ""
822
823
#: serverguide/C/windows-networking.xml:744(title)
824
msgid "Samba as a Domain Controller"
825
msgstr ""
826
827
#: serverguide/C/windows-networking.xml:746(para)
828
msgid ""
829
"Although it cannot act as an Active Directory Primary Domain Controller "
830
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
831
"domain controller. A major advantage of this configuration is the ability to "
832
"centralize user and machine credentials. Samba can also use multiple "
833
"backends to store the user information."
834
msgstr ""
835
836
#: serverguide/C/windows-networking.xml:753(title)
837
msgid "Primary Domain Controller"
838
msgstr ""
839
840
#: serverguide/C/windows-networking.xml:755(para)
841
msgid ""
842
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
843
"using the default smbpasswd backend."
844
msgstr ""
845
846
#: serverguide/C/windows-networking.xml:762(para)
847
msgid ""
848
"First, install Samba, and <application>libpam-smbpass</application> to sync "
849
"the user accounts, by entering the following in a terminal prompt:"
850
msgstr ""
851
852
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
853
msgid "sudo apt-get install samba libpam-smbpass"
854
msgstr ""
855
856
#: serverguide/C/windows-networking.xml:774(para)
857
msgid ""
858
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
859
"The <emphasis>security</emphasis> mode should be set to <emphasis "
860
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
861
"should relate to your organization:"
862
msgstr ""
863
864
#: serverguide/C/windows-networking.xml:789(para)
865
msgid ""
866
"In the commented <quote>Domains</quote> section add or uncomment the "
867
"following:"
868
msgstr ""
869
870
#: serverguide/C/windows-networking.xml:793(programlisting)
871
#, no-wrap
872
msgid ""
873
"\n"
874
" domain logons = yes\n"
875
" logon path = \\\\%N\\%U\\profile\n"
876
" logon drive = H:\n"
877
" logon home = \\\\%N\\%U\n"
878
" logon script = logon.cmd\n"
879
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
880
"/var/lib/samba -s /bin/false %u\n"
881
msgstr ""
882
883
#: serverguide/C/windows-networking.xml:804(para)
884
msgid ""
885
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
886
"Samba to act as a domain controller."
887
msgstr ""
888
889
#: serverguide/C/windows-networking.xml:809(para)
890
msgid ""
891
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
892
"their home directory. It is also possible to configure a "
893
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
894
"directory."
895
msgstr ""
896
897
#: serverguide/C/windows-networking.xml:815(para)
898
msgid ""
899
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
900
msgstr ""
901
902
#: serverguide/C/windows-networking.xml:820(para)
903
msgid ""
904
"<emphasis>logon home:</emphasis> specifies the home directory location."
905
msgstr ""
906
907
#: serverguide/C/windows-networking.xml:825(para)
908
msgid ""
909
"<emphasis>logon script:</emphasis> determines the script to be run locally "
910
"once a user has logged in. The script needs to be placed in the "
911
"<emphasis>[netlogon]</emphasis> share."
912
msgstr ""
913
914
#: serverguide/C/windows-networking.xml:831(para)
915
msgid ""
916
"<emphasis>add machine script:</emphasis> a script that will automatically "
917
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
918
"workstation to join the domain."
919
msgstr ""
920
921
#: serverguide/C/windows-networking.xml:835(para)
922
msgid ""
923
"In this example the <emphasis>machines</emphasis> group will need to be "
924
"created using the <application>addgroup</application> utility see <xref "
925
"linkend=\"adding-deleting-users\"/> for details."
926
msgstr ""
927
928
#: serverguide/C/windows-networking.xml:839(para)
929
msgid ""
930
"Also, rights need to be explicitly provided to the <emphasis>Domain "
931
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
932
"(and other admin functions) to work. This is achieved by executing:"
933
msgstr ""
934
935
#: serverguide/C/windows-networking.xml:844(command)
936
msgid ""
937
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
938
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
939
"SeRemoteShutdownPrivilege"
940
msgstr ""
941
942
#: serverguide/C/windows-networking.xml:851(para)
943
msgid ""
944
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
945
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
946
"commented."
947
msgstr ""
948
949
#: serverguide/C/windows-networking.xml:860(para)
950
msgid ""
951
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
952
"role=\"italic\">logon home</emphasis> to be mapped:"
953
msgstr ""
954
955
#: serverguide/C/windows-networking.xml:865(programlisting)
956
#, no-wrap
957
msgid ""
958
"\n"
959
"[homes]\n"
960
" comment = Home Directories\n"
961
" browseable = no\n"
962
" read only = no\n"
963
" create mask = 0700\n"
964
" directory mask = 0700\n"
965
" valid users = %S\n"
966
msgstr ""
967
968
#: serverguide/C/windows-networking.xml:878(para)
969
msgid ""
970
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
971
"share needs to be configured. To enable the share, uncomment:"
972
msgstr ""
973
974
#: serverguide/C/windows-networking.xml:883(programlisting)
975
#, no-wrap
976
msgid ""
977
"\n"
978
"[netlogon]\n"
979
" comment = Network Logon Service\n"
980
" path = /srv/samba/netlogon\n"
981
" guest ok = yes\n"
982
" read only = yes\n"
983
" share modes = no\n"
984
msgstr ""
985
986
#: serverguide/C/windows-networking.xml:893(para)
987
msgid ""
988
"The original <emphasis>netlogon</emphasis> share path is "
989
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
990
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
991
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
992
"location for site-specific data provided by the system."
993
msgstr ""
994
995
#: serverguide/C/windows-networking.xml:904(para)
996
msgid ""
997
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
998
"and an empty (for now) <filename>logon.cmd</filename> script file:"
999
msgstr ""
1000
1001
#: serverguide/C/windows-networking.xml:910(command)
1002
msgid "sudo mkdir -p /srv/samba/netlogon"
1003
msgstr ""
1004
1005
#: serverguide/C/windows-networking.xml:911(command)
1006
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1007
msgstr ""
1008
1009
#: serverguide/C/windows-networking.xml:914(para)
1010
msgid ""
1011
"You can enter any normal Windows logon script commands in "
1012
"<filename>logon.cmd</filename> to customize the client's environment."
1013
msgstr ""
1014
1015
#: serverguide/C/windows-networking.xml:922(para)
1016
msgid ""
1017
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1018
"workstation to the domain, a system group needs to be mapped to the Windows "
1019
"<emphasis>Domain Admins</emphasis> group. Using the "
1020
"<application>net</application> utility, from a terminal enter:"
1021
msgstr ""
1022
1023
#: serverguide/C/windows-networking.xml:929(command)
1024
msgid ""
1025
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1026
"type=d"
1027
msgstr ""
1028
1029
#: serverguide/C/windows-networking.xml:933(para)
1030
msgid ""
1031
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1032
"prefer. Also, the user used to join the domain needs to be a member of the "
1033
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1034
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1035
"allows <application>sudo</application> use."
1036
msgstr ""
1037
1038
#: serverguide/C/windows-networking.xml:944(para)
1039
msgid "Finally, restart Samba to enable the new domain controller:"
1040
msgstr ""
1041
1042
#: serverguide/C/windows-networking.xml:956(para)
1043
msgid ""
1044
"You should now be able to join Windows clients to the Domain in the same "
1045
"manner as joining them to an NT4 domain running on a Windows server."
1046
msgstr ""
1047
1048
#: serverguide/C/windows-networking.xml:966(title)
1049
msgid "Backup Domain Controller"
1050
msgstr ""
1051
1052
#: serverguide/C/windows-networking.xml:968(para)
1053
msgid ""
1054
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1055
"Backup Domain Controller (BDC) as well. This will allow clients to "
1056
"authenticate in case the PDC becomes unavailable."
1057
msgstr ""
1058
1059
#: serverguide/C/windows-networking.xml:973(para)
1060
msgid ""
1061
"When configuring Samba as a BDC you need a way to sync account information "
1062
"with the PDC. There are multiple ways of accomplishing this "
1063
"<application>scp</application>, <application>rsync</application>, or by "
1064
"using <application>LDAP</application> as the <emphasis>passdb "
1065
"backend</emphasis>."
1066
msgstr ""
1067
1068
#: serverguide/C/windows-networking.xml:979(para)
1069
msgid ""
1070
"Using LDAP is the most robust way to sync account information, because both "
1071
"domain controllers can use the same information in real time. However, "
1072
"setting up a LDAP server may be overly complicated for a small number of "
1073
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1074
msgstr ""
1075
1076
#: serverguide/C/windows-networking.xml:988(para)
1077
msgid ""
1078
"First, install <application>samba</application> and <application>libpam-"
1079
"smbpass</application>. From a terminal enter:"
1080
msgstr ""
1081
1082
#: serverguide/C/windows-networking.xml:999(para)
1083
msgid ""
1084
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1085
"following in the <emphasis>[global]</emphasis>:"
1086
msgstr ""
1087
1088
#: serverguide/C/windows-networking.xml:1012(para)
1089
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1090
msgstr ""
1091
1092
#: serverguide/C/windows-networking.xml:1016(programlisting)
1093
#, no-wrap
1094
msgid ""
1095
"\n"
1096
" domain logons = yes\n"
1097
" domain master = no\n"
1098
msgstr ""
1099
1100
#: serverguide/C/windows-networking.xml:1024(para)
1101
msgid ""
1102
"Make sure a user has rights to read the files in "
1103
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1104
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1105
"files, enter:"
1106
msgstr ""
1107
1108
#: serverguide/C/windows-networking.xml:1030(command)
1109
msgid "sudo chgrp -R admin /var/lib/samba"
1110
msgstr ""
1111
1112
#: serverguide/C/windows-networking.xml:1036(para)
1113
msgid ""
1114
"Next, sync the user accounts, using <application>scp</application> to copy "
1115
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1116
msgstr ""
1117
1118
#: serverguide/C/windows-networking.xml:1042(command)
1119
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1120
msgstr ""
1121
1122
#: serverguide/C/windows-networking.xml:1046(para)
1123
msgid ""
1124
"Replace <emphasis>username</emphasis> with a valid username and "
1125
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1126
msgstr ""
1127
1128
#: serverguide/C/windows-networking.xml:1055(para)
1129
msgid "Finally, restart <application>samba</application>:"
1130
msgstr ""
1131
1132
#: serverguide/C/windows-networking.xml:1067(para)
1133
msgid ""
1134
"You can test that your Backup Domain controller is working by stopping the "
1135
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1136
"the domain."
1137
msgstr ""
1138
1139
#: serverguide/C/windows-networking.xml:1072(para)
1140
msgid ""
1141
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1142
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1143
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1144
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1145
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1146
msgstr ""
1147
1148
#: serverguide/C/windows-networking.xml:1102(para)
1149
msgid ""
1150
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1151
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1152
"up a Primary Domain Controller."
1153
msgstr ""
1154
1155
#: serverguide/C/windows-networking.xml:1108(para)
1156
msgid ""
1157
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1158
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1159
"explains setting up a Backup Domain Controller."
1160
msgstr ""
1161
1162
#: serverguide/C/windows-networking.xml:1123(title)
1163
msgid "Samba Active Directory Integration"
1164
msgstr ""
1165
1166
#: serverguide/C/windows-networking.xml:1126(title)
1167
msgid "Accessing a Samba Share"
1168
msgstr ""
1169
1170
#: serverguide/C/windows-networking.xml:1128(para)
1171
msgid ""
1172
"Another, use for Samba is to integrate into an existing Windows network. "
1173
"Once part of an Active Directory domain, Samba can provide file and print "
1174
"services to AD users."
1175
msgstr ""
1176
1177
#: serverguide/C/windows-networking.xml:1133(para)
1178
msgid ""
1179
"The simplest way to join an AD domain is to use <application>Likewise-"
1180
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1181
"open\"/>."
1182
msgstr ""
1183
1184
#: serverguide/C/windows-networking.xml:1138(para)
1185
msgid ""
1186
"Once part of the domain, enter the following command in the terminal prompt:"
1187
msgstr ""
1188
1189
#: serverguide/C/windows-networking.xml:1143(command)
1190
msgid "sudo apt-get install samba smbfs smbclient"
1191
msgstr ""
1192
1193
#: serverguide/C/windows-networking.xml:1146(para)
1194
msgid ""
1195
"Since the <application>likewise-open</application> and "
1196
"<application>samba</application> packages use separate "
1197
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1198
"<filename role=\"directory\">/var/lib/samba</filename>:"
1199
msgstr ""
1200
1201
#: serverguide/C/windows-networking.xml:1152(command)
1202
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1203
msgstr ""
1204
1205
#: serverguide/C/windows-networking.xml:1153(command)
1206
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1207
msgstr ""
1208
1209
#: serverguide/C/windows-networking.xml:1156(para)
1210
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1211
msgstr ""
1212
1213
#: serverguide/C/windows-networking.xml:1160(programlisting)
1214
#, no-wrap
1215
msgid ""
1216
"\n"
1217
" workgroup = EXAMPLE\n"
1218
" ...\n"
1219
" security = ads\n"
1220
" realm = EXAMPLE.COM\n"
1221
" ...\n"
1222
" idmap backend = lwopen\n"
1223
" idmap uid = 50-9999999999\n"
1224
" idmap gid = 50-9999999999\n"
1225
msgstr ""
1226
1227
#: serverguide/C/windows-networking.xml:1171(para)
1228
msgid ""
1229
"Restart <application>samba</application> for the new settings to take effect:"
1230
msgstr ""
1231
1232
#: serverguide/C/windows-networking.xml:1180(para)
1233
msgid ""
1234
"You should now be able to access any <application>Samba</application> shares "
1235
"from a Windows client. However, be sure to give the appropriate AD users or "
1236
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1237
"security\"/> for more details."
1238
msgstr ""
1239
1240
#: serverguide/C/windows-networking.xml:1188(title)
1241
msgid "Accessing a Windows Share"
1242
msgstr ""
1243
1244
#: serverguide/C/windows-networking.xml:1190(para)
1245
msgid ""
1246
"Now that the Samba server is part of the Active Directory domain you can "
1247
"access any Windows server shares:"
1248
msgstr ""
1249
1250
#: serverguide/C/windows-networking.xml:1197(para)
1251
msgid ""
1252
"To mount a Windows file share enter the following in a terminal prompt:"
1253
msgstr ""
1254
1255
#: serverguide/C/windows-networking.xml:1201(command)
1256
msgid "mount.cifs //fs01.example.com/share mount_point"
1257
msgstr ""
1258
1259
#: serverguide/C/windows-networking.xml:1204(para)
1260
msgid ""
1261
"It is also possible to access shares on computers not part of an AD domain, "
1262
"but a username and password will need to be provided."
1263
msgstr ""
1264
1265
#: serverguide/C/windows-networking.xml:1212(para)
1266
msgid ""
1267
"To mount the share during boot place an entry in "
1268
"<filename>/etc/fstab</filename>, for example:"
1269
msgstr ""
1270
1271
#: serverguide/C/windows-networking.xml:1216(programlisting)
1272
#, no-wrap
1273
msgid ""
1274
"\n"
1275
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1276
"0 0\n"
1277
msgstr ""
1278
1279
#: serverguide/C/windows-networking.xml:1223(para)
1280
msgid ""
1281
"Another way to copy files from a Windows server is to use the "
1282
"<application>smbclient</application> utility. To list the files in a Windows "
1283
"share:"
1284
msgstr ""
1285
1286
#: serverguide/C/windows-networking.xml:1229(command)
1287
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1288
msgstr ""
1289
1290
#: serverguide/C/windows-networking.xml:1235(para)
1291
msgid "To copy a file from the share, enter:"
1292
msgstr ""
1293
1294
#: serverguide/C/windows-networking.xml:1240(command)
1295
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1296
msgstr ""
1297
1298
#: serverguide/C/windows-networking.xml:1243(para)
1299
msgid ""
1300
"This will copy the <filename>file.txt</filename> into the current directory."
1301
msgstr ""
1302
1303
#: serverguide/C/windows-networking.xml:1250(para)
1304
msgid "And to copy a file to the share:"
1305
msgstr ""
1306
1307
#: serverguide/C/windows-networking.xml:1255(command)
1308
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1309
msgstr ""
1310
1311
#: serverguide/C/windows-networking.xml:1258(para)
1312
msgid ""
1313
"This will copy the <filename>/etc/hosts</filename> to "
1314
"<filename>//fs01.example.com/share/hosts</filename>."
1315
msgstr ""
1316
1317
#: serverguide/C/windows-networking.xml:1265(para)
1318
msgid ""
1319
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1320
"<application>smbclient</application> command all at once. This is useful for "
1321
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1322
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1323
"and directory commands, simply execute:"
1324
msgstr ""
1325
1326
#: serverguide/C/windows-networking.xml:1272(command)
1327
msgid "smbclient //fs01.example.com/share -k"
1328
msgstr ""
1329
1330
#: serverguide/C/windows-networking.xml:1279(para)
1331
msgid ""
1332
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1333
"<emphasis>//192.168.0.5/share</emphasis>, "
1334
"<emphasis>username=steve,password=secret</emphasis>, and "
1335
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1336
"file name, and an actual username and password with rights to the share."
1337
msgstr ""
1338
1339
#: serverguide/C/windows-networking.xml:1290(para)
1340
msgid ""
1341
"For more <application>smbclient</application> options see the man page: "
1342
"<command>man smbclient</command>, also available <ulink "
1343
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1344
">online</ulink>."
1345
msgstr ""
1346
1347
#: serverguide/C/windows-networking.xml:1295(para)
1348
msgid ""
1349
"The <application>mount.cifs</application><ulink "
1350
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1351
"\">man page</ulink> is also useful for more detailed information."
1352
msgstr ""
1353
1354
#: serverguide/C/windows-networking.xml:1308(title)
1355
msgid "Likewise Open"
1356
msgstr ""
1357
1358
#: serverguide/C/windows-networking.xml:1310(para)
1359
msgid ""
1360
"<application>Likewise Open</application> simplifies the necessary "
1361
"configuration needed to authenticate a Linux machine to an Active Directory "
1362
"domain. Based on <application>winbind</application>, the "
1363
"<application>likewise-open</application> package takes the pain out of "
1364
"integrating Ubuntu authentication into an existing Windows network."
1365
msgstr ""
1366
1367
#: serverguide/C/windows-networking.xml:1319(para)
1368
msgid ""
1369
"There are two ways to use Likewise Open, <application>likewise-"
1370
"open</application> the command line utility and <application>likewise-open-"
1371
"gui</application>. This section focuses on the command line utility."
1372
msgstr ""
1373
1374
#: serverguide/C/windows-networking.xml:1324(para)
1375
msgid ""
1376
"To install the <application>likewise-open</application> package, open a "
1377
"terminal prompt and enter:"
1378
msgstr ""
1379
1380
#: serverguide/C/windows-networking.xml:1329(command)
1381
msgid "sudo apt-get install likewise-open"
1382
msgstr "sudo apt-get install likewise-open"
1383
1384
#: serverguide/C/windows-networking.xml:1334(title)
1385
msgid "Joining a Domain"
1386
msgstr ""
1387
1388
#: serverguide/C/windows-networking.xml:1336(para)
1389
msgid ""
1390
"The main executable file of the <application>likewise-open</application> "
1391
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1392
"join your computer to the domain. Before you join a domain you will need to "
1393
"make sure you have:"
1394
msgstr ""
1395
1396
#: serverguide/C/windows-networking.xml:1344(para)
1397
msgid ""
1398
"Access to an Active Directory user with appropriate rights to join the "
1399
"domain."
1400
msgstr ""
1401
1402
#: serverguide/C/windows-networking.xml:1349(para)
1403
msgid ""
1404
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1405
"you want to join. If your AD domain does not match a valid domain such as "
1406
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1407
"the form of <emphasis>domainname.local</emphasis>."
1408
msgstr ""
1409
1410
#: serverguide/C/windows-networking.xml:1356(para)
1411
msgid ""
1412
"DNS for the domain setup properly. In a production AD environment this "
1413
"should be the case. Proper Microsoft DNS is needed so that client "
1414
"workstations can determine the Active Directory domain is available."
1415
msgstr ""
1416
1417
#: serverguide/C/windows-networking.xml:1360(para)
1418
msgid ""
1419
"If you don't have a Windows DNS server on your network, see <xref "
1420
"linkend=\"likewise-open-ms-dns\"/> for details."
1421
msgstr ""
1422
1423
#: serverguide/C/windows-networking.xml:1367(para)
1424
msgid "To join a domain, from a terminal prompt enter:"
1425
msgstr ""
1426
1427
#: serverguide/C/windows-networking.xml:1372(command)
1428
msgid "sudo domainjoin-cli join example.com Administrator"
1429
msgstr ""
1430
1431
#: serverguide/C/windows-networking.xml:1376(para)
1432
msgid ""
1433
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1434
"<emphasis>Administrator</emphasis> with the appropriate user name."
1435
msgstr ""
1436
1437
#: serverguide/C/windows-networking.xml:1382(para)
1438
msgid ""
1439
"You will then be prompted for the user's password. If all goes well a "
1440
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1441
msgstr ""
1442
1443
#: serverguide/C/windows-networking.xml:1388(para)
1444
msgid ""
1445
"After joining the domain, it is necessary to reboot before attempting to "
1446
"authenticate against the domain."
1447
msgstr ""
1448
1449
#: serverguide/C/windows-networking.xml:1394(para)
1450
msgid ""
1451
"After successfully joining an Ubuntu machine to an Active Directory domain "
1452
"you can authenticate using any valid AD user. To login you will need to "
1453
"enter the user name as 'domain\\username'. For example to ssh to a server "
1454
"joined to the domain enter:"
1455
msgstr ""
1456
1457
#: serverguide/C/windows-networking.xml:1401(command)
1458
msgid "ssh 'example\\steve'@hostname"
1459
msgstr ""
1460
1461
#: serverguide/C/windows-networking.xml:1405(para)
1462
msgid ""
1463
"If configuring a Desktop the user name will need to be prefixed with "
1464
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1465
msgstr ""
1466
1467
#: serverguide/C/windows-networking.xml:1411(para)
1468
msgid ""
1469
"To make likewise-open use a default domain, you can add the following "
1470
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1471
msgstr ""
1472
1473
#: serverguide/C/windows-networking.xml:1415(programlisting)
1474
#, no-wrap
1475
msgid ""
1476
"\n"
1477
"winbind use default domain = yes\n"
1478
msgstr ""
1479
1480
#: serverguide/C/windows-networking.xml:1419(para)
1481
msgid "Then restart the <application>likewise-open</application> daemons:"
1482
msgstr ""
1483
1484
#: serverguide/C/windows-networking.xml:1424(command)
1485
msgid "sudo /etc/init.d/likewise-open restart"
1486
msgstr ""
1487
1488
#: serverguide/C/windows-networking.xml:1428(para)
1489
msgid ""
1490
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1491
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1492
"using only their username."
1493
msgstr ""
1494
1495
#: serverguide/C/windows-networking.xml:1434(para)
1496
msgid ""
1497
"The <application>domainjoin-cli</application> utility can also be used to "
1498
"leave the domain. From a terminal:"
1499
msgstr ""
1500
1501
#: serverguide/C/windows-networking.xml:1439(command)
1502
msgid "sudo domainjoin-cli leave"
1503
msgstr "sudo domainjoin-cli leave"
1504
1505
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1506
msgid "Other Utilities"
1507
msgstr "Utiliti Lain-lain"
1508
1509
#: serverguide/C/windows-networking.xml:1446(para)
1510
msgid ""
1511
"The <application>likewise-open</application> package comes with a few other "
1512
"utilities that may be useful for gathering information about the Active "
1513
"Directory environment. These utilities are used to join the machine to the "
1514
"domain, and are the same as those available in the <application>samba-"
1515
"common</application> and <application>winbind</application> packages:"
1516
msgstr ""
1517
1518
#: serverguide/C/windows-networking.xml:1455(para)
1519
msgid ""
1520
"<application>lwinet</application>: Returns information about the network and "
1521
"the domain."
1522
msgstr ""
1523
1524
#: serverguide/C/windows-networking.xml:1460(para)
1525
msgid ""
1526
"<application>lwimsg</application>: Allows interaction with the "
1527
"<application>likewise-winbindd</application> daemon."
1528
msgstr ""
1529
1530
#: serverguide/C/windows-networking.xml:1465(para)
1531
msgid ""
1532
"<application>lwiinfo</application>: Displays information about various parts "
1533
"of the Domain."
1534
msgstr ""
1535
1536
#: serverguide/C/windows-networking.xml:1471(para)
1537
msgid "Please refer to each utility's man page specific for details."
1538
msgstr ""
1539
1540
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1541
msgid "Troubleshooting"
1542
msgstr ""
1543
1544
#: serverguide/C/windows-networking.xml:1481(para)
1545
msgid ""
1546
"If the client has trouble joining the domain, double check that the "
1547
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1548
"example:"
1549
msgstr ""
1550
1551
#: serverguide/C/windows-networking.xml:1486(programlisting)
1552
#, no-wrap
1553
msgid ""
1554
"\n"
1555
"nameserver 192.168.0.1\n"
1556
msgstr ""
1557
1558
#: serverguide/C/windows-networking.xml:1491(para)
1559
msgid ""
1560
"For more information when joining a domain, use the <emphasis>--loglevel "
1561
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1562
"<application>domainjoin-cli</application> utility:"
1563
msgstr ""
1564
1565
#: serverguide/C/windows-networking.xml:1497(command)
1566
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1567
msgstr ""
1568
1569
#: serverguide/C/windows-networking.xml:1501(para)
1570
msgid ""
1571
"If an Active Directory user has trouble logging in, check the "
1572
"<filename>/var/log/auth.log</filename> for details."
1573
msgstr ""
1574
1575
#: serverguide/C/windows-networking.xml:1506(para)
1576
msgid ""
1577
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1578
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1579
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1580
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1581
"<emphasis>hosts</emphasis> option. For example:"
1582
msgstr ""
1583
1584
#: serverguide/C/windows-networking.xml:1512(programlisting)
1585
#, no-wrap
1586
msgid ""
1587
"\n"
1588
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1589
msgstr ""
1590
1591
#: serverguide/C/windows-networking.xml:1516(para)
1592
msgid "Change the above to:"
1593
msgstr ""
1594
1595
#: serverguide/C/windows-networking.xml:1520(programlisting)
1596
#, no-wrap
1597
msgid ""
1598
"\n"
1599
"hosts: files dns [NOTFOUND=return]\n"
1600
msgstr ""
1601
1602
#: serverguide/C/windows-networking.xml:1524(para)
1603
msgid "Then restart networking by entering:"
1604
msgstr ""
1605
1606
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1607
msgid "sudo /etc/init.d/networking restart"
1608
msgstr ""
1609
1610
#: serverguide/C/windows-networking.xml:1532(para)
1611
msgid "You should now be able to join the Active Directory domain."
1612
msgstr ""
1613
1614
#: serverguide/C/windows-networking.xml:1540(title)
1615
msgid "Microsoft DNS"
1616
msgstr ""
1617
1618
#: serverguide/C/windows-networking.xml:1542(para)
1619
msgid ""
1620
"The following are instructions for installing DNS on an Active Directory "
1621
"domain controller running Windows Server 2003, but the instructions should "
1622
"be similar for other versions:"
1623
msgstr ""
1624
1625
#: serverguide/C/windows-networking.xml:1551(para)
1626
msgid ""
1627
"Click "
1628
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1629
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1630
"This will open the <application>Server Role Mangement</application> utility."
1631
msgstr ""
1632
1633
#: serverguide/C/windows-networking.xml:1559(para)
1634
msgid "Click <guilabel>Add or remove a role</guilabel>"
1635
msgstr ""
1636
1637
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1638
msgid "Click Next"
1639
msgstr ""
1640
1641
#: serverguide/C/windows-networking.xml:1561(para)
1642
msgid "Select \"DNS Server\""
1643
msgstr ""
1644
1645
#: serverguide/C/windows-networking.xml:1563(para)
1646
msgid "Click Next again to proceed"
1647
msgstr ""
1648
1649
#: serverguide/C/windows-networking.xml:1564(para)
1650
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1651
msgstr ""
1652
1653
#: serverguide/C/windows-networking.xml:1566(para)
1654
msgid ""
1655
"Make sure \"This server maintains the zone\" is selected and click Next."
1656
msgstr ""
1657
1658
#: serverguide/C/windows-networking.xml:1567(para)
1659
msgid "Enter your domain name and click Next"
1660
msgstr ""
1661
1662
#: serverguide/C/windows-networking.xml:1568(para)
1663
msgid "Click Next to \"Allow only secure dynamic updates\""
1664
msgstr ""
1665
1666
#: serverguide/C/windows-networking.xml:1570(para)
1667
msgid ""
1668
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1669
"should not forward queries\" and click Next."
1670
msgstr ""
1671
1672
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1673
msgid "Click Finish"
1674
msgstr ""
1675
1676
#: serverguide/C/windows-networking.xml:1577(para)
1677
msgid ""
1678
"DNS is now installed and can be further configured using the "
1679
"<application>Microsoft Management Console</application> DNS snap-in."
1680
msgstr ""
1681
1682
#: serverguide/C/windows-networking.xml:1585(para)
1683
msgid "Click Start"
1684
msgstr ""
1685
1686
#: serverguide/C/windows-networking.xml:1586(para)
1687
msgid "Control Panel"
1688
msgstr ""
1689
1690
#: serverguide/C/windows-networking.xml:1587(para)
1691
msgid "Network Connections"
1692
msgstr ""
1693
1694
#: serverguide/C/windows-networking.xml:1588(para)
1695
msgid "Right Click \"Local Area Connection\""
1696
msgstr ""
1697
1698
#: serverguide/C/windows-networking.xml:1589(para)
1699
msgid "Click Properties"
1700
msgstr ""
1701
1702
#: serverguide/C/windows-networking.xml:1590(para)
1703
msgid "Double click \"Internet Protocol (TCP/IP)\""
1704
msgstr ""
1705
1706
#: serverguide/C/windows-networking.xml:1591(para)
1707
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1708
msgstr ""
1709
1710
#: serverguide/C/windows-networking.xml:1592(para)
1711
msgid "Click Ok"
1712
msgstr ""
1713
1714
#: serverguide/C/windows-networking.xml:1593(para)
1715
msgid "Click Ok again to save the settings"
1716
msgstr ""
1717
1718
#: serverguide/C/windows-networking.xml:1582(para)
1719
msgid ""
1720
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1721
msgstr ""
1722
1723
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1724
msgid "References"
1725
msgstr "Rujukan"
1726
1727
#: serverguide/C/windows-networking.xml:1602(para)
1728
msgid ""
1729
"Please refer to the <ulink "
1730
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1731
"further information."
1732
msgstr ""
1733
1734
#: serverguide/C/windows-networking.xml:1606(para)
1735
msgid ""
1736
"For more <application>domainjoin-cli</application> options see the man page: "
1737
"<command>man domainjoin-cli</command>."
1738
msgstr ""
1739
1740
#: serverguide/C/windows-networking.xml:1610(para)
1741
msgid ""
1742
"Also, see the <ulink "
1743
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1744
"LikewiseOpen</ulink> page."
1745
msgstr ""
1746
1747
#: serverguide/C/web-servers.xml:13(title)
1748
msgid "Web Servers"
1749
msgstr "Pelayan Web"
1750
1751
#: serverguide/C/web-servers.xml:14(para)
1752
msgid ""
1753
"A Web server is a software responsible for accepting HTTP requests from "
1754
"clients, which are known as Web browsers, and serving them HTTP responses "
1755
"along with optional data contents, which usually are Web pages such as HTML "
1756
"documents and linked objects (images, etc.)."
1757
msgstr ""
1758
1759
#: serverguide/C/web-servers.xml:19(title)
1760
msgid "HTTPD - Apache2 Web Server"
1761
msgstr "HTTPD - Pelayan Web Apache2"
1762
1763
#: serverguide/C/web-servers.xml:20(para)
1764
msgid ""
1765
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1766
"are used to serve Web Pages requested by client computers. Clients typically "
1767
"request and view Web Pages using Web Browser applications such as "
1768
"<application>Firefox</application>, <application>Opera</application>, or "
1769
"<application>Mozilla</application>."
1770
msgstr ""
1771
1772
#: serverguide/C/web-servers.xml:24(para)
1773
msgid ""
1774
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1775
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1776
"resource. For example, to view the home page of the <ulink "
1777
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1778
"the FQDN. To request specific information about <ulink "
1779
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1780
"enter the FQDN followed by a path."
1781
msgstr ""
1782
1783
#: serverguide/C/web-servers.xml:29(para)
1784
msgid ""
1785
"The most common protocol used to transfer Web pages is the Hyper Text "
1786
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1787
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1788
"protocol for uploading and downloading files, are also supported."
1789
msgstr ""
1790
1791
#: serverguide/C/web-servers.xml:33(para)
1792
msgid ""
1793
"Apache Web Servers are often used in combination with the "
1794
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1795
"(<application>PHP</application>) scripting language, and other popular "
1796
"scripting languages such as <application>Python</application> and "
1797
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1798
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1799
"for the development and deployment of Web-based applications."
1800
msgstr ""
1801
1802
#: serverguide/C/web-servers.xml:42(para)
1803
msgid ""
1804
"The <application>Apache2</application> web server is available in Ubuntu "
1805
"Linux. To install Apache2:"
1806
msgstr ""
1807
1808
#: serverguide/C/web-servers.xml:48(para)
1809
msgid "At a terminal prompt enter the following command:"
1810
msgstr ""
1811
1812
#: serverguide/C/web-servers.xml:53(command)
1813
msgid "sudo apt-get install apache2"
1814
msgstr ""
1815
1816
#: serverguide/C/web-servers.xml:63(para)
1817
msgid ""
1818
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1819
"text configuration files. These <emphasis>directives</emphasis> are "
1820
"separated between the following files and directories:"
1821
msgstr ""
1822
1823
#: serverguide/C/web-servers.xml:71(para)
1824
msgid ""
1825
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1826
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1827
msgstr ""
1828
1829
#: serverguide/C/web-servers.xml:77(para)
1830
msgid ""
1831
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1832
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1833
"serve content may add files, or symlinks, to this directory."
1834
msgstr ""
1835
1836
#: serverguide/C/web-servers.xml:83(para)
1837
msgid ""
1838
"<emphasis>envvars:</emphasis> file where Apache2 "
1839
"<emphasis>environment</emphasis> variables are set."
1840
msgstr ""
1841
1842
#: serverguide/C/web-servers.xml:88(para)
1843
msgid ""
1844
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1845
"file, named after the <application>httpd</application> daemon. The file can "
1846
"be used for <emphasis>user specific</emphasis> configuration options that "
1847
"globally effect Apache2."
1848
msgstr ""
1849
1850
#: serverguide/C/web-servers.xml:95(para)
1851
msgid ""
1852
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1853
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1854
"modules will have specific configuration files, however."
1855
msgstr ""
1856
1857
#: serverguide/C/web-servers.xml:101(para)
1858
msgid ""
1859
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1860
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1861
"configuration file is symlinked it will be enabled the next time "
1862
"<application>apache2</application> is restarted."
1863
msgstr ""
1864
1865
#: serverguide/C/web-servers.xml:108(para)
1866
msgid ""
1867
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1868
"TCP ports Apache2 is listening on."
1869
msgstr ""
1870
1871
#: serverguide/C/web-servers.xml:113(para)
1872
msgid ""
1873
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1874
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1875
"to be configured for multiple sites that have separate configurations."
1876
msgstr ""
1877
1878
#: serverguide/C/web-servers.xml:119(para)
1879
msgid ""
1880
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1881
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1882
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1883
"a configuration file in sites-available is symlinked, the site configured by "
1884
"it will be active once Apache2 is restarted."
1885
msgstr ""
1886
1887
#: serverguide/C/web-servers.xml:127(para)
1888
msgid ""
1889
"In addition, other configuration files may be added using the "
1890
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1891
"many configuration files. Any directive may be placed in any of these "
1892
"configuration files. Changes to the main configuration files are only "
1893
"recognized by Apache2 when it is started or restarted."
1894
msgstr ""
1895
1896
#: serverguide/C/web-servers.xml:136(para)
1897
msgid ""
1898
"The server also reads a file containing mime document types; the filename is "
1899
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1900
"<filename>/etc/mime.types</filename> by default."
1901
msgstr ""
1902
1903
#: serverguide/C/web-servers.xml:141(title)
1904
msgid "Basic Settings"
1905
msgstr "Tetapan Asas"
1906
1907
#: serverguide/C/web-servers.xml:142(para)
1908
msgid ""
1909
"This section explains Apache2 server essential configuration parameters. "
1910
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1911
"Documentation</ulink> for more details."
1912
msgstr ""
1913
1914
#: serverguide/C/web-servers.xml:150(para)
1915
msgid ""
1916
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1917
"it is configured with a single default virtual host (using the "
1918
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1919
"if you have a single site, or used as a template for additional virtual "
1920
"hosts if you have multiple sites. If left alone, the default virtual host "
1921
"will serve as your default site, or the site users will see if the URL they "
1922
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1923
"your custom sites. To modify the default virtual host, edit the file "
1924
"<filename>/etc/apache2/sites-available/default</filename>."
1925
msgstr ""
1926
1927
#: serverguide/C/web-servers.xml:163(para)
1928
msgid ""
1929
"The directives set for a virtual host only apply to that particular virtual "
1930
"host. If a directive is set server-wide and not defined within the virtual "
1931
"host settings, the default setting is used. For example, you can define a "
1932
"Webmaster email address and not define individual email addresses for each "
1933
"virtual host."
1934
msgstr ""
1935
1936
#: serverguide/C/web-servers.xml:171(para)
1937
msgid ""
1938
"If you wish to configure a new virtual host or site, copy that file into the "
1939
"same directory with a name you choose. For example:"
1940
msgstr ""
1941
1942
#: serverguide/C/web-servers.xml:177(command)
1943
msgid ""
1944
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1945
"available/mynewsite"
1946
msgstr ""
1947
1948
#: serverguide/C/web-servers.xml:180(para)
1949
msgid ""
1950
"Edit the new file to configure the new site using some of the directives "
1951
"described below."
1952
msgstr ""
1953
1954
#: serverguide/C/web-servers.xml:187(para)
1955
msgid ""
1956
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1957
"to be advertised for the server's administrator. The default value is "
1958
"webmaster@localhost. This should be changed to an email address that is "
1959
"delivered to you (if you are the server's administrator). If your website "
1960
"has a problem, Apache2 will display an error message containing this email "
1961
"address to report the problem to. Find this directive in your site's "
1962
"configuration file in /etc/apache2/sites-available."
1963
msgstr ""
1964
1965
#: serverguide/C/web-servers.xml:198(para)
1966
msgid ""
1967
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1968
"the IP address, Apache2 should listen on. If the IP address is not "
1969
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1970
"it runs on. The default value for the Listen directive is 80. Change this to "
1971
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1972
"that it will not be available to the Internet, to (for example) 81 to change "
1973
"the port that it listens on, or leave it as is for normal operation. This "
1974
"directive can be found and changed in its own file, "
1975
"<filename>/etc/apache2/ports.conf</filename>"
1976
msgstr ""
1977
1978
#: serverguide/C/web-servers.xml:211(para)
1979
msgid ""
1980
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1981
"FQDN your site should answer to. The default virtual host has no ServerName "
1982
"directive specified, so it will respond to all requests that do not match a "
1983
"ServerName directive in another virtual host. If you have just acquired the "
1984
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1985
"value of the ServerName directive in your virtual host configuration file "
1986
"should be ubunturocks.com. Add this directive to the new virtual host file "
1987
"you created earlier (<filename>/etc/apache2/sites-"
1988
"available/mynewsite</filename>)."
1989
msgstr ""
1990
1991
#: serverguide/C/web-servers.xml:223(para)
1992
msgid ""
1993
"You may also want your site to respond to www.ubunturocks.com, since many "
1994
"users will assume the www prefix is appropriate. Use the "
1995
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1996
"wildcards in the ServerAlias directive."
1997
msgstr ""
1998
1999
#: serverguide/C/web-servers.xml:230(para)
2000
msgid ""
2001
"For example, the following configuration will cause your site to respond to "
2002
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2003
msgstr ""
2004
2005
#: serverguide/C/web-servers.xml:236(programlisting)
2006
#, no-wrap
2007
msgid ""
2008
"\n"
2009
"ServerAlias *.ubunturocks.com\n"
2010
msgstr ""
2011
2012
#: serverguide/C/web-servers.xml:242(para)
2013
msgid ""
2014
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2015
"should look for the files that make up the site. The default value is "
2016
"/var/www. No site is configured there, but if you uncomment the "
2017
"<emphasis>RedirectMatch</emphasis> directive in "
2018
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2019
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2020
"this value in your site's virtual host file, and remember to create that "
2021
"directory if necessary!"
2022
msgstr ""
2023
2024
#: serverguide/C/web-servers.xml:254(para)
2025
msgid ""
2026
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2027
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2028
"enabled point to \"available\" sites."
2029
msgstr ""
2030
2031
#: serverguide/C/web-servers.xml:260(para)
2032
msgid ""
2033
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2034
"<application>a2ensite</application> utility and restart Apache2:"
2035
msgstr ""
2036
2037
#: serverguide/C/web-servers.xml:266(command)
2038
msgid "sudo a2ensite mynewsite"
2039
msgstr ""
2040
2041
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2042
msgid "sudo /etc/init.d/apache2 restart"
2043
msgstr "sudo /etc/init.d/apache2 restart"
2044
2045
#: serverguide/C/web-servers.xml:271(para)
2046
msgid ""
2047
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2048
"name for the VirtualHost. One method is to name the file after the "
2049
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2050
msgstr ""
2051
2052
#: serverguide/C/web-servers.xml:278(para)
2053
msgid ""
2054
"Similarly, use the <application>a2dissite</application> utility to disable "
2055
"sites. This is can be useful when troubleshooting configuration problems "
2056
"with multiple VirtualHosts:"
2057
msgstr ""
2058
2059
#: serverguide/C/web-servers.xml:284(command)
2060
msgid "sudo a2dissite mynewsite"
2061
msgstr ""
2062
2063
#: serverguide/C/web-servers.xml:290(title)
2064
msgid "Default Settings"
2065
msgstr ""
2066
2067
#: serverguide/C/web-servers.xml:292(para)
2068
msgid ""
2069
"This section explains configuration of the Apache2 server default settings. "
2070
"For example, if you add a virtual host, the settings you configure for the "
2071
"virtual host take precedence for that virtual host. For a directive not "
2072
"defined within the virtual host settings, the default value is used."
2073
msgstr ""
2074
2075
#: serverguide/C/web-servers.xml:304(para)
2076
msgid ""
2077
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2078
"server when a user requests an index of a directory by specifying a forward "
2079
"slash (/) at the end of the directory name."
2080
msgstr ""
2081
2082
#: serverguide/C/web-servers.xml:311(para)
2083
msgid ""
2084
"For example, when a user requests the page "
2085
"http://www.example.com/this_directory/, he or she will get either the "
2086
"DirectoryIndex page if it exists, a server-generated directory list if it "
2087
"does not and the Indexes option is specified, or a Permission Denied page if "
2088
"neither is true. The server will try to find one of the files listed in the "
2089
"DirectoryIndex directive and will return the first one it finds. If it does "
2090
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2091
"set for that directory, the server will generate and return a list, in HTML "
2092
"format, of the subdirectories and files in the directory. The default value, "
2093
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2094
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2095
"Apache2 finds a file in a requested directory matching any of these names, "
2096
"the first will be displayed."
2097
msgstr ""
2098
2099
#: serverguide/C/web-servers.xml:332(para)
2100
msgid ""
2101
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2102
"file for Apache2 to use for specific error events. For example, if a user "
2103
"requests a resource that does not exist, a 404 error will occur, and per "
2104
"Apache2's default configuration, the file "
2105
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2106
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2107
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2108
"redirects requests to the /error directory to "
2109
"<filename>/usr/share/apache2/error/</filename>."
2110
msgstr ""
2111
2112
#: serverguide/C/web-servers.xml:344(para)
2113
msgid ""
2114
"To see a list of the default ErrorDocument directives, use this command:"
2115
msgstr ""
2116
2117
#: serverguide/C/web-servers.xml:350(command)
2118
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2119
msgstr ""
2120
2121
#: serverguide/C/web-servers.xml:355(para)
2122
msgid ""
2123
"By default, the server writes the transfer log to the file "
2124
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2125
"per-site basis in your virtual host configuration files with the "
2126
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2127
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2128
"specify the file to which errors are logged, via the "
2129
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2130
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2131
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2132
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2133
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2134
"/etc/apache2/apache2.conf</filename> for the default value)."
2135
msgstr ""
2136
2137
#: serverguide/C/web-servers.xml:370(para)
2138
msgid ""
2139
"Some options are specified on a per-directory basis rather than per-server. "
2140
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2141
"is enclosed in XML-like tags, like so:"
2142
msgstr ""
2143
2144
#: serverguide/C/web-servers.xml:376(programlisting)
2145
#, no-wrap
2146
msgid ""
2147
"\n"
2148
"<Directory /var/www/mynewsite>\n"
2149
"...\n"
2150
"</Directory>\n"
2151
msgstr ""
2152
2153
#: serverguide/C/web-servers.xml:382(para)
2154
msgid ""
2155
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2156
"one or more of the following values (among others), separated by spaces:"
2157
msgstr ""
2158
2159
#: serverguide/C/web-servers.xml:394(para)
2160
msgid ""
2161
"Most files should not be executed as CGI scripts. This would be very "
2162
"dangerous. CGI scripts should kept in a directory separate from and outside "
2163
"your DocumentRoot, and only this directory should have the ExecCGI option "
2164
"set. This is the default, and the default location for CGI scripts is "
2165
"<filename>/usr/lib/cgi-bin</filename>."
2166
msgstr ""
2167
2168
#: serverguide/C/web-servers.xml:389(para)
2169
msgid ""
2170
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2171
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2172
msgstr ""
2173
2174
#: serverguide/C/web-servers.xml:405(para)
2175
msgid ""
2176
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2177
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2178
"other files. This is not a common option. See <ulink "
2179
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2180
"HOWTO</ulink> for more information."
2181
msgstr ""
2182
2183
#: serverguide/C/web-servers.xml:414(para)
2184
msgid ""
2185
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2186
"includes, but disable the <emphasis>#exec</emphasis> and "
2187
"<emphasis>#include</emphasis> commands in CGI scripts."
2188
msgstr ""
2189
2190
#: serverguide/C/web-servers.xml:426(para)
2191
msgid ""
2192
"For security reasons, this should usually not be set, and certainly should "
2193
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2194
"per-directory basis only if you are certain you want users to see the entire "
2195
"contents of the directory."
2196
msgstr ""
2197
2198
#: serverguide/C/web-servers.xml:421(para)
2199
msgid ""
2200
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2201
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2202
"index.html) exists in the requested directory. <placeholder-1/>"
2203
msgstr ""
2204
2205
#: serverguide/C/web-servers.xml:436(para)
2206
msgid ""
2207
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2208
"multiviews; this option is disabled by default for security reasons. See the "
2209
"<ulink "
2210
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2211
"Apache2 documentation on this option</ulink>."
2212
msgstr ""
2213
2214
#: serverguide/C/web-servers.xml:444(para)
2215
msgid ""
2216
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2217
"symbolic links if the target file or directory has the same owner as the "
2218
"link."
2219
msgstr ""
2220
2221
#: serverguide/C/web-servers.xml:456(title)
2222
msgid "httpd Settings"
2223
msgstr ""
2224
2225
#: serverguide/C/web-servers.xml:458(para)
2226
msgid ""
2227
"This section explains some basic <application>httpd</application> daemon "
2228
"configuration settings."
2229
msgstr ""
2230
2231
#: serverguide/C/web-servers.xml:462(para)
2232
msgid ""
2233
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2234
"the path to the lockfile used when the server is compiled with either "
2235
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2236
"stored on the local disk. It should be left to the default value unless the "
2237
"logs directory is located on an NFS share. If this is the case, the default "
2238
"value should be changed to a location on the local disk and to a directory "
2239
"that is readable only by root."
2240
msgstr ""
2241
2242
#: serverguide/C/web-servers.xml:471(para)
2243
msgid ""
2244
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2245
"file in which the server records its process ID (pid). This file should only "
2246
"be readable by root. In most cases, it should be left to the default value."
2247
msgstr ""
2248
2249
#: serverguide/C/web-servers.xml:477(para)
2250
msgid ""
2251
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2252
"used by the server to answer requests. This setting determines the server's "
2253
"access. Any files inaccessible to this user will also be inaccessible to "
2254
"your website's visitors. The default value for User is www-data."
2255
msgstr ""
2256
2257
#: serverguide/C/web-servers.xml:484(para)
2258
msgid ""
2259
"Unless you know exactly what you are doing, do not set the User directive to "
2260
"root. Using root as the User will create large security holes for your Web "
2261
"server."
2262
msgstr ""
2263
2264
#: serverguide/C/web-servers.xml:490(para)
2265
msgid ""
2266
"The Group directive is similar to the User directive. Group sets the group "
2267
"under which the server will answer requests. The default group is also www-"
2268
"data."
2269
msgstr ""
2270
2271
#: serverguide/C/web-servers.xml:496(title)
2272
msgid "Apache2 Modules"
2273
msgstr ""
2274
2275
#: serverguide/C/web-servers.xml:498(para)
2276
msgid ""
2277
"Apache2 is a modular server. This implies that only the most basic "
2278
"functionality is included in the core server. Extended features are "
2279
"available through modules which can be loaded into Apache2. By default, a "
2280
"base set of modules is included in the server at compile-time. If the server "
2281
"is compiled to use dynamically loaded modules, then modules can be compiled "
2282
"separately, and added at any time using the LoadModule directive. Otherwise, "
2283
"Apache2 must be recompiled to add or remove modules."
2284
msgstr ""
2285
2286
#: serverguide/C/web-servers.xml:510(para)
2287
msgid ""
2288
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2289
"Configuration directives may be conditionally included on the presence of a "
2290
"particular module by enclosing them in an "
2291
"<emphasis><IfModule></emphasis> block."
2292
msgstr ""
2293
2294
#: serverguide/C/web-servers.xml:517(para)
2295
msgid ""
2296
"You can install additional Apache2 modules and use them with your Web "
2297
"server. For example, run the following command from a terminal prompt to "
2298
"install the <emphasis>MySQL Authentication</emphasis> module:"
2299
msgstr ""
2300
2301
#: serverguide/C/web-servers.xml:524(command)
2302
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2303
msgstr ""
2304
2305
#: serverguide/C/web-servers.xml:527(para)
2306
msgid ""
2307
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2308
"additional modules."
2309
msgstr ""
2310
2311
#: serverguide/C/web-servers.xml:531(para)
2312
msgid ""
2313
"Use the <application>a2enmod</application> utility to enable a module:"
2314
msgstr ""
2315
2316
#: serverguide/C/web-servers.xml:537(command)
2317
msgid "sudo a2enmod auth_mysql"
2318
msgstr ""
2319
2320
#: serverguide/C/web-servers.xml:541(para)
2321
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2322
msgstr ""
2323
2324
#: serverguide/C/web-servers.xml:546(command)
2325
msgid "sudo a2dismod auth_mysql"
2326
msgstr ""
2327
2328
#: serverguide/C/web-servers.xml:553(title)
2329
msgid "HTTPS Configuration"
2330
msgstr ""
2331
2332
#: serverguide/C/web-servers.xml:555(para)
2333
msgid ""
2334
"The <application>mod_ssl</application> module adds an important feature to "
2335
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2336
"browser is communicating using SSL, the https:// prefix is used at the "
2337
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2338
"bar."
2339
msgstr ""
2340
2341
#: serverguide/C/web-servers.xml:564(para)
2342
msgid ""
2343
"The <application>mod_ssl</application> module is available in "
2344
"<application>apache2-common</application> package. Execute the following "
2345
"command from a terminal prompt to enable the "
2346
"<application>mod_ssl</application> module:"
2347
msgstr ""
2348
2349
#: serverguide/C/web-servers.xml:571(command)
2350
msgid "sudo a2enmod ssl"
2351
msgstr ""
2352
2353
#: serverguide/C/web-servers.xml:574(para)
2354
msgid ""
2355
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2356
"available/default-ssl</filename>. In order for "
2357
"<application>Apache2</application> to provide HTTPS, a "
2358
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2359
"needed. The default HTTPS configuration will use a certificate and key "
2360
"generated by the <application>ssl-cert</application> package. They are good "
2361
"for testing, but the auto-generated certificate and key should be replaced "
2362
"by a certificate specific to the site or server. For information on "
2363
"generating a key and obtaining a certificate see <xref "
2364
"linkend=\"certificates-and-security\"/>"
2365
msgstr ""
2366
2367
#: serverguide/C/web-servers.xml:584(para)
2368
msgid ""
2369
"To configure <application>Apache2</application> for HTTPS, enter the "
2370
"following:"
2371
msgstr ""
2372
2373
#: serverguide/C/web-servers.xml:589(command)
2374
msgid "sudo a2ensite default-ssl"
2375
msgstr ""
2376
2377
#: serverguide/C/web-servers.xml:593(para)
2378
msgid ""
2379
"The directories <filename>/etc/ssl/certs</filename> and "
2380
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2381
"install the certificate and key in another directory make sure to change "
2382
"<emphasis>SSLCertificateFile</emphasis> and "
2383
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2384
msgstr ""
2385
2386
#: serverguide/C/web-servers.xml:600(para)
2387
msgid ""
2388
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2389
"settings:"
2390
msgstr ""
2391
2392
#: serverguide/C/web-servers.xml:611(para)
2393
msgid ""
2394
"Depending on how you obtained your certificate you may need to enter a "
2395
"passphrase when <application>Apache2</application> starts."
2396
msgstr ""
2397
2398
#: serverguide/C/web-servers.xml:617(para)
2399
msgid ""
2400
"You can access the secure server pages by typing https://your_hostname/url/ "
2401
"in your browser address bar."
2402
msgstr ""
2403
2404
#: serverguide/C/web-servers.xml:628(para)
2405
msgid ""
2406
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2407
"Documentation</ulink> contains in depth information on Apache2 configuration "
2408
"directives. Also, see the <application>apache2-doc</application> package for "
2409
"the official Apache2 docs."
2410
msgstr ""
2411
2412
#: serverguide/C/web-servers.xml:635(para)
2413
msgid ""
2414
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2415
"Documentation</ulink> site for more SSL related information."
2416
msgstr ""
2417
2418
#: serverguide/C/web-servers.xml:641(para)
2419
msgid ""
2420
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2421
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2422
"configurations."
2423
msgstr ""
2424
2425
#: serverguide/C/web-servers.xml:647(para)
2426
msgid ""
2427
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2428
"server</emphasis> IRC channel on <ulink "
2429
"url=\"http://freenode.net/\">freenode.net</ulink>."
2430
msgstr ""
2431
2432
#: serverguide/C/web-servers.xml:653(para)
2433
msgid ""
2434
"Usually integrated with PHP and MySQL the <ulink "
2435
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2436
"Ubuntu Wiki </ulink> page is a good resource."
2437
msgstr ""
2438
2439
#: serverguide/C/web-servers.xml:664(title)
2440
msgid "PHP5 - Scripting Language"
2441
msgstr ""
2442
2443
#: serverguide/C/web-servers.xml:665(para)
2444
msgid ""
2445
"PHP is a general-purpose scripting language suited for Web development. The "
2446
"PHP script can be embedded into HTML. This section explains how to install "
2447
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2448
msgstr ""
2449
2450
#: serverguide/C/web-servers.xml:669(para)
2451
msgid ""
2452
"This section assumes you have installed and configured Apache2 Web Server "
2453
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2454
"sections in this document to install and configure Apache2 and MySQL "
2455
"respectively."
2456
msgstr ""
2457
2458
#: serverguide/C/web-servers.xml:676(para)
2459
msgid "The PHP5 is available in Ubuntu Linux."
2460
msgstr ""
2461
2462
#: serverguide/C/web-servers.xml:678(para)
2463
msgid ""
2464
"To install PHP5 you can enter the following command in the terminal prompt: "
2465
"<screen>\n"
2466
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2467
"</screen>"
2468
msgstr ""
2469
2470
#: serverguide/C/web-servers.xml:687(para)
2471
msgid ""
2472
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2473
"line you should install <application>php5-cli</application> package. To "
2474
"install <application>php5-cli</application> you can enter the following "
2475
"command in the terminal prompt: <screen>\n"
2476
"<command>sudo apt-get install php5-cli</command>\n"
2477
"</screen>"
2478
msgstr ""
2479
2480
#: serverguide/C/web-servers.xml:696(para)
2481
msgid ""
2482
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2483
"accomplish this, you should install <application>php5-cgi</application> "
2484
"package. You can run the following command in a terminal prompt to install "
2485
"<application>php5-cgi</application> package: <screen>\n"
2486
"<command>sudo apt-get install php5-cgi</command>\n"
2487
"</screen>"
2488
msgstr ""
2489
2490
#: serverguide/C/web-servers.xml:706(para)
2491
msgid ""
2492
"To use <application>MySQL</application> with PHP5 you should install "
2493
"<application>php5-mysql</application> package. To install <application>php5-"
2494
"mysql</application> you can enter the following command in the terminal "
2495
"prompt: <screen>\n"
2496
"<command>sudo apt-get install php5-mysql</command>\n"
2497
"</screen>"
2498
msgstr ""
2499
2500
#: serverguide/C/web-servers.xml:714(para)
2501
msgid ""
2502
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2503
"install <application>php5-pgsql</application> package. To install "
2504
"<application>php5-pgsql</application> you can enter the following command in "
2505
"the terminal prompt: <screen>\n"
2506
"<command>sudo apt-get install php5-pgsql</command>\n"
2507
"</screen>"
2508
msgstr ""
2509
2510
#: serverguide/C/web-servers.xml:727(para)
2511
msgid ""
2512
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2513
"you have installed <application>php5-cli</application> package, you can run "
2514
"PHP5 scripts from your command prompt."
2515
msgstr ""
2516
2517
#: serverguide/C/web-servers.xml:734(para)
2518
msgid ""
2519
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2520
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2521
"when you install the module. Please verify if the files "
2522
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2523
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2524
"not exists, you can enable the module using <command>a2enmod</command> "
2525
"command."
2526
msgstr ""
2527
2528
#: serverguide/C/web-servers.xml:745(para)
2529
msgid ""
2530
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2531
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2532
"following command at a terminal prompt to restart your web server: "
2533
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2534
msgstr ""
2535
2536
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2537
msgid "Testing"
2538
msgstr ""
2539
2540
#: serverguide/C/web-servers.xml:754(para)
2541
msgid ""
2542
"To verify your installation, you can run following PHP5 phpinfo script:"
2543
msgstr ""
2544
2545
#: serverguide/C/web-servers.xml:757(programlisting)
2546
#, no-wrap
2547
msgid ""
2548
"\n"
2549
"<?php\n"
2550
" phpinfo();\n"
2551
"?>\n"
2552
msgstr ""
2553
2554
#: serverguide/C/web-servers.xml:762(para)
2555
msgid ""
2556
"You can save the content in a file <filename>phpinfo.php</filename> and "
2557
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2558
"server. When point your browser to "
2559
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2560
"various PHP5 configuration parameters."
2561
msgstr ""
2562
2563
#: serverguide/C/web-servers.xml:776(para)
2564
msgid ""
2565
"For more in depth information see <ulink "
2566
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2567
msgstr ""
2568
2569
#: serverguide/C/web-servers.xml:781(para)
2570
msgid ""
2571
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2572
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2573
"5</ulink> and the <ulink "
2574
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2575
msgstr ""
2576
2577
#: serverguide/C/web-servers.xml:788(para)
2578
msgid ""
2579
"Also, see the <ulink "
2580
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2581
"Ubuntu Wiki</ulink> page for more information."
2582
msgstr ""
2583
2584
#: serverguide/C/web-servers.xml:799(title)
2585
msgid "Squid - Proxy Server"
2586
msgstr ""
2587
2588
#: serverguide/C/web-servers.xml:800(para)
2589
msgid ""
2590
"Squid is a full-featured web proxy cache server application which provides "
2591
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2592
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2593
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2594
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2595
"caching. Squid also supports a wide variety of caching protocols, such as "
2596
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2597
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2598
"Protocol. (WCCP)"
2599
msgstr ""
2600
2601
#: serverguide/C/web-servers.xml:808(para)
2602
msgid ""
2603
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2604
"and caching server needs, and scales from the branch office to enterprise "
2605
"level networks while providing extensive, granular access control mechanisms "
2606
"and monitoring of critical parameters via the Simple Network Management "
2607
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2608
"Squid proxy, or caching servers, ensure your system is configured with a "
2609
"large amount of physical memory, as Squid maintains an in-memory cache for "
2610
"increased performance."
2611
msgstr ""
2612
2613
#: serverguide/C/web-servers.xml:817(para)
2614
msgid ""
2615
"At a terminal prompt, enter the following command to install the Squid "
2616
"server:"
2617
msgstr ""
2618
2619
#: serverguide/C/web-servers.xml:822(command)
2620
msgid "sudo apt-get install squid"
2621
msgstr ""
2622
2623
#: serverguide/C/web-servers.xml:828(para)
2624
msgid ""
2625
"Squid is configured by editing the directives contained within the "
2626
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2627
"examples illustrate some of the directives which may be modified to affect "
2628
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2629
"see the References section."
2630
msgstr ""
2631
2632
#: serverguide/C/web-servers.xml:834(para)
2633
msgid ""
2634
"Prior to editing the configuration file, you should make a copy of the "
2635
"original file and protect it from writing so you will have the original "
2636
"settings as a reference, and to re-use as necessary."
2637
msgstr ""
2638
2639
#: serverguide/C/web-servers.xml:837(para)
2640
msgid ""
2641
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2642
"writing with the following commands entered at a terminal prompt:"
2643
msgstr ""
2644
2645
#: serverguide/C/web-servers.xml:842(command)
2646
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2647
msgstr ""
2648
2649
#: serverguide/C/web-servers.xml:843(command)
2650
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2651
msgstr ""
2652
2653
#: serverguide/C/web-servers.xml:849(para)
2654
msgid ""
2655
"To set your Squid server to listen on TCP port 8888 instead of the default "
2656
"TCP port 3128, change the http_port directive as such:"
2657
msgstr ""
2658
2659
#: serverguide/C/web-servers.xml:853(programlisting)
2660
#, no-wrap
2661
msgid ""
2662
"\n"
2663
"http_port 8888\n"
2664
msgstr ""
2665
2666
#: serverguide/C/web-servers.xml:858(para)
2667
msgid ""
2668
"Change the visible_hostname directive in order to give the Squid server a "
2669
"specific hostname. This hostname does not necessarily need to be the "
2670
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2671
msgstr ""
2672
2673
#: serverguide/C/web-servers.xml:862(programlisting)
2674
#, no-wrap
2675
msgid ""
2676
"\n"
2677
"visible_hostname weezie\n"
2678
msgstr ""
2679
2680
#: serverguide/C/web-servers.xml:867(para)
2681
msgid ""
2682
"Using Squid's access control, you may configure use of Internet services "
2683
"proxied by Squid to be available only users with certain Internet Protocol "
2684
"(IP) addresses. For example, we will illustrate access by users of the "
2685
"192.168.42.0/24 subnetwork only:"
2686
msgstr ""
2687
2688
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2689
msgid ""
2690
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2691
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2692
msgstr ""
2693
2694
#: serverguide/C/web-servers.xml:875(programlisting)
2695
#, no-wrap
2696
msgid ""
2697
"\n"
2698
"acl fortytwo_network src 192.168.42.0/24\n"
2699
msgstr ""
2700
2701
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2702
msgid ""
2703
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2704
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2705
msgstr ""
2706
2707
#: serverguide/C/web-servers.xml:882(programlisting)
2708
#, no-wrap
2709
msgid ""
2710
"\n"
2711
"http_access allow fortytwo_network\n"
2712
msgstr ""
2713
2714
#: serverguide/C/web-servers.xml:887(para)
2715
msgid ""
2716
"Using the excellent access control features of Squid, you may configure use "
2717
"of Internet services proxied by Squid to be available only during normal "
2718
"business hours. For example, we'll illustrate access by employees of a "
2719
"business which is operating between 9:00AM and 5:00PM, Monday through "
2720
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2721
msgstr ""
2722
2723
#: serverguide/C/web-servers.xml:895(programlisting)
2724
#, no-wrap
2725
msgid ""
2726
"\n"
2727
"acl biz_network src 10.1.42.0/24\n"
2728
"acl biz_hours time M T W T F 9:00-17:00\n"
2729
msgstr ""
2730
2731
#: serverguide/C/web-servers.xml:903(programlisting)
2732
#, no-wrap
2733
msgid ""
2734
"\n"
2735
"http_access allow biz_network biz_hours\n"
2736
msgstr ""
2737
2738
#: serverguide/C/web-servers.xml:910(para)
2739
msgid ""
2740
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2741
"save the file and restart the <application>squid</application> server "
2742
"application to effect the changes using the following command entered at a "
2743
"terminal prompt:"
2744
msgstr ""
2745
2746
#: serverguide/C/web-servers.xml:917(command)
2747
msgid "sudo /etc/init.d/squid restart"
2748
msgstr ""
2749
2750
#: serverguide/C/web-servers.xml:924(ulink)
2751
msgid "Squid Website"
2752
msgstr ""
2753
2754
#: serverguide/C/web-servers.xml:926(para)
2755
msgid ""
2756
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2757
"Squid</ulink> page."
2758
msgstr ""
2759
2760
#: serverguide/C/web-servers.xml:933(title)
2761
msgid "Ruby on Rails"
2762
msgstr ""
2763
2764
#: serverguide/C/web-servers.xml:934(para)
2765
msgid ""
2766
"Ruby on Rails is an open source web framework for developing database backed "
2767
"web applications. It is optimized for sustainable productivity of the "
2768
"programmer since it lets the programmer to write code by favouring "
2769
"convention over configuration."
2770
msgstr ""
2771
2772
#: serverguide/C/web-servers.xml:941(para)
2773
msgid ""
2774
"Before installing <application>Rails</application> you should install "
2775
"<application>Apache</application> and <application>MySQL</application>. To "
2776
"install the <application>Apache</application> package, please refer to <xref "
2777
"linkend=\"httpd\"/>. For instructions on installing "
2778
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2779
msgstr ""
2780
2781
#: serverguide/C/web-servers.xml:949(para)
2782
msgid ""
2783
"Once you have <application>Apache</application> and "
2784
"<application>MySQL</application> packages installed, you are ready to "
2785
"install <application>Ruby on Rails</application> package."
2786
msgstr ""
2787
2788
#: serverguide/C/web-servers.xml:956(para)
2789
msgid ""
2790
"To install the <application>Ruby</application> base packages and "
2791
"<application>Ruby on Rails</application>, you can enter the following "
2792
"command in the terminal prompt:"
2793
msgstr ""
2794
2795
#: serverguide/C/web-servers.xml:962(command)
2796
msgid "sudo apt-get install rails"
2797
msgstr ""
2798
2799
#: serverguide/C/web-servers.xml:968(para)
2800
msgid ""
2801
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2802
"configuration file to setup your domains."
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:972(para)
2806
msgid ""
2807
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2808
msgstr ""
2809
2810
#: serverguide/C/web-servers.xml:976(programlisting)
2811
#, no-wrap
2812
msgid ""
2813
"\n"
2814
"DocumentRoot /path/to/rails/application/public\n"
2815
msgstr ""
2816
2817
#: serverguide/C/web-servers.xml:979(para)
2818
msgid ""
2819
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2820
"directive:"
2821
msgstr ""
2822
2823
#: serverguide/C/web-servers.xml:983(programlisting)
2824
#, no-wrap
2825
msgid ""
2826
"\n"
2827
"<Directory \"/path/to/rails/application/public\">\n"
2828
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2829
" AllowOverride All\n"
2830
" Order allow,deny\n"
2831
" allow from all\n"
2832
" AddHandler cgi-script .cgi\n"
2833
"</Directory>\n"
2834
msgstr ""
2835
2836
#: serverguide/C/web-servers.xml:993(para)
2837
msgid ""
2838
"You should also enable the <application>mod_rewrite</application> module for "
2839
"Apache. To enable <application>mod_rewrite</application> module, please "
2840
"enter the following command in a terminal prompt:"
2841
msgstr ""
2842
2843
#: serverguide/C/web-servers.xml:999(command)
2844
msgid "sudo a2enmod rewrite"
2845
msgstr ""
2846
2847
#: serverguide/C/web-servers.xml:1002(para)
2848
msgid ""
2849
"Finally you will need to change the ownership of the "
2850
"<filename>/path/to/rails/application/public</filename> and "
2851
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2852
"used to run the <application>Apache</application> process:"
2853
msgstr ""
2854
2855
#: serverguide/C/web-servers.xml:1008(command)
2856
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2857
msgstr ""
2858
2859
#: serverguide/C/web-servers.xml:1009(command)
2860
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2861
msgstr ""
2862
2863
#: serverguide/C/web-servers.xml:1012(para)
2864
msgid ""
2865
"That's it! Now you have your Server ready for your <application>Ruby on "
2866
"Rails</application> applications."
2867
msgstr ""
2868
2869
#: serverguide/C/web-servers.xml:1021(para)
2870
msgid ""
2871
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2872
"for more information."
2873
msgstr ""
2874
2875
#: serverguide/C/web-servers.xml:1026(para)
2876
msgid ""
2877
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2878
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2879
"resource."
2880
msgstr ""
2881
2882
#: serverguide/C/web-servers.xml:1032(para)
2883
msgid ""
2884
"Another place for more information is the <ulink "
2885
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2886
"Wiki</ulink> page."
2887
msgstr ""
2888
2889
#: serverguide/C/web-servers.xml:1043(title)
2890
msgid "Apache Tomcat"
2891
msgstr ""
2892
2893
#: serverguide/C/web-servers.xml:1044(para)
2894
msgid ""
2895
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2896
"JSP (Java Server Pages) web applications."
2897
msgstr ""
2898
2899
#: serverguide/C/web-servers.xml:1046(para)
2900
msgid ""
2901
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2902
"different ways of running Tomcat. You can install them as a classic unique "
2903
"system-wide instance, that will be started at boot time and will run as the "
2904
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2905
"will run with your own user rights, and that you should start and stop by "
2906
"yourself. This second way is particularly useful in a development server "
2907
"context where multiple users need to test on their own private Tomcat "
2908
"instances."
2909
msgstr ""
2910
2911
#: serverguide/C/web-servers.xml:1056(title)
2912
msgid "System-wide installation"
2913
msgstr ""
2914
2915
#: serverguide/C/web-servers.xml:1057(para)
2916
msgid ""
2917
"To install the <application>Tomcat</application> server, you can enter the "
2918
"following command in the terminal prompt:"
2919
msgstr ""
2920
2921
#: serverguide/C/web-servers.xml:1060(command)
2922
msgid "sudo apt-get install tomcat6"
2923
msgstr ""
2924
2925
#: serverguide/C/web-servers.xml:1062(para)
2926
msgid ""
2927
"This will install a Tomcat server with just a default ROOT webapp that "
2928
"displays a minimal \"It works\" page by default."
2929
msgstr ""
2930
2931
#: serverguide/C/web-servers.xml:1068(para)
2932
msgid ""
2933
"Tomcat configuration files can be found in "
2934
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2935
"will be described here, please see <ulink "
2936
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2937
"documentation</ulink> for more."
2938
msgstr ""
2939
2940
#: serverguide/C/web-servers.xml:1074(title)
2941
msgid "Changing default ports"
2942
msgstr ""
2943
2944
#: serverguide/C/web-servers.xml:1075(para)
2945
msgid ""
2946
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2947
"connector on port 8009. You might want to change those default ports to "
2948
"avoid conflict with another server on the system. This is done by changing "
2949
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2950
msgstr ""
2951
2952
#: serverguide/C/web-servers.xml:1080(programlisting)
2953
#, no-wrap
2954
msgid ""
2955
"\n"
2956
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2957
" connectionTimeout=\"20000\" \n"
2958
" redirectPort=\"8443\" />\n"
2959
"...\n"
2960
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2961
"/>\n"
2962
msgstr ""
2963
2964
#: serverguide/C/web-servers.xml:1089(title)
2965
msgid "Changing JVM used"
2966
msgstr ""
2967
2968
#: serverguide/C/web-servers.xml:1090(para)
2969
msgid ""
2970
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2971
"then try some other JVMs. If you have various JVMs installed, you can set "
2972
"which should be used by setting JAVA_HOME in "
2973
"<filename>/etc/default/tomcat6</filename>:"
2974
msgstr ""
2975
2976
#: serverguide/C/web-servers.xml:1094(programlisting)
2977
#, no-wrap
2978
msgid ""
2979
"\n"
2980
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2981
msgstr ""
2982
2983
#: serverguide/C/web-servers.xml:1099(title)
2984
msgid "Declaring users and roles"
2985
msgstr ""
2986
2987
#: serverguide/C/web-servers.xml:1100(para)
2988
msgid ""
2989
"Usernames, passwords and roles (groups) can be defined centrally in a "
2990
"Servlet container. In Tomcat 6.0 this is done in the "
2991
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2992
msgstr ""
2993
2994
#: serverguide/C/web-servers.xml:1103(programlisting)
2995
#, no-wrap
2996
msgid ""
2997
"\n"
2998
"<role rolename=\"admin\"/>\n"
2999
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3000
msgstr ""
3001
3002
#: serverguide/C/web-servers.xml:1111(title)
3003
msgid "Using Tomcat standard webapps"
3004
msgstr ""
3005
3006
#: serverguide/C/web-servers.xml:1112(para)
3007
msgid ""
3008
"Tomcat is shipped with webapps that you can install for documentation, "
3009
"administration or demo purposes."
3010
msgstr ""
3011
3012
#: serverguide/C/web-servers.xml:1115(title)
3013
msgid "Tomcat documentation"
3014
msgstr ""
3015
3016
#: serverguide/C/web-servers.xml:1116(para)
3017
msgid ""
3018
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3019
"documentation, packaged as a webapp that you can access by default at "
3020
"http://yourserver:8080/docs. You can install it by entering the following "
3021
"command in the terminal prompt:"
3022
msgstr ""
3023
3024
#: serverguide/C/web-servers.xml:1121(command)
3025
msgid "sudo apt-get install tomcat6-docs"
3026
msgstr ""
3027
3028
#: serverguide/C/web-servers.xml:1125(title)
3029
msgid "Tomcat administration webapps"
3030
msgstr ""
3031
3032
#: serverguide/C/web-servers.xml:1126(para)
3033
msgid ""
3034
"The <application>tomcat6-admin</application> package contains two webapps "
3035
"that can be used to administer the Tomcat server using a web interface. You "
3036
"can install them by entering the following command in the terminal prompt:"
3037
msgstr ""
3038
3039
#: serverguide/C/web-servers.xml:1131(command)
3040
msgid "sudo apt-get install tomcat6-admin"
3041
msgstr ""
3042
3043
#: serverguide/C/web-servers.xml:1133(para)
3044
msgid ""
3045
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3046
"access by default at http://yourserver:8080/manager/html. It is primarily "
3047
"used to get server status and restart webapps."
3048
msgstr ""
3049
3050
#: serverguide/C/web-servers.xml:1136(para)
3051
msgid ""
3052
"Access to the <emphasis>manager</emphasis> application is protected by "
3053
"default: you need to define a user with the role \"manager\" in "
3054
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3055
msgstr ""
3056
3057
#: serverguide/C/web-servers.xml:1140(para)
3058
msgid ""
3059
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3060
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3061
"used to create virtual hosts dynamically."
3062
msgstr ""
3063
3064
#: serverguide/C/web-servers.xml:1144(para)
3065
msgid ""
3066
"Access to the <emphasis>host-manager</emphasis> application is also "
3067
"protected by default: you need to define a user with the role \"admin\" in "
3068
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3069
msgstr ""
3070
3071
#: serverguide/C/web-servers.xml:1149(para)
3072
msgid ""
3073
"For security reasons, the tomcat6 user cannot write to the "
3074
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3075
"these admin webapps (application deployment, virtual host creation) need "
3076
"write access to that directory. If you want to use these features execute "
3077
"the following, to give users in the tomcat6 group the necessary rights:"
3078
msgstr ""
3079
3080
#: serverguide/C/web-servers.xml:1156(command)
3081
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3082
msgstr ""
3083
3084
#: serverguide/C/web-servers.xml:1157(command)
3085
msgid "sudo chmod -R g+w /etc/tomcat6"
3086
msgstr ""
3087
3088
#: serverguide/C/web-servers.xml:1162(title)
3089
msgid "Tomcat examples webapps"
3090
msgstr ""
3091
3092
#: serverguide/C/web-servers.xml:1163(para)
3093
msgid ""
3094
"The <application>tomcat6-examples</application> package contains two webapps "
3095
"that can be used to test or demonstrate Servlets and JSP features, which you "
3096
"can access them by default at http://yourserver:8080/examples. You can "
3097
"install them by entering the following command in the terminal prompt:"
3098
msgstr ""
3099
3100
#: serverguide/C/web-servers.xml:1169(command)
3101
msgid "sudo apt-get install tomcat6-examples"
3102
msgstr ""
3103
3104
#: serverguide/C/web-servers.xml:1175(title)
3105
msgid "Using private instances"
3106
msgstr ""
3107
3108
#: serverguide/C/web-servers.xml:1176(para)
3109
msgid ""
3110
"Tomcat is heavily used in development and testing scenarios where using a "
3111
"single system-wide instance doesn't meet the requirements of multiple users "
3112
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3113
"help deploy your own user-oriented instances, allowing every user on a "
3114
"system to run (without root rights) separate private instances while still "
3115
"using the system-installed libraries."
3116
msgstr ""
3117
3118
#: serverguide/C/web-servers.xml:1183(para)
3119
msgid ""
3120
"It is possible to run the system-wide instance and the private instances in "
3121
"parallel, as long as they do not use the same TCP ports."
3122
msgstr ""
3123
3124
#: serverguide/C/web-servers.xml:1187(title)
3125
msgid "Installing private instance support"
3126
msgstr ""
3127
3128
#: serverguide/C/web-servers.xml:1188(para)
3129
msgid ""
3130
"You can install everything necessary to run private instances by entering "
3131
"the following command in the terminal prompt:"
3132
msgstr ""
3133
3134
#: serverguide/C/web-servers.xml:1191(command)
3135
msgid "sudo apt-get install tomcat6-user"
3136
msgstr ""
3137
3138
#: serverguide/C/web-servers.xml:1195(title)
3139
msgid "Creating a private instance"
3140
msgstr ""
3141
3142
#: serverguide/C/web-servers.xml:1196(para)
3143
msgid ""
3144
"You can create a private instance directory by entering the following "
3145
"command in the terminal prompt:"
3146
msgstr ""
3147
3148
#: serverguide/C/web-servers.xml:1199(command)
3149
msgid "tomcat6-instance-create my-instance"
3150
msgstr ""
3151
3152
#: serverguide/C/web-servers.xml:1201(para)
3153
msgid ""
3154
"This will create a new <filename>my-instance</filename> directory with all "
3155
"the necessary subdirectories and scripts. You can for example install your "
3156
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3157
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3158
"are deployed by default."
3159
msgstr ""
3160
3161
#: serverguide/C/web-servers.xml:1209(title)
3162
msgid "Configuring your private instance"
3163
msgstr ""
3164
3165
#: serverguide/C/web-servers.xml:1210(para)
3166
msgid ""
3167
"You will find the classic Tomcat configuration files for your private "
3168
"instance in the <filename>conf/</filename> subdirectory. You should for "
3169
"example certainly edit the <filename>conf/server.xml</filename> file to "
3170
"change the default ports used by your private Tomcat instance to avoid "
3171
"conflict with other instances that might be running."
3172
msgstr ""
3173
3174
#: serverguide/C/web-servers.xml:1218(title)
3175
msgid "Starting/stopping your private instance"
3176
msgstr ""
3177
3178
#: serverguide/C/web-servers.xml:1219(para)
3179
msgid ""
3180
"You can start your private instance by entering the following command in the "
3181
"terminal prompt (supposing your instance is located in the <filename>my-"
3182
"instance</filename> directory):"
3183
msgstr ""
3184
3185
#: serverguide/C/web-servers.xml:1223(command)
3186
msgid "my-instance/bin/startup.sh"
3187
msgstr ""
3188
3189
#: serverguide/C/web-servers.xml:1225(para)
3190
msgid ""
3191
"You should check the <filename>logs/</filename> subdirectory for any error. "
3192
"If you have a <emphasis>java.net.BindException: Address already in "
3193
"use<null>:8080</emphasis> error, it means that the port you're using "
3194
"is already taken and that you should change it."
3195
msgstr ""
3196
3197
#: serverguide/C/web-servers.xml:1230(para)
3198
msgid ""
3199
"You can stop your instance by entering the following command in the terminal "
3200
"prompt (supposing your instance is located in the <filename>my-"
3201
"instance</filename> directory):"
3202
msgstr ""
3203
3204
#: serverguide/C/web-servers.xml:1234(command)
3205
msgid "my-instance/bin/shutdown.sh"
3206
msgstr ""
3207
3208
#: serverguide/C/web-servers.xml:1243(para)
3209
msgid ""
3210
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3211
"website for more information."
3212
msgstr ""
3213
3214
#: serverguide/C/web-servers.xml:1248(para)
3215
msgid ""
3216
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3217
"Definitive Guide</ulink> is a good resource for building web applications "
3218
"with Tomcat."
3219
msgstr ""
3220
3221
#: serverguide/C/web-servers.xml:1254(para)
3222
msgid ""
3223
"For additional books see the <ulink "
3224
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3225
"page."
3226
msgstr ""
3227
3228
#: serverguide/C/web-servers.xml:1259(para)
3229
msgid ""
3230
"Also, see the<ulink "
3231
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3232
"Tomcat</ulink> page."
3233
msgstr ""
3234
3235
#: serverguide/C/vpn.xml:13(title)
3236
msgid "VPN"
3237
msgstr ""
3238
3239
#: serverguide/C/vpn.xml:15(para)
3240
msgid ""
3241
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3242
"network connection between two or more networks. There are several ways to "
3243
"create a VPN using software as well as dedicated hardware appliances. This "
3244
"chapter will cover installing and configuring "
3245
"<application>OpenVPN</application> to create a VPN between two servers."
3246
msgstr ""
3247
3248
#: serverguide/C/vpn.xml:23(title)
3249
msgid "OpenVPN"
3250
msgstr ""
3251
3252
#: serverguide/C/vpn.xml:25(para)
3253
msgid ""
3254
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3255
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3256
"clients through a bridge interface on the VPN server. This guide will assume "
3257
"that one VPN node, the server in this case, has a bridge interface "
3258
"configured. For more information on setting up a bridge see <xref "
3259
"linkend=\"bridging\"/>."
3260
msgstr ""
3261
3262
#: serverguide/C/vpn.xml:35(para)
3263
msgid "To install <application>openvpn</application> in a terminal enter:"
3264
msgstr ""
3265
3266
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3267
msgid "sudo apt-get install openvpn"
3268
msgstr ""
3269
3270
#: serverguide/C/vpn.xml:45(title)
3271
msgid "Server Certificates"
3272
msgstr ""
3273
3274
#: serverguide/C/vpn.xml:47(para)
3275
msgid ""
3276
"Now that the <application>openvpn</application> package is installed, the "
3277
"certificates for the VPN server need to be created."
3278
msgstr ""
3279
3280
#: serverguide/C/vpn.xml:52(para)
3281
msgid ""
3282
"First, copy the <filename>easy-rsa</filename> directory to "
3283
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3284
"scripts will not be lost when the package is updated. You will also need to "
3285
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3286
"the current user permission to create files. From a terminal enter:"
3287
msgstr ""
3288
3289
#: serverguide/C/vpn.xml:59(command)
3290
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3291
msgstr ""
3292
3293
#: serverguide/C/vpn.xml:60(command)
3294
msgid ""
3295
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3296
"rsa/"
3297
msgstr ""
3298
3299
#: serverguide/C/vpn.xml:61(command)
3300
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3301
msgstr ""
3302
3303
#: serverguide/C/vpn.xml:64(para)
3304
msgid ""
3305
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3306
"following to your environment:"
3307
msgstr ""
3308
3309
#: serverguide/C/vpn.xml:68(programlisting)
3310
#, no-wrap
3311
msgid ""
3312
"\n"
3313
"export KEY_COUNTRY=\"US\"\n"
3314
"export KEY_PROVINCE=\"NC\"\n"
3315
"export KEY_CITY=\"Winston-Salem\"\n"
3316
"export KEY_ORG=\"Example Company\"\n"
3317
"export KEY_EMAIL=\"steve@example.com\"\n"
3318
msgstr ""
3319
3320
#: serverguide/C/vpn.xml:76(para)
3321
msgid "Enter the following to create the server certificates:"
3322
msgstr ""
3323
3324
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3325
msgid "cd /etc/openvpn/easy-rsa/"
3326
msgstr ""
3327
3328
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3329
msgid "source vars"
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:83(command)
3333
msgid "./clean-all"
3334
msgstr ""
3335
3336
#: serverguide/C/vpn.xml:84(command)
3337
msgid "./build-dh"
3338
msgstr ""
3339
3340
#: serverguide/C/vpn.xml:85(command)
3341
msgid "./pkitool --initca"
3342
msgstr ""
3343
3344
#: serverguide/C/vpn.xml:86(command)
3345
msgid "./pkitool --server server"
3346
msgstr ""
3347
3348
#: serverguide/C/vpn.xml:87(command)
3349
msgid "cd keys"
3350
msgstr ""
3351
3352
#: serverguide/C/vpn.xml:88(command)
3353
msgid "openvpn --genkey --secret ta.key"
3354
msgstr ""
3355
3356
#: serverguide/C/vpn.xml:89(command)
3357
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3358
msgstr ""
3359
3360
#: serverguide/C/vpn.xml:94(title)
3361
msgid "Client Certificates"
3362
msgstr ""
3363
3364
#: serverguide/C/vpn.xml:96(para)
3365
msgid ""
3366
"The VPN client will also need a certificate to authenticate itself to the "
3367
"server. To create the certificate, enter the following in a terminal:"
3368
msgstr ""
3369
3370
#: serverguide/C/vpn.xml:104(command)
3371
msgid "./pkitool hostname"
3372
msgstr ""
3373
3374
#: serverguide/C/vpn.xml:108(para)
3375
msgid ""
3376
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3377
"machine connecting to the VPN."
3378
msgstr ""
3379
3380
#: serverguide/C/vpn.xml:113(para)
3381
msgid "Copy the following files to the client:"
3382
msgstr ""
3383
3384
#: serverguide/C/vpn.xml:118(para)
3385
msgid "/etc/openvpn/ca.crt"
3386
msgstr ""
3387
3388
#: serverguide/C/vpn.xml:119(para)
3389
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3390
msgstr ""
3391
3392
#: serverguide/C/vpn.xml:120(para)
3393
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3394
msgstr ""
3395
3396
#: serverguide/C/vpn.xml:121(para)
3397
msgid "/etc/openvpn/ta.key"
3398
msgstr ""
3399
3400
#: serverguide/C/vpn.xml:125(para)
3401
msgid ""
3402
"Remember to adjust the above file names for your client machine's "
3403
"<emphasis>hostname</emphasis>."
3404
msgstr ""
3405
3406
#: serverguide/C/vpn.xml:130(para)
3407
msgid ""
3408
"It is best to use a secure method to copy the certificate and key files. The "
3409
"<application>scp</application> utility is a good choice, but copying the "
3410
"files to removable media then to the client, also works well."
3411
msgstr ""
3412
3413
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3414
msgid "Server Configuration"
3415
msgstr ""
3416
3417
#: serverguide/C/vpn.xml:143(para)
3418
msgid ""
3419
"Now configure the <application>openvpn</application> server by creating "
3420
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3421
"terminal enter:"
3422
msgstr ""
3423
3424
#: serverguide/C/vpn.xml:149(command)
3425
msgid ""
3426
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3427
"/etc/openvpn/"
3428
msgstr ""
3429
3430
#: serverguide/C/vpn.xml:150(command)
3431
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3432
msgstr ""
3433
3434
#: serverguide/C/vpn.xml:153(para)
3435
msgid ""
3436
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3437
"options to:"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:157(programlisting)
3441
#, no-wrap
3442
msgid ""
3443
"\n"
3444
"local 172.18.100.101\n"
3445
"dev tap0\n"
3446
"up \"/etc/openvpn/up.sh br0\"\n"
3447
"down \"/etc/openvpn/down.sh br0\"\n"
3448
";server 10.8.0.0 255.255.255.0\n"
3449
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3450
"push \"route 172.18.100.1 255.255.255.0\"\n"
3451
"push \"dhcp-option DNS 172.18.100.20\"\n"
3452
"push \"dhcp-option DOMAIN example.com\"\n"
3453
"tls-auth ta.key 0 # This file is secret\n"
3454
"user nobody\n"
3455
"group nogroup\n"
3456
msgstr ""
3457
3458
#: serverguide/C/vpn.xml:174(para)
3459
msgid ""
3460
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3461
msgstr ""
3462
3463
#: serverguide/C/vpn.xml:179(para)
3464
msgid ""
3465
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3466
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3467
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3468
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3469
"to clients."
3470
msgstr ""
3471
3472
#: serverguide/C/vpn.xml:186(para)
3473
msgid ""
3474
"<emphasis>push</emphasis>: are directives to add networking options for "
3475
"clients."
3476
msgstr ""
3477
3478
#: serverguide/C/vpn.xml:191(para)
3479
msgid ""
3480
"<emphasis>user and group</emphasis>: configure which user and group the "
3481
"<application>openvpn</application> daemon executes as."
3482
msgstr ""
3483
3484
#: serverguide/C/vpn.xml:198(para)
3485
msgid ""
3486
"Replace all IP addresses and domain names above with those of your network."
3487
msgstr ""
3488
3489
#: serverguide/C/vpn.xml:203(para)
3490
msgid ""
3491
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3492
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3493
msgstr ""
3494
3495
#: serverguide/C/vpn.xml:207(programlisting)
3496
#, no-wrap
3497
msgid ""
3498
"\n"
3499
"#!/bin/sh\n"
3500
"\n"
3501
"BR=$1\n"
3502
"DEV=$2\n"
3503
"MTU=$3\n"
3504
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3505
"/usr/sbin/brctl addif $BR $DEV\n"
3506
msgstr ""
3507
3508
#: serverguide/C/vpn.xml:217(para)
3509
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3510
msgstr ""
3511
3512
#: serverguide/C/vpn.xml:221(programlisting)
3513
#, no-wrap
3514
msgid ""
3515
"\n"
3516
"#!/bin/sh\n"
3517
"\n"
3518
"BR=$1\n"
3519
"DEV=$2\n"
3520
"\n"
3521
"/usr/sbin/brctl delif $BR $DEV\n"
3522
"/sbin/ifconfig $DEV down\n"
3523
msgstr ""
3524
3525
#: serverguide/C/vpn.xml:231(para)
3526
msgid "Then make them executable:"
3527
msgstr ""
3528
3529
#: serverguide/C/vpn.xml:236(command)
3530
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3531
msgstr ""
3532
3533
#: serverguide/C/vpn.xml:237(command)
3534
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3535
msgstr ""
3536
3537
#: serverguide/C/vpn.xml:240(para)
3538
msgid ""
3539
"After configuring the server, restart <application>openvpn</application> by "
3540
"entering:"
3541
msgstr ""
3542
3543
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3544
msgid "sudo /etc/init.d/openvpn restart"
3545
msgstr ""
3546
3547
#: serverguide/C/vpn.xml:250(title)
3548
msgid "Client Configuration"
3549
msgstr ""
3550
3551
#: serverguide/C/vpn.xml:252(para)
3552
msgid "First, install <application>openvpn</application> on the client:"
3553
msgstr ""
3554
3555
#: serverguide/C/vpn.xml:260(para)
3556
msgid ""
3557
"Then with the server configured and the client certificates copied to the "
3558
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3559
"file by copying the example. In a terminal on the client machine enter:"
3560
msgstr ""
3561
3562
#: serverguide/C/vpn.xml:266(command)
3563
msgid ""
3564
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3565
"/etc/openvpn"
3566
msgstr ""
3567
3568
#: serverguide/C/vpn.xml:269(para)
3569
msgid ""
3570
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3571
"following options:"
3572
msgstr ""
3573
3574
#: serverguide/C/vpn.xml:273(programlisting)
3575
#, no-wrap
3576
msgid ""
3577
"\n"
3578
"dev tap\n"
3579
"remote vpn.example.com 1194\n"
3580
"cert hostname.crt\n"
3581
"key hostname.key\n"
3582
"tls-auth ta.key 1\n"
3583
msgstr ""
3584
3585
#: serverguide/C/vpn.xml:282(para)
3586
msgid ""
3587
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3588
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3589
"key filenames."
3590
msgstr ""
3591
3592
#: serverguide/C/vpn.xml:288(para)
3593
msgid "Finally, restart <application>openvpn</application>:"
3594
msgstr ""
3595
3596
#: serverguide/C/vpn.xml:296(para)
3597
msgid "You should now be able to connect to the remote LAN through the VPN."
3598
msgstr ""
3599
3600
#: serverguide/C/vpn.xml:307(para)
3601
msgid ""
3602
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3603
"additional information."
3604
msgstr ""
3605
3606
#: serverguide/C/vpn.xml:312(para)
3607
msgid ""
3608
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3609
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3610
msgstr ""
3611
3612
#: serverguide/C/vpn.xml:318(para)
3613
msgid ""
3614
"Another source of further information is the <ulink "
3615
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3616
"OpenVPN</ulink> page."
3617
msgstr ""
3618
3619
#: serverguide/C/virtualization.xml:13(title)
3620
msgid "Virtualization"
3621
msgstr ""
3622
3623
#: serverguide/C/virtualization.xml:14(para)
3624
msgid ""
3625
"Virtualization is being adopted in many different environments and "
3626
"situations. If you are a developer, virtualization can provide you with a "
3627
"contained environment where you can safely do almost any sort of development "
3628
"safe from messing up your main working environment. If you are a systems "
3629
"administrator, you can use virtualization to more easily separate your "
3630
"services and move them around based on demand."
3631
msgstr ""
3632
3633
#: serverguide/C/virtualization.xml:20(para)
3634
msgid ""
3635
"The default virtualization technology supported in Ubuntu is "
3636
"<application>KVM</application>, a technology that takes advantage of "
3637
"virtualization extensions built into Intel and AMD hardware. For hardware "
3638
"without virtualization extensions <application>Xen</application> and "
3639
"<application>Qemu</application> are popular solutions."
3640
msgstr ""
3641
3642
#: serverguide/C/virtualization.xml:27(title)
3643
msgid "libvirt"
3644
msgstr ""
3645
3646
#: serverguide/C/virtualization.xml:28(para)
3647
msgid ""
3648
"The <application>libvirt</application> library is used to interface with "
3649
"different virtualization technologies. Before getting started with "
3650
"<application>libvirt</application> it is best to make sure your hardware "
3651
"supports the necessary virtualization extensions for "
3652
"<application>KVM</application>. Enter the following from a terminal prompt:"
3653
msgstr ""
3654
3655
#: serverguide/C/virtualization.xml:35(command)
3656
msgid "kvm-ok"
3657
msgstr ""
3658
3659
#: serverguide/C/virtualization.xml:37(para)
3660
msgid ""
3661
"A message will be printed informing you if your CPU "
3662
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3663
"virtualization."
3664
msgstr ""
3665
3666
#: serverguide/C/virtualization.xml:41(para)
3667
msgid ""
3668
"On most computer whose processor supports virtualization, it is necessary to "
3669
"activate an option in the BIOS to enable it."
3670
msgstr ""
3671
3672
#: serverguide/C/virtualization.xml:47(title)
3673
msgid "Virtual Networking"
3674
msgstr ""
3675
3676
#: serverguide/C/virtualization.xml:49(para)
3677
msgid ""
3678
"There are a few different ways to allow a virtual machine access to the "
3679
"external network. The default virtual network configuration is "
3680
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3681
"traffic is NATed through the host interface to the outside network."
3682
msgstr ""
3683
3684
#: serverguide/C/virtualization.xml:54(para)
3685
msgid ""
3686
"To enable external hosts to directly access services on virtual machines a "
3687
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3688
"interfaces to connect to the outside network through the physical interface, "
3689
"making them appear as normal hosts to the rest of the network. For "
3690
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3691
msgstr ""
3692
3693
#: serverguide/C/virtualization.xml:63(para)
3694
msgid "To install the necessary packages, from a terminal prompt enter:"
3695
msgstr ""
3696
3697
#: serverguide/C/virtualization.xml:67(command)
3698
msgid "sudo apt-get install kvm libvirt-bin"
3699
msgstr ""
3700
3701
#: serverguide/C/virtualization.xml:69(para)
3702
msgid ""
3703
"After installing <application>libvirt-bin</application>, the user used to "
3704
"manage virtual machines will need to be added to the "
3705
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3706
"the advanced networking options."
