« back to all changes in this revision
Viewing changes to serverguide/po/th.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/th.po
1
# Thai translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-09-14 20:48+0000\n"
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
"Language-Team: Thai <th@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:46+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (โครงการเอกสาร Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "คู่มือ Ubuntu Server"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30 ก.ย. 2550"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "เครือข่าย Windows"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"เครือข่ายคอมพิวเตอร์มีส่วนประกอบต่างๆ มากมาย "
48
"ถึงแม้ว่าการจัดการเครือข่ายที่มีแต่เครื่องที่ใช้ Ubuntu Desktop และ Ubuntu "
49
"Server จะน่าสนุก แต่ไม่ใช่ทุกเครือข่ายที่เป็นแบบนี้ "
50
"บางเครือข่ายก็ประกอบไปด้วยเครื่อง Ubuntu และ <trademark "
51
"class=\"registered\">Microsoft</trademark><trademark "
52
"class=\"registered\">Windows</trademark> ที่ทำงานร่วมกันได้เป็นอย่างดี "
53
"เนื้อหาส่วนนี้ของคู่มือ <phrase>Ubuntu</phrase> Server "
54
"จะแนะนำเกี่ยวกับหลักการและเครื่องมือที่คุณสามารถใช้เพื่อตั้งค่าของเครื่องเซิร"
55
"์ฟเวอร์ให้ทำงานร่วมกับเครื่อง Windows ได้อย่างราบรื่น"
56
57
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
58
msgid "Introduction"
59
msgstr "เกริ่นนำ"
60
61
#: serverguide/C/windows-networking.xml:27(para)
62
msgid ""
63
"Successfully networking your Ubuntu system with Windows clients involves "
64
"providing and integrating with services common to Windows environments. Such "
65
"services assist the sharing of data and information about the computers and "
66
"users involved in the network, and may be classified under three major "
67
"categories of functionality:"
68
msgstr ""
69
"การเชื่อมต่อระหว่างระบบ Ubuntu และเครื่องลูกข่าย Windows "
70
"นั้นจะต้องมีการให้บริการต่างๆ ที่ระบบ Windows ต้องการด้วย เช่น "
71
"บริการสำหรับแบ่งปันข้อมูลเกี่ยวกับเครื่องลูกข่ายและผู้ใช้ที่อยู่ในเครือข่ายเป"
72
"็นต้น บริการต่างๆ เหล่านี้สามารถแบ่งออกเป็นสามหมวดคือ:"
73
74
#: serverguide/C/windows-networking.xml:35(para)
75
msgid ""
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
79
msgstr ""
80
"<emphasis role=\"bold\">บริการแบ่งปันแฟ้มและการพิมพ์</emphasis> ใช้โพรโทคอล "
81
"Server Message Block (SMB) เพื่อสนับสนุนการแบ่งปันแฟ้ม โฟลเดอร์ ดิสก์ "
82
"และเครื่องพิมพ์ทั่วทั้งเครือข่าย"
83
84
#: serverguide/C/windows-networking.xml:41(para)
85
msgid ""
86
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
87
"information about the computers and users of the network with such "
88
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
89
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
90
msgstr ""
91
"<emphasis role=\"bold\">บริการสมุดหน้าเหลืองหรือไดเรคทอรี เซอร์วิส "
92
"(Directory Services)</emphasis>. "
93
"แชร์ข้อมูลเกี่ยวกับเครื่องคอมพิวเตอร์และผู้ใช้ในเครือข่ายด้วยเทคโนโลยีเช่น "
94
"Lightweight Directory Access Protocol (LDAP) และไมโครซอฟท์ <trademark "
95
"class=\"registered\">Active Directory</trademark>."
96
97
#: serverguide/C/windows-networking.xml:48(para)
98
msgid ""
99
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
100
"the identity of a computer or user of the network and determining the "
101
"information the computer or user is authorized to access using such "
102
"principles and technologies as file permissions, group policies, and the "
103
"Kerberos authentication service."
104
msgstr ""
105
"<emphasis role=\"bold\">ยืนยันตัวบุคคลและการเข้าถึง</emphasis> "
106
"เป็นบริการที่ทำหน้าที่ตรวจสอบเครื่องลูกข่ายหรือผู้ใช้ "
107
"เพื่ออนุญาติให้เข้าใช้ทรัพยากรในเครือข่ายและมีสิทธิ์ในการเข้าใช้บริการอะไรบ้า"
108
"งในเครือข่าย โดยใช้เทคโนโลยีต่างๆ เช่น การกำหนดสิทธิ์แฟ้ม, นโยบายกลุ่ม, "
109
"และการตรวจสอบโดยการใช้บริการการยืนยันตัวบุคคล Kerberos"
110
111
#: serverguide/C/windows-networking.xml:56(para)
112
msgid ""
113
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
114
"clients and share network resources among them. One of the principal pieces "
115
"of software your Ubuntu system includes for Windows networking is the Samba "
116
"suite of SMB server applications and tools."
117
msgstr ""
118
"โชคดีที่ระบบ Ubuntu ของคุณสามารถให้บริการทั้งหมดนี้สำหรับเครื่องลูกข่าย "
119
"Windows และแบ่งปันทรัพยากรต่างๆ กับเครื่องลูกข่ายได้ "
120
"โดยหนึ่งในเครื่องมือหลักที่ทำให้ระบบ Ubuntu ทำงานร่วมกันกับ Windows "
121
"ได้นั้นก็คือชุดโปรแกรมเซิร์ฟเวอร์และเครื่องมือ SMB ที่มีชื่อว่า Samba"
122
123
#: serverguide/C/windows-networking.xml:62(para)
124
msgid ""
125
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
126
"of the common Samba use cases, and how to install and configure the "
127
"necessary packages. Additional detailed documentation and information on "
128
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
129
"website</ulink>."
130
msgstr ""
131
"เนื้อหาของคู่มือ <phrase>Ubuntu</phrase> Server ส่วนนี้จะแนะนำการใช้ Samba "
132
"ในกรณีทั่วไป รวมไปถึงการติดตั้งและตั้งค่าต่างๆ "
133
"คุณสามารถอ่านคู่มืออย่างละเอียดและข้อมูลเพิ่มเติมได้ที่เว็บไซต์ของ Samba ที่ "
134
"<ulink url=\"http://www.samba.org\">เว็บไซต์ Samba</ulink>"
135
136
#: serverguide/C/windows-networking.xml:70(title)
137
msgid "Samba File Server"
138
msgstr "แซมบ้าไฟล์เซิร์ฟเวอร์"
139
140
#: serverguide/C/windows-networking.xml:72(para)
141
msgid ""
142
"One of the most common ways to network Ubuntu and Windows computers is to "
143
"configure Samba as a File Server. This section covers setting up a "
144
"<application>Samba</application> server to share files with Windows clients."
145
msgstr ""
146
"หนึ่งในวิธีที่ง่ายที่สุดเพื่อให้เครื่องอูบุนตูและวินโดว์ทำงานร่วมกันได้คือการ"
147
"ติดตั้งแซมบ้าเป็นไฟล์เซิร์ฟเวอร์ "
148
"ส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่าต่างๆของ "
149
"<application>Samba</application> ให้แชร์ไฟล์กับเครื่องลูกข่ายวินโดว์"
150
151
#: serverguide/C/windows-networking.xml:77(para)
152
msgid ""
153
"The server will be configured to share files with any client on the network "
154
"without prompting for a password. If your environment requires stricter "
155
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
156
msgstr ""
157
"เครื่องเซิร์ฟเวอร์จะตั้งค่าให้แบ่งปันแฟ้มให้เครื่องลูกข่ายทุกเครื่องโดยไม่ถาม"
158
"รหัสผ่าน ถ้าคุณต้องการให้เครือข่ายรักษาความปลอดภัยเคร่งคัดกว่านี้ กรุณาดู "
159
"<xref linkend=\"samba-fileprint-security\"/>"
160
161
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
162
msgid "Installation"
163
msgstr "การติดตั้ง"
164
165
#: serverguide/C/windows-networking.xml:85(para)
166
msgid ""
167
"The first step is to install the <application>samba</application> package. "
168
"From a terminal prompt enter:"
169
msgstr ""
170
"ขั้นแรก คุณต้องติดตั้งแพกเกจ <application>samba</application> "
171
"ป้อนคำสั่งในเทอร์มินัล:"
172
173
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
174
msgid "sudo apt-get install samba"
175
msgstr "sudo apt-get install samba"
176
177
#: serverguide/C/windows-networking.xml:93(para)
178
msgid ""
179
"That's all there is to it; you are now ready to configure Samba to share "
180
"files."
181
msgstr "เท่านี้คุณก็พร้อมที่จะตั้งค่า Samba ให้แบ่งปันแฟ้มได้แล้ว"
182
183
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
184
msgid "Configuration"
185
msgstr "การตั้งค่า"
186
187
#: serverguide/C/windows-networking.xml:101(para)
188
msgid ""
189
"The main Samba configuration file is located in "
190
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
191
"a significant amount of comments in order to document various configuration "
192
"directives."
193
msgstr ""
194
"แฟ้มการตั้งค่าหลักของ Samba อยู่ที่ <filename>/etc/samba/smb.conf</filename> "
195
"แฟ้มการตั้งค่าปริยายนั้นเต็มไปด้วยคำอธิบายและข้อเสนอแนะเพื่ออธิบายวัตถุประสงค"
196
"์ของแต่ละคำสั่ง"
197
198
#: serverguide/C/windows-networking.xml:106(para)
199
msgid ""
200
"Not all the available options are included in the default configuration "
201
"file. See the <filename>smb.conf</filename><application>man</application> "
202
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
203
"Collection/\">Samba HOWTO Collection</ulink> for more details."
204
msgstr ""
205
"ไม่ใช่ทุกตัวเลือกของการตั้งค่าจะรวมอยู่ในแฟ้มตั้งค่าปริยาย ดูที่ "
206
"<filename>smb.conf</filename><application>man</application> page หรือที่ "
207
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
208
"HOWTO Collection</ulink> สำหรับรายละเอียดเพิ่มเติม"
209
210
#: serverguide/C/windows-networking.xml:116(para)
211
msgid ""
212
"First, edit the following key/value pairs in the "
213
"<emphasis>[global]</emphasis> section of "
214
"<filename>/etc/samba/smb.conf</filename>:"
215
msgstr ""
216
"ขั้นแรก แก้ไขค่าเหล่านี้ในหมวด <emphasis>[global]</emphasis> ของแฟ้ม "
217
"<filename>/etc/samba/smb.conf</filename>:"
218
219
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
220
#, no-wrap
221
msgid ""
222
"\n"
223
" workgroup = EXAMPLE\n"
224
" ...\n"
225
" security = user\n"
226
msgstr ""
227
"\n"
228
" workgroup = EXAMPLE\n"
229
" ...\n"
230
" security = user\n"
231
232
#: serverguide/C/windows-networking.xml:127(para)
233
msgid ""
234
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
235
"section, and is commented by default. Also, change "
236
"<emphasis>EXAMPLE</emphasis> to better match your environment."