3707
msgstr ""
3708
3709
#: serverguide/C/virtualization.xml:73(para)
3710
msgid "In a terminal enter:"
3711
msgstr ""
3712
3713
#: serverguide/C/virtualization.xml:77(command)
3714
msgid "sudo adduser $USER libvirtd"
3715
msgstr ""
3716
3717
#: serverguide/C/virtualization.xml:80(para)
3718
msgid ""
3719
"If the user chosen is the current user, you will need to log out and back in "
3720
"for the new group membership to take effect."
3721
msgstr ""
3722
3723
#: serverguide/C/virtualization.xml:84(para)
3724
msgid ""
3725
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3726
"Installing a virtual machine follows the same process as installing the "
3727
"operating system directly on the hardware. You either need a way to automate "
3728
"the installation, or a keyboard and monitor will need to be attached to the "
3729
"physical machine."
3730
msgstr ""
3731
3732
#: serverguide/C/virtualization.xml:89(para)
3733
msgid ""
3734
"In the case of virtual machines a Graphical User Interface (GUI) is "
3735
"analogous to using a physical keyboard and mouse. Instead of installing a "
3736
"GUI the <application>virt-viewer</application> application can be used to "
3737
"connect to a virtual machine's console using <application>VNC</application>. "
3738
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3739
msgstr ""
3740
3741
#: serverguide/C/virtualization.xml:94(para)
3742
msgid ""
3743
"There are several ways to automate the Ubuntu installation process, for "
3744
"example using preseeds, kickstart, etc. Refer to the <ulink "
3745
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3746
"Installation Guide</ulink> for details."
3747
msgstr ""
3748
3749
#: serverguide/C/virtualization.xml:98(para)
3750
msgid ""
3751
"Yet another way to install an Ubuntu virtual machine is to use "
3752
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3753
"builder</application> allows you to setup advanced partitions, execute "
3754
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3755
"vmbuilder\"/>"
3756
msgstr ""
3757
3758
#: serverguide/C/virtualization.xml:104(title)
3759
msgid "virt-install"
3760
msgstr ""
3761
3762
#: serverguide/C/virtualization.xml:105(para)
3763
msgid ""
3764
"<application>virt-install</application> is part of the <application>python-"
3765
"virtinst</application> package. To install it, from a terminal prompt enter:"
3766
msgstr ""
3767
3768
#: serverguide/C/virtualization.xml:109(command)
3769
msgid "sudo apt-get install python-virtinst"
3770
msgstr ""
3771
3772
#: serverguide/C/virtualization.xml:111(para)
3773
msgid ""
3774
"There are several options available when using <application>virt-"
3775
"install</application>. For example:"
3776
msgstr ""
3777
3778
#: serverguide/C/virtualization.xml:115(command)
3779
msgid ""
3780
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3781
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3782
msgstr ""
3783
3784
#: serverguide/C/virtualization.xml:122(para)
3785
msgid ""
3786
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3787
"be <emphasis>web_devel</emphasis> in this example."
3788
msgstr ""
3789
3790
#: serverguide/C/virtualization.xml:127(para)
3791
msgid ""
3792
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3793
"machine will use."
3794
msgstr ""
3795
3796
#: serverguide/C/virtualization.xml:132(para)
3797
msgid ""
3798
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3799
"disk which can be a file, partition, or logical volume. In this example a "
3800
"file named <filename>web_devel.img</filename>."
3801
msgstr ""
3802
3803
#: serverguide/C/virtualization.xml:138(para)
3804
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3805
msgstr ""
3806
3807
#: serverguide/C/virtualization.xml:143(para)
3808
msgid ""
3809
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3810
"file can be either an ISO file or the path to the host's CDROM device."
3811
msgstr ""
3812
3813
#: serverguide/C/virtualization.xml:149(para)
3814
msgid ""
3815
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3816
"technologies."
3817
msgstr ""
3818
3819
#: serverguide/C/virtualization.xml:154(para)
3820
msgid ""
3821
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3822
msgstr ""
3823
3824
#: serverguide/C/virtualization.xml:159(para)
3825
msgid ""
3826
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3827
"virtual machine's console."
3828
msgstr ""
3829
3830
#: serverguide/C/virtualization.xml:164(para)
3831
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3832
msgstr ""
3833
3834
#: serverguide/C/virtualization.xml:169(para)
3835
msgid ""
3836
"After launching <application>virt-install</application> you can connect to "
3837
"the virtual machine's console either locally using a GUI or with the "
3838
"<application>virt-viewer</application> utility."
3839
msgstr ""
3840
3841
#: serverguide/C/virtualization.xml:175(title)
3842
msgid "virt-clone"
3843
msgstr ""
3844
3845
#: serverguide/C/virtualization.xml:176(para)
3846
msgid ""
3847
"The <application>virt-clone</application> application can be used to copy "
3848
"one virtual machine to another. For example:"
3849
msgstr ""
3850
3851
#: serverguide/C/virtualization.xml:180(command)
3852
msgid ""
3853
"sudo virt-clone -o web_devel -n database_devel -f "
3854
"/path/to/database_devel.img --connect=qemu:///system"
3855
msgstr ""
3856
3857
#: serverguide/C/virtualization.xml:184(para)
3858
msgid "<emphasis>-o:</emphasis> original virtual machine."
3859
msgstr ""
3860
3861
#: serverguide/C/virtualization.xml:189(para)
3862
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3863
msgstr ""
3864
3865
#: serverguide/C/virtualization.xml:194(para)
3866
msgid ""
3867
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3868
"be used by the new virtual machine."
3869
msgstr ""
3870
3871
#: serverguide/C/virtualization.xml:199(para)
3872
msgid ""
3873
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3874
msgstr ""
3875
3876
#: serverguide/C/virtualization.xml:204(para)
3877
msgid ""
3878
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3879
"help troubleshoot problems with <application>virt-clone</application>."
3880
msgstr ""
3881
3882
#: serverguide/C/virtualization.xml:209(para)
3883
msgid ""
3884
"Replace <emphasis>web_devel</emphasis> and "
3885
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3886
msgstr ""
3887
3888
#: serverguide/C/virtualization.xml:215(title)
3889
msgid "Virtual Machine Management"
3890
msgstr ""
3891
3892
#: serverguide/C/virtualization.xml:217(title)
3893
msgid "virsh"
3894
msgstr ""
3895
3896
#: serverguide/C/virtualization.xml:218(para)
3897
msgid ""
3898
"There are several utilities available to manage virtual machines and "
3899
"<application>libvirt</application>. The <application>virsh</application> "
3900
"utility can be used from the command line. Some examples:"
3901
msgstr ""
3902
3903
#: serverguide/C/virtualization.xml:224(para)
3904
msgid "To list running virtual machines:"
3905
msgstr ""
3906
3907
#: serverguide/C/virtualization.xml:228(command)
3908
msgid "virsh -c qemu:///system list"
3909
msgstr ""
3910
3911
#: serverguide/C/virtualization.xml:232(para)
3912
msgid "To start a virtual machine:"
3913
msgstr ""
3914
3915
#: serverguide/C/virtualization.xml:236(command)
3916
msgid "virsh -c qemu:///system start web_devel"
3917
msgstr ""
3918
3919
#: serverguide/C/virtualization.xml:240(para)
3920
msgid "Similarly, to start a virtual machine at boot:"
3921
msgstr ""
3922
3923
#: serverguide/C/virtualization.xml:244(command)
3924
msgid "virsh -c qemu:///system autostart web_devel"
3925
msgstr ""
3926
3927
#: serverguide/C/virtualization.xml:248(para)
3928
msgid "Reboot a virtual machine with:"
3929
msgstr ""
3930
3931
#: serverguide/C/virtualization.xml:252(command)
3932
msgid "virsh -c qemu:///system reboot web_devel"
3933
msgstr ""
3934
3935
#: serverguide/C/virtualization.xml:256(para)
3936
msgid ""
3937
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3938
"order to be restored later. The following will save the virtual machine "
3939
"state into a file named according to the date:"
3940
msgstr ""
3941
3942
#: serverguide/C/virtualization.xml:261(command)
3943
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3944
msgstr ""
3945
3946
#: serverguide/C/virtualization.xml:263(para)
3947
msgid "Once saved the virtual machine will no longer be running."
3948
msgstr ""
3949
3950
#: serverguide/C/virtualization.xml:268(para)
3951
msgid "A saved virtual machine can be restored using:"
3952
msgstr ""
3953
3954
#: serverguide/C/virtualization.xml:272(command)
3955
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3956
msgstr ""
3957
3958
#: serverguide/C/virtualization.xml:276(para)
3959
msgid "To shutdown a virtual machine do:"
3960
msgstr ""
3961
3962
#: serverguide/C/virtualization.xml:280(command)
3963
msgid "virsh -c qemu:///system shutdown web_devel"
3964
msgstr ""
3965
3966
#: serverguide/C/virtualization.xml:284(para)
3967
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3968
msgstr ""
3969
3970
#: serverguide/C/virtualization.xml:288(command)
3971
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3972
msgstr ""
3973
3974
#: serverguide/C/virtualization.xml:293(para)
3975
msgid ""
3976
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3977
"appropriate virtual machine name, and <filename>web_devel-"
3978
"022708.state</filename> with a descriptive file name."
3979
msgstr ""
3980
3981
#: serverguide/C/virtualization.xml:300(title)
3982
msgid "Virtual Machine Manager"
3983
msgstr ""
3984
3985
#: serverguide/C/virtualization.xml:301(para)
3986
msgid ""
3987
"The <application>virt-manager</application> package contains a graphical "
3988
"utility to manage local and remote virtual machines. To install virt-manager "
3989
"enter:"
3990
msgstr ""
3991
3992
#: serverguide/C/virtualization.xml:306(command)
3993
msgid "sudo apt-get install virt-manager"
3994
msgstr ""
3995
3996
#: serverguide/C/virtualization.xml:308(para)
3997
msgid ""
3998
"Since <application>virt-manager</application> requires a Graphical User "
3999
"Interface (GUI) environment it is recommended to be installed on a "
4000
"workstation or test machine instead of a production server. To connect to "
4001
"the local <application>libvirt</application> service enter:"
4002
msgstr ""
4003
4004
#: serverguide/C/virtualization.xml:314(command)
4005
msgid "virt-manager -c qemu:///system"
4006
msgstr ""
4007
4008
#: serverguide/C/virtualization.xml:316(para)
4009
msgid ""
4010
"You can connect to the <application>libvirt</application> service running on "
4011
"another host by entering the following in a terminal prompt:"
4012
msgstr ""
4013
4014
#: serverguide/C/virtualization.xml:320(command)
4015
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4016
msgstr ""
4017
4018
#: serverguide/C/virtualization.xml:323(para)
4019
msgid ""
4020
"The above example assumes that <application>SSH</application> connectivity "
4021
"between the management system and virtnode1.mydomain.com has already been "
4022
"configured, and uses SSH keys for authentication. SSH "
4023
"<emphasis>keys</emphasis> are needed because "
4024
"<application>libvirt</application> sends the password prompt to another "
4025
"process. For details on configuring <application>SSH</application> see <xref "
4026
"linkend=\"openssh-server\"/>"
4027
msgstr ""
4028
4029
#: serverguide/C/virtualization.xml:333(title)
4030
msgid "Virtual Machine Viewer"
4031
msgstr ""
4032
4033
#: serverguide/C/virtualization.xml:334(para)
4034
msgid ""
4035
"The <application>virt-viewer</application> application allows you to connect "
4036
"to a virtual machine's console. <application>virt-viewer</application> does "
4037
"require a Graphical User Interface (GUI) to interface with the virtual "
4038
"machine."
4039
msgstr ""
4040
4041
#: serverguide/C/virtualization.xml:338(para)
4042
msgid ""
4043
"To install <application>virt-viewer</application> from a terminal enter:"
4044
msgstr ""
4045
4046
#: serverguide/C/virtualization.xml:342(command)
4047
msgid "sudo apt-get install virt-viewer"
4048
msgstr ""
4049
4050
#: serverguide/C/virtualization.xml:344(para)
4051
msgid ""
4052
"Once a virtual machine is installed and running you can connect to the "
4053
"virtual machine's console by using:"
4054
msgstr ""
4055
4056
#: serverguide/C/virtualization.xml:348(command)
4057
msgid "virt-viewer -c qemu:///system web_devel"
4058
msgstr ""
4059
4060
#: serverguide/C/virtualization.xml:350(para)
4061
msgid ""
4062
"Similar to <application>virt-manager</application>, <application>virt-"
4063
"viewer</application> can connect to a remote host using "
4064
"<emphasis>SSH</emphasis> with key authentication, as well:"
4065
msgstr ""
4066
4067
#: serverguide/C/virtualization.xml:355(command)
4068
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4069
msgstr ""
4070
4071
#: serverguide/C/virtualization.xml:357(para)
4072
msgid ""
4073
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4074
"appropriate virtual machine name."
4075
msgstr ""
4076
4077
#: serverguide/C/virtualization.xml:360(para)
4078
msgid ""
4079
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4080
"can also setup <application>SSH</application> access to the virtual machine. "
4081
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4082
"more details."
4083
msgstr ""
4084
4085
#: serverguide/C/virtualization.xml:369(para)
4086
msgid ""
4087
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4088
"for more details."
4089
msgstr ""
4090
4091
#: serverguide/C/virtualization.xml:374(para)
4092
msgid ""
4093
"For more information on <application>libvirt</application> see the <ulink "
4094
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4095
msgstr ""
4096
4097
#: serverguide/C/virtualization.xml:379(para)
4098
msgid ""
4099
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4100
"Manager</ulink> site has more information on <application>virt-"
4101
"manager</application> development."
4102
msgstr ""
4103
4104
#: serverguide/C/virtualization.xml:385(para)
4105
msgid ""
4106
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4107
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4108
"technology in Ubuntu."
4109
msgstr ""
4110
4111
#: serverguide/C/virtualization.xml:391(para)
4112
msgid ""
4113
"Another good resource is the <ulink "
4114
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4115
msgstr ""
4116
4117
#: serverguide/C/virtualization.xml:399(title)
4118
msgid "JeOS and vmbuilder"
4119
msgstr ""
4120
4121
#: serverguide/C/virtualization.xml:405(title)
4122
msgid "What is JeOS"
4123
msgstr ""
4124
4125
#: serverguide/C/virtualization.xml:407(para)
4126
msgid ""
4127
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4128
"variant of the Ubuntu Server operating system, configured specifically for "
4129
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4130
"only as an option either:"
4131
msgstr ""
4132
4133
#: serverguide/C/virtualization.xml:414(para)
4134
msgid ""
4135
"While installing from the Server Edition ISO (pressing "
4136
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4137
"installation\", which is the package selection equivalent to JeOS)."
4138
msgstr ""
4139
4140
#: serverguide/C/virtualization.xml:420(para)
4141
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4142
msgstr ""
4143
4144
#: serverguide/C/virtualization.xml:426(para)
4145
msgid ""
4146
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4147
"kernel that only contains the base elements needed to run within a "
4148
"virtualized environment."
4149
msgstr ""
4150
4151
#: serverguide/C/virtualization.xml:431(para)
4152
msgid ""
4153
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4154
"in the latest virtualization products from VMware. This combination of "
4155
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4156
"delivers a highly efficient use of server resources in large virtual "
4157
"deployments."
4158
msgstr ""
4159
4160
#: serverguide/C/virtualization.xml:437(para)
4161
msgid ""
4162
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4163
"can configure their supporting OS exactly as they require. They have the "
4164
"peace of mind that updates, whether for security or enhancement reasons, "
4165
"will be limited to the bare minimum of what is required in their specific "
4166
"environment. In turn, users deploying virtual appliances built on top of "
4167
"JeOS will have to go through fewer updates and therefore less maintenance "
4168
"than they would have had to with a standard full installation of a server."
4169
msgstr ""
4170
4171
#: serverguide/C/virtualization.xml:446(title)
4172
msgid "What is vmbuilder"
4173
msgstr ""
4174
4175
#: serverguide/C/virtualization.xml:448(para)
4176
msgid ""
4177
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4178
"will fetch the various package and build a virtual machine tailored for your "
4179
"needs in about a minute. vmbuilder is a script that automates the process of "
4180
"creating a ready to use Linux based VM. The currently supported hypervisors "
4181
"are KVM and Xen."
4182
msgstr ""
4183
4184
#: serverguide/C/virtualization.xml:454(para)
4185
msgid ""
4186
"You can pass command line options to add extra packages, remove packages, "
4187
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4188
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4189
"a local mirror, you can bootstrap a VM in less than a minute."
4190
msgstr ""
4191
4192
#: serverguide/C/virtualization.xml:460(para)
4193
msgid ""
4194
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4195
"vm-builder</application> started with little emphasis as a hack to help "
4196
"developers test their new code in a virtual machine without having to "
4197
"restart from scratch each time. As a few Ubuntu administrators started to "
4198
"notice this script, a few of them went on improving it and adapting it for "
4199
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4200
"virtualization specialist, not the golf player) decided to rewrite it from "
4201
"scratch for Intrepid as a python script with a few new design goals:"
4202
msgstr ""
4203
4204
#: serverguide/C/virtualization.xml:470(para)
4205
msgid "Develop it so that it can be reused by other distributions."
4206
msgstr ""
4207
4208
#: serverguide/C/virtualization.xml:475(para)
4209
msgid ""
4210
"Use a plugin mechanisms for all virtualization interactions so that others "
4211
"can easily add logic for other virtualization environments."
4212
msgstr ""
4213
4214
#: serverguide/C/virtualization.xml:480(para)
4215
msgid ""
4216
"Provide an easy to maintain web interface as an option to the command line "
4217
"interface."
4218
msgstr ""
4219
4220
#: serverguide/C/virtualization.xml:486(para)
4221
msgid "But the general principles and commands remain the same."
4222
msgstr ""
4223
4224
#: serverguide/C/virtualization.xml:493(title)
4225
msgid "Initial Setup"
4226
msgstr ""
4227
4228
#: serverguide/C/virtualization.xml:495(para)
4229
msgid ""
4230
"It is assumed that you have installed and configured "
4231
"<application>libvirt</application> and <application>KVM</application> "
4232
"locally on the machine you are using. For details on how to perform this, "
4233
"please refer to:"
4234
msgstr ""
4235
4236
#: serverguide/C/virtualization.xml:507(para)
4237
msgid ""
4238
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4239
"page."
4240
msgstr ""
4241
4242
#: serverguide/C/virtualization.xml:513(para)
4243
msgid ""
4244
"We also assume that you know how to use a text based text editor such as "
4245
"nano or vi. If you have not used any of them before, you can get an overview "
4246
"of the various text editors available by reading the <ulink "
4247
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4248
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4249
"principle should remain on other virtualization technologies."
4250
msgstr ""
4251
4252
#: serverguide/C/virtualization.xml:521(title)
4253
msgid "Install vmbuilder"
4254
msgstr ""
4255
4256
#: serverguide/C/virtualization.xml:523(para)
4257
msgid ""
4258
"The name of the package that we need to install is <application>python-vm-"
4259
"builder</application>. In a terminal prompt enter:"
4260
msgstr ""
4261
4262
#: serverguide/C/virtualization.xml:528(command)
4263
msgid "sudo apt-get install python-vm-builder"
4264
msgstr ""
4265
4266
#: serverguide/C/virtualization.xml:532(para)
4267
msgid ""
4268
"If you are running Hardy, you can still perform most of this using the older "
4269
"version of the package named <application>ubuntu-vm-builder</application>, "
4270
"there are only a few changes to the syntax of the tool."
4271
msgstr ""
4272
4273
#: serverguide/C/virtualization.xml:541(title)
4274
msgid "Defining Your Virtual Machine"
4275
msgstr ""
4276
4277
#: serverguide/C/virtualization.xml:543(para)
4278
msgid ""
4279
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4280
"are a few thing to consider:"
4281
msgstr ""
4282
4283
#: serverguide/C/virtualization.xml:549(para)
4284
msgid ""
4285
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4286
"will know how to extend disk size to fit their need, so either plan for a "
4287
"large virtual disk to allow for your appliance to grow, or explain fairly "
4288
"well in your documentation how to allocate more space. It might actually be "
4289
"a good idea to store data on some separate external storage."
4290
msgstr ""
4291
4292
#: serverguide/C/virtualization.xml:556(para)
4293
msgid ""
4294
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4295
"whatever you think is a safe minimum for your appliance."
4296
msgstr ""
4297
4298
#: serverguide/C/virtualization.xml:562(para)
4299
msgid ""
4300
"The <application>vmbuilder</application> command has 2 main parameters: the "
4301
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4302
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4303
"and can be found using the following command:"
4304
msgstr ""
4305
4306
#: serverguide/C/virtualization.xml:568(command)
4307
msgid "vmbuilder --help"
4308
msgstr ""
4309
4310
#: serverguide/C/virtualization.xml:572(title)
4311
msgid "Base Parameters"
4312
msgstr ""
4313
4314
#: serverguide/C/virtualization.xml:574(para)
4315
msgid ""
4316
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4317
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4318
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4319
msgstr ""
4320
4321
#: serverguide/C/virtualization.xml:580(command)
4322
msgid ""
4323
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4324
"-libvirt qemu:///system"
4325
msgstr ""
4326
4327
#: serverguide/C/virtualization.xml:583(para)
4328
msgid ""
4329
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4330
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4331
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4332
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4333
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4334
"libvirt</emphasis> tells to inform the local virtualization environment to "
4335
"add the resulting VM to the list of available machines."
4336
msgstr ""
4337
4338
#: serverguide/C/virtualization.xml:591(para)
4339
msgid "Notes:"
4340
msgstr ""
4341
4342
#: serverguide/C/virtualization.xml:597(para)
4343
msgid ""
4344
"Because of the nature of operations performed by vmbuilder, it needs to have "
4345
"root privilege, hence the use of sudo."
4346
msgstr ""
4347
4348
#: serverguide/C/virtualization.xml:602(para)
4349
msgid ""
4350
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4351
"a 64 bit machine (--arch amd64)."
4352
msgstr ""
4353
4354
#: serverguide/C/virtualization.xml:607(para)
4355
msgid ""
4356
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4357
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4358
"use <emphasis>--flavour</emphasis> server instead."
4359
msgstr ""
4360
4361
#: serverguide/C/virtualization.xml:615(title)
4362
msgid "JeOS Installation Parameters"
4363
msgstr ""
4364
4365
#: serverguide/C/virtualization.xml:618(title)
4366
msgid "JeOS Networking"
4367
msgstr ""
4368
4369
#: serverguide/C/virtualization.xml:621(title)
4370
msgid "Assigning a fixed IP address"
4371
msgstr ""
4372
4373
#: serverguide/C/virtualization.xml:623(para)
4374
msgid ""
4375
"As a virtual appliance that may be deployed on various very different "
4376
"networks, it is very difficult to know what the actual network will look "
4377
"like. In order to simplify configuration, it is a good idea to take an "
4378
"approach similar to what network hardware vendors usually do, namely "
4379
"assigning an initial fixed IP address to the appliance in a private class "
4380
"network that you will provide in your documentation. An address in the range "
4381
"192.168.0.0/255 is usually a good choice."
4382
msgstr ""
4383
4384
#: serverguide/C/virtualization.xml:630(para)
4385
msgid "To do this we'll use the following parameters:"
4386
msgstr ""
4387
4388
#: serverguide/C/virtualization.xml:636(para)
4389
msgid ""
4390
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4391
"dhcp if not specified)"
4392
msgstr ""
4393
4394
#: serverguide/C/virtualization.xml:641(para)
4395
msgid ""
4396
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4397
"255.255.255.0)"
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:646(para)
4401
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4402
msgstr ""
4403
4404
#: serverguide/C/virtualization.xml:651(para)
4405
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4406
msgstr ""
4407
4408
#: serverguide/C/virtualization.xml:656(para)
4409
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4410
msgstr ""
4411
4412
#: serverguide/C/virtualization.xml:661(para)
4413
msgid ""
4414
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4415
msgstr ""
4416
4417
#: serverguide/C/virtualization.xml:667(para)
4418
msgid ""
4419
"We assume for now that default values are good enough, so the resulting "
4420
"invocation becomes:"
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:672(command)
4424
msgid ""
4425
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4426
"-libvirt qemu:///system --ip 192.168.0.100"
4427
msgstr ""
4428
4429
#: serverguide/C/virtualization.xml:677(title)
4430
msgid "Modifying the libvirt Template to use Bridging"
4431
msgstr ""
4432
4433
#: serverguide/C/virtualization.xml:679(para)
4434
msgid ""
4435
"Because our appliance will be likely to need to be accessed by remote hosts, "
4436
"we need to configure libvirt so that the appliance uses bridge networking. "
4437
"To do this we use vmbuilder template mechanism to modify the default one."
4438
msgstr ""
4439
4440
#: serverguide/C/virtualization.xml:684(para)
4441
msgid ""
4442
"In our working directory we create the template hierarchy and copy the "
4443
"default template:"
4444
msgstr ""
4445
4446
#: serverguide/C/virtualization.xml:689(command)
4447
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4448
msgstr ""
4449
4450
#: serverguide/C/virtualization.xml:690(command)
4451
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4452
msgstr ""
4453
4454
#: serverguide/C/virtualization.xml:693(para)
4455
msgid ""
4456
"We can then edit "
4457
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4458
"change:"
4459
msgstr ""
4460
4461
#: serverguide/C/virtualization.xml:697(programlisting)
4462
#, no-wrap
4463
msgid ""
4464
"\n"
4465
" <interface type='network'>\n"
4466
" <source network='default'/>\n"
4467
" </interface>\n"
4468
msgstr ""
4469
4470
#: serverguide/C/virtualization.xml:703(para)
4471
msgid "To:"
4472
msgstr ""
4473
4474
#: serverguide/C/virtualization.xml:707(programlisting)
4475
#, no-wrap
4476
msgid ""
4477
"\n"
4478
" <interface type='bridge'>\n"
4479
" <source bridge='br0'/>\n"
4480
" </interface>\n"
4481
msgstr ""
4482
4483
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4484
msgid "Partitioning"
4485
msgstr ""
4486
4487
#: serverguide/C/virtualization.xml:719(para)
4488
msgid ""
4489
"Partitioning of the virtual appliance will have to take into consideration "
4490
"what you are planning to do with is. Because most appliances want to have a "
4491
"separate storage for data, having a separate <filename>/var</filename> would "
4492
"make sense."
4493
msgstr ""
4494
4495
#: serverguide/C/virtualization.xml:724(para)
4496
msgid ""
4497
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4498
msgstr ""
4499
4500
#: serverguide/C/virtualization.xml:728(programlisting)
4501
#, no-wrap
4502
msgid ""
4503
"\n"
4504
"--part PATH\n"
4505
" Allows you to specify a partition table in a partition file, located at "
4506
"PATH. Each line of the partition file should specify\n"
4507
" (root first):\n"
4508
" mountpoint size\n"
4509
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4510
"disk starts on a\n"
4511
" line with ’---’. ie :\n"
4512
" root 1000\n"
4513
" /opt 1000\n"
4514
" swap 256\n"
4515
" ---\n"
4516
" /var 2000\n"
4517
" /log 1500\n"
4518
msgstr ""
4519
4520
#: serverguide/C/virtualization.xml:743(para)
4521
msgid ""
4522
"In our case we will define a text file name "
4523
"<filename>vmbuilder.partition</filename> which will contain the following:"
4524
msgstr ""
4525
4526
#: serverguide/C/virtualization.xml:747(programlisting)
4527
#, no-wrap
4528
msgid ""
4529
"\n"
4530
"root 8000\n"
4531
"swap 4000\n"
4532
"---\n"
4533
"/var 20000\n"
4534
msgstr ""
4535
4536
#: serverguide/C/virtualization.xml:755(para)
4537
msgid ""
4538
"Note that as we are using virtual disk images, the actual sizes that we put "
4539
"here are maximum sizes for these volumes."
4540
msgstr ""
4541
4542
#: serverguide/C/virtualization.xml:760(para)
4543
msgid "Our command line now looks like:"
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:765(command)
4547
msgid ""
4548
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4549
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:770(para)
4553
msgid ""
4554
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4555
"next line."
4556
msgstr ""
4557
4558
#: serverguide/C/virtualization.xml:777(title)
4559
msgid "User and Password"
4560
msgstr ""
4561
4562
#: serverguide/C/virtualization.xml:779(para)
4563
msgid ""
4564
"Again setting up a virtual appliance, you will need to provide a default "
4565
"user and password that is generic so that you can include it in your "
4566
"documentation. We will see later on in this tutorial how we will provide "
4567
"some security by defining a script that will be run the first time a user "
4568
"actually logs in the appliance, that will, among other things, ask him to "
4569
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4570
"as my user name, and <emphasis>'default'</emphasis> as the password."
4571
msgstr ""
4572
4573
#: serverguide/C/virtualization.xml:787(para)
4574
msgid "To do this we use the following optional parameters:"
4575
msgstr ""
4576
4577
#: serverguide/C/virtualization.xml:793(para)
4578
msgid ""
4579
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4580
"Default: ubuntu."
4581
msgstr ""
4582
4583
#: serverguide/C/virtualization.xml:798(para)
4584
msgid ""
4585
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4586
"added. Default: Ubuntu."
4587
msgstr ""
4588
4589
#: serverguide/C/virtualization.xml:803(para)
4590
msgid ""
4591
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4592
"Default: ubuntu."
4593
msgstr ""
4594
4595
#: serverguide/C/virtualization.xml:809(para)
4596
msgid "Our resulting command line becomes:"
4597
msgstr ""
4598
4599
#: serverguide/C/virtualization.xml:814(command)
4600
msgid ""
4601
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4602
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4603
"-user user --name user --pass default"
4604
msgstr ""
4605
4606
#: serverguide/C/virtualization.xml:822(title)
4607
msgid "Installing Required Packages"
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:824(para)
4611
msgid ""
4612
"In this example we will be installing a package "
4613
"<application>(Limesurvey)</application> that accesses a "
4614
"<application>MySQL</application> database and has a web interface. We will "
4615
"therefore require our OS to provide us with:"
4616
msgstr ""
4617
4618
#: serverguide/C/virtualization.xml:831(para)
4619
msgid "Apache"
4620
msgstr ""
4621
4622
#: serverguide/C/virtualization.xml:832(para)
4623
msgid "PHP"
4624
msgstr ""
4625
4626
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4627
msgid "MySQL"
4628
msgstr ""
4629
4630
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4631
msgid "OpenSSH Server"
4632
msgstr ""
4633
4634
#: serverguide/C/virtualization.xml:835(para)
4635
msgid "Limesurvey (as an example application that we have packaged)"
4636
msgstr ""
4637
4638
#: serverguide/C/virtualization.xml:838(para)
4639
msgid ""
4640
"This is done using vmbuilder by specifying the --addpkg option multiple "
4641
"times:"
4642
msgstr ""
4643
4644
#: serverguide/C/virtualization.xml:842(programlisting)
4645
#, no-wrap
4646
msgid ""
4647
"\n"
4648
"--addpkg PKG\n"
4649
" Install PKG into the guest (can be specfied multiple times)\n"
4650
msgstr ""
4651
4652
#: serverguide/C/virtualization.xml:847(para)
4653
msgid ""
4654
"However, due to the way vmbuilder operates, packages that have to ask "
4655
"questions to the user during the post install phase are not supported and "
4656
"should instead be installed while interactivity can occur. This is the case "
4657
"of Limesurvey, which we will have to install later, once the user logs in."
4658
msgstr ""
4659
4660
#: serverguide/C/virtualization.xml:853(para)
4661
msgid ""
4662
"Other packages that ask simple debconf question, such as <application>mysql-"
4663
"server</application> asking to set a password, the package can be installed "
4664
"immediately, but we will have to reconfigure it the first time the user logs "
4665
"in."
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:859(para)
4669
msgid ""
4670
"If some packages that we need to install are not in main, we need to enable "
4671
"the additional repositories using --comp and --ppa:"
4672
msgstr ""
4673
4674
#: serverguide/C/virtualization.xml:863(programlisting)
4675
#, no-wrap
4676
msgid ""
4677
"\n"
4678
"--components COMP1,COMP2,...,COMPN\n"
4679
" A comma separated list of distro components to include (e.g. "
4680
"main,universe). This defaults\n"
4681
" to \"main\"\n"
4682
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4683
msgstr ""
4684
4685
#: serverguide/C/virtualization.xml:870(para)
4686
msgid ""
4687
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4688
"PPA (personal package archive) address so that it is added to the VM "
4689
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4690
"to the command line:"
4691
msgstr ""
4692
4693
#: serverguide/C/virtualization.xml:876(command)
4694
msgid ""
4695
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4696
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4697
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4698
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4699
"server --ppa nijaba"
4700
msgstr ""
4701
4702
#: serverguide/C/virtualization.xml:883(title)
4703
msgid "OpenSSH"
4704
msgstr ""
4705
4706
#: serverguide/C/virtualization.xml:885(para)
4707
msgid ""
4708
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4709
"it will allow our admins to access the appliance remotely. However, pushing "
4710
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4711
"security risk as all these server will share the same secret key, making it "
4712
"very easy for hackers to target our appliance with all the tools they need "
4713
"to crack it open in a breeze. As for the user password, we will instead rely "
4714
"on a script that will install OpenSSH the first time a user logs in so that "
4715
"the key generated will be different for each appliance. For this we'll use a "
4716
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4717
"interaction."
4718
msgstr ""
4719
4720
#: serverguide/C/virtualization.xml:897(title)
4721
msgid "Speed Considerations"
4722
msgstr ""
4723
4724
#: serverguide/C/virtualization.xml:900(title)
4725
msgid "Package Caching"
4726
msgstr ""
4727
4728
#: serverguide/C/virtualization.xml:902(para)
4729
msgid ""
4730
"When vmbuilder creates builds your system, it has to go fetch each one of "
4731
"the packages that composes it over the network to one of the official "
4732
"repositories, which, depending on your internet connection speed and the "
4733
"load of the mirror, can have a big impact on the actual build time. In order "
4734
"to reduce this, it is recommended to either have a local repository (which "
4735
"can be created using <application>apt-mirror</application>) or using a "
4736
"caching proxy such as <application>apt-proxy</application>. The later option "
4737
"being much simpler to implement and requiring less disk space, it is the one "
4738
"we will pick in this tutorial. To install it, simply type:"
4739
msgstr ""
4740
4741
#: serverguide/C/virtualization.xml:912(command)
4742
msgid "sudo apt-get install apt-proxy"
4743
msgstr ""
4744
4745
#: serverguide/C/virtualization.xml:915(para)
4746
msgid ""
4747
"Once this is complete, your (empty) proxy is ready for use on "
4748
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4749
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4750
"option:"
4751
msgstr ""
4752
4753
#: serverguide/C/virtualization.xml:920(programlisting)
4754
#, no-wrap
4755
msgid ""
4756
"\n"
4757
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4758
" is http://archive.ubuntu.com/ubuntu for official\n"
4759
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4760
" otherwise\n"
4761
msgstr ""
4762
4763
#: serverguide/C/virtualization.xml:927(para)
4764
msgid "So we add to the command line:"
4765
msgstr ""
4766
4767
#: serverguide/C/virtualization.xml:932(command)
4768
msgid "--mirror http://mirroraddress:9999/ubuntu"
4769
msgstr ""
4770
4771
#: serverguide/C/virtualization.xml:936(para)
4772
msgid ""
4773
"The mirror address specified here will also be used in the "
4774
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4775
"is useful to specify here an address that can be resolved by the guest or to "
4776
"plan on reseting this address later on, such as in a <emphasis>--"
4777
"firstboot</emphasis> script."
4778
msgstr ""
4779
4780
#: serverguide/C/virtualization.xml:945(title)
4781
msgid "Install a Local Mirror"
4782
msgstr ""
4783
4784
#: serverguide/C/virtualization.xml:947(para)
4785
msgid ""
4786
"If we are in a larger environment, it may make sense to setup a local mirror "
4787
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4788
"script that will handle the mirroring for you. You should plan on having "
4789
"about 20 gigabyte of free space per supported release and architecture."
4790
msgstr ""
4791
4792
#: serverguide/C/virtualization.xml:953(para)
4793
msgid ""
4794
"By default, <application>apt-mirror</application> uses the configuration "
4795
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4796
"replicate only the architecture of the local machine. If you would like to "
4797
"support other architectures on your mirror, simply duplicate the lines "
4798
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4799
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4800
"archives as well, you will have:"
4801
msgstr ""
4802
4803
#: serverguide/C/virtualization.xml:960(programlisting)
4804
#, no-wrap
4805
msgid ""
4806
"\n"
4807
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4808
"multiverse \n"
4809
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4810
"universe multiverse\n"
4811
"\n"
4812
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4813
"universe multiverse \n"
4814
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4815
"universe multiverse \n"
4816
"\n"
4817
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4818
"universe multiverse \n"
4819
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4820
"restricted universe multiverse \n"
4821
"\n"
4822
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4823
"universe multiverse \n"
4824
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4825
"restricted universe multiverse \n"
4826
"\n"
4827
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4828
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4829
"installer \n"
4830
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4831
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4832
"installer \n"
4833
msgstr ""
4834
4835
#: serverguide/C/virtualization.xml:977(para)
4836
msgid ""
4837
"Notice that the source packages are not mirrored as they are seldom used "
4838
"compared to the binaries and they do take a lot more space, but they can be "
4839
"easily added to the list."
4840
msgstr ""
4841
4842
#: serverguide/C/virtualization.xml:982(para)
4843
msgid ""
4844
"Once the mirror has finished replicating (and this can be quite long), you "
4845
"need to configure Apache so that your mirror files (in "
4846
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4847
"default), are published by your Apache server. For more information on "
4848
"Apache see <xref linkend=\"httpd\"/>."
4849
msgstr ""
4850
4851
#: serverguide/C/virtualization.xml:991(title)
4852
msgid "Installing in a RAM Disk"
4853
msgstr ""
4854
4855
#: serverguide/C/virtualization.xml:993(para)
4856
msgid ""
4857
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4858
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4859
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4860
"-tmpfs</emphasis> will help you do just that:"
4861
msgstr ""
4862
4863
#: serverguide/C/virtualization.xml:999(programlisting)
4864
#, no-wrap
4865
msgid ""
4866
"\n"
4867
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4868
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4869
msgstr ""
4870
4871
#: serverguide/C/virtualization.xml:1004(para)
4872
msgid ""
4873
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4874
"have 1G of free ram."
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:1011(title)
4878
msgid "Package the Application"
4879
msgstr ""
4880
4881
#: serverguide/C/virtualization.xml:1013(para)
4882
msgid "Two option are available to us:"
4883
msgstr ""
4884
4885
#: serverguide/C/virtualization.xml:1019(para)
4886
msgid ""
4887
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4888
"package. Since this is outside of the scope of this tutorial, we will not "
4889
"perform this here and invite the reader to read the documentation on how to "
4890
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4891
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4892
"repository for your package so that updates can be conveniently pulled from "
4893
"it. See the <ulink url=\"http://www.debian-"
4894
"administration.org/articles/286\">Debian Administration</ulink> article for "
4895
"a tutorial on this."
4896
msgstr ""
4897
4898
#: serverguide/C/virtualization.xml:1028(para)
4899
msgid ""
4900
"Manually install the application under <filename>/opt</filename> as "
4901
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4902
"guidelines</ulink>."
4903
msgstr ""
4904
4905
#: serverguide/C/virtualization.xml:1035(para)
4906
msgid ""
4907
"In our case we'll use <application>Limesurvey</application> as example web "
4908
"application for which we wish to provide a virtual appliance. As noted "
4909
"before, we've made a version of the package available in a PPA (Personal "
4910
"Package Archive)."
4911
msgstr ""
4912
4913
#: serverguide/C/virtualization.xml:1042(title)
4914
msgid "Finishing Install"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4918
msgid "First Boot"
4919
msgstr ""
4920
4921
#: serverguide/C/virtualization.xml:1047(para)
4922
msgid ""
4923
"As we mentioned earlier, the first time the machine boots we'll need to "
4924
"install <application>openssh-server</application> so that the key generated "
4925
"for it is unique for each machine. To do this, we'll write a script called "
4926
"<filename>boot.sh</filename> as follows:"
4927
msgstr ""
4928
4929
#: serverguide/C/virtualization.xml:1053(programlisting)
4930
#, no-wrap
4931
msgid ""
4932
"\n"
4933
"# This script will run the first time the virtual machine boots\n"
4934
"# It is ran as root.\n"
4935
"\n"
4936
"apt-get update\n"
4937
"apt-get install -qqy --force-yes openssh-server\n"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:1061(para)
4941
msgid ""
4942
"And we add the <command>--firstboot boot.sh</command> option to our command "
4943
"line."
4944
msgstr ""
4945
4946
#: serverguide/C/virtualization.xml:1067(title)
4947
msgid "First Login"
4948
msgstr ""
4949
4950
#: serverguide/C/virtualization.xml:1069(para)
4951
msgid ""
4952
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4953
"set them up the first time a user logs in using a script named login.sh. "
4954
"We'll also use this script to let the user specify:"
4955
msgstr ""
4956
4957
#: serverguide/C/virtualization.xml:1075(para)
4958
msgid "His own password"
4959
msgstr ""
4960
4961
#: serverguide/C/virtualization.xml:1076(para)
4962
msgid "Define the keyboard and other locale info he wants to use"
4963
msgstr ""
4964
4965
#: serverguide/C/virtualization.xml:1079(para)
4966
msgid "So we'll define <filename>login.sh</filename> as follows:"
4967
msgstr ""
4968
4969
#: serverguide/C/virtualization.xml:1083(programlisting)
4970
#, no-wrap
4971
msgid ""
4972
"\n"
4973
"# This script is ran the first time a user logs in\n"
4974
"\n"
4975
"echo \"Your appliance is about to be finished to be set up.\"\n"
4976
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4977
"echo \"starting by changing your user password.\"\n"
4978
"\n"
4979
"passwd\n"
4980
"\n"
4981
"#give the opportunity to change the keyboard\n"
4982
"sudo dpkg-reconfigure console-setup\n"
4983
"\n"
4984
"#configure the mysql server root password\n"
4985
"sudo dpkg-reconfigure mysql-server-5.0\n"
4986
"\n"
4987
"#install limesurvey\n"
4988
"sudo apt-get install -qqy --force-yes limesurvey\n"
4989
"\n"
4990
"echo \"Your appliance is now configured. To use it point your\"\n"
4991
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4992
msgstr ""
4993
4994
#: serverguide/C/virtualization.xml:1105(para)
4995
msgid ""
4996
"And we add the <command>--firstlogin login.sh</command> option to our "
4997
"command line."
4998
msgstr ""
4999
5000
#: serverguide/C/virtualization.xml:1112(title)
5001
msgid "Useful Additions"
5002
msgstr ""
5003
5004
#: serverguide/C/virtualization.xml:1115(title)
5005
msgid "Configuring Automatic Updates"
5006
msgstr ""
5007
5008
#: serverguide/C/virtualization.xml:1117(para)
5009
msgid ""
5010
"To have your system be configured to update itself on a regular basis, we "
5011
"will just install <application>unattended-upgrades</application>, so we add "
5012
"the following option to our command line:"
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:1123(command)
5016
msgid "--addpkg unattended-upgrades"
5017
msgstr ""
5018
5019
#: serverguide/C/virtualization.xml:1126(para)
5020
msgid ""
5021
"As we have put our application package in a PPA, the process will update not "
5022
"only the system, but also the application each time we update the version in "
5023
"the PPA."
5024
msgstr ""
5025
5026
#: serverguide/C/virtualization.xml:1133(title)
5027
msgid "ACPI Event Handling"
5028
msgstr ""
5029
5030
#: serverguide/C/virtualization.xml:1135(para)
5031
msgid ""
5032
"For your virtual machine to be able to handle restart and shutdown events it "
5033
"is being sent, it is a good idea to install the acpid package as well. To do "
5034
"this we just add the following option:"
5035
msgstr ""
5036
5037
#: serverguide/C/virtualization.xml:1141(command)
5038
msgid "--addpkg acpid"
5039
msgstr ""
5040
5041
#: serverguide/C/virtualization.xml:1147(title)
5042
msgid "Final Command"
5043
msgstr ""
5044
5045
#: serverguide/C/virtualization.xml:1149(para)
5046
msgid "Here is the command with all the options discussed above:"
5047
msgstr ""
5048
5049
#: serverguide/C/virtualization.xml:1154(command)
5050
msgid ""
5051
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5052
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5053
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5054
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5055
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5056
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5057
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5058
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5059
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5060
"firstlogin login.sh"
5061
msgstr ""
5062
5063
#: serverguide/C/virtualization.xml:1169(para)
5064
msgid ""
5065
"If you are interested in learning more, have questions or suggestions, "
5066
"please contact the Ubuntu Server Team at:"
5067
msgstr ""
5068
5069
#: serverguide/C/virtualization.xml:1174(para)
5070
msgid "IRC: #ubuntu-server on freenode"
5071
msgstr ""
5072
5073
#: serverguide/C/virtualization.xml:1179(para)
5074
msgid ""
5075
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5076
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5077
msgstr ""
5078
5079
#: serverguide/C/virtualization.xml:1184(para)
5080
msgid ""
5081
"Also, see the <ulink "
5082
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5083
"Wiki</ulink> page."
5084
msgstr ""
5085
5086
#: serverguide/C/virtualization.xml:1192(title)
5087
msgid "UEC"
5088
msgstr ""
5089
5090
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5091
msgid "Overview"
5092
msgstr ""
5093
5094
#: serverguide/C/virtualization.xml:1197(para)
5095
msgid ""
5096
"This tutorial covers <application>UEC</application> installation from the "
5097
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5098
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5099
"and one or more nodes attached."
5100
msgstr ""
5101
5102
#: serverguide/C/virtualization.xml:1202(para)
5103
msgid ""
5104
"From this Tutorial you will learn how to install, configure, register and "
5105
"perform several operations on a basic <application>UEC</application> setup "
5106
"that results in a cloud with a one controller <emphasis>\"front-"
5107
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5108
"instances. You will also use examples to help get you started using your own "
5109
"private compute cloud."
5110
msgstr ""
5111
5112
#: serverguide/C/virtualization.xml:1210(title)
5113
msgid "Prerequisites"
5114
msgstr ""
5115
5116
#: serverguide/C/virtualization.xml:1212(para)
5117
msgid ""
5118
"To deploy a minimal cloud infrastructure, you’ll need at least "
5119
"<emphasis>two</emphasis> dedicated systems:"
5120
msgstr ""
5121
5122
#: serverguide/C/virtualization.xml:1218(para)
5123
msgid "A front end."
5124
msgstr ""
5125
5126
#: serverguide/C/virtualization.xml:1223(para)
5127
msgid "One or more node(s)."
5128
msgstr ""
5129
5130
#: serverguide/C/virtualization.xml:1229(para)
5131
msgid ""
5132
"The following are recommendations, rather than fixed requirements. However, "
5133
"our experience in developing this documentation indicated the following "
5134
"suggestions."
5135
msgstr ""
5136
5137
#: serverguide/C/virtualization.xml:1234(title)
5138
msgid "Front End Requirements"
5139
msgstr ""
5140
5141
#: serverguide/C/virtualization.xml:1236(para)
5142
msgid "Use the following table for a system that will run one or more of:"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:1241(para)
5146
msgid "Cloud Controller (CLC)"
5147
msgstr ""
5148
5149
#: serverguide/C/virtualization.xml:1242(para)
5150
msgid "Cluster Controller (CC)"
5151
msgstr ""
5152
5153
#: serverguide/C/virtualization.xml:1243(para)
5154
msgid "Walrus (the S3-like storage service)"
5155
msgstr ""
5156
5157
#: serverguide/C/virtualization.xml:1244(para)
5158
msgid "Storage Controller (SC)"
5159
msgstr ""
5160
5161
#: serverguide/C/virtualization.xml:1248(title)
5162
msgid "UEC Front End Requirements"
5163
msgstr ""
5164
5165
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5166
msgid "Hardware"
5167
msgstr ""
5168
5169
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5170
msgid "Minimum"
5171
msgstr ""
5172
5173
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5174
msgid "Suggested"
5175
msgstr ""
5176
5177
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5178
msgid "Notes"
5179
msgstr ""
5180
5181
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5182
msgid "CPU"
5183
msgstr ""
5184
5185
#: serverguide/C/virtualization.xml:1265(para)
5186
msgid "1 GHz"
5187
msgstr ""
5188
5189
#: serverguide/C/virtualization.xml:1266(para)
5190
msgid "2 x 2 GHz"
5191
msgstr ""
5192
5193
#: serverguide/C/virtualization.xml:1267(para)
5194
msgid ""
5195
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5196
"a dual core processor."
5197
msgstr ""
5198
5199
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5200
msgid "Memory"
5201
msgstr ""
5202
5203
#: serverguide/C/virtualization.xml:1271(para)
5204
msgid "2 GB"
5205
msgstr ""
5206
5207
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5208
msgid "4 GB"
5209
msgstr ""
5210
5211
#: serverguide/C/virtualization.xml:1273(para)
5212
msgid "The Java web front end benefits from lots of available memory."
5213
msgstr ""
5214
5215
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5216
msgid "Disk"
5217
msgstr ""
5218
5219
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5220
msgid "5400 RPM IDE"
5221
msgstr ""
5222
5223
#: serverguide/C/virtualization.xml:1278(para)
5224
msgid "7200 RPM SATA"
5225
msgstr ""
5226
5227
#: serverguide/C/virtualization.xml:1279(para)
5228
msgid ""
5229
"Slower disks will work, but will yield much longer instance startup times."
5230
msgstr ""
5231
5232
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5233
msgid "Disk Space"
5234
msgstr ""
5235
5236
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5237
msgid "40 GB"
5238
msgstr ""
5239
5240
#: serverguide/C/virtualization.xml:1284(para)
5241
msgid "200 GB"
5242
msgstr ""
5243
5244
#: serverguide/C/virtualization.xml:1285(para)
5245
msgid ""
5246
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5247
"does not like to run out of disk space."
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5251
msgid "Networking"
5252
msgstr ""
5253
5254
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5255
msgid "100 Mbps"
5256
msgstr ""
5257
5258
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5259
msgid "1000 Mbps"
5260
msgstr ""
5261
5262
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5263
msgid ""
5264
"Machine images are hundreds of MB, and need to be copied over the network to "
5265
"nodes."
5266
msgstr ""
5267
5268
#: serverguide/C/virtualization.xml:1299(title)
5269
msgid "Node Requirements"
5270
msgstr ""
5271
5272
#: serverguide/C/virtualization.xml:1301(para)
5273
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:1306(para)
5277
msgid "the Node Controller (NC)"
5278
msgstr ""
5279
5280
#: serverguide/C/virtualization.xml:1310(title)
5281
msgid "UEC Node Requirements"
5282
msgstr ""
5283
5284
#: serverguide/C/virtualization.xml:1327(para)
5285
msgid "VT Extensions"
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:1328(para)
5289
msgid "VT, 64-bit, Multicore"
5290
msgstr ""
5291
5292
#: serverguide/C/virtualization.xml:1329(para)
5293
msgid ""
5294
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5295
"only run 1 VM per CPU core on a Node."
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1333(para)
5299
msgid "1 GB"
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1335(para)
5303
msgid "Additional memory means more, and larger guests."
5304
msgstr ""
5305
5306
#: serverguide/C/virtualization.xml:1340(para)
5307
msgid "7200 RPM SATA or SCSI"
5308
msgstr ""
5309
5310
#: serverguide/C/virtualization.xml:1341(para)
5311
msgid ""
5312
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5313
"bottleneck."
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:1346(para)
5317
msgid "100 GB"
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:1347(para)
5321
msgid ""
5322
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5323
"space."
5324
msgstr ""
5325
5326
#: serverguide/C/virtualization.xml:1363(title)
5327
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5328
msgstr ""
5329
5330
#: serverguide/C/virtualization.xml:1367(para)
5331
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5332
msgstr ""
5333
5334
#: serverguide/C/virtualization.xml:1372(para)
5335
msgid ""
5336
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5337
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5338
"components are present."
5339
msgstr ""
5340
5341
#: serverguide/C/virtualization.xml:1377(para)
5342
msgid ""
5343
"You can then choose which components to install, based on your chosen <ulink "
5344
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5345
msgstr ""
5346
5347
#: serverguide/C/virtualization.xml:1382(para)
5348
msgid ""
5349
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5350
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5351
msgstr ""
5352
5353
#: serverguide/C/virtualization.xml:1388(para)
5354
msgid ""
5355
"It will ask two other cloud-specific questions during the course of the "
5356
"install:"
5357
msgstr ""
5358
5359
#: serverguide/C/virtualization.xml:1393(para)
5360
msgid "Name of your cluster."
5361
msgstr ""
5362
5363
#: serverguide/C/virtualization.xml:1396(para)
5364
msgid "e.g. <emphasis>cluster1</emphasis>."
5365
msgstr ""
5366
5367
#: serverguide/C/virtualization.xml:1399(para)
5368
msgid ""
5369
"A range of public IP addresses on the LAN that the cloud can allocate to "
5370
"instances."
5371
msgstr ""
5372
5373
#: serverguide/C/virtualization.xml:1402(para)
5374
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5375
msgstr ""
5376
5377
#: serverguide/C/virtualization.xml:1410(title)
5378
msgid "Installing the Node Controller(s)"
5379
msgstr ""
5380
5381
#: serverguide/C/virtualization.xml:1412(para)
5382
msgid ""
5383
"The node controller install is even simpler. Just make sure that you are "
5384
"connected to the network on which the cloud/cluster controller is already "
5385
"running."
5386
msgstr ""
5387
5388
#: serverguide/C/virtualization.xml:1418(para)
5389
msgid "Boot from the same ISO on the node(s)."
5390
msgstr ""
5391
5392
#: serverguide/C/virtualization.xml:1423(para)
5393
msgid ""
5394
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5395
msgstr ""
5396
5397
#: serverguide/C/virtualization.xml:1428(para)
5398
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5399
msgstr ""
5400
5401
#: serverguide/C/virtualization.xml:1433(para)
5402
msgid ""
5403
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5404
"install for you."
5405
msgstr ""
5406
5407
#: serverguide/C/virtualization.xml:1438(para)
5408
msgid "Confirm the partitioning scheme."
5409
msgstr ""
5410
5411
#: serverguide/C/virtualization.xml:1443(para)
5412
msgid ""
5413
"The rest of the installation should proceed uninterrupted; complete the "
5414
"installation and reboot the node."
5415
msgstr ""
5416
5417
#: serverguide/C/virtualization.xml:1451(title)
5418
msgid "Register the Node(s)"
5419
msgstr ""
5420
5421
#: serverguide/C/virtualization.xml:1456(para)
5422
msgid ""
5423
"Nodes are the physical systems within <application>UEC</application> that "
5424
"actually run the virtual machine instances of the cloud."
5425
msgstr ""
5426
5427
#: serverguide/C/virtualization.xml:1460(para)
5428
msgid "All component registration should be automatic, assuming:"
5429
msgstr ""
5430
5431
#: serverguide/C/virtualization.xml:1466(para)
5432
msgid "Public SSH keys have been exchanged properly."
5433
msgstr ""
5434
5435
#: serverguide/C/virtualization.xml:1471(para)
5436
msgid "The services are configured properly."
5437
msgstr ""
5438
5439
#: serverguide/C/virtualization.xml:1476(para)
5440
msgid ""
5441
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5442
msgstr ""
5443
5444
#: serverguide/C/virtualization.xml:1481(para)
5445
msgid "Verify Registration."
5446
msgstr ""
5447
5448
#: serverguide/C/virtualization.xml:1487(para)
5449
msgid ""
5450
"Steps a to e should only be required if you're using the <ulink "
5451
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5452
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5453
"should already be completed automatically for you, and therefore you can "
5454
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5455
msgstr ""
5456
5457
#: serverguide/C/virtualization.xml:1495(para)
5458
msgid "Exchange Public Keys"
5459
msgstr ""
5460
5461
#: serverguide/C/virtualization.xml:1497(para)
5462
msgid ""
5463
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5464
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5465
"Controller as the eucalyptus user."
5466
msgstr ""
5467
5468
#: serverguide/C/virtualization.xml:1502(para)
5469
msgid ""
5470
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5471
"ssh key by:"
5472
msgstr ""
5473
5474
#: serverguide/C/virtualization.xml:1508(para)
5475
msgid ""
5476
"On the target controller, temporarily set a password for the eucalyptus user:"
5477
msgstr ""
5478
5479
#: serverguide/C/virtualization.xml:1512(command)
5480
msgid "sudo passwd eucalyptus"
5481
msgstr ""
5482
5483
#: serverguide/C/virtualization.xml:1516(para)
5484
msgid "Then, on the Cloud Controller:"
5485
msgstr ""
5486
5487
#: serverguide/C/virtualization.xml:1520(command)
5488
msgid ""
5489
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5490
"eucalyptus@<IP_OF_NODE>"
5491
msgstr ""
5492
5493
#: serverguide/C/virtualization.xml:1524(para)
5494
msgid ""
5495
"You can now remove the password of the eucalyptus account on the target "
5496
"controller, if you wish:"
5497
msgstr ""
5498
5499
#: serverguide/C/virtualization.xml:1528(command)
5500
msgid "sudo passwd -d eucalyptus"
5501
msgstr ""
5502
5503
#: serverguide/C/virtualization.xml:1535(para)
5504
msgid "Configuring the Services"
5505
msgstr ""
5506
5507
#: serverguide/C/virtualization.xml:1537(para)
5508
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5509
msgstr ""
5510
5511
#: serverguide/C/virtualization.xml:1543(para)
5512
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5513
msgstr ""
5514
5515
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5516
msgid ""
5517
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5518
"cc.conf</filename>"
5519
msgstr ""
5520
5521
#: serverguide/C/virtualization.xml:1549(para)
5522
msgid ""
5523
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5524
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5525
"addresses."
5526
msgstr ""
5527
5528
#: serverguide/C/virtualization.xml:1556(para)
5529
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5530
msgstr ""
5531
5532
#: serverguide/C/virtualization.xml:1560(para)
5533
msgid ""
5534
"Define the shell variable WALRUS_IP_ADDR in "
5535
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5536
"address."
5537
msgstr ""
5538
5539
#: serverguide/C/virtualization.xml:1565(para)
5540
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5541
msgstr ""
5542
5543
#: serverguide/C/virtualization.xml:1571(para)
5544
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5545
msgstr ""
5546
5547
#: serverguide/C/virtualization.xml:1577(para)
5548
msgid ""
5549
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5550
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5551
"addresses."
5552
msgstr ""
5553
5554
#: serverguide/C/virtualization.xml:1587(para)
5555
msgid "Publish"
5556
msgstr ""
5557
5558
#: serverguide/C/virtualization.xml:1589(para)
5559
msgid "Now start the publication services."
5560
msgstr ""
5561
5562
#: serverguide/C/virtualization.xml:1595(emphasis)
5563
msgid "Walrus Controller:"
5564
msgstr ""
5565
5566
#: serverguide/C/virtualization.xml:1597(command)
5567
msgid "sudo start eucalyptus-walrus-publication"
5568
msgstr ""
5569
5570
#: serverguide/C/virtualization.xml:1601(emphasis)
5571
msgid "Cluster Controller:"
5572
msgstr ""
5573
5574
#: serverguide/C/virtualization.xml:1603(command)
5575
msgid "sudo start eucalyptus-cc-publication"
5576
msgstr ""
5577
5578
#: serverguide/C/virtualization.xml:1607(emphasis)
5579
msgid "Storage Controller:"
5580
msgstr ""
5581
5582
#: serverguide/C/virtualization.xml:1609(command)
5583
msgid "sudo start eucalyptus-sc-publication"
5584
msgstr ""
5585
5586
#: serverguide/C/virtualization.xml:1613(emphasis)
5587
msgid "Node Controller:"
5588
msgstr ""
5589
5590
#: serverguide/C/virtualization.xml:1615(command)
5591
msgid "sudo start eucalyptus-nc-publication"
5592
msgstr ""
5593
5594
#: serverguide/C/virtualization.xml:1622(para)
5595
msgid "Start the Listener"
5596
msgstr ""
5597
5598
#: serverguide/C/virtualization.xml:1624(para)
5599
msgid ""
5600
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5601
"Controller(s)</emphasis>, run:"
5602
msgstr ""
5603
5604
#: serverguide/C/virtualization.xml:1629(command)
5605
msgid "sudo start uec-component-listener"
5606
msgstr ""
5607
5608
#: serverguide/C/virtualization.xml:1634(para)
5609
msgid "Verify Registration"
5610
msgstr ""
5611
5612
#: serverguide/C/virtualization.xml:1637(command)
5613
msgid "cat /var/log/eucalyptus/registration.log"
5614
msgstr ""
5615
5616
#: serverguide/C/virtualization.xml:1638(computeroutput)
5617
#, no-wrap
5618
msgid ""
5619
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5620
"10.1.1.75\n"
5621
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5622
"0\n"
5623
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5624
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5625
"0\n"
5626
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5627
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5628
"returned 0\n"
5629
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5630
"10.1.1.71\n"
5631
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5632
msgstr ""
5633
5634
#: serverguide/C/virtualization.xml:1649(para)
5635
msgid "The output on your machine will vary from the example above."
5636
msgstr ""
5637
5638
#: serverguide/C/virtualization.xml:1659(title)
5639
msgid "Obtain Credentials"
5640
msgstr ""
5641
5642
#: serverguide/C/virtualization.xml:1661(para)
5643
msgid ""
5644
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5645
"users of the cloud will need to retrieve their credentials. This can be done "
5646
"either through a web browser, or at the command line."
5647
msgstr ""
5648
5649
#: serverguide/C/virtualization.xml:1667(title)
5650
msgid "From a Web Browser"
5651
msgstr ""
5652
5653
#: serverguide/C/virtualization.xml:1671(para)
5654
msgid ""
5655
"From your web browser (either remotely or on your Ubuntu server) access the "
5656
"following URL:"
5657
msgstr ""
5658
5659
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5660
#, no-wrap
5661
msgid ""
5662
"\n"
5663
"https://<cloud-controller-ip-address>:8443/\n"
5664
msgstr ""
5665
5666
#: serverguide/C/virtualization.xml:1679(para)
5667
msgid ""
5668
"You must use a secure connection, so make sure you use \"https\" not "
5669
"\"http\" in your URL. You will get a security certificate warning. You will "
5670
"have to add an exception to view the page. If you do not accept it you will "
5671
"not be able to view the Eucalyptus configuration page."
5672
msgstr ""
5673
5674
#: serverguide/C/virtualization.xml:1687(para)
5675
msgid ""
5676
"Use username <emphasis>'admin'</emphasis> and password "
5677
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5678
"to change your password)."
5679
msgstr ""
5680
5681
#: serverguide/C/virtualization.xml:1693(para)
5682
msgid ""
5683
"Then follow the on-screen instructions to update the admin password and "
5684
"email address."
5685
msgstr ""
5686
5687
#: serverguide/C/virtualization.xml:1698(para)
5688
msgid ""
5689
"Once the first time configuration process is completed, click the "
5690
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5691
"the screen."
5692
msgstr ""
5693
5694
#: serverguide/C/virtualization.xml:1704(para)
5695
msgid ""
5696
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5697
"certificates."
5698
msgstr ""
5699
5700
#: serverguide/C/virtualization.xml:1709(para)
5701
msgid "Save them to <filename>~/.euca</filename>."
5702
msgstr ""
5703
5704
#: serverguide/C/virtualization.xml:1714(para)
5705
msgid ""
5706
"Unzip the downloaded zip file into a safe location "
5707
"(<filename>~/.euca</filename>)."
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1718(command)
5711
msgid "unzip -d ~/.euca mycreds.zip"
5712
msgstr ""
5713
5714
#: serverguide/C/virtualization.xml:1725(title)
5715
msgid "From a Command Line"
5716
msgstr ""
5717
5718
#: serverguide/C/virtualization.xml:1729(para)
5719
msgid ""
5720
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5721
"Controller</emphasis>, you can run:"
5722
msgstr ""
5723
5724
#: serverguide/C/virtualization.xml:1733(command)
5725
msgid "mkdir -p ~/.euca"
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:1734(command)
5729
msgid "chmod 700 ~/.euca"
5730
msgstr ""
5731
5732
#: serverguide/C/virtualization.xml:1735(command)
5733
msgid "cd ~/.euca"
5734
msgstr ""
5735
5736
#: serverguide/C/virtualization.xml:1736(command)
5737
msgid "sudo euca_conf --get-credentials mycreds.zip"
5738
msgstr ""
5739
5740
#: serverguide/C/virtualization.xml:1737(command)
5741
msgid "unzip mycreds.zip"
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1738(command)
5745
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5746
msgstr ""
5747
5748
#: serverguide/C/virtualization.xml:1739(command)
5749
msgid "cd -"
5750
msgstr ""
5751
5752
#: serverguide/C/virtualization.xml:1746(title)
5753
msgid "Extracting and Using Your Credentials"
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:1748(para)
5757
msgid ""
5758
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5759
"certificates."
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:1754(para)
5763
msgid "Install the required cloud user tools:"
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1758(command)
5767
msgid "sudo apt-get install euca2ools"
5768
msgstr ""
5769
5770
#: serverguide/C/virtualization.xml:1762(para)
5771
msgid ""
5772
"To validate that everything is working correctly, get the local cluster "
5773
"availability details:"
5774
msgstr ""
5775
5776
#: serverguide/C/virtualization.xml:1766(command)
5777
msgid ". ~/.euca/eucarc"
5778
msgstr ""
5779
5780
#: serverguide/C/virtualization.xml:1767(command)
5781
msgid "euca-describe-availability-zones verbose"
5782
msgstr ""
5783
5784
#: serverguide/C/virtualization.xml:1768(computeroutput)
5785
#, no-wrap
5786
msgid ""
5787
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5788
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5789
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5790
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5791
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5792
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5793
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5794
msgstr ""
5795
5796
#: serverguide/C/virtualization.xml:1778(para)
5797
msgid "Your output from the above command will vary."
5798
msgstr ""
5799
5800
#: serverguide/C/virtualization.xml:1788(title)
5801
msgid "Install an Image from the Store"
5802
msgstr ""
5803
5804
#: serverguide/C/virtualization.xml:1790(para)
5805
msgid ""
5806
"The following is by far the simplest way to install an image. However, "
5807
"advanced users may be interested in learning how to <ulink "
5808
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5809
"own image</ulink>."
5810
msgstr ""
5811
5812
#: serverguide/C/virtualization.xml:1795(para)
5813
msgid ""
5814
"The simplest way to add an image to <application>UEC</application> is to "
5815
"install it from the Image Store on the UEC web interface."
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1801(para)
5819
msgid ""
5820
"Access the web interface at the following URL (Make sure you specify https):"
5821
msgstr ""
5822
5823
#: serverguide/C/virtualization.xml:1809(para)
5824
msgid ""
5825
"Enter your login and password (if requested, as you may still be logged in "
5826
"from earlier)."
5827
msgstr ""
5828
5829
#: serverguide/C/virtualization.xml:1814(para)
5830
msgid "Click on the <emphasis>Store</emphasis> tab."
5831
msgstr ""
5832
5833
#: serverguide/C/virtualization.xml:1819(para)
5834
msgid "Browse available images."
5835
msgstr ""
5836
5837
#: serverguide/C/virtualization.xml:1824(para)
5838
msgid "Click on <emphasis>install</emphasis> for the image you want."
5839
msgstr ""
5840
5841
#: serverguide/C/virtualization.xml:1830(para)
5842
msgid ""
5843
"Once the image has been downloaded and installed, you can click on "
5844
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5845
"button to view the command to execute to instantiate (start) this image. The "
5846
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5847
"tab."
5848
msgstr ""
5849
5850
#: serverguide/C/virtualization.xml:1838(title)
5851
msgid "Run an Image"
5852
msgstr ""
5853
5854
#: serverguide/C/virtualization.xml:1840(para)
5855
msgid "There are multiple ways to instantiate an image in UEC:"
5856
msgstr ""
5857
5858
#: serverguide/C/virtualization.xml:1845(para)
5859
msgid "Use the command line."
5860
msgstr ""
5861
5862
#: serverguide/C/virtualization.xml:1846(para)
5863
msgid ""
5864
"Use one of the UEC compatible management tools such as "
5865
"<emphasis>Landscape</emphasis>."
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1848(para)
5869
msgid ""
5870
"Use the <ulink "
5871
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5872
"extension to Firefox."
5873
msgstr ""
5874
5875
#: serverguide/C/virtualization.xml:1854(para)
5876
msgid "Here we will describe the process from the command line:"
5877
msgstr ""
5878
5879
#: serverguide/C/virtualization.xml:1860(para)
5880
msgid ""
5881
"Before running an instance of your image, you should first create a "
5882
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5883
"instance as root, once it boots. The key is stored, so you will only have to "
5884
"do this once."
5885
msgstr ""
5886
5887
#: serverguide/C/virtualization.xml:1864(para)
5888
msgid "Run the following command:"
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1867(programlisting)
5892
#, no-wrap
5893
msgid ""
5894
"\n"
5895
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5896
" mkdir -p -m 700 ~/.euca\n"
5897
" touch ~/.euca/mykey.priv\n"
5898
" chmod 0600 ~/.euca/mykey.priv\n"
5899
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5900
"fi\n"
5901
msgstr ""
5902
5903
#: serverguide/C/virtualization.xml:1876(para)
5904
msgid ""
5905
"You can call your key whatever you like (in this example, the key is called "
5906
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5907
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5908
"a list of created keys stored in the system."
5909
msgstr ""
5910
5911
#: serverguide/C/virtualization.xml:1883(para)
5912
msgid "You must also allow access to port 22 in your instances:"
5913
msgstr ""
5914
5915
#: serverguide/C/virtualization.xml:1887(command)
5916
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5917
msgstr ""
5918
5919
#: serverguide/C/virtualization.xml:1891(para)
5920
msgid "Next, you can create instances of your registered image:"
5921
msgstr ""
5922
5923
#: serverguide/C/virtualization.xml:1895(command)
5924
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5925
msgstr ""
5926
5927
#: serverguide/C/virtualization.xml:1898(para)
5928
msgid ""
5929
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5930
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5931
"on the <emphasis>Store</emphasis> page to see the sample command."
5932
msgstr ""
5933
5934
#: serverguide/C/virtualization.xml:1905(para)
5935
msgid ""
5936
"The first time you run an instance, the system will be setting up caches for "
5937
"the image from which it will be created. This can often take some time the "
5938
"first time an instance is run given that VM images are usually quite large."
5939
msgstr ""
5940
5941
#: serverguide/C/virtualization.xml:1909(para)
5942
msgid "To monitor the state of your instance, run:"
5943
msgstr ""
5944
5945
#: serverguide/C/virtualization.xml:1913(command)
5946
msgid "watch -n5 euca-describe-instances"
5947
msgstr ""
5948
5949
#: serverguide/C/virtualization.xml:1915(para)
5950
msgid ""
5951
"In the output, you should see information about the instance, including its "
5952
"state. While first-time caching is being performed, the instance's state "
5953
"will be <emphasis>'pending'</emphasis>."
5954
msgstr ""
5955
5956
#: serverguide/C/virtualization.xml:1921(para)
5957
msgid ""
5958
"When the instance is fully started, the above state will become "
5959
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5960
"instance in the output, then connect to it:"
5961
msgstr ""
5962
5963
#: serverguide/C/virtualization.xml:1926(command)
5964
msgid ""
5965
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5966
"'{print $4}')"
5967
msgstr ""
5968
5969
#: serverguide/C/virtualization.xml:1927(command)
5970
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5971
msgstr ""
5972
5973
#: serverguide/C/virtualization.xml:1931(para)
5974
msgid ""
5975
"And when you are done with this instance, exit your SSH connection, then "
5976
"terminate your instance:"
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:1935(command)
5980
msgid ""
5981
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5982
"awk '{print $2}')"
5983
msgstr ""
5984
5985
#: serverguide/C/virtualization.xml:1936(command)
5986
msgid "euca-terminate-instances $INSTANCEID"
5987
msgstr ""
5988
5989
#: serverguide/C/virtualization.xml:1944(para)
5990
msgid ""
5991
"The <application>cloud-init</application> package provides \"first boot\" "
5992
"functionality for the Ubuntu UEC images. It is in charge of taking the "
5993
"generic filesystem image that is booting and customizing it for this "
5994
"particular instance. That includes things like:"
5995
msgstr ""
5996
5997
#: serverguide/C/virtualization.xml:1952(para)
5998
msgid "Setting the hostname."
5999
msgstr ""
6000
6001
#: serverguide/C/virtualization.xml:1957(para)
6002
msgid ""
6003
"Putting the provided ssh public keys into "
6004
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6005
msgstr ""
6006
6007
#: serverguide/C/virtualization.xml:1962(para)
6008
msgid "Running a user provided script, or otherwise modifying the image."
6009
msgstr ""
6010
6011
#: serverguide/C/virtualization.xml:1968(para)
6012
msgid ""
6013
"Setting hostname and configuring a system so the person who launched it can "
6014
"actually log into it are not terribly interesting. The interesting things "
6015
"that can be done with <application>cloud-init</application> are made "
6016
"possible by data provided at launch time called <ulink "
6017
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6018
"85\">user-data</ulink>."
6019
msgstr ""
6020
6021
#: serverguide/C/virtualization.xml:1974(para)
6022
msgid "First, install the <application>cloud-init</application> package:"
6023
msgstr ""
6024
6025
#: serverguide/C/virtualization.xml:1979(command)
6026
msgid "sudo apt-get install cloud-init"
6027
msgstr ""
6028
6029
#: serverguide/C/virtualization.xml:1982(para)
6030
msgid ""
6031
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6032
"stored and executed as root late in the boot process of the instance's first "
6033
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6034
"directed to the console."
6035
msgstr ""
6036
6037
#: serverguide/C/virtualization.xml:1987(para)
6038
msgid ""
6039
"For example, create a file named <filename>ud.txt</filename> containing:"
6040
msgstr ""
6041
6042
#: serverguide/C/virtualization.xml:1991(programlisting)
6043
#, no-wrap
6044
msgid ""
6045
"\n"
6046
"#!/bin/sh\n"
6047
"echo ========== Hello World: $(date) ==========\n"
6048
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:1997(para)
6052
msgid ""
6053
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6054
msgstr ""
6055
6056
#: serverguide/C/virtualization.xml:2002(command)
6057
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6058
msgstr ""
6059
6060
#: serverguide/C/virtualization.xml:2005(para)
6061
msgid ""
6062
"Wait now for the system to come up and console to be available. To see the "
6063
"result of the data file commands enter:"
6064
msgstr ""
6065
6066
#: serverguide/C/virtualization.xml:2010(command)
6067
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6068
msgstr ""
6069
6070
#: serverguide/C/virtualization.xml:2011(computeroutput)
6071
#, no-wrap
6072
msgid ""
6073
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6074
"I have been up for 28.26 sec"
6075
msgstr ""
6076
6077
#: serverguide/C/virtualization.xml:2016(para)
6078
msgid "Your output may vary."
6079
msgstr ""
6080
6081
#: serverguide/C/virtualization.xml:2021(para)
6082
msgid ""
6083
"The simple approach shown above gives a great deal of power. The user-data "
6084
"can contain a script in any language where an interpreter already exists in "
6085
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6086
")."
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:2026(para)
6090
msgid ""
6091
"For many cases, the user may not be interested in writing a program. For "
6092
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6093
"configuration based approach towards customization. To utilize the cloud-"
6094
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6095
"config'</emphasis>."
6096
msgstr ""
6097
6098
#: serverguide/C/virtualization.xml:2031(para)
6099
msgid ""
6100
"For example, create a text file named <filename>clout-config.txt</filename> "
6101
"containing:"
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:2035(programlisting)
6105
#, no-wrap
6106
msgid ""
6107
"\n"
6108
"#cloud-config\n"
6109
"apt_upgrade: true\n"
6110
"apt_sources:\n"
6111
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6112
"\n"
6113
"packages:\n"
6114
"- build-essential\n"
6115
"- pastebinit\n"
6116
"\n"
6117
"runcmd:\n"
6118
"- echo ======= Hello World =====\n"
6119
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6120
msgstr ""
6121
6122
#: serverguide/C/virtualization.xml:2050(para)
6123
msgid "Create a new instance:"
6124
msgstr ""
6125
6126
#: serverguide/C/virtualization.xml:2055(command)
6127
msgid ""
6128
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6129
"config.txt"
6130
msgstr ""
6131
6132
#: serverguide/C/virtualization.xml:2058(para)
6133
msgid "Now, when the above system is booted, it will have:"
6134
msgstr ""
6135
6136
#: serverguide/C/virtualization.xml:2063(para)
6137
msgid "Added the Apache Edgers PPA."
6138
msgstr ""
6139
6140
#: serverguide/C/virtualization.xml:2064(para)
6141
msgid "Run an upgrade to get all updates available"
6142
msgstr ""
6143
6144
#: serverguide/C/virtualization.xml:2065(para)
6145
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6146
msgstr ""
6147
6148
#: serverguide/C/virtualization.xml:2066(para)
6149
msgid "Printed a similar message to the script above"
6150
msgstr ""
6151
6152
#: serverguide/C/virtualization.xml:2070(para)
6153
msgid ""
6154
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6155
"the latest version of Apache from upstream source repositories. Package "
6156
"versions in the PPA are unsupported, and depending on your situation, this "
6157
"may or may not be desirable. See the <ulink "
6158
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6159
"Edgers</ulink> web page for more details."
6160
msgstr ""
6161
6162
#: serverguide/C/virtualization.xml:2077(para)
6163
msgid ""
6164
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6165
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6166
"It is present to allow you to get the full power of a scripting language if "
6167
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6168
msgstr ""
6169
6170
#: serverguide/C/virtualization.xml:2082(para)
6171
msgid ""
6172
"For more information on what kinds of things can be done with "
6173
"<application>cloud-config</application>, see <ulink "
6174
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6175
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6176
msgstr ""
6177
6178
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6179
msgid "More Information"
6180
msgstr ""
6181
6182
#: serverguide/C/virtualization.xml:2093(para)
6183
msgid ""
6184
"How to use the <ulink "
6185
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6186
"Controller</ulink>"
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:2097(para)
6190
msgid "Controlling eucalyptus services:"
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:2102(para)
6194
msgid ""
6195
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6196
msgstr ""
6197
6198
#: serverguide/C/virtualization.xml:2103(para)
6199
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:2106(para)
6203
msgid "Locations of some important files:"
6204
msgstr ""
6205
6206
#: serverguide/C/virtualization.xml:2113(emphasis)
6207
msgid "Log files:"
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:2116(para)
6211
msgid "/var/log/eucalyptus"
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:2121(emphasis)
6215
msgid "Configuration files:"
6216
msgstr ""
6217
6218
#: serverguide/C/virtualization.xml:2124(para)
6219
msgid "/etc/eucalyptus"
6220
msgstr ""
6221
6222
#: serverguide/C/virtualization.xml:2129(emphasis)
6223
msgid "Database:"
6224
msgstr ""
6225
6226
#: serverguide/C/virtualization.xml:2132(para)
6227
msgid "/var/lib/eucalyptus/db"
6228
msgstr ""
6229
6230
#: serverguide/C/virtualization.xml:2137(emphasis)
6231
msgid "Keys:"
6232
msgstr ""
6233
6234
#: serverguide/C/virtualization.xml:2140(para)
6235
msgid "/var/lib/eucalyptus"
6236
msgstr ""
6237
6238
#: serverguide/C/virtualization.xml:2141(para)
6239
msgid "/var/lib/eucalyptus/.ssh"
6240
msgstr ""
6241
6242
#: serverguide/C/virtualization.xml:2147(para)
6243
msgid ""
6244
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6245
"running the client tools."
6246
msgstr ""
6247
6248
#: serverguide/C/virtualization.xml:2158(para)
6249
msgid ""
6250
"For information on loading instances see the <ulink "
6251
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6252
"page."
6253
msgstr ""
6254
6255
#: serverguide/C/virtualization.xml:2163(para)
6256
msgid ""
6257
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6258
"documentation, downloads)</ulink>."
6259
msgstr ""
6260
6261
#: serverguide/C/virtualization.xml:2168(para)
6262
msgid ""
6263
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6264
"(bugs, code)</ulink>."
6265
msgstr ""
6266
6267
#: serverguide/C/virtualization.xml:2173(para)
6268
msgid ""
6269
"<ulink "
6270
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6271
"ptus Troubleshooting (1.5)</ulink>."
6272
msgstr ""
6273
6274
#: serverguide/C/virtualization.xml:2178(para)
6275
msgid ""
6276
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6277
"Cloud_Infrastructures/Eucalyptus/03-"
6278
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6279
"RightScale</ulink>."
6280
msgstr ""
6281
6282
#: serverguide/C/virtualization.xml:2184(para)
6283
msgid ""
6284
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6285
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6286
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6287
msgstr ""
6288
6289
#: serverguide/C/virtualization.xml:2193(title)
6290
msgid "Glossary"
6291
msgstr ""
6292
6293
#: serverguide/C/virtualization.xml:2195(para)
6294
msgid ""
6295
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6296
"unfamiliar to some readers. This page is intended to provide a glossary of "
6297
"such terms and acronyms."
6298
msgstr ""
6299
6300
#: serverguide/C/virtualization.xml:2202(para)
6301
msgid ""
6302
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6303
"computing resources through virtual machines, provisioned and recollected "
6304
"dynamically."
6305
msgstr ""
6306
6307
#: serverguide/C/virtualization.xml:2208(para)
6308
msgid ""
6309
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6310
"provides the web UI (an https server on port 8443), and implements the "
6311
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6312
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6313
"cloud</application> package."
6314
msgstr ""
6315
6316
#: serverguide/C/virtualization.xml:2215(para)
6317
msgid ""
6318
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6319
"Cluster Controller. There can be more than one Cluster in an installation of "
6320
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6321
"floor2, floor2)."
6322
msgstr ""
6323
6324
#: serverguide/C/virtualization.xml:2221(para)
6325
msgid ""
6326
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6327
"manages collections of node resources. This service is provided by the "
6328
"Ubuntu <application>eucalyptus-cc</application> package."
6329
msgstr ""
6330
6331
#: serverguide/C/virtualization.xml:2227(para)
6332
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6333
msgstr ""
6334
6335
#: serverguide/C/virtualization.xml:2232(para)
6336
msgid ""
6337
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6338
"pay-by-the-gigabyte public cloud computing offering."
6339
msgstr ""
6340
6341
#: serverguide/C/virtualization.xml:2237(para)
6342
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6343
msgstr ""
6344
6345
#: serverguide/C/virtualization.xml:2242(para)
6346
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6347
msgstr ""
6348
6349
#: serverguide/C/virtualization.xml:2247(para)
6350
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6351
msgstr ""
6352
6353
#: serverguide/C/virtualization.xml:2252(para)
6354
msgid ""
6355
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6356
"Linking Your Programs To Useful Systems. An open source project originally "
6357
"from the University of California at Santa Barbara, now supported by "
6358
"Eucalyptus Systems, a Canonical Partner."
6359
msgstr ""
6360
6361
#: serverguide/C/virtualization.xml:2259(para)
6362
msgid ""
6363
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6364
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6365
"cluster controller)."
6366
msgstr ""
6367
6368
#: serverguide/C/virtualization.xml:2265(para)
6369
msgid ""
6370
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6371
"running virtual machines, running a node controller. Within Ubuntu, this "
6372
"generally means that the CPU has VT extensions, and can run the KVM "
6373
"hypervisor."
6374
msgstr ""
6375
6376
#: serverguide/C/virtualization.xml:2271(para)
6377
msgid ""
6378
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6379
"on nodes which host the virtual machines that comprise the cloud. This "
6380
"service is provided by the Ubuntu package <application>eucalyptus-"
6381
"nc</application>."
6382
msgstr ""
6383
6384
#: serverguide/C/virtualization.xml:2277(para)
6385
msgid ""
6386
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6387
"gigabyte persistent storage solution for EC2."
6388
msgstr ""
6389
6390
#: serverguide/C/virtualization.xml:2282(para)
6391
msgid ""
6392
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6393
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6394
"installation can have its own Storage Controller. This component is provided "
6395
"by the <application>eucalyptus-sc</application> package."
6396
msgstr ""
6397
6398
#: serverguide/C/virtualization.xml:2289(para)
6399
msgid ""
6400
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6401
"solution, based on Eucalyptus."
6402
msgstr ""
6403
6404
#: serverguide/C/virtualization.xml:2294(para)
6405
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6406
msgstr ""
6407
6408
#: serverguide/C/virtualization.xml:2299(para)
6409
msgid ""
6410
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6411
"some modern CPUs, allowing for accelerated virtual machine hosting."
6412
msgstr ""
6413
6414
#: serverguide/C/virtualization.xml:2304(para)
6415
msgid ""
6416
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6417
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6418
"put/get abstractions."
6419
msgstr ""
6420
6421
#: serverguide/C/vcs.xml:13(title)
6422
msgid "Version Control System"
6423
msgstr ""
6424
6425
#: serverguide/C/vcs.xml:14(para)
6426
msgid ""
6427
"Version control is the art of managing changes to information. It has long "
6428
"been a critical tool for programmers, who typically spend their time making "
6429
"small changes to software and then undoing those changes the next day. But "
6430
"the usefulness of version control software extends far beyond the bounds of "
6431
"the software development world. Anywhere you can find people using computers "
6432
"to manage information that changes often, there is room for version control."
6433
msgstr ""
6434
6435
#: serverguide/C/vcs.xml:17(title)
6436
msgid "Bazaar"
6437
msgstr ""
6438
6439
#: serverguide/C/vcs.xml:18(para)
6440
msgid ""
6441
"Bazaar is a new version control system sponsored by Canonical, the "
6442
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6443
"support a central repository model, Bazaar also supports "
6444
"<emphasis>distributed version control</emphasis>, giving people the ability "
6445
"to collaborate more efficiently. In particular, Bazaar is designed to "
6446
"maximize the level of community participation in open source projects."
6447
msgstr ""
6448
6449
#: serverguide/C/vcs.xml:29(para)
6450
msgid ""
6451
"At a terminal prompt, enter the following command to install "
6452
"<application>bzr</application>: <screen>\n"
6453
"<command>sudo apt-get install bzr</command>\n"
6454
"</screen>"
6455
msgstr ""
6456
6457
#: serverguide/C/vcs.xml:40(para)
6458
msgid ""
6459
"To introduce yourself to <application>bzr</application>, use the "
6460
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6461
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6462
"</screen>"
6463
msgstr ""
6464
6465
#: serverguide/C/vcs.xml:49(title)
6466
msgid "Learning Bazaar"
6467
msgstr ""
6468
6469
#: serverguide/C/vcs.xml:50(para)
6470
msgid ""
6471
"Bazaar comes with bundled documentation installed into "
6472
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6473
"is a good place to start. The <application>bzr</application> command also "
6474
"comes with built-in help: <screen>\n"
6475
"<command>$ bzr help</command>\n"
6476
"</screen>"
6477
msgstr ""
6478
6479
#: serverguide/C/vcs.xml:60(para)
6480
msgid ""
6481
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6482
"<command>$ bzr help foo</command>\n"
6483
"</screen>"
6484
msgstr ""
6485
6486
#: serverguide/C/vcs.xml:68(title)
6487
msgid "Launchpad Integration"
6488
msgstr ""
6489
6490
#: serverguide/C/vcs.xml:69(para)
6491
msgid ""
6492
"While highly useful as a stand-alone system, Bazaar has good, optional "
6493
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6494
"the collaborative development system used by Canonical and the broader open "
6495
"source community to manage and extend Ubuntu itself. For information on how "
6496
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6497
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6498
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6499
msgstr ""
6500
6501
#: serverguide/C/vcs.xml:81(title)
6502
msgid "Subversion"
6503
msgstr ""
6504
6505
#: serverguide/C/vcs.xml:82(para)
6506
msgid ""
6507
"Subversion is an open source version control system. Using Subversion, you "
6508
"can record the history of source files and documents. It manages files and "
6509
"directories over time. A tree of files is placed into a central repository. "
6510
"The repository is much like an ordinary file server, except that it "
6511
"remembers every change ever made to files and directories."
6512
msgstr ""
6513
6514
#: serverguide/C/vcs.xml:87(para)
6515
msgid ""
6516
"To access Subversion repository using the HTTP protocol, you must install "
6517
"and configure a web server. Apache2 is proven to work with Subversion. "
6518
"Please refer to the HTTP subsection in the Apache2 section to install and "
6519
"configure Apache2. To access the Subversion repository using the HTTPS "
6520
"protocol, you must install and configure a digital certificate in your "
6521
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6522
"section to install and configure the digital certificate."
6523
msgstr ""
6524
6525
#: serverguide/C/vcs.xml:96(para)
6526
msgid ""
6527
"To install Subversion, run the following command from a terminal prompt:"
6528
msgstr ""
6529
6530
#: serverguide/C/vcs.xml:101(command)
6531
msgid "sudo apt-get install subversion libapache2-svn"
6532
msgstr ""
6533
6534
#: serverguide/C/vcs.xml:108(para)
6535
msgid ""
6536
"This step assumes you have installed above mentioned packages on your "
6537
"system. This section explains how to create a Subversion repository and "
6538
"access the project."
6539
msgstr ""
6540
6541
#: serverguide/C/vcs.xml:111(title)
6542
msgid "Create Subversion Repository"
6543
msgstr ""
6544
6545
#: serverguide/C/vcs.xml:112(para)
6546
msgid ""
6547
"The Subversion repository can be created using the following command from a "
6548
"terminal prompt:"
6549
msgstr ""
6550
6551
#: serverguide/C/vcs.xml:116(command)
6552
msgid "svnadmin create /path/to/repos/project"
6553
msgstr ""
6554
6555
#: serverguide/C/vcs.xml:121(title)
6556
msgid "Importing Files"
6557
msgstr ""
6558
6559
#: serverguide/C/vcs.xml:122(para)
6560
msgid ""
6561
"Once you create the repository you can <emphasis>import</emphasis> files "
6562
"into the repository. To import a directory, enter the following from a "
6563
"terminal prompt: <screen>\n"
6564
"<command>svn import /path/to/import/directory "
6565
"file:///path/to/repos/project</command>\n"
6566
"</screen>"
6567
msgstr ""
6568
6569
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6570
msgid "Access Methods"
6571
msgstr ""
6572
6573
#: serverguide/C/vcs.xml:135(para)
6574
msgid ""
6575
"Subversion repositories can be accessed (checked out) through many different "
6576
"methods --on local disk, or through various network protocols. A repository "
6577
"location, however, is always a URL. The table describes how different URL "
6578
"schemes map to the available access methods."
6579
msgstr ""
6580
6581
#: serverguide/C/vcs.xml:146(para)
6582
msgid "Schema"
6583
msgstr ""
6584
6585
#: serverguide/C/vcs.xml:147(para)
6586
msgid "Access Method"
6587
msgstr ""
6588
6589
#: serverguide/C/vcs.xml:152(para)
6590
msgid "file://"
6591
msgstr ""
6592
6593
#: serverguide/C/vcs.xml:153(para)
6594
msgid "direct repository access (on local disk)"
6595
msgstr ""
6596
6597
#: serverguide/C/vcs.xml:156(para)
6598
msgid "http://"
6599
msgstr ""
6600
6601
#: serverguide/C/vcs.xml:157(para)
6602
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6603
msgstr ""
6604
6605
#: serverguide/C/vcs.xml:160(para)
6606
msgid "https://"
6607
msgstr ""
6608
6609
#: serverguide/C/vcs.xml:161(para)
6610
msgid "Same as http://, but with SSL encryption"
6611
msgstr ""
6612
6613
#: serverguide/C/vcs.xml:164(para)
6614
msgid "svn://"
6615
msgstr ""
6616
6617
#: serverguide/C/vcs.xml:165(para)
6618
msgid "Access via custom protocol to an svnserve server"
6619
msgstr ""
6620
6621
#: serverguide/C/vcs.xml:168(para)
6622
msgid "svn+ssh://"
6623
msgstr ""
6624
6625
#: serverguide/C/vcs.xml:169(para)
6626
msgid "Same as svn://, but through an SSH tunnel"
6627
msgstr ""
6628
6629
#: serverguide/C/vcs.xml:175(para)
6630
msgid ""
6631
"In this section, we will see how to configure Subversion for all these "
6632
"access methods. Here, we cover the basics. For more advanced usage details, "
6633
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6634
msgstr ""
6635
6636
#: serverguide/C/vcs.xml:182(title)
6637
msgid "Direct repository access (file://)"
6638
msgstr ""
6639
6640
#: serverguide/C/vcs.xml:183(para)
6641
msgid ""
6642
"This is the simplest of all access methods. It does not require any "
6643
"Subversion server process to be running. This access method is used to "
6644
"access Subversion from the same machine. The syntax of the command, entered "
6645
"at a terminal prompt, is as follows:"
6646
msgstr ""
6647
6648
#: serverguide/C/vcs.xml:190(command)
6649
msgid "svn co file:///path/to/repos/project"
6650
msgstr ""
6651
6652
#: serverguide/C/vcs.xml:193(para)
6653
msgid "or"
6654
msgstr ""
6655
6656
#: serverguide/C/vcs.xml:196(command)
6657
msgid "svn co file://localhost/path/to/repos/project"
6658
msgstr ""
6659
6660
#: serverguide/C/vcs.xml:200(para)
6661
msgid ""
6662
"If you do not specify the hostname, there are three forward slashes (///) -- "
6663
"two for the protocol (file, in this case) plus the leading slash in the "
6664
"path. If you specify the hostname, you must use two forward slashes (//)."
6665
msgstr ""
6666
6667
#: serverguide/C/vcs.xml:202(para)
6668
msgid ""
6669
"The repository permissions depend on filesystem permissions. If the user has "
6670
"read/write permission, he can checkout from and commit to the repository."
6671
msgstr ""
6672
6673
#: serverguide/C/vcs.xml:205(title)
6674
msgid "Access via WebDAV protocol (http://)"
6675
msgstr ""
6676
6677
#: serverguide/C/vcs.xml:206(para)
6678
msgid ""
6679
"To access the Subversion repository via WebDAV protocol, you must configure "
6680
"your Apache 2 web server. Add the following snippet between the "
6681
"<emphasis><VirtualHost></emphasis> and "
6682
"<emphasis></VirtualHost></emphasis> elements in "
6683
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6684
"VirtualHost file:"
6685
msgstr ""
6686
6687
#: serverguide/C/vcs.xml:212(programlisting)
6688
#, no-wrap
6689
msgid ""
6690
"\n"
6691
" <Location /svn>\n"
6692
" DAV svn\n"
6693
" SVNPath /home/svn\n"
6694
" AuthType Basic\n"
6695
" AuthName \"Your repository name\"\n"
6696
" AuthUserFile /etc/subversion/passwd\n"
6697
" Require valid-user\n"
6698
" </Location> \n"
6699
msgstr ""
6700
6701
#: serverguide/C/vcs.xml:223(para)
6702
msgid ""
6703
"The above configuration snippet assumes that Subversion repositories are "
6704
"created under <filename>/home/svn/</filename> directory using "
6705
"<command>svnadmin</command> command. They can be accessible using "
6706
"<command>http://hostname/svn/repos_name</command> url."
6707
msgstr ""
6708
6709
#: serverguide/C/vcs.xml:229(para)
6710
msgid ""
6711
"To import or commit files to your Subversion repository over HTTP, the "
6712
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6713
"HTTP user is <command>www-data</command>. To change the ownership of the "
6714
"repository files enter the following command from terminal prompt:"
6715
msgstr ""
6716
6717
#: serverguide/C/vcs.xml:238(command)
6718
msgid "sudo chown -R www-data:www-data /path/to/repos"
6719
msgstr ""
6720
6721
#: serverguide/C/vcs.xml:241(para)
6722
msgid ""
6723
"By changing the ownership of repository as <command>www-data</command> you "
6724
"will not be able to import or commit files into the repository by running "
6725
"<command>svn import file:///</command> command as any user other than "
6726
"<command>www-data</command>."
6727
msgstr ""
6728
6729
#: serverguide/C/vcs.xml:250(para)
6730
msgid ""
6731
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6732
"that will contain user authentication details. To create a file issue the "
6733
"following command at a command prompt (which will create the file and add "
6734
"the first user):"
6735
msgstr ""
6736
6737
#: serverguide/C/vcs.xml:256(command)
6738
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6739
msgstr ""
6740
6741
#: serverguide/C/vcs.xml:259(para)
6742
msgid ""
6743
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6744
"option replaces the old file. Instead use this form:"
6745
msgstr ""
6746
6747
#: serverguide/C/vcs.xml:264(command)
6748
msgid "sudo htpasswd /etc/subversion/password user_name"
6749
msgstr ""
6750
6751
#: serverguide/C/vcs.xml:268(para)
6752
msgid ""
6753
"This command will prompt you to enter the password. Once you enter the "
6754
"password, the user is added. Now, to access the repository you can run the "
6755
"following command:"
6756
msgstr ""
6757
6758
#: serverguide/C/vcs.xml:269(command)
6759
msgid "svn co http://servername/svn"
6760
msgstr ""
6761
6762
#: serverguide/C/vcs.xml:271(para)
6763
msgid ""
6764
"The password is transmitted as plain text. If you are worried about password "
6765
"snooping, you are advised to use SSL encryption. For details, please refer "
6766
"next section."
6767
msgstr ""
6768
6769
#: serverguide/C/vcs.xml:277(title)
6770
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6771
msgstr ""
6772
6773
#: serverguide/C/vcs.xml:278(para)
6774
msgid ""
6775
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6776
"(https://) is similar to http:// except that you must install and configure "
6777
"the digital certificate in your Apache2 web server. To use SSL with "
6778
"Subversion add the above Apache2 configuration to "
6779
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6780
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6781
"configuration\"/>."
6782
msgstr ""
6783
6784
#: serverguide/C/vcs.xml:287(para)
6785
msgid ""
6786
"You can install a digital certificate issued by a signing authority. "
6787
"Alternatively, you can install your own self-signed certificate."
6788
msgstr ""
6789
6790
#: serverguide/C/vcs.xml:292(para)
6791
msgid ""
6792
"This step assumes you have installed and configured a digital certificate in "
6793
"your Apache 2 web server. Now, to access the Subversion repository, please "
6794
"refer to the above section! The access methods are exactly the same, except "
6795
"the protocol. You must use https:// to access the Subversion repository."
6796
msgstr ""
6797
6798
#: serverguide/C/vcs.xml:302(title)
6799
msgid "Access via custom protocol (svn://)"
6800
msgstr ""
6801
6802
#: serverguide/C/vcs.xml:303(para)
6803
msgid ""
6804
"Once the Subversion repository is created, you can configure the access "
6805
"control. You can edit the <filename> "
6806
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6807
"access control. For example, to set up authentication, you can uncomment the "
6808
"following lines in the configuration file:"
6809
msgstr ""
6810
6811
#: serverguide/C/vcs.xml:310(programlisting)
6812
#, no-wrap
6813
msgid ""
6814
"# [general]\n"
6815
"# password-db = passwd"
6816
msgstr ""
6817
6818
#: serverguide/C/vcs.xml:313(para)
6819
msgid ""
6820
"After uncommenting the above lines, you can maintain the user list in the "
6821
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6822
"directory and add the new user. The syntax is as follows:"
6823
msgstr ""
6824
6825
#: serverguide/C/vcs.xml:319(programlisting)
6826
#, no-wrap
6827
msgid "username = password"
6828
msgstr ""
6829
6830
#: serverguide/C/vcs.xml:320(para)
6831
msgid "For more details, please refer to the file."
6832
msgstr ""
6833
6834
#: serverguide/C/vcs.xml:324(para)
6835
msgid ""
6836
"Now, to access Subversion via the svn:// custom protocol, either from the "
6837
"same machine or a different machine, you can run svnserver using svnserve "
6838
"command. The syntax is as follows:"
6839
msgstr ""
6840
6841
#: serverguide/C/vcs.xml:329(programlisting)
6842
#, no-wrap
6843
msgid ""
6844
"$ svnserve -d --foreground -r /path/to/repos\n"
6845
"# -d -- daemon mode\n"
6846
"# --foreground -- run in foreground (useful for debugging)\n"
6847
"# -r -- root of directory to serve\n"
6848
"\n"
6849
"For more usage details, please refer to:\n"
6850
"$ svnserve --help"
6851
msgstr ""
6852
6853
#: serverguide/C/vcs.xml:337(para)
6854
msgid ""
6855
"Once you run this command, Subversion starts listening on default port "
6856
"(3690). To access the project repository, you must run the following command "
6857
"from a terminal prompt:"
6858
msgstr ""
6859
6860
#: serverguide/C/vcs.xml:340(command)
6861
msgid "svn co svn://hostname/project project --username user_name"
6862
msgstr ""
6863
6864
#: serverguide/C/vcs.xml:343(para)
6865
msgid ""
6866
"Based on server configuration, it prompts for password. Once you are "
6867
"authenticated, it checks out the code from Subversion repository. To "
6868
"synchronize the project repository with the local copy, you can run the "
6869
"<command>update</command> sub-command. The syntax of the command, entered at "
6870
"a terminal prompt, is as follows:"
6871
msgstr ""
6872
6873
#: serverguide/C/vcs.xml:351(command)
6874
msgid "cd project_dir ; svn update"
6875
msgstr ""
6876
6877
#: serverguide/C/vcs.xml:354(para)
6878
msgid ""
6879
"For more details about using each Subversion sub-command, you can refer to "
6880
"the manual. For example, to learn more about the co (checkout) command, "
6881
"please run the following command from a terminal prompt:"
6882
msgstr ""
6883
6884
#: serverguide/C/vcs.xml:358(command)
6885
msgid "svn co help"
6886
msgstr ""
6887
6888
#: serverguide/C/vcs.xml:362(title)
6889
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6890
msgstr ""
6891
6892
#: serverguide/C/vcs.xml:363(para)
6893
msgid ""
6894
"The configuration and server process is same as in the svn:// method. For "
6895
"details, please refer to the above section. This step assumes you have "
6896
"followed the above step and started the Subversion server using "
6897
"<application>svnserve</application> command."
6898
msgstr ""
6899
6900
#: serverguide/C/vcs.xml:369(para)
6901
msgid ""
6902
"It is also assumed that the ssh server is running on that machine and that "
6903
"it is allowing incoming connections. To confirm, please try to login to that "
6904
"machine using ssh. If you can login, everything is perfect. If you cannot "
6905
"login, please address it before continuing further."
6906
msgstr ""
6907
6908
#: serverguide/C/vcs.xml:375(para)
6909
msgid ""
6910
"The svn+ssh:// protocol is used to access the Subversion repository using "
6911
"SSL encryption. The data transfer is encrypted using this method. To access "
6912
"the project repository (for example with a checkout), you must use the "
6913
"following command syntax:"
6914
msgstr ""
6915
6916
#: serverguide/C/vcs.xml:382(command)
6917
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6918
msgstr ""
6919
6920
#: serverguide/C/vcs.xml:386(para)
6921
msgid ""
6922
"You must use the full path (/path/to/repos/project) to access the Subversion "
6923
"repository using this access method."
6924
msgstr ""
6925
6926
#: serverguide/C/vcs.xml:389(para)
6927
msgid ""
6928
"Based on server configuration, it prompts for password. You must enter the "
6929
"password you use to login via ssh. Once you are authenticated, it checks out "
6930
"the code from the Subversion repository."
6931
msgstr ""
6932
6933
#: serverguide/C/vcs.xml:399(title)
6934
msgid "CVS Server"
6935
msgstr ""
6936
6937
#: serverguide/C/vcs.xml:400(para)
6938
msgid ""
6939
"CVS is a version control system. You can use it to record the history of "
6940
"source files."
6941
msgstr ""
6942
6943
#: serverguide/C/vcs.xml:406(para)
6944
msgid ""
6945
"To install <application>CVS</application>, run the following command from a "
6946
"terminal prompt: <screen>\n"
6947
"<command>sudo apt-get install cvs</command>\n"
6948
"</screen> After you install <application>cvs</application>, you should "
6949
"install <application>xinetd</application> to start/stop the cvs server. At "
6950
"the prompt, enter the following command to install "
6951
"<application>xinetd</application>: <screen>\n"
6952
"<command>sudo apt-get install xinetd</command>\n"
6953
"</screen>"
6954
msgstr ""
6955
6956
#: serverguide/C/vcs.xml:439(programlisting)
6957
#, no-wrap
6958
msgid ""
6959
"\n"
6960
"service cvspserver\n"
6961
"{\n"
6962
" port = 2401\n"
6963
" socket_type = stream\n"
6964
" protocol = tcp\n"
6965
" user = root\n"
6966
" wait = no\n"
6967
" type = UNLISTED\n"
6968
" server = /usr/bin/cvs\n"
6969
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6970
" disable = no\n"
6971
"}\n"
6972
msgstr ""
6973
6974
#: serverguide/C/vcs.xml:455(para)
6975
msgid ""
6976
"Be sure to edit the repository if you have changed the default repository "
6977
"(<application>/var/lib/cvs</application>) directory."
6978
msgstr ""
6979
6980
#: serverguide/C/vcs.xml:424(para)
6981
msgid ""
6982
"Once you install cvs, the repository will be automatically initialized. By "
6983
"default, the repository resides under the "
6984
"<application>/var/lib/cvs</application> directory. You can change this path "
6985
"by running following command: <screen>\n"
6986
"<command>cvs -d /your/new/cvs/repo init</command>\n"
6987
"</screen> Once the initial repository is set up, you can configure "
6988
"<application>xinetd</application> to start the CVS server. You can copy the "
6989
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
6990
"<placeholder-1/><placeholder-2/> Once you have configured "
6991
"<application>xinetd</application> you can start the cvs server by running "
6992
"following command: <screen>\n"
6993
"<command>sudo /etc/init.d/xinetd restart</command>\n"
6994
"</screen>"
6995
msgstr ""
6996
6997
#: serverguide/C/vcs.xml:468(para)
6998
msgid ""
6999
"You can confirm that the CVS server is running by issuing the following "
7000
"command:"
7001
msgstr ""
7002
7003
#: serverguide/C/vcs.xml:475(command)
7004
msgid "sudo netstat -tap | grep cvs"
7005
msgstr ""
7006
7007
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7008
msgid ""
7009
"When you run this command, you should see the following line or something "
7010
"similar:"
7011
msgstr ""
7012
7013
#: serverguide/C/vcs.xml:484(programlisting)
7014
#, no-wrap
7015
msgid ""
7016
"\n"
7017
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7018
msgstr ""
7019
7020
#: serverguide/C/vcs.xml:488(para)
7021
msgid ""
7022
"From here you can continue to add users, add new projects, and manage the "
7023
"CVS server."
7024
msgstr ""
7025
7026
#: serverguide/C/vcs.xml:493(para)
7027
msgid ""
7028
"CVS allows the user to add users independently of the underlying OS "
7029
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7030
"although it has potential security issues. Please refer to the CVS manual "
7031
"for details."
7032
msgstr ""
7033
7034
#: serverguide/C/vcs.xml:503(title)
7035
msgid "Add Projects"
7036
msgstr ""
7037
7038
#: serverguide/C/vcs.xml:515(para)
7039
msgid ""
7040
"You can use the CVSROOT environment variable to store the CVS root "
7041
"directory. Once you export the CVSROOT environment variable, you can avoid "
7042
"using -d option in the above cvs command."
7043
msgstr ""
7044
7045
#: serverguide/C/vcs.xml:527(para)
7046
msgid ""
7047
"When you add a new project, the CVS user you use must have write access to "
7048
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7049
"the <application>src</application> group has write access to the CVS "
7050
"repository. So, you can add the user to this group, and he can then add and "
7051
"manage projects in the CVS repository."
7052
msgstr ""
7053
7054
#: serverguide/C/vcs.xml:504(para)
7055
msgid ""
7056
"This section explains how to add new project to the CVS repository. Create "
7057
"the directory and add necessary document and source files to the directory. "
7058
"Now, run the following command to add this project to CVS repository: "
7059
"<screen>\n"
7060
"<command>cd your/project</command>\n"
7061
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7062
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7063
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7064
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7065
"purpose in this context, but since CVS requires them, they must be present. "
7066
"<placeholder-2/>"
7067
msgstr ""
7068
7069
#: serverguide/C/vcs.xml:540(ulink)
7070
msgid "Bazaar Home Page"
7071
msgstr ""
7072
7073
#: serverguide/C/vcs.xml:541(ulink)
7074
msgid "Launchpad"
7075
msgstr ""
7076
7077
#: serverguide/C/vcs.xml:542(ulink)
7078
msgid "Subversion Home Page"
7079
msgstr ""
7080
7081
#: serverguide/C/vcs.xml:543(ulink)
7082
msgid "Subversion Book"
7083
msgstr ""
7084
7085
#: serverguide/C/vcs.xml:545(ulink)
7086
msgid "CVS Manual"
7087
msgstr ""
7088
7089
#: serverguide/C/vcs.xml:546(ulink)
7090
msgid "Easy Bazaar Ubuntu Wiki page"
7091
msgstr ""
7092
7093
#: serverguide/C/vcs.xml:547(ulink)
7094
msgid "Ubuntu Wiki Subversion page"
7095
msgstr ""
7096
7097
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7098
msgid "Credits and License"
7099
msgstr ""
7100
7101
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7102
msgid ""
7103
"This document is maintained by the Ubuntu documentation team "
7104
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7105
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7106
msgstr ""
7107
7108
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7109
msgid ""
7110
"This document is made available under the Creative Commons ShareAlike 2.5 "
7111
"License (CC-BY-SA)."
7112
msgstr ""
7113
7114
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7115
msgid ""
7116
"You are free to modify, extend, and improve the Ubuntu documentation source "
7117
"code under the terms of this license. All derivative works must be released "
7118
"under this license."
7119
msgstr ""
7120
7121
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7122
msgid ""
7123
"This documentation is distributed in the hope that it will be useful, but "
7124
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7125
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7126
msgstr ""
7127
7128
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7129
msgid ""
7130
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7131
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7132
msgstr ""
7133
7134
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7135
msgid "2010"
7136
msgstr ""
7137
7138
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7139
msgid "Ubuntu Documentation Project"
7140
msgstr ""
7141
7142
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7143
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7144
msgstr ""
7145
7146
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7147
msgid "The Ubuntu Documentation Project"
7148
msgstr ""
7149
7150
#: serverguide/C/serverguide.xml:17(para)
7151
msgid ""
7152
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7153
"information on how to install and configure various server applications on "
7154
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7155
"guide for configuring and customizing your system."
7156
msgstr ""
7157
7158
#: serverguide/C/security.xml:13(title)
7159
msgid "Security"
7160
msgstr ""
7161
7162
#: serverguide/C/security.xml:14(para)
7163
msgid ""
7164
"Security should always be considered when installing, deploying, and using "
7165
"any type of computer system. Although a fresh installation of Ubuntu is "
7166
"relatively safe for immediate use on the Internet, it is important to have a "
7167
"balanced understanding of your systems security posture based on how it will "
7168
"be used after deployment."
7169
msgstr ""
7170
7171
#: serverguide/C/security.xml:17(para)
7172
msgid ""
7173
"This chapter provides an overview of security related topics as they pertain "
7174
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7175
"protect your server and network from any number of potential security "
7176
"threats."
7177
msgstr ""
7178
7179
#: serverguide/C/security.xml:21(title)
7180
msgid "User Management"
7181
msgstr ""
7182
7183
#: serverguide/C/security.xml:22(para)
7184
msgid ""
7185
"User management is a critical part of maintaining a secure system. "
7186
"Ineffective user and privilege management often lead many systems into being "
7187
"compromised. Therefore, it is important that you understand how you can "
7188
"protect your server through simple and effective user account management "
7189
"techniques."
7190
msgstr ""
7191
7192
#: serverguide/C/security.xml:26(title)
7193
msgid "Where is root?"
7194
msgstr ""
7195
7196
#: serverguide/C/security.xml:27(para)
7197
msgid ""
7198
"Ubuntu developers made a conscientious decision to disable the "
7199
"administrative root account by default in all Ubuntu installations. This "
7200
"does not mean that the root account has been deleted or that it may not be "
7201
"accessed. It merely has been given a password which matches no possible "
7202
"encrypted value, therefore may not log in directly by itself."
7203
msgstr ""
7204
7205
#: serverguide/C/security.xml:30(para)
7206
msgid ""
7207
"Instead, users are encouraged to make use of a tool by the name of "
7208
"<application>sudo</application> to carry out system administrative duties. "
7209
"<application>Sudo</application> allows an authorized user to temporarily "
7210
"elevate their privileges using their own password instead of having to know "
7211
"the password belonging to the root account. This simple yet effective "
7212
"methodology provides accountability for all user actions, and gives the "
7213
"administrator granular control over which actions a user can perform with "
7214
"said privileges."
7215
msgstr ""
7216
7217
#: serverguide/C/security.xml:35(para)
7218
msgid ""
7219
"If for some reason you wish to enable the root account, simply give it a "
7220
"password:"
7221
msgstr ""
7222
7223
#: serverguide/C/security.xml:39(command)
7224
msgid "sudo passwd"
7225
msgstr ""
7226
7227
#: serverguide/C/security.xml:41(para)
7228
msgid ""
7229
"Sudo will prompt you for your password, and then ask you to supply a new "
7230
"password for root as shown below:"
7231
msgstr ""
7232
7233
#: serverguide/C/security.xml:44(userinput)
7234
#, no-wrap
7235
msgid "(enter your own password)"
7236
msgstr ""
7237
7238
#: serverguide/C/security.xml:45(userinput)
7239
#, no-wrap
7240
msgid "(enter a new password for root)"
7241
msgstr ""
7242
7243
#: serverguide/C/security.xml:46(userinput)
7244
#, no-wrap
7245
msgid "(repeat new password for root)"
7246
msgstr ""
7247
7248
#: serverguide/C/security.xml:44(computeroutput)
7249
#, no-wrap
7250
msgid ""
7251
"[sudo] password for username: <placeholder-1/>\n"
7252
"Enter new UNIX password: <placeholder-2/>\n"
7253
"Retype new UNIX password: <placeholder-3/>\n"
7254
"passwd: password updated successfully"
7255
msgstr ""
7256
7257
#: serverguide/C/security.xml:51(para)
7258
msgid "To disable the root account, use the following passwd syntax:"
7259
msgstr ""
7260
7261
#: serverguide/C/security.xml:55(command)
7262
msgid "sudo passwd -l root"
7263
msgstr ""
7264
7265
#: serverguide/C/security.xml:59(para)
7266
msgid ""
7267
"You should read more on <application>Sudo</application> by checking out it's "
7268
"man page:"
7269
msgstr ""
7270
7271
#: serverguide/C/security.xml:63(command)
7272
msgid "man sudo"
7273
msgstr ""
7274
7275
#: serverguide/C/security.xml:67(para)
7276
msgid ""
7277
"By default, the initial user created by the Ubuntu installer is a member of "
7278
"the group \"admin\" which is added to the file "
7279
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7280
"give any other account full root access through "
7281
"<application>sudo</application>, simply add them to the admin group."
7282
msgstr ""
7283
7284
#: serverguide/C/security.xml:73(title)
7285
msgid "Adding and Deleting Users"
7286
msgstr ""
7287
7288
#: serverguide/C/security.xml:74(para)
7289
msgid ""
7290
"The process for managing local users and groups is straight forward and "
7291
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7292
"other Debian based distributions, encourage the use of the \"adduser\" "
7293
"package for account management."
7294
msgstr ""
7295
7296
#: serverguide/C/security.xml:79(para)
7297
msgid ""
7298
"To add a user account, use the following syntax, and follow the prompts to "
7299
"give the account a password and identifiable characteristics such as a full "
7300
"name, phone number, etc."
7301
msgstr ""
7302
7303
#: serverguide/C/security.xml:83(command)
7304
msgid "sudo adduser username"
7305
msgstr ""
7306
7307
#: serverguide/C/security.xml:87(para)
7308
msgid ""
7309
"To delete a user account and its primary group, use the following syntax:"
7310
msgstr ""
7311
7312
#: serverguide/C/security.xml:91(command)
7313
msgid "sudo deluser username"
7314
msgstr ""
7315
7316
#: serverguide/C/security.xml:93(para)
7317
msgid ""
7318
"Deleting an account does not remove their respective home folder. It is up "
7319
"to you whether or not you wish to delete the folder manually or keep it "
7320
"according to your desired retention policies."
7321
msgstr ""
7322
7323
#: serverguide/C/security.xml:96(para)
7324
msgid ""
7325
"Remember, any user added later on with the same UID/GID as the previous "
7326
"owner will now have access to this folder if you have not taken the "
7327
"necessary precautions."
7328
msgstr ""
7329
7330
#: serverguide/C/security.xml:99(para)
7331
msgid ""
7332
"You may want to change these UID/GID values to something more appropriate, "
7333
"such as the root account, and perhaps even relocate the folder to avoid "
7334
"future conflicts:"
7335
msgstr ""
7336
7337
#: serverguide/C/security.xml:103(command)
7338
msgid "sudo chown -R root:root /home/username/"
7339
msgstr ""
7340
7341
#: serverguide/C/security.xml:104(command)
7342
msgid "sudo mkdir /home/archived_users/"
7343
msgstr ""
7344
7345
#: serverguide/C/security.xml:105(command)
7346
msgid "sudo mv /home/username /home/archived_users/"
7347
msgstr ""
7348
7349
#: serverguide/C/security.xml:109(para)
7350
msgid ""
7351
"To temporarily lock or unlock a user account, use the following syntax, "
7352
"respectively:"
7353
msgstr ""
7354
7355
#: serverguide/C/security.xml:113(command)
7356
msgid "sudo passwd -l username"
7357
msgstr ""
7358
7359
#: serverguide/C/security.xml:114(command)
7360
msgid "sudo passwd -u username"
7361
msgstr ""
7362
7363
#: serverguide/C/security.xml:118(para)
7364
msgid ""
7365
"To add or delete a personalized group, use the following syntax, "
7366
"respectively:"
7367
msgstr ""
7368
7369
#: serverguide/C/security.xml:122(command)
7370
msgid "sudo addgroup groupname"
7371
msgstr ""
7372
7373
#: serverguide/C/security.xml:123(command)
7374
msgid "sudo delgroup groupname"
7375
msgstr ""
7376
7377
#: serverguide/C/security.xml:127(para)
7378
msgid "To add a user to a group, use the following syntax:"
7379
msgstr ""
7380
7381
#: serverguide/C/security.xml:131(command)
7382
msgid "sudo adduser username groupname"
7383
msgstr ""
7384
7385
#: serverguide/C/security.xml:138(title)
7386
msgid "User Profile Security"
7387
msgstr ""
7388
7389
#: serverguide/C/security.xml:139(para)
7390
msgid ""
7391
"When a new user is created, the adduser utility creates a brand new home "
7392
"directory named <filename class=\"directory\">/home/username</filename>, "
7393
"respectively. The default profile is modeled after the contents found in the "
7394
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7395
"includes all profile basics."
7396
msgstr ""
7397
7398
#: serverguide/C/security.xml:142(para)
7399
msgid ""
7400
"If your server will be home to multiple users, you should pay close "
7401
"attention to the user home directory permissions to ensure confidentiality. "
7402
"By default, user home directories in Ubuntu are created with world "
7403
"read/execute permissions. This means that all users can browse and access "
7404
"the contents of other users home directories. This may not be suitable for "
7405
"your environment."
7406
msgstr ""
7407
7408
#: serverguide/C/security.xml:147(para)
7409
msgid ""
7410
"To verify your current users home directory permissions, use the following "
7411
"syntax:"
7412
msgstr ""
7413
7414
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7415
msgid "ls -ld /home/username"
7416
msgstr ""
7417
7418
#: serverguide/C/security.xml:153(para)
7419
msgid ""
7420
"The following output shows that the directory <filename "
7421
"class=\"directory\">/home/username</filename> has world readable permissions:"
7422
msgstr ""
7423
7424
#: serverguide/C/security.xml:156(computeroutput)
7425
#, no-wrap
7426
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7427
msgstr ""
7428
7429
#: serverguide/C/security.xml:160(para)
7430
msgid ""
7431
"You can remove the world readable permissions using the following syntax:"
7432
msgstr ""
7433
7434
#: serverguide/C/security.xml:164(command)
7435
msgid "sudo chmod 0750 /home/username"
7436
msgstr ""
7437
7438
#: serverguide/C/security.xml:167(para)
7439
msgid ""
7440
"Some people tend to use the recursive option (-R) indiscriminately which "
7441
"modifies all child folders and files, but this is not necessary, and may "
7442
"yield other undesirable results. The parent directory alone is sufficient "
7443
"for preventing unauthorized access to anything below the parent."
7444
msgstr ""
7445
7446
#: serverguide/C/security.xml:171(para)
7447
msgid ""
7448
"A much more efficient approach to the matter would be to modify the "
7449
"<application>adduser</application> global default permissions when creating "
7450
"user home folders. Simply edit the file "
7451
"<filename>/etc/adduser.conf</filename> and modify the "
7452
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7453
"new home directories will receive the correct permissions."
7454
msgstr ""
7455
7456
#: serverguide/C/security.xml:174(programlisting)
7457
#, no-wrap
7458
msgid ""
7459
"\n"
7460
"DIR_MODE=0750\n"
7461
msgstr ""
7462
7463
#: serverguide/C/security.xml:179(para)
7464
msgid ""
7465
"After correcting the directory permissions using any of the previously "
7466
"mentioned techniques, verify the results using the following syntax:"
7467
msgstr ""
7468
7469
#: serverguide/C/security.xml:185(para)
7470
msgid ""
7471
"The results below show that world readable permissions have been removed:"
7472
msgstr ""
7473
7474
#: serverguide/C/security.xml:188(computeroutput)
7475
#, no-wrap
7476
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7477
msgstr ""
7478
7479
#: serverguide/C/security.xml:195(title)
7480
msgid "Password Policy"
7481
msgstr ""
7482
7483
#: serverguide/C/security.xml:196(para)
7484
msgid ""
7485
"A strong password policy is one of the most important aspects of your "
7486
"security posture. Many successful security breaches involve simple brute "
7487
"force and dictionary attacks against weak passwords. If you intend to offer "
7488
"any form of remote access involving your local password system, make sure "
7489
"you adequately address minimum password complexity requirements, maximum "
7490
"password lifetimes, and frequent audits of your authentication systems."
7491
msgstr ""
7492
7493
#: serverguide/C/security.xml:200(title)
7494
msgid "Minimum Password Length"
7495
msgstr ""
7496
7497
#: serverguide/C/security.xml:201(para)
7498
msgid ""
7499
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7500
"well as some basic entropy checks. These values are controlled in the file "
7501
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7502
msgstr ""
7503
7504
#: serverguide/C/security.xml:204(programlisting)
7505
#, no-wrap
7506
msgid ""
7507
"\n"
7508
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7509
msgstr ""
7510
7511
#: serverguide/C/security.xml:207(para)
7512
msgid ""
7513
"If you would like to adjust the minimum length to 8 characters, change the "
7514
"appropriate variable to min=8. The modification is outlined below."
7515
msgstr ""
7516
7517
#: serverguide/C/security.xml:210(programlisting)
7518
#, no-wrap
7519
msgid ""
7520
"\n"
7521
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7522
"min=8\n"
7523
msgstr ""
7524
7525
#: serverguide/C/security.xml:215(title)
7526
msgid "Password Expiration"
7527
msgstr ""
7528
7529
#: serverguide/C/security.xml:216(para)
7530
msgid ""
7531
"When creating user accounts, you should make it a policy to have a minimum "
7532
"and maximum password age forcing users to change their passwords when they "
7533
"expire."
7534
msgstr ""
7535
7536
#: serverguide/C/security.xml:221(para)
7537
msgid ""
7538
"To easily view the current status of a user account, use the following "
7539
"syntax:"
7540
msgstr ""
7541
7542
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7543
msgid "sudo chage -l username"
7544
msgstr ""
7545
7546
#: serverguide/C/security.xml:227(para)
7547
msgid ""
7548
"The output below shows interesting facts about the user account, namely that "
7549
"there are no policies applied:"
7550
msgstr ""
7551
7552
#: serverguide/C/security.xml:230(computeroutput)
7553
#, no-wrap
7554
msgid ""
7555
"Last password change : Jan 20, 2008\n"
7556
"Password expires : never\n"
7557
"Password inactive : never\n"
7558
"Account expires : never\n"
7559
"Minimum number of days between password change : 0\n"
7560
"Maximum number of days between password change : 99999\n"
7561
"Number of days of warning before password expires : 7"
7562
msgstr ""
7563
7564
#: serverguide/C/security.xml:240(para)
7565
msgid ""
7566
"To set any of these values, simply use the following syntax, and follow the "
7567
"interactive prompts:"
7568
msgstr ""
7569
7570
#: serverguide/C/security.xml:244(command)
7571
msgid "sudo chage username"
7572
msgstr ""
7573
7574
#: serverguide/C/security.xml:246(para)
7575
msgid ""
7576
"The following is also an example of how you can manually change the explicit "
7577
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7578
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7579
"password expiration, and a warning time period (-W) of 14 days before "
7580
"password expiration."
7581
msgstr ""
7582
7583
#: serverguide/C/security.xml:250(command)
7584
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7585
msgstr ""
7586
7587
#: serverguide/C/security.xml:254(para)
7588
msgid "To verify changes, use the same syntax as mentioned previously:"
7589
msgstr ""
7590
7591
#: serverguide/C/security.xml:260(para)
7592
msgid ""
7593
"The output below shows the new policies that have been established for the "
7594
"account:"
7595
msgstr ""
7596
7597
#: serverguide/C/security.xml:263(computeroutput)
7598
#, no-wrap
7599
msgid ""
7600
"Last password change : Jan 20, 2008\n"
7601
"Password expires : Apr 19, 2008\n"
7602
"Password inactive : May 19, 2008\n"
7603
"Account expires : Jan 31, 2008\n"
7604
"Minimum number of days between password change : 5\n"
7605
"Maximum number of days between password change : 90\n"
7606
"Number of days of warning before password expires : 14"
7607
msgstr ""
7608
7609
#: serverguide/C/security.xml:279(title)
7610
msgid "Other Security Considerations"
7611
msgstr ""
7612
7613
#: serverguide/C/security.xml:280(para)
7614
msgid ""
7615
"Many applications use alternate authentication mechanisms that can be easily "
7616
"overlooked by even experienced system administrators. Therefore, it is "
7617
"important to understand and control how users authenticate and gain access "
7618
"to services and applications on your server."
7619
msgstr ""
7620
7621
#: serverguide/C/security.xml:285(title)
7622
msgid "SSH Access by Disabled Users"
7623
msgstr ""
7624
7625
#: serverguide/C/security.xml:286(para)
7626
msgid ""
7627
"Simply disabling/locking a user account will not prevent a user from logging "
7628
"into your server remotely if they have previously set up RSA public key "
7629
"authentication. They will still be able to gain shell access to the server, "
7630
"without the need for any password. Remember to check the users home "
7631
"directory for files that will allow for this type of authenticated SSH "
7632
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7633
msgstr ""
7634
7635
#: serverguide/C/security.xml:289(para)
7636
msgid ""
7637
"Remove or rename the directory <filename "
7638
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7639
"further SSH authentication capabilities."
7640
msgstr ""
7641
7642
#: serverguide/C/security.xml:292(para)
7643
msgid ""
7644
"Be sure to check for any established SSH connections by the disabled user, "
7645
"as it is possible they may have existing inbound or outbound connections. "
7646
"Kill any that are found."
7647
msgstr ""
7648
7649
#: serverguide/C/security.xml:295(para)
7650
msgid ""
7651
"Restrict SSH access to only user accounts that should have it. For example, "
7652
"you may create a group called \"sshlogin\" and add the group name as the "
7653
"value associated with the <varname>AllowGroups</varname> variable located in "
7654
"the file <filename>/etc/ssh/sshd_config</filename>."
7655
msgstr ""
7656
7657
#: serverguide/C/security.xml:298(programlisting)
7658
#, no-wrap
7659
msgid ""
7660
"\n"
7661
"AllowGroups sshlogin\n"
7662
msgstr ""
7663
7664
#: serverguide/C/security.xml:301(para)
7665
msgid ""
7666
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7667
"SSH service."
7668
msgstr ""
7669
7670
#: serverguide/C/security.xml:305(command)
7671
msgid "sudo adduser username sshlogin"
7672
msgstr ""
7673
7674
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7675
msgid "sudo /etc/init.d/ssh restart"
7676
msgstr ""
7677
7678
#: serverguide/C/security.xml:310(title)
7679
msgid "External User Database Authentication"
7680
msgstr ""
7681
7682
#: serverguide/C/security.xml:311(para)
7683
msgid ""
7684
"Most enterprise networks require centralized authentication and access "
7685
"controls for all system resources. If you have configured your server to "
7686
"authenticate users against external databases, be sure to disable the user "
7687
"accounts both externally and locally, this way you ensure that local "
7688
"fallback authentication is not possible."
7689
msgstr ""
7690
7691
#: serverguide/C/security.xml:320(title)
7692
msgid "Console Security"
7693
msgstr ""
7694
7695
#: serverguide/C/security.xml:321(para)
7696
msgid ""
7697
"As with any other security barrier you put in place to protect your server, "
7698
"it is pretty tough to defend against untold damage caused by someone with "
7699
"physical access to your environment, for example, theft of hard drives, "
7700
"power or service disruption and so on. Therefore, console security should be "
7701
"addressed merely as one component of your overall physical security "
7702
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7703
"very least slow down a determined one, so it is still advisable to perform "
7704
"basic precautions with regard to console security."
7705
msgstr ""
7706
7707
#: serverguide/C/security.xml:324(para)
7708
msgid ""
7709
"The following instructions will help defend your server against issues that "
7710
"could otherwise yield very serious consequences."
7711
msgstr ""
7712
7713
#: serverguide/C/security.xml:329(title)
7714
msgid "Disable Ctrl+Alt+Delete"
7715
msgstr ""
7716
7717
#: serverguide/C/security.xml:330(para)
7718
msgid ""
7719
"First and foremost, anyone that has physical access to the keyboard can "
7720
"simply use the "
7721
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7722
"eycombo> key combination to reboot the server without having to log on. "
7723
"Sure, someone could simply unplug the power source, but you should still "
7724
"prevent the use of this key combination on a production server. This forces "
7725
"an attacker to take more drastic measures to reboot the server, and will "
7726
"prevent accidental reboots at the same time."
7727
msgstr ""
7728
7729
#: serverguide/C/security.xml:335(para)
7730
msgid ""
7731
"To disable the reboot action taken by pressing the "
7732
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7733
"eycombo> key combination, comment out the following line in the file "
7734
"<filename>/etc/init/control-alt-delete.conf</filename>."
7735
msgstr ""
7736
7737
#: serverguide/C/security.xml:338(programlisting)
7738
#, no-wrap
7739
msgid ""
7740
"\n"
7741
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7742
msgstr ""
7743
7744
#: serverguide/C/security.xml:347(title)
7745
msgid "Firewall"
7746
msgstr ""
7747
7748
#: serverguide/C/security.xml:350(para)
7749
msgid ""
7750
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7751
"which is used to manipulate or decide the fate of network traffic headed "
7752
"into or through your server. All modern Linux firewall solutions use this "
7753
"system for packet filtering."
7754
msgstr ""
7755
7756
#: serverguide/C/security.xml:355(para)
7757
msgid ""
7758
"The kernel's packet filtering system would be of little use to "
7759
"administrators without a userspace interface to manage it. This is the "
7760
"purpose of iptables. When a packet reaches your server, it will be handed "
7761
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7762
"based on the rules supplied to it from userspace via iptables. Thus, "
7763
"iptables is all you need to manage your firewall if you're familiar with it, "
7764
"but many frontends are available to simplify the task."
7765
msgstr ""
7766
7767
#: serverguide/C/security.xml:365(title)
7768
msgid "ufw - Uncomplicated Firewall"
7769
msgstr ""
7770
7771
#: serverguide/C/security.xml:366(para)
7772
msgid ""
7773
"The default firewall configuration tool for Ubuntu is "
7774
"<application>ufw</application>. Developed to ease iptables firewall "
7775
"configuration, <application>ufw</application> provides a user friendly way "
7776
"to create an IPv4 or IPv6 host-based firewall."
7777
msgstr ""
7778
7779
#: serverguide/C/security.xml:370(para)
7780
msgid ""
7781
"<application>ufw</application> by default is initially disabled. From the "
7782
"<application>ufw</application> man page:"
7783
msgstr ""
7784
7785
#: serverguide/C/security.xml:374(quote)
7786
msgid ""
7787
"ufw is not intended to provide complete firewall functionality via its "
7788
"command interface, but instead provides an easy way to add or remove simple "
7789
"rules. It is currently mainly used for host-based firewalls."
7790
msgstr ""
7791
7792
#: serverguide/C/security.xml:378(para)
7793
msgid ""
7794
"The following are some examples of how to use <application>ufw</application>:"
7795
msgstr ""
7796
7797
#: serverguide/C/security.xml:383(para)
7798
msgid ""
7799
"First, <application>ufw</application> needs to be enabled. From a terminal "
7800
"prompt enter:"
7801
msgstr ""
7802
7803
#: serverguide/C/security.xml:387(command)
7804
msgid "sudo ufw enable"
7805
msgstr ""
7806
7807
#: serverguide/C/security.xml:391(para)
7808
msgid "To open a port (ssh in this example):"
7809
msgstr ""
7810
7811
#: serverguide/C/security.xml:395(command)
7812
msgid "sudo ufw allow 22"
7813
msgstr ""
7814
7815
#: serverguide/C/security.xml:399(para)
7816
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7817
msgstr ""
7818
7819
#: serverguide/C/security.xml:403(command)
7820
msgid "sudo ufw insert 1 allow 80"
7821
msgstr ""
7822
7823
#: serverguide/C/security.xml:407(para)
7824
msgid "Similarly, to close an opened port:"
7825
msgstr ""
7826
7827
#: serverguide/C/security.xml:411(command)
7828
msgid "sudo ufw deny 22"
7829
msgstr ""
7830
7831
#: serverguide/C/security.xml:415(para)
7832
msgid "To remove a rule, use delete followed by the rule:"
7833
msgstr ""
7834
7835
#: serverguide/C/security.xml:419(command)
7836
msgid "sudo ufw delete deny 22"
7837
msgstr ""
7838
7839
#: serverguide/C/security.xml:423(para)
7840
msgid ""
7841
"It is also possible to allow access from specific hosts or networks to a "
7842
"port. The following example allows ssh access from host 192.168.0.2 to any "
7843
"ip address on this host:"
7844
msgstr ""
7845
7846
#: serverguide/C/security.xml:428(command)
7847
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7848
msgstr ""
7849
7850
#: serverguide/C/security.xml:430(para)
7851
msgid ""
7852
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7853
"subnet."
7854
msgstr ""
7855
7856
#: serverguide/C/security.xml:436(para)
7857
msgid ""
7858
"Adding the <emphasis>--dry-run</emphasis> option to a "
7859
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7860
"apply them. For example, the following is what would be applied if opening "
7861
"the HTTP port:"
7862
msgstr ""
7863
7864
#: serverguide/C/security.xml:442(command)
7865
msgid "sudo ufw --dry-run allow http"
7866
msgstr ""
7867
7868
#: serverguide/C/security.xml:446(computeroutput)
7869
#, no-wrap
7870
msgid ""
7871
"*filter\n"
7872
":ufw-user-input - [0:0]\n"
7873
":ufw-user-output - [0:0]\n"
7874
":ufw-user-forward - [0:0]\n"
7875
":ufw-user-limit - [0:0]\n"
7876
":ufw-user-limit-accept - [0:0]\n"
7877
"### RULES ###\n"
7878
"\n"
7879
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7880
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7881
"\n"
7882
"### END RULES ###\n"
7883
"-A ufw-user-input -j RETURN\n"
7884
"-A ufw-user-output -j RETURN\n"
7885
"-A ufw-user-forward -j RETURN\n"
7886
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7887
"LIMIT]: \"\n"
7888
"-A ufw-user-limit -j REJECT\n"
7889
"-A ufw-user-limit-accept -j ACCEPT\n"
7890
"COMMIT\n"
7891
"Rules updated"
7892
msgstr ""
7893
7894
#: serverguide/C/security.xml:470(para)
7895
msgid "<application>ufw</application> can be disabled by:"
7896
msgstr ""
7897
7898
#: serverguide/C/security.xml:474(command)
7899
msgid "sudo ufw disable"
7900
msgstr ""
7901
7902
#: serverguide/C/security.xml:478(para)
7903
msgid "To see the firewall status, enter:"
7904
msgstr ""
7905
7906
#: serverguide/C/security.xml:482(command)
7907
msgid "sudo ufw status"
7908
msgstr ""
7909
7910
#: serverguide/C/security.xml:486(para)
7911
msgid "And for more verbose status information use:"
7912
msgstr ""
7913
7914
#: serverguide/C/security.xml:490(command)
7915
msgid "sudo ufw status verbose"
7916
msgstr ""
7917
7918
#: serverguide/C/security.xml:494(para)
7919
msgid "To view the <emphasis>numbered</emphasis> format:"
7920
msgstr ""
7921
7922
#: serverguide/C/security.xml:498(command)
7923
msgid "sudo ufw status numbered"
7924
msgstr ""
7925
7926
#: serverguide/C/security.xml:503(para)
7927
msgid ""
7928
"If the port you want to open or close is defined in "
7929
"<filename>/etc/services</filename>, you can use the port name instead of the "
7930
"number. In the above examples, replace <emphasis>22</emphasis> with "
7931
"<emphasis>ssh</emphasis>."
7932
msgstr ""
7933
7934
#: serverguide/C/security.xml:509(para)
7935
msgid ""
7936
"This is a quick introduction to using <application>ufw</application>. Please "
7937
"refer to the <application>ufw</application> man page for more information."
7938
msgstr ""
7939
7940
#: serverguide/C/security.xml:515(title)
7941
msgid "ufw Application Integration"
7942
msgstr ""
7943
7944
#: serverguide/C/security.xml:517(para)
7945
msgid ""
7946
"Applications that open ports can include an <application>ufw</application> "
7947
"profile, which details the ports needed for the application to function "
7948
"properly. The profiles are kept in <filename "
7949
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7950
"the default ports have been changed."
7951
msgstr ""
7952
7953
#: serverguide/C/security.xml:526(para)
7954
msgid ""
7955
"To view which applications have installed a profile, enter the following in "
7956
"a terminal:"
7957
msgstr ""
7958
7959
#: serverguide/C/security.xml:531(command)
7960
msgid "sudo ufw app list"
7961
msgstr ""
7962
7963
#: serverguide/C/security.xml:537(para)
7964
msgid ""
7965
"Similar to allowing traffic to a port, using an application profile is "
7966
"accomplished by entering:"
7967
msgstr ""
7968
7969
#: serverguide/C/security.xml:542(command)
7970
msgid "sudo ufw allow Samba"
7971
msgstr ""
7972
7973
#: serverguide/C/security.xml:548(para)
7974
msgid "An extended syntax is available as well:"
7975
msgstr ""
7976
7977
#: serverguide/C/security.xml:553(command)
7978
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7979
msgstr ""
7980
7981
#: serverguide/C/security.xml:556(para)
7982
msgid ""
7983
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7984
"with the application profile you are using and the IP range for your network."
7985
msgstr ""
7986
7987
#: serverguide/C/security.xml:562(para)
7988
msgid ""
7989
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7990
"application, because that information is detailed in the profile. Also, note "
7991
"that the <emphasis>app</emphasis> name replaces the "
7992
"<emphasis>port</emphasis> number."
7993
msgstr ""
7994
7995
#: serverguide/C/security.xml:571(para)
7996
msgid ""
7997
"To view details about which ports, protocols, etc are defined for an "
7998
"application, enter:"
7999
msgstr ""
8000
8001
#: serverguide/C/security.xml:576(command)
8002
msgid "sudo ufw app info Samba"
8003
msgstr ""
8004
8005
#: serverguide/C/security.xml:582(para)
8006
msgid ""
8007
"Not all applications that require opening a network port come with "
8008
"<application>ufw</application> profiles, but if you have profiled an "
8009
"application and want the file to be included with the package, please file a "
8010
"bug against the package in <ulink "
8011
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8012
msgstr ""
8013
8014
#: serverguide/C/security.xml:591(title)
8015
msgid "IP Masquerading"
8016
msgstr ""
8017
8018
#: serverguide/C/security.xml:592(para)
8019
msgid ""
8020
"The purpose of IP Masquerading is to allow machines with private, non-"
8021
"routable IP addresses on your network to access the Internet through the "
8022
"machine doing the masquerading. Traffic from your private network destined "
8023
"for the Internet must be manipulated for replies to be routable back to the "
8024
"machine that made the request. To do this, the kernel must modify the "
8025
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8026
"be routed back to it, rather than to the private IP address that made the "
8027
"request, which is impossible over the Internet. Linux uses "
8028
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8029
"connections belong to which machines and reroute each return packet "
8030
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8031
"having originated from your Ubuntu gateway machine. This process is referred "
8032
"to in Microsoft documentation as Internet Connection Sharing."
8033
msgstr ""
8034
8035
#: serverguide/C/security.xml:608(title)
8036
msgid "ufw Masquerading"
8037
msgstr ""
8038
8039
#: serverguide/C/security.xml:609(para)
8040
msgid ""
8041
"IP Masquerading can be achieved using custom <application>ufw</application> "
8042
"rules. This is possible because the current back-end for "
8043
"<application>ufw</application> is <application>iptables-"
8044
"restore</application> with the rules files located in "
8045
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8046
"legacy iptables rules used without <application>ufw</application>, and rules "
8047
"that are more network gateway or bridge related."
8048
msgstr ""
8049
8050
#: serverguide/C/security.xml:615(para)
8051
msgid ""
8052
"The rules are split into two different files, rules that should be executed "
8053
"before <application>ufw</application> command line rules, and rules that are "
8054
"executed after <application>ufw</application> command line rules."
8055
msgstr ""
8056
8057
#: serverguide/C/security.xml:621(para)
8058
msgid ""
8059
"First, packet forwarding needs to be enabled in "
8060
"<application>ufw</application>. Two configuration files will need to be "
8061
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8062
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8063
msgstr ""
8064
8065
#: serverguide/C/security.xml:625(programlisting)
8066
#, no-wrap
8067
msgid ""
8068
"\n"
8069
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8070
msgstr ""
8071
8072
#: serverguide/C/security.xml:628(para)
8073
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8074
msgstr ""
8075
8076
#: serverguide/C/security.xml:631(programlisting)
8077
#, no-wrap
8078
msgid ""
8079
"\n"
8080
"net/ipv4/ip_forward=1\n"
8081
msgstr ""
8082
8083
#: serverguide/C/security.xml:634(para)
8084
msgid "Similarly, for IPv6 forwarding uncomment:"
8085
msgstr ""
8086
8087
#: serverguide/C/security.xml:637(programlisting)
8088
#, no-wrap
8089
msgid ""
8090
"\n"
8091
"net/ipv6/conf/default/forwarding=1\n"
8092
msgstr ""
8093
8094
#: serverguide/C/security.xml:642(para)
8095
msgid ""
8096
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8097
"file. The default rules only configure the <emphasis>filter</emphasis> "
8098
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8099
"need to be configured. Add the following to the top of the file just after "
8100
"the header comments:"
8101
msgstr ""
8102
8103
#: serverguide/C/security.xml:647(programlisting)
8104
#, no-wrap
8105
msgid ""
8106
"\n"
8107
"# nat Table rules\n"
8108
"*nat\n"
8109
":POSTROUTING ACCEPT [0:0]\n"
8110
"\n"
8111
"# Forward traffic from eth1 through eth0.\n"
8112
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8113
"\n"
8114
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8115
"processed\n"
8116
"COMMIT\n"
8117
msgstr ""
8118
8119
#: serverguide/C/security.xml:658(para)
8120
msgid ""
8121
"The comments are not strictly necessary, but it is considered good practice "
8122
"to document your configuration. Also, when modifying any of the "
8123
"<emphasis>rules</emphasis> files in <filename "
8124
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8125
"line for each table modified:"
8126
msgstr ""
8127
8128
#: serverguide/C/security.xml:664(programlisting)
8129
#, no-wrap
8130
msgid ""
8131
"\n"
8132
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8133
"COMMIT\n"
8134
msgstr ""
8135
8136
#: serverguide/C/security.xml:669(para)
8137
msgid ""
8138
"For each <emphasis>Table</emphasis> a corresponding "
8139
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8140
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8141
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8142
"<emphasis>mangle</emphasis> tables."
8143
msgstr ""
8144
8145
#: serverguide/C/security.xml:676(para)
8146
msgid ""
8147
"In the above example replace <emphasis>eth0</emphasis>, "
8148
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8149
"appropriate interfaces and IP range for your network."
8150
msgstr ""
8151
8152
#: serverguide/C/security.xml:684(para)
8153
msgid ""
8154
"Finally, disable and re-enable <application>ufw</application> to apply the "
8155
"changes:"
8156
msgstr ""
8157
8158
#: serverguide/C/security.xml:688(command)
8159
msgid "sudo ufw disable && sudo ufw enable"
8160
msgstr ""
8161
8162
#: serverguide/C/security.xml:692(para)
8163
msgid ""
8164
"IP Masquerading should now be enabled. You can also add any additional "
8165
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8166
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8167
"forward</emphasis> chain."
8168
msgstr ""
8169
8170
#: serverguide/C/security.xml:699(title)
8171
msgid "iptables Masquerading"
8172
msgstr ""
8173
8174
#: serverguide/C/security.xml:700(para)
8175
msgid ""
8176
"<application>iptables</application> can also be used to enable masquerading."
8177
msgstr ""
8178
8179
#: serverguide/C/security.xml:705(para)
8180
msgid ""
8181
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8182
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8183
"uncomment the following line"
8184
msgstr ""
8185
8186
#: serverguide/C/security.xml:709(programlisting)
8187
#, no-wrap
8188
msgid ""
8189
"\n"
8190
"net.ipv4.ip_forward=1\n"
8191
msgstr ""
8192
8193
#: serverguide/C/security.xml:712(para)
8194
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8195
msgstr ""
8196
8197
#: serverguide/C/security.xml:715(programlisting)
8198
#, no-wrap
8199
msgid ""
8200
"\n"
8201
"net.ipv6.conf.default.forwarding=1\n"
8202
msgstr ""
8203
8204
#: serverguide/C/security.xml:720(para)
8205
msgid ""
8206
"Next, execute the <application>sysctl</application> command to enable the "
8207
"new settings in the configuration file:"
8208
msgstr ""
8209
8210
#: serverguide/C/security.xml:724(command)
8211
msgid "sudo sysctl -p"
8212
msgstr ""
8213
8214
#: serverguide/C/security.xml:728(para)
8215
msgid ""
8216
"IP Masquerading can now be accomplished with a single iptables rule, which "
8217
"may differ slightly based on your network configuration:"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:731(screen)
8221
#, no-wrap
8222
msgid ""
8223
"\n"
8224
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8225
msgstr ""
8226
8227
#: serverguide/C/security.xml:734(para)
8228
msgid ""
8229
"The above command assumes that your private address space is 192.168.0.0/16 "
8230
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8231
"follows:"
8232
msgstr ""
8233
8234
#: serverguide/C/security.xml:739(para)
8235
msgid "-t nat -- the rule is to go into the nat table"
8236
msgstr ""
8237
8238
#: serverguide/C/security.xml:740(para)
8239
msgid ""
8240
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8241
msgstr ""
8242
8243
#: serverguide/C/security.xml:741(para)
8244
msgid ""
8245
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8246
"specified address space"
8247
msgstr ""
8248
8249
#: serverguide/C/security.xml:742(para)
8250
msgid ""
8251
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8252
"specified network device"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:744(para)
8256
msgid ""
8257
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8258
"MASQUERADE target to be manipulated as described above"
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:752(para)
8262
msgid ""
8263
"Also, each chain in the filter table (the default table, and where most or "
8264
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8265
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8266
"you may have set the policies to DROP or REJECT, in which case your "
8267
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8268
"above rule to work:"
8269
msgstr ""
8270
8271
#: serverguide/C/security.xml:759(screen)
8272
#, no-wrap
8273
msgid ""
8274
"\n"
8275
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8276
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8277
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8278
msgstr ""
8279
8280
#: serverguide/C/security.xml:763(para)
8281
msgid ""
8282
"The above commands will allow all connections from your local network to the "
8283
"Internet and all traffic related to those connections to return to the "
8284
"machine that initiated them."
8285
msgstr ""
8286
8287
#: serverguide/C/security.xml:770(para)
8288
msgid ""
8289
"If you want masquerading to be enabled on reboot, which you probably do, "
8290
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8291
"example add the first command with no filtering:"
8292
msgstr ""
8293
8294
#: serverguide/C/security.xml:774(screen)
8295
#, no-wrap
8296
msgid ""
8297
"\n"
8298
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8299
msgstr ""
8300
8301
#: serverguide/C/security.xml:782(title)
8302
msgid "Logs"
8303
msgstr ""
8304
8305
#: serverguide/C/security.xml:783(para)
8306
msgid ""
8307
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8308
"firewall rules, and noticing unusual activity on your network. You must "
8309
"include logging rules in your firewall for them to be generated, though, and "
8310
"logging rules must come before any applicable terminating rule (a rule with "
8311
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8312
"REJECT)."
8313
msgstr ""
8314
8315
#: serverguide/C/security.xml:790(para)
8316
msgid ""
8317
"If you are using <application>ufw</application>, you can turn on logging by "
8318
"entering the following in a terminal:"
8319
msgstr ""
8320
8321
#: serverguide/C/security.xml:794(command)
8322
msgid "sudo ufw logging on"
8323
msgstr ""
8324
8325
#: serverguide/C/security.xml:796(para)
8326
msgid ""
8327
"To turn logging off in <application>ufw</application>, simply replace "
8328
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8329
"role=\"italic\">off</emphasis> in the above command."
8330
msgstr ""
8331
8332
#: serverguide/C/security.xml:799(para)
8333
msgid ""
8334
"If using <application>iptables</application> instead of "
8335
"<application>ufw</application>, enter:"
8336
msgstr ""
8337
8338
#: serverguide/C/security.xml:802(screen)
8339
#, no-wrap
8340
msgid ""
8341
"\n"
8342
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8343
"prefix \"NEW_HTTP_CONN: \"\n"
8344
msgstr ""
8345
8346
#: serverguide/C/security.xml:805(para)
8347
msgid ""
8348
"A request on port 80 from the local machine, then, would generate a log in "
8349
"dmesg that looks like this:"
8350
msgstr ""
8351
8352
#: serverguide/C/security.xml:810(programlisting)
8353
#, no-wrap
8354
msgid ""
8355
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8356
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8357
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8358
"WINDOW=32767 RES=0x00 SYN URGP=0"
8359
msgstr ""
8360
8361
#: serverguide/C/security.xml:812(para)
8362
msgid ""
8363
"The above log will also appear in <filename>/var/log/messages</filename>, "
8364
"<filename>/var/log/syslog</filename>, and "
8365
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8366
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8367
"and configuring <application>ulogd</application> and using the ULOG target "
8368
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8369
"server that listens for logging instructions from the kernel specifically "
8370
"for firewalls, and can log to any file you like, or even to a "
8371
"<application>PostgreSQL</application> or <application>MySQL</application> "
8372
"database. Making sense of your firewall logs can be simplified by using a "
8373
"log analyzing tool such as <application>fwanalog</application>, "
8374
"<application> fwlogwatch</application>, or <application>lire</application>."
8375
msgstr ""
8376
8377
#: serverguide/C/security.xml:827(title)
8378
msgid "Other Tools"
8379
msgstr ""
8380
8381
#: serverguide/C/security.xml:828(para)
8382
msgid ""
8383
"There are many tools available to help you construct a complete firewall "
8384
"without intimate knowledge of iptables. For the GUI-inclined:"
8385
msgstr ""
8386
8387
#: serverguide/C/security.xml:834(para)
8388
msgid ""
8389
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8390
"popular and easy to use."
8391
msgstr ""
8392
8393
#: serverguide/C/security.xml:839(para)
8394
msgid ""
8395
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8396
"and will look familiar to an administrator who has used a commercial "
8397
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8398
msgstr ""
8399
8400
#: serverguide/C/security.xml:845(para)
8401
msgid ""
8402
"If you prefer a command-line tool with plain-text configuration files:"
8403
msgstr ""
8404
8405
#: serverguide/C/security.xml:850(para)
8406
msgid ""
8407
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8408
"powerful solution to help you configure an advanced firewall for any network."
8409
msgstr ""
8410
8411
#: serverguide/C/security.xml:856(para)
8412
msgid ""
8413
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8414
"a working firewall \"out of the box\" with zero configuration, and will "
8415
"allow you to easily set up a more advanced firewall by editing simple, well-"
8416
"documented configuration files."
8417
msgstr ""
8418
8419
#: serverguide/C/security.xml:863(para)
8420
msgid ""
8421
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8422
"designed to be a desktop firewall application. It is made up of a server "
8423
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8424
"like many popular interactive firewall applications for Windows."
8425
msgstr ""
8426
8427
#: serverguide/C/security.xml:875(para)
8428
msgid ""
8429
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8430
"Firewall</ulink> wiki page contains information on the development of "
8431
"<application>ufw</application>."
8432
msgstr ""
8433
8434
#: serverguide/C/security.xml:881(para)
8435
msgid ""
8436
"Also, the <application>ufw</application> manual page contains some very "
8437
"useful information: <command>man ufw</command>."
8438
msgstr ""
8439
8440
#: serverguide/C/security.xml:886(para)
8441
msgid ""
8442
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8443
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8444
"on using <application>iptables</application>."
8445
msgstr ""
8446
8447
#: serverguide/C/security.xml:892(para)
8448
msgid ""
8449
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8450
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8451
msgstr ""
8452
8453
#: serverguide/C/security.xml:898(para)
8454
msgid ""
8455
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8456
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8457
msgstr ""
8458
8459
#: serverguide/C/security.xml:906(title)
8460
msgid "AppArmor"
8461
msgstr ""
8462
8463
#: serverguide/C/security.xml:907(para)
8464
msgid ""
8465
"<application>AppArmor</application> is a Linux Security Module "
8466
"implementation of name-based mandatory access controls. AppArmor confines "
8467
"individual programs to a set of listed files and posix 1003.1e draft "
8468
"capabilities."
8469
msgstr ""
8470
8471
#: serverguide/C/security.xml:911(para)
8472
msgid ""
8473
"<application>AppArmor</application> is installed and loaded by default. It "
8474
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8475
"and permissions the application requires. Some packages will install their "
8476
"own profiles, and additional profiles can be found in the "
8477
"<application>apparmor-profiles</application> package."
8478
msgstr ""
8479
8480
#: serverguide/C/security.xml:916(para)
8481
msgid ""
8482
"To install the <application>apparmor-profiles</application> package from a "
8483
"terminal prompt:"
8484
msgstr ""
8485
8486
#: serverguide/C/security.xml:922(para)
8487
msgid "AppArmor profiles have two modes of execution:"
8488
msgstr ""
8489
8490
#: serverguide/C/security.xml:927(para)
8491
msgid ""
8492
"Complaining/Learning: profile violations are permitted and logged. Useful "
8493
"for testing and developing new profiles."
8494
msgstr ""
8495
8496
#: serverguide/C/security.xml:932(para)
8497
msgid ""
8498
"Enforced/Confined: enforces profile policy as well as logging the violation."
8499
msgstr ""
8500
8501
#: serverguide/C/security.xml:938(title)
8502
msgid "Using AppArmor"
8503
msgstr ""
8504
8505
#: serverguide/C/security.xml:939(para)
8506
msgid ""
8507
"The <application>apparmor-utils</application> package contains command line "
8508
"utilities that you can use to change the <application>AppArmor</application> "
8509
"execution mode, find the status of a profile, create new profiles, etc."
8510
msgstr ""
8511
8512
#: serverguide/C/security.xml:945(para)
8513
msgid ""
8514
"<application>apparmor_status</application> is used to view the current "
8515
"status of AppArmor profiles."
8516
msgstr ""
8517
8518
#: serverguide/C/security.xml:949(command)
8519
msgid "sudo apparmor_status"
8520
msgstr ""
8521
8522
#: serverguide/C/security.xml:953(para)
8523
msgid ""
8524
"<application>aa-complain</application> places a profile into "
8525
"<emphasis>complain</emphasis> mode."
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:957(command)
8529
msgid "sudo aa-complain /path/to/bin"
8530
msgstr ""
8531
8532
#: serverguide/C/security.xml:961(para)
8533
msgid ""
8534
"<application>aa-enforce</application> places a profile into "
8535
"<emphasis>enforce</emphasis> mode."
8536
msgstr ""
8537
8538
#: serverguide/C/security.xml:965(command)
8539
msgid "sudo aa-enforce /path/to/bin"
8540
msgstr ""
8541
8542
#: serverguide/C/security.xml:969(para)
8543
msgid ""
8544
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8545
"profiles are located. It can be used to manipulate the "
8546
"<emphasis>mode</emphasis> of all profiles."
8547
msgstr ""
8548
8549
#: serverguide/C/security.xml:973(para)
8550
msgid "Enter the following to place all profiles into complain mode:"
8551
msgstr ""
8552
8553
#: serverguide/C/security.xml:977(command)
8554
msgid "sudo aa-complain /etc/apparmor.d/*"
8555
msgstr ""
8556
8557
#: serverguide/C/security.xml:979(para)
8558
msgid "To place all profiles in enforce mode:"
8559
msgstr ""
8560
8561
#: serverguide/C/security.xml:983(command)
8562
msgid "sudo aa-enforce /etc/apparmor.d/*"
8563
msgstr ""
8564
8565
#: serverguide/C/security.xml:987(para)
8566
msgid ""
8567
"<application>apparmor_parser</application> is used to load a profile into "
8568
"the kernel. It can also be used to reload a currently loaded profile using "
8569
"the <emphasis>-r</emphasis> option. To load a profile:"
8570
msgstr ""
8571
8572
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8573
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8574
msgstr ""
8575
8576
#: serverguide/C/security.xml:994(para)
8577
msgid "To reload a profile:"
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:998(command)
8581
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:1002(para)
8585
msgid ""
8586
"<filename>/etc/init.d/apparmor</filename> can be used to "
8587
"<emphasis>reload</emphasis> all profiles:"
8588
msgstr ""
8589
8590
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8591
msgid "sudo /etc/init.d/apparmor reload"
8592
msgstr ""
8593
8594
#: serverguide/C/security.xml:1010(para)
8595
msgid ""
8596
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8597
"with the <application>apparmor_parser -R</application> option to "
8598
"<emphasis>disable</emphasis> a profile."
8599
msgstr ""
8600
8601
#: serverguide/C/security.xml:1015(command)
8602
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8603
msgstr ""
8604
8605
#: serverguide/C/security.xml:1016(command)
8606
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8607
msgstr ""
8608
8609
#: serverguide/C/security.xml:1018(para)
8610
msgid ""
8611
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8612
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8613
"load the profile using the <emphasis>-a</emphasis> option."
8614
msgstr ""
8615
8616
#: serverguide/C/security.xml:1023(command)
8617
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8618
msgstr ""
8619
8620
#: serverguide/C/security.xml:1028(para)
8621
msgid ""
8622
"<application>AppArmor</application> can be disabled, and the kernel module "
8623
"unloaded by entering the following:"
8624
msgstr ""
8625
8626
#: serverguide/C/security.xml:1032(command)
8627
msgid "sudo /etc/init.d/apparmor stop"
8628
msgstr ""
8629
8630
#: serverguide/C/security.xml:1033(command)
8631
msgid "sudo update-rc.d -f apparmor remove"
8632
msgstr ""
8633
8634
#: serverguide/C/security.xml:1037(para)
8635
msgid "To re-enable <application>AppArmor</application> enter:"
8636
msgstr ""
8637
8638
#: serverguide/C/security.xml:1041(command)
8639
msgid "sudo /etc/init.d/apparmor start"
8640
msgstr ""
8641
8642
#: serverguide/C/security.xml:1042(command)
8643
msgid "sudo update-rc.d apparmor defaults"
8644
msgstr ""
8645
8646
#: serverguide/C/security.xml:1047(para)
8647
msgid ""
8648
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8649
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8650
"the actual executable file path. For example for the "
8651
"<application>ping</application> command use <filename>/bin/ping</filename>"
8652
msgstr ""
8653
8654
#: serverguide/C/security.xml:1055(title)
8655
msgid "Profiles"
8656
msgstr ""
8657
8658
#: serverguide/C/security.xml:1056(para)
8659
msgid ""
8660
"<application>AppArmor</application> profiles are simple text files located "
8661
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8662
"path to the executable they profile replacing the \"/\" with \".\". For "
8663
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8664
"profile for the <filename>/bin/ping</filename> command."
8665
msgstr ""
8666
8667
#: serverguide/C/security.xml:1062(para)
8668
msgid "There are two main type of rules used in profiles:"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:1067(para)
8672
msgid ""
8673
"<emphasis>Path entries:</emphasis> which detail which files an application "
8674
"can access in the file system."
8675
msgstr ""
8676
8677
#: serverguide/C/security.xml:1072(para)
8678
msgid ""
8679
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8680
"confined process is allowed to use."
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:1077(para)
8684
msgid ""
8685
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8686
msgstr ""
8687
8688
#: serverguide/C/security.xml:1080(programlisting)
8689
#, no-wrap
8690
msgid ""
8691
"\n"
8692
"#include <tunables/global>\n"
8693
"/bin/ping flags=(complain) {\n"
8694
" #include <abstractions/base>\n"
8695
" #include <abstractions/consoles>\n"
8696
" #include <abstractions/nameservice>\n"
8697
"\n"
8698
" capability net_raw,\n"
8699
" capability setuid,\n"
8700
" network inet raw,\n"
8701
" \n"
8702
" /bin/ping mixr,\n"
8703
" /etc/modules.conf r,\n"
8704
"}\n"
8705
msgstr ""
8706
8707
#: serverguide/C/security.xml:1097(para)
8708
msgid ""
8709
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8710
"from other files. This allows statements pertaining to multiple applications "
8711
"to be placed in a common file."
8712
msgstr ""
8713
8714
#: serverguide/C/security.xml:1103(para)
8715
msgid ""
8716
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8717
"program, also setting the mode to <emphasis>complain</emphasis>."
8718
msgstr ""
8719
8720
#: serverguide/C/security.xml:1109(para)
8721
msgid ""
8722
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8723
"the CAP_NET_RAW Posix.1e capability."
8724
msgstr ""
8725
8726
#: serverguide/C/security.xml:1114(para)
8727
msgid ""
8728
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8729
"execute access to the file."
8730
msgstr ""
8731
8732
#: serverguide/C/security.xml:1120(para)
8733
msgid ""
8734
"After editing a profile file the profile must be reloaded. See <xref "
8735
"linkend=\"apparmor-usage\"/> for details."
8736
msgstr ""
8737
8738
#: serverguide/C/security.xml:1125(title)
8739
msgid "Creating a Profile"
8740
msgstr ""
8741
8742
#: serverguide/C/security.xml:1128(para)
8743
msgid ""
8744
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8745
"application should be exercised. The test plan should be divided into small "
8746
"test cases. Each test case should have a small description and list the "
8747
"steps to follow."
8748
msgstr ""
8749
8750
#: serverguide/C/security.xml:1132(para)
8751
msgid "Some standard test cases are:"
8752
msgstr ""
8753
8754
#: serverguide/C/security.xml:1137(para)
8755
msgid "Starting the program."
8756
msgstr ""
8757
8758
#: serverguide/C/security.xml:1142(para)
8759
msgid "Stopping the program."
8760
msgstr ""
8761
8762
#: serverguide/C/security.xml:1147(para)
8763
msgid "Reloading the program."
8764
msgstr ""
8765
8766
#: serverguide/C/security.xml:1152(para)
8767
msgid "Testing all the commands supported by the init script."
8768
msgstr ""
8769
8770
#: serverguide/C/security.xml:1159(para)
8771
msgid ""
8772
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8773
"genprof</application> to generate a new profile. From a terminal:"
8774
msgstr ""
8775
8776
#: serverguide/C/security.xml:1164(command)
8777
msgid "sudo aa-genprof executable"
8778
msgstr ""
8779
8780
#: serverguide/C/security.xml:1166(para)
8781
msgid "For example:"
8782
msgstr ""
8783
8784
#: serverguide/C/security.xml:1170(command)
8785
msgid "sudo aa-genprof slapd"
8786
msgstr ""
8787
8788
#: serverguide/C/security.xml:1174(para)
8789
msgid ""
8790
"To get your new profile included in the <application>apparmor-"
8791
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8792
"against the <ulink "
8793
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8794
"/ulink> package:"
8795
msgstr ""
8796
8797
#: serverguide/C/security.xml:1181(para)
8798
msgid "Include your test plan and test cases."
8799
msgstr ""
8800
8801
#: serverguide/C/security.xml:1186(para)
8802
msgid "Attach your new profile to the bug."
8803
msgstr ""
8804
8805
#: serverguide/C/security.xml:1195(title)
8806
msgid "Updating Profiles"
8807
msgstr ""
8808
8809
#: serverguide/C/security.xml:1196(para)
8810
msgid ""
8811
"When the program is misbehaving, audit messages are sent to the log files. "
8812
"The program <application>aa-logprof</application> can be used to scan log "
8813
"files for <application>AppArmor</application> audit messages, review them "
8814
"and update the profiles. From a terminal:"
8815
msgstr ""
8816
8817
#: serverguide/C/security.xml:1201(command)
8818
msgid "sudo aa-logprof"
8819
msgstr ""
8820
8821
#: serverguide/C/security.xml:1209(para)
8822
msgid ""
8823
"See the <ulink "
8824
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8825
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8826
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8827
"configuration options."
8828
msgstr ""
8829
8830
#: serverguide/C/security.xml:1216(para)
8831
msgid ""
8832
"For details using AppArmor with other Ubuntu releases see the <ulink "
8833
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8834
"Wiki</ulink> page."
8835
msgstr ""
8836
8837
#: serverguide/C/security.xml:1224(para)
8838
msgid ""
8839
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8840
"page is another introduction to AppArmor."
8841
msgstr ""
8842
8843
#: serverguide/C/security.xml:1231(para)
8844
msgid ""
8845
"A great place to ask for <application>AppArmor</application> assistance, and "
8846
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8847
"server</emphasis> IRC channel on <ulink "
8848
"url=\"http://freenode.net\">freenode</ulink>."
8849
msgstr ""
8850
8851
#: serverguide/C/security.xml:1241(title)
8852
msgid "Certificates"
8853
msgstr ""
8854
8855
#: serverguide/C/security.xml:1242(para)
8856
msgid ""
8857
"One of the most common forms of cryptography today is <emphasis>public-"
8858
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8859
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8860
"system works by <emphasis>encrypting</emphasis> information using the public "
8861
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8862
"the private key."
8863
msgstr ""
8864
8865
#: serverguide/C/security.xml:1248(para)
8866
msgid ""
8867
"A common use for public-key cryptography is encrypting application traffic "
8868
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8869
"connection. For example, configuring Apache to provide "
8870
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8871
"encrypt traffic using a protocol that does not itself provide encryption."
8872
msgstr ""
8873
8874
#: serverguide/C/security.xml:1253(para)
8875
msgid ""
8876
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8877
"<emphasis>public key</emphasis> and other information about a server and the "
8878
"organization who is responsible for it. Certificates can be digitally signed "
8879
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8880
"third party that has confirmed that the information contained in the "
8881
"certificate is accurate."
8882
msgstr ""
8883
8884
#: serverguide/C/security.xml:1260(title)
8885
msgid "Types of Certificates"
8886
msgstr ""
8887
8888
#: serverguide/C/security.xml:1261(para)
8889
msgid ""
8890
"To set up a secure server using public-key cryptography, in most cases, you "
8891
"send your certificate request (including your public key), proof of your "
8892
"company's identity, and payment to a CA. The CA verifies the certificate "
8893
"request and your identity, and then sends back a certificate for your secure "
8894
"server. Alternatively, you can create your own <emphasis>self-"
8895
"signed</emphasis> certificate."
8896
msgstr ""
8897
8898
#: serverguide/C/security.xml:1271(para)
8899
msgid ""
8900
"Note, that self-signed certificates should not be used in most production "
8901
"environments."
8902
msgstr ""
8903
8904
#: serverguide/C/security.xml:1275(para)
8905
msgid ""
8906
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8907
"capabilities that a self-signed certificate does not:"
8908
msgstr ""
8909
8910
#: serverguide/C/security.xml:1282(para)
8911
msgid ""
8912
"Browsers (usually) automatically recognize the certificate and allow a "
8913
"secure connection to be made without prompting the user."
8914
msgstr ""
8915
8916
#: serverguide/C/security.xml:1289(para)
8917
msgid ""
8918
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8919
"the organization that is providing the web pages to the browser."
8920
msgstr ""
8921
8922
#: serverguide/C/security.xml:1297(para)
8923
msgid ""
8924
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8925
"certificates they automatically accept. If a browser encounters a "
8926
"certificate whose authorizing CA is not in the list, the browser asks the "
8927
"user to either accept or decline the connection. Also, other applications "
8928
"may generate an error message when using a self-singed certificate."
8929
msgstr ""
8930
8931
#: serverguide/C/security.xml:1305(para)
8932
msgid ""
8933
"The process of getting a certificate from a CA is fairly easy. A quick "
8934
"overview is as follows:"
8935
msgstr ""
8936
8937
#: serverguide/C/security.xml:1312(para)
8938
msgid "Create a private and public encryption key pair."
8939
msgstr ""
8940
8941
#: serverguide/C/security.xml:1315(para)
8942
msgid ""
8943
"Create a certificate request based on the public key. The certificate "
8944
"request contains information about your server and the company hosting it."
8945
msgstr ""
8946
8947
#: serverguide/C/security.xml:1320(para)
8948
msgid ""
8949
"Send the certificate request, along with documents proving your identity, to "
8950
"a CA. We cannot tell you which certificate authority to choose. Your "
8951
"decision may be based on your past experiences, or on the experiences of "
8952
"your friends or colleagues, or purely on monetary factors."
8953
msgstr ""
8954
8955
#: serverguide/C/security.xml:1326(para)
8956
msgid ""
8957
"Once you have decided upon a CA, you need to follow the instructions they "
8958
"provide on how to obtain a certificate from them."
8959
msgstr ""
8960
8961
#: serverguide/C/security.xml:1331(para)
8962
msgid ""
8963
"When the CA is satisfied that you are indeed who you claim to be, they send "
8964
"you a digital certificate."
8965
msgstr ""
8966
8967
#: serverguide/C/security.xml:1335(para)
8968
msgid ""
8969
"Install this certificate on your secure server, and configure the "
8970
"appropriate applications to use the certificate."
8971
msgstr ""
8972
8973
#: serverguide/C/security.xml:1344(title)
8974
msgid "Generating a Certificate Signing Request (CSR)"
8975
msgstr ""
8976
8977
#: serverguide/C/security.xml:1346(para)
8978
msgid ""
8979
"Whether you are getting a certificate from a CA or generating your own self-"
8980
"signed certificate, the first step is to generate a key."
8981
msgstr ""
8982
8983
#: serverguide/C/security.xml:1351(para)
8984
msgid ""
8985
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8986
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8987
"passphrase allows the services to start without manual intervention, usually "
8988
"the preferred way to start a daemon."
8989
msgstr ""
8990
8991
#: serverguide/C/security.xml:1357(para)
8992
msgid ""
8993
"This section will cover generating a key with a passphrase, and one without. "
8994
"The non-passphrase key will then be used to generate a certificate that can "
8995
"be used with various service daemons."
8996
msgstr ""
8997
8998
#: serverguide/C/security.xml:1363(para)
8999
msgid ""
9000
"Running your secure service without a passphrase is convenient because you "
9001
"will not need to enter the passphrase every time you start your secure "
9002
"service. But it is insecure and a compromise of the key means a compromise "
9003
"of the server as well."
9004
msgstr ""
9005
9006
#: serverguide/C/security.xml:1370(para)
9007
msgid ""
9008
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9009
"Request (CSR) run the following command from a terminal prompt:"
9010
msgstr ""
9011
9012
#: serverguide/C/security.xml:1376(command)
9013
msgid "openssl genrsa -des3 -out server.key 1024"
9014
msgstr ""
9015
9016
#: serverguide/C/security.xml:1379(programlisting)
9017
#, no-wrap
9018
msgid ""
9019
"\n"
9020
"Generating RSA private key, 1024 bit long modulus\n"
9021
".....................++++++\n"
9022
".................++++++\n"
9023
"unable to write 'random state'\n"
9024
"e is 65537 (0x10001)\n"
9025
"Enter pass phrase for server.key:\n"
9026
msgstr ""
9027
9028
#: serverguide/C/security.xml:1388(para)
9029
msgid ""
9030
"You can now enter your passphrase. For best security, it should at least "
9031
"contain eight characters. The minimum length when specifying -des3 is four "
9032
"characters. It should include numbers and/or punctuation and not be a word "
9033
"in a dictionary. Also remember that your passphrase is case-sensitive."
9034
msgstr ""
9035
9036
#: serverguide/C/security.xml:1396(para)
9037
msgid ""
9038
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9039
"server key is generated and stored in the <filename>server.key</filename> "
9040
"file."
9041
msgstr ""
9042
9043
#: serverguide/C/security.xml:1402(para)
9044
msgid ""
9045
"Now create the insecure key, the one without a passphrase, and shuffle the "
9046
"key names:"
9047
msgstr ""
9048
9049
#: serverguide/C/security.xml:1408(command)
9050
msgid "openssl rsa -in server.key -out server.key.insecure"
9051
msgstr ""
9052
9053
#: serverguide/C/security.xml:1409(command)
9054
msgid "mv server.key server.key.secure"
9055
msgstr ""
9056
9057
#: serverguide/C/security.xml:1410(command)
9058
msgid "mv server.key.insecure server.key"
9059
msgstr ""
9060
9061
#: serverguide/C/security.xml:1413(para)
9062
msgid ""
9063
"The insecure key is now named <filename>server.key</filename>, and you can "
9064
"use this file to generate the CSR without passphrase."
9065
msgstr ""
9066
9067
#: serverguide/C/security.xml:1418(para)
9068
msgid "To create the CSR, run the following command at a terminal prompt:"
9069
msgstr ""
9070
9071
#: serverguide/C/security.xml:1423(command)
9072
msgid "openssl req -new -key server.key -out server.csr"
9073
msgstr ""
9074
9075
#: serverguide/C/security.xml:1426(para)
9076
msgid ""
9077
"It will prompt you enter the passphrase. If you enter the correct "
9078
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9079
"etc. Once you enter all these details, your CSR will be created and it will "
9080
"be stored in the <filename>server.csr</filename> file."
9081
msgstr ""
9082
9083
#: serverguide/C/security.xml:1434(para)
9084
msgid ""
9085
"You can now submit this CSR file to a CA for processing. The CA will use "
9086
"this CSR file and issue the certificate. On the other hand, you can create "
9087
"self-signed certificate using this CSR."
9088
msgstr ""
9089
9090
#: serverguide/C/security.xml:1442(title)
9091
msgid "Creating a Self-Signed Certificate"
9092
msgstr ""
9093
9094
#: serverguide/C/security.xml:1443(para)
9095
msgid ""
9096
"To create the self-signed certificate, run the following command at a "
9097
"terminal prompt:"
9098
msgstr ""
9099
9100
#: serverguide/C/security.xml:1448(command)
9101
msgid ""
9102
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9103
"server.crt"
9104
msgstr ""
9105
9106
#: serverguide/C/security.xml:1451(para)
9107
msgid ""
9108
"The above command will prompt you to enter the passphrase. Once you enter "
9109
"the correct passphrase, your certificate will be created and it will be "
9110
"stored in the <filename>server.crt</filename> file."
9111
msgstr ""
9112
9113
#: serverguide/C/security.xml:1456(para)
9114
msgid ""
9115
"If your secure server is to be used in a production environment, you "
9116
"probably need a CA-signed certificate. It is not recommended to use self-"
9117
"signed certificate."
9118
msgstr ""
9119
9120
#: serverguide/C/security.xml:1464(title)
9121
msgid "Installing the Certificate"
9122
msgstr ""
9123
9124
#: serverguide/C/security.xml:1466(para)
9125
msgid ""
9126
"You can install the key file <filename>server.key</filename> and certificate "
9127
"file <filename>server.crt</filename>, or the certificate file issued by your "
9128
"CA, by running following commands at a terminal prompt:"
9129
msgstr ""
9130
9131
#: serverguide/C/security.xml:1472(command)
9132
msgid "sudo cp server.crt /etc/ssl/certs"
9133
msgstr ""
9134
9135
#: serverguide/C/security.xml:1473(command)
9136
msgid "sudo cp server.key /etc/ssl/private"
9137
msgstr ""
9138
9139
#: serverguide/C/security.xml:1475(para)
9140
msgid ""
9141
"Now simply configure any applications, with the ability to use public-key "
9142
"cryptography, to use the <emphasis>certificate</emphasis> and "
9143
"<emphasis>key</emphasis> files. For example, "
9144
"<application>Apache</application> can provide HTTPS, "
9145
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9146
msgstr ""
9147
9148
#: serverguide/C/security.xml:1482(title)
9149
msgid "Certification Authority"
9150
msgstr ""
9151
9152
#: serverguide/C/security.xml:1484(para)
9153
msgid ""
9154
"If the services on your network require more than a few self-signed "
9155
"certificates it may be worth the additional effort to setup your own "
9156
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9157
"certificates signed by your own CA, allows the various services using the "
9158
"certificates to easily trust other services using certificates issued from "
9159
"the same CA."
9160
msgstr ""
9161
9162
#: serverguide/C/security.xml:1494(para)
9163
msgid ""
9164
"First, create the directories to hold the CA certificate and related files:"
9165
msgstr ""
9166
9167
#: serverguide/C/security.xml:1499(command)
9168
msgid "sudo mkdir /etc/ssl/CA"
9169
msgstr ""
9170
9171
#: serverguide/C/security.xml:1500(command)
9172
msgid "sudo mkdir /etc/ssl/newcerts"
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:1506(para)
9176
msgid ""
9177
"The CA needs a few additional files to operate, one to keep track of the "
9178
"last serial number used by the CA, each certificate must have a unique "
9179
"serial number, and another file to record which certificates have been "
9180
"issued:"
9181
msgstr ""
9182
9183
#: serverguide/C/security.xml:1513(command)
9184
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9185
msgstr ""
9186
9187
#: serverguide/C/security.xml:1514(command)
9188
msgid "sudo touch /etc/ssl/CA/index.txt"
9189
msgstr ""
9190
9191
#: serverguide/C/security.xml:1520(para)
9192
msgid ""
9193
"The third file is a CA configuration file. Though not strictly necessary, it "
9194
"is very convenient when issuing multiple certificates. Edit "
9195
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9196
"]</emphasis> change:"
9197
msgstr ""
9198
9199
#: serverguide/C/security.xml:1526(programlisting)
9200
#, no-wrap
9201
msgid ""
9202
"\n"
9203
"dir = /etc/ssl/ # Where everything is kept\n"
9204
"database = $dir/CA/index.txt # database index file.\n"
9205
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9206
"serial = $dir/CA/serial # The current serial number\n"
9207
"private_key = $dir/private/cakey.pem# The private key\n"
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1537(para)
9211
msgid "Next, create the self-singed root certificate:"
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1542(command)
9215
msgid ""
9216
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9217
"days 3650"
9218
msgstr ""
9219
9220
#: serverguide/C/security.xml:1545(para)
9221
msgid "You will then be asked to enter the details about the certificate."
9222
msgstr ""
9223
9224
#: serverguide/C/security.xml:1552(para)
9225
msgid "Now install the root certificate and key:"
9226
msgstr ""
9227
9228
#: serverguide/C/security.xml:1557(command)
9229
msgid "sudo mv cakey.pem /etc/ssl/private/"
9230
msgstr ""
9231
9232
#: serverguide/C/security.xml:1558(command)
9233
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9234
msgstr ""
9235
9236
#: serverguide/C/security.xml:1564(para)
9237
msgid ""
9238
"You are now ready to start signing certificates. The first item needed is a "
9239
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9240
"for details. Once you have a CSR, enter the following to generate a "
9241
"certificate signed by the CA:"
9242
msgstr ""
9243
9244
#: serverguide/C/security.xml:1571(command)
9245
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9246
msgstr ""
9247
9248
#: serverguide/C/security.xml:1574(para)
9249
msgid ""
9250
"After entering the password for the CA key, you will be prompted to sign the "
9251
"certificate, and again to commit the new certificate. You should then see a "
9252
"somewhat large amount of output related to the certificate creation."
9253
msgstr ""
9254
9255
#: serverguide/C/security.xml:1583(para)
9256
msgid ""
9257
"There should now be a new file, "
9258
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9259
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9260
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9261
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9262
"the server where the certificate will be installed. For example "
9263
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9264
msgstr ""
9265
9266
#: serverguide/C/security.xml:1591(para)
9267
msgid ""
9268
"Subsequent certificates will be named <filename>02.pem</filename>, "
9269
"<filename>03.pem</filename>, etc."
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1596(para)
9273
msgid ""
9274
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9275
"name."
9276
msgstr ""
9277
9278
#: serverguide/C/security.xml:1604(para)
9279
msgid ""
9280
"Finally, copy the new certificate to the host that needs it, and configure "
9281
"the appropriate applications to use it. The default location to install "
9282
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9283
"enables multiple services to use the same certificate without overly "
9284
"complicated file permissions."
9285
msgstr ""
9286
9287
#: serverguide/C/security.xml:1610(para)
9288
msgid ""
9289
"For applications that can be configured to use a CA certificate, you should "
9290
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9291
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9292
"server."
9293
msgstr ""
9294
9295
#: serverguide/C/security.xml:1624(para)
9296
msgid ""
9297
"For more detailed instructions on using cryptography see the <ulink "
9298
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9299
"Certificates HOWTO</ulink> by tlpd.org"
9300
msgstr ""
9301
9302
#: serverguide/C/security.xml:1630(para)
9303
msgid ""
9304
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9305
"of Certificate Authorities."
9306
msgstr ""
9307
9308
#: serverguide/C/security.xml:1635(para)
9309
msgid ""
9310
"The Wikipedia <ulink "
9311
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9312
"information regarding HTTPS."
9313
msgstr ""
9314
9315
#: serverguide/C/security.xml:1640(para)
9316
msgid ""
9317
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9318
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9319
msgstr ""
9320
9321
#: serverguide/C/security.xml:1645(para)
9322
msgid ""
9323
"Also, O'Reilly's <ulink "
9324
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9325
"OpenSSL</ulink> is a good in depth reference."
9326
msgstr ""
9327
9328
#: serverguide/C/security.xml:1654(title)
9329
msgid "eCryptfs"
9330
msgstr ""
9331
9332
#: serverguide/C/security.xml:1656(para)
9333
msgid ""
9334
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9335
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9336
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9337
"filesystem, partition type, etc."
9338
msgstr ""
9339
9340
#: serverguide/C/security.xml:1662(para)
9341
msgid ""
9342
"During installation there is an option to encrypt the <filename "
9343
"role=\"directory\">/home</filename> partition. This will automatically "
9344
"configure everything needed to encrypt and mount the partition."
9345
msgstr ""
9346
9347
#: serverguide/C/security.xml:1667(para)
9348
msgid ""
9349
"As an example, this section will cover configuring <filename "
9350
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:1672(title)
9354
msgid "Using eCryptfs"
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:1674(para)
9358
msgid "First, install the necessary packages. From a terminal prompt enter:"
9359
msgstr ""
9360
9361
#: serverguide/C/security.xml:1679(command)
9362
msgid "sudo apt-get install ecryptfs-utils"
9363
msgstr ""
9364
9365
#: serverguide/C/security.xml:1682(para)
9366
msgid "Now mount the partition to be encrypted:"
9367
msgstr ""
9368
9369
#: serverguide/C/security.xml:1687(command)
9370
msgid "sudo mount -t ecryptfs /srv /srv"
9371
msgstr ""
9372
9373
#: serverguide/C/security.xml:1690(para)
9374
msgid ""
9375
"You will then be prompted for some details on how "
9376
"<application>ecryptfs</application> should encrypt the data."
9377
msgstr ""
9378
9379
#: serverguide/C/security.xml:1694(para)
9380
msgid ""
9381
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9382
"copy the <filename>/etc/default</filename> folder to "
9383
"<filename>/srv</filename>:"
9384
msgstr ""
9385
9386
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9387
msgid "sudo cp -r /etc/default /srv"
9388
msgstr ""
9389
9390
#: serverguide/C/security.xml:1703(para)
9391
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9392
msgstr ""
9393
9394
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9395
msgid "sudo umount /srv"
9396
msgstr ""
9397
9398
#: serverguide/C/security.xml:1709(command)
9399
msgid "cat /srv/default/cron"
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:1712(para)
9403
msgid ""
9404
"Remounting <filename>/srv</filename> using "
9405
"<application>ecryptfs</application> will make the data viewable once again."
9406
msgstr ""
9407
9408
#: serverguide/C/security.xml:1718(title)
9409
msgid "Automatically Mounting Encrypted Partitions"
9410
msgstr ""
9411
9412
#: serverguide/C/security.xml:1720(para)
9413
msgid ""
9414
"There are a couple of ways to automatically mount an "
9415
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9416
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9417
"mount options, along with a passphrase file residing on a USB key."
9418
msgstr ""
9419
9420
#: serverguide/C/security.xml:1726(para)
9421
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9422
msgstr ""
9423
9424
#: serverguide/C/security.xml:1730(programlisting)
9425
#, no-wrap
9426
msgid ""
9427
"\n"
9428
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9429
"ecryptfs_sig=5826dd62cf81c615\n"
9430
"ecryptfs_cipher=aes\n"
9431
"ecryptfs_key_bytes=16\n"
9432
"ecryptfs_passthrough=n\n"
9433
"ecryptfs_enable_filename_crypto=n\n"
9434
msgstr ""
9435
9436
#: serverguide/C/security.xml:1740(para)
9437
msgid ""
9438
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9439
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9440
msgstr ""
9441
9442
#: serverguide/C/security.xml:1745(para)
9443
msgid ""
9444
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9445
"file:"
9446
msgstr ""
9447
9448
#: serverguide/C/security.xml:1749(programlisting)
9449
#, no-wrap
9450
msgid ""
9451
"\n"
9452
"passphrase_passwd=[secrets]\n"
9453
msgstr ""
9454
9455
#: serverguide/C/security.xml:1753(para)
9456
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9457
msgstr ""
9458
9459
#: serverguide/C/security.xml:1757(programlisting)
9460
#, no-wrap
9461
msgid ""
9462
"\n"
9463
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9464
"/srv /srv ecryptfs defaults 0 0\n"
9465
msgstr ""
9466
9467
#: serverguide/C/security.xml:1762(para)
9468
msgid "Make sure the USB drive is mounted before the encrypted partition."
9469
msgstr ""
9470
9471
#: serverguide/C/security.xml:1766(para)
9472
msgid ""
9473
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9474
"ecryptfs."
9475
msgstr ""
9476
9477
#: serverguide/C/security.xml:1774(para)
9478
msgid ""
9479
"The <application>ecryptfs-utils</application> package includes several other "
9480
"useful utilities:"
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1780(para)
9484
msgid ""
9485
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9486
"<filename>~/Private</filename> directory to contain encrypted information. "
9487
"This utility can be run by unprivileged users to keep data private from "
9488
"other users on the system."
9489
msgstr ""
9490
9491
#: serverguide/C/security.xml:1787(para)
9492
msgid ""
9493
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9494
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9495
"directory."
9496
msgstr ""
9497
9498
#: serverguide/C/security.xml:1793(para)
9499
msgid ""
9500
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9501
"kernel keyring."
9502
msgstr ""
9503
9504
#: serverguide/C/security.xml:1798(para)
9505
msgid ""
9506
"<emphasis>ecryptfs-manager:</emphasis> manages "
9507
"<application>eCryptfs</application> objects such as keys."
9508
msgstr ""
9509
9510
#: serverguide/C/security.xml:1803(para)
9511
msgid ""
9512
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9513
"<application>ecryptfs</application> meta information for a file."
9514
msgstr ""
9515
9516
#: serverguide/C/security.xml:1816(para)
9517
msgid ""
9518
"For more information on eCryptfs see the <ulink "
9519
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9520
msgstr ""
9521
9522
#: serverguide/C/security.xml:1821(para)
9523
msgid ""
9524
"There is also a <ulink "
9525
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9526
"article covering eCryptfs."
9527
msgstr ""
9528
9529
#: serverguide/C/security.xml:1826(para)
9530
msgid ""
9531
"Also, for more <application>ecryptfs</application> options see the <ulink "
9532
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9533
"ecryptfs man page</ulink>."
9534
msgstr ""
9535
9536
#: serverguide/C/security.xml:1832(para)
9537
msgid ""
9538
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9539
"Ubuntu Wiki</ulink> page also has more details."
9540
msgstr ""
9541
9542
#: serverguide/C/reporting-bugs.xml:13(title)
9543
msgid "Appendix"
9544
msgstr ""
9545
9546
#: serverguide/C/reporting-bugs.xml:16(title)
9547
msgid "Reporting Bugs in Ubuntu Server Edition"
9548
msgstr ""
9549
9550
#: serverguide/C/reporting-bugs.xml:18(para)
9551
msgid ""
9552
"While the Ubuntu Project attempts to release software with as few bugs as "
9553
"possible, they do occur. You can help fix these bugs by reporting ones that "
9554
"you find to the project. The Ubuntu Project uses <ulink "
9555
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9556
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9557
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9558
"account</ulink>."
9559
msgstr ""
9560
9561
#: serverguide/C/reporting-bugs.xml:30(title)
9562
msgid "Reporting Bugs With ubuntu-bug"
9563
msgstr ""
9564
9565
#: serverguide/C/reporting-bugs.xml:32(para)
9566
msgid ""
9567
"The preferred way to report a bug is with the <application>ubuntu-"
9568
"bug</application> command. The ubuntu-bug tool gathers information about the "
9569
"system useful to developers in diagnosing the reported problem that will "
9570
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9571
"need to be filed against a specific software package, thus the name of the "
9572
"package that the bug occurs in needs to be given to ubuntu-bug:"
9573
msgstr ""
9574
9575
#: serverguide/C/reporting-bugs.xml:43(command)
9576
msgid "ubuntu-bug PACKAGENAME"
9577
msgstr ""
9578
9579
#: serverguide/C/reporting-bugs.xml:46(para)
9580
msgid ""
9581
"For example, to file a bug against the openssh-server package, you would do:"
9582
msgstr ""
9583
9584
#: serverguide/C/reporting-bugs.xml:51(command)
9585
msgid "ubuntu-bug openssh-server"
9586
msgstr ""
9587
9588
#: serverguide/C/reporting-bugs.xml:54(para)
9589
msgid ""
9590
"You can specify either a binary package or the source package for ubuntu-"
9591
"bug. Again using openssh-server as an example, you could also generate the "
9592
"report against the source package for openssh-server, openssh:"
9593
msgstr ""
9594
9595
#: serverguide/C/reporting-bugs.xml:62(command)
9596
msgid "ubuntu-bug openssh"
9597
msgstr ""
9598
9599
#: serverguide/C/reporting-bugs.xml:66(para)
9600
msgid ""
9601
"See <xref linkend=\"package-management\"/> for more information about "
9602
"packages in Ubuntu."
9603
msgstr ""
9604
9605
#: serverguide/C/reporting-bugs.xml:72(para)
9606
msgid ""
9607
"The ubuntu-bug command will gather information about the system in question, "
9608
"possibly including information specific to the specified package, and then "
9609
"ask you what you would like to do with collected information:"
9610
msgstr ""
9611
9612
#: serverguide/C/reporting-bugs.xml:80(command)
9613
msgid "ubuntu-bug postgresql"
9614
msgstr ""
9615
9616
#: serverguide/C/reporting-bugs.xml:79(screen)
9617
#, no-wrap
9618
msgid ""
9619
"\n"
9620
"<placeholder-1/>\n"
9621
"\n"
9622
"*** Collecting problem information\n"
9623
"\n"
9624
"The collected information can be sent to the developers to improve the\n"
9625
"application. This might take a few minutes.\n"
9626
"..........\n"
9627
"\n"
9628
"*** Send problem report to the developers?\n"
9629
"\n"
9630
"After the problem report has been sent, please fill out the form in the\n"
9631
"automatically opened web browser.\n"
9632
"\n"
9633
"What would you like to do? Your options are:\n"
9634
" S: Send report (1.7 KiB)\n"
9635
" V: View report\n"
9636
" K: Keep report file for sending later or copying to somewhere else\n"
9637
" C: Cancel\n"
9638
"Please choose (S/V/K/C):\n"
9639
msgstr ""
9640
9641
#: serverguide/C/reporting-bugs.xml:101(para)
9642
msgid "The options available are:"
9643
msgstr ""
9644
9645
#: serverguide/C/reporting-bugs.xml:108(para)
9646
msgid ""
9647
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9648
"the collected information to Launchpad as part of the the process of filing "
9649
"a bug report. You will be given the opportunity to describe the situation "
9650
"that led up to the occurrence of the bug."