237
msgstr ""
238
"ตัวแปร <emphasis>security</emphasis> นั้นอยู่ด้านล่างของหมวด [global] "
239
"และถูกปิดใช้งานโดยปริยาย และอย่าลืมเปลี่ยน <emphasis>EXAMPLE</emphasis> "
240
"เป็นชื่อที่เหมาะกับสภาพแวดล้อมของคุณด้วย"
241
242
#: serverguide/C/windows-networking.xml:135(para)
243
msgid ""
244
"Create a new section at the bottom of the file, or uncomment one of the "
245
"examples, for the directory to be shared:"
246
msgstr ""
247
"สร้างหมวดใหม่ที่ส่วนท้ายของแฟ้ม "
248
"หรือเปิดใช้บางตัวอย่างที่อยู่ในแฟ้มเพื่อแบ่งปันไดเรกทอรีของคุณ:"
249
250
#: serverguide/C/windows-networking.xml:139(programlisting)
251
#, no-wrap
252
msgid ""
253
"\n"
254
"[share]\n"
255
" comment = Ubuntu File Server Share\n"
256
" path = /srv/samba/share\n"
257
" browsable = yes\n"
258
" guest ok = yes\n"
259
" read only = no\n"
260
" create mask = 0755\n"
261
msgstr ""
262
"\n"
263
"[share]\n"
264
" comment = Ubuntu File Server Share\n"
265
" path = /srv/samba/share\n"
266
" browsable = yes\n"
267
" guest ok = yes\n"
268
" read only = no\n"
269
" create mask = 0755\n"
270
271
#: serverguide/C/windows-networking.xml:151(para)
272
msgid ""
273
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
274
"fit your needs."
275
msgstr ""
276
"<emphasis>คำแนะนำ:</emphasis> คำอธิบายสั้นๆ เกี่ยวกับการแบ่งปันของคุณ "
277
"ปรับแก้ตามที่คุณต้องการ"
278
279
#: serverguide/C/windows-networking.xml:156(para)
280
msgid "<emphasis>path:</emphasis> the path to the directory to share."
281
msgstr "<emphasis>พาธ:</emphasis> พาธของไดเรกทอรีที่จะแบ่งปัน"
282
283
#: serverguide/C/windows-networking.xml:159(para)
284
msgid ""
285
"This example uses <filename>/srv/samba/sharename</filename> because, "
286
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
287
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
288
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
289
"specific data should be served. Technically Samba shares can be placed "
290
"anywhere on the filesystem as long as the permissions are correct, but "
291
"adhering to standards is recommended."
292
msgstr ""
293
"ตัวอย่างนี้ใช้ <filename>/srv/samba/sharename</filename> เพราะว่ามาตรฐาน "
294
"<emphasis>Filesystem Hierarchy Standard (FHS)</emphasis> "
295
"แนะนำให้แชร์ข้อมูลต่างๆจาก <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
296
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
297
"ในทางเทคนิคแล้วแฟ้มข้อมูลที่ถูกแชร์ผ่านแซมบ้าจะอยู่ที่ไหนในะระบบก็ได้ตราบใดที"
298
"่คุณให้สิทธิ์การเข้าถึงแฟ้มข้อมูลนั้นอย่างถูกต้อง "
299
"อย่างไรก็ตามเราแนะนำให้คุณตามมาตรฐานถ้าเป็นไปได้"
300
301
#: serverguide/C/windows-networking.xml:168(para)
302
msgid ""
303
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
304
"directory using <application>Windows Explorer</application>."
305
msgstr ""
306
"<emphasis>browsable:</emphasis> "
307
"อนุญาติให้เครื่องลูกข่ายวินโดว์สามารถมองเห็นแฟ้มข้อมูลที่ถูกแชร์โดยใช้โปรแกรม"
308
" <application>Windows Explorer</application>"
309
310
#: serverguide/C/windows-networking.xml:174(para)
311
msgid ""
312
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
313
"without supplying a password."
314
msgstr ""
315
"<emphasis>guest ok:</emphasis> "
316
"อนุญาติให้เครื่องลูกข่ายใช้งานแชร์โดยไม่ต้องระบุรหัสผ่าน"
317
318
#: serverguide/C/windows-networking.xml:179(para)
319
msgid ""
320
"<emphasis>read only:</emphasis> determines if the share is read only or if "
321
"write privileges are granted. Write privileges are allowed only when the "
322
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
323
"is <emphasis>yes</emphasis>, then access to the share is read only."
324
msgstr ""
325
326
#: serverguide/C/windows-networking.xml:184(para)
327
msgid ""
328
"<emphasis>create mask:</emphasis> determines the permissions new files will "
329
"have when created."
330
msgstr "<emphasis>create mask:</emphasis> ระบุสิทธิ์ของไฟล์ที่ถูกสร้างใหม่"
331
332
#: serverguide/C/windows-networking.xml:193(para)
333
msgid ""
334
"Now that <application>Samba</application> is configured, the directory needs "
335
"to be created and the permissions changed. From a terminal enter:"
336
msgstr ""
337
"เอาล่ะ หลังจากคุณได้ตั้งค่าต่างๆของ <application>แซมบ้า</application> แล้ว "
338
"ก็ถึงเวลาที่คุณจะสร้างแฟ้มข้อมูลและแก้ไขสิทธิ์ของแฟ้มข้อมูล ให้พิมพ์คำสั่ง:"
339
340
#: serverguide/C/windows-networking.xml:199(command)
341
msgid "sudo mkdir -p /srv/samba/share"
342
msgstr "sudo mkdir -p /srv/samba/share"
343
344
#: serverguide/C/windows-networking.xml:200(command)
345
msgid "sudo chown nobody.nogroup /srv/samba/share/"
346
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
347
348
#: serverguide/C/windows-networking.xml:204(para)
349
msgid ""
350
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
351
"directory tree if it doesn't exist. Change the share name to fit your "
352
"environment."
353
msgstr ""
354
"ตัวเลือก <emphasis>-p</emphasis> บอกให้ mkdir "
355
"สร้างแฟ้มข้อมูลขึ้นมาใหม่ทั้งหมดถ้าไม่มีอยู่ "
356
"เปลี่ยนชื่อของแฟ้มข้อมูลที่ถูกแชร์ตามที่คุณต้องการ"
357
358
#: serverguide/C/windows-networking.xml:213(para)
359
msgid ""
360
"Finally, restart the <application>samba</application> services to enable the "
361
"new configuration:"
362
msgstr ""
363
"ขั้นตอนสุดท้ายคือการเริ่มโปรแกรม <application>samba</application> "
364
"เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
365
366
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
367
msgid "sudo restart smbd"
368
msgstr ""
369
370
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
371
msgid "sudo restart nmbd"
372
msgstr ""
373
374
#: serverguide/C/windows-networking.xml:226(para)
375
msgid ""
376
"Once again, the above configuration gives all access to any client on the "
377
"local network. For a more secure configuration see <xref linkend=\"samba-"
378
"fileprint-security\"/>."
379
msgstr ""
380
"การตั้งค่าตามด้านบนนั้นอนุญาติให้เครื่องลูกข่ายทำอะไรกับแฟ้มข้อมูลที่ถูกแชร์ "
381
" ถ้าคุณต้องการกำหนดสิทธิ์อย่างเคร่งคัดขึ้นกรุณาดู <xref linkend=\"samba-"
382
"fileprint-security\"/>"
383
384
#: serverguide/C/windows-networking.xml:232(para)
385
msgid ""
386
"From a Windows client you should now be able to browse to the Ubuntu file "
387
"server and see the shared directory. To check that everything is working try "
388
"creating a directory from Windows."
389
msgstr ""
390
"เพียงเท่านี้คุณก็น่าจะสามารถเห็นแฟ้มข้อมูลที่ถูกแชร์บนเซิร์ฟเวอร์อูบุนตูจากเค"
391
"รื่องลูกข่ายวินโดว์ได้แล้ว "
392
"ลองตรวจสอบว่าทุกอย่างทำงานได้ตามปกติโดยสร้างแฟ้มใหม่จากเครื่องวินโดว์ดู"
393
394
#: serverguide/C/windows-networking.xml:237(para)
395
msgid ""
396
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
397
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
398
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
399
"share actually exists and the permissions are correct."
400
msgstr ""
401
"คุณสามารถสร้างแชร์เพิ่มได้โดยเพิ่มหมวด <emphasis>[dir]</emphasis> ใหม่ในไฟล์ "
402
"<filename>/etc/samba/smb.conf</filename> จากนั้นให้เริ่มโปรแกรม "
403
"<emphasis>Samba</emphasis> ใหม่ "
404
"อย่าลืมตรวจสอบให้แน่ใจว่าแฟ้มที่คุณต้องการแชร์นั้นมีอยู่จริงและคุณได้กำหนดสิท"
405
"ธิ์ถูกต้อง"
406
407
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
408
msgid "Resources"
409
msgstr "แหล่งข้อมูล"
410
411
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
412
msgid ""
413
"For in depth Samba configurations see the <ulink "
414
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
415
"Collection</ulink>"
416
msgstr ""
417
"สำหรับการตั้งค่าแซมบ้าขั้นสูง กรุณาดูที่ <ulink "
418
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
419
"Collection</ulink>"
420
421
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
422
msgid ""
423
"The guide is also available in <ulink "
424
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
425
"format</ulink>."
426
msgstr ""
427
"คุณสามารถอ่านคู่มือนี้<ulink "
428
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
429
"/0131882228\">ในแบบหนังสือ</ulink>ได้"
430
431
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
432
msgid ""
433
"O'Reilly's <ulink "
434
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
435
"another good reference."
436
msgstr ""
437
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
438
"Samba</ulink> ของสำนักพิมพ์ O'Reilly ก็เป็นแหล่งข้อมูลที่ดีอีกอันหนึ่ง"
439
440
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
441
msgid ""
442
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
443
"</ulink> page."
444
msgstr ""
445
446
#: serverguide/C/windows-networking.xml:275(title)
447
msgid "Samba Print Server"
448
msgstr "การใช้แซมบ้าเป็นเซิร์ฟเวอร์สำหรับการพิมพ์"
449
450
#: serverguide/C/windows-networking.xml:277(para)
451
msgid ""
452
"Another common use of Samba is to configure it to share printers installed, "
453
"either locally or over the network, on an Ubuntu server. Similar to <xref "
454
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
455
"any client on the local network to use the installed printers without "
456
"prompting for a username and password."
457
msgstr ""
458
"ประโยชน์อีกอย่างนึงของแซมบ้าคือคุณสามารถแชร์เครื่องพิมพ์ผ่านแซมบ้าได้ "
459
"ไม่ว่าจะเป็นเครื่องพิมพ์ที่ต่อกับเซิร์ฟเวอร์อูบุนตูของคุณหรือเครื่องพิมพ์ที่อ"
460
"ยู่ที่อื่นๆในเครือข่าย เช่นเดียวกับในส่วน <xref linkend=\"samba-"
461
"fileserver\"/> "
462
"ส่วนนี้จะอธิบายการตั้งค่าแซมบ้าให้เครื่องลูกข่ายใช้เครื่องพิมพ์ผ่านแซมบ้าได้โ"
463
"ดยไม่ต้องระบุชื่อผู้ใช้และรหัสผ่าน"
464
465
#: serverguide/C/windows-networking.xml:283(para)
466
msgid ""
467
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
468
"security\"/>."