9651
msgstr ""
9652
9653
#: serverguide/C/reporting-bugs.xml:115(screen)
9654
#, no-wrap
9655
msgid ""
9656
"\n"
9657
"*** Uploading problem information\n"
9658
"\n"
9659
"The collected information is being sent to the bug tracking system.\n"
9660
"This might take a few minutes.\n"
9661
"91%\n"
9662
"\n"
9663
"*** To continue, you must visit the following URL:\n"
9664
"\n"
9665
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9666
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9667
"\n"
9668
"You can launch a browser now, or copy this URL into a browser on another\n"
9669
"computer.\n"
9670
"\n"
9671
"Choices:\n"
9672
" 1: Launch a browser now\n"
9673
" C: Cancel\n"
9674
"Please choose (1/C):\n"
9675
msgstr ""
9676
9677
#: serverguide/C/reporting-bugs.xml:135(para)
9678
msgid ""
9679
"If you choose to start a browser, by default the text based web browser "
9680
"<application>w3m</application> will be used to finish filing the bug report. "
9681
"Alternately, you can copy the given URL to a currently running web browser."
9682
msgstr ""
9683
9684
#: serverguide/C/reporting-bugs.xml:144(para)
9685
msgid ""
9686
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9687
"the collected information to be displayed to the terminal for review."
9688
msgstr ""
9689
9690
#: serverguide/C/reporting-bugs.xml:150(screen)
9691
#, no-wrap
9692
msgid ""
9693
"\n"
9694
"Package: postgresql 8.4.2-2\n"
9695
"PackageArchitecture: all\n"
9696
"Tags: lucid\n"
9697
"ProblemType: Bug\n"
9698
"ProcEnviron:\n"
9699
" LANG=en_US.UTF-8\n"
9700
" SHELL=/bin/bash\n"
9701
"Uname: Linux 2.6.32-16-server x86_64\n"
9702
"Dependencies:\n"
9703
" adduser 3.112ubuntu1\n"
9704
" base-files 5.0.0ubuntu10\n"
9705
" base-passwd 3.5.22\n"
9706
" coreutils 7.4-2ubuntu2\n"
9707
"...\n"
9708
msgstr ""
9709
9710
#: serverguide/C/reporting-bugs.xml:167(para)
9711
msgid ""
9712
"After viewing the report, you will be brought back to the same menu asking "
9713
"what you would like to do with the report."
9714
msgstr ""
9715
9716
#: serverguide/C/reporting-bugs.xml:174(para)
9717
msgid ""
9718
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9719
"File causes the gathered information to be written to a file. This file can "
9720
"then be used to later file a bug report or transferred to a different Ubuntu "
9721
"system for reporting. To submit the report file, simply give it as an "
9722
"argument to the ubuntu-bug command:"
9723
msgstr ""
9724
9725
#: serverguide/C/reporting-bugs.xml:189(userinput)
9726
#, no-wrap
9727
msgid "k"
9728
msgstr ""
9729
9730
#: serverguide/C/reporting-bugs.xml:192(command)
9731
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9732
msgstr ""
9733
9734
#: serverguide/C/reporting-bugs.xml:183(screen)
9735
#, no-wrap
9736
msgid ""
9737
"\n"
9738
"What would you like to do? Your options are:\n"
9739
" S: Send report (1.7 KiB)\n"
9740
" V: View report\n"
9741
" K: Keep report file for sending later or copying to somewhere else\n"
9742
" C: Cancel\n"
9743
"Please choose (S/V/K/C): <placeholder-1/>\n"
9744
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9745
"\n"
9746
"<placeholder-2/>\n"
9747
"\n"
9748
"*** Send problem report to the developers?\n"
9749
"...\n"
9750
msgstr ""
9751
9752
#: serverguide/C/reporting-bugs.xml:200(para)
9753
msgid ""
9754
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9755
"collected information to be discarded."
9756
msgstr ""
9757
9758
#: serverguide/C/reporting-bugs.xml:210(title)
9759
msgid "Reporting Application Crashes"
9760
msgstr ""
9761
9762
#: serverguide/C/reporting-bugs.xml:212(para)
9763
msgid ""
9764
"The software package that provides the ubuntu-bug utility, "
9765
"<application>apport</application>, can be configured to trigger when "
9766
"applications crash. This is disabled by default, as capturing a crash can be "
9767
"resource intensive depending on how much memory the application that crashed "
9768
"was using as apport captures and processes the core dump."
9769
msgstr ""
9770
9771
#: serverguide/C/reporting-bugs.xml:221(para)
9772
msgid ""
9773
"Configuring apport to capture information about crashing applications "
9774
"requires a couple of steps. First, <application>gdb</application> needs to "
9775
"be installed; it is not installed by default in Ubuntu Server Edition."
9776
msgstr ""
9777
9778
#: serverguide/C/reporting-bugs.xml:229(command)
9779
msgid "sudo apt-get install gdb"
9780
msgstr ""
9781
9782
#: serverguide/C/reporting-bugs.xml:232(para)
9783
msgid ""
9784
"See <xref linkend=\"package-management\"/> for more information about "
9785
"managing packages in Ubuntu."
9786
msgstr ""
9787
9788
#: serverguide/C/reporting-bugs.xml:237(para)
9789
msgid ""
9790
"Once you have ensured that gdb is installed, open the file "
9791
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9792
"<emphasis>enabled</emphasis> setting to be <emphasis "
9793
"role=\"bold\">1</emphasis> like so:"
9794
msgstr ""
9795
9796
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9797
#, no-wrap
9798
msgid ""
9799
"\n"
9800
"# set this to 0 to disable apport, or to 1 to enable it\n"
9801
"# you can temporarily override this with\n"
9802
"# sudo service apport start force_start=1\n"
9803
"enabled=<userinput>1</userinput>\n"
9804
"\n"
9805
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9806
"maxsize=209715200\n"
9807
msgstr ""
9808
9809
#: serverguide/C/reporting-bugs.xml:254(para)
9810
msgid ""
9811
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9812
"start the apport service:"
9813
msgstr ""
9814
9815
#: serverguide/C/reporting-bugs.xml:261(command)
9816
msgid "sudo start apport"
9817
msgstr ""
9818
9819
#: serverguide/C/reporting-bugs.xml:264(para)
9820
msgid ""
9821
"After an application crashes, use the <application>apport-cli</application> "
9822
"command to search for the existing saved crash report information:"
9823
msgstr ""
9824
9825
#: serverguide/C/reporting-bugs.xml:271(command)
9826
msgid "apport-cli"
9827
msgstr ""
9828
9829
#: serverguide/C/reporting-bugs.xml:270(screen)
9830
#, no-wrap
9831
msgid ""
9832
"\n"
9833
"<placeholder-1/>\n"
9834
"\n"
9835
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9836
"\n"
9837
"If you were not doing anything confidential (entering passwords or other\n"
9838
"private information), you can help to improve the application by\n"
9839
"reporting\n"
9840
"the problem.\n"
9841
"\n"
9842
"What would you like to do? Your options are:\n"
9843
" R: Report Problem...\n"
9844
" I: Cancel and ignore future crashes of this program version\n"
9845
" C: Cancel\n"
9846
"Please choose (R/I/C):\n"
9847
msgstr ""
9848
9849
#: serverguide/C/reporting-bugs.xml:287(para)
9850
msgid ""
9851
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9852
"steps as when using ubuntu-bug. One important difference is that a crash "
9853
"report will be marked as private when filed on Launchpad, meaning that it "
9854
"will be visible to only a limited set of bug triagers. These triagers will "
9855
"review the gathered data for private information before making the bug "
9856
"report publicly visible."
9857
msgstr ""
9858
9859
#: serverguide/C/reporting-bugs.xml:307(para)
9860
msgid ""
9861
"See the <ulink "
9862
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9863
"Bugs</ulink> Ubuntu wiki page."
9864
msgstr ""
9865
9866
#: serverguide/C/reporting-bugs.xml:313(para)
9867
msgid ""
9868
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9869
"has some useful information. Though some of it pertains to using a GUI."
9870
msgstr ""
9871
9872
#: serverguide/C/remote-administration.xml:13(title)
9873
msgid "Remote Administration"
9874
msgstr ""
9875
9876
#: serverguide/C/remote-administration.xml:14(para)
9877
msgid ""
9878
"There are many ways to remotely administer a Linux server. This chapter will "
9879
"cover one of the most popular <application>OpenSSH</application>."
9880
msgstr ""
9881
9882
#: serverguide/C/remote-administration.xml:22(para)
9883
msgid ""
9884
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9885
"tools for the remote control of networked computers and transfer of data "
9886
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9887
"also learn about some of the configuration settings possible with the "
9888
"OpenSSH server application and how to change them on your Ubuntu system."
9889
msgstr ""
9890
9891
#: serverguide/C/remote-administration.xml:29(para)
9892
msgid ""
9893
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9894
"family of tools for remotely controlling a computer or transferring files "
9895
"between computers. Traditional tools used to accomplish these functions, "
9896
"such as <application>telnet</application> or <application>rcp</application>, "
9897
"are insecure and transmit the user's password in cleartext when used. "
9898
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9899
"encrypted remote control and file transfer operations, effectively replacing "
9900
"the legacy tools."
9901
msgstr ""
9902
9903
#: serverguide/C/remote-administration.xml:38(para)
9904
msgid ""
9905
"The OpenSSH server component, <application>sshd</application>, listens "
9906
"continuously for client connections from any of the client tools. When a "
9907
"connection request occurs, <application>sshd</application> sets up the "
9908
"correct connection depending on the type of client tool connecting. For "
9909
"example, if the remote computer is connecting with the "
9910
"<application>ssh</application> client application, the OpenSSH server sets "
9911
"up a remote control session after authentication. If a remote user connects "
9912
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9913
"daemon initiates a secure copy of files between the server and client after "
9914
"authentication. OpenSSH can use many authentication methods, including plain "
9915
"password, public key, and <application>Kerberos</application> tickets."
9916
msgstr ""
9917
9918
#: serverguide/C/remote-administration.xml:52(para)
9919
msgid ""
9920
"Installation of the OpenSSH client and server applications is simple. To "
9921
"install the OpenSSH client applications on your Ubuntu system, use this "
9922
"command at a terminal prompt:"
9923
msgstr ""
9924
9925
#: serverguide/C/remote-administration.xml:58(command)
9926
msgid "sudo apt-get install openssh-client"
9927
msgstr ""
9928
9929
#: serverguide/C/remote-administration.xml:60(para)
9930
msgid ""
9931
"To install the OpenSSH server application, and related support files, use "
9932
"this command at a terminal prompt:"
9933
msgstr ""
9934
9935
#: serverguide/C/remote-administration.xml:65(command)
9936
msgid "sudo apt-get install openssh-server"
9937
msgstr ""
9938
9939
#: serverguide/C/remote-administration.xml:67(para)
9940
msgid ""
9941
"The <application>openssh-server</application> package can also be selected "
9942
"to install during the Server Edition installation process."
9943
msgstr ""
9944
9945
#: serverguide/C/remote-administration.xml:74(para)
9946
msgid ""
9947
"You may configure the default behavior of the OpenSSH server application, "
9948
"<application>sshd</application>, by editing the file "
9949
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9950
"configuration directives used in this file, you may view the appropriate "
9951
"manual page with the following command, issued at a terminal prompt:"
9952
msgstr ""
9953
9954
#: serverguide/C/remote-administration.xml:82(command)
9955
msgid "man sshd_config"
9956
msgstr ""
9957
9958
#: serverguide/C/remote-administration.xml:84(para)
9959
msgid ""
9960
"There are many directives in the <application>sshd</application> "
9961
"configuration file controlling such things as communication settings and "
9962
"authentication modes. The following are examples of configuration directives "
9963
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9964
"file."
9965
msgstr ""
9966
9967
#: serverguide/C/remote-administration.xml:91(para)
9968
msgid ""
9969
"Prior to editing the configuration file, you should make a copy of the "
9970
"original file and protect it from writing so you will have the original "
9971
"settings as a reference and to reuse as necessary."
9972
msgstr ""
9973
9974
#: serverguide/C/remote-administration.xml:95(para)
9975
msgid ""
9976
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
9977
"writing with the following commands, issued at a terminal prompt:"
9978
msgstr ""
9979
9980
#: serverguide/C/remote-administration.xml:100(command)
9981
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
9982
msgstr ""
9983
9984
#: serverguide/C/remote-administration.xml:101(command)
9985
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
9986
msgstr ""
9987
9988
#: serverguide/C/remote-administration.xml:103(para)
9989
msgid ""
9990
"The following are examples of configuration directives you may change:"
9991
msgstr ""
9992
9993
#: serverguide/C/remote-administration.xml:108(para)
9994
msgid ""
9995
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
9996
"port 22, change the Port directive as such:"
9997
msgstr ""
9998
9999
#: serverguide/C/remote-administration.xml:112(para)
10000
msgid "Port 2222"
10001
msgstr ""
10002
10003
#: serverguide/C/remote-administration.xml:117(para)
10004
msgid ""
10005
"To have <application>sshd</application> allow public key-based login "
10006
"credentials, simply add or modify the line:"
10007
msgstr ""
10008
10009
#: serverguide/C/remote-administration.xml:121(para)
10010
msgid "PubkeyAuthentication yes"
10011
msgstr ""
10012
10013
#: serverguide/C/remote-administration.xml:124(para)
10014
msgid ""
10015
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10016
"present, ensure the line is not commented out."
10017
msgstr ""
10018
10019
#: serverguide/C/remote-administration.xml:130(para)
10020
msgid ""
10021
"To make your OpenSSH server display the contents of the "
10022
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10023
"or modify the line:"
10024
msgstr ""
10025
10026
#: serverguide/C/remote-administration.xml:135(para)
10027
msgid "Banner /etc/issue.net"
10028
msgstr ""
10029
10030
#: serverguide/C/remote-administration.xml:138(para)
10031
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10032
msgstr ""
10033
10034
#: serverguide/C/remote-administration.xml:143(para)
10035
msgid ""
10036
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10037
"save the file, and restart the <application>sshd</application> server "
10038
"application to effect the changes using the following command at a terminal "
10039
"prompt:"
10040
msgstr ""
10041
10042
#: serverguide/C/remote-administration.xml:152(para)
10043
msgid ""
10044
"Many other configuration directives for <application>sshd</application> are "
10045
"available for changing the server application's behavior to fit your needs. "
10046
"Be advised, however, if your only method of access to a server is "
10047
"<application>ssh</application>, and you make a mistake in configuring "
10048
"<application>sshd</application> via the "
10049
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10050
"out of the server upon restarting it, or that the "
10051
"<application>sshd</application> server refuses to start due to an incorrect "
10052
"configuration directive, so be extra careful when editing this file on a "
10053
"remote server."
10054
msgstr ""
10055
10056
#: serverguide/C/remote-administration.xml:167(title)
10057
msgid "SSH Keys"
10058
msgstr ""
10059
10060
#: serverguide/C/remote-administration.xml:168(para)
10061
msgid ""
10062
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10063
"the need of a password. SSH key authentication uses two keys a "
10064
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10065
msgstr ""
10066
10067
#: serverguide/C/remote-administration.xml:172(para)
10068
msgid "To generate the keys, from a terminal prompt enter:"
10069
msgstr ""
10070
10071
#: serverguide/C/remote-administration.xml:176(command)
10072
msgid "ssh-keygen -t dsa"
10073
msgstr ""
10074
10075
#: serverguide/C/remote-administration.xml:178(para)
10076
msgid ""
10077
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10078
"identity of the user. During the process you will be prompted for a "
10079
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10080
"key."
10081
msgstr ""
10082
10083
#: serverguide/C/remote-administration.xml:182(para)
10084
msgid ""
10085
"By default the <emphasis>public</emphasis> key is saved in the file "
10086
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10087
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10088
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10089
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10090
msgstr ""
10091
10092
#: serverguide/C/remote-administration.xml:188(command)
10093
msgid "ssh-copy-id username@remotehost"
10094
msgstr ""
10095
10096
#: serverguide/C/remote-administration.xml:190(para)
10097
msgid ""
10098
"Finally, double check the permissions on the "
10099
"<filename>authorized_keys</filename> file, only the authenticated user "
10100
"should have read and write permissions. If the permissions are not correct "
10101
"change them by:"
10102
msgstr ""
10103
10104
#: serverguide/C/remote-administration.xml:195(command)
10105
msgid "chmod 600 .ssh/authorized_keys"
10106
msgstr ""
10107
10108
#: serverguide/C/remote-administration.xml:197(para)
10109
msgid ""
10110
"You should now be able to SSH to the host without being prompted for a "
10111
"password."
10112
msgstr ""
10113
10114
#: serverguide/C/remote-administration.xml:206(para)
10115
msgid ""
10116
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10117
"page."
10118
msgstr ""
10119
10120
#: serverguide/C/remote-administration.xml:212(ulink)
10121
msgid "OpenSSH Website"
10122
msgstr ""
10123
10124
#: serverguide/C/remote-administration.xml:217(ulink)
10125
msgid "Advanced OpenSSH Wiki Page"
10126
msgstr ""
10127
10128
#: serverguide/C/package-management.xml:13(title)
10129
msgid "Package Management"
10130
msgstr ""
10131
10132
#: serverguide/C/package-management.xml:14(para)
10133
msgid ""
10134
"Ubuntu features a comprehensive package management system for the "
10135
"installation, upgrade, configuration, and removal of software. In addition "
10136
"to providing access to an organized base of over 24,000 software packages "
10137
"for your Ubuntu computer, the package management facilities also feature "
10138
"dependency resolution capabilities and software update checking."
10139
msgstr ""
10140
10141
#: serverguide/C/package-management.xml:16(para)
10142
msgid ""
10143
"Several tools are available for interacting with Ubuntu's package management "
10144
"system, from simple command-line utilities which may be easily automated by "
10145
"system administrators, to a simple graphical interface which is easy to use "
10146
"by those new to Ubuntu."
10147
msgstr ""
10148
10149
#: serverguide/C/package-management.xml:21(para)
10150
msgid ""
10151
"Ubuntu's package management system is derived from the same system used by "
10152
"the Debian GNU/Linux distribution. The package files contain all of the "
10153
"necessary files, meta-data, and instructions to implement a particular "
10154
"functionality or software application on your Ubuntu computer."
10155
msgstr ""
10156
10157
#: serverguide/C/package-management.xml:24(para)
10158
msgid ""
10159
"Debian package files typically have the extension '.deb', and typically "
10160
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10161
"collections of packages found on various media, such as CD-ROM discs, or "
10162
"online. Packages are normally of the pre-compiled binary format; thus "
10163
"installation is quick and requires no compiling of software."
10164
msgstr ""
10165
10166
#: serverguide/C/package-management.xml:27(para)
10167
msgid ""
10168
"Many complex packages use the concept of <emphasis "
10169
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10170
"packages required by the principal package in order to function properly. "
10171
"For example, the speech synthesis package "
10172
"<application>Festival</application> depends upon the package "
10173
"<application>libasound2</application>, which is a package supplying the "
10174
"<application>ALSA</application> sound library needed for audio playback. In "
10175
"order for <application>Festival</application> to function, it and all of its "
10176
"dependencies must be installed. The software management tools in Ubuntu will "
10177
"do this automatically."
10178
msgstr ""
10179
10180
#: serverguide/C/package-management.xml:32(title)
10181
msgid "dpkg"
10182
msgstr ""
10183
10184
#: serverguide/C/package-management.xml:34(para)
10185
msgid ""
10186
"<application>dpkg</application> is a package manager for "
10187
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10188
"packages, but unlike other package management system's it can not "
10189
"automatically download and install packages and their dependencies. This "
10190
"section covers using <application>dpkg</application> to manage locally "
10191
"installed packages:"
10192
msgstr ""
10193
10194
#: serverguide/C/package-management.xml:43(para)
10195
msgid ""
10196
"To list all packages installed on the system, from a terminal prompt enter:"
10197
msgstr ""
10198
10199
#: serverguide/C/package-management.xml:48(command)
10200
msgid "dpkg -l"
10201
msgstr ""
10202
10203
#: serverguide/C/package-management.xml:54(para)
10204
msgid ""
10205
"Depending on the amount of packages on your system, this can generate a "
10206
"large amount of output. Pipe the output through "
10207
"<application>grep</application> to see if a specific package is installed:"
10208
msgstr ""
10209
10210
#: serverguide/C/package-management.xml:60(command)
10211
msgid "dpkg -l | grep apache2"
10212
msgstr ""
10213
10214
#: serverguide/C/package-management.xml:63(para)
10215
msgid ""
10216
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10217
"package name, or other regular expression."
10218
msgstr ""
10219
10220
#: serverguide/C/package-management.xml:70(para)
10221
msgid ""
10222
"To list the files installed by a package, in this case the "
10223
"<application>ufw</application> package, enter:"
10224
msgstr ""
10225
10226
#: serverguide/C/package-management.xml:75(command)
10227
msgid "dpkg -L ufw"
10228
msgstr ""
10229
10230
#: serverguide/C/package-management.xml:81(para)
10231
msgid ""
10232
"If you are not sure which package installed a file, <application>dpkg -"
10233
"S</application> may be able to tell you. For example:"
10234
msgstr ""
10235
10236
#: serverguide/C/package-management.xml:87(command)
10237
msgid "dpkg -S /etc/host.conf"
10238
msgstr ""
10239
10240
#: serverguide/C/package-management.xml:88(computeroutput)
10241
#, no-wrap
10242
msgid "base-files: /etc/host.conf"
10243
msgstr ""
10244
10245
#: serverguide/C/package-management.xml:91(para)
10246
msgid ""
10247
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10248
"<application>base-files</application> package."
10249
msgstr ""
10250
10251
#: serverguide/C/package-management.xml:96(para)
10252
msgid ""
10253
"Many files are automatically generated during the package install process, "
10254
"and even though they are on the filesystem <command>dpkg -S</command> may "
10255
"not know which package they belong to."
10256
msgstr ""
10257
10258
#: serverguide/C/package-management.xml:105(para)
10259
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10260
msgstr ""
10261
10262
#: serverguide/C/package-management.xml:110(command)
10263
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10264
msgstr ""
10265
10266
#: serverguide/C/package-management.xml:113(para)
10267
msgid ""
10268
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10269
"the local .deb file."
10270
msgstr ""
10271
10272
#: serverguide/C/package-management.xml:120(para)
10273
msgid "Uninstalling a package can be accomplished by:"
10274
msgstr ""
10275
10276
#: serverguide/C/package-management.xml:125(command)
10277
msgid "sudo dpkg -r zip"
10278
msgstr ""
10279
10280
#: serverguide/C/package-management.xml:129(para)
10281
msgid ""
10282
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10283
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10284
"manager that handles dependencies, to ensure that the system is in a "
10285
"consistent state. For example using <command>dpkg -r</command> you can "
10286
"remove the <application>zip</application> package, but any packages that "
10287
"depend on it will still be installed and may no longer function correctly."
10288
msgstr ""
10289
10290
#: serverguide/C/package-management.xml:140(para)
10291
msgid ""
10292
"For more <application>dpkg</application> options see the man page: "
10293
"<command>man dpkg</command>."
10294
msgstr ""
10295
10296
#: serverguide/C/package-management.xml:146(title)
10297
msgid "Apt-Get"
10298
msgstr ""
10299
10300
#: serverguide/C/package-management.xml:147(para)
10301
msgid ""
10302
"The <application>apt-get</application> command is a powerful command-line "
10303
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10304
"(APT) performing such functions as installation of new software packages, "
10305
"upgrade of existing software packages, updating of the package list index, "
10306
"and even upgrading the entire Ubuntu system."
10307
msgstr ""
10308
10309
#: serverguide/C/package-management.xml:150(para)
10310
msgid ""
10311
"Being a simple command-line tool, <application>apt-get</application> has "
10312
"numerous advantages over other package management tools available in Ubuntu "
10313
"for server administrators. Some of these advantages include ease of use over "
10314
"simple terminal connections (SSH) and the ability to be used in system "
10315
"administration scripts, which can in turn be automated by the "
10316
"<application>cron</application> scheduling utility."
10317
msgstr ""
10318
10319
#: serverguide/C/package-management.xml:157(para)
10320
msgid ""
10321
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10322
"packages using the <application>apt-get</application> tool is quite simple. "
10323
"For example, to install the network scanner <emphasis "
10324
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10325
"<command>sudo apt-get install nmap</command>\n"
10326
"</screen>"
10327
msgstr ""
10328
10329
#: serverguide/C/package-management.xml:165(para)
10330
msgid ""
10331
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10332
"packages is also a straightforward and simple process. To remove the nmap "
10333
"package installed in the previous example, type the following: <screen>\n"
10334
"<command>sudo apt-get remove nmap</command>\n"
10335
"</screen>"
10336
msgstr ""
10337
10338
#: serverguide/C/package-management.xml:172(para)
10339
msgid ""
10340
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10341
"multiple packages to be installed or removed, separated by spaces."
10342
msgstr ""
10343
10344
#: serverguide/C/package-management.xml:175(para)
10345
msgid ""
10346
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10347
"remove</command> will remove the package configuration files as well. This "
10348
"may or may not be the desired effect so use with caution."
10349
msgstr ""
10350
10351
#: serverguide/C/package-management.xml:181(para)
10352
msgid ""
10353
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10354
"index is essentially a database of available packages from the repositories "
10355
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10356
"the local package index with the latest changes made in repositories, type "
10357
"the following: <screen>\n"
10358
"<command>sudo apt-get update</command>\n"
10359
"</screen>"
10360
msgstr ""
10361
10362
#: serverguide/C/package-management.xml:189(para)
10363
msgid ""
10364
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10365
"versions of packages currently installed on your computer may become "
10366
"available from the package repositories (for example security updates). To "
10367
"upgrade your system, first update your package index as outlined above, and "
10368
"then type: <screen>\n"
10369
"<command>sudo apt-get upgrade</command>\n"
10370
"</screen>"
10371
msgstr ""
10372
10373
#: serverguide/C/package-management.xml:195(para)
10374
msgid ""
10375
"For information on upgrading to a new Ubuntu release see <xref "
10376
"linkend=\"installing-upgrading\"/>."
10377
msgstr ""
10378
10379
#: serverguide/C/package-management.xml:153(para)
10380
msgid ""
10381
"Some examples of popular uses for the <application>apt-get</application> "
10382
"utility: <placeholder-1/>"
10383
msgstr ""
10384
10385
#: serverguide/C/package-management.xml:201(para)
10386
msgid ""
10387
"Actions of the <application>apt-get</application> command, such as "
10388
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10389
"log file."
10390
msgstr ""
10391
10392
#: serverguide/C/package-management.xml:204(para)
10393
msgid ""
10394
"For further information about the use of <application>APT</application>, "
10395
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10396
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10397
"help</screen>"
10398
msgstr ""
10399
10400
#: serverguide/C/package-management.xml:208(title)
10401
msgid "Aptitude"
10402
msgstr ""
10403
10404
#: serverguide/C/package-management.xml:209(para)
10405
msgid ""
10406
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10407
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10408
"the common package management functions, such as installation, removal, and "
10409
"upgrade, are performed in <application>Aptitude</application> with single-"
10410
"key commands, which are typically lowercase letters."
10411
msgstr ""
10412
10413
#: serverguide/C/package-management.xml:212(para)
10414
msgid ""
10415
"<application>Aptitude</application> is best suited for use in a non-"
10416
"graphical terminal environment to ensure proper functioning of the command "
10417
"keys. You may start <application>Aptitude</application> as a normal user "
10418
"with the following command at a terminal prompt: <screen>\n"
10419
"<command>sudo aptitude</command>\n"
10420
"</screen>"
10421
msgstr ""
10422
10423
#: serverguide/C/package-management.xml:219(para)
10424
msgid ""
10425
"When <application>Aptitude</application> starts, you will see a menu bar at "
10426
"the top of the screen and two panes below the menu bar. The top pane "
10427
"contains package categories, such as <emphasis role=\"italics\">New "
10428
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10429
"Packages</emphasis>. The bottom pane contains information related to the "
10430
"packages and package categories."
10431
msgstr ""
10432
10433
#: serverguide/C/package-management.xml:222(para)
10434
msgid ""
10435
"Using <application>Aptitude</application> for package management is "
10436
"relatively straightforward, and the user interface makes common tasks simple "
10437
"to perform. The following are examples of common package management "
10438
"functions as performed in <application>Aptitude</application>:"
10439
msgstr ""
10440
10441
#: serverguide/C/package-management.xml:226(para)
10442
msgid ""
10443
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10444
"locate the package via the Not Installed Packages package category, for "
10445
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10446
"key, and highlight the package you wish to install. After highlighting the "
10447
"package you wish to install, press the <keycap>+</keycap> key, and the "
10448
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10449
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10450
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10451
"again, and you will be prompted to become root to complete the installation. "
10452
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10453
"your user password to become root. Finally, press <keycap>g</keycap> once "
10454
"more and you'll be prompted to download the package. Press "
10455
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10456
"prompt, and downloading and installation of the package will commence."
10457
msgstr ""
10458
10459
#: serverguide/C/package-management.xml:230(para)
10460
msgid ""
10461
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10462
"locate the package via the Installed Packages package category, for example, "
10463
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10464
"highlight the package you wish to remove. After highlighting the package you "
10465
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10466
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10467
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10468
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10469
"prompted to become root to complete the installation. Press "
10470
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10471
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10472
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10473
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10474
"the package will commence."
10475
msgstr ""
10476
10477
#: serverguide/C/package-management.xml:234(para)
10478
msgid ""
10479
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10480
"package index, simply press the <keycap>u</keycap> key and you will be "
10481
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10482
"which will result in a Password: prompt. Enter your user password to become "
10483
"root. Updating of the package index will commence. Press "
10484
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10485
"presented to complete the process."
10486
msgstr ""
10487
10488
#: serverguide/C/package-management.xml:238(para)
10489
msgid ""
10490
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10491
"perform the update of the package index as detailed above, and then press "
10492
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10493
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10494
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10495
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10496
"result in a Password: prompt. Enter your user password to become root. "
10497
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10498
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10499
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10500
"will commence."
10501
msgstr ""
10502
10503
#: serverguide/C/package-management.xml:245(para)
10504
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10505
msgstr ""
10506
10507
#: serverguide/C/package-management.xml:250(para)
10508
msgid ""
10509
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10510
"configuration remains on system"
10511
msgstr ""
10512
10513
#: serverguide/C/package-management.xml:254(para)
10514
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10515
msgstr ""
10516
10517
#: serverguide/C/package-management.xml:258(para)
10518
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10519
msgstr ""
10520
10521
#: serverguide/C/package-management.xml:262(para)
10522
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10523
msgstr ""
10524
10525
#: serverguide/C/package-management.xml:266(para)
10526
msgid ""
10527
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10528
"configured"
10529
msgstr ""
10530
10531
#: serverguide/C/package-management.xml:270(para)
10532
msgid ""
10533
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10534
"and requires fix"
10535
msgstr ""
10536
10537
#: serverguide/C/package-management.xml:274(para)
10538
msgid ""
10539
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10540
"requires fix"
10541
msgstr ""
10542
10543
#: serverguide/C/package-management.xml:242(para)
10544
msgid ""
10545
"The first column of information displayed in the package list in the top "
10546
"pane, when actually viewing packages lists the current state of the package, "
10547
"and uses the following key to describe the state of the package: "
10548
"<placeholder-1/>"
10549
msgstr ""
10550
10551
#: serverguide/C/package-management.xml:280(para)
10552
msgid ""
10553
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10554
"wish to exit. Many other functions are available from the Aptitude menu by "
10555
"pressing the <keycap>F10</keycap> key."
10556
msgstr ""
10557
10558
#: serverguide/C/package-management.xml:285(title)
10559
msgid "Automatic Updates"
10560
msgstr ""
10561
10562
#: serverguide/C/package-management.xml:287(para)
10563
msgid ""
10564
"The <application>unattended-upgrades</application> package can be used to "
10565
"automatically install updated packages, and can be configured to update all "
10566
"packages or just install security updates. First, install the package by "
10567
"entering the following in a terminal:"
10568
msgstr ""
10569
10570
#: serverguide/C/package-management.xml:293(command)
10571
msgid "sudo apt-get install unattended-upgrades"
10572
msgstr ""
10573
10574
#: serverguide/C/package-management.xml:296(para)
10575
msgid ""
10576
"To configure <application>unattended-upgrades</application>, edit "
10577
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10578
"the following to fit your needs:"
10579
msgstr ""
10580
10581
#: serverguide/C/package-management.xml:301(programlisting)
10582
#, no-wrap
10583
msgid ""
10584
"\n"
10585
"Unattended-Upgrade::Allowed-Origins {\n"
10586
" \"Ubuntu maverick-security\";\n"
10587
"// \"Ubuntu maverick-updates\";\n"
10588
"};\n"
10589
msgstr ""
10590
10591
#: serverguide/C/package-management.xml:308(para)
10592
msgid ""
10593
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10594
"will not be automatically updated. To blacklist a package, add it to the "
10595
"list:"
10596
msgstr ""
10597
10598
#: serverguide/C/package-management.xml:313(programlisting)
10599
#, no-wrap
10600
msgid ""
10601
"\n"
10602
"Unattended-Upgrade::Package-Blacklist {\n"
10603
"// \"vim\";\n"
10604
"// \"libc6\";\n"
10605
"// \"libc6-dev\";\n"
10606
"// \"libc6-i686\";\n"
10607
"};\n"
10608
msgstr ""
10609
10610
#: serverguide/C/package-management.xml:323(para)
10611
msgid ""
10612
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10613
"whatever follows \"//\" will not be evaluated."
10614
msgstr ""
10615
10616
#: serverguide/C/package-management.xml:328(para)
10617
msgid ""
10618
"To enable automatic updates, edit "
10619
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10620
"<application>apt</application> configuration options:"
10621
msgstr ""
10622
10623
#: serverguide/C/package-management.xml:332(programlisting)
10624
#, no-wrap
10625
msgid ""
10626
"\n"
10627
"APT::Periodic::Update-Package-Lists \"1\";\n"
10628
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10629
"APT::Periodic::AutocleanInterval \"7\";\n"
10630
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10631
msgstr ""
10632
10633
#: serverguide/C/package-management.xml:339(para)
10634
msgid ""
10635
"The above configuration updates the package list, downloads, and installs "
10636
"available upgrades every day. The local download archive is cleaned every "
10637
"week."
10638
msgstr ""
10639
10640
#: serverguide/C/package-management.xml:345(para)
10641
msgid ""
10642
"You can read more about <application>apt</application> Periodic "
10643
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10644
"header."
10645
msgstr ""
10646
10647
#: serverguide/C/package-management.xml:350(para)
10648
msgid ""
10649
"The results of <application>unattended-upgrades</application> will be logged "
10650
"to <filename>/var/log/unattended-upgrades</filename>."
10651
msgstr ""
10652
10653
#: serverguide/C/package-management.xml:355(title)
10654
msgid "Notifications"
10655
msgstr ""
10656
10657
#: serverguide/C/package-management.xml:357(para)
10658
msgid ""
10659
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10660
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10661
"<application>unattended-upgrades</application> to email an administrator "
10662
"detailing any packages that need upgrading or have problems."
10663
msgstr ""
10664
10665
#: serverguide/C/package-management.xml:362(para)
10666
msgid ""
10667
"Another useful package is <application>apticron</application>. "
10668
"<application>apticron</application> will configure a "
10669
"<application>cron</application> job to email an administrator information "
10670
"about any packages on the system that have updates available, as well as a "
10671
"summary of changes in each package."
10672
msgstr ""
10673
10674
#: serverguide/C/package-management.xml:368(para)
10675
msgid ""
10676
"To install the <application>apticron</application> package, in a terminal "
10677
"enter:"
10678
msgstr ""
10679
10680
#: serverguide/C/package-management.xml:373(command)
10681
msgid "sudo apt-get install apticron"
10682
msgstr ""
10683
10684
#: serverguide/C/package-management.xml:376(para)
10685
msgid ""
10686
"Once the package is installed edit "
10687
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10688
"and other options:"
10689
msgstr ""
10690
10691
#: serverguide/C/package-management.xml:380(programlisting)
10692
#, no-wrap
10693
msgid ""
10694
"\n"
10695
"EMAIL=\"root@example.com\"\n"
10696
msgstr ""
10697
10698
#: serverguide/C/package-management.xml:389(para)
10699
msgid ""
10700
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10701
"system repositories is stored in the /etc/apt/sources.list configuration "
10702
"file. An example of this file is referenced here, along with information on "
10703
"adding or removing repository references from the file."
10704
msgstr ""
10705
10706
#: serverguide/C/package-management.xml:395(para)
10707
msgid ""
10708
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10709
"typical <filename>/etc/apt/sources.list</filename> file."
10710
msgstr ""
10711
10712
#: serverguide/C/package-management.xml:399(para)
10713
msgid ""
10714
"You may edit the file to enable repositories or disable them. For example, "
10715
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10716
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10717
"which appears at the top of the file:"
10718
msgstr ""
10719
10720
#: serverguide/C/package-management.xml:404(screen)
10721
#, no-wrap
10722
msgid ""
10723
"\n"
10724
"# no more prompting for CD-ROM please\n"
10725
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10726
"main restricted\n"
10727
msgstr ""
10728
10729
#: serverguide/C/package-management.xml:410(title)
10730
msgid "Extra Repositories"
10731
msgstr ""
10732
10733
#: serverguide/C/package-management.xml:411(para)
10734
msgid ""
10735
"In addition to the officially supported package repositories available for "
10736
"Ubuntu, there exist additional community-maintained repositories which add "
10737
"thousands more potential packages for installation. Two of the most popular "
10738
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10739
"repositories. These repositories are not officially supported by Ubuntu, but "
10740
"because they are maintained by the community they generally provide packages "
10741
"which are safe for use with your Ubuntu computer."
10742
msgstr ""
10743
10744
#: serverguide/C/package-management.xml:414(para)
10745
msgid ""
10746
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10747
"licensing issues that prevent them from being distributed with a free "
10748
"operating system, and they may be illegal in your locality."
10749
msgstr ""
10750
10751
#: serverguide/C/package-management.xml:416(para)
10752
msgid ""
10753
"Be advised that neither the <emphasis>Universe</emphasis> or "
10754
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10755
"packages. In particular, there may not be security updates for these "
10756
"packages."
10757
msgstr ""
10758
10759
#: serverguide/C/package-management.xml:420(para)
10760
msgid ""
10761
"Many other package sources are available, sometimes even offering only one "
10762
"package, as in the case of package sources provided by the developer of a "
10763
"single application. You should always be very careful and cautious when "
10764
"using non-standard package sources, however. Research the source and "
10765
"packages carefully before performing any installation, as some package "
10766
"sources and their packages could render your system unstable or non-"
10767
"functional in some respects."
10768
msgstr ""
10769
10770
#: serverguide/C/package-management.xml:423(para)
10771
msgid ""
10772
"By default, the <emphasis>Universe</emphasis> and "
10773
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10774
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10775
"comment the following lines:"
10776
msgstr ""
10777
10778
#: serverguide/C/package-management.xml:430(programlisting)
10779
#, no-wrap
10780
msgid ""
10781
"\n"
10782
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10783
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10784
"\n"
10785
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10786
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10787
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10788
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10789
"\n"
10790
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10791
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10792
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10793
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10794
"\n"
10795
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10796
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10797
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10798
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10799
msgstr ""
10800
10801
#: serverguide/C/package-management.xml:456(para)
10802
msgid ""
10803
"Most of the material covered in this chapter is available in "
10804
"<application>man</application> pages, many of which are available online."
10805
msgstr ""
10806
10807
#: serverguide/C/package-management.xml:463(para)
10808
msgid ""
10809
"The <ulink "
10810
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10811
"re</ulink> Ubuntu wiki page has more information."
10812
msgstr ""
10813
10814
#: serverguide/C/package-management.xml:468(para)
10815
msgid ""
10816
"For more <application>dpkg</application> details see the <ulink "
10817
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10818
" man page</ulink>."
10819
msgstr ""
10820
10821
#: serverguide/C/package-management.xml:474(para)
10822
msgid ""
10823
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10824
"HOWTO</ulink> and <ulink "
10825
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10826
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10827
"<application>apt-get</application> usage."
10828
msgstr ""
10829
10830
#: serverguide/C/package-management.xml:481(para)
10831
msgid ""
10832
"See the <ulink "
10833
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10834
"itude man page</ulink> for more <application>aptitude</application> options."
10835
msgstr ""
10836
10837
#: serverguide/C/package-management.xml:487(para)
10838
msgid ""
10839
"The <ulink "
10840
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10841
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10842
"adding repositories."
10843
msgstr ""
10844
10845
#: serverguide/C/other-apps.xml:13(title)
10846
msgid "Other Useful Applications"
10847
msgstr ""
10848
10849
#: serverguide/C/other-apps.xml:15(para)
10850
msgid ""
10851
"There are many very useful applications developed by the Ubuntu Server Team, "
10852
"and others that are well integrated with Ubuntu Server Edition, that might "
10853
"not be well known. This chapter will showcase some useful applications that "
10854
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10855
"easier."
10856
msgstr ""
10857
10858
#: serverguide/C/other-apps.xml:23(title)
10859
msgid "pam_motd"
10860
msgstr ""
10861
10862
#: serverguide/C/other-apps.xml:25(para)
10863
msgid ""
10864
"When logging into an Ubuntu server you may have noticed the informative "
10865
"Message Of The Day (MOTD). This information is obtained and displayed using "
10866
"a couple of packages:"
10867
msgstr ""
10868
10869
#: serverguide/C/other-apps.xml:32(para)
10870
msgid ""
10871
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10872
"<application>landscape-client</application>, which can be used to manage "
10873
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10874
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10875
"utility which is used to gather the information displayed in the MOTD."
10876
msgstr ""
10877
10878
#: serverguide/C/other-apps.xml:40(para)
10879
msgid ""
10880
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10881
"the MOTD via <application>pam_motd</application> module."
10882
msgstr ""
10883
10884
#: serverguide/C/other-apps.xml:46(para)
10885
msgid ""
10886
"<application>pam_motd</application> executes the scripts in "
10887
"<filename>/etc/update-motd.d</filename> in order based on the number "
10888
"prepended to the script. The output of the scripts is written to "
10889
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10890
"concatenated with <filename>/etc/motd.tail</filename>."
10891
msgstr ""
10892
10893
#: serverguide/C/other-apps.xml:52(para)
10894
msgid ""
10895
"You can add your own dynamic information to the MOTD. For example, to add "
10896
"local weather information:"
10897
msgstr ""
10898
10899
#: serverguide/C/other-apps.xml:58(para)
10900
msgid "First, install the <application>weather-util</application> package:"
10901
msgstr ""
10902
10903
#: serverguide/C/other-apps.xml:63(command)
10904
msgid "sudo apt-get install weather-util"
10905
msgstr ""
10906
10907
#: serverguide/C/other-apps.xml:68(para)
10908
msgid ""
10909
"The <application>weather</application> utility uses METAR data from the "
10910
"National Oceanic and Atmospheric Administration and forecasts from the "
10911
"National Weather Service. In order to find local information you will need "
10912
"the 4-character ICAO location indicator. This can be determined by browsing "
10913
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
10914
"Weather Service</ulink> site."
10915
msgstr ""
10916
10917
#: serverguide/C/other-apps.xml:75(para)
10918
msgid ""
10919
"Although the National Weather Service is a United States government agency "
10920
"there are weather stations available world wide. However, local weather "
10921
"information for all locations outside the U.S. may not be available."
10922
msgstr ""
10923
10924
#: serverguide/C/other-apps.xml:81(para)
10925
msgid ""
10926
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
10927
"script to use <application>weather</application> with your local ICAO "
10928
"indicator:"
10929
msgstr ""
10930
10931
#: serverguide/C/other-apps.xml:86(programlisting)
10932
#, no-wrap
10933
msgid ""
10934
"\n"
10935
"#!/bin/sh\n"
10936
"#\n"
10937
"#\n"
10938
"# Prints the local weather information for the MOTD.\n"
10939
"#\n"
10940
"#\n"
10941
"\n"
10942
"# Replace KINT with your local weather station.\n"
10943
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
10944
"\n"
10945
"echo\n"
10946
"weather -i KINT\n"
10947
"echo\n"
10948
"\n"
10949
msgstr ""
10950
10951
#: serverguide/C/other-apps.xml:104(para)
10952
msgid "Make the script executable:"
10953
msgstr ""
10954
10955
#: serverguide/C/other-apps.xml:109(command)
10956
msgid "sudo chmod 755 /usr/local/bin/local-weather"
10957
msgstr ""
10958
10959
#: serverguide/C/other-apps.xml:113(para)
10960
msgid ""
10961
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
10962
"weather</filename>:"
10963
msgstr ""
10964
10965
#: serverguide/C/other-apps.xml:118(command)
10966
msgid ""
10967
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
10968
msgstr ""
10969
10970
#: serverguide/C/other-apps.xml:122(para)
10971
msgid "Finally, exit the server and re-login to view the new MOTD."
10972
msgstr ""
10973
10974
#: serverguide/C/other-apps.xml:128(para)
10975
msgid ""
10976
"You should now be greeted with some useful information, and some information "
10977
"about the local weather that may not be quite so useful. Hopefully the "
10978
"<application>local-weather</application> example demonstrates the "
10979
"flexibility of <application>pam_motd</application>."
10980
msgstr ""
10981
10982
#: serverguide/C/other-apps.xml:136(title)
10983
msgid "etckeeper"
10984
msgstr ""
10985
10986
#: serverguide/C/other-apps.xml:138(para)
10987
msgid ""
10988
"<application>etckeeper</application> allows the contents of <filename "
10989
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10990
"System (VCS) repository. It hooks into <application>apt</application> to "
10991
"automatically commit changes to <filename>/etc</filename> when packages are "
10992
"installed or upgraded. Placing <filename>/etc</filename> under version "
10993
"control is considered an industry best practice, and the goal of "
10994
"<application>etckeeper</application> is to make this process as painless as "
10995
"possible."
10996
msgstr ""
10997
10998
#: serverguide/C/other-apps.xml:146(para)
10999
msgid ""
11000
"Install <application>etckeeper</application> by entering the following in a "
11001
"terminal:"
11002
msgstr ""
11003
11004
#: serverguide/C/other-apps.xml:151(command)
11005
msgid "sudo apt-get install etckeeper"
11006
msgstr ""
11007
11008
#: serverguide/C/other-apps.xml:154(para)
11009
msgid ""
11010
"The main configuration file, "
11011
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11012
"main option is which VCS to use. By default "
11013
"<application>etckeeper</application> is configured to use "
11014
"<application>bzr</application> for version control. The repository is "
11015
"automatically initialized (and committed for the first time) during package "
11016
"installation. It is possible to undo this by entering the following command:"
11017
msgstr ""
11018
11019
#: serverguide/C/other-apps.xml:164(command)
11020
msgid "sudo etckeeper uninit"
11021
msgstr ""
11022
11023
#: serverguide/C/other-apps.xml:167(para)
11024
msgid ""
11025
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11026
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11027
"It will also automatically commit changes before and after package "
11028
"installation. For a more precise tracking of changes, it is recommended to "
11029
"commit your changes manually, together with a commit message, using:"
11030
msgstr ""
11031
11032
#: serverguide/C/other-apps.xml:176(command)
11033
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11034
msgstr ""
11035
11036
#: serverguide/C/other-apps.xml:179(para)
11037
msgid ""
11038
"Using the VCS commands you can view log information about files in "
11039
"<filename>/etc</filename>:"
11040
msgstr ""
11041
11042
#: serverguide/C/other-apps.xml:184(command)
11043
msgid "sudo bzr log /etc/passwd"
11044
msgstr ""
11045
11046
#: serverguide/C/other-apps.xml:187(para)
11047
msgid ""
11048
"To demonstrate the integration with the package management system, install "
11049
"<application>postfix</application>:"
11050
msgstr ""
11051
11052
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11053
msgid "sudo apt-get install postfix"
11054
msgstr ""
11055
11056
#: serverguide/C/other-apps.xml:195(para)
11057
msgid ""
11058
"When the installation is finished, all the "
11059
"<application>postfix</application> configuration files should be committed "
11060
"to the repository:"
11061
msgstr ""
11062
11063
#: serverguide/C/other-apps.xml:201(computeroutput)
11064
#, no-wrap
11065
msgid ""
11066
"Committing to: /etc/\n"
11067
"added aliases.db\n"
11068
"modified group\n"
11069
"modified group-\n"
11070
"modified gshadow\n"
11071
"modified gshadow-\n"
11072
"modified passwd\n"
11073
"modified passwd-\n"
11074
"added postfix\n"
11075
"added resolvconf\n"
11076
"added rsyslog.d\n"
11077
"modified shadow\n"
11078
"modified shadow-\n"
11079
"added init.d/postfix\n"
11080
"added network/if-down.d/postfix\n"
11081
"added network/if-up.d/postfix\n"
11082
"added postfix/dynamicmaps.cf\n"
11083
"added postfix/main.cf\n"
11084
"added postfix/master.cf\n"
11085
"added postfix/post-install\n"
11086
"added postfix/postfix-files\n"
11087
"added postfix/postfix-script\n"
11088
"added postfix/sasl\n"
11089
"added ppp/ip-down.d\n"
11090
"added ppp/ip-down.d/postfix\n"
11091
"added ppp/ip-up.d/postfix\n"
11092
"added rc0.d/K20postfix\n"
11093
"added rc1.d/K20postfix\n"
11094
"added rc2.d/S20postfix\n"
11095
"added rc3.d/S20postfix\n"
11096
"added rc4.d/S20postfix\n"
11097
"added rc5.d/S20postfix\n"
11098
"added rc6.d/K20postfix\n"
11099
"added resolvconf/update-libc.d\n"
11100
"added resolvconf/update-libc.d/postfix\n"
11101
"added rsyslog.d/postfix.conf\n"
11102
"added ufw/applications.d/postfix\n"
11103
"Committed revision 2."
11104
msgstr ""
11105
11106
#: serverguide/C/other-apps.xml:241(para)
11107
msgid ""
11108
"For an example of how <application>etckeeper</application> tracks manual "
11109
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11110
"<application>bzr</application> you can see which files have been modified:"
11111
msgstr ""
11112
11113
#: serverguide/C/other-apps.xml:247(command)
11114
msgid "sudo bzr status /etc/"
11115
msgstr ""
11116
11117
#: serverguide/C/other-apps.xml:248(computeroutput)
11118
#, no-wrap
11119
msgid ""
11120
"modified:\n"
11121
" hosts"
11122
msgstr ""
11123
11124
#: serverguide/C/other-apps.xml:252(para)
11125
msgid "Now commit the changes:"
11126
msgstr ""
11127
11128
#: serverguide/C/other-apps.xml:257(command)
11129
msgid "sudo etckeeper commit \"new host\""
11130
msgstr ""
11131
11132
#: serverguide/C/other-apps.xml:260(para)
11133
msgid ""
11134
"For more information on <application>bzr</application> see <xref "
11135
"linkend=\"bazaar\"/>."
11136
msgstr ""
11137
11138
#: serverguide/C/other-apps.xml:266(title)
11139
msgid "Byobu"
11140
msgstr ""
11141
11142
#: serverguide/C/other-apps.xml:268(para)
11143
msgid ""
11144
"One of the most useful applications for any system administrator is "
11145
"<application>screen</application>. It allows the execution of multiple "
11146
"shells in one terminal. To make some of the advanced "
11147
"<application>screen</application> features more user friendly, and provide "
11148
"some useful information about the system, the "
11149
"<application>byobu</application> package was created."
11150
msgstr ""
11151
11152
#: serverguide/C/other-apps.xml:275(para)
11153
msgid ""
11154
"When executing <application>byobu</application> pressing the "
11155
"<emphasis>F9</emphasis> key will bring up the "
11156
"<application>Configuration</application> menu. This menu will allow you to:"
11157
msgstr ""
11158
11159
#: serverguide/C/other-apps.xml:281(para)
11160
msgid "View the Help menu"
11161
msgstr ""
11162
11163
#: serverguide/C/other-apps.xml:282(para)
11164
msgid "Change Byobu's background color"
11165
msgstr ""
11166
11167
#: serverguide/C/other-apps.xml:283(para)
11168
msgid "Change Byobu's foreground color"
11169
msgstr ""
11170
11171
#: serverguide/C/other-apps.xml:284(para)
11172
msgid "Toggle status notifications"
11173
msgstr ""
11174
11175
#: serverguide/C/other-apps.xml:285(para)
11176
msgid "Change the key binding set"
11177
msgstr ""
11178
11179
#: serverguide/C/other-apps.xml:286(para)
11180
msgid "Change the escape sequence"
11181
msgstr ""
11182
11183
#: serverguide/C/other-apps.xml:287(para)
11184
msgid "Create new windows"
11185
msgstr ""
11186
11187
#: serverguide/C/other-apps.xml:288(para)
11188
msgid "Manage the default windows"
11189
msgstr ""
11190
11191
#: serverguide/C/other-apps.xml:289(para)
11192
msgid "Byobu currently does not launch at login (toggle on)"
11193
msgstr ""
11194
11195
#: serverguide/C/other-apps.xml:292(para)
11196
msgid ""
11197
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11198
"sequence, new window, change window, etc. There are two key binding sets to "
11199
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11200
"keys</emphasis>. If you wish to use the original key bindings choose the "
11201
"<emphasis>none</emphasis> set."
11202
msgstr ""
11203
11204
#: serverguide/C/other-apps.xml:298(para)
11205
msgid ""
11206
"<application>byobu</application> provides a menu which displays the Ubuntu "
11207
"release, processor information, memory information, and the time and date. "
11208
"The effect is similar to a desktop menu."
11209
msgstr ""
11210
11211
#: serverguide/C/other-apps.xml:303(para)
11212
msgid ""
11213
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11214
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11215
"executed any time a terminal is opened. Changes made to "
11216
"<application>byobu</application> are on a per user basis, and will not "
11217
"affect other users on the system."
11218
msgstr ""
11219
11220
#: serverguide/C/other-apps.xml:309(para)
11221
msgid ""
11222
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11223
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11224
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11225
"commands. Here is a quick list of movement commands:"
11226
msgstr ""
11227
11228
#: serverguide/C/other-apps.xml:316(para)
11229
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11230
msgstr ""
11231
11232
#: serverguide/C/other-apps.xml:317(para)
11233
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11234
msgstr ""
11235
11236
#: serverguide/C/other-apps.xml:318(para)
11237
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11238
msgstr ""
11239
11240
#: serverguide/C/other-apps.xml:319(para)
11241
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11242
msgstr ""
11243
11244
#: serverguide/C/other-apps.xml:320(para)
11245
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11246
msgstr ""
11247
11248
#: serverguide/C/other-apps.xml:321(para)
11249
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11250
msgstr ""
11251
11252
#: serverguide/C/other-apps.xml:322(para)
11253
msgid ""
11254
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11255
"the buffer)"
11256
msgstr ""
11257
11258
#: serverguide/C/other-apps.xml:323(para)
11259
msgid "<emphasis>/</emphasis> - Search forward"
11260
msgstr ""
11261
11262
#: serverguide/C/other-apps.xml:324(para)
11263
msgid "<emphasis>?</emphasis> - Search backward"
11264
msgstr ""
11265
11266
#: serverguide/C/other-apps.xml:325(para)
11267
msgid ""
11268
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11269
msgstr ""
11270
11271
#: serverguide/C/other-apps.xml:334(para)
11272
msgid ""
11273
"See the <ulink "
11274
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11275
"motd.1.html\">update-motd man page</ulink> for more options available to "
11276
"<application>update-motd</application>."
11277
msgstr ""
11278
11279
#: serverguide/C/other-apps.xml:340(para)
11280
msgid ""
11281
"The Debian Package of the Day <ulink "
11282
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11283
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11284
"details about using the <application>weather</application>utility."
11285
msgstr ""
11286
11287
#: serverguide/C/other-apps.xml:347(para)
11288
msgid ""
11289
"See the <ulink "
11290
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11291
"more details on using <application>etckeeper</application>."
11292
msgstr ""
11293
11294
#: serverguide/C/other-apps.xml:353(para)
11295
msgid ""
11296
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11297
"Ubuntu Wiki</ulink> page."
11298
msgstr ""
11299
11300
#: serverguide/C/other-apps.xml:358(para)
11301
msgid ""
11302
"For the latest news and information about <application>bzr</application> see "
11303
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11304
msgstr ""
11305
11306
#: serverguide/C/other-apps.xml:363(para)
11307
msgid ""
11308
"For more information on <application>screen</application> see the <ulink "
11309
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11310
msgstr ""
11311
11312
#: serverguide/C/other-apps.xml:368(para)
11313
msgid ""
11314
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11315
"screen</ulink> page."
11316
msgstr ""
11317
11318
#: serverguide/C/other-apps.xml:373(para)
11319
msgid ""
11320
"Also, see the <application>byobu</application><ulink "
11321
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11322
"information."
11323
msgstr ""
11324
11325
#: serverguide/C/network-config.xml:14(para)
11326
msgid ""
11327
"Networks consist of two or more devices, such as computer systems, printers, "
11328
"and related equipment which are connected by either physical cabling or "
11329
"wireless links for the purpose of sharing and distributing information among "
11330
"the connected devices."
11331
msgstr ""
11332
11333
#: serverguide/C/network-config.xml:20(para)
11334
msgid ""
11335
"This section provides general and specific information pertaining to "
11336
"networking, including an overview of network concepts and detailed "
11337
"discussion of popular network protocols."
11338
msgstr ""
11339
11340
#: serverguide/C/network-config.xml:27(title)
11341
msgid "Network Configuration"
11342
msgstr ""
11343
11344
#: serverguide/C/network-config.xml:28(para)
11345
msgid ""
11346
"Ubuntu ships with a number of graphical utilities to configure your network "
11347
"devices. This document is geared toward server administrators and will focus "
11348
"on managing your network on the command line."
11349
msgstr ""
11350
11351
#: serverguide/C/network-config.xml:35(title)
11352
msgid "Ethernet Interfaces"
11353
msgstr ""
11354
11355
#: serverguide/C/network-config.xml:36(para)
11356
msgid ""
11357
"Ethernet interfaces are identified by the system using the naming convention "
11358
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11359
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11360
"interface is typically identified as <emphasis "
11361
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11362
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11363
"order."
11364
msgstr ""
11365
11366
#: serverguide/C/network-config.xml:46(title)
11367
msgid "Identify Ethernet Interfaces"
11368
msgstr ""
11369
11370
#: serverguide/C/network-config.xml:47(para)
11371
msgid ""
11372
"To quickly identify all available Ethernet interfaces, you can use the "
11373
"<application>ifconfig</application> command as shown below."
11374
msgstr ""
11375
11376
#: serverguide/C/network-config.xml:52(userinput)
11377
#, no-wrap
11378
msgid "ifconfig -a | grep eth"
11379
msgstr ""
11380
11381
#: serverguide/C/network-config.xml:51(screen)
11382
#, no-wrap
11383
msgid ""
11384
"\n"
11385
"<placeholder-1/>\n"
11386
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11387
msgstr ""
11388
11389
#: serverguide/C/network-config.xml:55(para)
11390
msgid ""
11391
"Another application that can help identify all network interfaces available "
11392
"to your system is the <application>lshw</application> command. In the "
11393
"example below, <application>lshw</application> shows a single Ethernet "
11394
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11395
"along with bus information, driver details and all supported capabilities."
11396
msgstr ""
11397
11398
#: serverguide/C/network-config.xml:62(userinput)
11399
#, no-wrap
11400
msgid "sudo lshw -class network"
11401
msgstr ""
11402
11403
#: serverguide/C/network-config.xml:61(screen)
11404
#, no-wrap
11405
msgid ""
11406
"\n"
11407
"<placeholder-1/>\n"
11408
" *-network\n"
11409
" description: Ethernet interface\n"
11410
" product: BCM4401-B0 100Base-TX\n"
11411
" vendor: Broadcom Corporation\n"
11412
" physical id: 0\n"
11413
" bus info: pci@0000:03:00.0\n"
11414
" logical name: eth0\n"
11415
" version: 02\n"
11416
" serial: 00:15:c5:4a:16:5a\n"
11417
" size: 10MB/s\n"
11418
" capacity: 100MB/s\n"
11419
" width: 32 bits\n"
11420
" clock: 33MHz\n"
11421
" capabilities: (snipped for brevity)\n"
11422
" configuration: (snipped for brevity)\n"
11423
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11424
msgstr ""
11425
11426
#: serverguide/C/network-config.xml:83(title)
11427
msgid "Ethernet Interface Logical Names"
11428
msgstr ""
11429
11430
#: serverguide/C/network-config.xml:84(para)
11431
msgid ""
11432
"Interface logical names are configured in the file "
11433
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11434
"like control which interface receives a particular logical name, find the "
11435
"line matching the interfaces physical MAC address and modify the value of "
11436
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11437
"Reboot the system to commit your changes."
11438
msgstr ""
11439
11440
#: serverguide/C/network-config.xml:92(programlisting)
11441
#, no-wrap
11442
msgid ""
11443
"\n"
11444
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11445
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11446
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11447
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11448
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11449
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11450
msgstr ""
11451
11452
#: serverguide/C/network-config.xml:99(title)
11453
msgid "Ethernet Interface Settings"
11454
msgstr ""
11455
11456
#: serverguide/C/network-config.xml:100(para)
11457
msgid ""
11458
"<application>ethtool</application> is a program that displays and changes "
11459
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11460
"and Wake-on-LAN. It is not installed by default, but is available for "
11461
"installation in the repositories."
11462
msgstr ""
11463
11464
#: serverguide/C/network-config.xml:106(userinput)
11465
#, no-wrap
11466
msgid "sudo apt-get install ethtool"
11467
msgstr ""
11468
11469
#: serverguide/C/network-config.xml:108(para)
11470
msgid ""
11471
"The following is an example of how to view supported features and configured "
11472
"settings of an Ethernet interface."
11473
msgstr ""
11474
11475
#: serverguide/C/network-config.xml:113(userinput)
11476
#, no-wrap
11477
msgid "sudo ethtool eth0"
11478
msgstr ""
11479
11480
#: serverguide/C/network-config.xml:112(screen)
11481
#, no-wrap
11482
msgid ""
11483
"\n"
11484
"<placeholder-1/>\n"
11485
"Settings for eth0:\n"
11486
" Supported ports: [ TP ]\n"
11487
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11488
" 100baseT/Half 100baseT/Full \n"
11489
" 1000baseT/Half 1000baseT/Full \n"
11490
" Supports auto-negotiation: Yes\n"
11491
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11492
" 100baseT/Half 100baseT/Full \n"
11493
" 1000baseT/Half 1000baseT/Full \n"
11494
" Advertised auto-negotiation: Yes\n"
11495
" Speed: 1000Mb/s\n"
11496
" Duplex: Full\n"
11497
" Port: Twisted Pair\n"
11498
" PHYAD: 1\n"
11499
" Transceiver: internal\n"
11500
" Auto-negotiation: on\n"
11501
" Supports Wake-on: g\n"
11502
" Wake-on: d\n"
11503
" Current message level: 0x000000ff (255)\n"
11504
" Link detected: yes\n"
11505
msgstr ""
11506
11507
#: serverguide/C/network-config.xml:135(para)
11508
msgid ""
11509
"Changes made with the <application>ethtool</application> command are "
11510
"temporary and will be lost after a reboot. If you would like to retain "
11511
"settings, simply add the desired <application>ethtool</application> command "
11512
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11513
"configuration file <filename>/etc/network/interfaces</filename>."
11514
msgstr ""
11515
11516
#: serverguide/C/network-config.xml:141(para)
11517
msgid ""
11518
"The following is an example of how the interface identified as <emphasis "
11519
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11520
"speed of 1000Mb/s running in full duplex mode."
11521
msgstr ""
11522
11523
#: serverguide/C/network-config.xml:145(programlisting)
11524
#, no-wrap
11525
msgid ""
11526
"\n"
11527
"auto eth0\n"
11528
"iface eth0 inet static\n"
11529
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11530
msgstr ""
11531
11532
#: serverguide/C/network-config.xml:151(para)
11533
msgid ""
11534
"Although the example above shows the interface configured to use the "
11535
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11536
"other methods as well, such as DHCP. The example is meant to demonstrate "
11537
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11538
"statement in relation to the rest of the interface configuration."
11539
msgstr ""
11540
11541
#: serverguide/C/network-config.xml:163(title)
11542
msgid "IP Addressing"
11543
msgstr ""
11544
11545
#: serverguide/C/network-config.xml:164(para)
11546
msgid ""
11547
"The following section describes the process of configuring your systems IP "
11548
"address and default gateway needed for communicating on a local area network "
11549
"and the Internet."
11550
msgstr ""
11551
11552
#: serverguide/C/network-config.xml:171(title)
11553
msgid "Temporary IP Address Assignment"
11554
msgstr ""
11555
11556
#: serverguide/C/network-config.xml:172(para)
11557
msgid ""
11558
"For temporary network configurations, you can use standard commands such as "
11559
"<application>ip</application>, <application>ifconfig</application> and "
11560
"<application>route</application>, which are also found on most other "
11561
"GNU/Linux operating systems. These commands allow you to configure settings "
11562
"which take effect immediately, however they are not persistent and will be "
11563
"lost after a reboot."
11564
msgstr ""
11565
11566
#: serverguide/C/network-config.xml:180(para)
11567
msgid ""
11568
"To temporarily configure an IP address, you can use the "
11569
"<application>ifconfig</application> command in the following manner. Just "
11570
"modify the IP address and subnet mask to match your network requirements."
11571
msgstr ""
11572
11573
#: serverguide/C/network-config.xml:186(userinput)
11574
#, no-wrap
11575
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11576
msgstr ""
11577
11578
#: serverguide/C/network-config.xml:188(para)
11579
msgid ""
11580
"To verify the IP address configuration of <application>eth0</application>, "
11581
"you can use the <application>ifconfig</application> command in the following "
11582
"manner."
11583
msgstr ""
11584
11585
#: serverguide/C/network-config.xml:193(userinput)
11586
#, no-wrap
11587
msgid "ifconfig eth0"
11588
msgstr ""
11589
11590
#: serverguide/C/network-config.xml:192(screen)
11591
#, no-wrap
11592
msgid ""
11593
"\n"
11594
"<placeholder-1/>\n"
11595
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11596
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11597
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11598
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11599
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11600
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11601
" collisions:0 txqueuelen:1000 \n"
11602
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11603
" Interrupt:16 \n"
11604
msgstr ""
11605
11606
#: serverguide/C/network-config.xml:204(para)
11607
msgid ""
11608
"To configure a default gateway, you can use the "
11609
"<application>route</application> command in the following manner. Modify the "
11610
"default gateway address to match your network requirements."
11611
msgstr ""
11612
11613
#: serverguide/C/network-config.xml:210(userinput)
11614
#, no-wrap
11615
msgid "sudo route add default gw 10.0.0.1 eth0"
11616
msgstr ""
11617
11618
#: serverguide/C/network-config.xml:212(para)
11619
msgid ""
11620
"To verify your default gateway configuration, you can use the "
11621
"<application>route</application> command in the following manner."
11622
msgstr ""
11623
11624
#: serverguide/C/network-config.xml:217(userinput)
11625
#, no-wrap
11626
msgid "route -n"
11627
msgstr ""
11628
11629
#: serverguide/C/network-config.xml:216(screen)
11630
#, no-wrap
11631
msgid ""
11632
"\n"
11633
"<placeholder-1/>\n"
11634
"Kernel IP routing table\n"
11635
"Destination Gateway Genmask Flags Metric Ref Use "
11636
"Iface\n"
11637
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11638
"eth0\n"
11639
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11640
"eth0\n"
11641
msgstr ""
11642
11643
#: serverguide/C/network-config.xml:223(para)
11644
msgid ""
11645
"If you require DNS for your temporary network configuration, you can add DNS "
11646
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11647
"example below shows how to enter two DNS servers to "
11648
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11649
"appropriate for your network. A more lengthy description of DNS client "
11650
"configuration is in a following section."
11651
msgstr ""
11652
11653
#: serverguide/C/network-config.xml:230(programlisting)
11654
#, no-wrap
11655
msgid ""
11656
"\n"
11657
"nameserver 8.8.8.8\n"
11658
"nameserver 8.8.4.4\n"
11659
msgstr ""
11660
11661
#: serverguide/C/network-config.xml:234(para)
11662
msgid ""
11663
"If you no longer need this configuration and wish to purge all IP "
11664
"configuration from an interface, you can use the "
11665
"<application>ip</application> command with the flush option as shown below."
11666
msgstr ""
11667
11668
#: serverguide/C/network-config.xml:240(userinput)
11669
#, no-wrap
11670
msgid "ip addr flush eth0"
11671
msgstr ""
11672
11673
#: serverguide/C/network-config.xml:243(para)
11674
msgid ""
11675
"Flushing the IP configuration using the <application>ip</application> "
11676
"command does not clear the contents of "
11677
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11678
"entries manually."
11679
msgstr ""
11680
11681
#: serverguide/C/network-config.xml:251(title)
11682
msgid "Dynamic IP Address Assignment (DHCP Client)"
11683
msgstr ""
11684
11685
#: serverguide/C/network-config.xml:252(para)
11686
msgid ""
11687
"To configure your server to use DHCP for dynamic address assignment, add the "
11688
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11689
"statement for the appropriate interface in the file "
11690
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11691
"are configuring your first Ethernet interface identified as <emphasis "
11692
"role=\"italic\">eth0</emphasis>."
11693
msgstr ""
11694
11695
#: serverguide/C/network-config.xml:259(programlisting)
11696
#, no-wrap
11697
msgid ""
11698
"\n"
11699
"auto eth0\n"
11700
"iface eth0 inet dhcp\n"
11701
msgstr ""
11702
11703
#: serverguide/C/network-config.xml:263(para)
11704
msgid ""
11705
"By adding an interface configuration as shown above, you can manually enable "
11706
"the interface through the <application>ifup</application> command which "
11707
"initiates the DHCP process via <application>dhclient</application>."
11708
msgstr ""
11709
11710
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11711
#, no-wrap
11712
msgid "sudo ifup eth0"
11713
msgstr ""
11714
11715
#: serverguide/C/network-config.xml:271(para)
11716
msgid ""
11717
"To manually disable the interface, you can use the "
11718
"<application>ifdown</application> command, which in turn will initiate the "
11719
"DHCP release process and shut down the interface."
11720
msgstr ""
11721
11722
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11723
#, no-wrap
11724
msgid "sudo ifdown eth0"
11725
msgstr ""
11726
11727
#: serverguide/C/network-config.xml:282(title)
11728
msgid "Static IP Address Assignment"
11729
msgstr ""
11730
11731
#: serverguide/C/network-config.xml:283(para)
11732
msgid ""
11733
"To configure your system to use a static IP address assignment, add the "
11734
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11735
"family statement for the appropriate interface in the file "
11736
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11737
"are configuring your first Ethernet interface identified as <emphasis "
11738
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11739
"role=\"italic\">address</emphasis>, <emphasis "
11740
"role=\"italic\">netmask</emphasis>, and <emphasis "
11741
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11742
"network."
11743
msgstr ""
11744
11745
#: serverguide/C/network-config.xml:292(programlisting)
11746
#, no-wrap
11747
msgid ""
11748
"\n"
11749
"auto eth0\n"
11750
"iface eth0 inet static\n"
11751
"address 10.0.0.100\n"
11752
"netmask 255.255.255.0\n"
11753
"gateway 10.0.0.1\n"
11754
msgstr ""
11755
11756
#: serverguide/C/network-config.xml:299(para)
11757
msgid ""
11758
"By adding an interface configuration as shown above, you can manually enable "
11759
"the interface through the <application>ifup</application> command."
11760
msgstr ""
11761
11762
#: serverguide/C/network-config.xml:306(para)
11763
msgid ""
11764
"To manually disable the interface, you can use the "
11765
"<application>ifdown</application> command."
11766
msgstr ""
11767
11768
#: serverguide/C/network-config.xml:316(title)
11769
msgid "Loopback Interface"
11770
msgstr ""
11771
11772
#: serverguide/C/network-config.xml:317(para)
11773
msgid ""
11774
"The loopback interface is identified by the system as <emphasis "
11775
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11776
"can be viewed using the ifconfig command."
11777
msgstr ""
11778
11779
#: serverguide/C/network-config.xml:322(userinput)
11780
#, no-wrap
11781
msgid "ifconfig lo"
11782
msgstr ""
11783
11784
#: serverguide/C/network-config.xml:321(screen)
11785
#, no-wrap
11786
msgid ""
11787
"\n"
11788
"<placeholder-1/>\n"
11789
"lo Link encap:Local Loopback \n"
11790
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11791
" inet6 addr: ::1/128 Scope:Host\n"
11792
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11793
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11794
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11795
" collisions:0 txqueuelen:0 \n"
11796
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11797
msgstr ""
11798
11799
#: serverguide/C/network-config.xml:332(para)
11800
msgid ""
11801
"By default, there should be two lines in "
11802
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11803
"configuring your loopback interface. It is recommended that you keep the "
11804
"default settings unless you have a specific purpose for changing them. An "
11805
"example of the two default lines are shown below."
11806
msgstr ""
11807
11808
#: serverguide/C/network-config.xml:338(programlisting)
11809
#, no-wrap
11810
msgid ""
11811
"\n"
11812
"auto lo\n"
11813
"iface lo inet loopback\n"
11814
msgstr ""
11815
11816
#: serverguide/C/network-config.xml:347(title)
11817
msgid "Name Resolution"
11818
msgstr ""
11819
11820
#: serverguide/C/network-config.xml:348(para)
11821
msgid ""
11822
"Name resolution as it relates to IP networking is the process of mapping IP "
11823
"addresses to hostnames, making it easier to identify resources on a network. "
11824
"The following section will explain how to properly configure your system for "
11825
"name resolution using DNS and static hostname records."
11826
msgstr ""
11827
11828
#: serverguide/C/network-config.xml:356(title)
11829
msgid "DNS Client Configuration"
11830
msgstr ""
11831
11832
#: serverguide/C/network-config.xml:357(para)
11833
msgid ""
11834
"To configure your system to use DNS for name resolution, add the IP "
11835
"addresses of the DNS servers that are appropriate for your network in the "
11836
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11837
"suffix search-lists to match your network domain names."
11838
msgstr ""
11839
11840
#: serverguide/C/network-config.xml:362(para)
11841
msgid ""
11842
"Below is an example of a typical configuration of "
11843
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11844
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11845
msgstr ""
11846
11847
#: serverguide/C/network-config.xml:367(programlisting)
11848
#, no-wrap
11849
msgid ""
11850
"\n"
11851
"search example.com\n"
11852
"nameserver 8.8.8.8\n"
11853
"nameserver 8.8.4.4\n"
11854
msgstr ""
11855
11856
#: serverguide/C/network-config.xml:372(para)
11857
msgid ""
11858
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11859
"multiple domain names so that DNS queries will be appended in the order in "
11860
"which they are entered. For example, your network may have multiple sub-"
11861
"domains to search; a parent domain of <emphasis "
11862
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11863
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11864
"role=\"italic\">dev.example.com</emphasis>."
11865
msgstr ""
11866
11867
#: serverguide/C/network-config.xml:380(para)
11868
msgid ""
11869
"If you have multiple domains you wish to search, your configuration might "
11870
"look like the following."
11871
msgstr ""
11872
11873
#: serverguide/C/network-config.xml:383(programlisting)
11874
#, no-wrap
11875
msgid ""
11876
"\n"
11877
"search example.com sales.example.com dev.example.com\n"
11878
"nameserver 8.8.8.8\n"
11879
"nameserver 8.8.4.4\n"
11880
msgstr ""
11881
11882
#: serverguide/C/network-config.xml:388(para)
11883
msgid ""
11884
"If you try to ping a host with the name of <emphasis "
11885
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11886
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11887
msgstr ""
11888
11889
#: serverguide/C/network-config.xml:394(para)
11890
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11891
msgstr ""
11892
11893
#: serverguide/C/network-config.xml:399(para)
11894
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11895
msgstr ""
11896
11897
#: serverguide/C/network-config.xml:404(para)
11898
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11899
msgstr ""
11900
11901
#: serverguide/C/network-config.xml:409(para)
11902
msgid ""
11903
"If no matches are found, the DNS server will provide a result of <emphasis "
11904
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11905
msgstr ""
11906
11907
#: serverguide/C/network-config.xml:416(title)
11908
msgid "Static Hostnames"
11909
msgstr ""
11910
11911
#: serverguide/C/network-config.xml:417(para)
11912
msgid ""
11913
"Static hostnames are locally defined hostname-to-IP mappings located in the "
11914
"file <filename>/etc/hosts</filename>. Entries in the "
11915
"<filename>hosts</filename> file will have precedence over DNS by default. "
11916
"This means that if your system tries to resolve a hostname and it matches an "
11917
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
11918
"some configurations, especially when Internet access is not required, "
11919
"servers that communicate with a limited number of resources can be "
11920
"conveniently set to use static hostnames instead of DNS."
11921
msgstr ""
11922
11923
#: serverguide/C/network-config.xml:424(para)
11924
msgid ""
11925
"The following is an example of a <filename>hosts</filename> file where a "
11926
"number of local servers have been identified by simple hostnames, aliases "
11927
"and their equivalent Fully Qualified Domain Names (FQDN's)."
11928
msgstr ""
11929
11930
#: serverguide/C/network-config.xml:428(programlisting)
11931
#, no-wrap
11932
msgid ""
11933
"\n"
11934
"127.0.0.1\tlocalhost\n"
11935
"127.0.1.1\tubuntu-server\n"
11936
"10.0.0.11\tserver1 vpn server1.example.com\n"
11937
"10.0.0.12\tserver2 mail server2.example.com\n"
11938
"10.0.0.13\tserver3 www server3.example.com\n"
11939
"10.0.0.14\tserver4 file server4.example.com\n"
11940
msgstr ""
11941
11942
#: serverguide/C/network-config.xml:437(para)
11943
msgid ""
11944
"In the above example, notice that each of the servers have been given "
11945
"aliases in addition to their proper names and FQDN's. <emphasis "
11946
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
11947
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
11948
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
11949
"role=\"italic\">server3</emphasis> as <emphasis "
11950
"role=\"italic\">www</emphasis>, and <emphasis "
11951
"role=\"italic\">server4</emphasis> as <emphasis "
11952
"role=\"italic\">file</emphasis>."
11953
msgstr ""
11954
11955
#: serverguide/C/network-config.xml:449(title)
11956
msgid "Name Service Switch Configuration"
11957
msgstr ""
11958
11959
#: serverguide/C/network-config.xml:450(para)
11960
msgid ""
11961
"The order in which your system selects a method of resolving hostnames to IP "
11962
"addresses is controlled by the Name Service Switch (NSS) configuration file "
11963
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
11964
"section, typically static hostnames defined in the systems "
11965
"<filename>/etc/hosts</filename> file have precedence over names resolved "
11966
"from DNS. The following is an example of the line responsible for this order "
11967
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
11968
msgstr ""
11969
11970
#: serverguide/C/network-config.xml:458(programlisting)
11971
#, no-wrap
11972
msgid ""
11973
"\n"
11974
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
11975
msgstr ""
11976
11977
#: serverguide/C/network-config.xml:464(para)
11978
msgid ""
11979
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
11980
"hostnames located in <filename>/etc/hosts</filename>."
11981
msgstr ""
11982
11983
#: serverguide/C/network-config.xml:470(para)
11984
msgid ""
11985
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
11986
"name using Multicast DNS."
11987
msgstr ""
11988
11989
#: serverguide/C/network-config.xml:475(para)
11990
msgid ""
11991
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
11992
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
11993
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
11994
"authoritative and that the system should not try to continue hunting for an "
11995
"answer."
11996
msgstr ""
11997
11998
#: serverguide/C/network-config.xml:483(para)
11999
msgid ""
12000
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12001
msgstr ""
12002
12003
#: serverguide/C/network-config.xml:488(para)
12004
msgid ""
12005
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12006
msgstr ""
12007
12008
#: serverguide/C/network-config.xml:494(para)
12009
msgid ""
12010
"To modify the order of the above mentioned name resolution methods, you can "
12011
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12012
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12013
"versus Multicast DNS, you can change the string in "
12014
"<filename>/etc/nsswitch.conf</filename> as shown below."
12015
msgstr ""
12016
12017
#: serverguide/C/network-config.xml:501(programlisting)
12018
#, no-wrap
12019
msgid ""
12020
"\n"
12021
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12022
msgstr ""
12023
12024
#: serverguide/C/network-config.xml:508(title)
12025
msgid "Bridging"
12026
msgstr ""
12027
12028
#: serverguide/C/network-config.xml:510(para)
12029
msgid ""
12030
"Bridging multiple interfaces is a more advanced configuration, but is very "
12031
"useful in multiple scenarios. One scenario is setting up a bridge with "
12032
"multiple network interfaces, then using a firewall to filter traffic between "
12033
"two network segments. Another scenario is using bridge on a system with one "
12034
"interface to allow virtual machines direct access to the outside network. "
12035
"The following example covers the latter scenario."
12036
msgstr ""
12037
12038
#: serverguide/C/network-config.xml:517(para)
12039
msgid ""
12040
"Before configuring a bridge you will need to install the <application>bridge-"
12041
"utils</application> package. To install the package, in a terminal enter:"
12042
msgstr ""
12043
12044
#: serverguide/C/network-config.xml:523(command)
12045
msgid "sudo apt-get install bridge-utils"
12046
msgstr ""
12047
12048
#: serverguide/C/network-config.xml:526(para)
12049
msgid ""
12050
"Next, configure the bridge by editing "
12051
"<filename>/etc/network/interfaces</filename>:"
12052
msgstr ""
12053
12054
#: serverguide/C/network-config.xml:530(programlisting)
12055
#, no-wrap
12056
msgid ""
12057
"\n"
12058
"auto lo\n"
12059
"iface lo inet loopback\n"
12060
"\n"
12061
"auto br0\n"
12062
"iface br0 inet static\n"
12063
" address 192.168.0.10\n"
12064
" network 192.168.0.0\n"
12065
" netmask 255.255.255.0\n"
12066
" broadcast 192.168.0.255\n"
12067
" gateway 192.168.0.1\n"
12068
" bridge_ports eth0\n"
12069
" bridge_fd 9\n"
12070
" bridge_hello 2\n"
12071
" bridge_maxage 12\n"
12072
" bridge_stp off\n"
12073
msgstr ""
12074
12075
#: serverguide/C/network-config.xml:549(para)
12076
msgid "Enter the appropriate values for your physical interface and network."
12077
msgstr ""
12078
12079
#: serverguide/C/network-config.xml:554(para)
12080
msgid "Now restart networking to enable the bridge interface:"
12081
msgstr ""
12082
12083
#: serverguide/C/network-config.xml:561(para)
12084
msgid ""
12085
"The new bridge interface should now be up and running. The "
12086
"<application>brctl</application> provides useful information about the state "
12087
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12088
"<command>man brctl</command> for more information."
12089
msgstr ""
12090
12091
#: serverguide/C/network-config.xml:577(para)
12092
msgid ""
12093
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12094
"Network page</ulink> has links to articles covering more advanced network "
12095
"configuration."
12096
msgstr ""
12097
12098
#: serverguide/C/network-config.xml:583(para)
12099
msgid ""
12100
"The <ulink "
12101
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12102
"\">interfaces man page</ulink> has details on more options for "
12103
"<filename>/etc/network/interfaces</filename>."
12104
msgstr ""
12105
12106
#: serverguide/C/network-config.xml:589(para)
12107
msgid ""
12108
"The <ulink "
12109
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12110
"dhclient man page</ulink> has details on more options for configuring DHCP "
12111
"client settings."
12112
msgstr ""
12113
12114
#: serverguide/C/network-config.xml:595(para)
12115
msgid ""
12116
"For more information on DNS client configuration see the <ulink "
12117
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12118
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12119
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12120
"Administrator's Guide</ulink> is a good source of resolver and name service "
12121
"configuration information."
12122
msgstr ""
12123
12124
#: serverguide/C/network-config.xml:603(para)
12125
msgid ""
12126
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12127
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12128
"tl man page</ulink> and the Linux Foundation's <ulink "
12129
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12130
msgstr ""
12131
12132
#: serverguide/C/network-config.xml:614(title)
12133
msgid "TCP/IP"
12134
msgstr ""
12135
12136
#: serverguide/C/network-config.xml:615(para)
12137
msgid ""
12138
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12139
"standard set of protocols developed in the late 1970s by the Defense "
12140
"Advanced Research Projects Agency (DARPA) as a means of communication "
12141
"between different types of computers and computer networks. TCP/IP is the "
12142
"driving force of the Internet, and thus it is the most popular set of "
12143
"network protocols on Earth."
12144
msgstr ""
12145
12146
#: serverguide/C/network-config.xml:623(title)
12147
msgid "TCP/IP Introduction"
12148
msgstr ""
12149
12150
#: serverguide/C/network-config.xml:624(para)
12151
msgid ""
12152
"The two protocol components of TCP/IP deal with different aspects of "
12153
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12154
"TCP/IP is a connectionless protocol which deals only with network packet "
12155
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12156
"basic unit of networking information. The IP Datagram consists of a header "
12157
"followed by a message. The <emphasis> Transmission Control "
12158
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12159
"establish connections which may be used to exchange data streams. TCP also "
12160
"guarantees that the data between connections is delivered and that it "
12161
"arrives at one network host in the same order as sent from another network "
12162
"host."
12163
msgstr ""
12164
12165
#: serverguide/C/network-config.xml:637(title)
12166
msgid "TCP/IP Configuration"
12167
msgstr ""
12168
12169
#: serverguide/C/network-config.xml:638(para)
12170
msgid ""
12171
"The TCP/IP protocol configuration consists of several elements which must be "
12172
"set by editing the appropriate configuration files, or deploying solutions "
12173
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12174
"can be configured to provide the proper TCP/IP configuration settings to "
12175
"network clients automatically. These configuration values must be set "
12176
"correctly in order to facilitate the proper network operation of your Ubuntu "
12177
"system."
12178
msgstr ""
12179
12180
#: serverguide/C/network-config.xml:650(para)
12181
msgid ""
12182
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12183
"identifying string expressed as four decimal numbers ranging from zero (0) "
12184
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12185
"four numbers representing eight (8) bits of the address for a total length "
12186
"of thirty-two (32) bits for the whole address. This format is called "
12187
"<emphasis>dotted quad notation</emphasis>."
12188
msgstr ""
12189
12190
#: serverguide/C/network-config.xml:660(para)
12191
msgid ""
12192
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12193
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12194
"separate the portions of an IP address significant to the network from the "
12195
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12196
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12197
"three bytes of the IP address and allows the last byte of the IP address to "
12198
"remain available for specifying hosts on the subnetwork."
12199
msgstr ""
12200
12201
#: serverguide/C/network-config.xml:671(para)
12202
msgid ""
12203
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12204
"represents the bytes comprising the network portion of an IP address. For "
12205
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12206
"network address, where twelve (12) represents the first byte of the IP "
12207
"address, (the network part) and zeroes (0) in all of the remaining three "
12208
"bytes to represent the potential host values. A network host using the "
12209
"private IP address 192.168.1.100 would in turn use a Network Address of "
12210
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12211
"network and a zero (0) for all the possible hosts on the network."
12212
msgstr ""
12213
12214
#: serverguide/C/network-config.xml:684(para)
12215
msgid ""
12216
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12217
"is an IP address which allows network data to be sent simultaneously to all "
12218
"hosts on a given subnetwork rather than specifying a particular host. The "
12219
"standard general broadcast address for IP networks is 255.255.255.255, but "
12220
"this broadcast address cannot be used to send a broadcast message to every "
12221
"host on the Internet because routers block it. A more appropriate broadcast "
12222
"address is set to match a specific subnetwork. For example, on the private "
12223
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12224
"Broadcast messages are typically produced by network protocols such as the "
12225
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12226
msgstr ""
12227
12228
#: serverguide/C/network-config.xml:697(para)
12229
msgid ""
12230
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12231
"IP address through which a particular network, or host on a network, may be "
12232
"reached. If one network host wishes to communicate with another network "
12233
"host, and that host is not located on the same network, then a "
12234
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12235
"Address will be that of a router on the same network, which will in turn "
12236
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12237
"value of the Gateway Address setting must be correct, or your system will "
12238
"not be able to reach any hosts beyond those on the same network."
12239
msgstr ""
12240
12241
#: serverguide/C/network-config.xml:708(para)
12242
msgid ""
12243
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12244
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12245
"resolve network hostnames into IP addresses. There are three levels of "
12246
"Nameserver Addresses, which may be specified in order of precedence: The "
12247
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12248
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12249
"your system to be able to resolve network hostnames into their corresponding "
12250
"IP addresses, you must specify valid Nameserver Addresses which you are "
12251
"authorized to use in your system's TCP/IP configuration. In many cases these "
12252
"addresses can and will be provided by your network service provider, but "
12253
"many free and publicly accessible nameservers are available for use, such as "
12254
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12255
msgstr ""
12256
12257
#: serverguide/C/network-config.xml:722(para)
12258
msgid ""
12259
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12260
"Address are typically specified via the appropriate directives in the file "
12261
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12262
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12263
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12264
"system manual page for <filename>interfaces</filename> or "
12265
"<filename>resolv.conf</filename> respectively, with the following commands "
12266
"typed at a terminal prompt:"
12267
msgstr ""
12268
12269
#: serverguide/C/network-config.xml:729(para)
12270
msgid ""
12271
"Access the system manual page for <filename>interfaces</filename> with the "
12272
"following command:"
12273
msgstr ""
12274
12275
#: serverguide/C/network-config.xml:734(command)
12276
msgid "man interfaces"
12277
msgstr ""
12278
12279
#: serverguide/C/network-config.xml:737(para)
12280
msgid ""
12281
"Access the system manual page for <filename>resolv.conf</filename> with the "
12282
"following command:"
12283
msgstr ""
12284
12285
#: serverguide/C/network-config.xml:741(command)
12286
msgid "man resolv.conf"
12287
msgstr ""
12288
12289
#: serverguide/C/network-config.xml:646(para)
12290
msgid ""
12291
"The common configuration elements of TCP/IP and their purposes are as "
12292
"follows: <placeholder-1/>"
12293
msgstr ""
12294
12295
#: serverguide/C/network-config.xml:748(title)
12296
msgid "IP Routing"
12297
msgstr ""
12298
12299
#: serverguide/C/network-config.xml:749(para)
12300
msgid ""
12301
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12302
"network along which network data may be sent. Routing uses a set of "
12303
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12304
"packets from their source to the destination, often via many intermediary "
12305
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12306
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12307
"<emphasis>Dynamic Routing.</emphasis>"
12308
msgstr ""
12309
12310
#: serverguide/C/network-config.xml:758(para)
12311
msgid ""
12312
"Static routing involves manually adding IP routes to the system's routing "
12313
"table, and this is usually done by manipulating the routing table with the "
12314
"<application>route</application> command. Static routing enjoys many "
12315
"advantages over dynamic routing, such as simplicity of implementation on "
12316
"smaller networks, predictability (the routing table is always computed in "
12317
"advance, and thus the route is precisely the same each time it is used), and "
12318
"low overhead on other routers and network links due to the lack of a dynamic "
12319
"routing protocol. However, static routing does present some disadvantages as "
12320
"well. For example, static routing is limited to small networks and does not "
12321
"scale well. Static routing also fails completely to adapt to network outages "
12322
"and failures along the route due to the fixed nature of the route."
12323
msgstr ""
12324
12325
#: serverguide/C/network-config.xml:768(para)
12326
msgid ""
12327
"Dynamic routing depends on large networks with multiple possible IP routes "
12328
"from a source to a destination and makes use of special routing protocols, "
12329
"such as the Router Information Protocol (RIP), which handle the automatic "
12330
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12331
"routing has several advantages over static routing, such as superior "
12332
"scalability and the ability to adapt to failures and outages along network "
12333
"routes. Additionally, there is less manual configuration of the routing "
12334
"tables, since routers learn from one another about their existence and "
12335
"available routes. This trait also eliminates the possibility of introducing "
12336
"mistakes in the routing tables via human error. Dynamic routing is not "
12337
"perfect, however, and presents disadvantages such as heightened complexity "
12338
"and additional network overhead from router communications, which does not "
12339
"immediately benefit the end users, but still consumes network bandwidth."
12340
msgstr ""
12341
12342
#: serverguide/C/network-config.xml:782(title)
12343
msgid "TCP and UDP"
12344
msgstr ""
12345
12346
#: serverguide/C/network-config.xml:783(para)
12347
msgid ""
12348
"TCP is a connection-based protocol, offering error correction and guaranteed "
12349
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12350
"Flow control determines when the flow of a data stream needs to be stopped, "
12351
"and previously sent data packets should to be re-sent due to problems such "
12352
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12353
"accurate delivery of the data. TCP is typically used in the exchange of "
12354
"important information such as database transactions."
12355
msgstr ""
12356
12357
#: serverguide/C/network-config.xml:791(para)
12358
msgid ""
12359
"The User Datagram Protocol (UDP), on the other hand, is a "
12360
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12361
"transmission of important data because it lacks flow control or any other "
12362
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12363
"applications as audio and video streaming, where it is considerably faster "
12364
"than TCP due to the lack of error correction and flow control, and where the "
12365
"loss of a few packets is not generally catastrophic."
12366
msgstr ""
12367
12368
#: serverguide/C/network-config.xml:801(title)
12369
msgid "ICMP"
12370
msgstr ""
12371
12372
#: serverguide/C/network-config.xml:802(para)
12373
msgid ""
12374
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12375
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12376
"supports network packets containing control, error, and informational "
12377
"messages. ICMP is used by such network applications as the "
12378
"<application>ping</application> utility, which can determine the "
12379
"availability of a network host or device. Examples of some error messages "
12380
"returned by ICMP which are useful to both network hosts and devices such as "
12381
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12382
"<emphasis>Time Exceeded</emphasis>."
12383
msgstr ""
12384
12385
#: serverguide/C/network-config.xml:812(title)
12386
msgid "Daemons"
12387
msgstr ""
12388
12389
#: serverguide/C/network-config.xml:813(para)
12390
msgid ""
12391
"Daemons are special system applications which typically execute continuously "
12392
"in the background and await requests for the functions they provide from "
12393
"other applications. Many daemons are network-centric; that is, a large "
12394
"number of daemons executing in the background on an Ubuntu system may "
12395
"provide network-related functionality. Some examples of such network daemons "
12396
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12397
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12398
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12399
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12400
"Daemon</emphasis> (imapd), which provides E-Mail services."
12401
msgstr ""
12402
12403
#: serverguide/C/network-config.xml:828(para)
12404
msgid ""
12405
"There are man pages for <ulink "
12406
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12407
"ulink> and <ulink "
12408
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12409
"> that contain more useful information."
12410
msgstr ""
12411
12412
#: serverguide/C/network-config.xml:834(para)
12413
msgid ""
12414
"Also, see the <ulink "
12415
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12416
"and Technical Overview</ulink> IBM Redbook."
12417
msgstr ""
12418
12419
#: serverguide/C/network-config.xml:840(para)
12420
msgid ""
12421
"Another resource is O'Reilly's <ulink "
12422
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12423
"Administration</ulink>."
12424
msgstr ""
12425
12426
#: serverguide/C/network-config.xml:849(title)
12427
msgid "Dynamic Host Configuration Protocol (DHCP)"
12428
msgstr ""
12429
12430
#: serverguide/C/network-config.xml:850(para)
12431
msgid ""
12432
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12433
"enables host computers to be automatically assigned settings from a server "
12434
"as opposed to manually configuring each network host. Computers configured "
12435
"to be DHCP clients have no control over the settings they receive from the "
12436
"DHCP server, and the configuration is transparent to the computer's user."