469
msgstr ""
470
"ถ้าคุณต้องการตั้งค่าความปลอดภัยเพิ่มเติม กรุณาดู <xref linkend=\"samba-"
471
"fileprint-security\"/>"
472
473
#: serverguide/C/windows-networking.xml:290(para)
474
msgid ""
475
"Before installing and configuring Samba it is best to already have a working "
476
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
477
"for details."
478
msgstr ""
479
"ก่อนติดตั้งและตั้งค่าแซมบ้า คุณควรจะมีโปรแกรม "
480
"<application>CUPS</application> ที่ทำงานได้เสียก่อน ลองดู <xref "
481
"linkend=\"cups\"/> สำหรับรายละเอียดเกี่ยวกับ CUPS"
482
483
#: serverguide/C/windows-networking.xml:295(para)
484
msgid ""
485
"To install the <application>samba</application> package, from a terminal "
486
"enter:"
487
msgstr ""
488
"ติดตั้งชุดโปรแกรม <application>แซมบ้า</application> โดยพิมพ์คำสั่งดังนี้:"
489
490
#: serverguide/C/windows-networking.xml:306(para)
491
msgid ""
492
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
493
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
494
"network, and change <emphasis>security</emphasis> to <emphasis "
495
"role=\"italic\">share</emphasis>:"
496
msgstr ""
497
"หลังติดตั้งแซมบ้า แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
498
"โดยเปลี่ยนชื่อ <emphasis>workgroup</emphasis> เป็นชื่อที่คุณต้องการ "
499
"และเปลี่ยนค่า <emphasis>security</emphasis> เป็น <emphasis "
500
"role=\"italic\">share</emphasis>:"
501
502
#: serverguide/C/windows-networking.xml:318(para)
503
msgid ""
504
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
505
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
506
msgstr ""
507
"ในหมวด <emphasis>[printers]</emphasis> เปลี่ยนค่า <emphasis>guest "
508
"ok</emphasis> เป็น <emphasis role=\"italic\">yes</emphasis>:"
509
510
#: serverguide/C/windows-networking.xml:322(programlisting)
511
#, no-wrap
512
msgid ""
513
"\n"
514
" browsable = yes\n"
515
" guest ok = yes\n"
516
msgstr ""
517
"\n"
518
" browsable = yes\n"
519
" guest ok = yes\n"
520
521
#: serverguide/C/windows-networking.xml:327(para)
522
msgid "After editing <filename>smb.conf</filename> restart Samba:"
523
msgstr ""
524
525
#: serverguide/C/windows-networking.xml:336(para)
526
msgid ""
527
"The default Samba configuration will automatically share any printers "
528
"installed. Simply install the printer locally on your Windows clients."
529
msgstr ""
530
"ค่าที่มากับการติดตั้งแซมบ้านั้นจะแชร์เครื่องพิมพ์ที่ต่อกับเครื่องโดยอัตโนมัติ"
531
" คุณแค่ต้องเพิ่มเครื่องพิมพ์ในเครื่องลูกข่ายวินโดว์ของคุณเท่านั้น"
532
533
#: serverguide/C/windows-networking.xml:365(para)
534
msgid ""
535
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
536
"more information on configuring CUPS."
537
msgstr ""
538
"นอกจากนั้นลองดู <ulink url=\"http://www.cups.org/\">เว็บไซต์ของ CUPS</ulink> "
539
"สำหรับข้อมูลการตั้งค่า CUPS"
540
541
#: serverguide/C/windows-networking.xml:379(title)
542
msgid "Securing a Samba File and Print Server"
543
msgstr "การรักษาความปลอดภัยเซิร์ฟเวอร์แซมบ้า"
544
545
#: serverguide/C/windows-networking.xml:382(title)
546
msgid "Samba Security Modes"
547
msgstr "โหมดความปลอดภัยของแซมบ้า"
548
549
#: serverguide/C/windows-networking.xml:384(para)
550
msgid ""
551
"There are two security levels available to the Common Internet Filesystem "
552
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
553
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
554
"allows more flexibility, providing four ways of implementing user-level "
555
"security and one way to implement share-level:"
556
msgstr ""
557
"โปรโตคอลเครือข่าย Common Internet Filesystem (CIFS) "
558
"ได้ระบุระดับความปลอดภัยไว้สองระดับคือระดับผู้ใช้ (<emphasis>user-"
559
"level</emphasis>) และระดับแชร์ (<emphasis>share-level</emphasis>) "
560
"แซมบ้ามีระบบความปลอดภัยที่ยืดหยุ่นกว่าที่เรียกว่าโหมดความปลอดภัย "
561
"(<emphasis>security mode</emphasis>) ที่มีถึง 4 "
562
"วิธีในการรักษาความปลอดภัยสำหรับระดับผู้ใช้และอีก 1 วิธีสำหรับระดับแชร์:"
563
564
#: serverguide/C/windows-networking.xml:393(para)
565
msgid ""
566
"<emphasis>security = user:</emphasis> requires clients to supply a username "
567
"and password to connect to shares. Samba user accounts are separate from "
568
"system accounts, but the <application>libpam-smbpass</application> package "
569
"will sync system users and passwords with the Samba user database."
570
msgstr ""
571
"<emphasis>security = user:</emphasis> "
572
"บังคับให้เครื่องลูกข่ายต้องระบุชื่อผู้ใช้และรหัสผ่านเพื่อที่จะเชื่อมต่อเข้ากั"
573
"บแชร์ บัญชีผู้ใช้ของแซมบ้านั้นแยกกันกับบัญชีผู้ใช้ของระบบ แต่ว่าแพคเกจ "
574
"<application>libpam-smbpass</application> "
575
"จะช่วยทำให้ชื่อและรหัสผ่านของระบบเหมือนกันกับในฐานข้อมูลของแซมบ้าได้"
576
577
#: serverguide/C/windows-networking.xml:400(para)
578
msgid ""
579
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
580
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
581
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
582
"linkend=\"samba-dc\"/> for further information."
583
msgstr ""
584
"<emphasis>security = domain:</emphasis> "
585
"โหมดนี้ทำให้เซิร์ฟเวอร์แซมบ้าทำตัวเป็น Primary Domain Controller (PDC), "
586
"Backup Domain Controller (BDC), หรือ Domain Member Server (DMS) "
587
"สำหรับเครื่องลูกข่ายวินโดว์ได้ กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
588
"linkend=\"samba-dc\"/>"
589
590
#: serverguide/C/windows-networking.xml:407(para)
591
msgid ""
592
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
593
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
594
"integration\"/> for details."
595
msgstr ""
596
"<emphasis>security = ADS:</emphasis> ทำให้เซิร์ฟเวอร์แซมบ้าเข้าร่วมกับโดเมน "
597
"Active Directory ในฐานะสมาชิกของโดเมน กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
598
"linkend=\"samba-ad-integration\"/>"
599
600
#: serverguide/C/windows-networking.xml:413(para)
601
msgid ""
602
"<emphasis>security = server:</emphasis> this mode is left over from before "
603
"Samba could become a member server, and due to some security issues should "
604
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
605
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
606
"of the Samba guide for more details."
607
msgstr ""
608
"<emphasis>security = server:</emphasis> "
609
"โหมดนี้เป็นโหมดที่หลงเหลือก่อนที่แซมบ้าจะสามารถเป็นสมาชิกของโดเมนได้ "
610
"และเนื่องจากปัญหาเกี่ยวกับความปลอดภัยเราไม่แนะนำให้คุณใช้โหมดนี้ "
611
"กรุณาอ่านส่วน <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
612
"Collection/ServerType.html#id349531\">การรักษาความปลอดภัยของเซิร์ฟเวอร์</ulin"
613
"k>ในคู่มือแซมบ้าเพื่อดูรายละเอียดเพิ่มเติม"
614
615
#: serverguide/C/windows-networking.xml:421(para)
616
msgid ""
617
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
618
"without supplying a username and password."
619
msgstr ""
620
"<emphasis>security = share:</emphasis> "
621
"อนุญาติให้เครื่องลูกข่ายเชื่อมต่อเข้าไปที่แชร์โดยไม่ต้องระบุชื่อผู้ใช้และรหัส"
622
"ผ่าน"
623
624
#: serverguide/C/windows-networking.xml:428(para)
625
msgid ""
626
"The security mode you choose will depend on your environment and what you "
627
"need the Samba server to accomplish."
628
msgstr ""
629
"โหมดความปลอดภัยที่คุณเลือกขึ้นอยู่กับว่าคุณอยากให้เซิร์ฟเวอร์แซมบ้าของคุณทำอะ"
630
"ไร"
631
632
#: serverguide/C/windows-networking.xml:434(title)
633
msgid "Security = User"
634
msgstr "ความปลอดภัยระดับ Security = User"
635
636
#: serverguide/C/windows-networking.xml:436(para)
637
msgid ""
638
"This section will reconfigure the Samba file and print server, from <xref "
639
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
640
"require authentication."
641
msgstr ""
642
"ส่วนนี้จะแสดงการตั้งค่าแซมบ้าต่อจาก <xref linkend=\"samba-fileserver\"/> และ "
643
"<xref linkend=\"samba-printserver\"/> เพื่อให้มีการลงชื่อเข้าใช้แชร์"
644
645
#: serverguide/C/windows-networking.xml:441(para)
646
msgid ""
647
"First, install the <application>libpam-smbpass</application> package which "
648
"will sync the system users to the Samba user database:"
649
msgstr ""
650
"ก่อนอื่นคุณต้องติดตั้งแพคเกจ <application>libpam-smbpass</application> "
651
"ซึ่งจะทำให้ชื่อและรหัสผ่านของผู้ใช้ในระบบเหมือนกันกับในฐานข้อมูลผู้ใช้ของแซมบ"
652
"้า:"
653
654
#: serverguide/C/windows-networking.xml:447(command)
655
msgid "sudo apt-get install libpam-smbpass"
656
msgstr "sudo apt-get install libpam-smbpass"
657
658
#: serverguide/C/windows-networking.xml:451(para)
659
msgid ""
660
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
661
"<application>libpam-smbpass</application> is already installed."
662
msgstr ""
663
"ถ้าคุณเลือกติดตั้ง <emphasis>เซิร์ฟเวอร์แซมบ้า</emphasis> ตอนติดตั้งอูบุนตู "
664
"แพคเกจ <application>libpam-smbpass</application> ได้ถูกติดตั้งเรียบร้อยแล้ว"
665
666
#: serverguide/C/windows-networking.xml:457(para)
667
msgid ""
668
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
669
"<emphasis>[share]</emphasis> section change:"
670
msgstr ""
671
"แก้ไขหมวด <emphasis>[share]</emphasis> ในไฟล์ "
672
"<filename>/etc/samba/smb.conf</filename>:"
673
674
#: serverguide/C/windows-networking.xml:461(programlisting)
675
#, no-wrap
676
msgid ""
677
"\n"
678
" guest ok = no\n"
679
msgstr ""
680
"\n"
681
" guest ok = no\n"
682
683
#: serverguide/C/windows-networking.xml:465(para)
684
msgid "Finally, restart Samba for the new settings to take effect:"
685
msgstr "จากนั้นเริ่มโปรแกรมแซมบ้าใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
686
687
#: serverguide/C/windows-networking.xml:474(para)
688
msgid ""
689
"Now when connecting to the shared directories or printers you should be "
690
"prompted for a username and password."
691
msgstr ""
692
"จากนี้ไปเมื่อคุณเชื่อมต่อเข้าใช้งานแฟ้มข้อมูลหรือเครื่องพิมพ์ที่แชร์ผ่านแซมบ้"
693
"า คุณจะต้องระบุชื่อผู้ใช้และรหัสผ่าน"
694
695
#: serverguide/C/windows-networking.xml:479(para)
696
msgid ""
697
"If you choose to map a network drive to the share you can check the "
698
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
699
"enter the username and password once, at least until the password changes."
700
msgstr ""
701
"ถ้าคุณต้องการให้แฟ้มข้อมูลที่แชร์แสดงเป็นไดรฟ์ในวินโดว์ ให้เช็คเครื่องหมาย "
702
"<quote>Reconnect at Logon</quote> "
703
"ซึ่งจะบังคับให้คุณต้องใส่ชื่อผู้ใช้และรหัสผ่านแค่ครั้งเดียว "
704
"อย่างน้อยก็จนกว่ารหัสผ่านจะเปลี่ยนแปลง"
705
706
#: serverguide/C/windows-networking.xml:487(title)
707
msgid "Share Security"
708
msgstr "ระดับความปลอดภัยแบบแชร์"
709
710
#: serverguide/C/windows-networking.xml:489(para)
711
msgid ""
712
"There are several options available to increase the security for each "
713
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
714
"this section will cover some common options."
715
msgstr ""
716
"มีหลายวิธีที่คุณสามารถใช้ได้เพื่อรักษาความปลอดภัยให้กับแต่ละแฟ้มข้อมูลที่ถูกแ"
717
"ชร์ หมวดนี้จะแสดงตัวเลือกที่ใช้โดยทั่วไปโดยใช้ตัวอย่าง "
718
"<emphasis>[share]</emphasis> จากส่วนก่อนหน้า"
719
720
#: serverguide/C/windows-networking.xml:495(title)
721
msgid "Groups"
722
msgstr "กลุ่ม"
723
724
#: serverguide/C/windows-networking.xml:497(para)
725
msgid ""
726
"Groups define a collection of computers or users which have a common level "
727
"of access to particular network resources and offer a level of granularity "
728
"in controlling access to such resources. For example, if a group <emphasis "
729
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
730
"role=\"italic\">freda</emphasis>, <emphasis "
731
"role=\"italic\">danika</emphasis>, and <emphasis "
732
"role=\"italic\">rob</emphasis> and a second group <emphasis "
733
"role=\"italic\">support</emphasis> is defined and consists of users "
734
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
735
"role=\"italic\">jeremy</emphasis>, and <emphasis "
736
"role=\"italic\">vincent</emphasis> then certain network resources configured "
737
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
738
"subsequently enable access by freda, danika, and rob, but not jeremy or "
739
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
740
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
741
"role=\"italic\">support</emphasis> groups, she will be able to access "
742
"resources configured for access by both groups, whereas all other users will "
743
"have only access to resources explicitly allowing the group they are part of."
744
msgstr ""
745
"กลุ่มเป็นตัวแทนของกลุ่มของเครื่องลูกข่ายหรือกลุ่มของผู้ใช้ในเครือข่ายที่สมาชิ"
746
"กในกลุ่มได้รับสิทธิ์เหมือนๆกันในการใช้งานทรัพยากรเครือข่าย "
747
"และทำให้การกำหนดสิทธิ์ง่ายขึ้น ยกตัวอย่างเช่น ถ้ามีกลุ่มชื่อ <emphasis "
748
"role=\"italic\">qa</emphasis> ที่มีผู้ใช้ชื่อ <emphasis "
749
"role=\"italic\">freda</emphasis>, <emphasis "
750
"role=\"italic\">danika</emphasis>, และ <emphasis "
751
"role=\"italic\">rob</emphasis> และอีกกลุ่มหนึ่งชื่อ <emphasis "
752
"role=\"italic\">support</emphasis> ที่มีสมาชิกชื่อ <emphasis "
753
"role=\"italic\">danika</emphasis>, <emphasis "
754
"role=\"italic\">jeremy</emphasis>, และ <emphasis "
755
"role=\"italic\">vincent</emphasis> ทรัพยากรใดๆก็ตามที่กลุ่ม <emphasis "
756
"role=\"italic\">qa</emphasis> สามารถใช้งานได้ก็หมายความว่าสมาชิกในกลุ่มคือ "
757
"freda, danika, และ rob ก็สามารถใช้งานได้เช่นกัน แต่ jeremy และ vincent "
758
"จะไม่สามารถใช้งานได้เพราะไม่ใช่สมาชิกในกลุ่ม และเนื่องจากว่า <emphasis "
759
"role=\"italic\">danika</emphasis> เป็นสมาชิกของทั้งกลุ่ม <emphasis "
760
"role=\"italic\">qa</emphasis> และ <emphasis "
761
"role=\"italic\">support</emphasis> เธอจึงสามารถใช้ทรัพยากรของทั้งสองกลุ่มได้ "
762
"ต่างจากคนอื่นๆที่อยู่ในกลุ่มๆเดียวและสามารถใช้งานเฉพาะทรัพยากรที่กลุ่มนั้นๆได"
763
"้รับอนุญาติ"
764
765
#: serverguide/C/windows-networking.xml:511(para)
766
msgid ""
767
"By default Samba looks for the local system groups defined in "
768
"<filename>/etc/group</filename> to determine which users belong to which "
769
"groups. For more information on adding and removing users from groups see "
770
"<xref linkend=\"adding-deleting-users\"/>."
771
msgstr ""
772
"โดยปกติแซมบ้าจะหากลุ่มผู้ใช้ในระบบจากไฟล์ <filename>/etc/group</filename> "
773
"เพื่อดูว่าผู้ใช้เป็นสมาชิกของกลุ่มไหน "
774
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับการเพิ่งหรือลบผู้ใช้ออกจากกลุ่มลองดูที่ <xref "
775
"linkend=\"adding-deleting-users\"/>"
776
777
#: serverguide/C/windows-networking.xml:517(para)
778
msgid ""
779
"When defining groups in the Samba configuration file, "
780
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
781
"preface the group name with an \"@\" symbol. For example, if you wished to "
782
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
783
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
784
"do so by entering the group name as <emphasis "
785
"role=\"bold\">@sysadmin</emphasis>."
786
msgstr ""
787
"เมื่อคุณสร้างกลุ่มในไฟล์การตั้งค่าของแซมบ้าที่ "
788
"<filename>/etc/samba/smb.conf</filename> "
789
"คุณต้องเริ่มต้นชื่อกลุ่มด้วยเครื่องหมาย \"@\" "
790
"เช่นถ้าคุณต้องการสร้างกลุ่มชื่อ <emphasis "
791
"role=\"italic\">sysadmin</emphasis> ในหมวดใดๆของไฟล์ "
792
"<filename>/etc/samba/smb.conf</filename> คุณต้องใส่ชื่อกลุ่มเป็น <emphasis "
793
"role=\"bold\">@sysadmin</emphasis>"
794
795
#: serverguide/C/windows-networking.xml:526(title)
796
msgid "File Permissions"
797
msgstr "สิทธิ์ของไฟล์"
798
799
#: serverguide/C/windows-networking.xml:528(para)
800
msgid ""
801
"File Permissions define the explicit rights a computer or user has to a "
802
"particular directory, file, or set of files. Such permissions may be defined "
803
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
804
"the explicit permissions of a defined file share."
805
msgstr ""
806
"สิทธิ์ของไฟล์เป็นตัวกำหนดว่าเครื่องคอมพิวเตอร์หรือผู้ใช้มีสิทธิ์ในการทำอะไรกั"
807
"บแฟ้มข้อมูล ไฟล์ หรือกลุ่มของไฟล์ได้บ้าง "
808
"คุณสามารถกำหนดสิทธิ์เหล่านี้โดยแก้ไฟล์ "
809
"<filename>/etc/samba/smb.conf</filename> และระบุสิทธิ์ต่างๆสำหรับแต่ละแชร์"
810
811
#: serverguide/C/windows-networking.xml:534(para)
812
msgid ""
813
"For example, if you have defined a Samba share called "
814
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
815
"only</emphasis> permissions to the group of users known as <emphasis "
816
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
817
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
818
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
819
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
820
"under the <emphasis>[share]</emphasis> entry:"
821
msgstr ""
822
"ยกตัวอย่างเช่น ถ้าคุณสร้างแชร์ในแซมบ้าชื่อ <emphasis>share</emphasis> "
823
"และต้องการให้สิทธิ์ <emphasis role=\"italic\">read-only</emphasis> "
824
"หรือให้เฉพาะสิทธิ์การอ่านกับกลุ่มของผู้ใช้ชื่อ <emphasis "
825
"role=\"italic\">qa</emphasis> "
826
"แต่ต้องการให้สิทธิ์การอ่านและเขียนกับกลุ่มของผู้ใช้ที่ชื่อ <emphasis "
827
"role=\"italic\">sysadmin</emphasis> และผู้ใช้ที่ชื่อ <emphasis "
828
"role=\"italic\">vincent</emphasis> คุณต้องแก้ไขไฟล์ "
829
"<filename>/etc/samba/smb.conf</filename> และตั้งค่าเหล่านี้ภายใต้หมวด "
830
"<emphasis>[share]</emphasis>:"
831
832
#: serverguide/C/windows-networking.xml:543(programlisting)
833
#, no-wrap
834
msgid ""
835
"\n"
836
" read list = @qa\n"
837
" write list = @sysadmin, vincent\n"
838
msgstr ""
839
"\n"
840
" read list = @qa\n"
841
" write list = @sysadmin, vincent\n"
842
843
#: serverguide/C/windows-networking.xml:548(para)
844
msgid ""
845
"Another possible Samba permission is to declare "
846
"<emphasis>administrative</emphasis> permissions to a particular shared "
847
"resource. Users having administrative permissions may read, write, or modify "
848
"any information contained in the resource the user has been given explicit "
849
"administrative permissions to."