12437
msgstr ""
12438
12439
#: serverguide/C/network-config.xml:857(para)
12440
msgid ""
12441
"The most common settings provided by a DHCP server to DHCP clients include:"
12442
msgstr ""
12443
12444
#: serverguide/C/network-config.xml:862(para)
12445
msgid "IP-Address and Netmask"
12446
msgstr ""
12447
12448
#: serverguide/C/network-config.xml:865(para)
12449
msgid "DNS"
12450
msgstr ""
12451
12452
#: serverguide/C/network-config.xml:868(para)
12453
msgid "WINS"
12454
msgstr ""
12455
12456
#: serverguide/C/network-config.xml:871(para)
12457
msgid ""
12458
"However, a DHCP server can also supply configuration properties such as:"
12459
msgstr ""
12460
12461
#: serverguide/C/network-config.xml:876(para)
12462
msgid "Host Name"
12463
msgstr ""
12464
12465
#: serverguide/C/network-config.xml:879(para)
12466
msgid "Domain Name"
12467
msgstr ""
12468
12469
#: serverguide/C/network-config.xml:882(para)
12470
msgid "Default Gateway"
12471
msgstr ""
12472
12473
#: serverguide/C/network-config.xml:885(para)
12474
msgid "Time Server"
12475
msgstr ""
12476
12477
#: serverguide/C/network-config.xml:888(para)
12478
msgid "Print Server"
12479
msgstr ""
12480
12481
#: serverguide/C/network-config.xml:891(para)
12482
msgid ""
12483
"The advantage of using DHCP is that changes to the network, for example a "
12484
"change in the address of the DNS server, need only be changed at the DHCP "
12485
"server, and all network hosts will be reconfigured the next time their DHCP "
12486
"clients poll the DHCP server. As an added advantage, it is also easier to "
12487
"integrate new computers into the network, as there is no need to check for "
12488
"the availability of an IP address. Conflicts in IP address allocation are "
12489
"also reduced."
12490
msgstr ""
12491
12492
#: serverguide/C/network-config.xml:899(para)
12493
msgid "A DHCP server can provide configuration settings using two methods:"
12494
msgstr ""
12495
12496
#: serverguide/C/network-config.xml:904(term)
12497
msgid "MAC Address"
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:906(para)
12501
msgid ""
12502
"This method entails using DHCP to identify the unique hardware address of "
12503
"each network card connected to the network and then continually supplying a "
12504
"constant configuration each time the DHCP client makes a request to the DHCP "
12505
"server using that network device."
12506
msgstr ""
12507
12508
#: serverguide/C/network-config.xml:915(term)
12509
msgid "Address Pool"
12510
msgstr ""
12511
12512
#: serverguide/C/network-config.xml:917(para)
12513
msgid ""
12514
"This method entails defining a pool (sometimes also called a range or scope) "
12515
"of IP addresses from which DHCP clients are supplied their configuration "
12516
"properties dynamically and on a \"first come, first served\" basis. When a "
12517
"DHCP client is no longer on the network for a specified period, the "
12518
"configuration is expired and released back to the address pool for use by "
12519
"other DHCP Clients."
12520
msgstr ""
12521
12522
#: serverguide/C/network-config.xml:928(para)
12523
msgid ""
12524
"Ubuntu is shipped with both DHCP server and client. The server is "
12525
"<application>dhcpd</application> (dynamic host configuration protocol "
12526
"daemon). The client provided with Ubuntu is "
12527
"<application>dhclient</application> and should be installed on all computers "
12528
"required to be automatically configured. Both programs are easy to install "
12529
"and configure and will be automatically started at system boot."
12530
msgstr ""
12531
12532
#: serverguide/C/network-config.xml:938(para)
12533
msgid ""
12534
"At a terminal prompt, enter the following command to install "
12535
"<application>dhcpd</application>:"
12536
msgstr ""
12537
12538
#: serverguide/C/network-config.xml:943(command)
12539
msgid "sudo apt-get install dhcp3-server"
12540
msgstr ""
12541
12542
#: serverguide/C/network-config.xml:945(para)
12543
msgid ""
12544
"You will probably need to change the default configuration by editing "
12545
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12546
msgstr ""
12547
12548
#: serverguide/C/network-config.xml:949(para)
12549
msgid ""
12550
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12551
"dhcpd should listen to. By default it listens to eth0."
12552
msgstr ""
12553
12554
#: serverguide/C/network-config.xml:953(para)
12555
msgid ""
12556
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12557
"messages."
12558
msgstr ""
12559
12560
#: serverguide/C/network-config.xml:960(para)
12561
msgid ""
12562
"The error message the installation ends with might be a little confusing, "
12563
"but the following steps will help you configure the service:"
12564
msgstr ""
12565
12566
#: serverguide/C/network-config.xml:964(para)
12567
msgid ""
12568
"Most commonly, what you want to do is assign an IP address randomly. This "
12569
"can be done with settings as follows:"
12570
msgstr ""
12571
12572
#: serverguide/C/network-config.xml:968(programlisting)
12573
#, no-wrap
12574
msgid ""
12575
"\n"
12576
"# Sample /etc/dhcpd.conf\n"
12577
"# (add your comments here) \n"
12578
"default-lease-time 600;\n"
12579
"max-lease-time 7200;\n"
12580
"option subnet-mask 255.255.255.0;\n"
12581
"option broadcast-address 192.168.1.255;\n"
12582
"option routers 192.168.1.254;\n"
12583
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12584
"option domain-name \"mydomain.example\";\n"
12585
"\n"
12586
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12587
"range 192.168.1.10 192.168.1.100;\n"
12588
"range 192.168.1.150 192.168.1.200;\n"
12589
"} \n"
12590
msgstr ""
12591
12592
#: serverguide/C/network-config.xml:984(para)
12593
msgid ""
12594
"This will result in the DHCP server giving a client an IP address from the "
12595
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12596
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12597
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12598
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12599
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12600
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12601
msgstr ""
12602
12603
#: serverguide/C/network-config.xml:993(para)
12604
msgid ""
12605
"If you need to specify a WINS server for your Windows clients, you will need "
12606
"to include the netbios-name-servers option, e.g."
12607
msgstr ""
12608
12609
#: serverguide/C/network-config.xml:997(programlisting)
12610
#, no-wrap
12611
msgid ""
12612
"\n"
12613
"option netbios-name-servers 192.168.1.1; \n"
12614
msgstr ""
12615
12616
#: serverguide/C/network-config.xml:1000(para)
12617
msgid ""
12618
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12619
"be found <ulink "
12620
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12621
msgstr ""
12622
12623
#: serverguide/C/network-config.xml:1010(para)
12624
msgid ""
12625
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12626
"server Ubuntu Wiki</ulink> page has more information."
12627
msgstr ""
12628
12629
#: serverguide/C/network-config.xml:1015(para)
12630
msgid ""
12631
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12632
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12633
"\">dhcpd.conf man page</ulink>."
12634
msgstr ""
12635
12636
#: serverguide/C/network-config.xml:1021(para)
12637
msgid ""
12638
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12639
"FAQ</ulink>"
12640
msgstr ""
12641
12642
#: serverguide/C/network-config.xml:1031(title)
12643
msgid "Time Synchronisation with NTP"
12644
msgstr ""
12645
12646
#: serverguide/C/network-config.xml:1032(para)
12647
msgid ""
12648
"This page describes methods for keeping your computer's time accurate. This "
12649
"is useful for servers, but is not necessary (or desirable) for desktop "
12650
"machines."
12651
msgstr ""
12652
12653
#: serverguide/C/network-config.xml:1035(para)
12654
msgid ""
12655
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12656
"client requests the current time from a server, and uses it to set its own "
12657
"clock."
12658
msgstr ""
12659
12660
#: serverguide/C/network-config.xml:1038(para)
12661
msgid ""
12662
"Behind this simple description, there is a lot of complexity - there are "
12663
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12664
"clocks (often via GPS), and tier two and three servers spreading the load of "
12665
"actually handling requests across the Internet. Also the client software is "
12666
"a lot more complex than you might think - it has to factor out communication "
12667
"delays, and adjust the time in a way that does not upset all the other "
12668
"processes that run on the server. But luckily all that complexity is hidden "
12669
"from you!"
12670
msgstr ""
12671
12672
#: serverguide/C/network-config.xml:1041(para)
12673
msgid ""
12674
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12675
msgstr ""
12676
12677
#: serverguide/C/network-config.xml:1046(title)
12678
msgid "ntpdate"
12679
msgstr ""
12680
12681
#: serverguide/C/network-config.xml:1047(para)
12682
msgid ""
12683
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12684
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12685
"is likely to drift considerably between reboots, so it makes sense to "
12686
"correct the time occasionally. The easiest way to do this is to get cron to "
12687
"run ntpdate every day. With your favorite editor, as root, create a file "
12688
"<code>/etc/cron.daily/ntpdate</code> containing:"
12689
msgstr ""
12690
12691
#: serverguide/C/network-config.xml:1052(screen)
12692
#, no-wrap
12693
msgid "ntpdate ntp.ubuntu.com\n"
12694
msgstr ""
12695
12696
#: serverguide/C/network-config.xml:1054(para)
12697
msgid ""
12698
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12699
msgstr ""
12700
12701
#: serverguide/C/network-config.xml:1057(screen)
12702
#, no-wrap
12703
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12704
msgstr ""
12705
12706
#: serverguide/C/network-config.xml:1061(title)
12707
msgid "ntpd"
12708
msgstr ""
12709
12710
#: serverguide/C/network-config.xml:1062(para)
12711
msgid ""
12712
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12713
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12714
"calculates the drift of your system clock and continuously adjusts it, so "
12715
"there are no large corrections that could lead to inconsistent logs for "
12716
"instance. The cost is a little processing power and memory, but for a modern "
12717
"server this is negligible."
12718
msgstr ""
12719
12720
#: serverguide/C/network-config.xml:1065(para)
12721
msgid "To set up ntpd:"
12722
msgstr ""
12723
12724
#: serverguide/C/network-config.xml:1066(screen)
12725
#, no-wrap
12726
msgid "sudo apt-get install ntp\n"
12727
msgstr ""
12728
12729
#: serverguide/C/network-config.xml:1071(title)
12730
msgid "Changing Time Servers"
12731
msgstr ""
12732
12733
#: serverguide/C/network-config.xml:1072(para)
12734
msgid ""
12735
"In both cases above, your system will use Ubuntu's NTP server at "
12736
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12737
"use several servers to increase accuracy and resilience, and you may want to "
12738
"use time servers that are geographically closer to you. to do this for "
12739
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12740
msgstr ""
12741
12742
#: serverguide/C/network-config.xml:1079(screen)
12743
#, no-wrap
12744
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12745
msgstr ""
12746
12747
#: serverguide/C/network-config.xml:1081(para)
12748
msgid ""
12749
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12750
"lines:"
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:1086(screen)
12754
#, no-wrap
12755
msgid ""
12756
"server ntp.ubuntu.com\n"
12757
"server pool.ntp.org\n"
12758
msgstr ""
12759
12760
#: serverguide/C/network-config.xml:1089(para)
12761
msgid ""
12762
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12763
"really good idea which uses round-robin DNS to return an NTP server from a "
12764
"pool, spreading the load between several different servers. Even better, "
12765
"they have pools for different regions - for instance, if you are in New "
12766
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12767
"<code>pool.ntp.org</code> . Look at <ulink "
12768
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12769
"details."
12770
msgstr ""
12771
12772
#: serverguide/C/network-config.xml:1100(para)
12773
msgid ""
12774
"You can also Google for NTP servers in your region, and add these to your "
12775
"configuration. To test that a server works, just type <code>sudo ntpdate "
12776
"ntp.server.name</code> and see what happens."
12777
msgstr ""
12778
12779
#: serverguide/C/network-config.xml:1111(para)
12780
msgid ""
12781
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12782
"Time</ulink> wiki page for more information."
12783
msgstr ""
12784
12785
#: serverguide/C/network-config.xml:1117(ulink)
12786
msgid "NTP Support"
12787
msgstr ""
12788
12789
#: serverguide/C/network-config.xml:1122(ulink)
12790
msgid "The NTP FAQ and HOWTO"
12791
msgstr ""
12792
12793
#: serverguide/C/network-auth.xml:13(title)
12794
msgid "Network Authentication"
12795
msgstr ""
12796
12797
#: serverguide/C/network-auth.xml:15(para)
12798
msgid "This section explains various Network Authentication protocols."
12799
msgstr ""
12800
12801
#: serverguide/C/network-auth.xml:19(title)
12802
msgid "OpenLDAP Server"
12803
msgstr ""
12804
12805
#: serverguide/C/network-auth.xml:20(para)
12806
msgid ""
12807
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12808
"simplified version of the X.500 protocol. The directory setup in this "
12809
"section will be used for authentication. Nevertheless, LDAP can be used in "
12810
"numerous ways: authentication, shared directory (for mail clients), address "
12811
"book, etc."
12812
msgstr ""
12813
12814
#: serverguide/C/network-auth.xml:28(para)
12815
msgid ""
12816
"To describe LDAP quickly, all information is stored in a tree structure. "
12817
"With <application>OpenLDAP</application> you have freedom to determine the "
12818
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12819
"We will begin with a basic tree containing two nodes below the root:"
12820
msgstr ""
12821
12822
#: serverguide/C/network-auth.xml:37(para)
12823
msgid "\"People\" node where your users will be stored"
12824
msgstr ""
12825
12826
#: serverguide/C/network-auth.xml:40(para)
12827
msgid "\"Groups\" node where your groups will be stored"
12828
msgstr ""
12829
12830
#: serverguide/C/network-auth.xml:44(para)
12831
msgid ""
12832
"Before beginning, you should determine what the root of your LDAP directory "
12833
"will be. By default, your tree will be determined by your Fully Qualified "
12834
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12835
"example), your root node will be dc=example,dc=com."
12836
msgstr ""
12837
12838
#: serverguide/C/network-auth.xml:54(para)
12839
msgid ""
12840
"First, install the <application>OpenLDAP</application> server daemon "
12841
"<application>slapd</application> and <application>ldap-utils</application>, "
12842
"a package containing LDAP management utilities:"
12843
msgstr ""
12844
12845
#: serverguide/C/network-auth.xml:60(command)
12846
msgid "sudo apt-get install slapd ldap-utils"
12847
msgstr ""
12848
12849
#: serverguide/C/network-auth.xml:63(para)
12850
msgid ""
12851
"By default <application>slapd</application> is configured with minimal "
12852
"options needed to run the <application>slapd</application> daemon."
12853
msgstr ""
12854
12855
#: serverguide/C/network-auth.xml:68(para)
12856
msgid ""
12857
"The configuration example in the following sections will match the domain "
12858
"name of the server. For example, if the machine's Fully Qualified Domain "
12859
"Name (FQDN) is ldap.example.com, the default suffix will be "
12860
"<emphasis>dc=example,dc=com</emphasis>."
12861
msgstr ""
12862
12863
#: serverguide/C/network-auth.xml:76(title)
12864
msgid "Populating LDAP"
12865
msgstr ""
12866
12867
#: serverguide/C/network-auth.xml:78(para)
12868
msgid ""
12869
"<application>OpenLDAP</application> uses a separate directory which contains "
12870
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12871
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12872
"<application>slapd</application> daemon, allowing the modification of schema "
12873
"definitions, indexes, ACLs, etc without stopping the service."
12874
msgstr ""
12875
12876
#: serverguide/C/network-auth.xml:86(para)
12877
msgid ""
12878
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12879
"configuration and will need additional configuration options in order to "
12880
"populate the frontend directory. The frontend will be populated with a "
12881
"\"classical\" scheme that will be compatible with address book applications "
12882
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12883
"various applications, such as web applications, email Mail Transfer Agent "
12884
"(MTA) applications, etc."
12885
msgstr ""
12886
12887
#: serverguide/C/network-auth.xml:95(para)
12888
msgid ""
12889
"For external applications to authenticate using LDAP they will each need to "
12890
"be specifically configured to do so. Refer to the individual application "
12891
"documentation for details."
12892
msgstr ""
12893
12894
#: serverguide/C/network-auth.xml:103(para)
12895
msgid ""
12896
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12897
"examples to match your LDAP configuration."
12898
msgstr ""
12899
12900
#: serverguide/C/network-auth.xml:108(para)
12901
msgid ""
12902
"First, some additional schema files need to be loaded. In a terminal enter:"
12903
msgstr ""
12904
12905
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12906
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12907
msgstr ""
12908
12909
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12910
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
12911
msgstr ""
12912
12913
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
12914
msgid ""
12915
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
12916
msgstr ""
12917
12918
#: serverguide/C/network-auth.xml:118(para)
12919
msgid ""
12920
"Next, copy the following example LDIF file, naming it "
12921
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
12922
msgstr ""
12923
12924
#: serverguide/C/network-auth.xml:123(programlisting)
12925
#, no-wrap
12926
msgid ""
12927
"\n"
12928
"# Load dynamic backend modules\n"
12929
"dn: cn=module,cn=config\n"
12930
"objectClass: olcModuleList\n"
12931
"cn: module\n"
12932
"olcModulepath: /usr/lib/ldap\n"
12933
"olcModuleload: back_hdb\n"
12934
"\n"
12935
"# Database settings\n"
12936
"dn: olcDatabase=hdb,cn=config\n"
12937
"objectClass: olcDatabaseConfig\n"
12938
"objectClass: olcHdbConfig\n"
12939
"olcDatabase: {1}hdb\n"
12940
"olcSuffix: dc=example,dc=com\n"
12941
"olcDbDirectory: /var/lib/ldap\n"
12942
"olcRootDN: cn=admin,dc=example,dc=com\n"
12943
"olcRootPW: secret\n"
12944
"olcDbConfig: set_cachesize 0 2097152 0\n"
12945
"olcDbConfig: set_lk_max_objects 1500\n"
12946
"olcDbConfig: set_lk_max_locks 1500\n"
12947
"olcDbConfig: set_lk_max_lockers 1500\n"
12948
"olcDbIndex: objectClass eq\n"
12949
"olcLastMod: TRUE\n"
12950
"olcDbCheckpoint: 512 30\n"
12951
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
12952
"by anonymous auth by self write by * none\n"
12953
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
12954
"olcAccess: to dn.base=\"\" by * read\n"
12955
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12956
"\n"
12957
msgstr ""
12958
12959
#: serverguide/C/network-auth.xml:155(para)
12960
msgid ""
12961
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
12962
msgstr ""
12963
12964
#: serverguide/C/network-auth.xml:160(para)
12965
msgid "Now add the LDIF to the directory:"
12966
msgstr ""
12967
12968
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
12969
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
12970
msgstr ""
12971
12972
#: serverguide/C/network-auth.xml:168(para)
12973
msgid ""
12974
"The frontend directory is now ready to be populated. Create a "
12975
"<filename>frontend.example.com.ldif</filename> with the following contents:"
12976
msgstr ""
12977
12978
#: serverguide/C/network-auth.xml:173(programlisting)
12979
#, no-wrap
12980
msgid ""
12981
"\n"
12982
"# Create top-level object in domain\n"
12983
"dn: dc=example,dc=com\n"
12984
"objectClass: top\n"
12985
"objectClass: dcObject\n"
12986
"objectclass: organization\n"
12987
"o: Example Organization\n"
12988
"dc: Example\n"
12989
"description: LDAP Example \n"
12990
"\n"
12991
"# Admin user.\n"
12992
"dn: cn=admin,dc=example,dc=com\n"
12993
"objectClass: simpleSecurityObject\n"
12994
"objectClass: organizationalRole\n"
12995
"cn: admin\n"
12996
"description: LDAP administrator\n"
12997
"userPassword: secret\n"
12998
"\n"
12999
"dn: ou=people,dc=example,dc=com\n"
13000
"objectClass: organizationalUnit\n"
13001
"ou: people\n"
13002
"\n"
13003
"dn: ou=groups,dc=example,dc=com\n"
13004
"objectClass: organizationalUnit\n"
13005
"ou: groups\n"
13006
"\n"
13007
"dn: uid=john,ou=people,dc=example,dc=com\n"
13008
"objectClass: inetOrgPerson\n"
13009
"objectClass: posixAccount\n"
13010
"objectClass: shadowAccount\n"
13011
"uid: john\n"
13012
"sn: Doe\n"
13013
"givenName: John\n"
13014
"cn: John Doe\n"
13015
"displayName: John Doe\n"
13016
"uidNumber: 1000\n"
13017
"gidNumber: 10000\n"
13018
"userPassword: password\n"
13019
"gecos: John Doe\n"
13020
"loginShell: /bin/bash\n"
13021
"homeDirectory: /home/john\n"
13022
"shadowExpire: -1\n"
13023
"shadowFlag: 0\n"
13024
"shadowWarning: 7\n"
13025
"shadowMin: 8\n"
13026
"shadowMax: 999999\n"
13027
"shadowLastChange: 10877\n"
13028
"mail: john.doe@example.com\n"
13029
"postalCode: 31000\n"
13030
"l: Toulouse\n"
13031
"o: Example\n"
13032
"mobile: +33 (0)6 xx xx xx xx\n"
13033
"homePhone: +33 (0)5 xx xx xx xx\n"
13034
"title: System Administrator\n"
13035
"postalAddress: \n"
13036
"initials: JD\n"
13037
"\n"
13038
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13039
"objectClass: posixGroup\n"
13040
"cn: example\n"
13041
"gidNumber: 10000\n"
13042
msgstr ""
13043
13044
#: serverguide/C/network-auth.xml:236(para)
13045
msgid ""
13046
"In this example the directory structure, a user, and a group have been "
13047
"setup. In other examples you might see the <emphasis>objectClass: "
13048
"top</emphasis> added in every entry, but that is the default behaviour so "
13049
"you do not have to add it explicitly."
13050
msgstr ""
13051
13052
#: serverguide/C/network-auth.xml:243(para)
13053
msgid "Add the entries to the LDAP directory:"
13054
msgstr ""
13055
13056
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13057
msgid ""
13058
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13059
msgstr ""
13060
13061
#: serverguide/C/network-auth.xml:252(para)
13062
msgid ""
13063
"We can check that the content has been correctly added with the "
13064
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13065
"directory:"
13066
msgstr ""
13067
13068
#: serverguide/C/network-auth.xml:258(command)
13069
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13070
msgstr ""
13071
13072
#: serverguide/C/network-auth.xml:259(computeroutput)
13073
#, no-wrap
13074
msgid ""
13075
"\n"
13076
"dn: uid=john,ou=people,dc=example,dc=com\n"
13077
"cn: John Doe\n"
13078
"sn: Doe\n"
13079
"givenName: John\n"
13080
msgstr ""
13081
13082
#: serverguide/C/network-auth.xml:267(para)
13083
msgid "Just a quick explanation:"
13084
msgstr ""
13085
13086
#: serverguide/C/network-auth.xml:273(para)
13087
msgid ""
13088
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13089
"the default."
13090
msgstr ""
13091
13092
#: serverguide/C/network-auth.xml:279(para)
13093
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13094
msgstr ""
13095
13096
#: serverguide/C/network-auth.xml:287(title)
13097
msgid "Further Configuration"
13098
msgstr ""
13099
13100
#: serverguide/C/network-auth.xml:290(para)
13101
msgid ""
13102
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13103
"utilities in the <application>ldap-utils</application> package. For example:"
13104
msgstr ""
13105
13106
#: serverguide/C/network-auth.xml:298(para)
13107
msgid ""
13108
"Use <application>ldapsearch</application> to view the tree, entering the "
13109
"admin password set during installation or reconfiguration:"
13110
msgstr ""
13111
13112
#: serverguide/C/network-auth.xml:304(command)
13113
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13114
msgstr ""
13115
13116
#: serverguide/C/network-auth.xml:308(computeroutput)
13117
#, no-wrap
13118
msgid ""
13119
"\n"
13120
"SASL/EXTERNAL authentication started\n"
13121
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13122
"SASL SSF: 0\n"
13123
"dn: cn=config\n"
13124
"\n"
13125
"dn: cn=module{0},cn=config\n"
13126
"\n"
13127
"dn: cn=schema,cn=config\n"
13128
"\n"
13129
"dn: cn={0}core,cn=schema,cn=config\n"
13130
"\n"
13131
"dn: cn={1}cosine,cn=schema,cn=config\n"
13132
"\n"
13133
"dn: cn={2}nis,cn=schema,cn=config\n"
13134
"\n"
13135
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13136
"\n"
13137
"dn: olcDatabase={-1}frontend,cn=config\n"
13138
"\n"
13139
"dn: olcDatabase={0}config,cn=config\n"
13140
"\n"
13141
"dn: olcDatabase={1}hdb,cn=config\n"
13142
msgstr ""
13143
13144
#: serverguide/C/network-auth.xml:334(para)
13145
msgid ""
13146
"The output above is the current configuration options for the "
13147
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13148
msgstr ""
13149
13150
#: serverguide/C/network-auth.xml:342(para)
13151
msgid ""
13152
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13153
"another attribute to the index list using "
13154
"<application>ldapmodify</application>:"
13155
msgstr ""
13156
13157
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13158
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13159
msgstr ""
13160
13161
#: serverguide/C/network-auth.xml:356(userinput)
13162
#, no-wrap
13163
msgid ""
13164
"dn: olcDatabase={1}hdb,cn=config\n"
13165
"add: olcDbIndex\n"
13166
"olcDbIndex: uidNumber eq"
13167
msgstr ""
13168
13169
#: serverguide/C/network-auth.xml:352(computeroutput)
13170
#, no-wrap
13171
msgid ""
13172
"\n"
13173
"SASL/EXTERNAL authentication started\n"
13174
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13175
"SASL SSF: 0\n"
13176
"<placeholder-1/>\n"
13177
"\n"
13178
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13179
msgstr ""
13180
13181
#: serverguide/C/network-auth.xml:364(para)
13182
msgid ""
13183
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13184
"exit the utility."
13185
msgstr ""
13186
13187
#: serverguide/C/network-auth.xml:371(para)
13188
msgid ""
13189
"<application>ldapmodify</application> can also read the changes from a file. "
13190
"Copy and paste the following into a file named "
13191
"<filename>uid_index.ldif</filename>:"
13192
msgstr ""
13193
13194
#: serverguide/C/network-auth.xml:376(programlisting)
13195
#, no-wrap
13196
msgid ""
13197
"\n"
13198
"dn: olcDatabase={1}hdb,cn=config\n"
13199
"add: olcDbIndex\n"
13200
"olcDbIndex: uid eq,pres,sub\n"
13201
msgstr ""
13202
13203
#: serverguide/C/network-auth.xml:382(para)
13204
msgid "Then execute <application>ldapmodify</application>:"
13205
msgstr ""
13206
13207
#: serverguide/C/network-auth.xml:387(command)
13208
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13209
msgstr ""
13210
13211
#: serverguide/C/network-auth.xml:391(computeroutput)
13212
#, no-wrap
13213
msgid ""
13214
"\n"
13215
"SASL/EXTERNAL authentication started\n"
13216
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13217
"SASL SSF: 0\n"
13218
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13219
msgstr ""
13220
13221
#: serverguide/C/network-auth.xml:399(para)
13222
msgid "The file method is very useful for large changes."
13223
msgstr ""
13224
13225
#: serverguide/C/network-auth.xml:406(para)
13226
msgid ""
13227
"Adding additional <emphasis>schemas</emphasis> to "
13228
"<application>slapd</application> requires the schema to be converted to LDIF "
13229
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13230
"directory contains some schema files already converted to LDIF format as "
13231
"demonstrated in the previous section. Fortunately, the "
13232
"<application>slapd</application> program can be used to automate the "
13233
"conversion. The following example will add the "
13234
"<emphasis>dyngroup.schema</emphasis>:"
13235
msgstr ""
13236
13237
#: serverguide/C/network-auth.xml:416(para)
13238
msgid ""
13239
"First, create a conversion <filename>schema_convert.conf</filename> file "
13240
"containing the following lines:"
13241
msgstr ""
13242
13243
#: serverguide/C/network-auth.xml:421(programlisting)
13244
#, no-wrap
13245
msgid ""
13246
"\n"
13247
"include /etc/ldap/schema/core.schema\n"
13248
"include /etc/ldap/schema/collective.schema\n"
13249
"include /etc/ldap/schema/corba.schema\n"
13250
"include /etc/ldap/schema/cosine.schema\n"
13251
"include /etc/ldap/schema/duaconf.schema\n"
13252
"include /etc/ldap/schema/dyngroup.schema\n"
13253
"include /etc/ldap/schema/inetorgperson.schema\n"
13254
"include /etc/ldap/schema/java.schema\n"
13255
"include /etc/ldap/schema/misc.schema\n"
13256
"include /etc/ldap/schema/nis.schema\n"
13257
"include /etc/ldap/schema/openldap.schema\n"
13258
"include /etc/ldap/schema/ppolicy.schema\n"
13259
msgstr ""
13260
13261
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13262
msgid "Next, create a temporary directory to hold the output:"
13263
msgstr ""
13264
13265
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13266
msgid "mkdir /tmp/ldif_output"
13267
msgstr ""
13268
13269
#: serverguide/C/network-auth.xml:450(para)
13270
msgid ""
13271
"Now using <application>slapcat</application> convert the schema files to "
13272
"LDIF:"
13273
msgstr ""
13274
13275
#: serverguide/C/network-auth.xml:455(command)
13276
msgid ""
13277
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13278
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13279
msgstr ""
13280
13281
#: serverguide/C/network-auth.xml:458(para)
13282
msgid ""
13283
"Adjust the configuration file name and temporary directory names if yours "
13284
"are different. Also, it may be worthwhile to keep the "
13285
"<filename>ldif_output</filename> directory around in case you want to add "
13286
"additional schemas in the future."
13287
msgstr ""
13288
13289
#: serverguide/C/network-auth.xml:467(para)
13290
msgid ""
13291
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13292
"following attributes:"
13293
msgstr ""
13294
13295
#: serverguide/C/network-auth.xml:471(programlisting)
13296
#, no-wrap
13297
msgid ""
13298
"\n"
13299
"dn: cn=dyngroup,cn=schema,cn=config\n"
13300
"...\n"
13301
"cn: dyngroup\n"
13302
msgstr ""
13303
13304
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13305
msgid "And remove the following lines from the bottom of the file:"
13306
msgstr ""
13307
13308
#: serverguide/C/network-auth.xml:481(programlisting)
13309
#, no-wrap
13310
msgid ""
13311
"\n"
13312
"structuralObjectClass: olcSchemaConfig\n"
13313
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13314
"creatorsName: cn=config\n"
13315
"createTimestamp: 20080826021140Z\n"
13316
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13317
"modifiersName: cn=config\n"
13318
"modifyTimestamp: 20080826021140Z\n"
13319
msgstr ""
13320
13321
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13322
msgid ""
13323
"The attribute values will vary, just be sure the attributes are removed."
13324
msgstr ""
13325
13326
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13327
msgid ""
13328
"Finally, using the <application>ldapadd</application> utility, add the new "
13329
"schema to the directory:"
13330
msgstr ""
13331
13332
#: serverguide/C/network-auth.xml:506(command)
13333
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13334
msgstr ""
13335
13336
#: serverguide/C/network-auth.xml:512(para)
13337
msgid ""
13338
"There should now be a <emphasis>dn: "
13339
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13340
msgstr ""
13341
13342
#: serverguide/C/network-auth.xml:522(title)
13343
msgid "LDAP Replication"
13344
msgstr ""
13345
13346
#: serverguide/C/network-auth.xml:524(para)
13347
msgid ""
13348
"LDAP often quickly becomes a highly critical service to the network. "
13349
"Multiple systems will come to depend on LDAP for authentication, "
13350
"authorization, configuration, etc. It is a good idea to setup a redundant "
13351
"system through replication."
13352
msgstr ""
13353
13354
#: serverguide/C/network-auth.xml:530(para)
13355
msgid ""
13356
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13357
"Syncrepl allows the changes to be synced using a "
13358
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13359
"provider sends directory changes to consumers."
13360
msgstr ""
13361
13362
#: serverguide/C/network-auth.xml:537(title)
13363
msgid "Provider Configuration"
13364
msgstr ""
13365
13366
#: serverguide/C/network-auth.xml:539(para)
13367
msgid ""
13368
"The following is an example of a <emphasis>Single-Master</emphasis> "
13369
"configuration. In this configuration one OpenLDAP server is configured as a "
13370
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13371
msgstr ""
13372
13373
#: serverguide/C/network-auth.xml:547(para)
13374
msgid ""
13375
"First, configure the provider server. Copy the following to a file named "
13376
"<filename>provider_sync.ldif</filename>:"
13377
msgstr ""
13378
13379
#: serverguide/C/network-auth.xml:552(programlisting)
13380
#, no-wrap
13381
msgid ""
13382
"\n"
13383
"# Add indexes to the frontend db.\n"
13384
"dn: olcDatabase={1}hdb,cn=config\n"
13385
"changetype: modify\n"
13386
"add: olcDbIndex\n"
13387
"olcDbIndex: entryCSN eq\n"
13388
"-\n"
13389
"add: olcDbIndex\n"
13390
"olcDbIndex: entryUUID eq\n"
13391
"\n"
13392
"#Load the syncprov and accesslog modules.\n"
13393
"dn: cn=module{0},cn=config\n"
13394
"changetype: modify\n"
13395
"add: olcModuleLoad\n"
13396
"olcModuleLoad: syncprov\n"
13397
"-\n"
13398
"add: olcModuleLoad\n"
13399
"olcModuleLoad: accesslog\n"
13400
"\n"
13401
"# Accesslog database definitions\n"
13402
"dn: olcDatabase={2}hdb,cn=config\n"
13403
"objectClass: olcDatabaseConfig\n"
13404
"objectClass: olcHdbConfig\n"
13405
"olcDatabase: {2}hdb\n"
13406
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13407
"olcSuffix: cn=accesslog\n"
13408
"olcRootDN: cn=admin,dc=example,dc=com\n"
13409
"olcDbIndex: default eq\n"
13410
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13411
"\n"
13412
"# Accesslog db syncprov.\n"
13413
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13414
"changetype: add\n"
13415
"objectClass: olcOverlayConfig\n"
13416
"objectClass: olcSyncProvConfig\n"
13417
"olcOverlay: syncprov\n"
13418
"olcSpNoPresent: TRUE\n"
13419
"olcSpReloadHint: TRUE\n"
13420
"\n"
13421
"# syncrepl Provider for primary db\n"
13422
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13423
"changetype: add\n"
13424
"objectClass: olcOverlayConfig\n"
13425
"objectClass: olcSyncProvConfig\n"
13426
"olcOverlay: syncprov\n"
13427
"olcSpNoPresent: TRUE\n"
13428
"\n"
13429
"# accesslog overlay definitions for primary db\n"
13430
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13431
"objectClass: olcOverlayConfig\n"
13432
"objectClass: olcAccessLogConfig\n"
13433
"olcOverlay: accesslog\n"
13434
"olcAccessLogDB: cn=accesslog\n"
13435
"olcAccessLogOps: writes\n"
13436
"olcAccessLogSuccess: TRUE\n"
13437
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13438
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13439
msgstr ""
13440
13441
#: serverguide/C/network-auth.xml:614(para)
13442
msgid ""
13443
"The <application>AppArmor</application> profile for "
13444
"<application>slapd</application> will need to be adjusted for the accesslog "
13445
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13446
"adding:"
13447
msgstr ""
13448
13449
#: serverguide/C/network-auth.xml:619(programlisting)
13450
#, no-wrap
13451
msgid ""
13452
"\n"
13453
" /var/lib/ldap/accesslog/ r,\n"
13454
" /var/lib/ldap/accesslog/** rwk,\n"
13455
msgstr ""
13456
13457
#: serverguide/C/network-auth.xml:624(para)
13458
msgid ""
13459
"Then create the directory, reload the <application>apparmor</application> "
13460
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13461
msgstr ""
13462
13463
#: serverguide/C/network-auth.xml:630(command)
13464
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13465
msgstr ""
13466
13467
#: serverguide/C/network-auth.xml:631(command)
13468
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13469
msgstr ""
13470
13471
#: serverguide/C/network-auth.xml:636(para)
13472
msgid ""
13473
"Using the <emphasis>-u openldap</emphasis> option with the "
13474
"<application>sudo</application> commands above removes the need to adjust "
13475
"permissions for the new directory later."
13476
msgstr ""
13477
13478
#: serverguide/C/network-auth.xml:645(para)
13479
msgid ""
13480
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13481
"directory:"
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:649(programlisting)
13485
#, no-wrap
13486
msgid ""
13487
"\n"
13488
"olcRootDN: cn=admin,dc=example,dc=com\n"
13489
msgstr ""
13490
13491
#: serverguide/C/network-auth.xml:657(para)
13492
msgid ""
13493
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13494
msgstr ""
13495
13496
#: serverguide/C/network-auth.xml:662(command)
13497
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13498
msgstr ""
13499
13500
#: serverguide/C/network-auth.xml:669(para)
13501
msgid "Restart <application>slapd</application>:"
13502
msgstr ""
13503
13504
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13505
msgid "sudo /etc/init.d/slapd restart"
13506
msgstr ""
13507
13508
#: serverguide/C/network-auth.xml:680(para)
13509
msgid ""
13510
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13511
"to configure a <emphasis>Consumer</emphasis> server."
13512
msgstr ""
13513
13514
#: serverguide/C/network-auth.xml:687(title)
13515
msgid "Consumer Configuration"
13516
msgstr ""
13517
13518
#: serverguide/C/network-auth.xml:692(para)
13519
msgid ""
13520
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13521
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13522
"configuration steps."
13523
msgstr ""
13524
13525
#: serverguide/C/network-auth.xml:697(para)
13526
msgid "Add the additional schema files:"
13527
msgstr ""
13528
13529
#: serverguide/C/network-auth.xml:707(para)
13530
msgid ""
13531
"Also, create, or copy from the provider server, the "
13532
"<filename>backend.example.com.ldif</filename>"
13533
msgstr ""
13534
13535
#: serverguide/C/network-auth.xml:711(programlisting)
13536
#, no-wrap
13537
msgid ""
13538
"\n"
13539
"# Load dynamic backend modules\n"
13540
"dn: cn=module,cn=config\n"
13541
"objectClass: olcModuleList\n"
13542
"cn: module\n"
13543
"olcModulepath: /usr/lib/ldap\n"
13544
"olcModuleload: back_hdb\n"
13545
"\n"
13546
"# Database settings\n"
13547
"dn: olcDatabase=hdb,cn=config\n"
13548
"objectClass: olcDatabaseConfig\n"
13549
"objectClass: olcHdbConfig\n"
13550
"olcDatabase: {1}hdb\n"
13551
"olcSuffix: dc=example,dc=com\n"
13552
"olcDbDirectory: /var/lib/ldap\n"
13553
"olcRootDN: cn=admin,dc=example,dc=com\n"
13554
"olcRootPW: secret\n"
13555
"olcDbConfig: set_cachesize 0 2097152 0\n"
13556
"olcDbConfig: set_lk_max_objects 1500\n"
13557
"olcDbConfig: set_lk_max_locks 1500\n"
13558
"olcDbConfig: set_lk_max_lockers 1500\n"
13559
"olcDbIndex: objectClass eq\n"
13560
"olcLastMod: TRUE\n"
13561
"olcDbCheckpoint: 512 30\n"
13562
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13563
"by anonymous auth by self write by * none\n"
13564
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13565
"olcAccess: to dn.base=\"\" by * read\n"
13566
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13567
msgstr ""
13568
13569
#: serverguide/C/network-auth.xml:741(para)
13570
msgid "And add the LDIF by entering:"
13571
msgstr ""
13572
13573
#: serverguide/C/network-auth.xml:752(para)
13574
msgid ""
13575
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13576
"listed above, and add it:"
13577
msgstr ""
13578
13579
#: serverguide/C/network-auth.xml:760(para)
13580
msgid ""
13581
"The two severs should now have the same configuration except for the "
13582
"<emphasis>Syncrepl</emphasis> options."
13583
msgstr ""
13584
13585
#: serverguide/C/network-auth.xml:768(para)
13586
msgid ""
13587
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13588
msgstr ""
13589
13590
#: serverguide/C/network-auth.xml:772(programlisting)
13591
#, no-wrap
13592
msgid ""
13593
"\n"
13594
"#Load the syncprov module.\n"
13595
"dn: cn=module{0},cn=config\n"
13596
"changetype: modify\n"
13597
"add: olcModuleLoad\n"
13598
"olcModuleLoad: syncprov\n"
13599
"\n"
13600
"# syncrepl specific indices\n"
13601
"dn: olcDatabase={1}hdb,cn=config\n"
13602
"changetype: modify\n"
13603
"add: olcDbIndex\n"
13604
"olcDbIndex: entryUUID eq\n"
13605
"-\n"
13606
"add: olcSyncRepl\n"
13607
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13608
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13609
" credentials=secret searchbase=\"dc=example,dc=com\" "
13610
"logbase=\"cn=accesslog\" \n"
13611
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13612
"schemachecking=on \n"
13613
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13614
"-\n"
13615
"add: olcUpdateRef\n"
13616
"olcUpdateRef: ldap://ldap01.example.com\n"
13617
msgstr ""
13618
13619
#: serverguide/C/network-auth.xml:795(para)
13620
msgid "You will probably want to change the following attributes:"
13621
msgstr ""
13622
13623
#: serverguide/C/network-auth.xml:800(para)
13624
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13625
msgstr ""
13626
13627
#: serverguide/C/network-auth.xml:801(emphasis)
13628
msgid "binddn"
13629
msgstr ""
13630
13631
#: serverguide/C/network-auth.xml:802(emphasis)
13632
msgid "credentials"
13633
msgstr ""
13634
13635
#: serverguide/C/network-auth.xml:803(emphasis)
13636
msgid "searchbase"
13637
msgstr ""
13638
13639
#: serverguide/C/network-auth.xml:804(emphasis)
13640
msgid "olcUpdateRef:"
13641
msgstr ""
13642
13643
#: serverguide/C/network-auth.xml:810(para)
13644
msgid "Add the LDIF file to the configuration tree:"
13645
msgstr ""
13646
13647
#: serverguide/C/network-auth.xml:815(command)
13648
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13649
msgstr ""
13650
13651
#: serverguide/C/network-auth.xml:821(para)
13652
msgid ""
13653
"The frontend database should now sync between servers. You can add "
13654
"additional servers using the steps above as the need arises."
13655
msgstr ""
13656
13657
#: serverguide/C/network-auth.xml:831(programlisting)
13658
#, no-wrap
13659
msgid "127.0.0.1\tldap01.example.com ldap01"
13660
msgstr ""
13661
13662
#: serverguide/C/network-auth.xml:827(para)
13663
msgid ""
13664
"The <application>slapd</application> daemon will send log information to "
13665
"<filename>/var/log/syslog</filename> by default. So if all does "
13666
"<emphasis>not</emphasis> go well check there for errors and other "
13667
"troubleshooting information. Also, be sure that each server knows it's Fully "
13668
"Qualified Domain Name (FQDN). This is configured in "
13669
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13670
msgstr ""
13671
13672
#: serverguide/C/network-auth.xml:839(title)
13673
msgid "Setting up ACL"
13674
msgstr ""
13675
13676
#: serverguide/C/network-auth.xml:841(para)
13677
msgid ""
13678
"Authentication requires access to the password field, that should be not "
13679
"accessible by default. Also, in order for users to change their own "
13680
"password, using <command>passwd</command> or other utilities, "
13681
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13682
"authenticated."
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:848(para)
13686
msgid ""
13687
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13688
"tree, use the <application>ldapsearch</application> utility:"
13689
msgstr ""
13690
13691
#: serverguide/C/network-auth.xml:854(command)
13692
msgid ""
13693
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13694
"olcDatabase=config olcAccess"
13695
msgstr ""
13696
13697
#: serverguide/C/network-auth.xml:858(computeroutput)
13698
#, no-wrap
13699
msgid ""
13700
"SASL/EXTERNAL authentication started\n"
13701
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13702
"SASL SSF: 0\n"
13703
"dn: olcDatabase={0}config,cn=config\n"
13704
"olcAccess: {0}to * by "
13705
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13706
" ,cn=auth manage by * break\n"
13707
msgstr ""
13708
13709
#: serverguide/C/network-auth.xml:867(para)
13710
msgid "To see the ACL for the frontend tree enter:"
13711
msgstr ""
13712
13713
#: serverguide/C/network-auth.xml:872(command)
13714
msgid ""
13715
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13716
"olcDatabase={1}hdb olcAccess"
13717
msgstr ""
13718
13719
#: serverguide/C/network-auth.xml:878(title)
13720
msgid "TLS and SSL"
13721
msgstr ""
13722
13723
#: serverguide/C/network-auth.xml:880(para)
13724
msgid ""
13725
"When authenticating to an OpenLDAP server it is best to do so using an "
13726
"encrypted session. This can be accomplished using Transport Layer Security "
13727
"(TLS) and/or Secure Sockets Layer (SSL)."
13728
msgstr ""
13729
13730
#: serverguide/C/network-auth.xml:885(para)
13731
msgid ""
13732
"The first step in the process is to obtain or create a "
13733
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13734
"is compiled using the <application>gnutls</application> library, the "
13735
"<application>certtool</application> utility will be used to create "
13736
"certificates."
13737
msgstr ""
13738
13739
#: serverguide/C/network-auth.xml:894(para)
13740
msgid ""
13741
"First, install <application>gnutls-bin</application> by entering the "
13742
"following in a terminal:"
13743
msgstr ""
13744
13745
#: serverguide/C/network-auth.xml:899(command)
13746
msgid "sudo apt-get install gnutls-bin"
13747
msgstr ""
13748
13749
#: serverguide/C/network-auth.xml:905(para)
13750
msgid ""
13751
"Next, create a private key for the <emphasis>Certificate "
13752
"Authority</emphasis> (CA):"
13753
msgstr ""
13754
13755
#: serverguide/C/network-auth.xml:910(command)
13756
msgid ""
13757
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13758
msgstr ""
13759
13760
#: serverguide/C/network-auth.xml:916(para)
13761
msgid ""
13762
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13763
"CA certificate containing:"
13764
msgstr ""
13765
13766
#: serverguide/C/network-auth.xml:920(programlisting)
13767
#, no-wrap
13768
msgid ""
13769
"\n"
13770
"cn = Example Company\n"
13771
"ca\n"
13772
"cert_signing_key\n"
13773
msgstr ""
13774
13775
#: serverguide/C/network-auth.xml:929(para)
13776
msgid "Now create the self-signed CA certificate:"
13777
msgstr ""
13778
13779
#: serverguide/C/network-auth.xml:934(command)
13780
msgid ""
13781
"sudo certtool --generate-self-signed --load-privkey "
13782
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13783
"/etc/ssl/certs/cacert.pem"
13784
msgstr ""
13785
13786
#: serverguide/C/network-auth.xml:941(para)
13787
msgid "Make a private key for the server:"
13788
msgstr ""
13789
13790
#: serverguide/C/network-auth.xml:946(command)
13791
msgid ""
13792
"sudo sh -c \"certtool --generate-privkey > "
13793
"/etc/ssl/private/ldap01_slapd_key.pem\""
13794
msgstr ""
13795
13796
#: serverguide/C/network-auth.xml:950(para)
13797
msgid ""
13798
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13799
"hostname. Naming the certificate and key for the host and service that will "
13800
"be using them will help keep filenames and paths straight."
13801
msgstr ""
13802
13803
#: serverguide/C/network-auth.xml:959(para)
13804
msgid ""
13805
"To sign the server's certificate with the CA, create the "
13806
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:963(programlisting)
13810
#, no-wrap
13811
msgid ""
13812
"\n"
13813
"organization = Example Company\n"
13814
"cn = ldap01.example.com\n"
13815
"tls_www_server\n"
13816
"encryption_key\n"
13817
"signing_key\n"
13818
msgstr ""
13819
13820
#: serverguide/C/network-auth.xml:974(para)
13821
msgid "Create the server's certificate:"
13822
msgstr ""
13823
13824
#: serverguide/C/network-auth.xml:979(command)
13825
msgid ""
13826
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13827
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13828
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13829
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13830
msgstr ""
13831
13832
#: serverguide/C/network-auth.xml:987(para)
13833
msgid ""
13834
"Once you have a certificate, key, and CA cert installed, use "
13835
"<application>ldapmodify</application> to add the new configuration options:"
13836
msgstr ""
13837
13838
#: serverguide/C/network-auth.xml:998(userinput)
13839
#, no-wrap
13840
msgid ""
13841
"dn: cn=config\n"
13842
"add: olcTLSCACertificateFile\n"
13843
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13844
"-\n"
13845
"add: olcTLSCertificateFile\n"
13846
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13847
"-\n"
13848
"add: olcTLSCertificateKeyFile\n"
13849
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13850
msgstr ""
13851
13852
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13853
#, no-wrap
13854
msgid ""
13855
"Enter LDAP Password:\n"
13856
"<placeholder-1/>\n"
13857
"\n"
13858
"modifying entry \"cn=config\"\n"
13859
msgstr ""
13860
13861
#: serverguide/C/network-auth.xml:1013(para)
13862
msgid ""
13863
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13864
"<filename>ldap01_slapd_key.pem</filename>, and "
13865
"<filename>cacert.pem</filename> names if yours are different."
13866
msgstr ""
13867
13868
#: serverguide/C/network-auth.xml:1019(para)
13869
msgid ""
13870
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13871
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13872
msgstr ""
13873
13874
#: serverguide/C/network-auth.xml:1023(programlisting)
13875
#, no-wrap
13876
msgid ""
13877
"\n"
13878
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13879
msgstr ""
13880
13881
#: serverguide/C/network-auth.xml:1027(para)
13882
msgid ""
13883
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13884
msgstr ""
13885
13886
#: serverguide/C/network-auth.xml:1032(command)
13887
msgid "sudo adduser openldap ssl-cert"
13888
msgstr ""
13889
13890
#: serverguide/C/network-auth.xml:1033(command)
13891
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13892
msgstr ""
13893
13894
#: serverguide/C/network-auth.xml:1034(command)
13895
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13896
msgstr ""
13897
13898
#: serverguide/C/network-auth.xml:1038(para)
13899
msgid ""
13900
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13901
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13902
"adjust the commands appropriately."
13903
msgstr ""
13904
13905
#: serverguide/C/network-auth.xml:1044(para)
13906
msgid "Finally, restart <application>slapd</application>:"
13907
msgstr ""
13908
13909
#: serverguide/C/network-auth.xml:1052(para)
13910
msgid ""
13911
"The <application>slapd</application> daemon should now be listening for "
13912
"LDAPS connections and be able to use STARTTLS during authentication."
13913
msgstr ""
13914
13915
#: serverguide/C/network-auth.xml:1058(para)
13916
msgid ""
13917
"If you run into troubles with the server not starting, check the "
13918
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
13919
"it is likely there is a configuration problem. Check that the certificate is "
13920
"signed by the authority from in the files configured, and that the ssl-cert "
13921
"group has read permissions on the private key."
13922
msgstr ""
13923
13924
#: serverguide/C/network-auth.xml:1070(title)
13925
msgid "TLS Replication"
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:1072(para)
13929
msgid ""
13930
"If you have setup <application>Syncrepl</application> between servers, it is "
13931
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
13932
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
13933
"linkend=\"openldap-server-replication\"/>."
13934
msgstr ""
13935
13936
#: serverguide/C/network-auth.xml:1078(para)
13937
msgid ""
13938
"Assuming you have followed the above instructions and created a CA "
13939
"certificate and server certificate on the <emphasis>Provider</emphasis> "
13940
"server. Follow the following instructions to create a certificate and key "
13941
"for the <emphasis>Consumer</emphasis> server."
13942
msgstr ""
13943
13944
#: serverguide/C/network-auth.xml:1087(para)
13945
msgid "Create a new key for the Consumer server:"
13946
msgstr ""
13947
13948
#: serverguide/C/network-auth.xml:1092(command)
13949
msgid "mkdir ldap02-ssl"
13950
msgstr ""
13951
13952
#: serverguide/C/network-auth.xml:1093(command)
13953
msgid "cd ldap02-ssl"
13954
msgstr ""
13955
13956
#: serverguide/C/network-auth.xml:1094(command)
13957
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
13958
msgstr ""
13959
13960
#: serverguide/C/network-auth.xml:1098(para)
13961
msgid ""
13962
"Creating a new directory is not strictly necessary, but it will help keep "
13963
"things organized and make it easier to copy the files to the Consumer server."
13964
msgstr ""
13965
13966
#: serverguide/C/network-auth.xml:1107(para)
13967
msgid ""
13968
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
13969
"server, changing the attributes to match your locality and server:"
13970
msgstr ""
13971
13972
#: serverguide/C/network-auth.xml:1112(programlisting)
13973
#, no-wrap
13974
msgid ""
13975
"\n"
13976
"country = US\n"
13977
"state = North Carolina\n"
13978
"locality = Winston-Salem\n"
13979
"organization = Example Company\n"
13980
"cn = ldap02.salem.edu\n"
13981
"tls_www_client\n"
13982
"encryption_key\n"
13983
"signing_key\n"
13984
msgstr ""
13985
13986
#: serverguide/C/network-auth.xml:1126(para)
13987
msgid "Create the certificate:"
13988
msgstr ""
13989
13990
#: serverguide/C/network-auth.xml:1131(command)
13991
msgid ""
13992
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
13993
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
13994
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
13995
"ldap02_slapd_cert.pem"
13996
msgstr ""
13997
13998
#: serverguide/C/network-auth.xml:1139(para)
13999
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14000
msgstr ""
14001
14002
#: serverguide/C/network-auth.xml:1144(command)
14003
msgid "cp /etc/ssl/certs/cacert.pem ."
14004
msgstr ""
14005
14006
#: serverguide/C/network-auth.xml:1150(para)
14007
msgid ""
14008
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14009
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14010
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14011
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14012
"<filename>/etc/ssl/private</filename>."
14013
msgstr ""
14014
14015
#: serverguide/C/network-auth.xml:1159(para)
14016
msgid ""
14017
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14018
"by entering:"
14019
msgstr ""
14020
14021
#: serverguide/C/network-auth.xml:1169(userinput)
14022
#, no-wrap
14023
msgid ""
14024
"dn: cn=config\n"
14025
"add: olcTLSCACertificateFile\n"
14026
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14027
"-\n"
14028
"add: olcTLSCertificateFile\n"
14029
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14030
"-\n"
14031
"add: olcTLSCertificateKeyFile\n"
14032
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14033
msgstr ""
14034
14035
#: serverguide/C/network-auth.xml:1186(para)
14036
msgid ""
14037
"As with the Provider you can now edit "
14038
"<filename>/etc/default/slapd</filename> and add the "
14039
"<emphasis>ldaps:///</emphasis> parameter to the "
14040
"<emphasis>SLAPD_SERVICES</emphasis> option."
14041
msgstr ""
14042
14043
#: serverguide/C/network-auth.xml:1194(para)
14044
msgid ""
14045
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14046
"modify the <emphasis>Consumer</emphasis> server's "
14047
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14048
msgstr ""
14049
14050
#: serverguide/C/network-auth.xml:1207(userinput)
14051
#, no-wrap
14052
msgid ""
14053
"\n"
14054
"dn: olcDatabase={1}hdb,cn=config\n"
14055
"replace: olcSyncrepl\n"
14056
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14057
"binddn=\"cn=ad\n"
14058
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14059
"logbas\n"
14060
" e=\"cn=accesslog\" "
14061
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14062
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14063
"starttls=yes"
14064
msgstr ""
14065
14066
#: serverguide/C/network-auth.xml:1204(computeroutput)
14067
#, no-wrap
14068
msgid ""
14069
"SASL/EXTERNAL authentication started\n"
14070
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14071
"SASL SSF: 0\n"
14072
"<placeholder-1/>\n"
14073
"\n"
14074
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14075
msgstr ""
14076
14077
#: serverguide/C/network-auth.xml:1219(para)
14078
msgid ""
14079
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14080
"(FQDN) in the certificate, you may have to edit "
14081
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14082
msgstr ""
14083
14084
#: serverguide/C/network-auth.xml:1224(programlisting)
14085
#, no-wrap
14086
msgid ""
14087
"\n"
14088
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14089
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14090
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14091
msgstr ""
14092
14093
#: serverguide/C/network-auth.xml:1231(para)
14094
msgid ""
14095
"Finally, restart <application>slapd</application> on each of the servers:"
14096
msgstr ""
14097
14098
#: serverguide/C/network-auth.xml:1244(title)
14099
msgid "LDAP Authentication"
14100
msgstr ""
14101
14102
#: serverguide/C/network-auth.xml:1246(para)
14103
msgid ""
14104
"Once you have a working LDAP server, the <application>auth-client-"
14105
"config</application> and <application>libnss-ldap</application> packages "
14106
"take the pain out of configuring an Ubuntu client to authenticate using "
14107
"LDAP. To install the packages from, a terminal prompt enter:"
14108
msgstr ""
14109
14110
#: serverguide/C/network-auth.xml:1253(command)
14111
msgid "sudo apt-get install libnss-ldap"
14112
msgstr ""
14113
14114
#: serverguide/C/network-auth.xml:1256(para)
14115
msgid ""
14116
"During the install a menu dialog will ask you connection details about your "
14117
"LDAP server."
14118
msgstr ""
14119
14120
#: serverguide/C/network-auth.xml:1260(para)
14121
msgid ""
14122
"If you make a mistake when entering your information you can execute the "
14123
"dialog again using:"
14124
msgstr ""
14125
14126
#: serverguide/C/network-auth.xml:1265(command)
14127
msgid "sudo dpkg-reconfigure ldap-auth-config"
14128
msgstr ""
14129
14130
#: serverguide/C/network-auth.xml:1268(para)
14131
msgid ""
14132
"The results of the dialog can be seen in "
14133
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14134
"covered in the menu edit this file accordingly."
14135
msgstr ""
14136
14137
#: serverguide/C/network-auth.xml:1273(para)
14138
msgid ""
14139
"Now that <application>libnss-ldap</application> is configured enable the "
14140
"<application>auth-client-config</application> LDAP profile by entering:"
14141
msgstr ""
14142
14143
#: serverguide/C/network-auth.xml:1279(command)
14144
msgid "sudo auth-client-config -t nss -p lac_ldap"
14145
msgstr ""
14146
14147
#: serverguide/C/network-auth.xml:1284(para)
14148
msgid ""
14149
"<emphasis>-t:</emphasis> only modifies "
14150
"<filename>/etc/nsswitch.conf</filename>."
14151
msgstr ""
14152
14153
#: serverguide/C/network-auth.xml:1289(para)
14154
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14155
msgstr ""
14156
14157
#: serverguide/C/network-auth.xml:1294(para)
14158
msgid ""
14159
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14160
"config</application> profile that is part of the <application>ldap-auth-"
14161
"config</application> package."
14162
msgstr ""
14163
14164
#: serverguide/C/network-auth.xml:1301(para)
14165
msgid ""
14166
"Using the <application>pam-auth-update</application> utility, configure the "
14167
"system to use LDAP for authentication:"
14168
msgstr ""
14169
14170
#: serverguide/C/network-auth.xml:1306(command)
14171
msgid "sudo pam-auth-update"
14172
msgstr ""
14173
14174
#: serverguide/C/network-auth.xml:1309(para)
14175
msgid ""
14176
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14177
"any other authentication mechanisms you need."
14178
msgstr ""
14179
14180
#: serverguide/C/network-auth.xml:1313(para)
14181
msgid ""
14182
"You should now be able to login using user credentials stored in the LDAP "
14183
"directory."
14184
msgstr ""
14185
14186
#: serverguide/C/network-auth.xml:1318(para)
14187
msgid ""
14188
"If you are going to use LDAP to store Samba users you will need to configure "
14189
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14190
"for details."
14191
msgstr ""
14192
14193
#: serverguide/C/network-auth.xml:1326(title)
14194
msgid "User and Group Management"
14195
msgstr ""
14196
14197
#: serverguide/C/network-auth.xml:1328(para)
14198
msgid ""
14199
"The <application>ldap-utils</application> package comes with multiple "
14200
"utilities to manage the directory, but the long string of options needed, "
14201
"can make them a burden to use. The <application>ldapscripts</application> "
14202
"package contains configurable scripts to easily manage LDAP users and groups."
14203
msgstr ""
14204
14205
#: serverguide/C/network-auth.xml:1334(para)
14206
msgid "To install the package, from a terminal enter:"
14207
msgstr ""
14208
14209
#: serverguide/C/network-auth.xml:1339(command)
14210
msgid "sudo apt-get install ldapscripts"
14211
msgstr ""
14212
14213
#: serverguide/C/network-auth.xml:1342(para)
14214
msgid ""
14215
"Next, edit the config file "
14216
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14217
"changing the following to match your environment:"
14218
msgstr ""
14219
14220
#: serverguide/C/network-auth.xml:1347(programlisting)
14221
#, no-wrap
14222
msgid ""
14223
"\n"
14224
"SERVER=localhost\n"
14225
"BINDDN='cn=admin,dc=example,dc=com'\n"
14226
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14227
"SUFFIX='dc=example,dc=com'\n"
14228
"GSUFFIX='ou=Groups'\n"
14229
"USUFFIX='ou=People'\n"
14230
"MSUFFIX='ou=Computers'\n"
14231
"GIDSTART=10000\n"
14232
"UIDSTART=10000\n"
14233
"MIDSTART=10000\n"
14234
msgstr ""
14235
14236
#: serverguide/C/network-auth.xml:1360(para)
14237
msgid ""
14238
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14239
"authenticated access to the directory:"
14240
msgstr ""
14241
14242
#: serverguide/C/network-auth.xml:1365(command)
14243
msgid ""
14244
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14245
msgstr ""
14246
14247
#: serverguide/C/network-auth.xml:1366(command)
14248
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14249
msgstr ""
14250
14251
#: serverguide/C/network-auth.xml:1370(para)
14252
msgid ""
14253
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14254
"user."
14255
msgstr ""
14256
14257
#: serverguide/C/network-auth.xml:1375(para)
14258
msgid ""
14259
"The <application>ldapscripts</application> are now ready to help manage your "
14260
"directory. The following are some examples of how to use the scripts:"
14261
msgstr ""
14262
14263
#: serverguide/C/network-auth.xml:1382(para)
14264
msgid "Create a new user:"
14265
msgstr ""
14266
14267
#: serverguide/C/network-auth.xml:1386(command)
14268
msgid "sudo ldapadduser george example"
14269
msgstr ""
14270
14271
#: serverguide/C/network-auth.xml:1388(para)
14272
msgid ""
14273
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14274
"and set the user's primary group (gid) to <emphasis "
14275
"role=\"italic\">example</emphasis>"
14276
msgstr ""
14277
14278
#: serverguide/C/network-auth.xml:1394(para)
14279
msgid "Change a user's password:"
14280
msgstr ""
14281
14282
#: serverguide/C/network-auth.xml:1398(command)
14283
msgid "sudo ldapsetpasswd george"
14284
msgstr ""
14285
14286
#: serverguide/C/network-auth.xml:1399(computeroutput)
14287
#, no-wrap
14288
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14289
msgstr ""
14290
14291
#: serverguide/C/network-auth.xml:1400(userinput)
14292
#, no-wrap
14293
msgid "New Password: "
14294
msgstr ""
14295
14296
#: serverguide/C/network-auth.xml:1401(userinput)
14297
#, no-wrap
14298
msgid "New Password (verify): "
14299
msgstr ""
14300
14301
#: serverguide/C/network-auth.xml:1405(para)
14302
msgid "Delete a user:"
14303
msgstr ""
14304
14305
#: serverguide/C/network-auth.xml:1409(command)
14306
msgid "sudo ldapdeleteuser george"
14307
msgstr ""
14308
14309
#: serverguide/C/network-auth.xml:1414(para)
14310
msgid "Add a group:"
14311
msgstr ""
14312
14313
#: serverguide/C/network-auth.xml:1418(command)
14314
msgid "sudo ldapaddgroup qa"
14315
msgstr ""
14316
14317
#: serverguide/C/network-auth.xml:1422(para)
14318
msgid "Delete a group:"
14319
msgstr ""
14320
14321
#: serverguide/C/network-auth.xml:1426(command)
14322
msgid "sudo ldapdeletegroup qa"
14323
msgstr ""
14324
14325
#: serverguide/C/network-auth.xml:1430(para)
14326
msgid "Add a user to a group:"
14327
msgstr ""
14328
14329
#: serverguide/C/network-auth.xml:1434(command)
14330
msgid "sudo ldapaddusertogroup george qa"
14331
msgstr ""
14332
14333
#: serverguide/C/network-auth.xml:1436(para)
14334
msgid ""
14335
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14336
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14337
"role=\"italic\">george</emphasis>."
14338
msgstr ""
14339
14340
#: serverguide/C/network-auth.xml:1442(para)
14341
msgid "Remove a user from a group:"
14342
msgstr ""
14343
14344
#: serverguide/C/network-auth.xml:1446(command)
14345
msgid "sudo ldapdeleteuserfromgroup george qa"
14346
msgstr ""
14347
14348
#: serverguide/C/network-auth.xml:1448(para)
14349
msgid ""
14350
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14351
"<emphasis role=\"italic\">qa</emphasis> group."
14352
msgstr ""
14353
14354
#: serverguide/C/network-auth.xml:1454(para)
14355
msgid ""
14356
"The <application>ldapmodifyuser</application> script allows you to add, "
14357
"remove, or replace a user's attributes. The script uses the same syntax as "
14358
"the <application>ldapmodify</application> utility. For example:"
14359
msgstr ""
14360
14361
#: serverguide/C/network-auth.xml:1459(command)
14362
msgid "sudo ldapmodifyuser george"
14363
msgstr ""
14364
14365
#: serverguide/C/network-auth.xml:1460(computeroutput)
14366
#, no-wrap
14367
msgid ""
14368
"# About to modify the following entry :\n"
14369
"dn: uid=george,ou=People,dc=example,dc=com\n"
14370
"objectClass: account\n"
14371
"objectClass: posixAccount\n"
14372
"cn: george\n"
14373
"uid: george\n"
14374
"uidNumber: 1001\n"
14375
"gidNumber: 1001\n"
14376
"homeDirectory: /home/george\n"
14377
"loginShell: /bin/bash\n"
14378
"gecos: george\n"
14379
"description: User account\n"
14380
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14381
"\n"
14382
"# Enter your modifications here, end with CTRL-D.\n"
14383
"dn: uid=george,ou=People,dc=example,dc=com"
14384
msgstr ""
14385
14386
#: serverguide/C/network-auth.xml:1476(userinput)
14387
#, no-wrap
14388
msgid ""
14389
"replace: gecos\n"
14390
"gecos: George Carlin"
14391
msgstr ""
14392
14393
#: serverguide/C/network-auth.xml:1479(para)
14394
msgid ""
14395
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14396
"Carlin</quote>."
14397
msgstr ""
14398
14399
#: serverguide/C/network-auth.xml:1484(para)
14400
msgid ""
14401
"Another great feature of <application>ldapscripts</application>, is the "
14402
"template system. Templates allow you to customize the attributes of user, "
14403
"group, and machine objectes. For example, to enable the "
14404
"<emphasis>user</emphasis> template edit "
14405
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14406
msgstr ""
14407
14408
#: serverguide/C/network-auth.xml:1491(programlisting)
14409
#, no-wrap
14410
msgid ""
14411
"\n"
14412
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14413
msgstr ""
14414
14415
#: serverguide/C/network-auth.xml:1495(para)
14416
msgid ""
14417
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14418
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14419
"<filename>ldapadduser.template.sample</filename> file to "
14420
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14421
msgstr ""
14422
14423
#: serverguide/C/network-auth.xml:1502(command)
14424
msgid ""
14425
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14426
"/etc/ldapscripts/ldapadduser.template"
14427
msgstr ""
14428
14429
#: serverguide/C/network-auth.xml:1505(para)
14430
msgid ""
14431
"Edit the new template to add the desired attributes. The following will "
14432
"create new user's as with an <emphasis>objectClass</emphasis> of "
14433
"<emphasis>inetOrgPerson</emphasis>:"
14434
msgstr ""
14435
14436
#: serverguide/C/network-auth.xml:1510(programlisting)
14437
#, no-wrap
14438
msgid ""
14439
"\n"
14440
"dn: uid=<user>,<usuffix>,<suffix>\n"
14441
"objectClass: inetOrgPerson\n"
14442
"objectClass: posixAccount\n"
14443
"cn: <user>\n"
14444
"sn: <ask>\n"
14445
"uid: <user>\n"
14446
"uidNumber: <uid>\n"
14447
"gidNumber: <gid>\n"
14448
"homeDirectory: <home>\n"
14449
"loginShell: <shell>\n"
14450
"gecos: <user>\n"
14451
"description: User account\n"
14452
"title: Employee\n"
14453
msgstr ""
14454
14455
#: serverguide/C/network-auth.xml:1526(para)
14456
msgid ""
14457
"Notice the <emphasis><ask></emphasis> option used for the "
14458
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14459
"<application>ldapadduser</application> to prompt you for the attribute value "
14460
"during user creation."
14461
msgstr ""
14462
14463
#: serverguide/C/network-auth.xml:1534(para)
14464
msgid ""
14465
"There are more useful scripts in the package, to see a full list enter: "
14466
"<command>dpkg -L ldapscripts | grep bin</command>"
14467
msgstr ""
14468
14469
#: serverguide/C/network-auth.xml:1543(para)
14470
msgid ""
14471
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14472
"Ubuntu Wiki</ulink> page has more details."
14473
msgstr ""
14474
14475
#: serverguide/C/network-auth.xml:1548(para)
14476
msgid ""
14477
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14478
"Home Page</ulink>"
14479
msgstr ""
14480
14481
#: serverguide/C/network-auth.xml:1553(para)
14482
msgid ""
14483
"Though starting to show it's age, a great source for in depth LDAP "
14484
"information is O'Reilly's <ulink "
14485
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14486
"Administration</ulink>"
14487
msgstr ""
14488
14489
#: serverguide/C/network-auth.xml:1559(para)
14490
msgid ""
14491
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14492
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14493
"newer versions of OpenLDAP."
14494
msgstr ""
14495
14496
#: serverguide/C/network-auth.xml:1565(para)
14497
msgid ""
14498
"For more information on <application>auth-client-config</application> see "
14499
"the man page: <command>man auth-client-config</command>."
14500
msgstr ""
14501
14502
#: serverguide/C/network-auth.xml:1570(para)
14503
msgid ""
14504
"For more details regarding the <application>ldapscripts</application> "
14505
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14506
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14507
msgstr ""
14508
14509
#: serverguide/C/network-auth.xml:1580(title)
14510
msgid "Samba and LDAP"
14511
msgstr ""
14512
14513
#: serverguide/C/network-auth.xml:1582(para)
14514
msgid ""
14515
"This section covers configuring Samba to use LDAP for user, group, and "
14516
"machine account information and authentication. The assumption is, you "
14517
"already have a working OpenLDAP directory installed and the server is "
14518
"configured to use it for authentication. See <xref linkend=\"openldap-"
14519
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14520
"setting up OpenLDAP. For more information on installing and configuring "
14521
"Samba see <xref linkend=\"windows-networking\"/>."
14522
msgstr ""
14523
14524
#: serverguide/C/network-auth.xml:1592(para)
14525
msgid ""
14526
"There are three packages needed when integrating Samba with LDAP. "
14527
"<application>samba</application>, <application>samba-doc</application>, and "
14528
"<application>smbldap-tools</application> packages . To install the packages, "
14529
"from a terminal enter:"
14530
msgstr ""
14531
14532
#: serverguide/C/network-auth.xml:1598(command)
14533
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14534
msgstr ""
14535
14536
#: serverguide/C/network-auth.xml:1601(para)
14537
msgid ""
14538
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14539
"needed, but unless you have another package or custom scripts, a method of "
14540
"managing users, groups, and computer accounts is needed."
14541
msgstr ""
14542
14543
#: serverguide/C/network-auth.xml:1608(title)
14544
msgid "OpenLDAP Configuration"
14545
msgstr ""
14546
14547
#: serverguide/C/network-auth.xml:1610(para)
14548
msgid ""
14549
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14550
"the user objects in the directory will need additional attributes. This "
14551
"section assumes you want Samba to be configured as a Windows NT domain "
14552
"controller, and will add the necessary LDAP objects and attributes."
14553
msgstr ""
14554
14555
#: serverguide/C/network-auth.xml:1618(para)
14556
msgid ""
14557
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14558
"file which is part of the <application>samba-doc</application> package. The "
14559
"schema file needs to be unzipped and copied to "
14560
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14561
msgstr ""
14562
14563
#: serverguide/C/network-auth.xml:1625(command)
14564
msgid ""
14565
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14566
"/etc/ldap/schema/"
14567
msgstr ""
14568
14569
#: serverguide/C/network-auth.xml:1626(command)
14570
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14571
msgstr ""
14572
14573
#: serverguide/C/network-auth.xml:1632(para)
14574
msgid ""
14575
"The <emphasis>samba</emphasis> schema needs to be added to the "
14576
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14577
"<application>slapd</application> is also detailed in <xref "
14578
"linkend=\"openldap-configuration\"/>."
14579
msgstr ""
14580
14581
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14582
msgid ""
14583
"First, create a configuration file named "
14584
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14585
"containing the following lines:"
14586
msgstr ""
14587
14588
#: serverguide/C/network-auth.xml:1645(programlisting)
14589
#, no-wrap
14590
msgid ""
14591
"\n"
14592
"include /etc/ldap/schema/core.schema\n"
14593
"include /etc/ldap/schema/collective.schema\n"
14594
"include /etc/ldap/schema/corba.schema\n"
14595
"include /etc/ldap/schema/cosine.schema\n"
14596
"include /etc/ldap/schema/duaconf.schema\n"
14597
"include /etc/ldap/schema/dyngroup.schema\n"
14598
"include /etc/ldap/schema/inetorgperson.schema\n"
14599
"include /etc/ldap/schema/java.schema\n"
14600
"include /etc/ldap/schema/misc.schema\n"
14601
"include /etc/ldap/schema/nis.schema\n"
14602
"include /etc/ldap/schema/openldap.schema\n"
14603
"include /etc/ldap/schema/ppolicy.schema\n"
14604
"include /etc/ldap/schema/samba.schema\n"
14605
msgstr ""
14606
14607
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14608
msgid ""
14609
"Now use <application>slapcat</application> to convert the schema files:"
14610
msgstr ""
14611
14612
#: serverguide/C/network-auth.xml:1680(command)
14613
msgid ""
14614
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14615
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14616
msgstr ""
14617
14618
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14619
msgid ""
14620
"Change the above file and path names to match your own if they are different."
14621
msgstr ""
14622
14623
#: serverguide/C/network-auth.xml:1690(para)
14624
msgid ""
14625
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14626
"the following attributes:"
14627
msgstr ""
14628
14629
#: serverguide/C/network-auth.xml:1694(programlisting)
14630
#, no-wrap
14631
msgid ""
14632
"\n"
14633
"dn: cn=samba,cn=schema,cn=config\n"
14634
"...\n"
14635
"cn: samba\n"
14636
msgstr ""
14637
14638
#: serverguide/C/network-auth.xml:1704(programlisting)
14639
#, no-wrap
14640
msgid ""
14641
"\n"
14642
"structuralObjectClass: olcSchemaConfig\n"
14643
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14644
"creatorsName: cn=config\n"
14645
"createTimestamp: 20080827045234Z\n"
14646
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14647
"modifiersName: cn=config\n"
14648
"modifyTimestamp: 20080827045234Z\n"
14649
msgstr ""
14650
14651
#: serverguide/C/network-auth.xml:1729(command)
14652
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14653
msgstr ""
14654
14655
#: serverguide/C/network-auth.xml:1735(para)
14656
msgid ""
14657
"There should now be a <emphasis>dn: "
14658
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14659
"sequential schema, entry in the cn=config tree."
14660
msgstr ""
14661
14662
#: serverguide/C/network-auth.xml:1743(para)
14663
msgid ""
14664
"Copy and paste the following into a file named "
14665
"<filename>samba_indexes.ldif</filename>:"
14666
msgstr ""
14667
14668
#: serverguide/C/network-auth.xml:1747(programlisting)
14669
#, no-wrap
14670
msgid ""
14671
"\n"
14672
"dn: olcDatabase={1}hdb,cn=config\n"
14673
"changetype: modify\n"
14674
"add: olcDbIndex\n"
14675
"olcDbIndex: uidNumber eq\n"
14676
"olcDbIndex: gidNumber eq\n"
14677
"olcDbIndex: loginShell eq\n"
14678
"olcDbIndex: uid eq,pres,sub\n"
14679
"olcDbIndex: memberUid eq,pres,sub\n"
14680
"olcDbIndex: uniqueMember eq,pres\n"
14681
"olcDbIndex: sambaSID eq\n"
14682
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14683
"olcDbIndex: sambaGroupType eq\n"
14684
"olcDbIndex: sambaSIDList eq\n"
14685
"olcDbIndex: sambaDomainName eq\n"
14686
"olcDbIndex: default sub\n"
14687
msgstr ""
14688
14689
#: serverguide/C/network-auth.xml:1765(para)
14690
msgid ""
14691
"Using the <application>ldapmodify</application> utility load the new indexes:"
14692
msgstr ""
14693
14694
#: serverguide/C/network-auth.xml:1770(command)
14695
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14696
msgstr ""
14697
14698
#: serverguide/C/network-auth.xml:1772(para)
14699
msgid ""
14700
"If all went well you should see the new indexes using "
14701
"<application>ldapsearch</application>:"
14702
msgstr ""
14703
14704
#: serverguide/C/network-auth.xml:1777(command)
14705
msgid ""
14706
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14707
msgstr ""
14708
14709
#: serverguide/C/network-auth.xml:1783(para)
14710
msgid ""
14711
"Next, configure the <application>smbldap-tools</application> package to "
14712
"match your environment. The package comes with a configuration script that "
14713
"will ask questions about the needed options. To run the script enter:"
14714
msgstr ""
14715
14716
#: serverguide/C/network-auth.xml:1789(command)
14717
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14718
msgstr ""
14719
14720
#: serverguide/C/network-auth.xml:1790(command)
14721
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14722
msgstr ""
14723
14724
#: serverguide/C/network-auth.xml:1793(para)
14725
msgid ""
14726
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14727
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14728
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14729
"configure script, so if you made any mistakes while executing the script it "
14730
"may be simpler to edit the file appropriately."
14731
msgstr ""
14732
14733
#: serverguide/C/network-auth.xml:1803(para)
14734
msgid ""
14735
"The <application>smbldap-populate</application> script will add the "
14736
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14737
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14738
"<application>slapcat</application> before executing the command:"
14739
msgstr ""
14740
14741
#: serverguide/C/network-auth.xml:1810(command)
14742
msgid "sudo slapcat -l backup.ldif"
14743
msgstr ""
14744
14745
#: serverguide/C/network-auth.xml:1816(para)
14746
msgid ""
14747
"Once you have a current backup execute <application>smbldap-"
14748
"populate</application> by entering:"
14749
msgstr ""
14750
14751
#: serverguide/C/network-auth.xml:1821(command)
14752
msgid "sudo smbldap-populate"
14753
msgstr ""
14754
14755
#: serverguide/C/network-auth.xml:1825(para)
14756
msgid ""
14757
"You can create an LDIF file containing the new Samba objects by executing "
14758
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14759
"look over the changes making sure everything is correct."
14760
msgstr ""
14761
14762
#: serverguide/C/network-auth.xml:1833(para)
14763
msgid ""
14764
"Your LDAP directory now has the necessary domain information to authenticate "
14765
"Samba users."
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:1839(title)
14769
msgid "Samba Configuration"
14770
msgstr ""
14771
14772
#: serverguide/C/network-auth.xml:1841(para)
14773
msgid ""
14774
"There a multiple ways to configure Samba for details on some common "
14775
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14776
"Samba to use LDAP, edit the main Samba configuration file "
14777
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14778
"backend</emphasis> option and adding the following:"
14779
msgstr ""
14780
14781
#: serverguide/C/network-auth.xml:1847(programlisting)
14782
#, no-wrap
14783
msgid ""
14784
"\n"
14785
"# passdb backend = tdbsam\n"
14786
"\n"
14787
"# LDAP Settings\n"
14788
" passdb backend = ldapsam:ldap://hostname\n"
14789
" ldap suffix = dc=example,dc=com\n"
14790
" ldap user suffix = ou=People\n"
14791
" ldap group suffix = ou=Groups\n"
14792
" ldap machine suffix = ou=Computers\n"
14793
" ldap idmap suffix = ou=Idmap\n"
14794
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14795
" ldap ssl = start tls\n"
14796
" ldap passwd sync = yes\n"
14797
"...\n"
14798
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14799
msgstr ""
14800
14801
#: serverguide/C/network-auth.xml:1864(para)
14802
msgid "Restart <application>samba</application> to enable the new settings:"
14803
msgstr ""
14804
14805
#: serverguide/C/network-auth.xml:1873(para)
14806
msgid ""
14807
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14808
"enter:"
14809
msgstr ""
14810
14811
#: serverguide/C/network-auth.xml:1878(command)
14812
msgid "sudo smbpasswd -w secret"
14813
msgstr ""
14814
14815
#: serverguide/C/network-auth.xml:1882(para)
14816
msgid ""
14817
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14818
"password."
14819
msgstr ""
14820
14821
#: serverguide/C/network-auth.xml:1887(para)
14822
msgid ""
14823
"If you currently have users in LDAP, and you want them to authenticate using "
14824
"Samba, they will need some Samba attributes defined in the "
14825
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14826
"users using the <application>smbpasswd</application> utility, replacing "
14827
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14828
msgstr ""
14829
14830
#: serverguide/C/network-auth.xml:1895(command)
14831
msgid "sudo smbpasswd -a username"
14832
msgstr ""
14833
14834
#: serverguide/C/network-auth.xml:1898(para)
14835
msgid "You will then be asked to enter the user's password."
14836
msgstr ""
14837
14838
#: serverguide/C/network-auth.xml:1902(para)
14839
msgid ""
14840
"To add new user, group, and machine accounts use the utilities from the "
14841
"<application>smbldap-tools</application> package. Here are some examples:"
14842
msgstr ""
14843
14844
#: serverguide/C/network-auth.xml:1909(para)
14845
msgid ""
14846
"To add a new user to LDAP with Samba attributes enter the following, "
14847
"replacing username with an actual username:"
14848
msgstr ""
14849
14850
#: serverguide/C/network-auth.xml:1913(command)
14851
msgid "sudo smbldap-useradd -a -P username"
14852
msgstr ""
14853
14854
#: serverguide/C/network-auth.xml:1915(para)
14855
msgid ""
14856
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14857
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14858
"passwd</application> utility after the user is created allowing you to enter "
14859
"a password for the user."
14860
msgstr ""
14861
14862
#: serverguide/C/network-auth.xml:1921(para)
14863
msgid "To remove a user from the directory enter:"
14864
msgstr ""
14865
14866
#: serverguide/C/network-auth.xml:1925(command)
14867
msgid "sudo smbldap-userdel username"
14868
msgstr ""
14869
14870
#: serverguide/C/network-auth.xml:1927(para)
14871
msgid ""
14872
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14873
"r</emphasis> option to remove the user's home directory."
14874
msgstr ""
14875
14876
#: serverguide/C/network-auth.xml:1932(para)
14877
msgid ""
14878
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14879
"groupname with an appropriate group:"
14880
msgstr ""
14881
14882
#: serverguide/C/network-auth.xml:1936(command)
14883
msgid "sudo smbldap-groupadd -a groupname"
14884
msgstr ""
14885
14886
#: serverguide/C/network-auth.xml:1938(para)
14887
msgid ""
14888
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14889
"a</emphasis> adds the Samba attributes."
14890
msgstr ""
14891
14892
#: serverguide/C/network-auth.xml:1943(para)
14893
msgid ""
14894
"To add a user to a group use <application>smbldap-groupmod</application>:"
14895
msgstr ""
14896
14897
#: serverguide/C/network-auth.xml:1947(command)
14898
msgid "sudo smbldap-groupmod -m username groupname"
14899
msgstr ""
14900
14901
#: serverguide/C/network-auth.xml:1949(para)
14902
msgid ""
14903
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14904
"<emphasis>-m</emphasis> option can add more than one user at a time by "
14905
"listing them in <emphasis>comma separated</emphasis> format."
14906
msgstr ""
14907
14908
#: serverguide/C/network-auth.xml:1955(para)
14909
msgid ""
14910
"<application>smbldap-groupmod</application> can also be used to remove a "
14911
"user from a group:"
14912
msgstr ""
14913
14914
#: serverguide/C/network-auth.xml:1959(command)
14915
msgid "sudo smbldap-groupmod -x username groupname"
14916
msgstr ""
14917
14918
#: serverguide/C/network-auth.xml:1963(para)
14919
msgid ""
14920
"Additionally, the <application>smbldap-useradd</application> utility can add "
14921
"Samba machine accounts:"
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1967(command)
14925
msgid "sudo smbldap-useradd -t 0 -w username"
14926
msgstr ""
14927
14928
#: serverguide/C/network-auth.xml:1969(para)
14929
msgid ""
14930
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
14931
"<emphasis>-t 0</emphasis> option creates the machine account without a "
14932
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
14933
"machine account. Also, note the <emphasis>add machine script</emphasis> "
14934
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
14935
"<application>smbldap-useradd</application>."
14936
msgstr ""
14937
14938
#: serverguide/C/network-auth.xml:1978(para)
14939
msgid ""
14940
"There are more useful utilities and options in the <application>smbldap-"
14941
"tools</application> package. The man page for each utility provides more "
14942
"details."
14943
msgstr ""
14944
14945
#: serverguide/C/network-auth.xml:1989(para)
14946
msgid ""
14947
"There are multiple places where LDAP and Samba is documented in the <ulink "
14948
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
14949
"Collection</ulink>."
14950
msgstr ""
14951
14952
#: serverguide/C/network-auth.xml:1995(para)
14953
msgid ""
14954
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
14955
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
14956
msgstr ""
14957
14958
#: serverguide/C/network-auth.xml:2001(para)
14959
msgid ""
14960
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
14961
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:2007(para)
14965
msgid ""
14966
"Again, for more information on <application>smbldap-tools</application> see "
14967
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
14968
"groupadd</command>, <command>man smbldap-populate</command>, etc."
14969
msgstr ""
14970
14971
#: serverguide/C/network-auth.xml:2014(para)
14972
msgid ""
14973
"Also, there is a list of <ulink "
14974
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
14975
"wiki</ulink> articles with more information."
14976
msgstr ""
14977
14978
#: serverguide/C/network-auth.xml:2023(title)
14979
msgid "Kerberos"
14980
msgstr "Kerberos"
14981
14982
#: serverguide/C/network-auth.xml:2025(para)
14983
msgid ""
14984
"<application>Kerberos</application> is a network authentication system based "
14985
"on the principal of a trusted third party. The other two parties being the "
14986
"user and the service the user wishes to authenticate to. Not all services "
14987
"and applications can use Kerberos, but for those that can, it brings the "
14988
"network environment one step closer to being Single Sign On (SSO)."
14989
msgstr ""
14990
14991
#: serverguide/C/network-auth.xml:2031(para)
14992
msgid ""
14993
"This section covers installation and configuration of a Kerberos server, and "
14994
"some example client configurations."
14995
msgstr ""
14996
14997
#: serverguide/C/network-auth.xml:2038(para)
14998
msgid ""
14999
"If you are new to Kerberos there are a few terms that are good to understand "
15000
"before setting up a Kerberos server. Most of the terms will relate to things "
15001
"you may be familiar with in other environments:"
15002
msgstr ""
15003
15004
#: serverguide/C/network-auth.xml:2045(para)
15005
msgid ""
15006
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15007
"by servers need to be defined as Kerberos Principals."
15008
msgstr ""
15009
15010
#: serverguide/C/network-auth.xml:2050(para)
15011
msgid ""
15012
"<emphasis>Instances:</emphasis> are used for service principals and special "
15013
"administrative principals."
15014
msgstr ""
15015
15016
#: serverguide/C/network-auth.xml:2055(para)
15017
msgid ""
15018
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15019
"Kerberos installation. Usually the DNS domain converted to uppercase "
15020
"(EXAMPLE.COM)."
15021
msgstr ""
15022
15023
#: serverguide/C/network-auth.xml:2061(para)
15024
msgid ""
15025
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15026
"a database of all principals, the authentication server, and the ticket "
15027
"granting server. For each realm there must be at least one KDC."
15028
msgstr ""
15029
15030
#: serverguide/C/network-auth.xml:2067(para)
15031
msgid ""
15032
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15033
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15034
"password which is known only to the user and the KDC."
15035
msgstr ""
15036
15037
#: serverguide/C/network-auth.xml:2073(para)
15038
msgid ""
15039
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15040
"clients upon request."
15041
msgstr ""
15042
15043
#: serverguide/C/network-auth.xml:2078(para)
15044
msgid ""
15045
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15046
"One principal being a user and the other a service requested by the user. "
15047
"Tickets establish an encryption key used for secure communication during the "
15048
"authenticated session."
15049
msgstr ""
15050
15051
#: serverguide/C/network-auth.xml:2084(para)
15052
msgid ""
15053
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15054
"principal database and contain the encryption key for a service or host."
15055
msgstr ""
15056
15057
#: serverguide/C/network-auth.xml:2091(para)
15058
msgid ""
15059
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15060
"redundancy, which contains a database of Principals. When a user principal "
15061
"logs into a workstation, configured for Kerberos authentication, the KDC "
15062
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15063
"match, the user is authenticated and can then request tickets for Kerberized "
15064
"services from the Ticket Granting Server (TGS). The service tickets allow "
15065
"the user to authenticate to the service without entering another username "
15066
"and password."
15067
msgstr ""
15068
15069
#: serverguide/C/network-auth.xml:2100(title)
15070
msgid "Kerberos Server"
15071
msgstr ""
15072
15073
#: serverguide/C/network-auth.xml:2104(para)
15074
msgid ""
15075
"Before installing the Kerberos server a properly configured DNS server is "
15076
"needed for your domain. Since the Kerberos Realm by convention matches the "
15077
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15078
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15079
msgstr ""
15080
15081
#: serverguide/C/network-auth.xml:2110(para)
15082
msgid ""
15083
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15084
"between a client machine and the server differs by more than five minutes "
15085
"(by default), the workstation will not be able to authenticate. To correct "
15086
"the problem all hosts should have their time synchronized using the "
15087
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15088
"NTP see <xref linkend=\"NTP\"/>."
15089
msgstr ""
15090
15091
#: serverguide/C/network-auth.xml:2117(para)
15092
msgid ""
15093
"The first step in installing a Kerberos Realm is to install the "
15094
"<application>krb5-kdc</application> and <application>krb5-admin-"
15095
"server</application> packages. From a terminal enter:"
15096
msgstr ""
15097
15098
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15099
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15100
msgstr ""
15101
15102
#: serverguide/C/network-auth.xml:2126(para)
15103
msgid ""
15104
"You will be asked at the end of the install to supply a name for the "
15105
"Kerberos and Admin servers, which may or may not be the same server, for the "
15106
"realm."
15107
msgstr ""
15108
15109
#: serverguide/C/network-auth.xml:2131(para)
15110
msgid ""
15111
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15112
"utility:"
15113
msgstr ""
15114
15115
#: serverguide/C/network-auth.xml:2136(command)
15116
msgid "sudo krb5_newrealm"
15117
msgstr ""
15118
15119
#: serverguide/C/network-auth.xml:2143(para)
15120
msgid ""
15121
"The questions asked during installation are used to configure the "
15122
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15123
"Distribution Center (KDC) settings simply edit the file and restart the "
15124
"<application>krb5-kdc</application> daemon."
15125
msgstr ""
15126
15127
#: serverguide/C/network-auth.xml:2151(para)
15128
msgid ""
15129
"Now that the KDC running an admin user is needed. It is recommended to use a "
15130
"different username from your everyday username. Using the "
15131
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15132
msgstr ""
15133
15134
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15135
msgid "sudo kadmin.local"
15136
msgstr ""
15137
15138
#: serverguide/C/network-auth.xml:2158(computeroutput)
15139
#, no-wrap
15140
msgid ""
15141
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15142
"kadmin.local:"
15143
msgstr ""
15144
15145
#: serverguide/C/network-auth.xml:2159(userinput)
15146
#, no-wrap
15147
msgid " addprinc steve/admin"
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:2160(computeroutput)
15151
#, no-wrap
15152
msgid ""
15153
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15154
"policy\n"
15155
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15156
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15157
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15158
"kadmin.local:"
15159
msgstr ""
15160
15161
#: serverguide/C/network-auth.xml:2164(userinput)
15162
#, no-wrap
15163
msgid " quit"
15164
msgstr ""
15165
15166
#: serverguide/C/network-auth.xml:2167(para)
15167
msgid ""
15168
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15169
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15170
"is an <emphasis>Instance</emphasis>, and <emphasis "
15171
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15172
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15173
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15174
"rights."
15175
msgstr ""
15176
15177
#: serverguide/C/network-auth.xml:2175(para)
15178
msgid ""
15179
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15180
"your Realm and admin username."
15181
msgstr ""
15182
15183
#: serverguide/C/network-auth.xml:2183(para)
15184
msgid ""
15185
"Next, the new admin user needs to have the appropriate Access Control List "
15186
"(ACL) permissions. The permissions are configured in the "
15187
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15188
msgstr ""
15189
15190
#: serverguide/C/network-auth.xml:2188(programlisting)
15191
#, no-wrap
15192
msgid ""
15193
"\n"
15194
"steve/admin@EXAMPLE.COM *\n"
15195
msgstr ""
15196
15197
#: serverguide/C/network-auth.xml:2192(para)
15198
msgid ""
15199
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15200
"any operation on all principals in the realm."
15201
msgstr ""
15202
15203
#: serverguide/C/network-auth.xml:2199(para)
15204
msgid ""
15205
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15206
"to take affect:"
15207
msgstr ""
15208
15209
#: serverguide/C/network-auth.xml:2204(command)
15210
msgid "sudo /etc/init.d/krb5-admin-server restart"
15211
msgstr ""
15212
15213
#: serverguide/C/network-auth.xml:2210(para)
15214
msgid ""
15215
"The new user principal can be tested using the <application>kinit "
15216
"utility</application>:"
15217
msgstr ""
15218
15219
#: serverguide/C/network-auth.xml:2215(command)
15220
msgid "kinit steve/admin"
15221
msgstr ""
15222
15223
#: serverguide/C/network-auth.xml:2216(computeroutput)
15224
#, no-wrap
15225
msgid "steve/admin@EXAMPLE.COM's Password:"
15226
msgstr ""
15227
15228
#: serverguide/C/network-auth.xml:2219(para)
15229
msgid ""
15230
"After entering the password, use the <application>klist</application> "
15231
"utility to view information about the Ticket Granting Ticket (TGT):"
15232
msgstr ""
15233
15234
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15235
msgid "klist"
15236
msgstr ""
15237
15238
#: serverguide/C/network-auth.xml:2226(computeroutput)
15239
#, no-wrap
15240
msgid ""
15241
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15242
" Principal: steve/admin@EXAMPLE.COM\n"
15243
"\n"
15244
" Issued Expires Principal\n"
15245
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15246
msgstr ""
15247
15248
#: serverguide/C/network-auth.xml:2233(para)
15249
msgid ""
15250
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15251
"the KDC. For example:"
15252
msgstr ""
15253
15254
#: serverguide/C/network-auth.xml:2237(programlisting)
15255
#, no-wrap
15256
msgid ""
15257
"\n"
15258
"192.168.0.1 kdc01.example.com kdc01\n"
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:2241(para)
15262
msgid ""
15263
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15264
msgstr ""
15265
15266
#: serverguide/C/network-auth.xml:2248(para)
15267
msgid ""
15268
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15269
"are needed. Add the following to "
15270
"<filename>/etc/named/db.example.com</filename>:"
15271
msgstr ""
15272
15273
#: serverguide/C/network-auth.xml:2253(programlisting)
15274
#, no-wrap
15275
msgid ""
15276
"\n"
15277
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15278
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15279
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15280
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15281
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15282
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15283
msgstr ""
15284
15285
#: serverguide/C/network-auth.xml:2263(para)
15286
msgid ""
15287
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15288
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15289
"KDC."
15290
msgstr ""
15291
15292
#: serverguide/C/network-auth.xml:2269(para)
15293
msgid ""
15294
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15295
msgstr ""
15296
15297
#: serverguide/C/network-auth.xml:2276(para)
15298
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15299
msgstr ""
15300
15301
#: serverguide/C/network-auth.xml:2283(title)
15302
msgid "Secondary KDC"
15303
msgstr ""
15304
15305
#: serverguide/C/network-auth.xml:2285(para)
15306
msgid ""
15307
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15308
"practice to have a Secondary KDC in case the primary becomes unavailable."