850
msgstr ""
851
"สิทธิ์อีกแบบนึงที่คุณสามารถใช้ได้คือ "
852
"<emphasis>administrative</emphasis>หรือสิทธิ์ของผู้ดูแล "
853
"ซึ่งหมายความว่าใครก็ตามที่ได้สิทธิ์นี้จะสามารถอ่าน เขียน "
854
"แก้ไขข้อมูลใดๆก็ตามที่อยู่ในแชร์นั้นๆ"
855
856
#: serverguide/C/windows-networking.xml:554(para)
857
msgid ""
858
"For example, if you wanted to give the user <emphasis "
859
"role=\"italic\">melissa</emphasis> administrative permissions to the "
860
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
861
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
862
"under the <emphasis>[share]</emphasis> entry:"
863
msgstr ""
864
"ยกตัวอย่างเช่น ถ้าคุณต้องการให้สิทธิ์ผู้ดูแลกับ <emphasis "
865
"role=\"italic\">melissa</emphasis> สำหรับแชร์ในตัวอย่าง <emphasis "
866
"role=\"italic\">share</emphasis> ก่อนหน้านี้ คุณต้องแก้ไขไฟล์ "
867
"<filename>/etc/samba/smb.conf</filename> และเพิ่มบรรทัดต่อไปนี้ภายใต้หมวด "
868
"<emphasis>[share]</emphasis>:"
869
870
#: serverguide/C/windows-networking.xml:561(programlisting)
871
#, no-wrap
872
msgid ""
873
"\n"
874
" admin users = melissa\n"
875
msgstr ""
876
"\n"
877
" admin users = melissa\n"
878
879
#: serverguide/C/windows-networking.xml:565(para)
880
msgid ""
881
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
882
"the changes to take effect:"
883
msgstr ""
884
"หลังจากแก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
885
"แล้วให้เริ่มโปรแกรมแซมบ้าใหม่เพื่อให้ข้อเปลี่ยนแปลงมีผลบังคับใช้:"
886
887
#: serverguide/C/windows-networking.xml:575(para)
888
msgid ""
889
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
890
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
891
"<emphasis role=\"italic\">security = share</emphasis>"
892
msgstr ""
893
"การตั้งค่า <emphasis>read list</emphasis> และ <emphasis>write "
894
"list</emphasis> นั้นจะมีผลก็ต่อเมื่อโหมดรักษาความปลอดภัยของแซมบ้า<emphasis>ไม"
895
"่ใช่</emphasis> <emphasis role=\"italic\">security = share</emphasis> "
896
"เท่านั้น"
897
898
#: serverguide/C/windows-networking.xml:581(para)
899
msgid ""
900
"Now that Samba has been configured to limit which groups have access to the "
901
"shared directory, the filesystem permissions need to be updated."
902
msgstr ""
903
"หลังจากคุณตั้งค่าสิทธิ์ต่างๆในแซมบ้าแล้ว "
904
"คุณต้องไปแก้ไขสิทธิ์ในระบบไฟล์ของอูบุนตูด้วย"
905
906
#: serverguide/C/windows-networking.xml:586(para)
907
msgid ""
908
"Traditional Linux file permissions do not map well to Windows NT Access "
909
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
910
"providing more fine grained control. For example, to enable ACLs on "
911
"<filename>/srv</filename> an EXT3 filesystem, edit "
912
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
913
msgstr ""
914
"สิทธิ์ของไฟล์ในลีนุกซ์นั้นไม่คล้ายกับสิทธิ์แบบ Access Control Lists (ACLs) "
915
"ของวินโดว์ซักเท่าไรนัก แต่โชคดีที่อูบุนตูเซิร์ฟเวอร์ก็มี POSIX ACLs "
916
"ซึ่งเพิ่มความสามารถในการปรับตั้งค่าสิทธิ์แบบละเอียดขึ้น ยกตัวอย่างเช่น "
917
"ถ้าคุณต้องการใช้งาน ACLs กับ <filename>/srv</filename> ซึ่งเป็นระบบไฟล์แบบ "
918
"EXT3 ให้เพิ่มตัวเลือก <emphasis>acl</emphasis> ในไฟล์ "
919
"<filename>/etc/fstab</filename> ดังนี้:"
920
921
#: serverguide/C/windows-networking.xml:593(programlisting)
922
#, no-wrap
923
msgid ""
924
"\n"
925
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
926
"0 1\n"
927
msgstr ""
928
"\n"
929
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
930
"0 1\n"
931
932
#: serverguide/C/windows-networking.xml:597(para)
933
msgid "Then remount the partition:"
934
msgstr "จากนั้นก็ mount พาร์ติชั่นใหม่โดยพิมพ์คำสั่ง:"
935
936
#: serverguide/C/windows-networking.xml:602(command)
937
msgid "sudo mount -v -o remount /srv"
938
msgstr "sudo mount -v -o remount /srv"
939
940
#: serverguide/C/windows-networking.xml:606(para)
941
msgid ""
942
"The above example assumes <filename>/srv</filename> on a separate partition. "
943
"If <filename>/srv</filename>, or wherever you have configured your share "
944
"path, is part of the <filename>/</filename> partition a reboot may be "
945
"required."
946
msgstr ""
947
"ตัวอย่างด้านบนนั้นสมมุติว่า <filename>/srv</filename> "
948
"อยู่บนพาร์ติชั่นอีกพาร์ติชั่นนึง ถ้า <filename>/srv</filename> "
949
"หรือที่ใดก็ตามที่คุณใช้เป็นแชร์เป็นส่วนหนึ่งของพาร์ติชั่น "
950
"<filename>/</filename> คุณอาจจะต้องบูตเครื่องของคุณหลังแก้ไขค่า"
951
952
#: serverguide/C/windows-networking.xml:613(para)
953
msgid ""
954
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
955
"group will be given read, write, and execute permissions to "
956
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
957
"will be given read and execute permissions, and the files will be owned by "
958
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
959
msgstr ""
960
"เพื่อให้สิทธิ์ของไฟล์ตรงกับสิทธิ์ของแชร์ที่เราได้ตั้งค่าไว้ด้านบน "
961
"เราจะให้สิทธิ์การอ่าน เขียน และรันโปรแกรมใน "
962
"<filename>/srv/samba/share</filename> กับกลุ่มผู้ใช้ "
963
"<emphasis>sysadmin</emphasis> และให้เฉพาะสิทธิ์อ่านและรันโปรแกรมกับกลุ่ม "
964
"<emphasis>qa</emphasis> และผู้ใช้ชื่อ <emphasis>melissa</emphasis> "
965
"จะเป็นเจ้าของไฟล์ทั้งหมดที่อยู่ในแชร์นี้ ให้พิมพ์คำสั่งดังนี้:"
966
967
#: serverguide/C/windows-networking.xml:621(command)
968
msgid "sudo chown -R melissa /srv/samba/share/"
969
msgstr "sudo chown -R melissa /srv/samba/share/"
970
971
#: serverguide/C/windows-networking.xml:622(command)
972
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
973
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
974
975
#: serverguide/C/windows-networking.xml:623(command)
976
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
977
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
978
979
#: serverguide/C/windows-networking.xml:627(para)
980
msgid ""
981
"The <application>setfacl</application> command above gives "
982
"<emphasis>execute</emphasis> permissions to all files in the "
983
"<filename>/srv/samba/share</filename> directory, which you may or may not "
984
"want."
985
msgstr ""
986
"คำสั่ง <application>setfacl</application> ด้านบนนั้นให้สิทธิ์ "
987
"<emphasis>execute</emphasis> (สิทธิ์ในการรันโปรแกรมจากไฟล์) "
988
"กับทุกไฟล์ในแฟ้มข้อมูล <filename>/srv/samba/share</filename> "
989
"ซึ่งอาจเป็นสิ่งที่คุณต้องการหรือไม่ต้องการ"
990
991
#: serverguide/C/windows-networking.xml:633(para)
992
msgid ""
993
"Now from a Windows client you should notice the new file permissions are "
994
"implemented. See the <application>acl</application> and "
995
"<application>setfacl</application> man pages for more information on POSIX "
996
"ACLs."
997
msgstr ""
998
"ตอนนี้ถ้าคุณลองใช้งานแชร์จากเครื่องลูกข่ายวินโดว์คุณจะสั่งเกตุเห็นว่าสิทธิ์ให"
999
"ม่ได้มีผลบังคับใช้แล้ว ถ้าคุณต้องการข้อมูลเพิ่มเติมเกี่ยวกับ POSIX ACLs "
1000
"กรุณาอ่านคู่มือ (man pages) ของ <application>acl</application> และ "
1001
"<application>setfacl</application>"
1002
1003
#: serverguide/C/windows-networking.xml:641(title)
1004
msgid "Samba AppArmor Profile"
1005
msgstr "โปรไฟล์ AppArmor ของแซมบ้า"
1006
1007
#: serverguide/C/windows-networking.xml:643(para)
1008
msgid ""
1009
"Ubuntu comes with the <application>AppArmor</application> security module, "
1010
"which provides mandatory access controls. The default AppArmor profile for "
1011
"Samba will need to be adapted to your configuration. For more details on "
1012
"using AppArmor see <xref linkend=\"apparmor\"/>."
1013
msgstr ""
1014
"อูบุนตูมาพร้อมกับโมดูลรักษาความปลอดภัยที่เรียกว่า "
1015
"<application>AppArmor</application> "
1016
"ซึ่งบังคับให้มีการกำหนดขอบเขตและสิทธิ์ที่โปรแกรมต่างๆสามารถมีได้ "
1017
"คุณสามารถปรับแต่งโปรไฟล์ AppArmor "
1018
"ของอูบุนตูที่มาพร้อมกับตอนติดตั้งให้เหมาะกับความต้องการของคุณได้ "
1019
"สำหรับรายละเอียดเพิ่มเติมกรุณาดู <xref linkend=\"apparmor\"/>"
1020
1021
#: serverguide/C/windows-networking.xml:649(para)
1022
msgid ""
1023
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1024
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1025
"of the <application>apparmor-profiles</application> packages. To install the "
1026
"package, from a terminal prompt enter:"
1027
msgstr ""
1028
"แพคเกจ <application>apparmor-profiles</application> จะทำการสร้างโปรไฟล์ "
1029
"AppArmor สำหรับโปรแกรมของแซมบ้าสองตัวคือ <filename>/usr/sbin/smbd</filename> "
1030
"และ <filename>/usr/sbin/nmbd</filename> "
1031
"ซึ่งเป็นโปรแกรมแซมบ้าที่ทำงานอยู่เบื้องหลัง (daemon) "
1032
"คุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
1033
1034
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
1035
msgid "sudo apt-get install apparmor-profiles"
1036
msgstr "sudo apt-get install apparmor-profiles"
1037
1038
#: serverguide/C/windows-networking.xml:660(para)
1039
msgid "This package contains profiles for several other binaries."
1040
msgstr "แพคเกจนี้ยังมีโปรไฟล์สำหรับโปรแกรมอื่นๆอีกด้วย"
1041
1042
#: serverguide/C/windows-networking.xml:665(para)
1043
msgid ""
1044
"By default the profiles for <application>smbd</application> and "
1045
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1046
"allowing Samba to work without modifying the profile, and only logging "
1047
"errors. To place the <application>smbd</application> profile into "
1048
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1049
"profile will need to be modified to reflect any directories that are shared."