15309
msgstr ""
15310
15311
#: serverguide/C/network-auth.xml:2293(para)
15312
msgid ""
15313
"First, install the packages, and when asked for the Kerberos and Admin "
15314
"server names enter the name of the Primary KDC:"
15315
msgstr ""
15316
15317
#: serverguide/C/network-auth.xml:2304(para)
15318
msgid ""
15319
"Once you have the packages installed, create the Secondary KDC's host "
15320
"principal. From a terminal prompt, enter:"
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:2309(command)
15324
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15325
msgstr ""
15326
15327
#: serverguide/C/network-auth.xml:2313(para)
15328
msgid ""
15329
"After, issuing any <application>kadmin</application> commands you will be "
15330
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15331
"password."
15332
msgstr ""
15333
15334
#: serverguide/C/network-auth.xml:2322(para)
15335
msgid "Extract the <emphasis>keytab</emphasis> file:"
15336
msgstr ""
15337
15338
#: serverguide/C/network-auth.xml:2327(command)
15339
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15340
msgstr ""
15341
15342
#: serverguide/C/network-auth.xml:2333(para)
15343
msgid ""
15344
"There should now be a <filename>keytab.kdc02</filename> in the current "
15345
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15346
msgstr ""
15347
15348
#: serverguide/C/network-auth.xml:2339(command)
15349
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15350
msgstr ""
15351
15352
#: serverguide/C/network-auth.xml:2343(para)
15353
msgid ""
15354
"If the path to the <filename>keytab.kdc02</filename> file is different "
15355
"adjust accordingly."
15356
msgstr ""
15357
15358
#: serverguide/C/network-auth.xml:2348(para)
15359
msgid ""
15360
"Also, you can list the principals in a Keytab file, which can be useful when "
15361
"troubleshooting, using the <application>klist</application> utility:"
15362
msgstr ""
15363
15364
#: serverguide/C/network-auth.xml:2354(command)
15365
msgid "sudo klist -k /etc/krb5.keytab"
15366
msgstr ""
15367
15368
#: serverguide/C/network-auth.xml:2360(para)
15369
msgid ""
15370
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15371
"that lists all KDCs for the Realm. For example, on both primary and "
15372
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15373
msgstr ""
15374
15375
#: serverguide/C/network-auth.xml:2365(programlisting)
15376
#, no-wrap
15377
msgid ""
15378
"\n"
15379
"host/kdc01.example.com@EXAMPLE.COM\n"
15380
"host/kdc02.example.com@EXAMPLE.COM\n"
15381
msgstr ""
15382
15383
#: serverguide/C/network-auth.xml:2373(para)
15384
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15385
msgstr ""
15386
15387
#: serverguide/C/network-auth.xml:2378(command)
15388
msgid "sudo kdb5_util -s create"
15389
msgstr ""
15390
15391
#: serverguide/C/network-auth.xml:2384(para)
15392
msgid ""
15393
"Now start the <application>kpropd</application> daemon, which listens for "
15394
"connections from the <application>kprop</application> utility. "
15395
"<application>kprop</application> is used to transfer dump files:"
15396
msgstr ""
15397
15398
#: serverguide/C/network-auth.xml:2391(command)
15399
msgid "sudo kpropd -S"
15400
msgstr ""
15401
15402
#: serverguide/C/network-auth.xml:2397(para)
15403
msgid ""
15404
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15405
"of the principal database:"
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:2402(command)
15409
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15410
msgstr ""
15411
15412
#: serverguide/C/network-auth.xml:2408(para)
15413
msgid ""
15414
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15415
"<filename>/etc/krb5.keytab</filename>:"
15416
msgstr ""
15417
15418
#: serverguide/C/network-auth.xml:2413(command)
15419
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15420
msgstr ""
15421
15422
#: serverguide/C/network-auth.xml:2414(command)
15423
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15424
msgstr ""
15425
15426
#: serverguide/C/network-auth.xml:2418(para)
15427
msgid ""
15428
"Make sure there is a <emphasis>host</emphasis> for "
15429
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15430
msgstr ""
15431
15432
#: serverguide/C/network-auth.xml:2426(para)
15433
msgid ""
15434
"Using the <application>kprop</application> utility push the database to the "
15435
"Secondary KDC:"
15436
msgstr ""
15437
15438
#: serverguide/C/network-auth.xml:2431(command)
15439
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15440
msgstr ""
15441
15442
#: serverguide/C/network-auth.xml:2435(para)
15443
msgid ""
15444
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15445
"worked. If there is an error message check "
15446
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15447
"information."
15448
msgstr ""
15449
15450
#: serverguide/C/network-auth.xml:2441(para)
15451
msgid ""
15452
"You may also want to create a <application>cron</application> job to "
15453
"periodically update the database on the Secondary KDC. For example, the "
15454
"following will push the database every hour:"
15455
msgstr ""
15456
15457
#: serverguide/C/network-auth.xml:2446(programlisting)
15458
#, no-wrap
15459
msgid ""
15460
"\n"
15461
"# m h dom mon dow command\n"
15462
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15463
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15464
msgstr ""
15465
15466
#: serverguide/C/network-auth.xml:2454(para)
15467
msgid ""
15468
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15469
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15470
msgstr ""
15471
15472
#: serverguide/C/network-auth.xml:2460(command)
15473
msgid "sudo kdb5_util stash"
15474
msgstr ""
15475
15476
#: serverguide/C/network-auth.xml:2466(para)
15477
msgid ""
15478
"Finally, start the <application>krb5-kdc</application> daemon on the "
15479
"Secondary KDC:"
15480
msgstr ""
15481
15482
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15483
msgid "sudo /etc/init.d/krb5-kdc start"
15484
msgstr ""
15485
15486
#: serverguide/C/network-auth.xml:2477(para)
15487
msgid ""
15488
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15489
"for the Realm. You can test this by stopping the <application>krb5-"
15490
"kdc</application> daemon on the Primary KDC, then use "
15491
"<application>kinit</application> to request a ticket. If all goes well you "
15492
"should receive a ticket from the Secondary KDC."
15493
msgstr ""
15494
15495
#: serverguide/C/network-auth.xml:2485(title)
15496
msgid "Kerberos Linux Client"
15497
msgstr ""
15498
15499
#: serverguide/C/network-auth.xml:2487(para)
15500
msgid ""
15501
"This section covers configuring a Linux system as a "
15502
"<application>Kerberos</application> client. This will allow access to any "
15503
"kerberized services once a user has successfully logged into the system."
15504
msgstr ""
15505
15506
#: serverguide/C/network-auth.xml:2495(para)
15507
msgid ""
15508
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15509
"user</application> and <application>libpam-krb5</application> packages are "
15510
"needed, along with a few others that are not strictly necessary but make "
15511
"life easier. To install the packages enter the following in a terminal "
15512
"prompt:"
15513
msgstr ""
15514
15515
#: serverguide/C/network-auth.xml:2502(command)
15516
msgid ""
15517
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15518
msgstr ""
15519
15520
#: serverguide/C/network-auth.xml:2505(para)
15521
msgid ""
15522
"The <application>auth-client-config</application> package allows simple "
15523
"configuration of PAM for authentication from multiple sources, and the "
15524
"<application>libpam-ccreds</application> will cache authentication "
15525
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15526
"is unavailable. This package is also useful for laptops that may "
15527
"authenticate using Kerberos while on the corporate network, but will need to "
15528
"be accessed off the network as well."
15529
msgstr ""
15530
15531
#: serverguide/C/network-auth.xml:2516(para)
15532
msgid "To configure the client in a terminal enter:"
15533
msgstr ""
15534
15535
#: serverguide/C/network-auth.xml:2521(command)
15536
msgid "sudo dpkg-reconfigure krb5-config"
15537
msgstr ""
15538
15539
#: serverguide/C/network-auth.xml:2524(para)
15540
msgid ""
15541
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15542
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15543
"records, the menu will prompt you for the hostname of the Key Distribution "
15544
"Center (KDC) and Realm Administration server."
15545
msgstr ""
15546
15547
#: serverguide/C/network-auth.xml:2530(para)
15548
msgid ""
15549
"The <application>dpkg-reconfigure</application> adds entries to the "
15550
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15551
"entries similar to the following:"
15552
msgstr ""
15553
15554
#: serverguide/C/network-auth.xml:2535(programlisting)
15555
#, no-wrap
15556
msgid ""
15557
"\n"
15558
"[libdefaults]\n"
15559
" default_realm = EXAMPLE.COM\n"
15560
"...\n"
15561
"[realms]\n"
15562
" EXAMPLE.COM = } \n"
15563
" kdc = 192.168.0.1 \n"
15564
" admin_server = 192.168.0.1\n"
15565
" }\n"
15566
msgstr ""
15567
15568
#: serverguide/C/network-auth.xml:2546(para)
15569
msgid ""
15570
"You can test the configuration by requesting a ticket using the "
15571
"<application>kinit</application> utility. For example:"
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:2551(command)
15575
msgid "kinit steve@EXAMPLE.COM"
15576
msgstr ""
15577
15578
#: serverguide/C/network-auth.xml:2552(computeroutput)
15579
#, no-wrap
15580
msgid "Password for steve@EXAMPLE.COM:"
15581
msgstr ""
15582
15583
#: serverguide/C/network-auth.xml:2555(para)
15584
msgid ""
15585
"When a ticket has been granted, the details can be viewed using "
15586
"<application>klist</application>:"
15587
msgstr ""
15588
15589
#: serverguide/C/network-auth.xml:2561(computeroutput)
15590
#, no-wrap
15591
msgid ""
15592
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15593
"Default principal: steve@EXAMPLE.COM\n"
15594
"\n"
15595
"Valid starting Expires Service principal\n"
15596
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15597
" renew until 07/25/08 05:18:57\n"
15598
"\n"
15599
"\n"
15600
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15601
"klist: You have no tickets cached"
15602
msgstr ""
15603
15604
#: serverguide/C/network-auth.xml:2573(para)
15605
msgid ""
15606
"Next, use the <application>auth-client-config</application> to configure the "
15607
"<application>libpam-krb5</application> module to request a ticket during "
15608
"login:"
15609
msgstr ""
15610
15611
#: serverguide/C/network-auth.xml:2579(command)
15612
msgid "sudo auth-client-config -a -p kerberos_example"
15613
msgstr ""
15614
15615
#: serverguide/C/network-auth.xml:2582(para)
15616
msgid ""
15617
"You will should now receive a ticket upon successful login authentication."
15618
msgstr ""
15619
15620
#: serverguide/C/network-auth.xml:2593(para)
15621
msgid ""
15622
"For more information on Kerberos see the <ulink "
15623
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15624
msgstr ""
15625
15626
#: serverguide/C/network-auth.xml:2598(para)
15627
msgid ""
15628
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15629
"Kerberos</ulink> page has more details."
15630
msgstr ""
15631
15632
#: serverguide/C/network-auth.xml:2603(para)
15633
msgid ""
15634
"O'Reilly's <ulink "
15635
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15636
"Guide</ulink> is a great reference when setting up Kerberos."
15637
msgstr ""
15638
15639
#: serverguide/C/network-auth.xml:2609(para)
15640
msgid ""
15641
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15642
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15643
"Kerberos questions."
15644
msgstr ""
15645
15646
#: serverguide/C/network-auth.xml:2619(title)
15647
msgid "Kerberos and LDAP"
15648
msgstr ""
15649
15650
#: serverguide/C/network-auth.xml:2621(para)
15651
msgid ""
15652
"Replicating a Kerberos principal database between two servers can be "
15653
"complicated, and adds an additional user database to your network. "
15654
"Fortunately, MIT Kerberos can be configured to use an "
15655
"<application>LDAP</application> directory as a principal database. This "
15656
"section covers configuring a primary and secondary kerberos server to use "
15657
"<application>OpenLDAP</application> for the principal database."
15658
msgstr ""
15659
15660
#: serverguide/C/network-auth.xml:2629(title)
15661
msgid "Configuring OpenLDAP"
15662
msgstr ""
15663
15664
#: serverguide/C/network-auth.xml:2631(para)
15665
msgid ""
15666
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15667
"<application>OpenLDAP</application> server that has network connectivity to "
15668
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15669
"also have LDAP replication configured between at least two servers. For "
15670
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15671
msgstr ""
15672
15673
#: serverguide/C/network-auth.xml:2638(para)
15674
msgid ""
15675
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15676
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15677
"linkend=\"openldap-tls\"/> for details."
15678
msgstr ""
15679
15680
#: serverguide/C/network-auth.xml:2645(para)
15681
msgid ""
15682
"To load the schema into LDAP, on the LDAP server install the "
15683
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15684
msgstr ""
15685
15686
#: serverguide/C/network-auth.xml:2651(command)
15687
msgid "sudo apt-get install krb5-kdc-ldap"
15688
msgstr ""
15689
15690
#: serverguide/C/network-auth.xml:2656(para)
15691
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15692
msgstr ""
15693
15694
#: serverguide/C/network-auth.xml:2661(command)
15695
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15696
msgstr ""
15697
15698
#: serverguide/C/network-auth.xml:2662(command)
15699
msgid ""
15700
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15701
msgstr ""
15702
15703
#: serverguide/C/network-auth.xml:2668(para)
15704
msgid ""
15705
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15706
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15707
"<application>slapd</application> is also detailed in <xref "
15708
"linkend=\"openldap-configuration\"/>."
15709
msgstr ""
15710
15711
#: serverguide/C/network-auth.xml:2681(programlisting)
15712
#, no-wrap
15713
msgid ""
15714
"\n"
15715
"include /etc/ldap/schema/core.schema\n"
15716
"include /etc/ldap/schema/collective.schema\n"
15717
"include /etc/ldap/schema/corba.schema\n"
15718
"include /etc/ldap/schema/cosine.schema\n"
15719
"include /etc/ldap/schema/duaconf.schema\n"
15720
"include /etc/ldap/schema/dyngroup.schema\n"
15721
"include /etc/ldap/schema/inetorgperson.schema\n"
15722
"include /etc/ldap/schema/java.schema\n"
15723
"include /etc/ldap/schema/misc.schema\n"
15724
"include /etc/ldap/schema/nis.schema\n"
15725
"include /etc/ldap/schema/openldap.schema\n"
15726
"include /etc/ldap/schema/ppolicy.schema\n"
15727
"include /etc/ldap/schema/kerberos.schema\n"
15728
msgstr ""
15729
15730
#: serverguide/C/network-auth.xml:2701(para)
15731
msgid "Create a temporary directory to hold the LDIF files:"
15732
msgstr ""
15733
15734
#: serverguide/C/network-auth.xml:2716(command)
15735
msgid ""
15736
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15737
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15738
msgstr ""
15739
15740
#: serverguide/C/network-auth.xml:2726(para)
15741
msgid ""
15742
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15743
"changing the following attributes:"
15744
msgstr ""
15745
15746
#: serverguide/C/network-auth.xml:2730(programlisting)
15747
#, no-wrap
15748
msgid ""
15749
"\n"
15750
"dn: cn=kerberos,cn=schema,cn=config\n"
15751
"...\n"
15752
"cn: kerberos\n"
15753
msgstr ""
15754
15755
#: serverguide/C/network-auth.xml:2736(para)
15756
msgid "And remove the following lines from the end of the file:"
15757
msgstr ""
15758
15759
#: serverguide/C/network-auth.xml:2740(programlisting)
15760
#, no-wrap
15761
msgid ""
15762
"\n"
15763
"structuralObjectClass: olcSchemaConfig\n"
15764
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15765
"creatorsName: cn=config\n"
15766
"createTimestamp: 20090111203515Z\n"
15767
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15768
"modifiersName: cn=config\n"
15769
"modifyTimestamp: 20090111203515Z\n"
15770
msgstr ""
15771
15772
#: serverguide/C/network-auth.xml:2759(para)
15773
msgid "Load the new schema with <application>ldapadd</application>:"
15774
msgstr ""
15775
15776
#: serverguide/C/network-auth.xml:2764(command)
15777
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15778
msgstr ""
15779
15780
#: serverguide/C/network-auth.xml:2770(para)
15781
msgid ""
15782
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15783
msgstr ""
15784
15785
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15786
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15787
msgstr ""
15788
15789
#: serverguide/C/network-auth.xml:2777(userinput)
15790
#, no-wrap
15791
msgid ""
15792
"dn: olcDatabase={1}hdb,cn=config\n"
15793
"add: olcDbIndex\n"
15794
"olcDbIndex: krbPrincipalName eq,pres,sub"
15795
msgstr ""
15796
15797
#: serverguide/C/network-auth.xml:2776(computeroutput)
15798
#, no-wrap
15799
msgid ""
15800
"Enter LDAP Password:\n"
15801
"<placeholder-1/>\n"
15802
"\n"
15803
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15804
msgstr ""
15805
15806
#: serverguide/C/network-auth.xml:2787(para)
15807
msgid "Finally, update the Access Control Lists (ACL):"
15808
msgstr ""
15809
15810
#: serverguide/C/network-auth.xml:2794(userinput)
15811
#, no-wrap
15812
msgid ""
15813
"dn: olcDatabase={1}hdb,cn=config\n"
15814
"replace: olcAccess\n"
15815
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15816
"dn=\"cn=admin,dc=exampl\n"
15817
" e,dc=com\" write by anonymous auth by self write by * none\n"
15818
"-\n"
15819
"add: olcAccess\n"
15820
"olcAccess: to dn.base=\"\" by * read\n"
15821
"-\n"
15822
"add: olcAccess\n"
15823
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15824
msgstr ""
15825
15826
#: serverguide/C/network-auth.xml:2793(computeroutput)
15827
#, no-wrap
15828
msgid ""
15829
"Enter LDAP Password: \n"
15830
"<placeholder-1/>\n"
15831
"\n"
15832
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15833
msgstr ""
15834
15835
#: serverguide/C/network-auth.xml:2814(para)
15836
msgid ""
15837
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15838
"database."
15839
msgstr ""
15840
15841
#: serverguide/C/network-auth.xml:2820(title)
15842
msgid "Primary KDC Configuration"
15843
msgstr ""
15844
15845
#: serverguide/C/network-auth.xml:2822(para)
15846
msgid ""
15847
"With <application>OpenLDAP</application> configured it is time to configure "
15848
"the KDC."
15849
msgstr ""
15850
15851
#: serverguide/C/network-auth.xml:2828(para)
15852
msgid "First, install the necessary packages, from a terminal enter:"
15853
msgstr ""
15854
15855
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15856
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15857
msgstr ""
15858
15859
#: serverguide/C/network-auth.xml:2839(para)
15860
msgid ""
15861
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15862
"under the appropriate sections:"
15863
msgstr ""
15864
15865
#: serverguide/C/network-auth.xml:2843(programlisting)
15866
#, no-wrap
15867
msgid ""
15868
"\n"
15869
"[libdefaults]\n"
15870
" default_realm = EXAMPLE.COM\n"
15871
"\n"
15872
"...\n"
15873
"\n"
15874
"[realms]\n"
15875
" EXAMPLE.COM = {\n"
15876
" kdc = kdc01.example.com\n"
15877
" kdc = kdc02.example.com\n"
15878
" admin_server = kdc01.example.com\n"
15879
" admin_server = kdc02.example.com\n"
15880
" default_domain = example.com\n"
15881
" database_module = openldap_ldapconf\n"
15882
" }\n"
15883
"\n"
15884
"...\n"
15885
"\n"
15886
"[domain_realm]\n"
15887
" .example.com = EXAMPLE.COM\n"
15888
"\n"
15889
"\n"
15890
"...\n"
15891
"\n"
15892
"[dbdefaults]\n"
15893
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15894
"\n"
15895
"[dbmodules]\n"
15896
" openldap_ldapconf = {\n"
15897
" db_library = kldap\n"
15898
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15899
"\n"
15900
" # this object needs to have read rights on\n"
15901
" # the realm container, principal container and realm sub-"
15902
"trees\n"
15903
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
15904
"\n"
15905
" # this object needs to have read and write rights on\n"
15906
" # the realm container, principal container and realm sub-"
15907
"trees\n"
15908
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
15909
" ldap_servers = ldaps://ldap01.example.com "
15910
"ldaps://ldap02.example.com\n"
15911
" ldap_conns_per_server = 5\n"
15912
" }\n"
15913
msgstr ""
15914
15915
#: serverguide/C/network-auth.xml:2888(para)
15916
msgid ""
15917
"Change <emphasis>example.com</emphasis>, "
15918
"<emphasis>dc=example,dc=com</emphasis>, "
15919
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
15920
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
15921
"object, and LDAP server for your network."
15922
msgstr ""
15923
15924
#: serverguide/C/network-auth.xml:2897(para)
15925
msgid ""
15926
"Next, use the <application>kdb5_ldap_util</application> utility to create "
15927
"the realm:"
15928
msgstr ""
15929
15930
#: serverguide/C/network-auth.xml:2902(command)
15931
msgid ""
15932
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
15933
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
15934
msgstr ""
15935
15936
#: serverguide/C/network-auth.xml:2908(para)
15937
msgid ""
15938
"Create a stash of the password used to bind to the LDAP server. This "
15939
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
15940
"<emphasis>ldap_kadmin_dn</emphasis> options in "
15941
"<filename>/etc/krb5.conf</filename>:"
15942
msgstr ""
15943
15944
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
15945
msgid ""
15946
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
15947
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
15948
msgstr ""
15949
15950
#: serverguide/C/network-auth.xml:2920(para)
15951
msgid "Copy the CA certificate from the LDAP server:"
15952
msgstr ""
15953
15954
#: serverguide/C/network-auth.xml:2925(command)
15955
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
15956
msgstr ""
15957
15958
#: serverguide/C/network-auth.xml:2926(command)
15959
msgid "sudo cp cacert.pem /etc/ssl/certs"
15960
msgstr ""
15961
15962
#: serverguide/C/network-auth.xml:2929(para)
15963
msgid ""
15964
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
15965
msgstr ""
15966
15967
#: serverguide/C/network-auth.xml:2933(programlisting)
15968
#, no-wrap
15969
msgid ""
15970
"\n"
15971
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15972
msgstr ""
15973
15974
#: serverguide/C/network-auth.xml:2938(para)
15975
msgid ""
15976
"The certificate will also need to be copied to the Secondary KDC, to allow "
15977
"the connection to the LDAP servers using LDAPS."
15978
msgstr ""
15979
15980
#: serverguide/C/network-auth.xml:2947(para)
15981
msgid ""
15982
"You can now add Kerberos principals to the LDAP database, and they will be "
15983
"copied to any other LDAP servers configured for replication. To add a "
15984
"principal using the <application>kadmin.local</application> utility enter:"
15985
msgstr ""
15986
15987
#: serverguide/C/network-auth.xml:2955(userinput)
15988
#, no-wrap
15989
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
15990
msgstr ""
15991
15992
#: serverguide/C/network-auth.xml:2954(computeroutput)
15993
#, no-wrap
15994
msgid ""
15995
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15996
"kadmin.local: <placeholder-1/>\n"
15997
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
15998
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
15999
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16000
"Principal \"steve@EXAMPLE.COM\" created."
16001
msgstr ""
16002
16003
#: serverguide/C/network-auth.xml:2962(para)
16004
msgid ""
16005
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16006
"krbExtraData attributes added to the "
16007
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16008
"the <application>kinit</application> and <application>klist</application> "
16009
"utilities to test that the user is indeed issued a ticket."
16010
msgstr ""
16011
16012
#: serverguide/C/network-auth.xml:2969(para)
16013
msgid ""
16014
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16015
"option is needed to add the Kerberos attributes. Otherwise a new "
16016
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16017
msgstr ""
16018
16019
#: serverguide/C/network-auth.xml:2977(title)
16020
msgid "Secondary KDC Configuration"
16021
msgstr ""
16022
16023
#: serverguide/C/network-auth.xml:2979(para)
16024
msgid ""
16025
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16026
"one using the normal Kerberos database."
16027
msgstr ""
16028
16029
#: serverguide/C/network-auth.xml:2985(para)
16030
msgid "First, install the necessary packages. In a terminal enter:"
16031
msgstr ""
16032
16033
#: serverguide/C/network-auth.xml:2996(para)
16034
msgid ""
16035
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16036
msgstr ""
16037
16038
#: serverguide/C/network-auth.xml:3000(programlisting)
16039
#, no-wrap
16040
msgid ""
16041
"\n"
16042
"[libdefaults]\n"
16043
" default_realm = EXAMPLE.COM\n"
16044
"\n"
16045
"...\n"
16046
"\n"
16047
"[realms]\n"
16048
" EXAMPLE.COM = {\n"
16049
" kdc = kdc01.example.com\n"
16050
" kdc = kdc02.example.com\n"
16051
" admin_server = kdc01.example.com\n"
16052
" admin_server = kdc02.example.com\n"
16053
" default_domain = example.com\n"
16054
" database_module = openldap_ldapconf\n"
16055
" }\n"
16056
"\n"
16057
"...\n"
16058
"\n"
16059
"[domain_realm]\n"
16060
" .example.com = EXAMPLE.COM\n"
16061
"\n"
16062
"...\n"
16063
"\n"
16064
"[dbdefaults]\n"
16065
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16066
"\n"
16067
"[dbmodules]\n"
16068
" openldap_ldapconf = {\n"
16069
" db_library = kldap\n"
16070
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16071
"\n"
16072
" # this object needs to have read rights on\n"
16073
" # the realm container, principal container and realm sub-"
16074
"trees\n"
16075
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16076
"\n"
16077
" # this object needs to have read and write rights on\n"
16078
" # the realm container, principal container and realm sub-"
16079
"trees\n"
16080
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16081
" ldap_servers = ldaps://ldap01.example.com "
16082
"ldaps://ldap02.example.com\n"
16083
" ldap_conns_per_server = 5\n"
16084
" }\n"
16085
msgstr ""
16086
16087
#: serverguide/C/network-auth.xml:3047(para)
16088
msgid "Create the stash for the LDAP bind password:"
16089
msgstr ""
16090
16091
#: serverguide/C/network-auth.xml:3058(para)
16092
msgid ""
16093
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16094
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16095
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16096
"encrypted connection such as <application>scp</application>, or on physical "
16097
"media."
16098
msgstr ""
16099
16100
#: serverguide/C/network-auth.xml:3065(command)
16101
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16102
msgstr ""
16103
16104
#: serverguide/C/network-auth.xml:3066(command)
16105
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16106
msgstr ""
16107
16108
#: serverguide/C/network-auth.xml:3070(para)
16109
msgid ""
16110
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16111
msgstr ""
16112
16113
#: serverguide/C/network-auth.xml:3078(para)
16114
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16115
msgstr ""
16116
16117
#: serverguide/C/network-auth.xml:3089(para)
16118
msgid ""
16119
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16120
"you should be able to continue to authenticate users if one LDAP server, one "
16121
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16122
msgstr ""
16123
16124
#: serverguide/C/network-auth.xml:3101(para)
16125
msgid ""
16126
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16127
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16128
"Guide</ulink> has some additional details."
16129
msgstr ""
16130
16131
#: serverguide/C/network-auth.xml:3107(para)
16132
msgid ""
16133
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16134
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16135
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16136
"5.6</ulink> and the <ulink "
16137
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16138
"tml\">kdb5_ldap_util man page</ulink>."
16139
msgstr ""
16140
16141
#: serverguide/C/network-auth.xml:3115(para)
16142
msgid ""
16143
"Another useful link is the <ulink "
16144
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16145
">krb5.conf man page</ulink>."
16146
msgstr ""
16147
16148
#: serverguide/C/network-auth.xml:3120(para)
16149
msgid ""
16150
"Also, see the <ulink "
16151
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16152
"and LDAP</ulink> Ubuntu wiki page."
16153
msgstr ""
16154
16155
#: serverguide/C/monitoring.xml:13(title)
16156
msgid "Monitoring"
16157
msgstr ""
16158
16159
#: serverguide/C/monitoring.xml:17(para)
16160
msgid ""
16161
"The monitoring of essential servers and services is an important part of "
16162
"system administration. Most network services are monitored for performance, "
16163
"availability, or both. This section will cover installation and "
16164
"configuration of <application>Nagios</application> for availability "
16165
"monitoring, and <application>Munin</application> for performance monitoring."
16166
msgstr ""
16167
16168
#: serverguide/C/monitoring.xml:24(para)
16169
msgid ""
16170
"The examples in this section will use two servers with hostnames "
16171
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16172
"<emphasis>Server01</emphasis> will be configured with "
16173
"<application>Nagios</application> to monitor services on itself and "
16174
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16175
"<application>munin</application> package to gather information from the "
16176
"network. Using the <application>munin-node</application> package, "
16177
"<emphasis>server02</emphasis> will be configured to send information to "
16178
"<emphasis>server01</emphasis>."
16179
msgstr ""
16180
16181
#: serverguide/C/monitoring.xml:33(para)
16182
msgid ""
16183
"Hopefully these simple examples will allow you to monitor additional servers "
16184
"and services on your network."
16185
msgstr ""
16186
16187
#: serverguide/C/monitoring.xml:39(title)
16188
msgid "Nagios"
16189
msgstr ""
16190
16191
#: serverguide/C/monitoring.xml:44(para)
16192
msgid ""
16193
"First, on <emphasis>server01</emphasis> install the "
16194
"<application>nagios</application> package. In a terminal enter:"
16195
msgstr ""
16196
16197
#: serverguide/C/monitoring.xml:50(command)
16198
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16199
msgstr ""
16200
16201
#: serverguide/C/monitoring.xml:53(para)
16202
msgid ""
16203
"You will be asked to enter a password for the "
16204
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16205
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16206
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16207
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16208
"of the <application>apache2-utils</application> package."
16209
msgstr ""
16210
16211
#: serverguide/C/monitoring.xml:60(para)
16212
msgid ""
16213
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16214
"user enter:"
16215
msgstr ""
16216
16217
#: serverguide/C/monitoring.xml:65(command)
16218
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16219
msgstr ""
16220
16221
#: serverguide/C/monitoring.xml:68(para)
16222
msgid "To add a user:"
16223
msgstr ""
16224
16225
#: serverguide/C/monitoring.xml:73(command)
16226
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16227
msgstr ""
16228
16229
#: serverguide/C/monitoring.xml:76(para)
16230
msgid ""
16231
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16232
"server</application> package. From a terminal on server02 enter:"
16233
msgstr ""
16234
16235
#: serverguide/C/monitoring.xml:82(command)
16236
msgid "sudo apt-get install nagios-nrpe-server"
16237
msgstr ""
16238
16239
#: serverguide/C/monitoring.xml:86(para)
16240
msgid ""
16241
"<application>NRPE</application> allows you to execute local checks on remote "
16242
"hosts. There are other ways of accomplishing this through other Nagios "
16243
"plugins as well as other checks."
16244
msgstr ""
16245
16246
#: serverguide/C/monitoring.xml:94(title)
16247
msgid "Configuration Overview"
16248
msgstr ""
16249
16250
#: serverguide/C/monitoring.xml:96(para)
16251
msgid ""
16252
"There are a couple of directories containing "
16253
"<application>Nagios</application> configuration and check files."
16254
msgstr ""
16255
16256
#: serverguide/C/monitoring.xml:102(para)
16257
msgid ""
16258
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16259
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16260
"etc."
16261
msgstr ""
16262
16263
#: serverguide/C/monitoring.xml:108(para)
16264
msgid ""
16265
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16266
"service checks."
16267
msgstr ""
16268
16269
#: serverguide/C/monitoring.xml:113(para)
16270
msgid ""
16271
"<filename>/etc/nagios</filename>: on the remote host contains the "
16272
"<application>nagios-nrpe-server</application> configuration files."
16273
msgstr ""
16274
16275
#: serverguide/C/monitoring.xml:118(para)
16276
msgid ""
16277
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16278
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16279
msgstr ""
16280
16281
#: serverguide/C/monitoring.xml:123(para)
16282
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16283
msgstr ""
16284
16285
#: serverguide/C/monitoring.xml:129(para)
16286
msgid ""
16287
"There are a plethora of checks <application>Nagios</application> can be "
16288
"configured to execute for any given host. For this example Nagios will be "
16289
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16290
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16291
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16292
msgstr ""
16293
16294
#: serverguide/C/monitoring.xml:136(para)
16295
msgid ""
16296
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16297
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16298
msgstr ""
16299
16300
#: serverguide/C/monitoring.xml:141(para)
16301
msgid ""
16302
"Additionally, there are some terms that once explained will hopefully make "
16303
"understanding Nagios configuration easier:"
16304
msgstr ""
16305
16306
#: serverguide/C/monitoring.xml:147(para)
16307
msgid ""
16308
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16309
"is being monitored."
16310
msgstr ""
16311
16312
#: serverguide/C/monitoring.xml:152(para)
16313
msgid ""
16314
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16315
"could group all web servers, file server, etc."
16316
msgstr ""
16317
16318
#: serverguide/C/monitoring.xml:157(para)
16319
msgid ""
16320
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16321
"as HTTP, DNS, NFS, etc."
16322
msgstr ""
16323
16324
#: serverguide/C/monitoring.xml:162(para)
16325
msgid ""
16326
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16327
"together. This is useful for grouping multiple HTTP for example."
16328
msgstr ""
16329
16330
#: serverguide/C/monitoring.xml:168(para)
16331
msgid ""
16332
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16333
"place. Nagios can be configured to send emails, SMS messages, etc."
16334
msgstr ""
16335
16336
#: serverguide/C/monitoring.xml:174(para)
16337
msgid ""
16338
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16339
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16340
"will also <application>ping</application> check the "
16341
"<emphasis>gateway</emphasis>."
16342
msgstr ""
16343
16344
#: serverguide/C/monitoring.xml:179(para)
16345
msgid ""
16346
"Large Nagios installations can be quite complex to configure. It is usually "
16347
"best to start small, one or two hosts, get things configured the way you "
16348
"like then expand."
16349
msgstr ""
16350
16351
#: serverguide/C/monitoring.xml:194(para)
16352
msgid ""
16353
"First, create a <emphasis>host</emphasis> configuration file for "
16354
"<emphasis>server02</emphasis>. In a terminal enter:"
16355
msgstr ""
16356
16357
#: serverguide/C/monitoring.xml:199(command)
16358
msgid ""
16359
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16360
"/etc/nagios3/conf.d/server02.cfg"
16361
msgstr ""
16362
16363
#: serverguide/C/monitoring.xml:203(para)
16364
msgid ""
16365
"In the above and following command examples, replace "
16366
"<emphasis>\"server01\"</emphasis>, "
16367
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16368
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16369
"your servers."
16370
msgstr ""
16371
16372
#: serverguide/C/monitoring.xml:212(para)
16373
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16374
msgstr ""
16375
16376
#: serverguide/C/monitoring.xml:216(programlisting)
16377
#, no-wrap
16378
msgid ""
16379
"\n"
16380
"define host{\n"
16381
" use generic-host ; Name of host "
16382
"template to use\n"
16383
" host_name server02\n"
16384
" alias Server 02\n"
16385
" address 172.18.100.101\n"
16386
"}\n"
16387
"\n"
16388
"# check DNS service.\n"
16389
"define service {\n"
16390
" use generic-service\n"
16391
" host_name server02\n"
16392
" service_description DNS\n"
16393
" check_command check_dns!172.18.100.101\n"
16394
"}\n"
16395
msgstr ""
16396
16397
#: serverguide/C/monitoring.xml:236(para)
16398
msgid ""
16399
"Restart the <application>nagios</application> daemon to enable the new "
16400
"configuration:"
16401
msgstr ""
16402
16403
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16404
msgid "sudo /etc/init.d/nagios3 restart"
16405
msgstr ""
16406
16407
#: serverguide/C/monitoring.xml:251(para)
16408
msgid ""
16409
"Now add a service definition for the MySQL check by adding the following to "
16410
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16411
msgstr ""
16412
16413
#: serverguide/C/monitoring.xml:255(programlisting)
16414
#, no-wrap
16415
msgid ""
16416
"\n"
16417
"# check MySQL servers.\n"
16418
"define service {\n"
16419
" hostgroup_name mysql-servers\n"
16420
" service_description MySQL\n"
16421
" check_command "
16422
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16423
" use generic-service\n"
16424
" notification_interval 0 ; set > 0 if you want to be "
16425
"renotified\n"
16426
"}\n"
16427
msgstr ""
16428
16429
#: serverguide/C/monitoring.xml:269(para)
16430
msgid ""
16431
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16432
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16433
msgstr ""
16434
16435
#: serverguide/C/monitoring.xml:274(programlisting)
16436
#, no-wrap
16437
msgid ""
16438
"\n"
16439
"# MySQL hostgroup.\n"
16440
"define hostgroup {\n"
16441
" hostgroup_name mysql-servers\n"
16442
" alias MySQL servers\n"
16443
" members localhost, server02\n"
16444
" }\n"
16445
msgstr ""
16446
16447
#: serverguide/C/monitoring.xml:286(para)
16448
msgid ""
16449
"The Nagios check needs to authenticate to MySQL. To add a "
16450
"<emphasis>nagios</emphasis> user to MySQL enter:"
16451
msgstr ""
16452
16453
#: serverguide/C/monitoring.xml:291(command)
16454
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16455
msgstr ""
16456
16457
#: serverguide/C/monitoring.xml:295(para)
16458
msgid ""
16459
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16460
"<emphasis>mysql-servers</emphasis> hostgroup."
16461
msgstr ""
16462
16463
#: serverguide/C/monitoring.xml:303(para)
16464
msgid ""
16465
"Restart <application>nagios</application> to start checking the MySQL "
16466
"servers."
16467
msgstr ""
16468
16469
#: serverguide/C/monitoring.xml:318(para)
16470
msgid ""
16471
"Lastly configure NRPE to check the disk space on "
16472
"<emphasis>server02</emphasis>."
16473
msgstr ""
16474
16475
#: serverguide/C/monitoring.xml:322(para)
16476
msgid ""
16477
"On <emphasis>server01</emphasis> add the service check to "
16478
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16479
msgstr ""
16480
16481
#: serverguide/C/monitoring.xml:327(programlisting)
16482
#, no-wrap
16483
msgid ""
16484
"\n"
16485
"# NRPE disk check.\n"
16486
"define service {\n"
16487
" use generic-service\n"
16488
" host_name server02\n"
16489
" service_description nrpe-disk\n"
16490
" check_command "
16491
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16492
"}\n"
16493
msgstr ""
16494
16495
#: serverguide/C/monitoring.xml:340(para)
16496
msgid ""
16497
"Now on <emphasis>server02</emphasis> edit "
16498
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16499
msgstr ""
16500
16501
#: serverguide/C/monitoring.xml:344(programlisting)
16502
#, no-wrap
16503
msgid ""
16504
"\n"
16505
"allowed_hosts=172.18.100.100\n"
16506
msgstr ""
16507
16508
#: serverguide/C/monitoring.xml:348(para)
16509
msgid "And below in the command definition area add:"
16510
msgstr ""
16511
16512
#: serverguide/C/monitoring.xml:352(programlisting)
16513
#, no-wrap
16514
msgid ""
16515
"\n"
16516
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16517
"e\n"
16518
msgstr ""
16519
16520
#: serverguide/C/monitoring.xml:359(para)
16521
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16522
msgstr ""
16523
16524
#: serverguide/C/monitoring.xml:364(command)
16525
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16526
msgstr ""
16527
16528
#: serverguide/C/monitoring.xml:370(para)
16529
msgid ""
16530
"Also, on <emphasis>server01</emphasis> restart "
16531
"<application>nagios</application>:"
16532
msgstr ""
16533
16534
#: serverguide/C/monitoring.xml:383(para)
16535
msgid ""
16536
"You should now be able to see the host and service checks in the Nagios CGI "
16537
"files. To access them point a browser to http://server01/nagios3. You will "
16538
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16539
"password."
16540
msgstr ""
16541
16542
#: serverguide/C/monitoring.xml:393(para)
16543
msgid ""
16544
"This section has just scratched the surface of Nagios' features. The "
16545
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16546
"plugins</application> contain many more service checks."
16547
msgstr ""
16548
16549
#: serverguide/C/monitoring.xml:400(para)
16550
msgid ""
16551
"For more information see <ulink "
16552
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16553
msgstr ""
16554
16555
#: serverguide/C/monitoring.xml:405(para)
16556
msgid ""
16557
"Specifically the <ulink "
16558
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16559
"site."
16560
msgstr ""
16561
16562
#: serverguide/C/monitoring.xml:410(para)
16563
msgid ""
16564
"There is also a list of <ulink "
16565
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16566
"Nagios and network monitoring:"
16567
msgstr ""
16568
16569
#: serverguide/C/monitoring.xml:416(para)
16570
msgid ""
16571
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16572
"Wiki</ulink> page also has more details."
16573
msgstr ""
16574
16575
#: serverguide/C/monitoring.xml:425(title)
16576
msgid "Munin"
16577
msgstr ""
16578
16579
#: serverguide/C/monitoring.xml:430(para)
16580
msgid ""
16581
"Before installing <application>Munin</application> on "
16582
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16583
"be installed. The default configuration is fine for running a "
16584
"<application>munin</application> server. For more information see <xref "
16585
"linkend=\"httpd\"/>."
16586
msgstr ""
16587
16588
#: serverguide/C/monitoring.xml:436(para)
16589
msgid ""
16590
"First, on <emphasis>server01</emphasis> install "
16591
"<application>munin</application>. In a terminal enter:"
16592
msgstr ""
16593
16594
#: serverguide/C/monitoring.xml:441(command)
16595
msgid "sudo apt-get install munin"
16596
msgstr ""
16597
16598
#: serverguide/C/monitoring.xml:444(para)
16599
msgid ""
16600
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16601
"node</application> package:"
16602
msgstr ""
16603
16604
#: serverguide/C/monitoring.xml:449(command)
16605
msgid "sudo apt-get install munin-node"
16606
msgstr ""
16607
16608
#: serverguide/C/monitoring.xml:456(para)
16609
msgid ""
16610
"On <emphasis>server01</emphasis> edit the "
16611
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16612
"<emphasis>server02</emphasis>:"
16613
msgstr ""
16614
16615
#: serverguide/C/monitoring.xml:461(programlisting)
16616
#, no-wrap
16617
msgid ""
16618
"\n"
16619
"## First our \"normal\" host.\n"
16620
"[server02]\n"
16621
" address 172.18.100.101\n"
16622
msgstr ""
16623
16624
#: serverguide/C/monitoring.xml:468(para)
16625
msgid ""
16626
"Replace <emphasis>server02</emphasis> and "
16627
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16628
"for your server."
16629
msgstr ""
16630
16631
#: serverguide/C/monitoring.xml:474(para)
16632
msgid ""
16633
"Next, configure <application>munin-node</application> on "
16634
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16635
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16636
msgstr ""
16637
16638
#: serverguide/C/monitoring.xml:479(programlisting)
16639
#, no-wrap
16640
msgid ""
16641
"\n"
16642
"allow ^172\\.18\\.100\\.100$\n"
16643
msgstr ""
16644
16645
#: serverguide/C/monitoring.xml:484(para)
16646
msgid ""
16647
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16648
"<application>munin</application> server."
16649
msgstr ""
16650
16651
#: serverguide/C/monitoring.xml:489(para)
16652
msgid ""
16653
"Now restart <application>munin-node</application> on "
16654
"<emphasis>server02</emphasis> for the changes to take effect:"
16655
msgstr ""
16656
16657
#: serverguide/C/monitoring.xml:494(command)
16658
msgid "sudo /etc/init.d/munin-node restart"
16659
msgstr ""
16660
16661
#: serverguide/C/monitoring.xml:497(para)
16662
msgid ""
16663
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16664
"you should see links to nice graphs displaying information from the standard "
16665
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16666
msgstr ""
16667
16668
#: serverguide/C/monitoring.xml:503(para)
16669
msgid ""
16670
"Since this is a new install it may take some time for the graphs to display "
16671
"anything useful."
16672
msgstr ""
16673
16674
#: serverguide/C/monitoring.xml:510(title)
16675
msgid "Additional Plugins"
16676
msgstr ""
16677
16678
#: serverguide/C/monitoring.xml:512(para)
16679
msgid ""
16680
"The <application>munin-plugins-extra</application> package contains "
16681
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16682
"install the package, from a terminal enter:"
16683
msgstr ""
16684
16685
#: serverguide/C/monitoring.xml:518(command)
16686
msgid "sudo apt-get install munin-plugins-extra"
16687
msgstr ""
16688
16689
#: serverguide/C/monitoring.xml:521(para)
16690
msgid "Be sure to install the package on both the server and node machines."
16691
msgstr ""
16692
16693
#: serverguide/C/monitoring.xml:531(para)
16694
msgid ""
16695
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16696
"website for more details."
16697
msgstr ""
16698
16699
#: serverguide/C/monitoring.xml:536(para)
16700
msgid ""
16701
"Specifically the <ulink "
16702
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16703
"Documentation</ulink> page includes information on additional plugins, "
16704
"writing plugins, etc."
16705
msgstr ""
16706
16707
#: serverguide/C/monitoring.xml:542(para)
16708
msgid ""
16709
"Also, there is a book in German by Open Source Press: <ulink "
16710
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16711
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16712
msgstr ""
16713
16714
#: serverguide/C/monitoring.xml:548(para)
16715
msgid ""
16716
"Another resource is the <ulink "
16717
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16718
"page."
16719
msgstr ""
16720
16721
#: serverguide/C/mail.xml:13(title)
16722
msgid "Email Services"
16723
msgstr ""
16724
16725
#: serverguide/C/mail.xml:14(para)
16726
msgid ""
16727
"The process of getting an email from one person to another over a network or "
16728
"the Internet involves many systems working together. Each of these systems "
16729
"must be correctly configured for the process to work. The sender uses a "
16730
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16731
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16732
"the last of which will hand it off to a <emphasis>Mail Delivery "
16733
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16734
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16735
"IMAP server."
16736
msgstr ""
16737
16738
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16739
msgid "Postfix"
16740
msgstr ""
16741
16742
#: serverguide/C/mail.xml:25(para)
16743
msgid ""
16744
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16745
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16746
"compatible with the MTA <application>sendmail</application>. This section "
16747
"explains how to install and configure <application>postfix</application>. It "
16748
"also explains how to set it up as an SMTP server using a secure connection "
16749
"(for sending emails securely)."
16750
msgstr ""
16751
16752
#: serverguide/C/mail.xml:34(para)
16753
msgid ""
16754
"This guide does not cover setting up Postfix <emphasis>Virtual "
16755
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16756
"configurations see <xref linkend=\"postfix-references\"/>."
16757
msgstr ""
16758
16759
#: serverguide/C/mail.xml:41(para)
16760
msgid ""
16761
"To install <application>postfix</application> run the following command:"
16762
msgstr ""
16763
16764
#: serverguide/C/mail.xml:47(para)
16765
msgid ""
16766
"Simply press return when the installation process asks questions, the "
16767
"configuration will be done in greater detail in the next stage."
16768
msgstr ""
16769
16770
#: serverguide/C/mail.xml:52(title)
16771
msgid "Basic Configuration"
16772
msgstr ""
16773
16774
#: serverguide/C/mail.xml:53(para)
16775
msgid ""
16776
"To configure <application>postfix</application>, run the following command:"
16777
msgstr ""
16778
16779
#: serverguide/C/mail.xml:57(command)
16780
msgid "sudo dpkg-reconfigure postfix"
16781
msgstr ""
16782
16783
#: serverguide/C/mail.xml:63(para)
16784
msgid "Internet Site"
16785
msgstr ""
16786
16787
#: serverguide/C/mail.xml:64(para)
16788
msgid "mail.example.com"
16789
msgstr ""
16790
16791
#: serverguide/C/mail.xml:65(para)
16792
msgid "steve"
16793
msgstr ""
16794
16795
#: serverguide/C/mail.xml:66(para)
16796
msgid "mail.example.com, localhost.localdomain, localhost"
16797
msgstr ""
16798
16799
#: serverguide/C/mail.xml:67(para)
16800
msgid "No"
16801
msgstr ""
16802
16803
#: serverguide/C/mail.xml:68(para)
16804
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16805
msgstr ""
16806
16807
#: serverguide/C/mail.xml:69(para)
16808
msgid "0"
16809
msgstr ""
16810
16811
#: serverguide/C/mail.xml:70(para)
16812
msgid "+"
16813
msgstr ""
16814
16815
#: serverguide/C/mail.xml:71(para)
16816
msgid "all"
16817
msgstr ""
16818
16819
#: serverguide/C/mail.xml:59(para)
16820
msgid ""
16821
"The user interface will be displayed. On each screen, select the following "
16822
"values: <placeholder-1/>"
16823
msgstr ""
16824
16825
#: serverguide/C/mail.xml:75(para)
16826
msgid ""
16827
"Replace mail.example.com with the domain for which you'll accept email, "
16828
"192.168.0.0/24 with the actual network and class range of your mail server, "
16829
"and steve with the appropriate username."
16830
msgstr ""
16831
16832
#: serverguide/C/mail.xml:81(para)
16833
msgid ""
16834
"Now is a good time to decide which mailbox format you want to use. By "
16835
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16836
"mailbox format. Rather than editing the configuration file directly, you can "
16837
"use the <command>postconf</command> command to configure all "
16838
"<application>postfix</application> parameters. The configuration parameters "
16839
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16840
"you wish to re-configure a particular parameter, you can either run the "
16841
"command or change it manually in the file."
16842
msgstr ""
16843
16844
#: serverguide/C/mail.xml:92(para)
16845
msgid ""
16846
"To configure the mailbox format for <emphasis "
16847
"role=\"strong\">Maildir:</emphasis>"
16848
msgstr ""
16849
16850
#: serverguide/C/mail.xml:97(command)
16851
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16852
msgstr ""
16853
16854
#: serverguide/C/mail.xml:100(para)
16855
msgid ""
16856
"This will place new mail in /home/<emphasis "
16857
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16858
"your Mail Delivery Agent (MDA) to use the same path."
16859
msgstr ""
16860
16861
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16862
msgid "SMTP Authentication"
16863
msgstr ""
16864
16865
#: serverguide/C/mail.xml:110(para)
16866
msgid ""
16867
"SMTP-AUTH allows a client to identify itself through an authentication "
16868
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16869
"the authentication process. Once authenticated the SMTP server will allow "
16870
"the client to relay mail."
16871
msgstr ""
16872
16873
#: serverguide/C/mail.xml:117(para)
16874
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16875
msgstr ""
16876
16877
#: serverguide/C/mail.xml:120(screen)
16878
#, no-wrap
16879
msgid ""
16880
"\n"
16881
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16882
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16883
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16884
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16885
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16886
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16887
"sudo postconf -e 'smtpd_recipient_restrictions = "
16888
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16889
"sudo postconf -e 'inet_interfaces = all'\n"
16890
msgstr ""
16891
16892
#: serverguide/C/mail.xml:131(para)
16893
msgid ""
16894
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
16895
"the Postfix queue directory."
16896
msgstr ""
16897
16898
#: serverguide/C/mail.xml:137(para)
16899
msgid ""
16900
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
16901
"and-security\"/> for details. This example also uses a Certificate Authority "
16902
"(CA). For information on generating a CA certificate see <xref "
16903
"linkend=\"certificate-authority\"/>."
16904
msgstr ""
16905
16906
#: serverguide/C/mail.xml:143(para)
16907
msgid ""
16908
"You can get the digital certificate from a certificate authority. But unlike "
16909
"web clients, SMTP clients rarely complain about \"self-signed "
16910
"certificates\", so alternatively, you can create the certificate yourself. "
16911
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
16912
"details."
16913
msgstr ""
16914
16915
#: serverguide/C/mail.xml:155(para)
16916
msgid ""
16917
"Once you have a certificate, configure Postfix to provide TLS encryption for "
16918
"both incoming and outgoing mail:"
16919
msgstr ""
16920
16921
#: serverguide/C/mail.xml:158(screen)
16922
#, no-wrap
16923
msgid ""
16924
"\n"
16925
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
16926
"sudo postconf -e 'smtp_use_tls = yes'\n"
16927
"sudo postconf -e 'smtpd_use_tls = yes'\n"
16928
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
16929
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
16930
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
16931
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
16932
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
16933
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
16934
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
16935
"sudo postconf -e 'myhostname = mail.example.com'\n"
16936
msgstr ""
16937
16938
#: serverguide/C/mail.xml:173(para)
16939
msgid ""
16940
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
16941
"the certificate enter:"
16942
msgstr ""
16943
16944
#: serverguide/C/mail.xml:177(command)
16945
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
16946
msgstr ""
16947
16948
#: serverguide/C/mail.xml:180(para)
16949
msgid ""
16950
"Again, for more details about certificates see <xref linkend=\"certificates-"
16951
"and-security\"/>."
16952
msgstr ""
16953
16954
#: serverguide/C/mail.xml:186(para)
16955
msgid ""
16956
"After running all the commands, <application>Postfix</application> is "
16957
"configured for SMTP-AUTH and a self-signed certificate has been created for "
16958
"TLS encryption."
16959
msgstr ""
16960
16961
#: serverguide/C/mail.xml:191(para)
16962
msgid ""
16963
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
16964
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
16965
msgstr ""
16966
16967
#: serverguide/C/mail.xml:195(para)
16968
msgid ""
16969
"The postfix initial configuration is complete. Run the following command to "
16970
"restart the postfix daemon:"
16971
msgstr ""
16972
16973
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
16974
msgid "sudo /etc/init.d/postfix restart"
16975
msgstr ""
16976
16977
#: serverguide/C/mail.xml:204(para)
16978
msgid ""
16979
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
16980
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
16981
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
16982
"However it is still necessary to set up SASL authentication before you can "
16983
"use SMTP-AUTH."
16984
msgstr ""
16985
16986
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
16987
msgid "Configuring SASL"
16988
msgstr ""
16989
16990
#: serverguide/C/mail.xml:215(para)
16991
msgid ""
16992
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
16993
"enable Dovecot SASL the <application>dovecot-common</application> package "
16994
"will need to be installed. From a terminal prompt enter the following:"
16995
msgstr ""
16996
16997
#: serverguide/C/mail.xml:221(command)
16998
msgid "sudo apt-get install dovecot-common"
16999
msgstr ""
17000
17001
#: serverguide/C/mail.xml:223(para)
17002
msgid ""
17003
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17004
"In the <emphasis>auth default</emphasis> section uncomment the "
17005
"<emphasis>socket listen</emphasis> option and change the following:"
17006
msgstr ""
17007
17008
#: serverguide/C/mail.xml:227(programlisting)
17009
#, no-wrap
17010
msgid ""
17011
"\n"
17012
" socket listen {\n"
17013
" #master {\n"
17014
" # Master socket provides access to userdb information. It's typically\n"
17015
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17016
" # can find mailbox locations.\n"
17017
" #path = /var/run/dovecot/auth-master\n"
17018
" #mode = 0600\n"
17019
" # Default user/group is the one who started dovecot-auth (root)\n"
17020
" #user = \n"
17021
" #group = \n"
17022
" #}\n"
17023
" client {\n"
17024
" # The client socket is generally safe to export to everyone. Typical "
17025
"use\n"
17026
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17027
" # using it.\n"
17028
" path = /var/spool/postfix/private/auth-client\n"
17029
" mode = 0660\n"
17030
" user = postfix\n"
17031
" group = postfix\n"
17032
" }\n"
17033
" }\n"
17034
msgstr ""
17035
17036
#: serverguide/C/mail.xml:251(para)
17037
msgid ""
17038
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17039
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17040
"add <emphasis>\"login\"</emphasis>:"
17041
msgstr ""
17042
17043
#: serverguide/C/mail.xml:256(programlisting)
17044
#, no-wrap
17045
msgid ""
17046
"\n"
17047
" mechanisms = plain login\n"
17048
msgstr ""
17049
17050
#: serverguide/C/mail.xml:260(para)
17051
msgid ""
17052
"Once you have <application>Dovecot</application> configured restart it with:"
17053
msgstr ""
17054
17055
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17056
msgid "sudo /etc/init.d/dovecot restart"
17057
msgstr ""
17058
17059
#: serverguide/C/mail.xml:269(title)
17060
msgid "Postfix-Dovecot"
17061
msgstr ""
17062
17063
#: serverguide/C/mail.xml:271(para)
17064
msgid ""
17065
"Another option for configuring <application>Postfix</application> for SMTP-"
17066
"AUTH is using the <application>dovecot-postfix</application> package. This "
17067
"package will install <application>Dovecot</application> and configure "
17068
"<application>Postfix</application> to use it for both SASL authentication "
17069
"and as a Mail Delivery Agent (MDA). The package also configures "
17070
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17071
msgstr ""
17072
17073
#: serverguide/C/mail.xml:280(para)
17074
msgid ""
17075
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17076
"server. For example, if you are configuring your server to be a mail "
17077
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17078
"the above commands to configure Postfix for SMTPAUTH."
17079
msgstr ""
17080
17081
#: serverguide/C/mail.xml:287(para)
17082
msgid "To install the package, from a terminal prompt enter:"
17083
msgstr ""
17084
17085
#: serverguide/C/mail.xml:292(command)
17086
msgid "sudo apt-get install dovecot-postfix"
17087
msgstr ""
17088
17089
#: serverguide/C/mail.xml:295(para)
17090
msgid ""
17091
"You should now have a working mail server, but there are a few options that "
17092
"you may wish to further customize. For example, the package uses the "
17093
"certificate and key from the <application>ssl-cert</application> package, "
17094
"and in a production environment you should use a certificate and key "
17095
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17096
"for more details."
17097
msgstr ""
17098
17099
#: serverguide/C/mail.xml:301(para)
17100
msgid ""
17101
"Once you have a customized certificate and key for the host, change the "
17102
"following options in <filename>/etc/postfix/main.cf</filename>:"
17103
msgstr ""
17104
17105
#: serverguide/C/mail.xml:305(programlisting)
17106
#, no-wrap
17107
msgid ""
17108
"\n"
17109
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17110
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17111
msgstr ""
17112
17113
#: serverguide/C/mail.xml:310(para)
17114
msgid "Then restart Postfix:"
17115
msgstr ""
17116
17117
#: serverguide/C/mail.xml:321(para)
17118
msgid ""
17119
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17120
msgstr ""
17121
17122
#: serverguide/C/mail.xml:324(para)
17123
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17124
msgstr ""
17125
17126
#: serverguide/C/mail.xml:329(command)
17127
msgid "telnet mail.example.com 25"
17128
msgstr ""
17129
17130
#: serverguide/C/mail.xml:331(para)
17131
msgid ""
17132
"After you have established the connection to the postfix mail server, type:"
17133
msgstr ""
17134
17135
#: serverguide/C/mail.xml:335(screen)
17136
#, no-wrap
17137
msgid ""
17138
"\n"
17139
"ehlo mail.example.com\n"
17140
msgstr ""
17141
17142
#: serverguide/C/mail.xml:338(para)
17143
msgid ""
17144
"If you see the following lines among others, then everything is working "
17145
"perfectly. Type <command>quit</command> to exit."
17146
msgstr ""
17147
17148
#: serverguide/C/mail.xml:342(programlisting)
17149
#, no-wrap
17150
msgid ""
17151
"\n"
17152
"250-STARTTLS\n"
17153
"250-AUTH LOGIN PLAIN\n"
17154
"250-AUTH=LOGIN PLAIN\n"
17155
"250 8BITMIME\n"
17156
msgstr ""
17157
17158
#: serverguide/C/mail.xml:352(para)
17159
msgid ""
17160
"This section introduces some common ways to determine the cause if problems "
17161
"arise."
17162
msgstr ""
17163
17164
#: serverguide/C/mail.xml:356(title)
17165
msgid "Escaping chroot"
17166
msgstr ""
17167
17168
#: serverguide/C/mail.xml:357(para)
17169
msgid ""
17170
"The Ubuntu <application>postfix</application> package will by default "
17171
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17172
"This can add greater complexity when troubleshooting problems."
17173
msgstr ""
17174
17175
#: serverguide/C/mail.xml:361(para)
17176
msgid ""
17177
"To turn off the chroot operation locate for the following line in the "
17178
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17179
msgstr ""
17180
17181
#: serverguide/C/mail.xml:365(screen)
17182
#, no-wrap
17183
msgid ""
17184
"\n"
17185
"smtp inet n - - - - smtpd\n"
17186
msgstr ""
17187
17188
#: serverguide/C/mail.xml:368(para)
17189
msgid "and modify it as follows:"
17190
msgstr ""
17191
17192
#: serverguide/C/mail.xml:371(screen)
17193
#, no-wrap
17194
msgid ""
17195
"\n"
17196
"smtp inet n - n - - smtpd\n"
17197
msgstr ""
17198
17199
#: serverguide/C/mail.xml:374(para)
17200
msgid ""
17201
"You will then need to restart Postfix to use the new configuration. From a "
17202
"terminal prompt enter:"
17203
msgstr ""
17204
17205
#: serverguide/C/mail.xml:382(title)
17206
msgid "Log Files"
17207
msgstr ""
17208
17209
#: serverguide/C/mail.xml:383(para)
17210
msgid ""
17211
"<application>Postfix</application> sends all log messages to "
17212
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17213
"can sometimes get lost in the normal log output so they are also logged to "
17214
"<filename>/var/log/mail.err</filename> and "
17215
"<filename>/var/log/mail.warn</filename> respectively."
17216
msgstr ""
17217
17218
#: serverguide/C/mail.xml:388(para)
17219
msgid ""
17220
"To see messages entered into the logs in real time you can use the "
17221
"<application>tail -f</application> command:"
17222
msgstr ""
17223
17224
#: serverguide/C/mail.xml:393(command)
17225
msgid "tail -f /var/log/mail.err"
17226
msgstr ""
17227
17228
#: serverguide/C/mail.xml:395(para)
17229
msgid ""
17230
"The amount of detail that is recorded in the logs can be increased. Below "
17231
"are some configuration options for increasing the log level for some of the "
17232
"areas covered above."
17233
msgstr ""
17234
17235
#: serverguide/C/mail.xml:401(para)
17236
msgid ""
17237
"To increase <emphasis>TLS</emphasis> activity logging set the "
17238
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17239
msgstr ""
17240
17241
#: serverguide/C/mail.xml:405(command)
17242
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17243
msgstr ""
17244
17245
#: serverguide/C/mail.xml:409(para)
17246
msgid ""
17247
"If you are having trouble sending or receiving mail from a specific domain "
17248
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17249
msgstr ""
17250
17251
#: serverguide/C/mail.xml:414(command)
17252
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17253
msgstr ""
17254
17255
#: serverguide/C/mail.xml:418(para)
17256
msgid ""
17257
"You can increase the verbosity of any <application>Postfix</application> "
17258
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17259
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17260
"<emphasis>smtp</emphasis> entry:"
17261
msgstr ""
17262
17263
#: serverguide/C/mail.xml:422(programlisting)
17264
#, no-wrap
17265
msgid ""
17266
"\n"
17267
"smtp unix - - - - - smtp -v\n"
17268
msgstr ""
17269
17270
#: serverguide/C/mail.xml:428(para)
17271
msgid ""
17272
"It is important to note that after making one of the logging changes above "
17273
"the <application>Postfix</application> process will need to be reloaded in "
17274
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17275
"reload</command>"
17276
msgstr ""
17277
17278
#: serverguide/C/mail.xml:435(para)
17279
msgid ""
17280
"To increase the amount of information logged when troubleshooting "
17281
"<emphasis>SASL</emphasis> issues you can set the following options in "
17282
"<filename>/etc/dovecot/dovecot.conf</filename>"
17283
msgstr ""
17284
17285
#: serverguide/C/mail.xml:439(programlisting)
17286
#, no-wrap
17287
msgid ""
17288
"\n"
17289
"auth_debug=yes\n"
17290
"auth_debug_passwords=yes\n"
17291
msgstr ""
17292
17293
#: serverguide/C/mail.xml:446(para)
17294
msgid ""
17295
"Just like <application>Postfix</application> if you change a "
17296
"<application>Dovecot</application> configuration the process will need to be "
17297
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17298
msgstr ""
17299
17300
#: serverguide/C/mail.xml:452(para)
17301
msgid ""
17302
"Some of the options above can drastically increase the amount of information "
17303
"sent to the log files. Remember to return the log level back to normal after "
17304
"you have corrected the problem. Then reload the appropriate daemon for the "
17305
"new configuration to take affect."
17306
msgstr ""
17307
17308
#: serverguide/C/mail.xml:460(para)
17309
msgid ""
17310
"Administering a <application>Postfix</application> server can be a very "
17311
"complicated task. At some point you may need to turn to the Ubuntu community "
17312
"for more experienced help."
17313
msgstr ""
17314
17315
#: serverguide/C/mail.xml:464(para)
17316
msgid ""
17317
"A great place to ask for <application>Postfix</application> assistance, and "
17318
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17319
"server</emphasis> IRC channel on <ulink "
17320
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17321
"one of the <ulink "
17322
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17323
msgstr ""
17324
17325
#: serverguide/C/mail.xml:469(para)
17326
msgid ""
17327
"For in depth <application>Postfix</application> information Ubuntu "
17328
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17329
"Book of Postfix</ulink>."
17330
msgstr ""
17331
17332
#: serverguide/C/mail.xml:473(para)
17333
msgid ""
17334
"Finally, the <ulink "
17335
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17336
"also has great documentation on all the different configuration options "
17337
"available."
17338
msgstr ""
17339
17340
#: serverguide/C/mail.xml:477(para)
17341
msgid ""
17342
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17343
"Wiki Postifx</ulink> page has more information."
17344
msgstr ""
17345
17346
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17347
msgid "Exim4"
17348
msgstr ""
17349
17350
#: serverguide/C/mail.xml:486(para)
17351
msgid ""
17352
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17353
"developed at the University of Cambridge for use on Unix systems connected "
17354
"to the Internet. Exim can be installed in place of "
17355
"<application>sendmail</application>, although the configuration of "
17356
"<application>exim</application> is quite different to that of "
17357
"<application>sendmail</application>."
17358
msgstr ""
17359
17360
#: serverguide/C/mail.xml:497(para)
17361
msgid ""
17362
"To install <application>exim4</application>, run the following command: "
17363
"<screen>\n"
17364
"<command>sudo apt-get install exim4</command>\n"
17365
"</screen>"
17366
msgstr ""
17367
17368
#: serverguide/C/mail.xml:506(para)
17369
msgid ""
17370
"To configure <application>Exim4</application>, run the following command:"
17371
msgstr ""
17372
17373
#: serverguide/C/mail.xml:510(command)
17374
msgid "sudo dpkg-reconfigure exim4-config"
17375
msgstr ""
17376
17377
#: serverguide/C/mail.xml:512(para)
17378
msgid ""
17379
"The user interface will be displayed. The user interface lets you configure "
17380
"many parameters. For example, In <application>Exim4</application> the "
17381
"configuration files are split among multiple files. If you wish to have them "
17382
"in one file you can configure accordingly in this user interface."
17383
msgstr ""
17384
17385
#: serverguide/C/mail.xml:520(para)
17386
msgid ""
17387
"All the parameters you configure in the user interface are stored in "
17388
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17389
"re-configure, either you re-run the configuration wizard or manually edit "
17390
"this file using your favorite editor. Once you configure, you can run the "
17391
"following command to generate the master configuration file:"
17392
msgstr ""
17393
17394
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17395
msgid "sudo update-exim4.conf"
17396
msgstr ""
17397
17398
#: serverguide/C/mail.xml:533(para)
17399
msgid ""
17400
"The master configuration file, is generated and it is stored in "
17401
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17402
msgstr ""
17403
17404
#: serverguide/C/mail.xml:539(para)
17405
msgid ""
17406
"At any time, you should not edit the master configuration file, "
17407
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17408
"updated automatically every time you run <command>update-exim4.conf</command>"
17409
msgstr ""
17410
17411
#: serverguide/C/mail.xml:547(para)
17412
msgid ""
17413
"You can run the following command to start <application>Exim4</application> "
17414
"daemon."
17415
msgstr ""
17416
17417
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17418
msgid "sudo /etc/init.d/exim4 start"
17419
msgstr ""
17420
17421
#: serverguide/C/mail.xml:557(para)
17422
msgid ""
17423
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17424
msgstr ""
17425
17426
#: serverguide/C/mail.xml:560(para)
17427
msgid ""
17428
"The first step is to create a certificate for use with TLS. Enter the "
17429
"following into a terminal prompt:"
17430
msgstr ""
17431
17432
#: serverguide/C/mail.xml:564(command)
17433
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17434
msgstr ""
17435
17436
#: serverguide/C/mail.xml:566(para)
17437
msgid ""
17438
"Now Exim4 needs to be configured for TLS by editing "
17439
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17440
"the following:"
17441
msgstr ""
17442
17443
#: serverguide/C/mail.xml:570(programlisting)
17444
#, no-wrap
17445
msgid ""
17446
"\n"
17447
"MAIN_TLS_ENABLE = yes\n"
17448
msgstr ""
17449
17450
#: serverguide/C/mail.xml:573(para)
17451
msgid ""
17452
"Next you need to configure <application>Exim4</application> to use the "
17453
"<application>saslauthd</application> for authentication. Edit "
17454
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17455
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17456
"<emphasis>login_saslauthd_server</emphasis> sections:"
17457
msgstr ""
17458
17459
#: serverguide/C/mail.xml:578(programlisting)
17460
#, no-wrap
17461
msgid ""
17462
"\n"
17463
" plain_saslauthd_server:\n"
17464
" driver = plaintext\n"
17465
" public_name = PLAIN\n"
17466
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17467
" server_set_id = $auth2\n"
17468
" server_prompts = :\n"
17469
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17470
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17471
" .endif\n"
17472
"#\n"
17473
" login_saslauthd_server:\n"
17474
" driver = plaintext\n"
17475
" public_name = LOGIN\n"
17476
" server_prompts = \"Username:: : Password::\"\n"
17477
" # don't send system passwords over unencrypted connections\n"
17478
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17479
" server_set_id = $auth1\n"
17480
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17481
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17482
" .endif\n"
17483
msgstr ""
17484
17485
#: serverguide/C/mail.xml:600(para)
17486
msgid "Finally, update the Exim4 configuration and restart the service:"
17487
msgstr ""
17488
17489
#: serverguide/C/mail.xml:605(command)
17490
msgid "sudo /etc/init.d/exim4 restart"
17491
msgstr ""
17492
17493
#: serverguide/C/mail.xml:610(para)
17494
msgid ""
17495
"This section provides details on configuring the saslauthd to provide "
17496
"authentication for <application>Exim4</application>."
17497
msgstr ""
17498
17499
#: serverguide/C/mail.xml:613(para)
17500
msgid ""
17501
"The first step is to install the sasl2-bin package. From a terminal prompt "
17502
"enter the following:"
17503
msgstr ""
17504
17505
#: serverguide/C/mail.xml:617(command)
17506
msgid "sudo apt-get install sasl2-bin"
17507
msgstr ""
17508
17509
#: serverguide/C/mail.xml:619(para)
17510
msgid ""
17511
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17512
"and set START=no to:"
17513
msgstr ""
17514
17515
#: serverguide/C/mail.xml:622(programlisting)
17516
#, no-wrap
17517
msgid ""
17518
"\n"
17519
"START=yes\n"
17520
msgstr ""
17521
17522
#: serverguide/C/mail.xml:625(para)
17523
msgid ""
17524
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17525
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17526
"service:"
17527
msgstr ""
17528
17529
#: serverguide/C/mail.xml:630(command)
17530
msgid "sudo adduser Debian-exim sasl"
17531
msgstr ""
17532
17533
#: serverguide/C/mail.xml:632(para)
17534
msgid "Now start the <application>saslauthd</application> service:"
17535
msgstr ""
17536
17537
#: serverguide/C/mail.xml:636(command)
17538
msgid "sudo /etc/init.d/saslauthd start"
17539
msgstr ""
17540
17541
#: serverguide/C/mail.xml:638(para)
17542
msgid ""
17543
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17544
"and SASL authentication."
17545
msgstr ""
17546
17547
#: serverguide/C/mail.xml:647(para)
17548
msgid ""
17549
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17550
"information."
17551
msgstr ""
17552
17553
#: serverguide/C/mail.xml:652(para)
17554
msgid ""
17555
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17556
"server\">Exim4 Book</ulink> available."
17557
msgstr ""
17558
17559
#: serverguide/C/mail.xml:657(para)
17560
msgid ""
17561
"Another resource is the <ulink "
17562
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17563
"page."
17564
msgstr ""
17565
17566
#: serverguide/C/mail.xml:666(title)
17567
msgid "Dovecot Server"
17568
msgstr ""
17569
17570
#: serverguide/C/mail.xml:667(para)
17571
msgid ""
17572
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17573
"security primarily in mind. It supports the major mailbox formats: mbox or "
17574
"Maildir. This section explain how to set it up as an imap or pop3 server."
17575
msgstr ""
17576
17577
#: serverguide/C/mail.xml:675(para)
17578
msgid ""
17579
"To install <application>dovecot</application>, run the following command in "
17580
"the command prompt:"
17581
msgstr ""
17582
17583
#: serverguide/C/mail.xml:680(command)
17584
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17585
msgstr ""
17586
17587
#: serverguide/C/mail.xml:685(para)
17588
msgid ""
17589
"To configure <application>dovecot</application>, you can edit the file "
17590
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17591
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17592
"secure). A description of these protocols is beyond the scope of this guide. "
17593
"For further information, refer to the Wikipedia articles on <ulink "
17594
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17595
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17596
"link>."
17597
msgstr ""
17598
17599
#: serverguide/C/mail.xml:695(para)
17600
msgid ""
17601
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17602
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17603
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17604
msgstr ""
17605
17606
#: serverguide/C/mail.xml:701(programlisting)
17607
#, no-wrap
17608
msgid ""
17609
"\n"
17610
"protocols = pop3 pop3s imap imaps\n"
17611
msgstr ""
17612
17613
#: serverguide/C/mail.xml:704(para)
17614
msgid ""
17615
"Next, choose the mailbox you would like to use. "
17616
"<application>Dovecot</application> supports <emphasis "
17617
"role=\"strong\">maildir</emphasis> and <emphasis "
17618
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17619
"mailbox formats. They both have their own benefits and are discussed on "
17620
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17621
"site</ulink>."
17622
msgstr ""
17623
17624
#: serverguide/C/mail.xml:712(para)
17625
msgid ""
17626
"Once you have chosen your mailbox type, edit the file "
17627
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17628
msgstr ""
17629
17630
#: serverguide/C/mail.xml:717(programlisting)
17631
#, no-wrap
17632
msgid ""
17633
"\n"
17634
"mail_location = maildir:~/Maildir # (for maildir)\n"
17635
"or\n"
17636
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17637
msgstr ""
17638
17639
#: serverguide/C/mail.xml:723(para)
17640
msgid ""
17641
"You should configure your Mail Transport Agent (MTA) to transfer the "
17642
"incoming mail to this type of mailbox if it is different from the one you "
17643
"have configured."
17644
msgstr ""
17645
17646
#: serverguide/C/mail.xml:729(para)
17647
msgid ""
17648
"Once you have configured dovecot, restart the "
17649
"<application>dovecot</application> daemon in order to test your setup:"
17650
msgstr ""
17651
17652
#: serverguide/C/mail.xml:738(para)
17653
msgid ""
17654
"If you have enabled imap, or pop3, you can also try to log in with the "
17655
"commands <command>telnet localhost pop3</command> or <command>telnet "
17656
"localhost imap2</command>. If you see something like the following, the "
17657
"installation has been successful:"
17658
msgstr ""
17659
17660
#: serverguide/C/mail.xml:745(programlisting)
17661
#, no-wrap
17662
msgid ""
17663
"\n"
17664
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17665
"Trying 127.0.0.1...\n"
17666
"Connected to localhost.localdomain.\n"
17667
"Escape character is '^]'.\n"
17668
"+OK Dovecot ready.\n"
17669
msgstr ""
17670
17671
#: serverguide/C/mail.xml:754(title)
17672
msgid "Dovecot SSL Configuration"
17673
msgstr ""
17674
17675
#: serverguide/C/mail.xml:755(para)
17676
msgid ""
17677
"To configure <application>dovecot</application> to use SSL, you can edit the "
17678
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17679
"lines:"
17680
msgstr ""
17681
17682
#: serverguide/C/mail.xml:760(programlisting)
17683
#, no-wrap
17684
msgid ""
17685
"\n"
17686
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17687
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17688
"ssl_disable = no\n"
17689
"disable_plaintext_auth = no\n"
17690
msgstr ""
17691
17692
#: serverguide/C/mail.xml:766(para)
17693
msgid ""
17694
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17695
"can create self signed SSL certificate. The latter is a good option for "
17696
"email, because SMTP clients rarely complain about \"self-signed "
17697
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17698
"security\"/> for details about how to create self signed SSL certificate. "
17699
"Once you create the certificate, you will have a key file and a certificate "
17700
"file. Please copy them to the location pointed in the "
17701
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17702
msgstr ""
17703
17704
#: serverguide/C/mail.xml:781(title)
17705
msgid "Firewall Configuration for an Email Server"
17706
msgstr ""
17707
17708
#: serverguide/C/mail.xml:787(para)
17709
msgid "IMAP - 143"
17710
msgstr ""
17711
17712
#: serverguide/C/mail.xml:788(para)
17713
msgid "IMAPS - 993"
17714
msgstr ""
17715
17716
#: serverguide/C/mail.xml:789(para)
17717
msgid "POP3 - 110"
17718
msgstr ""
17719
17720
#: serverguide/C/mail.xml:790(para)
17721
msgid "POP3S - 995"
17722
msgstr ""
17723
17724
#: serverguide/C/mail.xml:782(para)
17725
msgid ""
17726
"To access your mail server from another computer, you must configure your "
17727
"firewall to allow connections to the server on the necessary ports. "
17728
"<placeholder-1/>"
17729
msgstr ""
17730
17731
#: serverguide/C/mail.xml:799(para)
17732
msgid ""
17733
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17734
"more information."
17735
msgstr ""
17736
17737
#: serverguide/C/mail.xml:804(para)
17738
msgid ""
17739
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17740
"Ubuntu Wiki</ulink> page has more details."
17741
msgstr ""
17742
17743
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17744
msgid "Mailman"
17745
msgstr ""
17746
17747
#: serverguide/C/mail.xml:814(para)
17748
msgid ""
17749
"Mailman is an open source program for managing electronic mail discussions "
17750
"and e-newsletter lists. Many open source mailing lists (including all the "
17751
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17752
"Mailman as their mailing list software. It is powerful and easy to install "
17753
"and maintain."
17754
msgstr ""
17755
17756
#: serverguide/C/mail.xml:824(para)
17757
msgid ""
17758
"Mailman provides a web interface for the administrators and users, using an "
17759
"external mail server to send and receive emails. It works perfectly with the "
17760
"following mail servers:"
17761
msgstr ""
17762
17763
#: serverguide/C/mail.xml:835(application)
17764
msgid "Exim"
17765
msgstr ""
17766
17767
#: serverguide/C/mail.xml:838(application)
17768
msgid "Sendmail"
17769
msgstr ""
17770
17771
#: serverguide/C/mail.xml:841(application)
17772
msgid "Qmail"
17773
msgstr ""
17774
17775
#: serverguide/C/mail.xml:846(para)
17776
msgid ""
17777
"We will see how to install and configure Mailman with, the Apache web "
17778
"server, and either the Postfix or Exim mail server. If you wish to install "
17779
"Mailman with a different mail server, please refer to the references section."
17780
msgstr ""
17781
17782
#: serverguide/C/mail.xml:853(para)
17783
msgid ""
17784
"You only need to install one mail server and "
17785
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17786
msgstr ""
17787
17788
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17789
msgid "Apache2"
17790
msgstr ""
17791
17792
#: serverguide/C/mail.xml:859(para)
17793
msgid ""
17794
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17795
"installation\">HTTPD Installation</ulink> section for details."
17796
msgstr ""
17797
17798
#: serverguide/C/mail.xml:867(para)
17799
msgid ""
17800
"For instructions on installing and configuring Postfix refer to <xref "
17801
"linkend=\"postfix\"/>"
17802
msgstr ""
17803
17804
#: serverguide/C/mail.xml:873(para)
17805
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17806
msgstr ""
17807
17808
#: serverguide/C/mail.xml:884(application)
17809
msgid "dc_use_split_config='true'"
17810
msgstr ""
17811
17812
#: serverguide/C/mail.xml:876(para)
17813
msgid ""
17814
"Once exim4 is installed, the configuration files are stored in the "
17815
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17816
"configuration files are split across different files. You can change this "
17817
"behavior by changing the following variable in the "
17818
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17819
msgstr ""
17820
17821
#: serverguide/C/mail.xml:891(para)
17822
msgid ""
17823
"To install <application>Mailman</application>, run following command at a "
17824
"terminal prompt:"
17825
msgstr ""
17826
17827
#: serverguide/C/mail.xml:895(command)
17828
msgid "sudo apt-get install mailman"
17829
msgstr ""
17830
17831
#: serverguide/C/mail.xml:897(para)
17832
msgid ""
17833
"It copies the installation files in "
17834
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17835
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17836
"creates <emphasis>list</emphasis> linux user. It creates the "
17837
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17838
"this user."
17839
msgstr ""
17840
17841
#: serverguide/C/mail.xml:909(para)
17842
msgid ""
17843
"This section assumes you have successfully installed "
17844
"<application>mailman</application>, <application>apache2</application>, and "
17845
"<application>postfix</application> or <application>exim4</application>. Now "
17846
"you just need to configure them."
17847
msgstr ""
17848
17849
#: serverguide/C/mail.xml:918(para)
17850
msgid ""
17851
"An example Apache configuration file comes with "
17852
"<application>Mailman</application> and is placed in "
17853
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17854
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17855
"available</filename>:"
17856
msgstr ""
17857
17858
#: serverguide/C/mail.xml:924(command)
17859
msgid ""
17860
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17861
msgstr ""
17862
17863
#: serverguide/C/mail.xml:926(para)
17864
msgid ""
17865
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17866
"Mailman administration site. Now enable the new configuration and restart "
17867
"Apache:"
17868
msgstr ""
17869
17870
#: serverguide/C/mail.xml:931(command)
17871
msgid "sudo a2ensite mailman.conf"
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:934(para)
17875
msgid ""
17876
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17877
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17878
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17879
"can make changes to the <filename>/etc/apache2/sites-"
17880
"available/mailman.conf</filename> file if you wish to change this behavior."
17881
msgstr ""
17882
17883
#: serverguide/C/mail.xml:945(para)
17884
msgid ""
17885
"For <application>Postfix</application> integration, we will associate the "
17886
"domain lists.example.com with the mailing lists. Please replace "
17887
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
17888
msgstr ""
17889
17890
#: serverguide/C/mail.xml:949(para)
17891
msgid ""
17892
"You can use the postconf command to add the necessary configuration to "
17893
"<filename>/etc/postfix/main.cf</filename>:"
17894
msgstr ""
17895
17896
#: serverguide/C/mail.xml:953(command)
17897
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
17898
msgstr ""
17899
17900
#: serverguide/C/mail.xml:954(command)
17901
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
17902
msgstr ""
17903
17904
#: serverguide/C/mail.xml:955(command)
17905
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
17906
msgstr ""
17907
17908
#: serverguide/C/mail.xml:957(para)
17909
msgid ""
17910
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
17911
"the following transport:"
17912
msgstr ""
17913
17914
#: serverguide/C/mail.xml:960(programlisting)
17915
#, no-wrap
17916
msgid ""
17917
"\n"
17918
"mailman unix - n n - - pipe\n"
17919
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
17920
" ${nexthop} ${user}\n"
17921
msgstr ""
17922
17923
#: serverguide/C/mail.xml:965(para)
17924
msgid ""
17925
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
17926
"is delivered to a list."
17927
msgstr ""
17928
17929
#: serverguide/C/mail.xml:968(para)
17930
msgid ""
17931
"Associate the domain lists.example.com to the Mailman transport with the "
17932
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
17933
msgstr ""
17934
17935
#: serverguide/C/mail.xml:971(programlisting)
17936
#, no-wrap
17937
msgid ""
17938
"\n"
17939
"lists.example.com mailman:\n"
17940
msgstr ""
17941
17942
#: serverguide/C/mail.xml:974(para)
17943
msgid ""
17944
"Now have <application>Postfix</application> build the transport map by "
17945
"entering the following from a terminal prompt:"
17946
msgstr ""
17947
17948
#: serverguide/C/mail.xml:978(command)
17949
msgid "sudo postmap -v /etc/postfix/transport"
17950
msgstr ""
17951
17952
#: serverguide/C/mail.xml:980(para)
17953
msgid "Then restart Postfix to enable the new configurations:"
17954
msgstr ""
17955
17956
#: serverguide/C/mail.xml:989(para)
17957
msgid ""
17958
"Once Exim4 is installed, you can start the Exim server using the following "
17959
"command from a terminal prompt:"
17960
msgstr ""
17961
17962
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
17963
msgid "Main"
17964
msgstr ""
17965
17966
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
17967
msgid "Transport"
17968
msgstr ""
17969
17970
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
17971
msgid "Router"
17972
msgstr ""
17973
17974
#: serverguide/C/mail.xml:996(para)
17975
msgid ""
17976
"In order to make mailman work with Exim4, you need to configure Exim4. As "
17977
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
17978
"different types. For details, please refer to the <ulink "
17979
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
17980
"add new a configuration file to the following configuration types: "
17981
"<placeholder-1/> Exim creates a master configuration file by sorting all "
17982
"these mini configuration files. So, the order of these configuration files "
17983
"is very important."
17984
msgstr ""
17985
17986
#: serverguide/C/mail.xml:1027(programlisting)
17987
#, no-wrap
17988
msgid ""
17989
"\n"
17990
"# start\n"
17991
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
17992
"# directory.\n"
17993
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
17994
"# This is normally the same as ~mailman\n"
17995
"MM_HOME=/var/lib/mailman\n"
17996
"#\n"
17997
"# User and group for Mailman, should match your --with-mail-gid\n"
17998
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
17999
"MM_UID=list\n"
18000
"MM_GID=list\n"
18001
"#\n"
18002
"# Domains that your lists are in - colon separated list\n"
18003
"# you may wish to add these into local_domains as well\n"
18004
"domainlist mm_domains=hostname.com\n"
18005
"#\n"
18006
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18007
"#\n"
18008
"# These values are derived from the ones above and should not need\n"
18009
"# editing unless you have munged your mailman installation\n"
18010
"#\n"
18011
"# The path of the Mailman mail wrapper script\n"
18012
"MM_WRAP=MM_HOME/mail/mailman\n"
18013
"#\n"
18014
"# The path of the list config file (used as a required file when\n"
18015
"# verifying list addresses)\n"
18016
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18017
"# end\n"
18018
msgstr ""
18019
18020
#: serverguide/C/mail.xml:1021(para)
18021
msgid ""
18022
"All the configuration files belonging to the main type are stored in the "
18023
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18024
"following content to a new file, named <filename>04_exim4-"
18025
"config_mailman</filename>: <placeholder-1/>"
18026
msgstr ""
18027
18028
#: serverguide/C/mail.xml:1067(programlisting)
18029
#, no-wrap
18030
msgid ""
18031
"\n"
18032
" mailman_transport:\n"
18033
" driver = pipe\n"
18034
" command = MM_WRAP \\\n"
18035
" '${if def:local_part_suffix \\\n"
18036
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18037
"\\\n"
18038
" {post}}' \\\n"
18039
" $local_part\n"
18040
" current_directory = MM_HOME\n"
18041
" home_directory = MM_HOME\n"
18042
" user = MM_UID\n"
18043
" group = MM_GID\n"
18044
msgstr ""
18045
18046
#: serverguide/C/mail.xml:1061(para)
18047
msgid ""
18048
"All the configuration files belonging to transport type are stored in the "
18049
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18050
"following content to a new file named <filename> 40_exim4-"
18051
"config_mailman</filename>: <placeholder-1/>"
18052
msgstr ""
18053
18054
#: serverguide/C/mail.xml:1088(programlisting)
18055
#, no-wrap
18056
msgid ""
18057
"\n"
18058
" mailman_router:\n"
18059
" driver = accept\n"
18060
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18061
" local_part_suffix_optional\n"
18062
" local_part_suffix = -bounces : -bounces+* : \\\n"
18063
" -confirm+* : -join : -leave : \\\n"
18064
" -owner : -request : -admin\n"
18065
" transport = mailman_transport\n"
18066
msgstr ""
18067
18068
#: serverguide/C/mail.xml:1084(para)
18069
msgid ""
18070
"All the configuration files belonging to router type are stored in the "
18071
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18072
"following content in to a new file named <filename>101_exim4-"
18073
"config_mailman</filename>: <placeholder-1/>"
18074
msgstr ""
18075
18076
#: serverguide/C/mail.xml:1101(para)
18077
msgid ""
18078
"The order of main and transport configuration files can be in any order. "
18079
"But, the order of router configuration files must be the same. This "
18080
"particular file must appear before the <application>200_exim4-"
18081
"config_primary</application> file. These two configuration files contain "
18082
"same type of information. The first file takes the precedence. For more "
18083
"details, please refer to the references section."
18084
msgstr ""
18085
18086
#: serverguide/C/mail.xml:1114(para)
18087
msgid ""
18088
"Once mailman is installed, you can run it using the following command:"
18089
msgstr ""
18090
18091
#: serverguide/C/mail.xml:1118(command)
18092
msgid "sudo /etc/init.d/mailman start"
18093
msgstr ""
18094
18095
#: serverguide/C/mail.xml:1120(para)
18096
msgid ""
18097
"Once mailman is installed, you should create the default mailing list. Run "
18098
"the following command to create the mailing list:"
18099
msgstr ""
18100
18101
#: serverguide/C/mail.xml:1126(command)
18102
msgid "sudo /usr/sbin/newlist mailman"
18103
msgstr ""
18104
18105
#: serverguide/C/mail.xml:1129(programlisting)
18106
#, no-wrap
18107
msgid ""
18108
"\n"
18109
" Enter the email address of the person running the list: bhuvan at "
18110
"ubuntu.com\n"
18111
" Initial mailman password:\n"
18112
" To finish creating your mailing list, you must edit your "
18113
"<filename>/etc/aliases</filename> (or\n"
18114
" equivalent) file by adding the following lines, and possibly running the\n"
18115
" `newaliases' program:\n"
18116
"\n"
18117
" ## mailman mailing list\n"
18118
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18119
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18120
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18121
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18122
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18123
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18124
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18125
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18126
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18127
"mailman\"\n"
18128
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18129
"mailman\"\n"
18130
"\n"
18131
" Hit enter to notify mailman owner...\n"
18132
"\n"
18133
" # \n"
18134
msgstr ""
18135
18136
#: serverguide/C/mail.xml:1152(para)
18137
msgid ""
18138
"We have configured either Postfix or Exim4 to recognize all emails from "
18139
"mailman. So, it is not mandatory to make any new entries in "
18140
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18141
"configuration files, please ensure that you restart those services before "
18142
"continuing to next section."
18143
msgstr ""
18144
18145
#: serverguide/C/mail.xml:1160(para)
18146
msgid ""
18147
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18148
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18149
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18150
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18151
msgstr ""
18152
18153
#: serverguide/C/mail.xml:1171(title)
18154
msgid "Administration"
18155
msgstr ""
18156
18157
#: serverguide/C/mail.xml:1172(para)
18158
msgid ""
18159
"We assume you have a default installation. The mailman cgi scripts are still "
18160
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18161
"Mailman provides a web based administration facility. To access this page, "
18162
"point your browser to the following url:"
18163
msgstr ""
18164
18165
#: serverguide/C/mail.xml:1180(para)
18166
msgid "http://hostname/cgi-bin/mailman/admin"
18167
msgstr ""
18168
18169
#: serverguide/C/mail.xml:1184(para)
18170
msgid ""
18171
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18172
"screen. If you click the mailing list name, it will ask for your "
18173
"authentication password. If you enter the correct password, you will be able "
18174
"to change administrative settings of this mailing list. You can create a new "
18175
"mailing list using the command line utility "
18176
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18177
"mailing list using the web interface."
18178
msgstr ""
18179
18180
#: serverguide/C/mail.xml:1197(title)
18181
msgid "Users"
18182
msgstr ""
18183
18184
#: serverguide/C/mail.xml:1198(para)
18185
msgid ""
18186
"Mailman provides a web based interface for users. To access this page, point "
18187
"your browser to the following url:"
18188
msgstr ""
18189
18190
#: serverguide/C/mail.xml:1203(para)
18191
msgid "http://hostname/cgi-bin/mailman/listinfo"
18192
msgstr ""
18193
18194
#: serverguide/C/mail.xml:1207(para)
18195
msgid ""
18196
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18197
"screen. If you click the mailing list name, it will display the subscription "
18198
"form. You can enter your email address, name (optional), and password to "
18199
"subscribe. An email invitation will be sent to you. You can follow the "
18200
"instructions in the email to subscribe."
18201
msgstr ""
18202
18203
#: serverguide/C/mail.xml:1219(ulink)
18204
msgid "GNU Mailman - Installation Manual"
18205
msgstr ""
18206
18207
#: serverguide/C/mail.xml:1223(ulink)
18208
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18209
msgstr ""
18210
18211
#: serverguide/C/mail.xml:1226(para)
18212
msgid ""
18213
"Also, see the <ulink "
18214
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18215
"Wiki</ulink> page."
18216
msgstr ""
18217
18218
#: serverguide/C/mail.xml:1232(title)
18219
msgid "Mail Filtering"
18220
msgstr ""
18221
18222
#: serverguide/C/mail.xml:1233(para)
18223
msgid ""
18224
"One of the largest issues with email today is the problem of Unsolicited "
18225
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18226
"and other forms of malware. According to some reports these messages make up "
18227
"the bulk of all email traffic on the Internet."
18228
msgstr ""
18229
18230
#: serverguide/C/mail.xml:1238(para)
18231
msgid ""
18232
"This section will cover integrating <application>Amavisd-new</application>, "
18233
"<application>Spamassassin</application>, and "
18234
"<application>ClamAV</application> with the "
18235
"<application>Postfix</application> Mail Transport Agent (MTA). "
18236
"<application>Postfix</application> can also check email validity by passing "
18237
"it through external content filters. These filters can sometimes determine "
18238
"if a message is spam without needing to process it with more resource "
18239
"intensive applications. Two common filters are "
18240
"<application>opendkim</application> and <application>python-policyd-"
18241
"spf</application>."
18242
msgstr ""
18243
18244
#: serverguide/C/mail.xml:1248(para)
18245
msgid ""
18246
"<application>Amavisd-new</application> is a wrapper program that can call "
18247
"any number of content filtering programs for spam detection, antivirus, etc."
18248
msgstr ""
18249
18250
#: serverguide/C/mail.xml:1254(para)
18251
msgid ""
18252
"<application>Spamassassin</application> uses a variety of mechanisms to "
18253
"filter email based on the message content."
18254
msgstr ""
18255
18256
#: serverguide/C/mail.xml:1259(para)
18257
msgid ""
18258
"<application>ClamAV</application> is an open source antivirus application."
18259
msgstr ""
18260
18261
#: serverguide/C/mail.xml:1264(para)
18262
msgid ""
18263
"<application>opendkim</application> implements a Sendmail Mail Filter "
18264
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18265
msgstr ""
18266
18267
#: serverguide/C/mail.xml:1270(para)
18268
msgid ""
18269
"<application>python-policyd-spf</application> enables Sender Policy "
18270
"Framework (SPF) checking with <application>Postfix</application>."
18271
msgstr ""
18272
18273
#: serverguide/C/mail.xml:1275(para)
18274
msgid "This is how the pieces fit together:"
18275
msgstr ""
18276
18277
#: serverguide/C/mail.xml:1280(para)
18278
msgid "An email message is accepted by <application>Postfix</application>."
18279
msgstr ""
18280
18281
#: serverguide/C/mail.xml:1285(para)
18282
msgid ""
18283
"The message is passed through any external filters "
18284
"<application>opendkim</application> and <application>python-policyd-"
18285
"spf</application> in this case."
18286
msgstr ""
18287
18288
#: serverguide/C/mail.xml:1291(para)
18289
msgid "<application>Amavisd-new</application> then processes the message."
18290
msgstr ""
18291
18292
#: serverguide/C/mail.xml:1296(para)
18293
msgid ""
18294
"<application>ClamAV</application> is used to scan the message. If the "
18295
"message contains a virus <application>Postfix</application> will reject the "
18296
"message."
18297
msgstr ""
18298
18299
#: serverguide/C/mail.xml:1302(para)
18300
msgid ""
18301
"Clean messages will then be analyzed by "
18302
"<application>Spamassassin</application> to find out if the message is spam. "
18303
"<application>Spamassassin</application> will then add X-Header lines "
18304
"allowing <application>Amavisd-new</application> to further manipulate the "
18305
"message."
18306
msgstr ""
18307
18308
#: serverguide/C/mail.xml:1309(para)
18309
msgid ""
18310
"For example, if a message has a Spam score of over fifty the message could "
18311
"be automatically dropped from the queue without the recipient ever having to "
18312
"be bothered. Another, way to handle flagged messages is to deliver them to "
18313
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18314
"see fit."
18315
msgstr ""
18316
18317
#: serverguide/C/mail.xml:1316(para)
18318
msgid ""
18319
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18320
"configuring Postfix."
18321
msgstr ""
18322
18323
#: serverguide/C/mail.xml:1319(para)
18324
msgid ""
18325
"To install the rest of the applications enter the following from a terminal "
18326
"prompt:"
18327
msgstr ""
18328
18329
#: serverguide/C/mail.xml:1323(command)
18330
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18331
msgstr ""
18332
18333
#: serverguide/C/mail.xml:1324(command)
18334
msgid "sudo apt-get install opendkim python-policyd-spf"
18335
msgstr ""
18336
18337
#: serverguide/C/mail.xml:1326(para)
18338
msgid ""
18339
"There are some optional packages that integrate with "
18340
"<application>Spamassassin</application> for better spam detection:"
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:1330(command)
18344
msgid "sudo apt-get install pyzor razor"
18345
msgstr ""
18346
18347
#: serverguide/C/mail.xml:1332(para)
18348
msgid ""
18349
"Along with the main filtering applications compression utilities are needed "
18350
"to process some email attachments:"
18351
msgstr ""
18352
18353
#: serverguide/C/mail.xml:1336(command)
18354
msgid ""
18355
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18356
msgstr ""
18357
18358
#: serverguide/C/mail.xml:1339(para)
18359
msgid ""
18360
"If some packages are not found, check that the "
18361
"<emphasis>multiverse</emphasis> repository is enabled in "
18362
"<filename>/etc/apt/sources.list</filename>"
18363
msgstr ""
18364
18365
#: serverguide/C/mail.xml:1340(para)
18366
msgid ""
18367
"If you make changes to the file, be sure to run <command>sudo apt-get "
18368
"update</command> before trying to install again."
18369
msgstr ""
18370
18371
#: serverguide/C/mail.xml:1345(para)
18372
msgid "Now configure everything to work together and filter email."
18373
msgstr ""
18374
18375
#: serverguide/C/mail.xml:1349(title)
18376
msgid "ClamAV"
18377
msgstr ""
18378
18379
#: serverguide/C/mail.xml:1350(para)
18380
msgid ""
18381
"The default behaviour of <application>ClamAV</application> will fit our "
18382
"needs. For more ClamAV configuration options, check the configuration files "
18383
"in <filename>/etc/clamav</filename>."
18384
msgstr ""
18385
18386
#: serverguide/C/mail.xml:1355(para)
18387
msgid ""
18388
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18389
"group in order for <application>Amavisd-new</application> to have the "
18390
"appropriate access to scan files:"
18391
msgstr ""
18392
18393
#: serverguide/C/mail.xml:1360(command)
18394
msgid "sudo adduser clamav amavis"
18395
msgstr ""
18396
18397
#: serverguide/C/mail.xml:1364(title)
18398
msgid "Spamassassin"
18399
msgstr ""
18400
18401
#: serverguide/C/mail.xml:1365(para)
18402
msgid ""
18403
"Spamassassin automatically detects optional components and will use them if "
18404
"they are present. This means that there is no need to configure "
18405
"<application>pyzor</application> and <application>razor</application>."
18406
msgstr ""
18407
18408
#: serverguide/C/mail.xml:1369(para)
18409
msgid ""
18410
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18411
"<application>Spamassassin</application> daemon. Change "
18412
"<emphasis>ENABLED=0</emphasis> to:"
18413
msgstr ""
18414
18415
#: serverguide/C/mail.xml:1373(programlisting)
18416
#, no-wrap
18417
msgid ""
18418
"\n"
18419
"ENABLED=1\n"
18420
msgstr ""
18421
18422
#: serverguide/C/mail.xml:1376(para)
18423
msgid "Now start the daemon:"
18424
msgstr ""
18425
18426
#: serverguide/C/mail.xml:1380(command)
18427
msgid "sudo /etc/init.d/spamassassin start"
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:1384(title)
18431
msgid "Amavisd-new"
18432
msgstr ""
18433
18434
#: serverguide/C/mail.xml:1385(para)
18435
msgid ""
18436
"First activate spam and antivirus detection in <application>Amavisd-"
18437
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18438
"content_filter_mode</filename>:"
18439
msgstr ""
18440
18441
#: serverguide/C/mail.xml:1389(programlisting)
18442
#, no-wrap
18443
msgid ""
18444
"\n"
18445
"use strict;\n"
18446
"\n"
18447
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18448
"# and to re-enable antivirus checking.\n"
18449
"\n"
18450
"#\n"
18451
"# Default antivirus checking mode\n"
18452
"# Uncomment the two lines below to enable it\n"
18453
"#\n"
18454
"\n"
18455
"@bypass_virus_checks_maps = (\n"
18456
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18457
"$bypass_virus_checks_re);\n"
18458
"\n"
18459
"\n"
18460
"#\n"
18461
"# Default SPAM checking mode\n"
18462
"# Uncomment the two lines below to enable it\n"
18463
"#\n"
18464
"\n"
18465
"@bypass_spam_checks_maps = (\n"
18466
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18467
"$bypass_spam_checks_re);\n"
18468
"\n"
18469
"1; # insure a defined return\n"
18470
msgstr ""
18471
18472
#: serverguide/C/mail.xml:1414(para)
18473
msgid ""
18474
"Bouncing spam can be a bad idea as the return address is often faked. "
18475
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18476
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18477
"D_BOUNCE, as follows:"
18478
msgstr ""
18479
18480
#: serverguide/C/mail.xml:1420(programlisting)
18481
#, no-wrap
18482
msgid ""
18483
"\n"
18484
"$final_spam_destiny = D_DISCARD;\n"
18485
msgstr ""
18486
18487
#: serverguide/C/mail.xml:1424(para)
18488
msgid ""
18489
"Additionally, you may want to adjust the following options to flag more "
18490
"messages as spam:"
18491
msgstr ""
18492
18493
#: serverguide/C/mail.xml:1428(programlisting)
18494
#, no-wrap
18495
msgid ""
18496
"\n"
18497
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18498
"level\n"
18499
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18500
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18501
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18502
msgstr ""
18503
18504
#: serverguide/C/mail.xml:1435(para)
18505
msgid ""
18506
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18507
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18508
"option. Also, if the server receives mail for multiple domains the "
18509
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18510
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18511
msgstr ""
18512
18513
#: serverguide/C/mail.xml:1442(programlisting)
18514
#, no-wrap
18515
msgid ""
18516
"\n"
18517
"$myhostname = 'mail.example.com';\n"
18518
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18519
msgstr ""
18520
18521
#: serverguide/C/mail.xml:1447(para)
18522
msgid ""
18523
"After configuration <application>Amavisd-new</application> needs to be "
18524
"restarted:"
18525
msgstr ""
18526
18527
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18528
msgid "sudo /etc/init.d/amavis restart"
18529
msgstr ""
18530
18531
#: serverguide/C/mail.xml:1454(title)
18532
msgid "DKIM Whitelist"
18533
msgstr ""
18534
18535
#: serverguide/C/mail.xml:1456(para)
18536
msgid ""
18537
"<application>Amavisd-new</application> can be configured to automatically "
18538
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18539
"Keys. There are some pre-configured domains in the "
18540
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18541
msgstr ""
18542
18543
#: serverguide/C/mail.xml:1462(para)
18544
msgid "There are multiple ways to configure the Whitelist for a domain:"
18545
msgstr ""
18546
18547
#: serverguide/C/mail.xml:1468(para)
18548
msgid ""
18549
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18550
"address from the \"example.com\" domain."
18551
msgstr ""
18552
18553
#: serverguide/C/mail.xml:1473(para)
18554
msgid ""
18555
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18556
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18557
"have a valid signature."
18558
msgstr ""
18559
18560
#: serverguide/C/mail.xml:1479(para)
18561
msgid ""
18562
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18563
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18564
"role=\"italic\">example.com</emphasis> the parent domain."
18565
msgstr ""
18566
18567
#: serverguide/C/mail.xml:1485(para)
18568
msgid ""
18569
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18570
"that have a valid signature from \"example.com\". This is usually used for "
18571
"discussion groups that sign their messages."
18572
msgstr ""
18573
18574
#: serverguide/C/mail.xml:1492(para)
18575
msgid ""
18576
"A domain can also have multiple Whitelist configurations. After, editing the "
18577
"file restart <application>amaisd-new</application>:"
18578
msgstr ""
18579
18580
#: serverguide/C/mail.xml:1501(para)
18581
msgid ""
18582
"In this context, once a domain has been added to the Whitelist the message "
18583
"will not receive any anti-virus or spam filtering. This may or may not be "
18584
"the intended behavior you wish for a domain."
18585
msgstr ""
18586
18587
#: serverguide/C/mail.xml:1511(para)
18588
msgid ""
18589
"For <application>Postfix</application> integration, enter the following from "
18590
"a terminal prompt:"
18591
msgstr ""
18592
18593
#: serverguide/C/mail.xml:1515(command)
18594
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:1517(para)
18598
msgid ""
18599
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18600
"to the end of the file:"
18601
msgstr ""
18602
18603
#: serverguide/C/mail.xml:1520(programlisting)
18604
#, no-wrap
18605
msgid ""
18606
"\n"
18607
"smtp-amavis unix - - - - 2 smtp\n"
18608
" -o smtp_data_done_timeout=1200\n"
18609
" -o smtp_send_xforward_command=yes\n"
18610
" -o disable_dns_lookups=yes\n"
18611
" -o max_use=20\n"
18612
"\n"
18613
"127.0.0.1:10025 inet n - - - - smtpd\n"
18614
" -o content_filter=\n"
18615
" -o local_recipient_maps=\n"
18616
" -o relay_recipient_maps=\n"
18617
" -o smtpd_restriction_classes=\n"
18618
" -o smtpd_delay_reject=no\n"
18619
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18620
" -o smtpd_helo_restrictions=\n"
18621
" -o smtpd_sender_restrictions=\n"
18622
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18623
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18624
" -o smtpd_end_of_data_restrictions=\n"
18625
" -o mynetworks=127.0.0.0/8\n"
18626
" -o smtpd_error_sleep_time=0\n"
18627
" -o smtpd_soft_error_limit=1001\n"
18628
" -o smtpd_hard_error_limit=1000\n"
18629
" -o smtpd_client_connection_count_limit=0\n"
18630
" -o smtpd_client_connection_rate_limit=0\n"
18631
" -o "
18632
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18633
msgstr ""
18634
18635
#: serverguide/C/mail.xml:1547(para)
18636
msgid ""
18637
"Also add the following two lines immediately below the "
18638
"<emphasis>\"pickup\"</emphasis> transport service:"
18639
msgstr ""
18640
18641
#: serverguide/C/mail.xml:1550(programlisting)
18642
#, no-wrap
18643
msgid ""
18644
"\n"
18645
" -o content_filter=\n"
18646
" -o receive_override_options=no_header_body_checks\n"
18647
msgstr ""
18648
18649
#: serverguide/C/mail.xml:1554(para)
18650
msgid ""
18651
"This will prevent messages that are generated to report on spam from being "
18652
"classified as spam."
18653
msgstr ""
18654
18655
#: serverguide/C/mail.xml:1557(para)
18656
msgid "Now restart <application>Postfix</application>:"
18657
msgstr ""
18658
18659
#: serverguide/C/mail.xml:1563(para)
18660
msgid "Content filtering with spam and virus detection is now enabled."
18661
msgstr ""
18662
18663
#: serverguide/C/mail.xml:1569(title)
18664
msgid "Amavisd-new and Spamassassin"
18665
msgstr ""
18666
18667
#: serverguide/C/mail.xml:1571(para)
18668
msgid ""
18669
"When integrating <application>Amavisd-new</application> with "
18670
"<application>Spamassassin</application>, if you choose to disable the bayes "
18671
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18672
"<application>cron</application> to update the nightly rules, the result can "
18673
"cause a situation where a large amount of error messages are sent to the "
18674
"<emphasis>amavis</emphasis> user via the amavisd-new "
18675
"<application>cron</application> job."
18676
msgstr ""
18677
18678
#: serverguide/C/mail.xml:1578(para)
18679
msgid "There are several ways to handle this situation:"
18680
msgstr ""
18681
18682
#: serverguide/C/mail.xml:1584(para)
18683
msgid "Configure your MDA to filter messages you do not wish to see."
18684
msgstr ""
18685
18686
#: serverguide/C/mail.xml:1589(para)
18687
msgid ""
18688
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18689
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18690
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18691
"the top before the <emphasis>test</emphasis> statements:"
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:1593(programlisting)
18695
#, no-wrap
18696
msgid ""
18697
"\n"
18698
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18699
"exit 0\n"
18700
msgstr ""
18701
18702
#: serverguide/C/mail.xml:1603(para)
18703
msgid ""
18704
"First, test that the <application>Amavisd-new</application> SMTP is "
18705
"listening:"
18706
msgstr ""
18707
18708
#: serverguide/C/mail.xml:1606(programlisting)
18709
#, no-wrap
18710
msgid ""
18711
"\n"
18712
"telnet localhost 10024\n"
18713
"Trying 127.0.0.1...\n"
18714
"Connected to localhost.\n"
18715
"Escape character is '^]'.\n"
18716
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18717
"^]\n"
18718
msgstr ""
18719
18720
#: serverguide/C/mail.xml:1614(para)
18721
msgid ""
18722
"In the Header of messages that go through the content filter you should see:"
18723
msgstr ""
18724
18725
#: serverguide/C/mail.xml:1617(programlisting)
18726
#, no-wrap
18727
msgid ""
18728
"\n"
18729
"X-Spam-Level: \n"
18730
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18731
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18732
"BAYES_00\n"
18733
"X-Spam-Level: \n"
18734
msgstr ""
18735
18736
#: serverguide/C/mail.xml:1624(para)
18737
msgid ""
18738
"Your output will vary, but the important thing is that there are <emphasis>X-"
18739
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18740
msgstr ""
18741
18742
#: serverguide/C/mail.xml:1632(para)
18743
msgid ""
18744
"The best way to figure out why something is going wrong is to check the log "
18745
"files."
18746
msgstr ""
18747
18748
#: serverguide/C/mail.xml:1637(para)
18749
msgid ""
18750
"For instructions on <application>Postfix</application> logging see the <xref "
18751
"linkend=\"postfix-troubleshooting\"/> section."
18752
msgstr ""
18753
18754
#: serverguide/C/mail.xml:1643(para)
18755
msgid ""
18756
"<application>Amavisd-new</application> uses "
18757
"<application>Syslog</application> to send messages to "
18758
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18759
"increased by adding the <emphasis>$log_level</emphasis> option to "
18760
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18761
"1 to 5."
18762
msgstr ""
18763
18764
#: serverguide/C/mail.xml:1648(programlisting)
18765
#, no-wrap
18766
msgid ""
18767
"\n"
18768
"$log_level = 2;\n"
18769
msgstr ""
18770
18771
#: serverguide/C/mail.xml:1652(para)
18772
msgid ""
18773
"When the <application>Amavisd-new</application> log output is increased "
18774
"<application>Spamassassin</application> log output is also increased."
18775
msgstr ""
18776
18777
#: serverguide/C/mail.xml:1659(para)
18778
msgid ""
18779
"The <application>ClamAV</application> log level can be increased by editing "
18780
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18781
msgstr ""
18782
18783
#: serverguide/C/mail.xml:1663(programlisting)
18784
#, no-wrap
18785
msgid ""
18786
"\n"
18787
"LogVerbose true\n"
18788
msgstr ""
18789
18790
#: serverguide/C/mail.xml:1666(para)
18791
msgid ""
18792
"By default <application>ClamAV</application> will send log messages to "
18793
"<filename>/var/log/clamav/clamav.log</filename>."
18794
msgstr ""
18795
18796
#: serverguide/C/mail.xml:1672(para)
18797
msgid ""
18798
"After changing an applications log settings remember to restart the service "
18799
"for the new settings to take affect. Also, once the issue you are "
18800
"troubleshooting is resolved it is a good idea to change the log settings "
18801
"back to normal."
18802
msgstr ""
18803
18804
#: serverguide/C/mail.xml:1680(para)
18805
msgid "For more information on filtering mail see the following links:"
18806
msgstr ""
18807
18808
#: serverguide/C/mail.xml:1686(ulink)
18809
msgid "Amavisd-new Documentation"
18810
msgstr ""
18811
18812
#: serverguide/C/mail.xml:1690(para)
18813
msgid ""
18814
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18815
"Documentation</ulink> and <ulink "
18816
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18817
msgstr ""
18818
18819
#: serverguide/C/mail.xml:1697(ulink)
18820
msgid "Spamassassin Wiki"
18821
msgstr ""
18822
18823
#: serverguide/C/mail.xml:1702(ulink)
18824
msgid "Pyzor Homepage"
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:1707(ulink)
18828
msgid "Razor Homepage"
18829
msgstr ""
18830
18831
#: serverguide/C/mail.xml:1712(ulink)
18832
msgid "DKIM.org"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:1717(ulink)
18836
msgid "Postfix Amavis New"
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:1721(para)
18840
msgid ""
18841
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18842
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18843
msgstr ""
18844
18845
#: serverguide/C/lamp-applications.xml:13(title)
18846
msgid "LAMP Applications"
18847
msgstr ""
18848
18849
#: serverguide/C/lamp-applications.xml:19(para)
18850
msgid ""
18851
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18852
"Ubuntu servers. There is a plethora of Open Source applications written "
18853
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18854
"Content Management Systems, and Management Software such as phpMyAdmin."
18855
msgstr ""
18856
18857
#: serverguide/C/lamp-applications.xml:26(para)
18858
msgid ""
18859
"One advantage of LAMP is the substantial flexibility for different database, "
18860
"web server, and scripting languages. Popular substitutes for MySQL include "
18861
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18862
"instead of PHP."
18863
msgstr ""
18864
18865
#: serverguide/C/lamp-applications.xml:32(para)
18866
msgid ""
18867
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18868
"is:"
18869
msgstr ""
18870
18871
#: serverguide/C/lamp-applications.xml:38(para)
18872
msgid "Download an archive containing the application source files."
18873
msgstr ""
18874
18875
#: serverguide/C/lamp-applications.xml:43(para)
18876
msgid ""
18877
"Unpack the archive, usually in a directory accessible to a web server."
18878
msgstr ""
18879
18880
#: serverguide/C/lamp-applications.xml:48(para)
18881
msgid ""
18882
"Depending on where the source was extracted, configure a web server to serve "
18883
"the files."
18884
msgstr ""
18885
18886
#: serverguide/C/lamp-applications.xml:53(para)
18887
msgid "Configure the application to connect to the database."
18888
msgstr ""
18889
18890
#: serverguide/C/lamp-applications.xml:58(para)
18891
msgid ""
18892
"Run a script, or browse to a page of the application, to install the "
18893
"database needed by the application."
18894
msgstr ""
18895
18896
#: serverguide/C/lamp-applications.xml:63(para)
18897
msgid ""
18898
"Once the steps above, or similar steps, are completed you are ready to begin "
18899
"using the application."
18900
msgstr ""
18901
18902
#: serverguide/C/lamp-applications.xml:69(para)
18903
msgid ""
18904
"A disadvantage of using this approach is that the application files are not "
18905
"placed in the file system in a standard way, which can cause confusion as to "
18906
"where the application is installed. Another larger disadvantage is updating "
18907
"the application. When a new version is released, the same process used to "
18908
"install the application is needed to apply updates."
18909
msgstr ""
18910
18911
#: serverguide/C/lamp-applications.xml:76(para)
18912
msgid ""
18913
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
18914
"packaged for Ubuntu, and are available for installation in the same way as "
18915
"non-LAMP applications. Depending on the application some extra configuration "
18916
"and setup steps may be needed, however."
18917
msgstr ""
18918
18919
#: serverguide/C/lamp-applications.xml:82(para)
18920
msgid ""
18921
"This section covers howto install and configure the Wiki applications "
18922
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
18923
"and the MySQL management application <application>phpMyAdmin</application>."
18924
msgstr ""
18925
18926
#: serverguide/C/lamp-applications.xml:88(para)
18927
msgid ""
18928
"A Wiki is a website that allows the visitors to easily add, remove and "
18929
"modify available content easily. The ease of interaction and operation makes "
18930
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
18931
"also referred to the collaborative software."
18932
msgstr ""
18933
18934
#: serverguide/C/lamp-applications.xml:100(title)
18935
msgid "Moin Moin"
18936
msgstr "Moin Moin"
18937
18938
#: serverguide/C/lamp-applications.xml:102(para)
18939
msgid ""
18940
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
18941
"engine, and licensed under the GNU GPL."
18942
msgstr ""
18943
18944
#: serverguide/C/lamp-applications.xml:110(para)
18945
msgid ""
18946
"To install <application>MoinMoin</application>, run the following command in "
18947
"the command prompt:"
18948
msgstr ""
18949
18950
#: serverguide/C/lamp-applications.xml:116(command)
18951
msgid "sudo apt-get install python-moinmoin"
18952
msgstr "sudo apt-get install python-moinmoin"
18953
18954
#: serverguide/C/lamp-applications.xml:119(para)
18955
msgid ""
18956
"You should also install <application>apache2</application> web server. For "
18957
"installing <application>apache2</application> web server, please refer to "
18958
"<xref linkend=\"http-installation\"/> sub-section in <xref "
18959
"linkend=\"httpd\"/> section."
18960
msgstr ""
18961
18962
#: serverguide/C/lamp-applications.xml:130(para)
18963
msgid ""
18964
"For configuring your first Wiki application, please run the following set of "
18965
"commands. Let us assume that you are creating a Wiki named "
18966
"<emphasis>mywiki</emphasis>:"
18967
msgstr ""
18968
18969
#: serverguide/C/lamp-applications.xml:137(command)
18970
msgid "cd /usr/share/moin"
18971
msgstr ""
18972
18973
#: serverguide/C/lamp-applications.xml:138(command)
18974
msgid "sudo mkdir mywiki"
18975
msgstr ""
18976
18977
#: serverguide/C/lamp-applications.xml:139(command)
18978
msgid "sudo cp -R data mywiki"
18979
msgstr ""
18980
18981
#: serverguide/C/lamp-applications.xml:140(command)
18982
msgid "sudo cp -R underlay mywiki"
18983
msgstr ""
18984
18985
#: serverguide/C/lamp-applications.xml:141(command)
18986
msgid "sudo cp server/moin.cgi mywiki"
18987
msgstr ""
18988
18989
#: serverguide/C/lamp-applications.xml:142(command)
18990
msgid "sudo chown -R www-data.www-data mywiki"
18991
msgstr ""
18992
18993
#: serverguide/C/lamp-applications.xml:143(command)
18994
msgid "sudo chmod -R ug+rwX mywiki"
18995
msgstr ""
18996
18997
#: serverguide/C/lamp-applications.xml:144(command)
18998
msgid "sudo chmod -R o-rwx mywiki"
18999
msgstr ""
19000
19001
#: serverguide/C/lamp-applications.xml:147(para)
19002
msgid ""
19003
"Now you should configure <application>MoinMoin</application> to find your "
19004
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19005
"<application>MoinMoin</application>, open "
19006
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19007
msgstr ""
19008
19009
#: serverguide/C/lamp-applications.xml:155(programlisting)
19010
#, no-wrap
19011
msgid "data_dir = '/org/mywiki/data'"
19012
msgstr ""
19013
19014
#: serverguide/C/lamp-applications.xml:157(para)
19015
msgid "to"
19016
msgstr "ke"
19017
19018
#: serverguide/C/lamp-applications.xml:161(programlisting)
19019
#, no-wrap
19020
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19021
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
19022
19023
#: serverguide/C/lamp-applications.xml:163(para)
19024
msgid ""
19025
"Also, below the <emphasis>data_dir</emphasis> option add the "
19026
"<emphasis>data_underlay_dir</emphasis>:"
19027
msgstr ""
19028
19029
#: serverguide/C/lamp-applications.xml:167(programlisting)
19030
#, no-wrap
19031
msgid ""
19032
"\n"
19033
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19034
msgstr ""
19035
19036
#: serverguide/C/lamp-applications.xml:172(para)
19037
msgid ""
19038
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19039
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19040
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19041
"change."
19042
msgstr ""
19043
19044
#: serverguide/C/lamp-applications.xml:181(para)
19045
msgid ""
19046
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19047
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19048
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19049
"<quote>(\"mywiki\", r\".*\")</quote>."
19050
msgstr ""
19051
19052
#: serverguide/C/lamp-applications.xml:189(para)
19053
msgid ""
19054
"Once you have configured <application>MoinMoin</application> to find your "
19055
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19056
"<application>apache2</application> and make it ready for your Wiki "
19057
"application."
19058
msgstr ""
19059
19060
#: serverguide/C/lamp-applications.xml:196(para)
19061
msgid ""
19062
"You should add the following lines in <filename>/etc/apache2/sites-"
19063
"available/default</filename> file inside the <quote><VirtualHost "
19064
"*></quote> tag:"
19065
msgstr ""
19066
19067
#: serverguide/C/lamp-applications.xml:202(programlisting)
19068
#, no-wrap
19069
msgid ""
19070
"\n"
19071
"### moin\n"
19072
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19073
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19074
" <Directory /usr/share/moin/htdocs>\n"
19075
" Order allow,deny\n"
19076
" allow from all\n"
19077
" </Directory>\n"
19078
"### end moin\n"
19079
msgstr ""
19080
19081
#: serverguide/C/lamp-applications.xml:214(para)
19082
msgid ""
19083
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19084
"<emphasis>alias</emphasis> line above, to the "
19085
"<application>moinmoin</application> version installed."
19086
msgstr ""
19087
19088
#: serverguide/C/lamp-applications.xml:220(para)
19089
msgid ""
19090
"Once you configure the <application>apache2</application> web server and "
19091
"make it ready for your Wiki application, you should restart it. You can run "
19092
"the following command to restart the <application>apache2</application> web "
19093
"server:"
19094
msgstr ""
19095
19096
#: serverguide/C/lamp-applications.xml:233(title)
19097
msgid "Verification"
19098
msgstr "Verifikasi"
19099
19100
#: serverguide/C/lamp-applications.xml:235(para)
19101
msgid ""
19102
"You can verify the Wiki application and see if it works by pointing your web "
19103
"browser to the following URL:"
19104
msgstr ""
19105
19106
#: serverguide/C/lamp-applications.xml:239(programlisting)
19107
#, no-wrap
19108
msgid ""
19109
"\n"
19110
"http://localhost/mywiki\n"
19111
msgstr ""
19112
"\n"
19113
"http://localhost/mywiki\n"
19114
19115
#: serverguide/C/lamp-applications.xml:243(para)
19116
msgid ""
19117
"You can also run the test command by pointing your web browser to the "
19118
"following URL:"
19119
msgstr ""
19120
19121
#: serverguide/C/lamp-applications.xml:248(programlisting)
19122
#, no-wrap
19123
msgid ""
19124
"\n"
19125
"http://localhost/mywiki?action=test\n"
19126
msgstr ""
19127
"\n"
19128
"http://localhost/mywiki?action=test\n"
19129
19130
#: serverguide/C/lamp-applications.xml:252(para)
19131
msgid ""
19132
"For more details, please refer to the <ulink "
19133
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19134
msgstr ""
19135
19136
#: serverguide/C/lamp-applications.xml:263(para)
19137
msgid ""
19138
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19139
"Wiki</ulink>."
19140
msgstr ""
19141
19142
#: serverguide/C/lamp-applications.xml:268(para)
19143
msgid ""
19144
"Also, see the <ulink "
19145
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19146
"MoinMoin</ulink> page."
19147
msgstr ""
19148
19149
#: serverguide/C/lamp-applications.xml:277(title)
19150
msgid "MediaWiki"
19151
msgstr "MediaWiki"
19152
19153
#: serverguide/C/lamp-applications.xml:279(para)
19154
msgid ""
19155
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19156
"either use <application>MySQL</application> or "
19157
"<application>PostgreSQL</application> Database Management System."
19158
msgstr ""
19159
19160
#: serverguide/C/lamp-applications.xml:289(para)
19161
msgid ""
19162
"Before installing <application>MediaWiki</application> you should also "
19163
"install <application>Apache2</application>, the "
19164
"<application>PHP5</application> scripting language and Database a Management "
19165
"System. <application>MySQL</application> or "
19166
"<application>PostgreSQL</application> are the most common, choose one "
19167
"depending on your need. Please refer to those sections in this manual for "
19168
"installation instructions."
19169
msgstr ""
19170
19171
#: serverguide/C/lamp-applications.xml:297(para)
19172
msgid ""
19173
"To install <application>MediaWiki</application>, run the following command "
19174
"in the command prompt:"
19175
msgstr ""
19176
19177
#: serverguide/C/lamp-applications.xml:303(command)
19178
msgid "sudo apt-get install mediawiki php5-gd"
19179
msgstr "sudo apt-get install mediawiki php5-gd"
19180
19181
#: serverguide/C/lamp-applications.xml:306(para)
19182
msgid ""
19183
"For additional <application>MediaWiki</application> functionality see the "
19184
"<application>mediawiki-extensions</application> package."
19185
msgstr ""
19186
19187
#: serverguide/C/lamp-applications.xml:316(para)
19188
msgid ""
19189
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19190
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19191
"directory. You should uncomment the following line in this file to access "
19192
"MediaWiki application."
19193
msgstr ""
19194
19195
#: serverguide/C/lamp-applications.xml:324(screen)
19196
#, no-wrap
19197
msgid ""
19198
"\n"
19199
"# Alias /mediawiki /var/lib/mediawiki\n"
19200
msgstr ""
19201
19202
#: serverguide/C/lamp-applications.xml:328(para)
19203
msgid ""
19204
"After you uncomment the above line, restart Apache server and access "
19205
"MediaWiki using the following url:"
19206
msgstr ""
19207
19208
#: serverguide/C/lamp-applications.xml:333(programlisting)
19209
#, no-wrap
19210
msgid ""
19211
"\n"
19212
"http://localhost/mediawiki/config/index.php\n"
19213
msgstr ""
19214
"\n"
19215
"http://localhost/mediawiki/config/index.php\n"
19216
19217
#: serverguide/C/lamp-applications.xml:338(para)
19218
msgid ""
19219
"Please read the <quote>Checking environment...</quote> section in this page. "
19220
"You should be able to fix many issues by carefully reading this section."
19221
msgstr ""
19222
19223
#: serverguide/C/lamp-applications.xml:345(para)
19224
msgid ""
19225
"Once the configuration is complete, you should copy the "
19226
"<filename>LocalSettings.php</filename> file to "
19227
"<filename>/etc/mediawiki</filename> directory:"
19228
msgstr ""
19229
19230
#: serverguide/C/lamp-applications.xml:352(command)
19231
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19232
msgstr ""
19233
19234
#: serverguide/C/lamp-applications.xml:355(para)
19235
msgid ""
19236
"You may also want to edit "
19237
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19238
msgstr ""
19239
19240
#: serverguide/C/lamp-applications.xml:360(programlisting)
19241
#, no-wrap
19242
msgid ""
19243
"\n"
19244
"ini_set( 'memory_limit', '64M' );\n"
19245
msgstr ""
19246
19247
#: serverguide/C/lamp-applications.xml:367(title)
19248
msgid "Extensions"
19249
msgstr ""
19250
19251
#: serverguide/C/lamp-applications.xml:368(para)
19252
msgid ""
19253
"The extensions add new features and enhancements for the MediaWiki "
19254
"application. The extensions give wiki administrators and end users the "
19255
"ability to customize MediaWiki to their requirements."
19256
msgstr ""
19257
19258
#: serverguide/C/lamp-applications.xml:374(para)
19259
msgid ""
19260
"You can download MediaWiki extensions as an archive file or checkout from "
19261
"the Subversion repository. You should copy it to "
19262
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19263
"also add the following line at the end of file: "
19264
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19265
msgstr ""
19266
19267
#: serverguide/C/lamp-applications.xml:382(programlisting)
19268
#, no-wrap
19269
msgid ""
19270
"\n"
19271
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19272
msgstr ""
19273
19274
#: serverguide/C/lamp-applications.xml:392(para)
19275
msgid ""
19276
"For more details, please refer to the <ulink "
19277
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19278
msgstr ""
19279
19280
#: serverguide/C/lamp-applications.xml:398(para)
19281
msgid ""
19282
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19283
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19284
"new MediaWiki administrators."
19285
msgstr ""
19286
19287
#: serverguide/C/lamp-applications.xml:404(para)
19288
msgid ""
19289
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19290
"Wiki MediaWiki</ulink> page is a good resource."
19291
msgstr ""
19292
19293
#: serverguide/C/lamp-applications.xml:414(title)
19294
msgid "phpMyAdmin"
19295
msgstr ""
19296
19297
#: serverguide/C/lamp-applications.xml:416(para)
19298
msgid ""
19299
"<application>phpMyAdmin</application> is a LAMP application specifically "
19300
"written for administering <application>MySQL</application> servers. Written "
19301
"in <application>PHP</application>, and accessed through a web browser, "
19302
"phpMyAdmin provides a graphical interface for database administration tasks."
19303
msgstr ""
19304
19305
#: serverguide/C/lamp-applications.xml:425(para)
19306
msgid ""
19307
"Before installing <application>phpMyAdmin</application> you will need access "
19308
"to a <application>MySQL</application> database either on the same host as "
19309
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19310
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19311
"enter:"
19312
msgstr ""
19313
19314
#: serverguide/C/lamp-applications.xml:432(command)
19315
msgid "sudo apt-get install phpmyadmin"
19316
msgstr ""
19317
19318
#: serverguide/C/lamp-applications.xml:435(para)
19319
msgid ""
19320
"At the prompt choose which web server to be configured for "
19321
"<application>phpMyAdmin</application>. The rest of this section will use "
19322
"<application>Apache2</application> for the web server."
19323
msgstr ""
19324
19325
#: serverguide/C/lamp-applications.xml:440(para)
19326
msgid ""
19327
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19328
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19329
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19330
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19331
"user if you any setup, and enter the <application>MySQL</application> user's "
19332
"password."
19333
msgstr ""
19334
19335
#: serverguide/C/lamp-applications.xml:447(para)
19336
msgid ""
19337
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19338
"needed, create users, create/destroy databases and tables, etc."
19339
msgstr ""
19340
19341
#: serverguide/C/lamp-applications.xml:455(para)
19342
msgid ""
19343
"The configuration files for <application>phpMyAdmin</application> are "
19344
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19345
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19346
"configuration options that apply globally to "
19347
"<application>phpMyAdmin</application>."
19348
msgstr ""
19349
19350
#: serverguide/C/lamp-applications.xml:461(para)
19351
msgid ""
19352
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19353
"hosted on another server, adjust the following in "
19354
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19355
msgstr ""
19356
19357
#: serverguide/C/lamp-applications.xml:466(programlisting)
19358
#, no-wrap
19359
msgid ""
19360
"\n"
19361
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19362
msgstr ""
19363
19364
#: serverguide/C/lamp-applications.xml:471(para)
19365
msgid ""
19366
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19367
"remote database server name or IP address. Also, be sure that the "
19368
"<application>phpMyAdmin</application> host has permissions to access the "
19369
"remote database."
19370
msgstr ""
19371
19372
#: serverguide/C/lamp-applications.xml:477(para)
19373
msgid ""
19374
"Once configured, log out of <application>phpMyAdmin</application> and back "
19375
"in, and you should be accessing the new server."
19376
msgstr ""
19377
19378
#: serverguide/C/lamp-applications.xml:481(para)
19379
msgid ""
19380
"The <filename>config.header.inc.php</filename> and "
19381
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19382
"header and footer to <application>phpMyAdmin</application>."
19383
msgstr ""
19384
19385
#: serverguide/C/lamp-applications.xml:486(para)
19386
msgid ""
19387
"Another important configuration file is "
19388
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19389
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19390
"configure <application>Apache2</application> to serve the "
19391
"<application>phpMyAdmin</application> site. The file contains directives for "
19392
"loading <application>PHP</application>, directory permissions, etc. For more "
19393
"information on configuring <application>Apache2</application> see <xref "
19394
"linkend=\"httpd\"/>."
19395
msgstr ""
19396
19397
#: serverguide/C/lamp-applications.xml:500(para)
19398
msgid ""
19399
"The <application>phpMyAdmin</application> documentation comes installed with "
19400
"the package and can be accessed from the <emphasis>phpMyAdmin "
19401
"Documentation</emphasis> link (a question mark with a box around it) under "
19402
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19403
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19404
msgstr ""
19405
19406
#: serverguide/C/lamp-applications.xml:507(para)
19407
msgid ""
19408
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19409
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19410
msgstr ""
19411
19412
#: serverguide/C/lamp-applications.xml:512(para)
19413
msgid ""
19414
"A third resource is the <ulink "
19415
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19416
"Wiki</ulink> page."
19417
msgstr ""
19418
19419
#: serverguide/C/introduction.xml:14(para)
19420
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19421
msgstr ""
19422
19423
#: serverguide/C/introduction.xml:15(para)
19424
msgid ""
19425
"Here you can find information on how to install and configure various server "
19426
"applications. It is a step-by-step, task-oriented guide for configuring and "
19427
"customizing your system."
19428
msgstr ""
19429
19430
#: serverguide/C/introduction.xml:19(para)
19431
msgid ""
19432
"This guide assumes you have a basic understanding of your Ubuntu system. "
19433
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19434
"but if you need detailed instructions installing Ubuntu please refer to the "
19435
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19436
"Installation Guide</ulink>."
19437
msgstr ""
19438
19439
#: serverguide/C/introduction.xml:25(para)
19440
msgid ""
19441
"A HTML version of the manual is available online at <ulink "
19442
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19443
"HTML files are also available in the <application>ubuntu-"
19444
"serverguide</application> package. See <xref linkend=\"package-"
19445
"management\"/> for details on installing packages."
19446
msgstr ""
19447
19448
#: serverguide/C/introduction.xml:32(para)
19449
msgid ""
19450
"If you choose to install the <application>ubuntu-serverguide</application> "
19451
"you can view this document from a console by:"
19452
msgstr ""
19453
19454
#: serverguide/C/introduction.xml:36(command)
19455
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19456
msgstr ""
19457
19458
#: serverguide/C/introduction.xml:39(para)
19459
msgid ""
19460
"If you are using a localized version of Ubuntu, replace "
19461
"<emphasis>C</emphasis> with your language localization (e.g. "
19462
"<emphasis>en_GB</emphasis>)."
19463
msgstr ""
19464
19465
#: serverguide/C/introduction.xml:53(title)
19466
msgid "Support"
19467
msgstr ""
19468
19469
#: serverguide/C/introduction.xml:55(para)
19470
msgid ""
19471
"There are a couple of different ways that Ubuntu Server Edition is "
19472
"supported, commercial support and community support. The main commercial "
19473
"support (and development funding) is available from Canonical Ltd. They "
19474
"supply reasonably priced support contracts on a per desktop or per server "
19475
"basis. For more information see the <ulink "
19476
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19477
"page."
19478
msgstr ""
19479
19480
#: serverguide/C/introduction.xml:62(para)
19481
msgid ""
19482
"Community support is also provided by dedicated individuals, and companies, "
19483
"that wish to make Ubuntu the best distribution possible. Support is provided "
19484
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19485
"large amount of information available can be overwhelming, but a good search "
19486
"engine query can usually provide an answer to your questions. See the <ulink "
19487
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19488
"information."
19489
msgstr ""
19490
19491
#: serverguide/C/installation.xml:14(para)
19492
msgid ""
19493
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19494
"Edition. For more detailed instructions, please refer to the <ulink "
19495
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19496
"Installation Guide</ulink>."
19497
msgstr ""
19498
19499
#: serverguide/C/installation.xml:19(title)
19500
msgid "Preparing to Install"
19501
msgstr ""
19502
19503
#: serverguide/C/installation.xml:20(para)
19504
msgid ""
19505
"This section explains various aspects to consider before starting the "
19506
"installation."
19507
msgstr ""
19508
19509
#: serverguide/C/installation.xml:24(title)
19510
msgid "System Requirements"
19511
msgstr ""
19512
19513
#: serverguide/C/installation.xml:25(para)
19514
msgid ""
19515
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19516
"and AMD64. The table below lists recommended hardware specifications. "
19517
"Depending on your needs, you might manage with less than this. However, most "
19518
"users risk being frustrated if they ignore these suggestions."
19519
msgstr ""
19520
19521
#: serverguide/C/installation.xml:27(title)
19522
msgid "Recommended Minimum Requirements"
19523
msgstr ""
19524
19525
#: serverguide/C/installation.xml:35(para)
19526
msgid "Install Type"
19527
msgstr ""
19528
19529
#: serverguide/C/installation.xml:36(para)
19530
msgid "RAM"
19531
msgstr ""
19532
19533
#: serverguide/C/installation.xml:37(para)
19534
msgid "Hard Drive Space"
19535
msgstr ""
19536
19537
#: serverguide/C/installation.xml:40(para)
19538
msgid "Base System"
19539
msgstr ""
19540
19541
#: serverguide/C/installation.xml:41(para)
19542
msgid "All Tasks Installed"
19543
msgstr ""
19544
19545
#: serverguide/C/installation.xml:46(para)
19546
msgid "Server"
19547
msgstr "Pelayan"
19548
19549
#: serverguide/C/installation.xml:47(para)
19550
msgid "128 megabytes"
19551
msgstr ""
19552
19553
#: serverguide/C/installation.xml:48(para)
19554
msgid "500 megabytes"
19555
msgstr ""
19556
19557
#: serverguide/C/installation.xml:49(para)
19558
msgid "1 gigabyte"
19559
msgstr ""
19560
19561
#: serverguide/C/installation.xml:54(para)
19562
msgid ""
19563
"The Server Edition provides a common base for all sorts of server "
19564
"applications. It is a minimalist design providing a platform for the desired "
19565
"services, such as file/print services, web hosting, email hosting, etc."
19566
msgstr ""
19567
19568
#: serverguide/C/installation.xml:60(para)
19569
msgid ""
19570
"The requirements for UEC are slightly different for Front End requirements "
19571
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19572
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19573
msgstr ""
19574
19575
#: serverguide/C/installation.xml:68(title)
19576
msgid "Server and Desktop Differences"
19577
msgstr ""
19578
19579
#: serverguide/C/installation.xml:69(para)
19580
msgid ""
19581
"There are a few differences between the <emphasis>Ubuntu Server "
19582
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19583
"should be noted that both editions use the same "
19584
"<application>apt</application> repositories. Making it just as easy to "
19585
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19586
"Desktop Edition as it is on the Server Edition."
19587
msgstr ""
19588
19589
#: serverguide/C/installation.xml:75(para)
19590
msgid ""
19591
"The differences between the two editions are the lack of an X window "
19592
"environment in the Server Edition, the installation process, and different "
19593
"Kernel options."
19594
msgstr ""
19595
19596
#: serverguide/C/installation.xml:82(title)
19597
msgid "Kernel Differences:"
19598
msgstr ""
19599
19600
#: serverguide/C/installation.xml:85(para)
19601
msgid ""
19602
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19603
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19604
"Edition."
19605
msgstr ""
19606
19607
#: serverguide/C/installation.xml:91(para)
19608
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19609
msgstr ""
19610
19611
#: serverguide/C/installation.xml:96(para)
19612
msgid ""
19613
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19614
"Desktop Edition."
19615
msgstr ""
19616
19617
#: serverguide/C/installation.xml:102(para)
19618
msgid ""
19619
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19620
"limited by memory addressing space."
19621
msgstr ""
19622
19623
#: serverguide/C/installation.xml:107(para)
19624
msgid ""
19625
"To see all kernel configuration options you can look through "
19626
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19627
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19628
"is a great resource on the options available."
19629
msgstr ""
19630
19631
#: serverguide/C/installation.xml:116(title)
19632
msgid "Backing Up"
19633
msgstr ""
19634
19635
#: serverguide/C/installation.xml:119(para)
19636
msgid ""
19637
"Before installing <application>Ubuntu Server Edition</application> you "
19638
"should make sure all data on the system is backed up. See <xref "
19639
"linkend=\"backups\"/> for backup options."
19640
msgstr ""
19641
19642
#: serverguide/C/installation.xml:123(para)
19643
msgid ""
19644
"If this is not the first time an operating system has been installed on your "
19645
"computer, it is likely you will need to re-partition your disk to make room "
19646
"for Ubuntu."
19647
msgstr ""
19648
19649
#: serverguide/C/installation.xml:127(para)
19650
msgid ""
19651
"Any time you partition your disk, you should be prepared to lose everything "
19652
"on the disk should you make a mistake or something goes wrong during "
19653
"partitioning. The programs used in installation are quite reliable, most "
19654
"have seen years of use, but they also perform destructive actions."
19655
msgstr ""
19656
19657
#: serverguide/C/installation.xml:139(title)
19658
msgid "Installing from CD"
19659
msgstr ""
19660
19661
#: serverguide/C/installation.xml:140(para)
19662
msgid ""
19663
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19664
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19665
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19666
"a graphical installation program. Instead the Server Edition uses a console "
19667
"menu based process."
19668
msgstr ""
19669
19670
#: serverguide/C/installation.xml:147(para)
19671
msgid ""
19672
"First, download and burn the appropriate ISO file from the <ulink "
19673
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19674
msgstr ""
19675
19676
#: serverguide/C/installation.xml:153(para)
19677
msgid "Boot the system from the CD-ROM drive."
19678
msgstr ""
19679
19680
#: serverguide/C/installation.xml:158(para)
19681
msgid ""
19682
"At the boot prompt you will be asked to select the language. Afterwards the "
19683
"installation process begins by asking for your keyboard layout."
19684
msgstr ""
19685
19686
#: serverguide/C/installation.xml:164(para)
19687
msgid ""
19688
"From the main boot menu there are some additional options to install Ubuntu "
19689
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19690
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19691
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19692
"will cover the basic Ubuntu Server install."
19693
msgstr ""
19694
19695
#: serverguide/C/installation.xml:172(para)
19696
msgid ""
19697
"The installer then discovers your hardware configuration, and configures the "
19698
"network settings using DHCP. If you do not wish to use DHCP at the next "
19699
"screen choose \"Go Back\", and you have the option to \"Configure the "
19700
"network manually\"."
19701
msgstr ""
19702
19703
#: serverguide/C/installation.xml:179(para)
19704
msgid "Next, the installer asks for the system's hostname and Time Zone."
19705
msgstr ""
19706
19707
#: serverguide/C/installation.xml:184(para)
19708
msgid ""
19709
"You can then choose from several options to configure the hard drive layout. "
19710
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19711
msgstr ""
19712
19713
#: serverguide/C/installation.xml:190(para)
19714
msgid "The Ubuntu base system is then installed."
19715
msgstr ""
19716
19717
#: serverguide/C/installation.xml:195(para)
19718
msgid ""
19719
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19720
"through the <application>sudo</application> utility."
19721
msgstr ""
19722
19723
#: serverguide/C/installation.xml:201(para)
19724
msgid ""
19725
"After the user is setup, you will be asked to encrypt your <filename "
19726
"role=\"directory\">home</filename> directory."
19727
msgstr ""
19728
19729
#: serverguide/C/installation.xml:207(para)
19730
msgid ""
19731
"The next step in the installation process is to decide how you want to "
19732
"update the system. There are three options:"
19733
msgstr ""
19734
19735
#: serverguide/C/installation.xml:213(para)
19736
msgid ""
19737
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19738
"log into the machine and manually install updates."
19739
msgstr ""
19740
19741
#: serverguide/C/installation.xml:219(para)
19742
msgid ""
19743
"<emphasis>Install security updates Automatically</emphasis>: will install "
19744
"the <application>unattended-upgrades</application> package, which will "
19745
"install security updates without the intervention of an administrator. For "
19746
"more details see <xref linkend=\"automatic-updates\"/>."
19747
msgstr ""
19748
19749
#: serverguide/C/installation.xml:226(para)
19750
msgid ""
19751
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19752
"service provided by Canonical to help manage your Ubuntu machines. See the "
19753
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19754
"site for details."
19755
msgstr ""
19756
19757
#: serverguide/C/installation.xml:235(para)
19758
msgid ""
19759
"You now have the option to install, or not install, several package tasks. "
19760
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19761
"to launch <application>aptitude</application> to choose specific packages to "
19762
"install. For more information see <xref linkend=\"aptitude\"/>."
19763
msgstr ""
19764
19765
#: serverguide/C/installation.xml:243(para)
19766
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19767
msgstr ""
19768
19769
#: serverguide/C/installation.xml:249(para)
19770
msgid ""
19771
"If at any point during installation you are not satisfied by the default "
19772
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19773
"detailed installation menu that will allow you to modify the default "
19774
"settings."
19775
msgstr ""
19776
19777
#: serverguide/C/installation.xml:254(para)
19778
msgid ""
19779
"At some point during the installation process you may want to read the help "
19780
"screen provided by the installation system. To do this, press F1."
19781
msgstr ""
19782
19783
#: serverguide/C/installation.xml:259(para)
19784
msgid ""
19785
"Once again, for detailed instructions see the <ulink "
19786
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19787
"Installation Guide</ulink>."
19788
msgstr ""
19789
19790
#: serverguide/C/installation.xml:265(title)
19791
msgid "Package Tasks"
19792
msgstr ""
19793
19794
#: serverguide/C/installation.xml:266(para)
19795
msgid ""
19796
"During the Server Edition installation you have the option of installing "
19797
"additional packages from the CD. The packages are grouped by the type of "
19798
"service they provide."
19799
msgstr ""
19800
19801
#: serverguide/C/installation.xml:272(para)
19802
msgid "Cloud computing: Walrus storage service"
19803
msgstr ""
19804
19805
#: serverguide/C/installation.xml:277(para)
19806
msgid "Cloud computing: all-in-one cluster"
19807
msgstr ""
19808
19809
#: serverguide/C/installation.xml:282(para)
19810
msgid "Cloud computing: Cluster controller"
19811
msgstr ""
19812
19813
#: serverguide/C/installation.xml:287(para)
19814
msgid "Cloud computing: Node controller"
19815
msgstr ""
19816
19817
#: serverguide/C/installation.xml:292(para)
19818
msgid "Cloud computing: Storage controller"
19819
msgstr ""
19820
19821
#: serverguide/C/installation.xml:297(para)
19822
msgid "Cloud computing: top-level cloud controller"
19823
msgstr ""
19824
19825
#: serverguide/C/installation.xml:302(para)
19826
msgid "DNS server: Selects the BIND DNS server and its documentation."
19827
msgstr ""
19828
19829
#: serverguide/C/installation.xml:307(para)
19830
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19831
msgstr ""
19832
19833
#: serverguide/C/installation.xml:312(para)
19834
msgid ""
19835
"Mail server: This task selects a variety of package useful for a general "
19836
"purpose mail server system."
19837
msgstr ""
19838
19839
#: serverguide/C/installation.xml:317(para)
19840
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19841
msgstr ""
19842
19843
#: serverguide/C/installation.xml:322(para)
19844
msgid ""
19845
"PostgreSQL database: This task selects client and server packages for the "
19846
"PostgreSQL database."
19847
msgstr ""
19848
19849
#: serverguide/C/installation.xml:327(para)
19850
msgid "Print server: This task sets up your system to be a print server."
19851
msgstr ""
19852
19853
#: serverguide/C/installation.xml:332(para)
19854
msgid ""
19855
"Samba File server: This task sets up your system to be a Samba file server, "
19856
"which is especially suitable in networks with both Windows and Linux systems."
19857
msgstr ""
19858
19859
#: serverguide/C/installation.xml:338(para)
19860
msgid ""
19861
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19862
"etc."
19863
msgstr ""
19864
19865
#: serverguide/C/installation.xml:343(para)
19866
msgid ""
19867
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19868
msgstr ""
19869
19870
#: serverguide/C/installation.xml:348(para)
19871
msgid ""
19872
"Manually select packages: Executes <application>apptitude</application> "
19873
"allowing you to individually select packages."
19874
msgstr ""
19875
19876
#: serverguide/C/installation.xml:353(para)
19877
msgid ""
19878
"Installing the package groups is accomplished using the "
19879
"<application>tasksel</application> utility. One of the important difference "
19880
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19881
"installed, a package is also configured to reasonable defaults, eventually "
19882
"prompting you for additional required information. Likewise, when installing "
19883
"a task, the packages are not only installed, but also configured to provided "
19884
"a fully integrated service."
19885
msgstr ""
19886
19887
#: serverguide/C/installation.xml:360(para)
19888
msgid ""
19889
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19890
"<xref linkend=\"uec\"/>."
19891
msgstr ""
19892
19893
#: serverguide/C/installation.xml:363(para)
19894
msgid ""
19895
"Once the installation process has finished you can view a list of available "
19896
"tasks by entering the following from a terminal prompt:"
19897
msgstr ""
19898
19899
#: serverguide/C/installation.xml:368(command)
19900
msgid "tasksel --list-tasks"
19901
msgstr ""
19902
19903
#: serverguide/C/installation.xml:371(para)
19904
msgid ""
19905
"The output will list tasks from other Ubuntu based distributions such as "
19906
"Kubuntu and Edubuntu. Note that you can also invoke the "
19907
"<command>tasksel</command> command by itself, which will bring up a menu of "
19908
"the different tasks available."
19909
msgstr ""
19910
19911
#: serverguide/C/installation.xml:377(para)
19912
msgid ""
19913
"You can view a list of which packages are installed with each task using the "
19914
"<emphasis>--task-packages</emphasis> option. For example, to list the "
19915
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
19916
"following:"
19917
msgstr ""
19918
19919
#: serverguide/C/installation.xml:382(command)
19920
msgid "tasksel --task-packages dns-server"
19921
msgstr ""
19922
19923
#: serverguide/C/installation.xml:384(para)
19924
msgid "The output of the command should list:"
19925
msgstr ""
19926
19927
#: serverguide/C/installation.xml:387(programlisting)
19928
#, no-wrap
19929
msgid ""
19930
"\n"
19931
"bind9-doc \n"
19932
"bind9utils \n"
19933
"bind9\n"
19934
msgstr ""
19935
19936
#: serverguide/C/installation.xml:392(para)
19937
msgid ""
19938
"Also, if you did not install one of the tasks during the installation "
19939
"process, but for example you decide to make your new LAMP server a DNS "
19940
"server as well. Simply insert the installation CD and from a terminal:"
19941
msgstr ""
19942
19943
#: serverguide/C/installation.xml:397(command)
19944
msgid "sudo tasksel install dns-server"
19945
msgstr ""
19946
19947
#: serverguide/C/installation.xml:402(title)
19948
msgid "Upgrading"
19949
msgstr ""
19950
19951
#: serverguide/C/installation.xml:403(para)
19952
msgid ""
19953
"There are several ways to upgrade from one Ubuntu release to another. This "
19954
"section gives an overview of the recommended upgrade method."
19955
msgstr ""
19956
19957
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
19958
msgid "do-release-upgrade"
19959
msgstr ""
19960
19961
#: serverguide/C/installation.xml:408(para)
19962
msgid ""
19963
"The recommended way to upgrade a Server Edition installation is to use the "
19964
"<application>do-release-upgrade</application> utility. Part of the "
19965
"<emphasis>update-manager-core</emphasis> package, it does not have any "
19966
"graphical dependencies and is installed by default."
19967
msgstr ""
19968
19969
#: serverguide/C/installation.xml:413(para)
19970
msgid ""
19971
"Debian based systems can also be upgraded by using <command>apt-get dist-"
19972
"upgrade</command>. However, using <application>do-release-"
19973
"upgrade</application> is recommended because it has the ability to handle "
19974
"system configuration changes sometimes needed between releases."
19975
msgstr ""
19976
19977
#: serverguide/C/installation.xml:418(para)
19978
msgid "To upgrade to a newer release, from a terminal prompt enter:"
19979
msgstr ""
19980
19981
#: serverguide/C/installation.xml:424(para)
19982
msgid ""
19983
"It is also possible to use <application>do-release-upgrade</application> to "
19984
"upgrade to a development version of Ubuntu. To accomplish this use the "
19985
"<emphasis>-d</emphasis> switch:"
19986
msgstr ""
19987
19988
#: serverguide/C/installation.xml:429(command)
19989
msgid "do-release-upgrade -d"
19990
msgstr ""
19991
19992
#: serverguide/C/installation.xml:432(para)
19993
msgid ""
19994
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
19995
"for production environments."
19996
msgstr ""
19997
19998
#: serverguide/C/installation.xml:439(title)
19999
msgid "Advanced Installation"
20000
msgstr ""
20001
20002
#: serverguide/C/installation.xml:442(title)
20003
msgid "Software RAID"
20004
msgstr ""
20005
20006
#: serverguide/C/installation.xml:444(para)
20007
msgid ""
20008
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20009
"the probability of catastrophic data loss in case of drive failure. RAID is "
20010
"implemented in either software (where the operating system knows about both "
20011
"drives and actively maintains both of them) or hardware (where a special "
20012
"controller makes the OS think there's only one drive and maintains the "
20013
"drives 'invisibly')."
20014
msgstr ""
20015
20016
#: serverguide/C/installation.xml:451(para)
20017
msgid ""
20018
"The RAID software included with current versions of Linux (and Ubuntu) is "
20019
"based on the <application>'mdadm'</application> driver and works very well, "
20020
"better even than many so-called 'hardware' RAID controllers. This section "
20021
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20022
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20023
"another for <emphasis>swap</emphasis>."
20024
msgstr ""
20025
20026
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20027
msgid ""
20028
"Follow the installation steps until you get to the <emphasis>Partition "
20029
"disks</emphasis> step, then:"
20030
msgstr ""
20031
20032
#: serverguide/C/installation.xml:468(para)
20033
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20034
msgstr ""
20035
20036
#: serverguide/C/installation.xml:475(para)
20037
msgid ""
20038
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20039
"partition table on this device?\"</emphasis>."
20040
msgstr ""
20041
20042
#: serverguide/C/installation.xml:479(para)
20043
msgid ""
20044
"Repeat this step for each drive you wish to be part of the RAID array."
20045
msgstr ""
20046
20047
#: serverguide/C/installation.xml:486(para)
20048
msgid ""
20049
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20050
"select <emphasis>\"Create a new partition\"</emphasis>."
20051
msgstr ""
20052
20053
#: serverguide/C/installation.xml:493(para)
20054
msgid ""
20055
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20056
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20057
"size is twice that of RAM. Enter the partition size, then choose "
20058
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20059
msgstr ""
20060
20061
#: serverguide/C/installation.xml:502(para)
20062
msgid ""
20063
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20064
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20065
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20066
"<emphasis>\"Done setting up partition\"</emphasis>."
20067
msgstr ""
20068
20069
#: serverguide/C/installation.xml:511(para)
20070
msgid ""
20071
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20072
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20073
"partition\"</emphasis>."
20074
msgstr ""
20075
20076
#: serverguide/C/installation.xml:519(para)
20077
msgid ""
20078
"Use the rest of the free space on the drive and choose "
20079
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20080
msgstr ""
20081
20082
#: serverguide/C/installation.xml:526(para)
20083
msgid ""
20084
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20085
"at the top, changing it to <emphasis>\"physical volume for "
20086
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20087
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20088
"<emphasis>\"Done setting up partition\"</emphasis>."
20089
msgstr ""
20090
20091
#: serverguide/C/installation.xml:536(para)
20092
msgid "Repeat steps three through eight for the other disk and partitions."
20093
msgstr ""
20094
20095
#: serverguide/C/installation.xml:545(title)
20096
msgid "RAID Configuration"
20097
msgstr ""
20098
20099
#: serverguide/C/installation.xml:547(para)
20100
msgid "With the partitions setup the arrays are ready to be configured:"
20101
msgstr ""
20102
20103
#: serverguide/C/installation.xml:554(para)
20104
msgid ""
20105
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20106
"Software RAID\"</emphasis> at the top."
20107
msgstr ""
20108
20109
#: serverguide/C/installation.xml:561(para)
20110
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20111
msgstr ""
20112
20113
#: serverguide/C/installation.xml:568(para)
20114
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20115
msgstr ""
20116
20117
#: serverguide/C/installation.xml:575(para)
20118
msgid ""
20119
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20120
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20121
msgstr ""
20122
20123
#: serverguide/C/installation.xml:581(para)
20124
msgid ""
20125
"In order to use <emphasis>RAID5</emphasis> you need at least "
20126
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20127
"<emphasis>two</emphasis> drives are required."
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:590(para)
20131
msgid ""
20132
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20133
"of hard drives you have, for the array. Then select "
20134
"<emphasis>\"Continue\"</emphasis>."
20135
msgstr ""
20136
20137
#: serverguide/C/installation.xml:598(para)
20138
msgid ""
20139
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20140
"default, then choose <emphasis>\"Continue\"</emphasis>."
20141
msgstr ""
20142
20143
#: serverguide/C/installation.xml:605(para)
20144
msgid ""
20145
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20146
"etc. The numbers will usually match and the different letters correspond to "
20147
"different hard drives."
20148
msgstr ""
20149
20150
#: serverguide/C/installation.xml:610(para)
20151
msgid ""
20152
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20153
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20154
"go to the next step."
20155
msgstr ""
20156
20157
#: serverguide/C/installation.xml:618(para)
20158
msgid ""
20159
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20160
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20161
"and <emphasis>sdb2</emphasis>."
20162
msgstr ""
20163
20164
#: serverguide/C/installation.xml:626(para)
20165
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20166
msgstr ""
20167
20168
#: serverguide/C/installation.xml:636(title)
20169
msgid "Formatting"
20170
msgstr ""
20171
20172
#: serverguide/C/installation.xml:638(para)
20173
msgid ""
20174
"There should now be a list of hard drives and RAID devices. The next step is "
20175
"to format and set the mount point for the RAID devices. Treat the RAID "
20176
"device as a local hard drive, format and mount accordingly."
20177
msgstr ""
20178
20179
#: serverguide/C/installation.xml:646(para)
20180
msgid ""
20181
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20182
"#0\"</emphasis> partition."
20183
msgstr ""
20184
20185
#: serverguide/C/installation.xml:653(para)
20186
msgid ""
20187
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20188
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20189
msgstr ""
20190
20191
#: serverguide/C/installation.xml:661(para)
20192
msgid ""
20193
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20194
"#1\"</emphasis> partition."
20195
msgstr ""
20196
20197
#: serverguide/C/installation.xml:668(para)
20198
msgid ""
20199
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20200
"journaling file system\"</emphasis>."
20201
msgstr ""
20202
20203
#: serverguide/C/installation.xml:675(para)
20204
msgid ""
20205
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20206
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20207
"options as appropriate, then select <emphasis>\"Done setting up "
20208
"partition\"</emphasis>."
20209
msgstr ""
20210
20211
#: serverguide/C/installation.xml:683(para)
20212
msgid ""
20213
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20214
"disk\"</emphasis>."
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:690(para)
20218
msgid ""
20219
"If you choose to place the root partition on a RAID array, the installer "
20220
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20221
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20222
msgstr ""
20223
20224
#: serverguide/C/installation.xml:695(para)
20225
msgid "The installation process will then continue normally."
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:701(title)
20229
msgid "Degraded RAID"
20230
msgstr ""
20231
20232
#: serverguide/C/installation.xml:703(para)
20233
msgid ""
20234
"At some point in the life of the computer a disk failure event may occur. "
20235
"When this happens, using Software RAID, the operating system will place the "
20236
"array into what is known as a <emphasis>degraded</emphasis> state."
20237
msgstr ""
20238
20239
#: serverguide/C/installation.xml:708(para)
20240
msgid ""
20241
"If the array has become degraded, due to the chance of data corruption, by "
20242
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20243
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20244
"second prompt giving you the option to go ahead and boot the system, or "
20245
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20246
"the desired behavior, especially if the machine is in a remote location. "
20247
"Booting to a degraded array can be configured several ways:"
20248
msgstr ""
20249
20250
#: serverguide/C/installation.xml:719(para)
20251
msgid ""
20252
"The <application>dpkg-reconfigure</application> utility can be used to "
20253
"configure the default behavior, and during the process you will be queried "
20254
"about additional settings related to the array. Such as monitoring, email "
20255
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20256
"following:"
20257
msgstr ""
20258
20259
#: serverguide/C/installation.xml:726(command)
20260
msgid "sudo dpkg-reconfigure mdadm"
20261
msgstr ""
20262
20263
#: serverguide/C/installation.xml:732(para)
20264
msgid ""
20265
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20266
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20267
"The file has the advantage of being able to pre-configure the system's "
20268
"behavior, and can also be manually edited:"
20269
msgstr ""
20270
20271
#: serverguide/C/installation.xml:738(programlisting)
20272
#, no-wrap
20273
msgid ""
20274
"\n"
20275
"BOOT_DEGRADED=true\n"
20276
msgstr ""
20277
20278
#: serverguide/C/installation.xml:743(para)
20279
msgid "The configuration file can be overridden by using a Kernel argument."
20280
msgstr ""
20281
20282
#: serverguide/C/installation.xml:751(para)
20283
msgid ""
20284
"Using a Kernel argument will allow the system to boot to a degraded array as "
20285
"well:"
20286
msgstr ""
20287
20288
#: serverguide/C/installation.xml:757(para)
20289
msgid ""
20290
"When the server is booting press <keycap>Shift</keycap> to open the "
20291
"<application>Grub</application> menu."
20292
msgstr ""
20293
20294
#: serverguide/C/installation.xml:762(para)
20295
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20296
msgstr ""
20297
20298
#: serverguide/C/installation.xml:767(para)
20299
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20300
msgstr ""
20301
20302
#: serverguide/C/installation.xml:772(para)
20303
msgid ""
20304
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20305
"end of the line."
20306
msgstr ""
20307
20308
#: serverguide/C/installation.xml:777(para)
20309
msgid ""
20310
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20311
"the system."
20312
msgstr ""
20313
20314
#: serverguide/C/installation.xml:786(para)
20315
msgid ""
20316
"Once the system has booted you can either repair the array see <xref "
20317
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20318
"another machine due to major hardware failure."
20319
msgstr ""
20320
20321
#: serverguide/C/installation.xml:793(title)
20322
msgid "RAID Maintenance"
20323
msgstr ""
20324
20325
#: serverguide/C/installation.xml:795(para)
20326
msgid ""
20327
"The <application>mdadm</application> utility can be used to view the status "
20328
"of an array, add disks to an array, remove disks, etc:"
20329
msgstr ""
20330
20331
#: serverguide/C/installation.xml:802(para)
20332
msgid "To view the status of an array, from a terminal prompt enter:"
20333
msgstr ""
20334
20335
#: serverguide/C/installation.xml:806(command)
20336
msgid "sudo mdadm -D /dev/md0"
20337
msgstr ""
20338
20339
#: serverguide/C/installation.xml:809(para)
20340
msgid ""
20341
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20342
"display <emphasis>detailed</emphasis> information about the "
20343
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20344
"with the appropriate RAID device."
20345
msgstr ""
20346
20347
#: serverguide/C/installation.xml:815(para)
20348
msgid "To view the status of a disk in an array:"
20349
msgstr ""
20350
20351
#: serverguide/C/installation.xml:819(command)
20352
msgid "sudo mdadm -E /dev/sda1"
20353
msgstr ""
20354
20355
#: serverguide/C/installation.xml:821(para)
20356
msgid ""
20357
"The output if very similar to the <command>mdadm -D</command> command, "
20358
"adjust <filename>/dev/sda1</filename> for each disk."
20359
msgstr ""
20360
20361
#: serverguide/C/installation.xml:826(para)
20362
msgid "If a disk fails and needs to be removed from an array enter:"
20363
msgstr ""
20364
20365
#: serverguide/C/installation.xml:830(command)
20366
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20367
msgstr ""
20368
20369
#: serverguide/C/installation.xml:832(para)
20370
msgid ""
20371
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20372
"the appropriate RAID device and disk."
20373
msgstr ""
20374
20375
#: serverguide/C/installation.xml:837(para)
20376
msgid "Similarly, to add a new disk:"
20377
msgstr ""
20378
20379
#: serverguide/C/installation.xml:841(command)
20380
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20381
msgstr ""
20382
20383
#: serverguide/C/installation.xml:846(para)
20384
msgid ""
20385
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20386
"though there is nothing physically wrong with the drive. It is usually "
20387
"worthwhile to remove the drive from the array then re-add it. This will "
20388
"cause the drive to re-sync with the array. If the drive will not sync with "
20389
"the array, it is a good indication of hardware failure."
20390
msgstr ""
20391
20392
#: serverguide/C/installation.xml:852(para)
20393
msgid ""
20394
"The <filename>/proc/mdstat</filename> file also contains useful information "
20395
"about the system's RAID devices:"
20396
msgstr ""
20397
20398
#: serverguide/C/installation.xml:857(command)
20399
msgid "cat /proc/mdstat"
20400
msgstr ""
20401
20402
#: serverguide/C/installation.xml:858(computeroutput)
20403
#, no-wrap
20404
msgid ""
20405
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20406
"[raid10] \n"
20407
"md0 : active raid1 sda1[0] sdb1[1]\n"
20408
" 10016384 blocks [2/2] [UU]\n"
20409
" \n"
20410
"unused devices: <none>"
20411
msgstr ""
20412
20413
#: serverguide/C/installation.xml:865(para)
20414
msgid ""
20415
"The following command is great for watching the status of a syncing drive:"
20416
msgstr ""
20417
20418
#: serverguide/C/installation.xml:870(command)
20419
msgid "watch -n1 cat /proc/mdstat"
20420
msgstr ""
20421
20422
#: serverguide/C/installation.xml:873(para)
20423
msgid ""
20424
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20425
"<application>watch</application> command."
20426
msgstr ""
20427
20428
#: serverguide/C/installation.xml:877(para)
20429
msgid ""
20430
"If you do need to replace a faulty drive, after the drive has been replaced "
20431
"and synced, <application>grub</application> will need to be installed. To "
20432
"install <application>grub</application> on the new drive, enter the "
20433
"following:"
20434
msgstr ""
20435
20436
#: serverguide/C/installation.xml:883(command)
20437
msgid "sudo grub-install /dev/md0"
20438
msgstr ""
20439
20440
#: serverguide/C/installation.xml:886(para)
20441
msgid ""
20442
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20443
msgstr ""
20444
20445
#: serverguide/C/installation.xml:894(para)
20446
msgid ""
20447
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20448
"can be configured. Please see the following links for more information:"
20449
msgstr ""
20450
20451
#: serverguide/C/installation.xml:901(para)
20452
msgid ""
20453
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20454
"Wiki Articles on RAID</ulink>."
20455
msgstr ""
20456
20457
#: serverguide/C/installation.xml:907(ulink)
20458
msgid "Software RAID HOWTO"
20459
msgstr ""
20460
20461
#: serverguide/C/installation.xml:912(ulink)
20462
msgid "Managing RAID on Linux"
20463
msgstr ""
20464
20465
#: serverguide/C/installation.xml:919(title)
20466
msgid "Logical Volume Manager (LVM)"
20467
msgstr ""
20468
20469
#: serverguide/C/installation.xml:921(para)
20470
msgid ""
20471
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20472
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20473
"hard disks. LVM volumes can be created on both software RAID partitions and "
20474
"standard partitions residing on a single disk. Volumes can also be extended, "
20475
"giving greater flexibility to systems as requirements change."
20476
msgstr ""
20477
20478
#: serverguide/C/installation.xml:930(para)
20479
msgid ""
20480
"A side effect of LVM's power and flexibility is a greater degree of "
20481
"complication. Before diving into the LVM installation process, it is best to "
20482
"get familiar with some terms."
20483
msgstr ""
20484
20485
#: serverguide/C/installation.xml:937(para)
20486
msgid ""
20487
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20488
"Volumes (LV)."
20489
msgstr ""
20490
20491
#: serverguide/C/installation.xml:942(para)
20492
msgid ""
20493
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20494
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20495
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20496
msgstr ""
20497
20498
#: serverguide/C/installation.xml:948(para)
20499
msgid ""
20500
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20501
"RAID partition. The Volume Group can be extended by adding more PVs."
20502
msgstr ""
20503
20504
#: serverguide/C/installation.xml:959(para)
20505
msgid ""
20506
"As an example this section covers installing Ubuntu Server Edition with "
20507
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20508
"the initial install only one Physical Volume (PV) will be part of the Volume "
20509
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20510
"can be extended."
20511
msgstr ""
20512
20513
#: serverguide/C/installation.xml:965(para)
20514
msgid ""
20515
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20516
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20517
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20518
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20519
"partitions and configure LVM. At this time the only way to configure a "
20520
"system with both LVM and standard partitions, during installation, is to use "
20521
"the Manual approach."
20522
msgstr ""
20523
20524
#: serverguide/C/installation.xml:982(para)
20525
msgid ""
20526
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20527
"<emphasis>\"Manual\"</emphasis>."
20528
msgstr ""
20529
20530
#: serverguide/C/installation.xml:989(para)
20531
msgid ""
20532
"Select the hard disk and on the next screen choose \"yes\" to "
20533
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20534
msgstr ""
20535
20536
#: serverguide/C/installation.xml:996(para)
20537
msgid ""
20538
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20539
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20540
msgstr ""
20541
20542
#: serverguide/C/installation.xml:1004(para)
20543
msgid ""
20544
"For the LVM <emphasis>/srv</emphasis>, create a new "
20545
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20546
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20547
"<emphasis>\"Done setting up the partition\"</emphasis>."
20548
msgstr ""
20549
20550
#: serverguide/C/installation.xml:1012(para)
20551
msgid ""
20552
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20553
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20554
"disk."
20555
msgstr ""
20556
20557
#: serverguide/C/installation.xml:1020(para)
20558
msgid ""
20559
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20560
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20561
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20562
"After entering a name, select the partition configured for LVM, and choose "
20563
"<emphasis>\"Continue\"</emphasis>."
20564
msgstr ""
20565
20566
#: serverguide/C/installation.xml:1029(para)
20567
msgid ""
20568
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20569
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20570
"volume group, and enter a name for the new LV, for example "
20571
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20572
"a size, which may be the full partition because it can always be extended "
20573
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20574
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20575
msgstr ""
20576
20577
#: serverguide/C/installation.xml:1039(para)
20578
msgid ""
20579
"Now add a filesystem to the new LVM. Select the partition under "
20580
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20581
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20582
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20583
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:1048(para)
20587
msgid ""
20588
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20589
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20590
"the installation."
20591
msgstr ""
20592
20593
#: serverguide/C/installation.xml:1056(para)
20594
msgid "There are some useful utilities to view information about LVM:"
20595
msgstr ""
20596
20597
#: serverguide/C/installation.xml:1061(para)
20598
msgid ""
20599
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20600
msgstr ""
20601
20602
#: serverguide/C/installation.xml:1062(para)
20603
msgid ""
20604
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20605
msgstr ""
20606
20607
#: serverguide/C/installation.xml:1063(para)
20608
msgid ""
20609
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20610
"Physical Volumes."
20611
msgstr ""
20612
20613
#: serverguide/C/installation.xml:1068(title)
20614
msgid "Extending Volume Groups"
20615
msgstr ""
20616
20617
#: serverguide/C/installation.xml:1070(para)
20618
msgid ""
20619
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20620
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20621
"adding it to the volume group (VG), extending the logical volume <filename "
20622
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20623
"example assumes a second hard disk has been added to the system. This hard "
20624
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20625
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20626
"before issuing the commands below. You could lose some data if you issue "
20627
"those commands on a non-empty disk. In our example we will use the entire "
20628
"disk as a physical volume (you could choose to create partitions and use "
20629
"them as different physical volumes)"
20630
msgstr ""
20631
20632
#: serverguide/C/installation.xml:1082(para)
20633
msgid "First, create the physical volume, in a terminal execute:"
20634
msgstr ""
20635
20636
#: serverguide/C/installation.xml:1087(command)
20637
msgid "sudo pvcreate /dev/sdb"
20638
msgstr ""
20639
20640
#: serverguide/C/installation.xml:1093(para)
20641
msgid "Now extend the Volume Group (VG):"
20642
msgstr ""
20643
20644
#: serverguide/C/installation.xml:1098(command)
20645
msgid "sudo vgextend vg01 /dev/sdb"
20646
msgstr ""
20647
20648
#: serverguide/C/installation.xml:1104(para)
20649
msgid ""
20650
"Use <application>vgdisplay</application> to find out the free physical "
20651
"extents - Free PE / size (the size you can allocate). We will assume a free "
20652
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20653
"whole free space available. Use your own PE and/or free space."
20654
msgstr ""
20655
20656
#: serverguide/C/installation.xml:1110(para)
20657
msgid ""
20658
"The Logical Volume (LV) can now be extended by different methods, we will "
20659
"only see how to use the PE to extend the LV:"
20660
msgstr ""
20661
20662
#: serverguide/C/installation.xml:1115(command)
20663
msgid "sudo lvextend /dev/vg01/srv -l +511"
20664
msgstr ""
20665
20666
#: serverguide/C/installation.xml:1118(para)
20667
msgid ""
20668
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20669
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20670
"Gig, Tera, etc bytes."
20671
msgstr ""
20672
20673
#: serverguide/C/installation.xml:1126(para)
20674
msgid ""
20675
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20676
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20677
"practice to unmount it anyway and check the filesystem, so that you don't "
20678
"mess up the day you want to reduce a logical volume (in that case unmounting "
20679
"first is compulsory)."
20680
msgstr ""
20681
20682
#: serverguide/C/installation.xml:1132(para)
20683
msgid ""
20684
"The following commands are for an <emphasis>EXT3</emphasis> or "
20685
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20686
"there may be other utilities available."
20687
msgstr ""
20688
20689
#: serverguide/C/installation.xml:1139(command)
20690
msgid "sudo e2fsck -f /dev/vg01/srv"
20691
msgstr ""
20692
20693
#: serverguide/C/installation.xml:1142(para)
20694
msgid ""
20695
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20696
"forces checking even if the system seems clean."
20697
msgstr ""
20698
20699
#: serverguide/C/installation.xml:1149(para)
20700
msgid "Finally, resize the filesystem:"
20701
msgstr ""
20702
20703
#: serverguide/C/installation.xml:1154(command)
20704
msgid "sudo resize2fs /dev/vg01/srv"
20705
msgstr ""
20706
20707
#: serverguide/C/installation.xml:1160(para)
20708
msgid "Now mount the partition and check its size."
20709
msgstr ""
20710
20711
#: serverguide/C/installation.xml:1165(command)
20712
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20713
msgstr ""
20714
20715
#: serverguide/C/installation.xml:1177(para)
20716
msgid ""
20717
"See the <ulink "
20718
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20719
"Articles</ulink>."
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:1182(para)
20723
msgid ""
20724
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20725
"HOWTO</ulink> for more information."
20726
msgstr ""
20727
20728
#: serverguide/C/installation.xml:1187(para)
20729
msgid ""
20730
"Another good article is <ulink "
20731
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20732
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20733
"linuxdevcenter.com site."
20734
msgstr ""
20735
20736
#: serverguide/C/installation.xml:1194(para)
20737
msgid ""
20738
"For more information on <application>fdisk</application> see the <ulink "
20739
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20740
"sk man page</ulink>."
20741
msgstr ""
20742
20743
#: serverguide/C/file-server.xml:13(title)
20744
msgid "File Servers"
20745
msgstr ""
20746
20747
#: serverguide/C/file-server.xml:15(para)
20748
msgid ""
20749
"If you have more than one computer on a single network. At some point you "
20750
"will probably need to share files between them. In this section we cover "
20751
"installing and configuring FTP, NFS, and CUPS."
20752
msgstr ""
20753
20754
#: serverguide/C/file-server.xml:22(title)
20755
msgid "FTP Server"
20756
msgstr ""
20757
20758
#: serverguide/C/file-server.xml:24(para)
20759
msgid ""
20760
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20761
"files between computers. FTP works on a client/server model. The server "
20762
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20763
"listens for FTP requests from remote clients. When a request is received, it "
20764
"manages the login and sets up the connection. For the duration of the "
20765
"session it executes any of commands sent by the FTP client."
20766
msgstr ""
20767
20768
#: serverguide/C/file-server.xml:33(para)
20769
msgid "Access to an FTP server can be managed in two ways:"
20770
msgstr ""
20771
20772
#: serverguide/C/file-server.xml:37(para)
20773
msgid "Anonymous"
20774
msgstr ""
20775
20776
#: serverguide/C/file-server.xml:40(para)
20777
msgid "Authenticated"
20778
msgstr ""
20779
20780
#: serverguide/C/file-server.xml:43(para)
20781
msgid ""
20782
"In the Anonymous mode, remote clients can access the FTP server by using the "
20783
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20784
"address as the password. In the Authenticated mode a user must have an "
20785
"account and a password. User access to the FTP server directories and files "
20786
"is dependent on the permissions defined for the account used at login. As a "
20787
"general rule, the FTP daemon will hide the root directory of the FTP server "
20788
"and change it to the FTP Home directory. This hides the rest of the file "
20789
"system from remote sessions."
20790
msgstr ""
20791
20792
#: serverguide/C/file-server.xml:55(title)
20793
msgid "vsftpd - FTP Server Installation"
20794
msgstr ""
20795
20796
#: serverguide/C/file-server.xml:57(para)
20797
msgid ""
20798
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20799
"and maintain. To install <application>vsftpd</application> you can run the "
20800
"following command:"
20801
msgstr ""
20802
20803
#: serverguide/C/file-server.xml:65(command)
20804
msgid "sudo apt-get install vsftpd"
20805
msgstr ""
20806
20807
#: serverguide/C/file-server.xml:71(title)
20808
msgid "Anonymous FTP Configuration"
20809
msgstr ""
20810
20811
#: serverguide/C/file-server.xml:73(para)
20812
msgid ""
20813
"By default <application>vsftpd</application> is configured to only allow "
20814
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20815
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20816
"default FTP directory."
20817
msgstr ""
20818
20819
#: serverguide/C/file-server.xml:80(para)
20820
msgid ""
20821
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20822
"example, simply create a directory in another location and change the "
20823
"<emphasis>ftp</emphasis> user's home directory:"
20824
msgstr ""
20825
20826
#: serverguide/C/file-server.xml:87(command)
20827
msgid "sudo mkdir /srv/ftp"
20828
msgstr ""
20829
20830
#: serverguide/C/file-server.xml:88(command)
20831
msgid "sudo usermod -d /srv/ftp ftp"
20832
msgstr ""
20833
20834
#: serverguide/C/file-server.xml:91(para)
20835
msgid "After making the change restart <application>vsftpd</application>:"
20836
msgstr ""
20837
20838
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20839
msgid "sudo /etc/init.d/vsftpd restart"
20840
msgstr ""
20841
20842
#: serverguide/C/file-server.xml:99(para)
20843
msgid ""
20844
"Finally, copy any files and directories you would like to make available "
20845
"through anonymous FTP to <filename>/srv/ftp</filename>."
20846
msgstr ""
20847
20848
#: serverguide/C/file-server.xml:106(title)
20849
msgid "User Authenticated FTP Configuration"
20850
msgstr ""
20851
20852
#: serverguide/C/file-server.xml:108(para)
20853
msgid ""
20854
"To configure <application>vsftpd</application> to authenticate system users "
20855
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20856
msgstr ""
20857
20858
#: serverguide/C/file-server.xml:114(programlisting)
20859
#, no-wrap
20860
msgid ""
20861
"\n"
20862
"local_enable=YES\n"
20863
"write_enable=YES\n"
20864
msgstr ""
20865
20866
#: serverguide/C/file-server.xml:119(para)
20867
msgid "Now restart <application>vsftpd</application>:"
20868
msgstr ""
20869
20870
#: serverguide/C/file-server.xml:127(para)
20871
msgid ""
20872
"Now when system users login to FTP they will start in their "
20873
"<emphasis>home</emphasis> directories where they can download, upload, "
20874
"create directories, etc."
20875
msgstr ""
20876
20877
#: serverguide/C/file-server.xml:133(para)
20878
msgid ""
20879
"Similarly, by default, the anonymous users are not allowed to upload files "
20880
"to FTP server. To change this setting, you should uncomment the following "
20881
"line, and restart <application>vsftpd</application>:"
20882
msgstr ""
20883
20884
#: serverguide/C/file-server.xml:140(programlisting)
20885
#, no-wrap
20886
msgid ""
20887
"\n"
20888
"anon_upload_enable=YES\n"
20889
msgstr ""
20890
20891
#: serverguide/C/file-server.xml:145(para)
20892
msgid ""
20893
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20894
"not enable anonymous upload on servers accessed directly from the Internet."
20895
msgstr ""
20896
20897
#: serverguide/C/file-server.xml:151(para)
20898
msgid ""
20899
"The configuration file consists of many configuration parameters. The "
20900
"information about each parameter is available in the configuration file. "
20901
"Alternatively, you can refer to the man page, <command>man 5 "
20902
"vsftpd.conf</command> for details of each parameter."
20903
msgstr ""
20904
20905
#: serverguide/C/file-server.xml:162(title)
20906
msgid "Securing FTP"
20907
msgstr ""
20908
20909
#: serverguide/C/file-server.xml:164(para)
20910
msgid ""
20911
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
20912
"<application>vsftpd</application> more secure. For example users can be "
20913
"limited to their home directories by uncommenting:"
20914
msgstr ""
20915
20916
#: serverguide/C/file-server.xml:170(programlisting)
20917
#, no-wrap
20918
msgid ""
20919
"\n"
20920
"chroot_local_user=YES\n"
20921
msgstr ""
20922
20923
#: serverguide/C/file-server.xml:174(para)
20924
msgid ""
20925
"You can also limit a specific list of users to just their home directories:"
20926
msgstr ""
20927
20928
#: serverguide/C/file-server.xml:178(programlisting)
20929
#, no-wrap
20930
msgid ""
20931
"\n"
20932
"chroot_list_enable=YES\n"
20933
"chroot_list_file=/etc/vsftpd.chroot_list\n"
20934
msgstr ""
20935
20936
#: serverguide/C/file-server.xml:183(para)
20937
msgid ""
20938
"After uncommenting the above options, create a "
20939
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
20940
"per line. Then restart <application>vsftpd</application>:"
20941
msgstr ""
20942
20943
#: serverguide/C/file-server.xml:192(para)
20944
msgid ""
20945
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
20946
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
20947
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
20948
"add them to the list."
20949
msgstr ""
20950
20951
#: serverguide/C/file-server.xml:199(para)
20952
msgid ""
20953
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
20954
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
20955
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
20956
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
20957
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
20958
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
20959
"with a shell may not be ideal for some environments, such as a shared web "
20960
"host."
20961
msgstr ""
20962
20963
#: serverguide/C/file-server.xml:208(para)
20964
msgid ""
20965
"To configure <emphasis>FTPS</emphasis>, edit "
20966
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
20967
msgstr ""
20968
20969
#: serverguide/C/file-server.xml:212(programlisting)
20970
#, no-wrap
20971
msgid ""
20972
"\n"
20973
"ssl_enable=Yes\n"
20974
msgstr ""
20975
20976
#: serverguide/C/file-server.xml:216(para)
20977
msgid "Also, notice the certificate and key related options:"
20978
msgstr ""
20979
20980
#: serverguide/C/file-server.xml:220(programlisting)
20981
#, no-wrap
20982
msgid ""
20983
"\n"
20984
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
20985
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
20986
msgstr ""
20987
20988
#: serverguide/C/file-server.xml:225(para)
20989
msgid ""
20990
"By default these options are set the certificate and key provided by the "
20991
"<application>ssl-cert</application> package. In a production environment "
20992
"these should be replaced with a certificate and key generated for the "
20993
"specific host. For more information on certificates see <xref "
20994
"linkend=\"certificates-and-security\"/>."
20995
msgstr ""
20996
20997
#: serverguide/C/file-server.xml:231(para)
20998
msgid ""
20999
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21000
"be forced to use <emphasis>FTPS</emphasis>:"
21001
msgstr ""
21002
21003
#: serverguide/C/file-server.xml:240(para)
21004
msgid ""
21005
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21006
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21007
"adding the <emphasis>nologin</emphasis> shell:"
21008
msgstr ""
21009
21010
#: serverguide/C/file-server.xml:245(programlisting)
21011
#, no-wrap
21012
msgid ""
21013
"\n"
21014
"# /etc/shells: valid login shells\n"
21015
"/bin/csh\n"
21016
"/bin/sh\n"
21017
"/usr/bin/es\n"
21018
"/usr/bin/ksh\n"
21019
"/bin/ksh\n"
21020
"/usr/bin/rc\n"
21021
"/usr/bin/tcsh\n"
21022
"/bin/tcsh\n"
21023
"/usr/bin/esh\n"
21024
"/bin/dash\n"
21025
"/bin/bash\n"
21026
"/bin/rbash\n"
21027
"/usr/bin/screen\n"
21028
"/usr/sbin/nologin\n"
21029
msgstr ""
21030
21031
#: serverguide/C/file-server.xml:263(para)
21032
msgid ""
21033
"This is necessary because, by default <application>vsftpd</application> uses "
21034
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21035
"configuration file contains:"
21036
msgstr ""
21037
21038
#: serverguide/C/file-server.xml:268(programlisting)
21039
#, no-wrap
21040
msgid ""
21041
"\n"
21042
"auth required pam_shells.so\n"
21043
msgstr ""
21044
21045
#: serverguide/C/file-server.xml:272(para)
21046
msgid ""
21047
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21048
"in the <filename>/etc/shells</filename> file."
21049
msgstr ""
21050
21051
#: serverguide/C/file-server.xml:277(para)
21052
msgid ""
21053
"Most popular FTP clients can be configured connect using FTPS. The "
21054
"<application>lftp</application> command line FTP client has the ability to "
21055
"use FTPS as well."
21056
msgstr ""
21057
21058
#: serverguide/C/file-server.xml:288(para)
21059
msgid ""
21060
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21061
"website</ulink> for more information."
21062
msgstr ""
21063
21064
#: serverguide/C/file-server.xml:293(para)
21065
msgid ""
21066
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21067
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21068
"\">vsftpd.conf man page</ulink>."
21069
msgstr ""
21070
21071
#: serverguide/C/file-server.xml:299(para)
21072
msgid ""
21073
"The CodeGurus article <ulink "
21074
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21075
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21076
"contrasting FTPS and SFTP."
21077
msgstr ""
21078
21079
#: serverguide/C/file-server.xml:305(para)
21080
msgid ""
21081
"Also, for more information see the <ulink "
21082
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21083
"page."
21084
msgstr ""
21085
21086
#: serverguide/C/file-server.xml:315(title)
21087
msgid "Network File System (NFS)"
21088
msgstr ""
21089
21090
#: serverguide/C/file-server.xml:316(para)
21091
msgid ""
21092
"NFS allows a system to share directories and files with others over a "
21093
"network. By using NFS, users and programs can access files on remote systems "
21094
"almost as if they were local files."
21095
msgstr ""
21096
21097
#: serverguide/C/file-server.xml:322(para)
21098
msgid "Some of the most notable benefits that NFS can provide are:"
21099
msgstr ""
21100
21101
#: serverguide/C/file-server.xml:328(para)
21102
msgid ""
21103
"Local workstations use less disk space because commonly used data can be "
21104
"stored on a single machine and still remain accessible to others over the "
21105
"network."
21106
msgstr ""
21107
21108
#: serverguide/C/file-server.xml:333(para)
21109
msgid ""
21110
"There is no need for users to have separate home directories on every "
21111
"network machine. Home directories could be set up on the NFS server and made "
21112
"available throughout the network."
21113
msgstr ""
21114
21115
#: serverguide/C/file-server.xml:339(para)
21116
msgid ""
21117
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21118
"be used by other machines on the network. This may reduce the number of "
21119
"removable media drives throughout the network."
21120
msgstr ""
21121
21122
#: serverguide/C/file-server.xml:349(para)
21123
msgid ""
21124
"At a terminal prompt enter the following command to install the NFS Server:"
21125
msgstr ""
21126
21127
#: serverguide/C/file-server.xml:355(command)
21128
msgid "sudo apt-get install nfs-kernel-server"
21129
msgstr ""
21130
21131
#: serverguide/C/file-server.xml:361(para)
21132
msgid ""
21133
"You can configure the directories to be exported by adding them to the "
21134
"<filename>/etc/exports</filename> file. For example:"
21135
msgstr ""
21136
21137
#: serverguide/C/file-server.xml:366(screen)
21138
#, no-wrap
21139
msgid ""
21140
"\n"
21141
"/ubuntu *(ro,sync,no_root_squash)\n"
21142
"/home *(rw,sync,no_root_squash)\n"
21143
msgstr ""
21144
21145
#: serverguide/C/file-server.xml:372(para)
21146
msgid ""
21147
"You can replace * with one of the hostname formats. Make the hostname "
21148
"declaration as specific as possible so unwanted systems cannot access the "
21149
"NFS mount."
21150
msgstr ""
21151
21152
#: serverguide/C/file-server.xml:378(para)
21153
msgid ""
21154
"To start the NFS server, you can run the following command at a terminal "
21155
"prompt:"
21156
msgstr ""
21157
21158
#: serverguide/C/file-server.xml:383(command)
21159
msgid "sudo /etc/init.d/nfs-kernel-server start"
21160
msgstr ""
21161
21162
#: serverguide/C/file-server.xml:388(title)
21163
msgid "NFS Client Configuration"
21164
msgstr ""
21165
21166
#: serverguide/C/file-server.xml:389(para)
21167
msgid ""
21168
"Use the <application>mount</application> command to mount a shared NFS "
21169
"directory from another machine, by typing a command line similar to the "
21170
"following at a terminal prompt:"
21171
msgstr ""
21172
21173
#: serverguide/C/file-server.xml:395(command)
21174
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21175
msgstr ""
21176
21177
#: serverguide/C/file-server.xml:399(para)
21178
msgid ""
21179
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21180
"There should be no files or subdirectories in the "
21181
"<filename>/local/ubuntu</filename> directory."
21182
msgstr ""
21183
21184
#: serverguide/C/file-server.xml:406(para)
21185
msgid ""
21186
"An alternate way to mount an NFS share from another machine is to add a line "
21187
"to the <filename>/etc/fstab</filename> file. The line must state the "
21188
"hostname of the NFS server, the directory on the server being exported, and "
21189
"the directory on the local machine where the NFS share is to be mounted."
21190
msgstr ""
21191
21192
#: serverguide/C/file-server.xml:414(para)
21193
msgid ""
21194
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21195
"as follows:"
21196
msgstr ""
21197
21198
#: serverguide/C/file-server.xml:420(programlisting)
21199
#, no-wrap
21200
msgid ""
21201
"\n"
21202
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21203
"rsize=8192,wsize=8192,timeo=14,intr\n"
21204
msgstr ""
21205
21206
#: serverguide/C/file-server.xml:424(para)
21207
msgid ""
21208
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21209
"common</application> package is installed on your client. To install "
21210
"<application>nfs-common</application> enter the following command at the "
21211
"terminal prompt: <screen>\n"
21212
"<command>sudo apt-get install nfs-common</command>\n"
21213
"</screen>"
21214
msgstr ""
21215
21216
#: serverguide/C/file-server.xml:437(ulink)
21217
msgid "Linux NFS faq"
21218
msgstr ""
21219
21220
#: serverguide/C/file-server.xml:439(ulink)
21221
msgid "Ubuntu Wiki NFS Howto"
21222
msgstr ""
21223
21224
#: serverguide/C/file-server.xml:445(title)
21225
msgid "CUPS - Print Server"
21226
msgstr ""
21227
21228
#: serverguide/C/file-server.xml:446(para)
21229
msgid ""
21230
"The primary mechanism for Ubuntu printing and print services is the "
21231
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21232
"printing system is a freely available, portable printing layer which has "
21233
"become the new standard for printing in most Linux distributions."
21234
msgstr ""
21235
21236
#: serverguide/C/file-server.xml:453(para)
21237
msgid ""
21238
"CUPS manages print jobs and queues and provides network printing using the "
21239
"standard Internet Printing Protocol (IPP), while offering support for a very "
21240
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21241
"also supports PostScript Printer Description (PPD) and auto-detection of "
21242
"network printers, and features a simple web-based configuration and "
21243
"administration tool."
21244
msgstr ""
21245
21246
#: serverguide/C/file-server.xml:463(para)
21247
msgid ""
21248
"To install CUPS on your Ubuntu computer, simply use "
21249
"<application>sudo</application> with the <application>apt-get</application> "
21250
"command and give the packages to install as the first parameter. A complete "
21251
"CUPS install has many package dependencies, but they may all be specified on "
21252
"the same command line. Enter the following at a terminal prompt to install "
21253
"CUPS:"
21254
msgstr ""
21255
21256
#: serverguide/C/file-server.xml:468(command)
21257
msgid "sudo apt-get install cups"
21258
msgstr ""
21259
21260
#: serverguide/C/file-server.xml:471(para)
21261
msgid ""
21262
"Upon authenticating with your user password, the packages should be "
21263
"downloaded and installed without error. Upon the conclusion of installation, "
21264
"the CUPS server will be started automatically."