1050
msgstr ""
1051
"ค่าเริ่มต้นของโปรไฟล์สำหรับ <application>smbd</application> และ "
1052
"<application>nmbd</application> จะอยู่ในโหมด <emphasis>complain</emphasis> "
1053
"ซึ่งอนุญาติให้แซมบ้าทำงานโดยห้ามแก้ไขโปรไฟล์และจะเก็บบันทึกของข้อผิดพลาดต่างๆ"
1054
"ที่เกิดขึ้นเท่านั้น ถ้าคุณต้องการให้โปรไฟล์สำหรับ "
1055
"<application>smbd</application> อยู่ในโหมด <emphasis>enforce</emphasis> "
1056
"คุณจะต้องแก้ไขโปรไฟล์และระบุแฟ้มข้อมูลใดๆก็ตามที่ถูกแชร์เพื่อให้แซมบ้าทำงานได"
1057
"้เป็นปกติ"
1058
1059
#: serverguide/C/windows-networking.xml:672(para)
1060
msgid ""
1061
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1062
"for <emphasis>[share]</emphasis> from the file server example:"
1063
msgstr ""
1064
"แก้ไขไฟล์ <filename>/etc/apparmor.d/usr.sbin.smbd</filename> "
1065
"และเพิ่มข้อมูลเกี่ยวกับ <emphasis>[share]</emphasis> (จากตัวอย่างด้านบน):"
1066
1067
#: serverguide/C/windows-networking.xml:677(programlisting)
1068
#, no-wrap
1069
msgid ""
1070
"\n"
1071
" /srv/samba/share/ r,\n"
1072
" /srv/samba/share/** rwkix,\n"
1073
msgstr ""
1074
"\n"
1075
" /srv/samba/share/ r,\n"
1076
" /srv/samba/share/** rwkix,\n"
1077
1078
#: serverguide/C/windows-networking.xml:682(para)
1079
msgid ""
1080
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1081
msgstr ""
1082
"จากนั้นคุณต้องโหลดโปรไฟล์ใหม่ในโหมด <emphasis>enforce</emphasis> "
1083
"โดยพิมพ์คำสั่ง:"
1084
1085
#: serverguide/C/windows-networking.xml:687(command)
1086
msgid "sudo aa-enforce /usr/sbin/smbd"
1087
msgstr "sudo aa-enforce /usr/sbin/smbd"
1088
1089
#: serverguide/C/windows-networking.xml:688(command)
1090
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1091
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1092
1093
#: serverguide/C/windows-networking.xml:691(para)
1094
msgid ""
1095
"You should now be able to read, write, and execute files in the shared "
1096
"directory as normal, and the <application>smbd</application> binary will "
1097
"have access to only the configured files and directories. Be sure to add "
1098
"entries for each directory you configure Samba to share. Also, any errors "
1099
"will be logged to <filename>/var/log/syslog</filename>."
1100
msgstr ""
1101
1102
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
1103
msgid ""
1104
"O'Reilly's <ulink "
1105
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1106
"also a good reference."
1107
msgstr ""
1108
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
1109
"Samba</ulink> จากสำนักพิพม์ O'Reilly ก็เป็นแหล่งอ้างอิงที่ดี"
1110
1111
#: serverguide/C/windows-networking.xml:722(para)
1112
msgid ""
1113
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1114
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1115
"security."
1116
msgstr ""
1117
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1118
"samba.html\">บทที่ 18</ulink> ของ Samba HOWTO Collection "
1119
"ทั้งบทอธิบายเกี่ยวกับการรักษาความปลอดภัย"
1120
1121
#: serverguide/C/windows-networking.xml:728(para)
1122
msgid ""
1123
"For more information on Samba and ACLs see the <ulink "
1124
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1125
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1126
msgstr ""
1127
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับแซมบ้าและ ACLs กรุณาอ่าน <ulink "
1128
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1129
"Collection/AccessControls.html#id397568\">หน้า ACLs ของแซมบ้า </ulink>."
1130
1131
#: serverguide/C/windows-networking.xml:744(title)
1132
msgid "Samba as a Domain Controller"
1133
msgstr "การใช้แซมบ้าเป็นเครื่องควบคุมโดเมน (Domain Controller)"
1134
1135
#: serverguide/C/windows-networking.xml:746(para)
1136
msgid ""
1137
"Although it cannot act as an Active Directory Primary Domain Controller "
1138
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1139
"domain controller. A major advantage of this configuration is the ability to "
1140
"centralize user and machine credentials. Samba can also use multiple "
1141
"backends to store the user information."
1142
msgstr ""
1143
"ถึงแม้ว่าแซมบ้าไม่สามารถทำงานได้เหมือนกับเครื่องควบคุมโดเมนหลัก (Primary "
1144
"Domain Controller หรือ PDC) ใน Active Directory "
1145
"แต่แซมบ้าก็สามารถทำงานเสมือนเครื่องควบคุมโดเมนแบบวินโดว์ NT4 ได้ "
1146
"โดยประโยชน์หลักของการทำแบบนี้คือการมีที่เดียวที่เป็นศูนย์กลางในการจัดการบัญชี"
1147
"ผู้ใช้และเครื่องคอมพิวเตอร์ในเครือขาย "
1148
"นอกจากนั้นแซมบ้าสามารถใช้ฐานเก็บข้อมูลผู้ใช้ได้หลายแบบอีกด้วย"
1149
1150
#: serverguide/C/windows-networking.xml:753(title)
1151
msgid "Primary Domain Controller"
1152
msgstr "เครื่องควบคุมโดเมนหลัก"
1153
1154
#: serverguide/C/windows-networking.xml:755(para)
1155
msgid ""
1156
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1157
"using the default smbpasswd backend."
1158
msgstr ""
1159
"ในส่วนนี้จะอธิบายวิธีการตั้งค่าแซมบ้าเป็นเครื่องควบคุมโดเมนหลักหรือ Primary "
1160
"Domain Controller (PDC) โดยใช้ฐานข้อมูลแบบ smbpasswd "
1161
"ที่เป็นแบบเริ่มต้นของแซมบ้า"
1162
1163
#: serverguide/C/windows-networking.xml:762(para)
1164
msgid ""
1165
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1166
"the user accounts, by entering the following in a terminal prompt:"
1167
msgstr ""
1168
"ก่อนอื่นคุณต้องติดตั้งแซมบ้าและ <application>libpam-smbpass</application> "
1169
"เพื่อทำให้ข้อมูลผู้ใช้ของแซมบ้าและระบบตรงกันโดยพิมพ์คำสั่งดังนี้:"
1170
1171
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1172
msgid "sudo apt-get install samba libpam-smbpass"
1173
msgstr "sudo apt-get install samba libpam-smbpass"
1174
1175
#: serverguide/C/windows-networking.xml:774(para)
1176
msgid ""
1177
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1178
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1179
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1180
"should relate to your organization:"
1181
msgstr ""
1182
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> โดยเปลี่ยนโหมด "
1183
"<emphasis>security</emphasis> เป็น <emphasis role=\"italic\">user</emphasis> "
1184
" และเปลี่ยนชื่อ <emphasis>workgroup</emphasis> เป็นชื่อขององค์กรของคุณ:"
1185
1186
#: serverguide/C/windows-networking.xml:789(para)
1187
msgid ""
1188
"In the commented <quote>Domains</quote> section add or uncomment the "
1189
"following:"
1190
msgstr ""
1191
"ในส่วนของ <quote>Domains</quote> "
1192
"ที่ถูกคอมเม้นต์ไว้ในไฟล์ให้เพิ่มบรรทัดเหล่านี้ "
1193
"หรือจุเอาคอมเม้นต์ของบรรทัดเหล่านี้ออกก็ได้:"
1194
1195
#: serverguide/C/windows-networking.xml:793(programlisting)
1196
#, no-wrap
1197
msgid ""
1198
"\n"
1199
" domain logons = yes\n"
1200
" logon path = \\\\%N\\%U\\profile\n"
1201
" logon drive = H:\n"
1202
" logon home = \\\\%N\\%U\n"
1203
" logon script = logon.cmd\n"
1204
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1205
"/var/lib/samba -s /bin/false %u\n"
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:804(para)
1209
msgid ""
1210
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1211
"Samba to act as a domain controller."
1212
msgstr ""
1213
"<emphasis>domain logons:</emphasis> ให้บริการ netlogon "
1214
"ซึ่งทำให้แซมบ้าทำงานเป็นเครื่องควบคุมหลักของโดเมน"
1215
1216
#: serverguide/C/windows-networking.xml:809(para)
1217
msgid ""
1218
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1219
"their home directory. It is also possible to configure a "
1220
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1221
"directory."
1222
msgstr ""
1223
"<emphasis>logon path:</emphasis> "
1224
"เก็บโปรไฟล์ของผู้ใช้ในวินโดว์ไว้ในแฟ้มข้อมูลของผู้ใช้บนอูบุนตู (home "
1225
"directory) คุณสามารถแก้ไข <emphasis>[profiles]</emphasis> "
1226
"เพื่อให้ทุกโปรไฟล์อยู่ในแฟ้มข้อมูลเดียวกันได้"
1227
1228
#: serverguide/C/windows-networking.xml:815(para)
1229
msgid ""
1230
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1231
msgstr ""
1232
"<emphasis>logon drive:</emphasis> "
1233
"ระบุชื่อไดรฟ์ในวินโดว์ที่ชี้ไปหาแฟ้มข้อมูลของผู้ใช้บนอูบุนตู"
1234
1235
#: serverguide/C/windows-networking.xml:820(para)
1236
msgid ""
1237
"<emphasis>logon home:</emphasis> specifies the home directory location."
1238
msgstr ""
1239
"<emphasis>logon home:</emphasis> ระบุตำแหน่งของแฟ้มข้อมูลผู้ใช้บนอูบุนตู"
1240
1241
#: serverguide/C/windows-networking.xml:825(para)
1242
msgid ""
1243
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1244
"once a user has logged in. The script needs to be placed in the "
1245
"<emphasis>[netlogon]</emphasis> share."
1246
msgstr ""
1247
"<emphasis>logon script:</emphasis> "
1248
"ระบุสคริปต์ที่ทำงานที่เครื่องวินโดว์หลังจากผู้ใช้ได้ลงชื่อเข้าใช้ระบบ "
1249
"โดยสคริปต์นี้จะต้องอยู่ในแชร์ชื่อ <emphasis>[netlogon]</emphasis>"
1250
1251
#: serverguide/C/windows-networking.xml:831(para)
1252
msgid ""
1253
"<emphasis>add machine script:</emphasis> a script that will automatically "
1254
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1255
"workstation to join the domain."
1256
msgstr ""
1257
"<emphasis>add machine script:</emphasis> "
1258
"สคริปต์เพื่อสร้างบัญชีเครื่องคอมพิวเตอร์ลูกข่ายหรือ <emphasis>Machine Trust "
1259
"Account</emphasis> "
1260
"ที่จะต้องมีเพื่อให้เครื่องลูกข่ายเข้าร่วมกับโดเมนได้โดยอัตโนมัติ"
1261
1262
#: serverguide/C/windows-networking.xml:835(para)
1263
msgid ""
1264
"In this example the <emphasis>machines</emphasis> group will need to be "
1265
"created using the <application>addgroup</application> utility see <xref "
1266
"linkend=\"adding-deleting-users\"/> for details."
1267
msgstr ""
1268
"ในตัวอยางนี้กลุ่มชื่อ <emphasis>machines</emphasis> "
1269
"จะถูกสร้างโดยใช้เครื่องมือชื่อ <application>addgroup</application> กรุณาดู "
1270
"<xref linkend=\"adding-deleting-users\"/> "
1271
"สำหรับรายละเอียดเพิ่มเติมในการเพิ่มและลบผู้ใช้"
1272
1273
#: serverguide/C/windows-networking.xml:839(para)
1274
msgid ""
1275
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1276
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1277
"(and other admin functions) to work. This is achieved by executing:"
1278
msgstr ""
1279
1280
#: serverguide/C/windows-networking.xml:844(command)
1281
msgid ""
1282
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1283
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1284
"SeRemoteShutdownPrivilege"
1285
msgstr ""
1286
1287
#: serverguide/C/windows-networking.xml:851(para)
1288
msgid ""
1289
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1290
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1291
"commented."
1292
msgstr ""
1293
"ถ้าคุณไม่ต้องการจะใช้โปรไฟล์สัญจร (<emphasis>Roaming Profiles</emphasis>) "
1294
"ให้คอมเม้นต์ค่า <emphasis>logon home</emphasis> และ <emphasis>logon "
1295
"path</emphasis> เอาไว้"
1296
1297
#: serverguide/C/windows-networking.xml:860(para)
1298
msgid ""
1299
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1300
"role=\"italic\">logon home</emphasis> to be mapped:"
1301
msgstr ""
1302
"ให้เอาคอมเม้นต์ของแชร์ชื่อ <emphasis>[homes]</emphasis> "
1303
"ออกเพื่ออนุญาติให้วินโดว์สามารถ map <emphasis role=\"italic\">logon "
1304
"home</emphasis> ได้"
1305
1306
#: serverguide/C/windows-networking.xml:865(programlisting)
1307
#, no-wrap
1308
msgid ""
1309
"\n"
1310
"[homes]\n"
1311
" comment = Home Directories\n"
1312
" browseable = no\n"
1313
" read only = no\n"
1314
" create mask = 0700\n"
1315
" directory mask = 0700\n"
1316
" valid users = %S\n"
1317
msgstr ""
1318
"\n"
1319
"[homes]\n"
1320
" comment = Home Directories\n"
1321
" browseable = no\n"
1322
" read only = no\n"
1323
" create mask = 0700\n"
1324
" directory mask = 0700\n"
1325
" valid users = %S\n"
1326
1327
#: serverguide/C/windows-networking.xml:878(para)
1328
msgid ""
1329
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1330
"share needs to be configured. To enable the share, uncomment:"
1331
msgstr ""
1332
"เมื่อคุณตั้งค่าแซมบ้าเป็นเครื่องควบคุมหลักของโดเมน คุณจะต้องสร้างแชร์ชื่อ "
1333
"<emphasis>[netlogon]</emphasis> "
1334
"โดยให้เอาคอมเม้นต์ของบรรทัดนี้ออกเพื่อให้แชร์ทำงานได้:"
1335
1336
#: serverguide/C/windows-networking.xml:883(programlisting)
1337
#, no-wrap
1338
msgid ""
1339
"\n"
1340
"[netlogon]\n"
1341
" comment = Network Logon Service\n"
1342
" path = /srv/samba/netlogon\n"
1343
" guest ok = yes\n"
1344
" read only = yes\n"
1345
" share modes = no\n"
1346
msgstr ""
1347
"\n"
1348
"[netlogon]\n"
1349
" comment = Network Logon Service\n"
1350
" path = /srv/samba/netlogon\n"
1351
" guest ok = yes\n"
1352
" read only = yes\n"
1353
" share modes = no\n"
1354
1355
#: serverguide/C/windows-networking.xml:893(para)
1356
msgid ""
1357
"The original <emphasis>netlogon</emphasis> share path is "
1358
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1359
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1360
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1361
"location for site-specific data provided by the system."
1362
msgstr ""
1363
"แซมบ้าตั้งค่าของแชร์ <emphasis>netlogon</emphasis> ไปที่ "
1364
"<filename>/home/samba/netlogon</filename> โดยอัตโนมัติ "
1365
"แต่ถ้าคุณจะอ้างอิงตาม Filesystem Hierarchy Standard (FHS) "
1366
"ให้เปลี่ยนการตั้งค่าให้ชี้ไปที่ <ulink "
1367
"url=\"http://www.pathname.com/fhs/pub/fhs-"
1368
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> แทน"
1369
1370
#: serverguide/C/windows-networking.xml:904(para)
1371
msgid ""
1372
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1373
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1374
msgstr ""
1375
"จากนั้นให้สร้างแฟ้มข้อมูลสำหรับ <filename "
1376
"role=\"directory\">netlogon</filename> และไฟล์ว่างๆที่ยังไม่มีเนื้อหา "
1377
"(สำหรับตอนนี้) ชื่อ <filename>logon.cmd</filename> :"
1378
1379
#: serverguide/C/windows-networking.xml:910(command)
1380
msgid "sudo mkdir -p /srv/samba/netlogon"
1381
msgstr "sudo mkdir -p /srv/samba/netlogon"
1382
1383
#: serverguide/C/windows-networking.xml:911(command)
1384
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1385
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1386
1387
#: serverguide/C/windows-networking.xml:914(para)
1388
msgid ""
1389
"You can enter any normal Windows logon script commands in "
1390
"<filename>logon.cmd</filename> to customize the client's environment."
1391
msgstr ""
1392
"คุณสามารถใส่คำสั่งของวินโดว์ที่จะทำงานเมื่อผู้ใช้เข้าใช้ระบบในไฟล์ "
1393
"<filename>logon.cmd</filename> "
1394
"นี้เพื่อปรับค่าของเครื่องลูกข่ายตามที่คุณต้องการ"
1395
1396
#: serverguide/C/windows-networking.xml:922(para)
1397
msgid ""
1398
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1399
"workstation to the domain, a system group needs to be mapped to the Windows "
1400
"<emphasis>Domain Admins</emphasis> group. Using the "
1401
"<application>net</application> utility, from a terminal enter:"
1402
msgstr ""
1403
"เนื่องจากว่าผู้ใช้ <emphasis>root</emphasis> "
1404
"นั้นถูกป้องกันไม่ให้ถูกใช้งานโดยอัตโนมัติ "
1405
"คุณจะต้องสร้างความสัมพันธ์ระหว่างกลุ่มของผู้ดูแลโดเมนในอูบุนตูกับกลุ่มของผู้ด"
1406
"ูแลโดเมนในวินโดว์ (<emphasis>Domain Admins</emphasis>) โดยใช้คำสั่ง "
1407
"<application>net</application> ดังนี้:"
1408
1409
#: serverguide/C/windows-networking.xml:929(command)
1410
msgid ""
1411
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1412
"type=d"
1413
msgstr ""
1414
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1415
"type=d"
1416
1417
#: serverguide/C/windows-networking.xml:933(para)
1418
msgid ""
1419
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1420
"prefer. Also, the user used to join the domain needs to be a member of the "
1421
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1422
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1423
"allows <application>sudo</application> use."
1424
msgstr ""
1425
"เปลี่ยนชื่อกลุ่มจาก <emphasis "
1426
"role=\"italic\">sysadmin</emphasis>เป็นชื่อที่คุณต้องการ "
1427
"ผู้ใช้ที่คุณใช้เมื่อทำให้เครื่องลูกข่ายเข้าร่วมกับโดเมนนั้นจะต้องเป็นผู้ใช้ที"
1428
"่อยู่ในกลุ่ม <emphasis>sysadmin</emphasis> และกลุ่ม "
1429
"<emphasis>admin</emphasis> เพราะว่ากลุ่ม <emphasis>admin</emphasis> "
1430
"อนุญาติให้ใช้โปรแกรม <application>sudo</application> ได้"
1431
1432
#: serverguide/C/windows-networking.xml:944(para)
1433
msgid "Finally, restart Samba to enable the new domain controller:"
1434
msgstr ""
1435
"จากนั้นให้เริ่มโปรแกรมแซมบ้าใหม่เพื่อให้แซมบ้าทำงานเป็นเครื่องควบคุมหลักของโด"
1436
"เมน"
1437
1438
#: serverguide/C/windows-networking.xml:956(para)
1439
msgid ""
1440
"You should now be able to join Windows clients to the Domain in the same "
1441
"manner as joining them to an NT4 domain running on a Windows server."
1442
msgstr ""
1443
"หลังจากเริ่มโปรแกรมแซมบ้า "
1444
"คุณน่าจะสามารถให้เครื่องลูกข่ายวินโดว์เข้าร่วมโดเมนเหมือนๆกับที่คุณทำในโดเมน "
1445
"NT4 ได้แล้ว"
1446
1447
#: serverguide/C/windows-networking.xml:966(title)
1448
msgid "Backup Domain Controller"
1449
msgstr "เครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
1450
1451
#: serverguide/C/windows-networking.xml:968(para)
1452
msgid ""
1453
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1454
"Backup Domain Controller (BDC) as well. This will allow clients to "
1455
"authenticate in case the PDC becomes unavailable."
1456
msgstr ""
1457
"เราแนะนำให้คุณติดตั้งเครื่องควบคุมโดเมนสำรองหรือ Backup Domain Controller "
1458
"(BDC) เพิ่มกรณีที่คุณมีเครื่องควบคุมโดเมนหลัก (PDC) อยู่ในเครือข่าย "
1459
"เนื่องจากว่าเครื่องลูกข่ายยังจะสามารถลงชื่อเข้าใช้เครือข่ายได้ถึงแม้ว่าเครื่อ"
1460
"งควบคุมโดเมนหลักจะเสียไม่สามารถให้บริการได้"
1461
1462
#: serverguide/C/windows-networking.xml:973(para)
1463
msgid ""
1464
"When configuring Samba as a BDC you need a way to sync account information "
1465
"with the PDC. There are multiple ways of accomplishing this "
1466
"<application>scp</application>, <application>rsync</application>, or by "
1467
"using <application>LDAP</application> as the <emphasis>passdb "
1468
"backend</emphasis>."