21265
msgstr ""
21266
21267
#: serverguide/C/file-server.xml:476(para)
21268
msgid ""
21269
"For troubleshooting purposes, you can access CUPS server errors via the "
21270
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21271
"error log does not show enough information to troubleshoot any problems you "
21272
"encounter, the verbosity of the CUPS log can be increased by changing the "
21273
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21274
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21275
"everything, from the default of \"info\". If you make this change, remember "
21276
"to change it back once you've solved your problem, to prevent the log file "
21277
"from becoming overly large."
21278
msgstr ""
21279
21280
#: serverguide/C/file-server.xml:489(para)
21281
msgid ""
21282
"The Common UNIX Printing System server's behavior is configured through the "
21283
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21284
"The CUPS configuration file follows the same syntax as the primary "
21285
"configuration file for the Apache HTTP server, so users familiar with "
21286
"editing Apache's configuration file should feel at ease when editing the "
21287
"CUPS configuration file. Some examples of settings you may wish to change "
21288
"initially will be presented here."
21289
msgstr ""
21290
21291
#: serverguide/C/file-server.xml:499(para)
21292
msgid ""
21293
"Prior to editing the configuration file, you should make a copy of the "
21294
"original file and protect it from writing, so you will have the original "
21295
"settings as a reference, and to reuse as necessary."
21296
msgstr ""
21297
21298
#: serverguide/C/file-server.xml:503(para)
21299
msgid ""
21300
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21301
"writing with the following commands, issued at a terminal prompt:"
21302
msgstr ""
21303
21304
#: serverguide/C/file-server.xml:509(command)
21305
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21306
msgstr ""
21307
21308
#: serverguide/C/file-server.xml:510(command)
21309
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21310
msgstr ""
21311
21312
#: serverguide/C/file-server.xml:515(para)
21313
msgid ""
21314
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21315
"address of the designated administrator of the CUPS server, simply edit the "
21316
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21317
"preferred text editor, and add or modify the <emphasis "
21318
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21319
"you are the Administrator for the CUPS server, and your e-mail address is "
21320
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21321
"as such:"
21322
msgstr ""
21323
21324
#: serverguide/C/file-server.xml:526(screen)
21325
#, no-wrap
21326
msgid ""
21327
"\n"
21328
"ServerAdmin bjoy@somebigco.com\n"
21329
msgstr ""
21330
21331
#: serverguide/C/file-server.xml:532(para)
21332
msgid ""
21333
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21334
"server installation listens only on the loopback interface at IP address "
21335
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21336
"listen on an actual network adapter's IP address, you must specify either a "
21337
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21338
"addition of a Listen directive. For example, if your CUPS server resides on "
21339
"a local network at the IP address <emphasis "
21340
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21341
"accessible to the other systems on this subnetwork, you would edit the "
21342
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21343
"such:"
21344
msgstr ""
21345
21346
#: serverguide/C/file-server.xml:546(screen)
21347
#, no-wrap
21348
msgid ""
21349
"\n"
21350
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21351
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21352
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21353
"(IPP)\n"
21354
msgstr ""
21355
21356
#: serverguide/C/file-server.xml:552(para)
21357
msgid ""
21358
"In the example above, you may comment out or remove the reference to the "
21359
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21360
"</application> to listen on that interface, but would rather have it only "
21361
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21362
"listening for all network interfaces for which a certain hostname is bound, "
21363
"including the Loopback, you could create a Listen entry for the hostname "
21364
"<emphasis>socrates</emphasis> as such:"
21365
msgstr ""
21366
21367
#: serverguide/C/file-server.xml:562(screen)
21368
#, no-wrap
21369
msgid ""
21370
"\n"
21371
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21372
msgstr ""
21373
21374
#: serverguide/C/file-server.xml:566(para)
21375
msgid ""
21376
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21377
"instead, as in:"
21378
msgstr ""
21379
21380
#: serverguide/C/file-server.xml:568(screen)
21381
#, no-wrap
21382
msgid ""
21383
"\n"
21384
"Port 631 # Listen on port 631 on all interfaces\n"
21385
msgstr ""
21386
21387
#: serverguide/C/file-server.xml:575(para)
21388
msgid ""
21389
"For more examples of configuration directives in the CUPS server "
21390
"configuration file, view the associated system manual page by entering the "
21391
"following command at a terminal prompt:"
21392
msgstr ""
21393
21394
#: serverguide/C/file-server.xml:582(command)
21395
msgid "man cupsd.conf"
21396
msgstr ""
21397
21398
#: serverguide/C/file-server.xml:586(para)
21399
msgid ""
21400
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21401
"configuration file, you'll need to restart the CUPS server by typing the "
21402
"following command at a terminal prompt:"
21403
msgstr ""
21404
21405
#: serverguide/C/file-server.xml:592(command)
21406
msgid "sudo /etc/init.d/cups restart"
21407
msgstr ""
21408
21409
#: serverguide/C/file-server.xml:598(title)
21410
msgid "Web Interface"
21411
msgstr ""
21412
21413
#: serverguide/C/file-server.xml:600(para)
21414
msgid ""
21415
"CUPS can be configured and monitored using a web interface, which by default "
21416
"is available at <ulink "
21417
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21418
"web interface can be used to perform all printer management tasks."
21419
msgstr ""
21420
21421
#: serverguide/C/file-server.xml:604(para)
21422
msgid ""
21423
"In order to perform administrative tasks via the web interface, you must "
21424
"either have the root account enabled on your server, or authenticate as a "
21425
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21426
"reasons, CUPS won't authenticate a user that doesn't have a password."
21427
msgstr ""
21428
21429
#: serverguide/C/file-server.xml:607(para)
21430
msgid ""
21431
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21432
"at the terminal prompt: <screen>\n"
21433
"<command>sudo usermod -aG lpadmin username</command>\n"
21434
"</screen>"
21435
msgstr ""
21436
21437
#: serverguide/C/file-server.xml:613(para)
21438
msgid ""
21439
"Further documentation is available in the <emphasis "
21440
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21441
msgstr ""
21442
21443
#: serverguide/C/file-server.xml:621(ulink)
21444
msgid "CUPS Website"
21445
msgstr ""
21446
21447
#: serverguide/C/file-server.xml:624(ulink)
21448
msgid "Ubuntu Wiki CUPS page"
21449
msgstr ""
21450
21451
#: serverguide/C/dns.xml:13(title)
21452
msgid "Domain Name Service (DNS)"
21453
msgstr ""
21454
21455
#: serverguide/C/dns.xml:14(para)
21456
msgid ""
21457
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21458
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21459
"alleviates the need to remember IP addresses. Computers that run DNS are "
21460
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21461
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21462
"common program used for maintaining a name server on Linux."
21463
msgstr ""
21464
21465
#: serverguide/C/dns.xml:24(para)
21466
msgid ""
21467
"At a terminal prompt, enter the following command to install "
21468
"<application>dns</application>:"
21469
msgstr ""
21470
21471
#: serverguide/C/dns.xml:28(command)
21472
msgid "sudo apt-get install bind9"
21473
msgstr ""
21474
21475
#: serverguide/C/dns.xml:30(para)
21476
msgid ""
21477
"A very useful package for testing and troubleshooting DNS issues is the "
21478
"dnsutils package. To install <application>dnsutils</application> enter the "
21479
"following:"
21480
msgstr ""
21481
21482
#: serverguide/C/dns.xml:35(command)
21483
msgid "sudo apt-get install dnsutils"
21484
msgstr ""
21485
21486
#: serverguide/C/dns.xml:40(para)
21487
msgid ""
21488
"There are many ways to configure <application>BIND9</application>. Some of "
21489
"the most common configurations are a caching nameserver, primary master, and "
21490
"as a secondary master."
21491
msgstr ""
21492
21493
#: serverguide/C/dns.xml:46(para)
21494
msgid ""
21495
"When configured as a caching nameserver BIND9 will find the answer to name "
21496
"queries and remember the answer when the domain is queried again."
21497
msgstr ""
21498
21499
#: serverguide/C/dns.xml:52(para)
21500
msgid ""
21501
"As a primary master server BIND9 reads the data for a zone from a file on "
21502
"it's host and is authoritative for that zone."
21503
msgstr ""
21504
21505
#: serverguide/C/dns.xml:57(para)
21506
msgid ""
21507
"In a secondary master configuration BIND9 gets the zone data from another "
21508
"nameserver authoritative for the zone."
21509
msgstr ""
21510
21511
#: serverguide/C/dns.xml:65(para)
21512
msgid ""
21513
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21514
"directory. The primary configuration file is "
21515
"<filename>/etc/bind/named.conf</filename>."
21516
msgstr ""
21517
21518
#: serverguide/C/dns.xml:72(para)
21519
msgid ""
21520
"The <emphasis>include</emphasis> line specifies the filename which contains "
21521
"the DNS options. The <emphasis>directory</emphasis> line in the "
21522
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21523
"look for files. All files BIND uses will be relative to this directory."
21524
msgstr ""
21525
21526
#: serverguide/C/dns.xml:80(para)
21527
msgid ""
21528
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21529
"nameservers in the world. The servers change over time, so the "
21530
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21531
"This is usually done as updates to the <application>bind9</application> "
21532
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21533
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21534
msgstr ""
21535
21536
#: serverguide/C/dns.xml:90(para)
21537
msgid ""
21538
"It is possible to configure the same server to be a caching name server, "
21539
"primary master, and secondary master. A server can be the Start of Authority "
21540
"(SOA) for one zone, while providing secondary service for another zone. All "
21541
"the while providing caching services for hosts on the local LAN."
21542
msgstr ""
21543
21544
#: serverguide/C/dns.xml:98(title)
21545
msgid "Caching Nameserver"
21546
msgstr ""
21547
21548
#: serverguide/C/dns.xml:99(para)
21549
msgid ""
21550
"The default configuration is setup to act as a caching server. All that is "
21551
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21552
"uncomment and edit the following in "
21553
"<filename>/etc/bind/named.conf.options</filename>:"
21554
msgstr ""
21555
21556
#: serverguide/C/dns.xml:103(programlisting)
21557
#, no-wrap
21558
msgid ""
21559
"\n"
21560
"forwarders {\n"
21561
" 1.2.3.4;\n"
21562
" 5.6.7.8;\n"
21563
" };\n"
21564
msgstr ""
21565
21566
#: serverguide/C/dns.xml:110(para)
21567
msgid ""
21568
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21569
"the IP Adresses of actual nameservers."
21570
msgstr ""
21571
21572
#: serverguide/C/dns.xml:114(para)
21573
msgid ""
21574
"Now restart the DNS server, to enable the new configuration. From a terminal "
21575
"prompt:"
21576
msgstr ""
21577
21578
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21579
msgid "sudo /etc/init.d/bind9 restart"
21580
msgstr ""
21581
21582
#: serverguide/C/dns.xml:120(para)
21583
msgid ""
21584
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21585
"DNS server."
21586
msgstr ""
21587
21588
#: serverguide/C/dns.xml:125(title)
21589
msgid "Primary Master"
21590
msgstr ""
21591
21592
#: serverguide/C/dns.xml:126(para)
21593
msgid ""
21594
"In this section <application>BIND9</application> will be configured as the "
21595
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21596
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21597
"(Fully Qualified Domain Name)."
21598
msgstr ""
21599
21600
#: serverguide/C/dns.xml:132(title)
21601
msgid "Forward Zone File"
21602
msgstr ""
21603
21604
#: serverguide/C/dns.xml:133(para)
21605
msgid ""
21606
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21607
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21608
msgstr ""
21609
21610
#: serverguide/C/dns.xml:137(programlisting)
21611
#, no-wrap
21612
msgid ""
21613
"\n"
21614
"zone \"example.com\" {\n"
21615
"\ttype master;\n"
21616
" file \"/etc/bind/db.example.com\";\n"
21617
"};\n"
21618
msgstr ""
21619
21620
#: serverguide/C/dns.xml:143(para)
21621
msgid ""
21622
"Now use an existing zone file as a template to create the "
21623
"<filename>/etc/bind/db.example.com</filename> file:"
21624
msgstr ""
21625
21626
#: serverguide/C/dns.xml:147(command)
21627
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21628
msgstr ""
21629
21630
#: serverguide/C/dns.xml:149(para)
21631
msgid ""
21632
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21633
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21634
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21635
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21636
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21637
"leaving the \".\" at the end."
21638
msgstr ""
21639
21640
#: serverguide/C/dns.xml:155(para)
21641
msgid ""
21642
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21643
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21644
msgstr ""
21645
21646
#: serverguide/C/dns.xml:159(programlisting)
21647
#, no-wrap
21648
msgid ""
21649
"\n"
21650
";\n"
21651
"; BIND data file for local loopback interface\n"
21652
";\n"
21653
"$TTL 604800\n"
21654
"@ IN SOA ns.example.com. root.example.com. (\n"
21655
" 2 ; Serial\n"
21656
" 604800 ; Refresh\n"
21657
" 86400 ; Retry\n"
21658
" 2419200 ; Expire\n"
21659
" 604800 ) ; Negative Cache TTL\n"
21660
";\n"
21661
"@ IN NS ns.example.com.\n"
21662
"@ IN A 127.0.0.1\n"
21663
"@ IN AAAA ::1\n"
21664
"ns IN A 192.168.1.10\n"
21665
msgstr ""
21666
21667
#: serverguide/C/dns.xml:176(para)
21668
msgid ""
21669
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21670
"make changes to the zone file. If you make multiple changes before "
21671
"restarting BIND9, simply increment the Serial once."
21672
msgstr ""
21673
21674
#: serverguide/C/dns.xml:180(para)
21675
msgid ""
21676
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21677
"linkend=\"dns-record-types\"/> for details."
21678
msgstr ""
21679
21680
#: serverguide/C/dns.xml:184(para)
21681
msgid ""
21682
"Many admins like to use the last date edited as the serial of a zone, such "
21683
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21684
"<emphasis>ss</emphasis> is the Serial Number)"
21685
msgstr ""
21686
21687
#: serverguide/C/dns.xml:189(para)
21688
msgid ""
21689
"Once you have made a change to the zone file "
21690
"<application>BIND9</application> will need to be restarted for the changes "
21691
"to take effect:"
21692
msgstr ""
21693
21694
#: serverguide/C/dns.xml:198(title)
21695
msgid "Reverse Zone File"
21696
msgstr ""
21697
21698
#: serverguide/C/dns.xml:199(para)
21699
msgid ""
21700
"Now that the zone is setup and resolving names to IP Adresses a "
21701
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21702
"DNS to resolve an address to a name."
21703
msgstr ""
21704
21705
#: serverguide/C/dns.xml:203(para)
21706
msgid "Edit /etc/bind/named.conf.local and add the following:"
21707
msgstr ""
21708
21709
#: serverguide/C/dns.xml:206(programlisting)
21710
#, no-wrap
21711
msgid ""
21712
"\n"
21713
"zone \"1.168.192.in-addr.arpa\" {\n"
21714
" type master;\n"
21715
" notify no;\n"
21716
" file \"/etc/bind/db.192\";\n"
21717
"};\n"
21718
msgstr ""
21719
21720
#: serverguide/C/dns.xml:214(para)
21721
msgid ""
21722
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21723
"whatever network you are using. Also, name the zone file "
21724
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21725
"first octet of your network."
21726
msgstr ""
21727
21728
#: serverguide/C/dns.xml:219(para)
21729
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21730
msgstr ""
21731
21732
#: serverguide/C/dns.xml:223(command)
21733
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21734
msgstr ""
21735
21736
#: serverguide/C/dns.xml:225(para)
21737
msgid ""
21738
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21739
"same options as <filename>/etc/bind/db.example.com</filename>:"
21740
msgstr ""
21741
21742
#: serverguide/C/dns.xml:229(programlisting)
21743
#, no-wrap
21744
msgid ""
21745
"\n"
21746
";\n"
21747
"; BIND reverse data file for local loopback interface\n"
21748
";\n"
21749
"$TTL 604800\n"
21750
"@ IN SOA ns.example.com. root.example.com. (\n"
21751
" 2 ; Serial\n"
21752
" 604800 ; Refresh\n"
21753
" 86400 ; Retry\n"
21754
" 2419200 ; Expire\n"
21755
" 604800 ) ; Negative Cache TTL\n"
21756
";\n"
21757
"@ IN NS ns.\n"
21758
"10 IN PTR ns.example.com.\n"
21759
msgstr ""
21760
21761
#: serverguide/C/dns.xml:244(para)
21762
msgid ""
21763
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21764
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21765
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21766
"create a <emphasis>PTR record</emphasis> in "
21767
"<filename>/etc/bind/db.192</filename>."
21768
msgstr ""
21769
21770
#: serverguide/C/dns.xml:249(para)
21771
msgid ""
21772
"After creating the reverse zone file restart "
21773
"<application>BIND9</application>:"
21774
msgstr ""
21775
21776
#: serverguide/C/dns.xml:258(title)
21777
msgid "Secondary Master"
21778
msgstr ""
21779
21780
#: serverguide/C/dns.xml:259(para)
21781
msgid ""
21782
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21783
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21784
"availability of the domain should the Primary become unavailable."
21785
msgstr ""
21786
21787
#: serverguide/C/dns.xml:263(para)
21788
msgid ""
21789
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21790
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21791
"and Reverse zone definitions in "
21792
"<filename>/etc/bind/named.conf.local</filename>:"
21793
msgstr ""
21794
21795
#: serverguide/C/dns.xml:267(programlisting)
21796
#, no-wrap
21797
msgid ""
21798
"\n"
21799
"zone \"example.com\" {\n"
21800
" type master;\n"
21801
"\tfile \"/etc/bind/db.example.com\";\n"
21802
" allow-transfer { 192.168.1.11; };\n"
21803
"};\n"
21804
"\n"
21805
"zone \"1.168.192.in-addr.arpa\" {\n"
21806
" type master;\n"
21807
" notify no;\n"
21808
" file \"/etc/bind/db.192\";\n"
21809
"\tallow-transfer { 192.168.1.11; };\n"
21810
"};\n"
21811
msgstr ""
21812
21813
#: serverguide/C/dns.xml:282(para)
21814
msgid ""
21815
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21816
"Secondary nameserver."
21817
msgstr ""
21818
21819
#: serverguide/C/dns.xml:286(para)
21820
msgid ""
21821
"Next, on the Secondary Master, install the <application>bind9</application> "
21822
"package the same way as on the Primary. Then edit the "
21823
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21824
"declarations for the Forward and Reverse zones:"
21825
msgstr ""
21826
21827
#: serverguide/C/dns.xml:290(programlisting)
21828
#, no-wrap
21829
msgid ""
21830
"\n"
21831
"zone \"example.com\" {\n"
21832
"\ttype slave;\n"
21833
" file \"/var/cache/bind/db.example.com\";\n"
21834
" masters { 192.168.1.10; };\n"
21835
"}; \n"
21836
" \n"
21837
"zone \"1.168.192.in-addr.arpa\" {\n"
21838
"\ttype slave;\n"
21839
" file \"/var/cache/bind/db.192\";\n"
21840
" masters { 192.168.1.10; };\n"
21841
"};\n"
21842
msgstr ""
21843
21844
#: serverguide/C/dns.xml:304(para)
21845
msgid ""
21846
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21847
"Primary nameserver."
21848
msgstr ""
21849
21850
#: serverguide/C/dns.xml:308(para)
21851
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21852
msgstr ""
21853
21854
#: serverguide/C/dns.xml:314(para)
21855
msgid ""
21856
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21857
msgstr ""
21858
21859
#: serverguide/C/dns.xml:317(programlisting)
21860
#, no-wrap
21861
msgid ""
21862
"\n"
21863
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21864
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21865
msgstr ""
21866
21867
#: serverguide/C/dns.xml:322(para)
21868
msgid ""
21869
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21870
"on the Primary is larger than the one on the Secondary."
21871
msgstr ""
21872
21873
#: serverguide/C/dns.xml:328(para)
21874
msgid ""
21875
"The default directory for non-authoritative zone files is "
21876
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21877
"<application>AppArmor</application> to allow the "
21878
"<application>named</application> daemon to write to it. For more information "
21879
"on AppArmor see <xref linkend=\"apparmor\"/>."
21880
msgstr ""
21881
21882
#: serverguide/C/dns.xml:339(para)
21883
msgid ""
21884
"This section covers ways to help determine the cause when problems happen "
21885
"with DNS and <application>BIND9</application>."
21886
msgstr ""
21887
21888
#: serverguide/C/dns.xml:345(title)
21889
msgid "resolv.conf"
21890
msgstr ""
21891
21892
#: serverguide/C/dns.xml:346(para)
21893
msgid ""
21894
"The first step in testing <application>BIND9</application> is to add the "
21895
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
21896
"be configured as well as another host to double check things. Simply edit "
21897
"<filename>/etc/resolv.conf</filename> and add the following:"
21898
msgstr ""
21899
21900
#: serverguide/C/dns.xml:351(programlisting)
21901
#, no-wrap
21902
msgid ""
21903
"\n"
21904
"nameserver\t192.168.1.10\n"
21905
"nameserver\t192.168.1.11\n"
21906
msgstr ""
21907
21908
#: serverguide/C/dns.xml:356(para)
21909
msgid ""
21910
"You should also add the IP Address of the Secondary nameserver in case the "
21911
"Primary becomes unavailable."
21912
msgstr ""
21913
21914
#: serverguide/C/dns.xml:362(title)
21915
msgid "dig"
21916
msgstr ""
21917
21918
#: serverguide/C/dns.xml:363(para)
21919
msgid ""
21920
"If you installed the <application>dnsutils</application> package you can "
21921
"test your setup using the DNS lookup utility <application>dig</application>:"
21922
msgstr ""
21923
21924
#: serverguide/C/dns.xml:369(para)
21925
msgid ""
21926
"After installing <application>BIND9</application> use "
21927
"<application>dig</application> against the loopback interface to make sure "
21928
"it is listening on port 53. From a terminal prompt:"
21929
msgstr ""
21930
21931
#: serverguide/C/dns.xml:374(command)
21932
msgid "dig -x 127.0.0.1"
21933
msgstr ""
21934
21935
#: serverguide/C/dns.xml:376(para)
21936
msgid "You should see lines similar to the following in the command output:"
21937
msgstr ""
21938
21939
#: serverguide/C/dns.xml:379(programlisting)
21940
#, no-wrap
21941
msgid ""
21942
"\n"
21943
";; Query time: 1 msec\n"
21944
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
21945
msgstr ""
21946
21947
#: serverguide/C/dns.xml:385(para)
21948
msgid ""
21949
"If you have configured <application>BIND9</application> as a "
21950
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
21951
"the query time:"
21952
msgstr ""
21953
21954
#: serverguide/C/dns.xml:390(command)
21955
msgid "dig ubuntu.com"
21956
msgstr ""
21957
21958
#: serverguide/C/dns.xml:392(para)
21959
msgid "Note the query time toward the end of the command output:"
21960
msgstr ""
21961
21962
#: serverguide/C/dns.xml:395(programlisting)
21963
#, no-wrap
21964
msgid ""
21965
"\n"
21966
";; Query time: 49 msec\n"
21967
msgstr ""
21968
21969
#: serverguide/C/dns.xml:398(para)
21970
msgid "After a second dig there should be improvement:"
21971
msgstr ""
21972
21973
#: serverguide/C/dns.xml:401(programlisting)
21974
#, no-wrap
21975
msgid ""
21976
"\n"
21977
";; Query time: 1 msec\n"
21978
msgstr ""
21979
21980
#: serverguide/C/dns.xml:408(title)
21981
msgid "ping"
21982
msgstr ""
21983
21984
#: serverguide/C/dns.xml:410(para)
21985
msgid ""
21986
"Now to demonstrate how applications make use of DNS to resolve a host name "
21987
"use the <application>ping</application> utility to send an ICMP echo "
21988
"request. From a terminal prompt enter:"
21989
msgstr ""
21990
21991
#: serverguide/C/dns.xml:416(command)
21992
msgid "ping example.com"
21993
msgstr ""
21994
21995
#: serverguide/C/dns.xml:418(para)
21996
msgid ""
21997
"This tests if the nameserver can resolve the name "
21998
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
21999
"should resemble:"
22000
msgstr ""
22001
22002
#: serverguide/C/dns.xml:422(programlisting)
22003
#, no-wrap
22004
msgid ""
22005
"\n"
22006
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22007
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22008
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22009
msgstr ""
22010
22011
#: serverguide/C/dns.xml:429(title)
22012
msgid "named-checkzone"
22013
msgstr ""
22014
22015
#: serverguide/C/dns.xml:430(para)
22016
msgid ""
22017
"A great way to test your zone files is by using the <application>named-"
22018
"checkzone</application> utility installed with the "
22019
"<application>bind9</application> package. This utility allows you to make "
22020
"sure the configuration is correct before restarting "
22021
"<application>BIND9</application> and making the changes live."
22022
msgstr ""
22023
22024
#: serverguide/C/dns.xml:437(para)
22025
msgid ""
22026
"To test our example Forward zone file enter the following from a command "
22027
"prompt:"
22028
msgstr ""
22029
22030
#: serverguide/C/dns.xml:441(command)
22031
msgid "named-checkzone example.com /etc/bind/db.example.com"
22032
msgstr ""
22033
22034
#: serverguide/C/dns.xml:443(para)
22035
msgid ""
22036
"If everything is configured correctly you should see output similar to:"
22037
msgstr ""
22038
22039
#: serverguide/C/dns.xml:446(programlisting)
22040
#, no-wrap
22041
msgid ""
22042
"\n"
22043
"zone example.com/IN: loaded serial 6\n"
22044
"OK\n"
22045
msgstr ""
22046
22047
#: serverguide/C/dns.xml:452(para)
22048
msgid "Similarly, to test the Reverse zone file enter the following:"
22049
msgstr ""
22050
22051
#: serverguide/C/dns.xml:456(command)
22052
msgid "named-checkzone example.com /etc/bind/db.192"
22053
msgstr ""
22054
22055
#: serverguide/C/dns.xml:458(para)
22056
msgid "The output should be similar to:"
22057
msgstr ""
22058
22059
#: serverguide/C/dns.xml:461(programlisting)
22060
#, no-wrap
22061
msgid ""
22062
"\n"
22063
"zone example.com/IN: loaded serial 3\n"
22064
"OK\n"
22065
msgstr ""
22066
22067
#: serverguide/C/dns.xml:468(para)
22068
msgid ""
22069
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22070
"different."
22071
msgstr ""
22072
22073
#: serverguide/C/dns.xml:475(title)
22074
msgid "Logging"
22075
msgstr ""
22076
22077
#: serverguide/C/dns.xml:476(para)
22078
msgid ""
22079
"<application>BIND9</application> has a wide variety of logging configuration "
22080
"options available. There are two main options. The "
22081
"<emphasis>channel</emphasis> option configures where logs go, and the "
22082
"<emphasis>category</emphasis> option determines what information to log."
22083
msgstr ""
22084
22085
#: serverguide/C/dns.xml:480(para)
22086
msgid "If no logging option is configured the default option is:"
22087
msgstr ""
22088
22089
#: serverguide/C/dns.xml:483(programlisting)
22090
#, no-wrap
22091
msgid ""
22092
"\n"
22093
"logging {\n"
22094
" category default { default_syslog; default_debug; };\n"
22095
" category unmatched { null; };\n"
22096
"};\n"
22097
msgstr ""
22098
22099
#: serverguide/C/dns.xml:489(para)
22100
msgid ""
22101
"This section covers configuring <application>BIND9</application> to send "
22102
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22103
"file."
22104
msgstr ""
22105
22106
#: serverguide/C/dns.xml:494(para)
22107
msgid ""
22108
"First, we need to configure a channel to specify which file to send the "
22109
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22110
"the following:"
22111
msgstr ""
22112
22113
#: serverguide/C/dns.xml:498(programlisting)
22114
#, no-wrap
22115
msgid ""
22116
"\n"
22117
"logging {\n"
22118
" channel query.log { \n"
22119
" file \"/var/log/query.log\";\n"
22120
" severity debug 3; \n"
22121
" }; \n"
22122
"};\n"
22123
msgstr ""
22124
22125
#: serverguide/C/dns.xml:508(para)
22126
msgid "Next, configure a category to send all DNS queries to the query file:"
22127
msgstr ""
22128
22129
#: serverguide/C/dns.xml:511(programlisting)
22130
#, no-wrap
22131
msgid ""
22132
"\n"
22133
"logging {\n"
22134
" channel query.log { \n"
22135
" file \"/var/log/query.log\"; \n"
22136
" severity debug 3; \n"
22137
" }; \n"
22138
" <emphasis>category queries { query.log; };</emphasis> \n"
22139
"};\n"
22140
msgstr ""
22141
22142
#: serverguide/C/dns.xml:523(para)
22143
msgid ""
22144
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22145
"level isn't specified level 1 is the default."
22146
msgstr ""
22147
22148
#: serverguide/C/dns.xml:529(para)
22149
msgid ""
22150
"Since the <emphasis>named daemon</emphasis> runs as the "
22151
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22152
"file must be created and the ownership changed:"
22153
msgstr ""
22154
22155
#: serverguide/C/dns.xml:534(command)
22156
msgid "sudo touch /var/log/query.log"
22157
msgstr ""
22158
22159
#: serverguide/C/dns.xml:535(command)
22160
msgid "sudo chown bind /var/log/query.log"
22161
msgstr ""
22162
22163
#: serverguide/C/dns.xml:539(para)
22164
msgid ""
22165
"Before <application>named</application> daemon can write to the new log file "
22166
"the <application>AppArmor</application> profile must be updated. First, edit "
22167
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22168
msgstr ""
22169
22170
#: serverguide/C/dns.xml:543(programlisting)
22171
#, no-wrap
22172
msgid ""
22173
"\n"
22174
"/var/log/query.log w,\n"
22175
msgstr ""
22176
22177
#: serverguide/C/dns.xml:546(para)
22178
msgid "Next, reload the profile:"
22179
msgstr ""
22180
22181
#: serverguide/C/dns.xml:550(command)
22182
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22183
msgstr ""
22184
22185
#: serverguide/C/dns.xml:552(para)
22186
msgid ""
22187
"For more information on <application>AppArmor</application> see <xref "
22188
"linkend=\"apparmor\"/>"
22189
msgstr ""
22190
22191
#: serverguide/C/dns.xml:557(para)
22192
msgid ""
22193
"Now restart <application>BIND9</application> for the changes to take effect:"
22194
msgstr ""
22195
22196
#: serverguide/C/dns.xml:565(para)
22197
msgid ""
22198
"You should see the file <filename>/var/log/query.log</filename> fill with "
22199
"query information. This is a simple example of the "
22200
"<application>BIND9</application> logging options. For coverage of advanced "
22201
"options see <xref linkend=\"dns-more-info\"/>."
22202
msgstr ""
22203
22204
#: serverguide/C/dns.xml:574(title)
22205
msgid "Common Record Types"
22206
msgstr ""
22207
22208
#: serverguide/C/dns.xml:575(para)
22209
msgid "This section covers some of the most common DNS record types."
22210
msgstr ""
22211
22212
#: serverguide/C/dns.xml:580(para)
22213
msgid ""
22214
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22215
msgstr ""
22216
22217
#: serverguide/C/dns.xml:583(programlisting)
22218
#, no-wrap
22219
msgid ""
22220
"\n"
22221
"www IN A 192.168.1.12\n"
22222
msgstr ""
22223
22224
#: serverguide/C/dns.xml:588(para)
22225
msgid ""
22226
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22227
"record. You cannot create a CNAME record pointing to another CNAME record."
22228
msgstr ""
22229
22230
#: serverguide/C/dns.xml:591(programlisting)
22231
#, no-wrap
22232
msgid ""
22233
"\n"
22234
"web IN CNAME www\n"
22235
msgstr ""
22236
22237
#: serverguide/C/dns.xml:596(para)
22238
msgid ""
22239
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22240
"to. Must point to an A record, not a CNAME."
22241
msgstr ""
22242
22243
#: serverguide/C/dns.xml:599(programlisting)
22244
#, no-wrap
22245
msgid ""
22246
"\n"
22247
" IN MX 1 mail.example.com.\n"
22248
"mail IN A 192.168.1.13\n"
22249
msgstr ""
22250
22251
#: serverguide/C/dns.xml:605(para)
22252
msgid ""
22253
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22254
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22255
"Secondary servers are defined."
22256
msgstr ""
22257
22258
#: serverguide/C/dns.xml:609(programlisting)
22259
#, no-wrap
22260
msgid ""
22261
"\n"
22262
" IN NS ns.example.com.\n"
22263
"\tIN NS ns2.example.com.\n"
22264
"ns IN A 192.168.1.10\n"
22265
"ns2\tIN A\t 192.168.1.11\n"
22266
msgstr ""
22267
22268
#: serverguide/C/dns.xml:622(para)
22269
msgid ""
22270
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22271
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22272
msgstr ""
22273
22274
#: serverguide/C/dns.xml:627(para)
22275
msgid ""
22276
"For in depth coverage of <emphasis>DNS</emphasis> and "
22277
"<application>BIND9</application> see <ulink "
22278
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22279
msgstr ""
22280
22281
#: serverguide/C/dns.xml:632(para)
22282
msgid ""
22283
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22284
"BIND</ulink> is a popular book now in it's fifth edition."
22285
msgstr ""
22286
22287
#: serverguide/C/dns.xml:637(para)
22288
msgid ""
22289
"A great place to ask for <application>BIND9</application> assistance, and "
22290
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22291
"server</emphasis> IRC channel on <ulink "
22292
"url=\"http://freenode.net\">freenode</ulink>."
22293
msgstr ""
22294
22295
#: serverguide/C/dns.xml:643(para)
22296
msgid ""
22297
"Also, see the <ulink "
22298
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22299
"HOWTO</ulink> in the Ubuntu Wiki."
22300
msgstr ""
22301
22302
#: serverguide/C/databases.xml:13(title)
22303
msgid "Databases"
22304
msgstr ""
22305
22306
#: serverguide/C/databases.xml:14(para)
22307
msgid "Ubuntu provides two popular database servers. They are:"
22308
msgstr ""
22309
22310
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22311
msgid "PostgreSQL"
22312
msgstr ""
22313
22314
#: serverguide/C/databases.xml:25(para)
22315
msgid ""
22316
"They are available in the main repository. This section explains how to "
22317
"install and configure these database servers."
22318
msgstr ""
22319
22320
#: serverguide/C/databases.xml:32(para)
22321
msgid ""
22322
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22323
"It is intended for mission-critical, heavy-load production systems as well "
22324
"as for embedding into mass-deployed software."
22325
msgstr ""
22326
22327
#: serverguide/C/databases.xml:41(para)
22328
msgid "To install MySQL, run the following command from a terminal prompt:"
22329
msgstr ""
22330
22331
#: serverguide/C/databases.xml:46(command)
22332
msgid "sudo apt-get install mysql-server"
22333
msgstr ""
22334
22335
#: serverguide/C/databases.xml:48(para)
22336
msgid ""
22337
"During the installation process you will be prompted to enter a password for "
22338
"the <application>MySQL</application> root user."
22339
msgstr ""
22340
22341
#: serverguide/C/databases.xml:53(para)
22342
msgid ""
22343
"Once the installation is complete, the MySQL server should be started "
22344
"automatically. You can run the following command from a terminal prompt to "
22345
"check whether the MySQL server is running:"
22346
msgstr ""
22347
22348
#: serverguide/C/databases.xml:61(command)
22349
msgid "sudo netstat -tap | grep mysql"
22350
msgstr ""
22351
22352
#: serverguide/C/databases.xml:70(programlisting)
22353
#, no-wrap
22354
msgid ""
22355
"\n"
22356
"tcp 0 0 localhost:mysql *:* LISTEN "
22357
" 2556/mysqld\n"
22358
msgstr ""
22359
22360
#: serverguide/C/databases.xml:74(para)
22361
msgid ""
22362
"If the server is not running correctly, you can type the following command "
22363
"to start it:"
22364
msgstr ""
22365
22366
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22367
msgid "sudo /etc/init.d/mysql restart"
22368
msgstr ""
22369
22370
#: serverguide/C/databases.xml:85(para)
22371
msgid ""
22372
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22373
"the basic settings -- log file, port number, etc. For example, to configure "
22374
"<application>MySQL</application> to listen for connections from network "
22375
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22376
"server's IP address:"
22377
msgstr ""
22378
22379
#: serverguide/C/databases.xml:91(programlisting)
22380
#, no-wrap
22381
msgid ""
22382
"\n"
22383
"bind-address = 192.168.0.5\n"
22384
msgstr ""
22385
22386
#: serverguide/C/databases.xml:95(para)
22387
msgid "Replace 192.168.0.5 with the appropriate address."
22388
msgstr ""
22389
22390
#: serverguide/C/databases.xml:99(para)
22391
msgid ""
22392
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22393
"<application>mysql</application> daemon will need to be restarted:"
22394
msgstr ""
22395
22396
#: serverguide/C/databases.xml:107(para)
22397
msgid ""
22398
"If you would like to change the "
22399
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22400
"terminal enter:"
22401
msgstr ""
22402
22403
#: serverguide/C/databases.xml:113(command)
22404
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22405
msgstr ""
22406
22407
#: serverguide/C/databases.xml:116(para)
22408
msgid ""
22409
"The <application>mysql</application> daemon will be stopped, and you will be "
22410
"prompted to enter a new password."
22411
msgstr ""
22412
22413
#: serverguide/C/databases.xml:125(para)
22414
msgid ""
22415
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22416
"more information."
22417
msgstr ""
22418
22419
#: serverguide/C/databases.xml:130(para)
22420
msgid ""
22421
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22422
"<application>mysql-doc-5.0</application> package. To install the package "
22423
"enter the following in a terminal:"
22424
msgstr ""
22425
22426
#: serverguide/C/databases.xml:135(command)
22427
msgid "sudo apt-get install mysql-doc-5.0"
22428
msgstr ""
22429
22430
#: serverguide/C/databases.xml:137(para)
22431
msgid ""
22432
"The documentation is in HTML format, to view them enter "
22433
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22434
"chapter/index.html</command> in your browser's address bar."
22435
msgstr ""
22436
22437
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22438
msgid ""
22439
"For general SQL information see <ulink "
22440
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22441
"Special Edition</ulink> by Rafe Colburn."
22442
msgstr ""
22443
22444
#: serverguide/C/databases.xml:149(para)
22445
msgid ""
22446
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22447
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22448
msgstr ""
22449
22450
#: serverguide/C/databases.xml:158(para)
22451
msgid ""
22452
"PostgreSQL is an object-relational database system that has the features of "
22453
"traditional commercial database systems with enhancements to be found in "
22454
"next-generation DBMS systems."
22455
msgstr ""
22456
22457
#: serverguide/C/databases.xml:165(para)
22458
msgid ""
22459
"To install PostgreSQL, run the following command in the command prompt:"
22460
msgstr ""
22461
22462
#: serverguide/C/databases.xml:172(command)
22463
msgid "sudo apt-get install postgresql"
22464
msgstr ""
22465
22466
#: serverguide/C/databases.xml:176(para)
22467
msgid ""
22468
"Once the installation is complete, you should configure the PostgreSQL "
22469
"server based on your needs, although the default configuration is viable."
22470
msgstr ""
22471
22472
#: serverguide/C/databases.xml:184(para)
22473
msgid ""
22474
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22475
"client authentication methods. By default, IDENT authentication method is "
22476
"used for <application>postgres</application> and local users. Please refer "
22477
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22478
"PostgreSQL Administrator's Guide</ulink>."
22479
msgstr ""
22480
22481
#: serverguide/C/databases.xml:191(para)
22482
msgid ""
22483
"The following discussion assumes that you wish to enable TCP/IP connections "
22484
"and use the MD5 method for client authentication. PostgreSQL configuration "
22485
"files are stored in the "
22486
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22487
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22488
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22489
msgstr ""
22490
22491
#: serverguide/C/databases.xml:201(para)
22492
msgid ""
22493
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22494
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22495
msgstr ""
22496
22497
#: serverguide/C/databases.xml:208(para)
22498
msgid ""
22499
"To enable TCP/IP connections, edit the file "
22500
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22501
msgstr ""
22502
22503
#: serverguide/C/databases.xml:210(para)
22504
msgid ""
22505
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22506
"change it to:"
22507
msgstr ""
22508
22509
#: serverguide/C/databases.xml:213(programlisting)
22510
#, no-wrap
22511
msgid ""
22512
"\n"
22513
"listen_addresses = 'localhost'\n"
22514
msgstr ""
22515
22516
#: serverguide/C/databases.xml:217(para)
22517
msgid ""
22518
"To allow other computers to connect to your "
22519
"<application>PostgreSQL</application> server replace 'localhost' with the "
22520
"<emphasis>IP Address</emphasis> of your server."
22521
msgstr ""
22522
22523
#: serverguide/C/databases.xml:222(para)
22524
msgid ""
22525
"You may also edit all other parameters, if you know what you are doing! For "
22526
"details, refer to the configuration file or to the PostgreSQL documentation."
22527
msgstr ""
22528
22529
#: serverguide/C/databases.xml:227(para)
22530
msgid ""
22531
"Now that we can connect to our <application>PostgreSQL</application> server, "
22532
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22533
"user. Run the following command at a terminal prompt to connect to the "
22534
"default PostgreSQL template database:"
22535
msgstr ""
22536
22537
#: serverguide/C/databases.xml:234(command)
22538
msgid "sudo -u postgres psql template1"
22539
msgstr ""
22540
22541
#: serverguide/C/databases.xml:236(para)
22542
msgid ""
22543
"The above command connects to PostgreSQL database "
22544
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22545
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22546
"run the following SQL command at the <application>psql</application> prompt "
22547
"to configure the password for the user <emphasis "
22548
"role=\"italics\">postgres</emphasis>."
22549
msgstr ""
22550
22551
#: serverguide/C/databases.xml:244(command)
22552
msgid "ALTER USER postgres with encrypted password 'your_password';"
22553
msgstr ""
22554
22555
#: serverguide/C/databases.xml:246(para)
22556
msgid ""
22557
"After configuring the password, edit the file "
22558
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22559
"<emphasis>MD5</emphasis> authentication with the "
22560
"<emphasis>postgres</emphasis> user:"
22561
msgstr ""
22562
22563
#: serverguide/C/databases.xml:252(programlisting)
22564
#, no-wrap
22565
msgid ""
22566
"\n"
22567
"local all postgres md5\n"
22568
msgstr ""
22569
22570
#: serverguide/C/databases.xml:256(para)
22571
msgid ""
22572
"Finally, you should restart the <application>PostgreSQL</application> "
22573
"service to initialize the new configuration. From a terminal prompt enter "
22574
"the following to restart <application>PostgreSQL</application>:"
22575
msgstr ""
22576
22577
#: serverguide/C/databases.xml:262(command)
22578
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22579
msgstr ""
22580
22581
#: serverguide/C/databases.xml:265(para)
22582
msgid ""
22583
"The above configuration is not complete by any means. Please refer <ulink "
22584
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22585
"Administrator's Guide</ulink> to configure more parameters."
22586
msgstr ""
22587
22588
#: serverguide/C/databases.xml:276(para)
22589
msgid ""
22590
"As mentioned above the <ulink "
22591
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22592
"Guide</ulink> is an excellent resource. The guide is also available in the "
22593
"<application>postgresql-doc-8.4</application> package. Execute the following "
22594
"in a terminal to install the package:"
22595
msgstr ""
22596
22597
#: serverguide/C/databases.xml:282(command)
22598
msgid "sudo apt-get install postgresql-doc-8.4"
22599
msgstr ""
22600
22601
#: serverguide/C/databases.xml:284(para)
22602
msgid ""
22603
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22604
"8.4/html/index.html</command> into the address bar of your browser."
22605
msgstr ""
22606
22607
#: serverguide/C/databases.xml:296(para)
22608
msgid ""
22609
"Also, see the <ulink "
22610
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22611
"Wiki</ulink> page for more information."
22612
msgstr ""
22613
22614
#: serverguide/C/clustering.xml:13(title)
22615
msgid "Clustering"
22616
msgstr ""
22617
22618
#: serverguide/C/clustering.xml:16(title)
22619
msgid "DRBD"
22620
msgstr ""
22621
22622
#: serverguide/C/clustering.xml:18(para)
22623
msgid ""
22624
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22625
"multiple hosts. The replication is transparent to other applications on the "
22626
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22627
"volumes, etc can be mirrored."
22628
msgstr ""
22629
22630
#: serverguide/C/clustering.xml:24(para)
22631
msgid ""
22632
"To get started using <application>drbd</application>, first install the "
22633
"necessary packages. From a terminal enter:"
22634
msgstr ""
22635
22636
#: serverguide/C/clustering.xml:29(command)
22637
msgid "sudo apt-get install drbd8-utils"
22638
msgstr ""
22639
22640
#: serverguide/C/clustering.xml:33(para)
22641
msgid ""
22642
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22643
"virtual machine you will need to manually compile the "
22644
"<application>drbd</application> module. It may be easier to install the "
22645
"<application>linux-server</application> package inside the virtual machine."
22646
msgstr ""
22647
22648
#: serverguide/C/clustering.xml:40(para)
22649
msgid ""
22650
"This section covers setting up a <application>drbd</application> to "
22651
"replicate a separate <filename>/srv</filename> partition, with an "
22652
"<application>ext3</application> filesystem between two hosts. The partition "
22653
"size is not particularly relevant, but both partitions need to be the same "
22654
"size."
22655
msgstr ""
22656
22657
#: serverguide/C/clustering.xml:49(para)
22658
msgid ""
22659
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22660
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22661
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22662
"See <xref linkend=\"dns\"/> for details."
22663
msgstr ""
22664
22665
#: serverguide/C/clustering.xml:57(para)
22666
msgid ""
22667
"To configure <application>drbd</application>, on the first host edit "
22668
"<filename>/etc/drbd.conf</filename>:"
22669
msgstr ""
22670
22671
#: serverguide/C/clustering.xml:61(programlisting)
22672
#, no-wrap
22673
msgid ""
22674
"\n"
22675
"global { usage-count no; }\n"
22676
"common { syncer { rate 100M; } }\n"
22677
"resource r0 {\n"
22678
" protocol C;\n"
22679
" startup {\n"
22680
" wfc-timeout 15;\n"
22681
" degr-wfc-timeout 60;\n"
22682
" }\n"
22683
" net {\n"
22684
" cram-hmac-alg sha1;\n"
22685
" shared-secret \"secret\";\n"
22686
" }\n"
22687
" on drbd01 {\n"
22688
" device /dev/drbd0;\n"
22689
" disk /dev/sdb1;\n"
22690
" address 192.168.0.1:7788;\n"
22691
" meta-disk internal;\n"
22692
" }\n"
22693
" on drbd02 {\n"
22694
" device /dev/drbd0;\n"
22695
" disk /dev/sdb1;\n"
22696
" address 192.168.0.2:7788;\n"
22697
" meta-disk internal;\n"
22698
" }\n"
22699
"} \n"
22700
msgstr ""
22701
22702
#: serverguide/C/clustering.xml:90(para)
22703
msgid ""
22704
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22705
"this example their default values are fine."
22706
msgstr ""
22707
22708
#: serverguide/C/clustering.xml:98(para)
22709
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22710
msgstr ""
22711
22712
#: serverguide/C/clustering.xml:103(command)
22713
msgid "scp /etc/drbd.conf drbd02:~"
22714
msgstr ""
22715
22716
#: serverguide/C/clustering.xml:109(para)
22717
msgid ""
22718
"And, on <emphasis>drbd02</emphasis> move the file to "
22719
"<filename>/etc</filename>:"
22720
msgstr ""
22721
22722
#: serverguide/C/clustering.xml:114(command)
22723
msgid "sudo mv drbd.conf /etc/"
22724
msgstr ""
22725
22726
#: serverguide/C/clustering.xml:120(para)
22727
msgid ""
22728
"Next, on both hosts, start the <application>drbd</application> daemon:"
22729
msgstr ""
22730
22731
#: serverguide/C/clustering.xml:125(command)
22732
msgid "sudo /etc/init.d/drbd start"
22733
msgstr ""
22734
22735
#: serverguide/C/clustering.xml:131(para)
22736
msgid ""
22737
"Now using the <application>drbdadm</application> utility initialize the meta "
22738
"data storage. On each server execute:"
22739
msgstr ""
22740
22741
#: serverguide/C/clustering.xml:137(command)
22742
msgid "sudo drbdadm create-md r0"
22743
msgstr ""
22744
22745
#: serverguide/C/clustering.xml:143(para)
22746
msgid ""
22747
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22748
"primary, enter the following:"
22749
msgstr ""
22750
22751
#: serverguide/C/clustering.xml:148(command)
22752
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22753
msgstr ""
22754
22755
#: serverguide/C/clustering.xml:154(para)
22756
msgid ""
22757
"After executing the above command, the data will start syncing with the "
22758
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22759
"the following:"
22760
msgstr ""
22761
22762
#: serverguide/C/clustering.xml:160(command)
22763
msgid "watch -n1 cat /proc/drbd"
22764
msgstr ""
22765
22766
#: serverguide/C/clustering.xml:163(para)
22767
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22768
msgstr ""
22769
22770
#: serverguide/C/clustering.xml:170(para)
22771
msgid ""
22772
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22773
msgstr ""
22774
22775
#: serverguide/C/clustering.xml:175(command)
22776
msgid "sudo mkfs.ext3 /dev/drbd0"
22777
msgstr ""
22778
22779
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22780
msgid "sudo mount /dev/drbd0 /srv"
22781
msgstr ""
22782
22783
#: serverguide/C/clustering.xml:186(para)
22784
msgid ""
22785
"To test that the data is actually syncing between the hosts copy some files "
22786
"on the <emphasis>drbd01</emphasis>, the primary, to "
22787
"<filename>/srv</filename>:"
22788
msgstr ""
22789
22790
#: serverguide/C/clustering.xml:195(para)
22791
msgid "Next, unmount <filename>/srv</filename>:"
22792
msgstr ""
22793
22794
#: serverguide/C/clustering.xml:203(para)
22795
msgid ""
22796
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22797
"<emphasis>secondary</emphasis> role:"
22798
msgstr ""
22799
22800
#: serverguide/C/clustering.xml:208(command)
22801
msgid "sudo drbdadm secondary r0"
22802
msgstr ""
22803
22804
#: serverguide/C/clustering.xml:211(para)
22805
msgid ""
22806
"Now on the <emphasis>secondary</emphasis> server "
22807
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22808
msgstr ""
22809
22810
#: serverguide/C/clustering.xml:216(command)
22811
msgid "sudo drbdadm primary r0"
22812
msgstr ""
22813
22814
#: serverguide/C/clustering.xml:219(para)
22815
msgid "Lastly, mount the partition:"
22816
msgstr ""
22817
22818
#: serverguide/C/clustering.xml:227(para)
22819
msgid ""
22820
"Using <emphasis>ls</emphasis> you should see "
22821
"<filename>/srv/default</filename> copied from the former "
22822
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22823
msgstr ""
22824
22825
#: serverguide/C/clustering.xml:238(para)
22826
msgid ""
22827
"For more information on <application>DRBD</application> see the <ulink "
22828
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22829
msgstr ""
22830
22831
#: serverguide/C/clustering.xml:243(para)
22832
msgid ""
22833
"The <ulink "
22834
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22835
">drbd.conf man page</ulink> contains details on the options not covered in "
22836
"this guide."
22837
msgstr ""
22838
22839
#: serverguide/C/clustering.xml:249(para)
22840
msgid ""
22841
"Also, see the <ulink "
22842
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22843
"rbdadm man page</ulink>."
22844
msgstr ""
22845
22846
#: serverguide/C/clustering.xml:254(para)
22847
msgid ""
22848
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22849
"Wiki</ulink> page also has more information."
22850
msgstr ""
22851
22852
#: serverguide/C/chat.xml:13(title)
22853
msgid "Chat Applications"
22854
msgstr ""
22855
22856
#: serverguide/C/chat.xml:19(para)
22857
msgid ""
22858
"In this section, we will discuss how to install and configure a IRC server, "
22859
"<application>ircd-irc2</application>. We will also discuss how to install "
22860
"and configure Jabber, an instance messaging server."
22861
msgstr ""
22862
22863
#: serverguide/C/chat.xml:28(title)
22864
msgid "IRC Server"
22865
msgstr ""
22866
22867
#: serverguide/C/chat.xml:30(para)
22868
msgid ""
22869
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22870
"explains how to install and configure the original IRC server "
22871
"<application>ircd-irc2</application>."
22872
msgstr ""
22873
22874
#: serverguide/C/chat.xml:39(para)
22875
msgid ""
22876
"To install <application>ircd-irc2</application>, run the following command "
22877
"in the command prompt:"
22878
msgstr ""
22879
22880
#: serverguide/C/chat.xml:45(command)
22881
msgid "sudo apt-get install ircd-irc2"
22882
msgstr ""
22883
22884
#: serverguide/C/chat.xml:48(para)
22885
msgid ""
22886
"The configuration files are stored in <filename>/etc/ircd</filename> "
22887
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22888
"irc2</filename> directory."
22889
msgstr ""
22890
22891
#: serverguide/C/chat.xml:59(para)
22892
msgid ""
22893
"The IRC settings can be done in the configuration file "
22894
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
22895
"this file by editing the following line:"
22896
msgstr ""
22897
22898
#: serverguide/C/chat.xml:64(programlisting)
22899
#, no-wrap
22900
msgid ""
22901
"\n"
22902
"M:irc.localhost::Debian ircd default configuration::000A\n"
22903
msgstr ""
22904
22905
#: serverguide/C/chat.xml:68(para)
22906
msgid ""
22907
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
22908
"you set irc.livecipher.com as IRC host name, please make sure "
22909
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
22910
"name should not be same as the host name."
22911
msgstr ""
22912
22913
#: serverguide/C/chat.xml:75(para)
22914
msgid ""
22915
"The IRC admin details can be configured by editing the following line:"
22916
msgstr ""
22917
22918
#: serverguide/C/chat.xml:80(programlisting)
22919
#, no-wrap
22920
msgid ""
22921
"\n"
22922
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
22923
"Server::IRCnet:\n"
22924
msgstr ""
22925
22926
#: serverguide/C/chat.xml:84(para)
22927
msgid ""
22928
"You should add specific lines to configure the list of IRC ports to listen "
22929
"on, to configure Operator credentials, to configure client authentication, "
22930
"etc. For details, please refer to the example configuration file "
22931
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
22932
msgstr ""
22933
22934
#: serverguide/C/chat.xml:92(para)
22935
msgid ""
22936
"The IRC banner to be displayed in the IRC client, when the user connects to "
22937
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
22938
msgstr ""
22939
22940
#: serverguide/C/chat.xml:97(para)
22941
msgid ""
22942
"After making necessary changes to the configuration file, you can restart "
22943
"the IRC server using following command:"
22944
msgstr ""
22945
22946
#: serverguide/C/chat.xml:101(programlisting)
22947
#, no-wrap
22948
msgid ""
22949
"\n"
22950
"sudo /etc/init.d/ircd-irc2 restart\n"
22951
msgstr ""
22952
22953
#: serverguide/C/chat.xml:109(para)
22954
msgid ""
22955
"You may also be interested to take a look at other IRC servers available in "
22956
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
22957
"<application>ircd-hybrid</application>."
22958
msgstr ""
22959
22960
#: serverguide/C/chat.xml:117(para)
22961
msgid ""
22962
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
22963
"FAQ</ulink> for more details about the IRC Server."
22964
msgstr ""
22965
22966
#: serverguide/C/chat.xml:124(para)
22967
msgid ""
22968
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
22969
"IRCD</ulink> page has more information."
22970
msgstr ""
22971
22972
#: serverguide/C/chat.xml:132(title)
22973
msgid "Jabber Instant Messaging Server"
22974
msgstr ""
22975
22976
#: serverguide/C/chat.xml:134(para)
22977
msgid ""
22978
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
22979
"XMPP, an open standard for instant messaging, and used by many popular "
22980
"applications. This section covers setting up a <emphasis>Jabberd "
22981
"2</emphasis> server on a local LAN. This configuration can also be adapted "
22982
"to providing messaging services to users over the Internet."
22983
msgstr ""
22984
22985
#: serverguide/C/chat.xml:143(para)
22986
msgid "To install <application>jabberd2</application>, in a terminal enter:"
22987
msgstr ""
22988
22989
#: serverguide/C/chat.xml:148(command)
22990
msgid "sudo apt-get install jabberd2"
22991
msgstr ""
22992
22993
#: serverguide/C/chat.xml:155(para)
22994
msgid ""
22995
"A couple of XML configuration files will be used to configure "
22996
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
22997
"authentication. This is a very simple form of authentication. However, "
22998
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
22999
"Postgresql, etc for for user authentication."
23000
msgstr ""
23001
23002
#: serverguide/C/chat.xml:162(para)
23003
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23004
msgstr ""
23005
23006
#: serverguide/C/chat.xml:166(programlisting)
23007
#, no-wrap
23008
msgid ""
23009
"\n"
23010
" <id>jabber.example.com</id>\n"
23011
msgstr ""
23012
23013
#: serverguide/C/chat.xml:171(para)
23014
msgid ""
23015
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23016
"id, of your server."
23017
msgstr ""
23018
23019
#: serverguide/C/chat.xml:176(para)
23020
msgid "Now in the <storage> section change the <driver> to:"
23021
msgstr ""
23022
23023
#: serverguide/C/chat.xml:180(programlisting)
23024
#, no-wrap
23025
msgid ""
23026
"\n"
23027
" <driver>db</driver>\n"
23028
msgstr ""
23029
23030
#: serverguide/C/chat.xml:184(para)
23031
msgid ""
23032
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23033
"<emphasis><local></emphasis> section change:"
23034
msgstr ""
23035
23036
#: serverguide/C/chat.xml:188(programlisting)
23037
#, no-wrap
23038
msgid ""
23039
"\n"
23040
" <id>jabber.example.com</id>\n"
23041
msgstr ""
23042
23043
#: serverguide/C/chat.xml:192(para)
23044
msgid ""
23045
"And in the <authreg> section adjust the <module> section to:"
23046
msgstr ""
23047
23048
#: serverguide/C/chat.xml:196(programlisting)
23049
#, no-wrap
23050
msgid ""
23051
"\n"
23052
" <module>db</module>\n"
23053
msgstr ""
23054
23055
#: serverguide/C/chat.xml:200(para)
23056
msgid ""
23057
"Finally, restart <application>jabberd2</application> to enable the new "
23058
"settings:"
23059
msgstr ""
23060
23061
#: serverguide/C/chat.xml:205(command)
23062
msgid "sudo /etc/init.d/jabberd2 restart"
23063
msgstr ""
23064
23065
#: serverguide/C/chat.xml:208(para)
23066
msgid ""
23067
"You should now be able to connect to the server using a Jabber client like "
23068
"<application>Pidgin</application> for example."
23069
msgstr ""
23070
23071
#: serverguide/C/chat.xml:213(para)
23072
msgid ""
23073
"The advantage of using Berkeley DB for user data is that after being "
23074
"configured no additional maintenance is required. If you need more control "
23075
"over user accounts and credentials another authentication method is "
23076
"recommended."
23077
msgstr ""
23078
23079
#: serverguide/C/chat.xml:225(para)
23080
msgid ""
23081
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23082
"Site</ulink> contains more details on configuring "
23083
"<application>Jabberd2</application>."
23084
msgstr ""
23085
23086
#: serverguide/C/chat.xml:231(para)
23087
msgid ""
23088
"For more authentication options see the <ulink "
23089
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23090
"Guide</ulink>."
23091
msgstr ""
23092
23093
#: serverguide/C/chat.xml:236(para)
23094
msgid ""
23095
"Also, the <ulink "
23096
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23097
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23098
msgstr ""
23099
23100
#: serverguide/C/backups.xml:13(title)
23101
msgid "Backups"
23102
msgstr ""
23103
23104
#: serverguide/C/backups.xml:14(para)
23105
msgid ""
23106
"There are many ways to backup an Ubuntu installation. The most important "
23107
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23108
"consisting of what to backup, where to back it up to, and how to restore it."
23109
msgstr ""
23110
23111
#: serverguide/C/backups.xml:18(para)
23112
msgid ""
23113
"The following sections discuss various ways of accomplishing these tasks."
23114
msgstr ""
23115
23116
#: serverguide/C/backups.xml:22(title)
23117
msgid "Shell Scripts"
23118
msgstr ""
23119
23120
#: serverguide/C/backups.xml:23(para)
23121
msgid ""
23122
"One of the simplest ways to backup a system is using a <emphasis>shell "
23123
"script</emphasis>. For example, a script can be used to configure which "
23124
"directories to backup, and use those directories as arguments to the "
23125
"<application>tar</application> utility creating an archive file. The archive "
23126
"file can then be moved or copied to another location. The archive can also "
23127
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23128
msgstr ""
23129
23130
#: serverguide/C/backups.xml:29(para)
23131
msgid ""
23132
"The <application>tar</application> utility creates one archive file out of "
23133
"many files or directories. <application>tar</application> can also filter "
23134
"the files through compression utilities reducing the size of the archive "
23135
"file."
23136
msgstr ""
23137
23138
#: serverguide/C/backups.xml:35(title)
23139
msgid "Simple Shell Script"
23140
msgstr ""
23141
23142
#: serverguide/C/backups.xml:36(para)
23143
msgid ""
23144
"The following shell script uses <application>tar</application> to create an "
23145
"archive file on a remotely mounted NFS file system. The archive filename is "
23146
"determined using additional command line utilities."
23147
msgstr ""
23148
23149
#: serverguide/C/backups.xml:40(programlisting)
23150
#, no-wrap
23151
msgid ""
23152
"\n"
23153
"#!/bin/sh\n"
23154
"####################################\n"
23155
"#\n"
23156
"# Backup to NFS mount script.\n"
23157
"#\n"
23158
"####################################\n"
23159
"\n"
23160
"# What to backup. \n"
23161
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23162
"\n"
23163
"# Where to backup to.\n"
23164
"dest=\"/mnt/backup\"\n"
23165
"\n"
23166
"# Create archive filename.\n"
23167
"day=$(date +%A)\n"
23168
"hostname=$(hostname -s)\n"
23169
"archive_file=\"$hostname-$day.tgz\"\n"
23170
"\n"
23171
"# Print start status message.\n"
23172
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23173
"date\n"
23174
"echo\n"
23175
"\n"
23176
"# Backup the files using tar.\n"
23177
"tar czf $dest/$archive_file $backup_files\n"
23178
"\n"
23179
"# Print end status message.\n"
23180
"echo\n"
23181
"echo \"Backup finished\"\n"
23182
"date\n"
23183
"\n"
23184
"# Long listing of files in $dest to check file sizes.\n"
23185
"ls -lh $dest\n"
23186
msgstr ""
23187
23188
#: serverguide/C/backups.xml:77(para)
23189
msgid ""
23190
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23191
"would like to backup. The list should be customized to fit your needs."
23192
msgstr ""
23193
23194
#: serverguide/C/backups.xml:83(para)
23195
msgid ""
23196
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23197
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23198
"day of the week, giving a backup history of seven days. There are other ways "
23199
"to accomplish this including other ways using the "
23200
"<application>date</application> utility."
23201
msgstr ""
23202
23203
#: serverguide/C/backups.xml:90(para)
23204
msgid ""
23205
"<emphasis>$hostname:</emphasis> variable containing the "
23206
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23207
"archive filename gives you the option of placing daily archive files from "
23208
"multiple systems in the same directory."
23209
msgstr ""
23210
23211
#: serverguide/C/backups.xml:97(para)
23212
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23213
msgstr ""
23214
23215
#: serverguide/C/backups.xml:102(para)
23216
msgid ""
23217
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23218
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23219
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23220
"details using <emphasis>NFS</emphasis>."
23221
msgstr ""
23222
23223
#: serverguide/C/backups.xml:109(para)
23224
msgid ""
23225
"<emphasis>status messages:</emphasis> optional messages printed to the "
23226
"console using the <application>echo</application> utility."
23227
msgstr ""
23228
23229
#: serverguide/C/backups.xml:115(para)
23230
msgid ""
23231
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23232
"<application>tar</application> command used to create the archive file."
23233
msgstr ""
23234
23235
#: serverguide/C/backups.xml:121(para)
23236
msgid "<emphasis>c:</emphasis> creates an archive."
23237
msgstr ""
23238
23239
#: serverguide/C/backups.xml:126(para)
23240
msgid ""
23241
"<emphasis>z:</emphasis> filter the archive through the "
23242
"<application>gzip</application> utility compressing the archive."
23243
msgstr ""
23244
23245
#: serverguide/C/backups.xml:131(para)
23246
msgid ""
23247
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23248
"<application>tar</application> output will be sent to STDOUT."
23249
msgstr ""
23250
23251
#: serverguide/C/backups.xml:138(para)
23252
msgid ""
23253
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23254
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23255
"of the destination directory. This is useful for a quick file size check of "
23256
"the archive file. This check should not replace testing the archive file."
23257
msgstr ""
23258
23259
#: serverguide/C/backups.xml:145(para)
23260
msgid ""
23261
"This is a simple example of a backup shell script. There are large amount of "
23262
"options that can be included in a backup script. See <xref linkend=\"backup-"
23263
"shellscript-references\"/> for links to resources providing more in depth "
23264
"shell scripting information."
23265
msgstr ""
23266
23267
#: serverguide/C/backups.xml:152(title)
23268
msgid "Executing the Script"
23269
msgstr ""
23270
23271
#: serverguide/C/backups.xml:154(title)
23272
msgid "Executing from a Terminal"
23273
msgstr ""
23274
23275
#: serverguide/C/backups.xml:155(para)
23276
msgid ""
23277
"The simplest way of executing the above backup script is to copy and paste "
23278
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23279
"from a terminal prompt:"
23280
msgstr ""
23281
23282
#: serverguide/C/backups.xml:160(command)
23283
msgid "sudo bash backup.sh"
23284
msgstr ""
23285
23286
#: serverguide/C/backups.xml:162(para)
23287
msgid ""
23288
"This is a great way to test the script to make sure everything works as "
23289
"expected."
23290
msgstr ""
23291
23292
#: serverguide/C/backups.xml:167(title)
23293
msgid "Executing with cron"
23294
msgstr ""
23295
23296
#: serverguide/C/backups.xml:168(para)
23297
msgid ""
23298
"The <application>cron</application> utility can be used to automate the "
23299
"script execution. The <application>cron</application> daemon allows the "
23300
"execution of scripts, or commands, at a specified time and date."
23301
msgstr ""
23302
23303
#: serverguide/C/backups.xml:172(para)
23304
msgid ""
23305
"<application>cron</application> is configured through entries in a "
23306
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23307
"separated into fields:"
23308
msgstr ""
23309
23310
#: serverguide/C/backups.xml:176(programlisting)
23311
#, no-wrap
23312
msgid ""
23313
"\n"
23314
"# m h dom mon dow command\n"
23315
msgstr ""
23316
23317
#: serverguide/C/backups.xml:181(para)
23318
msgid ""
23319
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23320
msgstr ""
23321
23322
#: serverguide/C/backups.xml:186(para)
23323
msgid ""
23324
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23325
msgstr ""
23326
23327
#: serverguide/C/backups.xml:191(para)
23328
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23329
msgstr ""
23330
23331
#: serverguide/C/backups.xml:196(para)
23332
msgid ""
23333
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23334
msgstr ""
23335
23336
#: serverguide/C/backups.xml:201(para)
23337
msgid ""
23338
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23339
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23340
"valid."
23341
msgstr ""
23342
23343
#: serverguide/C/backups.xml:206(para)
23344
msgid "<emphasis>command:</emphasis> the command to execute."
23345
msgstr ""
23346
23347
#: serverguide/C/backups.xml:211(para)
23348
msgid ""
23349
"To add or change entries in a <filename>crontab</filename> file the "
23350
"<application>crontab -e</application> command should be used. Also, the "
23351
"contents of a <filename>crontab</filename> file can be viewed using the "
23352
"<application>crontab -l</application> command."
23353
msgstr ""
23354
23355
#: serverguide/C/backups.xml:215(para)
23356
msgid ""
23357
"To execute the <application>backup.sh</application> script listed above "
23358
"using <application>cron</application>. Enter the following from a terminal "
23359
"prompt:"
23360
msgstr ""
23361
23362
#: serverguide/C/backups.xml:220(command)
23363
msgid "sudo crontab -e"
23364
msgstr ""
23365
23366
#: serverguide/C/backups.xml:223(para)
23367
msgid ""
23368
"Using <application>sudo</application> with the <application>crontab -"
23369
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23370
"This is necessary if you are backing up directories only the root user has "
23371
"access to."
23372
msgstr ""
23373
23374
#: serverguide/C/backups.xml:228(para)
23375
msgid "Add the following entry to the <filename>crontab</filename> file:"
23376
msgstr ""
23377
23378
#: serverguide/C/backups.xml:231(programlisting)
23379
#, no-wrap
23380
msgid ""
23381
"\n"
23382
"# m h dom mon dow command\n"
23383
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23384
msgstr ""
23385
23386
#: serverguide/C/backups.xml:235(para)
23387
msgid ""
23388
"The <application>backup.sh</application> script will now be executed every "
23389
"day at 12:00 am."
23390
msgstr ""
23391
23392
#: serverguide/C/backups.xml:239(para)
23393
msgid ""
23394
"The <application>backup.sh</application> script will need to be copied to "
23395
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23396
"to execute properly. The script can reside anywhere on the file system "
23397
"simply change the script path appropriately."
23398
msgstr ""
23399
23400
#: serverguide/C/backups.xml:244(para)
23401
msgid ""
23402
"For more in depth <application>crontab</application> options see <xref "
23403
"linkend=\"backup-shellscript-references\"/>."
23404
msgstr ""
23405
23406
#: serverguide/C/backups.xml:250(title)
23407
msgid "Restoring from the Archive"
23408
msgstr ""
23409
23410
#: serverguide/C/backups.xml:251(para)
23411
msgid ""
23412
"Once an archive has been created it is important to test the archive. The "
23413
"archive can be tested by listing the files it contains, but the best test is "
23414
"to <emphasis>restore</emphasis> a file from the archive."
23415
msgstr ""
23416
23417
#: serverguide/C/backups.xml:257(para)
23418
msgid "To see a listing of the archive contents. From a terminal prompt:"
23419
msgstr ""
23420
23421
#: serverguide/C/backups.xml:261(command)
23422
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23423
msgstr ""
23424
23425
#: serverguide/C/backups.xml:265(para)
23426
msgid "To restore a file from the archive to a different directory enter:"
23427
msgstr ""
23428
23429
#: serverguide/C/backups.xml:269(command)
23430
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23431
msgstr ""
23432
23433
#: serverguide/C/backups.xml:271(para)
23434
msgid ""
23435
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23436
"redirects the extracted files to the specified directory. The above example "
23437
"will extract the <filename>/etc/hosts</filename> file to "
23438
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23439
"recreates the directory structure that it contains."
23440
msgstr ""
23441
23442
#: serverguide/C/backups.xml:276(para)
23443
msgid ""
23444
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23445
"the file to restore."
23446
msgstr ""
23447
23448
#: serverguide/C/backups.xml:281(para)
23449
msgid "To restore all files in the archive enter the following:"
23450
msgstr ""
23451
23452
#: serverguide/C/backups.xml:285(command)
23453
msgid "cd /"
23454
msgstr ""
23455
23456
#: serverguide/C/backups.xml:286(command)
23457
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23458
msgstr ""
23459
23460
#: serverguide/C/backups.xml:291(para)
23461
msgid "This will overwrite the files currently on the file system."
23462
msgstr ""
23463
23464
#: serverguide/C/backups.xml:300(para)
23465
msgid ""
23466
"For more information on shell scripting see the <ulink "
23467
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23468
msgstr ""
23469
23470
#: serverguide/C/backups.xml:305(para)
23471
msgid ""
23472
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23473
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23474
"great resource for shell scripting."
23475
msgstr ""
23476
23477
#: serverguide/C/backups.xml:311(para)
23478
msgid ""
23479
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23480
"Wiki Page</ulink> contains details on advanced "
23481
"<application>cron</application> options."
23482
msgstr ""
23483
23484
#: serverguide/C/backups.xml:318(para)
23485
msgid ""
23486
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23487
"tar Manual</ulink> for more <application>tar</application> options."
23488
msgstr ""
23489
23490
#: serverguide/C/backups.xml:324(para)
23491
msgid ""
23492
"The Wikipedia <ulink "
23493
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23494
"Scheme</ulink> article contains information on other backup rotation schemes."
23495
msgstr ""
23496
23497
#: serverguide/C/backups.xml:330(para)
23498
msgid ""
23499
"The shell script uses <application>tar</application> to create the archive, "
23500
"but there many other command line utilities that can be used. For example:"
23501
msgstr ""
23502
23503
#: serverguide/C/backups.xml:336(para)
23504
msgid ""
23505
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23506
"files to and from archives."
23507
msgstr ""
23508
23509
#: serverguide/C/backups.xml:341(para)
23510
msgid ""
23511
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23512
"the <application>coreutils</application> package. A low level utility that "
23513
"can copy data from one format to another"
23514
msgstr ""
23515
23516
#: serverguide/C/backups.xml:347(para)
23517
msgid ""
23518
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23519
"snap shot utility used to create copies of an entire file system."
23520
msgstr ""
23521
23522
#: serverguide/C/backups.xml:358(title)
23523
msgid "Archive Rotation"
23524
msgstr ""
23525
23526
#: serverguide/C/backups.xml:359(para)
23527
msgid ""
23528
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23529
"allows for seven different archives. For a server whose data doesn't change "
23530
"often this may be enough. If the server has a large amount of data a more "
23531
"robust rotation scheme should be used."
23532
msgstr ""
23533
23534
#: serverguide/C/backups.xml:365(title)
23535
msgid "Rotating NFS Archives"
23536
msgstr ""
23537
23538
#: serverguide/C/backups.xml:366(para)
23539
msgid ""
23540
"In this section the shell script will be slightly modified to implement a "
23541
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23542
msgstr ""
23543
23544
#: serverguide/C/backups.xml:372(para)
23545
msgid ""
23546
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23547
"Friday."
23548
msgstr ""
23549
23550
#: serverguide/C/backups.xml:377(para)
23551
msgid ""
23552
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23553
"weekly backups a month."
23554
msgstr ""
23555
23556
#: serverguide/C/backups.xml:382(para)
23557
msgid ""
23558
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23559
"rotating two monthly backups based on if the month is odd or even."
23560
msgstr ""
23561
23562
#: serverguide/C/backups.xml:388(para)
23563
msgid "Here is the new script:"
23564
msgstr ""
23565
23566
#: serverguide/C/backups.xml:391(programlisting)
23567
#, no-wrap
23568
msgid ""
23569
"\n"
23570
"#!/bin/bash\n"
23571
"####################################\n"
23572
"#\n"
23573
"# Backup to NFS mount script with\n"
23574
"# grandfather-father-son rotation.\n"
23575
"#\n"
23576
"####################################\n"
23577
"\n"
23578
"# What to backup. \n"
23579
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23580
"\n"
23581
"# Where to backup to.\n"
23582
"dest=\"/mnt/backup\"\n"
23583
"\n"
23584
"# Setup variables for the archive filename.\n"
23585
"day=$(date +%A)\n"
23586
"hostname=$(hostname -s)\n"
23587
"\n"
23588
"# Find which week of the month 1-4 it is.\n"
23589
"day_num=$(date +%d)\n"
23590
"if (( $day_num <= 7 )); then\n"
23591
" week_file=\"$hostname-week1.tgz\"\n"
23592
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23593
" week_file=\"$hostname-week2.tgz\"\n"
23594
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23595
" week_file=\"$hostname-week3.tgz\"\n"
23596
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23597
" week_file=\"$hostname-week4.tgz\"\n"
23598
"fi\n"
23599
"\n"
23600
"# Find if the Month is odd or even.\n"
23601
"month_num=$(date +%m)\n"
23602
"month=$(expr $month_num % 2)\n"
23603
"if [ $month -eq 0 ]; then\n"
23604
" month_file=\"$hostname-month2.tgz\"\n"
23605
"else\n"
23606
" month_file=\"$hostname-month1.tgz\"\n"
23607
"fi\n"
23608
"\n"
23609
"# Create archive filename.\n"
23610
"if [ $day_num == 1 ]; then\n"
23611
"\tarchive_file=$month_file\n"
23612
"elif [ $day != \"Saturday\" ]; then\n"
23613
" archive_file=\"$hostname-$day.tgz\"\n"
23614
"else \n"
23615
"\tarchive_file=$week_file\n"
23616
"fi\n"
23617
"\n"
23618
"# Print start status message.\n"
23619
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23620
"date\n"
23621
"echo\n"
23622
"\n"
23623
"# Backup the files using tar.\n"
23624
"tar czf $dest/$archive_file $backup_files\n"
23625
"\n"
23626
"# Print end status message.\n"
23627
"echo\n"
23628
"echo \"Backup finished\"\n"
23629
"date\n"
23630
"\n"
23631
"# Long listing of files in $dest to check file sizes.\n"
23632
"ls -lh $dest/\n"
23633
msgstr ""
23634
23635
#: serverguide/C/backups.xml:456(para)
23636
msgid ""
23637
"The script can be executed using the same methods as in <xref "
23638
"linkend=\"backup-executing-shellscript\"/>."
23639
msgstr ""
23640
23641
#: serverguide/C/backups.xml:459(para)
23642
msgid ""
23643
"It is good practice to take backup media off site in case of a disaster. In "
23644
"the shell script example the backup media is another server providing an NFS "
23645
"share. In all likelihood taking the NFS server to another location would not "
23646
"be practical. Depending upon connection speeds it may be an option to copy "
23647
"the archive file over a WAN link to a server in another location."
23648
msgstr ""
23649
23650
#: serverguide/C/backups.xml:465(para)
23651
msgid ""
23652
"Another option is to copy the archive file to an external hard drive which "
23653
"can then be taken off site. Since the price of external hard drives continue "
23654
"to decrease it may be cost-effective to use two drives for each archive "
23655
"level. This would allow you to have one external drive attached to the "
23656
"backup server and one in another location."
23657
msgstr ""
23658
23659
#: serverguide/C/backups.xml:472(title)
23660
msgid "Tape Drives"
23661
msgstr ""
23662
23663
#: serverguide/C/backups.xml:473(para)
23664
msgid ""
23665
"A tape drive attached to the server can be used instead of a NFS share. "
23666
"Using a tape drive simplifies archive rotation, and taking the media off "
23667
"site as well."
23668
msgstr ""
23669
23670
#: serverguide/C/backups.xml:477(para)
23671
msgid ""
23672
"When using a tape drive the filename portions of the script aren't needed "
23673
"because the date is sent directly to the tape device. Some commands to "
23674
"manipulate the tape are needed. This is accomplished using "
23675
"<application>mt</application>, a magnetic tape control utility part of the "
23676
"<application>cpio</application> package."
23677
msgstr ""
23678
23679
#: serverguide/C/backups.xml:482(para)
23680
msgid "Here is the shell script modified to use a tape drive:"
23681
msgstr ""
23682
23683
#: serverguide/C/backups.xml:485(programlisting)
23684
#, no-wrap
23685
msgid ""
23686
"\n"
23687
"#!/bin/bash\n"
23688
"####################################\n"
23689
"#\n"
23690
"# Backup to tape drive script.\n"
23691
"#\n"
23692
"####################################\n"
23693
"\n"
23694
"# What to backup. \n"
23695
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23696
"\n"
23697
"# Where to backup to.\n"
23698
"dest=\"/dev/st0\"\n"
23699
"\n"
23700
"# Print start status message.\n"
23701
"echo \"Backing up $backup_files to $dest\"\n"
23702
"date\n"
23703
"echo\n"
23704
"\n"
23705
"# Make sure the tape is rewound.\n"
23706
"mt -f $dest rewind\n"
23707
"\n"
23708
"# Backup the files using tar.\n"
23709
"tar czf $dest $backup_files\n"
23710
"\n"
23711
"# Rewind and eject the tape.\n"
23712
"mt -f $dest rewoffl\n"
23713
"\n"
23714
"# Print end status message.\n"
23715
"echo\n"
23716
"echo \"Backup finished\"\n"
23717
"date\n"
23718
msgstr ""
23719
23720
#: serverguide/C/backups.xml:519(para)
23721
msgid ""
23722
"The default device name for a SCSI tape drive is "
23723
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23724
"system."
23725
msgstr ""
23726
23727
#: serverguide/C/backups.xml:524(para)
23728
msgid ""
23729
"Restoring from a tape drive is basically the same as restoring from a file. "
23730
"Simply rewind the tape and use the device path instead of a file path. For "
23731
"example to restore the <filename>/etc/hosts</filename> file to "
23732
"<filename>/tmp/etc/hosts</filename>:"
23733
msgstr ""
23734
23735
#: serverguide/C/backups.xml:529(command)
23736
msgid "mt -f /dev/st0 rewind"
23737
msgstr ""
23738
23739
#: serverguide/C/backups.xml:530(command)
23740
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23741
msgstr ""
23742
23743
#: serverguide/C/backups.xml:535(title)
23744
msgid "Bacula"
23745
msgstr ""
23746
23747
#: serverguide/C/backups.xml:536(para)
23748
msgid ""
23749
"<application>Bacula</application> is a backup program enabling you to "
23750
"backup, restore, and verify data across your network. There are Bacula "
23751
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23752
"wide solution."
23753
msgstr ""
23754
23755
#: serverguide/C/backups.xml:542(para)
23756
msgid ""
23757
"<application>Bacula</application> is made up of several components and "
23758
"services used to manage which files to backup and where to back them up to:"
23759
msgstr ""
23760
23761
#: serverguide/C/backups.xml:548(para)
23762
msgid ""
23763
"<application>Bacula Director:</application> a service that controls all "
23764
"backup, restore, verify, and archive operations."
23765
msgstr ""
23766
23767
#: serverguide/C/backups.xml:553(para)
23768
msgid ""
23769
"<application>Bacula Console:</application> an application allowing "
23770
"communication with the Director. There are three versions of the Console:"
23771
msgstr ""
23772
23773
#: serverguide/C/backups.xml:558(para)
23774
msgid "Text based command line version."
23775
msgstr ""
23776
23777
#: serverguide/C/backups.xml:559(para)
23778
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23779
msgstr ""
23780
23781
#: serverguide/C/backups.xml:560(para)
23782
msgid "wxWidgets GUI interface."
23783
msgstr ""
23784
23785
#: serverguide/C/backups.xml:564(para)
23786
msgid ""
23787
"<application>Bacula File:</application> also known as the "
23788
"<application>Bacula Client</application> program. This application is "
23789
"installed on machines to be backed up, and is responsible for the data "
23790
"requested by the Director."
23791
msgstr ""
23792
23793
#: serverguide/C/backups.xml:570(para)
23794
msgid ""
23795
"<application>Bacula Storage:</application> the programs that perform the "
23796
"storage and recovery of data to the physical media."
23797
msgstr ""
23798
23799
#: serverguide/C/backups.xml:575(para)
23800
msgid ""
23801
"<application>Bacula Catalog:</application> is responsible for maintaining "
23802
"the file indexes and volume databases for all files backed up, enabling "
23803
"quick location and restoration of archived files. The Catalog supports three "
23804
"different databases MySQL, PostgreSQL, and SQLite."
23805
msgstr ""
23806
23807
#: serverguide/C/backups.xml:581(para)
23808
msgid ""
23809
"<application>Bacula Monitor:</application> allows the monitoring of the "
23810
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23811
"available as a GTK+ GUI application."
23812
msgstr ""
23813
23814
#: serverguide/C/backups.xml:587(para)
23815
msgid ""
23816
"These services and applications can be run on multiple servers and clients, "
23817
"or they can be installed on one machine if backing up a single disk or "
23818
"volume."
23819
msgstr ""
23820
23821
#: serverguide/C/backups.xml:594(para)
23822
msgid ""
23823
"There are multiple packages containing the different "
23824
"<application>Bacula</application> components. To install Bacula, from a "
23825
"terminal prompt enter:"
23826
msgstr ""
23827
23828
#: serverguide/C/backups.xml:599(command)
23829
msgid "sudo apt-get install bacula"
23830
msgstr ""
23831
23832
#: serverguide/C/backups.xml:601(para)
23833
msgid ""
23834
"By default installing the <application>bacula</application> package will use "
23835
"a <application>MySQL</application> database for the Catalog. If you want to "
23836
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23837
"director-sqlite3</application> or <application>bacula-director-"
23838
"pgsql</application> respectively."
23839
msgstr ""
23840
23841
#: serverguide/C/backups.xml:607(para)
23842
msgid ""
23843
"During the install process you will be asked to supply credentials for the "
23844
"database <emphasis>administrator</emphasis> and the "
23845
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23846
"database administrator will need to have the appropriate rights to create a "
23847
"database, see <xref linkend=\"mysql\"/> for more information."
23848
msgstr ""
23849
23850
#: serverguide/C/backups.xml:617(para)
23851
msgid ""
23852
"<application>Bacula</application> configuration files are formatted based on "
23853
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23854
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23855
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23856
"directory."
23857
msgstr ""
23858
23859
#: serverguide/C/backups.xml:622(para)
23860
msgid ""
23861
"The various <application>Bacula</application> components must authorize "
23862
"themselves to each other. This is accomplished using the "
23863
"<emphasis>password</emphasis> directive. For example, the "
23864
"<emphasis>Storage</emphasis> resource password in the "
23865
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23866
"<emphasis>Director</emphasis> resource password in "
23867
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23868
msgstr ""
23869
23870
#: serverguide/C/backups.xml:628(para)
23871
msgid ""
23872
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23873
"to archive the <application>Bacula</application> Catalog. If you plan on "
23874
"using the server to backup more than one client you should change the name "
23875
"of this job to something more descriptive. To change the name edit "
23876
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23877
msgstr ""
23878
23879
#: serverguide/C/backups.xml:633(programlisting)
23880
#, no-wrap
23881
msgid ""
23882
"\n"
23883
"#\n"
23884
"# Define the main nightly save backup job\n"
23885
"# By default, this job will back up to disk in \n"
23886
"Job {\n"
23887
" Name = \"BackupServer\"\n"
23888
" JobDefs = \"DefaultJob\"\n"
23889
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23890
"}\n"
23891
msgstr ""
23892
23893
#: serverguide/C/backups.xml:644(para)
23894
msgid ""
23895
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
23896
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
23897
"your appropriate hostname, or other descriptive name."
23898
msgstr ""
23899
23900
#: serverguide/C/backups.xml:649(para)
23901
msgid ""
23902
"The <emphasis>Console</emphasis> can be used to query the "
23903
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
23904
"<emphasis>non-root</emphasis> user, the user needs to be in the "
23905
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
23906
"the following from a terminal:"
23907
msgstr ""
23908
23909
#: serverguide/C/backups.xml:655(command)
23910
msgid "sudo adduser $username bacula"
23911
msgstr ""
23912
23913
#: serverguide/C/backups.xml:658(para)
23914
msgid ""
23915
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
23916
"you are adding the current user to the group you should log out and back in "
23917
"for the new permissions to take effect."
23918
msgstr ""
23919
23920
#: serverguide/C/backups.xml:665(title)
23921
msgid "Localhost Backup"
23922
msgstr ""
23923
23924
#: serverguide/C/backups.xml:666(para)
23925
msgid ""
23926
"This section describes how to backup specified directories on a single host "
23927
"to a local tape drive."
23928
msgstr ""
23929
23930
#: serverguide/C/backups.xml:671(para)
23931
msgid ""
23932
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
23933
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
23934
msgstr ""
23935
23936
#: serverguide/C/backups.xml:674(programlisting)
23937
#, no-wrap
23938
msgid ""
23939
"\n"
23940
"Device {\n"
23941
" Name = \"Tape Drive\"\n"
23942
" Device Type = tape\n"
23943
" Media Type = DDS-4\n"
23944
" Archive Device = /dev/st0\n"
23945
" Hardware end of medium = No;\n"
23946
" AutomaticMount = yes; # when device opened, read it\n"
23947
" AlwaysOpen = Yes;\n"
23948
" RemovableMedia = yes;\n"
23949
" RandomAccess = no;\n"
23950
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
23951
"}\n"
23952
msgstr ""
23953
23954
#: serverguide/C/backups.xml:688(para)
23955
msgid ""
23956
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
23957
"Type and Archive Device to match your hardware."
23958
msgstr ""
23959
23960
#: serverguide/C/backups.xml:691(para)
23961
msgid "You could also uncomment one of the other examples in the file."
23962
msgstr ""
23963
23964
#: serverguide/C/backups.xml:696(para)
23965
msgid ""
23966
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
23967
"<application>Storage</application> daemon will need to be restarted:"
23968
msgstr ""
23969
23970
#: serverguide/C/backups.xml:701(command)
23971
msgid "sudo /etc/init.d/bacula-sd restart"
23972
msgstr ""
23973
23974
#: serverguide/C/backups.xml:705(para)
23975
msgid ""
23976
"Now add a <emphasis>Storage</emphasis> resource in "
23977
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
23978
msgstr ""
23979
23980
#: serverguide/C/backups.xml:708(programlisting)
23981
#, no-wrap
23982
msgid ""
23983
"\n"
23984
"# Definition of \"Tape Drive\" storage device\n"
23985
"Storage {\n"
23986
" Name = TapeDrive\n"
23987
" # Do not use \"localhost\" here \n"
23988
" Address = backupserver # N.B. Use a fully qualified name "
23989
"here\n"
23990
" SDPort = 9103\n"
23991
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
23992
" Device = \"Tape Drive\"\n"
23993
" Media Type = tape\n"
23994
"}\n"
23995
msgstr ""
23996
23997
#: serverguide/C/backups.xml:720(para)
23998
msgid ""
23999
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24000
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24001
"to the actual host name."
24002
msgstr ""
24003
24004
#: serverguide/C/backups.xml:724(para)
24005
msgid ""
24006
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24007
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24008
msgstr ""
24009
24010
#: serverguide/C/backups.xml:730(para)
24011
msgid ""
24012
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24013
"directories to backup, by adding:"
24014
msgstr ""
24015
24016
#: serverguide/C/backups.xml:733(programlisting)
24017
#, no-wrap
24018
msgid ""
24019
"\n"
24020
"# LocalhostBacup FileSet.\n"
24021
"FileSet {\n"
24022
" Name = \"LocalhostFiles\"\n"
24023
" Include {\n"
24024
" Options {\n"
24025
" signature = MD5\n"
24026
" compression=GZIP\n"
24027
" }\n"
24028
" File = /etc\n"
24029
" File = /home\n"
24030
" }\n"
24031
"}\n"
24032
msgstr ""
24033
24034
#: serverguide/C/backups.xml:747(para)
24035
msgid ""
24036
"This <emphasis>FileSet</emphasis> will backup the <filename "
24037
"role=\"directory\">/etc</filename> and <filename "
24038
"role=\"directory\">/home</filename> directories. The "
24039
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24040
"create a MD5 signature for each file backed up, and to compress the files "
24041
"using GZIP."
24042
msgstr ""
24043
24044
#: serverguide/C/backups.xml:754(para)
24045
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24046
msgstr ""
24047
24048
#: serverguide/C/backups.xml:757(programlisting)
24049
#, no-wrap
24050
msgid ""
24051
"\n"
24052
"# LocalhostBackup Schedule -- Daily.\n"
24053
"Schedule {\n"
24054
" Name = \"LocalhostDaily\"\n"
24055
" Run = Full daily at 00:01\n"
24056
"}\n"
24057
msgstr ""
24058
24059
#: serverguide/C/backups.xml:764(para)
24060
msgid ""
24061
"The job will run every day at 00:01 or 12:01 am. There are many other "
24062
"scheduling options available."
24063
msgstr ""
24064
24065
#: serverguide/C/backups.xml:769(para)
24066
msgid "Finally create the <emphasis>Job</emphasis>:"
24067
msgstr ""
24068
24069
#: serverguide/C/backups.xml:772(programlisting)
24070
#, no-wrap
24071
msgid ""
24072
"\n"
24073
"# Localhost backup.\n"
24074
"Job {\n"
24075
" Name = \"LocalhostBackup\"\n"
24076
" JobDefs = \"DefaultJob\"\n"
24077
" Enabled = yes\n"
24078
" Level = Full\n"
24079
" FileSet = \"LocalhostFiles\"\n"
24080
" Schedule = \"LocalhostDaily\"\n"
24081
" Storage = TapeDrive\n"
24082
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24083
"} \n"
24084
msgstr ""
24085
24086
#: serverguide/C/backups.xml:785(para)
24087
msgid ""
24088
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24089
"drive."
24090
msgstr ""
24091
24092
#: serverguide/C/backups.xml:790(para)
24093
msgid ""
24094
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24095
"current tape does not have a label <application>Bacula</application> will "
24096
"send an email letting you know. To label a tape using the "
24097
"<application>Console</application> enter the following from a terminal:"
24098
msgstr ""
24099
24100
#: serverguide/C/backups.xml:796(command)
24101
msgid "bconsole"
24102
msgstr ""
24103
24104
#: serverguide/C/backups.xml:800(para)
24105
msgid "At the Bacula Console prompt enter:"
24106
msgstr ""
24107
24108
#: serverguide/C/backups.xml:804(command)
24109
msgid "label"
24110
msgstr ""
24111
24112
#: serverguide/C/backups.xml:808(para)
24113
msgid ""
24114
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24115
msgstr ""
24116
24117
#: serverguide/C/backups.xml:818(userinput)
24118
#, no-wrap
24119
msgid "2"
24120
msgstr ""
24121
24122
#: serverguide/C/backups.xml:812(computeroutput)
24123
#, no-wrap
24124
msgid ""
24125
"\n"
24126
"Automatically selected Catalog: MyCatalog\n"
24127
"Using Catalog \"MyCatalog\"\n"
24128
"The defined Storage resources are:\n"
24129
" 1: File\n"
24130
" 2: TapeDrive\n"
24131
"Select Storage resource (1-2):<placeholder-1/>\n"
24132
msgstr ""
24133
24134
#: serverguide/C/backups.xml:823(para)
24135
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24136
msgstr ""
24137
24138
#: serverguide/C/backups.xml:828(userinput)
24139
#, no-wrap
24140
msgid "Sunday"
24141
msgstr "Ahad"
24142
24143
#: serverguide/C/backups.xml:827(computeroutput)
24144
#, no-wrap
24145
msgid ""
24146
"\n"
24147
"Enter new Volume name: <placeholder-1/>\n"
24148
"Defined Pools:\n"
24149
" 1: Default\n"
24150
" 2: Scratch"
24151
msgstr ""
24152
24153
#: serverguide/C/backups.xml:833(para)
24154
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24155
msgstr ""
24156
24157
#: serverguide/C/backups.xml:838(para)
24158
msgid "Now, select the <emphasis>Pool</emphasis>:"
24159
msgstr ""
24160
24161
#: serverguide/C/backups.xml:843(userinput)
24162
#, no-wrap
24163
msgid "1"
24164
msgstr "1"
24165
24166
#: serverguide/C/backups.xml:842(computeroutput)
24167
#, no-wrap
24168
msgid ""
24169
"\n"
24170
"Select the Pool (1-2): <placeholder-1/>\n"
24171
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24172
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24173
msgstr ""
24174
24175
#: serverguide/C/backups.xml:850(para)
24176
msgid ""
24177
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24178
"backup the localhost to an attached tape drive."
24179
msgstr ""
24180
24181
#: serverguide/C/backups.xml:858(para)
24182
msgid ""
24183
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24184
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24185
"Manual</ulink>"
24186
msgstr ""
24187
24188
#: serverguide/C/backups.xml:864(para)
24189
msgid ""
24190
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24191
"the latest Bacula news and developments."
24192
msgstr ""
24193
24194
#: serverguide/C/backups.xml:869(para)
24195
msgid ""
24196
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24197
"Ubuntu Wiki</ulink> page."
24198
msgstr ""
24199
24200
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24201
#: serverguide/C/backups.xml:0(None)
24202
msgid "translator-credits"
24203
msgstr ""
24204
"Launchpad Contributions:\n"
24205
" Ahmed Noor Kader Mustajir Md Eusoff https://launchpad.net/~sir.ade"
24206
24207
#~ msgid "sudo /etc/init.d/samba restart"
24208
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1