1469
msgstr ""
1470
"สำหรับการตั้งค่าแซมบ้าเป็น BDC "
1471
"นั้นคุณจะต้องมีวิธีที่จะคัดลอกข้อมูลเกี่ยวกับบัญชีต่างๆระหว่าง PDC และ BDC "
1472
"ซึ่งคุณสามารถทำได้หลายวิธีเช่นใช้ <application>scp</application>, "
1473
"<application>rsync</application> หรือจะใช้ <application>LDAP</application> "
1474
"เป็น <emphasis>passdb backend</emphasis> ก็ได้"
1475
1476
#: serverguide/C/windows-networking.xml:979(para)
1477
msgid ""
1478
"Using LDAP is the most robust way to sync account information, because both "
1479
"domain controllers can use the same information in real time. However, "
1480
"setting up a LDAP server may be overly complicated for a small number of "
1481
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1482
msgstr ""
1483
"การใช้ LDAP "
1484
"เป็นวิธีที่ดีที่สุดในการคัดลอกข้อมูลบัญชีเนื่องจากว่าข้อมูลในเครื่องควบคุมโดเ"
1485
"มนทั้งสองจะถ่ายโอนข้อมูลระหว่างกันทันทีเมื่อมีการเปลี่ยนแปลง "
1486
"แต่ว่าการติดตั้งเซิร์ฟเวอร์ LDAP "
1487
"ก็เป็นอะไรที่อาจจะซับซ้อนเกินความจำเป็นสำหรับเครือข่ายที่มีจำนวนผู้ใช้และเครื"
1488
"่องคอมพิวเตอร์ไม่เยอะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
1489
"linkend=\"samba-ldap\"/>"
1490
1491
#: serverguide/C/windows-networking.xml:988(para)
1492
msgid ""
1493
"First, install <application>samba</application> and <application>libpam-"
1494
"smbpass</application>. From a terminal enter:"
1495
msgstr ""
1496
"ก่อนอื่น คุณต้องติดตั้งโปรแกรม <application>samba</application> และ "
1497
"<application>libpam-smbpass</application> โดยพิมพ์คำสั่ง:"
1498
1499
#: serverguide/C/windows-networking.xml:999(para)
1500
msgid ""
1501
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1502
"following in the <emphasis>[global]</emphasis>:"
1503
msgstr ""
1504
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
1505
"และเอาคอมเม้นต์ของบรรทัดเหล่านี้ในหมวด <emphasis>[global]</emphasis> ออก:"
1506
1507
#: serverguide/C/windows-networking.xml:1012(para)
1508
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1509
msgstr ""
1510
"ในหมวด <emphasis>Domains</emphasis> ที่ถูกคอมเม้นต์อยู่ ให้เอาคอมเม้นต์ออก "
1511
"หรือจะเพิ่มบรรทัดเหล่านี้ก็ได้:"
1512
1513
#: serverguide/C/windows-networking.xml:1016(programlisting)
1514
#, no-wrap
1515
msgid ""
1516
"\n"
1517
" domain logons = yes\n"
1518
" domain master = no\n"
1519
msgstr ""
1520
"\n"
1521
" domain logons = yes\n"
1522
" domain master = no\n"
1523
1524
#: serverguide/C/windows-networking.xml:1024(para)
1525
msgid ""
1526
"Make sure a user has rights to read the files in "
1527
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1528
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1529
"files, enter:"
1530
msgstr ""
1531
"อย่าลืมตรวจสอบให้แน่ใจว่าผู้ใช้มีสิทธิ์ในการอ่านไฟล์ใน "
1532
"<filename>/var/lib/samba</filename> ด้วย ยกตัวอย่างเช่น "
1533
"ถ้าคุณต้องการอนุญาติให้ผู้ใช้ในกลุ่ม <emphasis>admin</emphasis> ใช้โปรแกรม "
1534
"<application>scp</application> กับไฟล์ได้ ให้พิมพ์คำสั่ง:"
1535
1536
#: serverguide/C/windows-networking.xml:1030(command)
1537
msgid "sudo chgrp -R admin /var/lib/samba"
1538
msgstr "sudo chgrp -R admin /var/lib/samba"
1539
1540
#: serverguide/C/windows-networking.xml:1036(para)
1541
msgid ""
1542
"Next, sync the user accounts, using <application>scp</application> to copy "
1543
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1544
msgstr ""
1545
"จากนั้นให้ทำการคัดลอกบัญชีผู้ใช้โดยใช้ <application>scp</application> "
1546
"เพื่อคัดลอกแฟ้มข้อมูล <filename>/var/lib/samba</filename> "
1547
"จากเครื่องควบคุมโดเมนหลัก (PDC):"
1548
1549
#: serverguide/C/windows-networking.xml:1042(command)
1550
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1551
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1552
1553
#: serverguide/C/windows-networking.xml:1046(para)
1554
msgid ""
1555
"Replace <emphasis>username</emphasis> with a valid username and "
1556
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1557
msgstr ""
1558
"แทนที่ <emphasis>username</emphasis> ด้วยชื่อผู้ใช้และ "
1559
"<emphasis>pdc</emphasis> ด้วยชื่อเครื่องหรือเลขที่ IP ของเครื่อง PDC ของคุณ"
1560
1561
#: serverguide/C/windows-networking.xml:1055(para)
1562
msgid "Finally, restart <application>samba</application>:"
1563
msgstr "จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> ใหม่"
1564
1565
#: serverguide/C/windows-networking.xml:1067(para)
1566
msgid ""
1567
"You can test that your Backup Domain controller is working by stopping the "
1568
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1569
"the domain."
1570
msgstr ""
1571
"คุณสามารถทดสอบได้ว่าเครื่องควบคุมโดเมนสำรองทำงานได้อย่างถูกต้องโดยการปิดโปรแก"
1572
"รมแซมบ้าบนเครื่องหลัก (PDC) "
1573
"จากนั้นก็ลองลงชื่อเข้าใช้จากเครื่องลูกข่ายวินโดว์ของคุณที่อยู่ในโดเมน"
1574
1575
#: serverguide/C/windows-networking.xml:1072(para)
1576
msgid ""
1577
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1578
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1579
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1580
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1581
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1582
msgstr ""
1583
"อีกอย่างหนึ่งที่คุณต้องคำนึงก็คือถ้าคุณได้ตั้งค่า <emphasis>logon "
1584
"home</emphasis> ที่ชี้ไปที่แฟ้มข้อมูลบนเครื่อง PDC และเครื่อง PDC "
1585
"เกิดเสียหรือไม่สามารถให้บริการได้ขึ้นมา คุณจะไม่สามารถเข้าใช้งานไดรฟ์ "
1586
"<emphasis>Home</emphasis> ของผู้ใช้ได้เช่นกัน "
1587
"ด้วยเหตุนี้เราแนะนำให้คุณเก็บแฟ้มที่เป็น <emphasis>logon home</emphasis> "
1588
"ไว้บนเครื่องที่เป็นไฟล์เซิร์ฟเวอร์อื่นที่ไม่ใช่เครื่อง PDC และ BDC"
1589
1590
#: serverguide/C/windows-networking.xml:1102(para)
1591
msgid ""
1592
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1593
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1594
"up a Primary Domain Controller."
1595
msgstr ""
1596
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1597
"pdc.html\">บทที่ 4</ulink> ของ Samba HOWTO Collection "
1598
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนหลัก (Primary Domain Controller)"
1599
1600
#: serverguide/C/windows-networking.xml:1108(para)
1601
msgid ""
1602
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1603
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1604
"explains setting up a Backup Domain Controller."
1605
msgstr ""
1606
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1607
"Collection/samba-bdc.html\">บทที่ 5</ulink> ของ Samba HOWTO Collection "
1608
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
1609
1610
#: serverguide/C/windows-networking.xml:1123(title)
1611
msgid "Samba Active Directory Integration"
1612
msgstr "การใช้งานแซมบ้าร่วมกับ Active Directory"
1613
1614
#: serverguide/C/windows-networking.xml:1126(title)
1615
msgid "Accessing a Samba Share"
1616
msgstr "การเข้าใช้งานแชร์ของแซมบ้า"
1617
1618
#: serverguide/C/windows-networking.xml:1128(para)
1619
msgid ""
1620
"Another, use for Samba is to integrate into an existing Windows network. "
1621
"Once part of an Active Directory domain, Samba can provide file and print "
1622
"services to AD users."
1623
msgstr ""
1624
"การใช้งานแซมบ้าอีกแบบนึงก็คือการเข้าไปทำงานเป็นส่วนหนึ่งของเครือข่ายวินโดว์ที"
1625
"่มีอยู่ เมื่อแซมบ้าได้เป็นส่วนหนึ่งของโดเมน Active Directory "
1626
"แล้วแซมบ้าสามารถให้บริการแชร์ไฟล์และเครื่องพิมพ์กับผู้ใช้ในโดเมนได้"
1627
1628
#: serverguide/C/windows-networking.xml:1133(para)
1629
msgid ""
1630
"The simplest way to join an AD domain is to use <application>Likewise-"
1631
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1632
"open\"/>."
1633
msgstr ""
1634
"วิธีที่ง่ายที่สุดในการเข้าร่วมกับโดเมน AD ก็คือใช้โปรแกรม "
1635
"<application>Likewise-open</application> "
1636
"สำหรับคำแนะนำอย่างละเอียดกรุณาดูที่ <xref linkend=\"likewise-open\"/>"
1637
1638
#: serverguide/C/windows-networking.xml:1138(para)
1639
msgid ""
1640
"Once part of the domain, enter the following command in the terminal prompt:"
1641
msgstr ""
1642
1643
#: serverguide/C/windows-networking.xml:1143(command)
1644
msgid "sudo apt-get install samba smbfs smbclient"
1645
msgstr "sudo apt-get install samba smbfs smbclient"
1646
1647
#: serverguide/C/windows-networking.xml:1146(para)
1648
msgid ""
1649
"Since the <application>likewise-open</application> and "
1650
"<application>samba</application> packages use separate "
1651
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1652
"<filename role=\"directory\">/var/lib/samba</filename>:"
1653
msgstr ""
1654
"และเนื่องจากว่าโปรแกรม <application>likewise-open</application> และโปรแกรม "
1655
"<application>แซมบ้า</application> ใช้ไฟล์ <filename>secrets.tdb</filename> "
1656
"คนละไฟล์ คุณต้องสร้าง symlink ในแฟ้มข้อมูล <filename "
1657
"role=\"directory\">/var/lib/samba</filename> โดยพิมพ์คำสั่ง:"
1658
1659
#: serverguide/C/windows-networking.xml:1152(command)
1660
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1661
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1662
1663
#: serverguide/C/windows-networking.xml:1153(command)
1664
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1665
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1666
1667
#: serverguide/C/windows-networking.xml:1156(para)
1668
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1669
msgstr ""
1670
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
1671
"โดยเปลี่ยนดังนี้:"
1672
1673
#: serverguide/C/windows-networking.xml:1160(programlisting)
1674
#, no-wrap
1675
msgid ""
1676
"\n"
1677
" workgroup = EXAMPLE\n"
1678
" ...\n"
1679
" security = ads\n"
1680
" realm = EXAMPLE.COM\n"
1681
" ...\n"
1682
" idmap backend = lwopen\n"
1683
" idmap uid = 50-9999999999\n"
1684
" idmap gid = 50-9999999999\n"
1685
msgstr ""
1686
"\n"
1687
" workgroup = EXAMPLE\n"
1688
" ...\n"
1689
" security = ads\n"
1690
" realm = EXAMPLE.COM\n"
1691
" ...\n"
1692
" idmap backend = lwopen\n"
1693
" idmap uid = 50-9999999999\n"
1694
" idmap gid = 50-9999999999\n"
1695
1696
#: serverguide/C/windows-networking.xml:1171(para)
1697
msgid ""
1698
"Restart <application>samba</application> for the new settings to take effect:"
1699
msgstr ""
1700
"จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> "
1701
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
1702
1703
#: serverguide/C/windows-networking.xml:1180(para)
1704
msgid ""
1705
"You should now be able to access any <application>Samba</application> shares "
1706
"from a Windows client. However, be sure to give the appropriate AD users or "
1707
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1708
"security\"/> for more details."
1709
msgstr ""
1710
"หลังจากเริ่มโปรแกรมแซมบ้าใหม่ คุณควรที่จะใช้แชร์จาก "
1711
"<application>แซมบ้า</application> ได้จากเครื่องลูกข่ายวินโดว์ "
1712
"อย่างไรก็ตามอย่าลืมตรวจสอบว่าคุณได้ให้สิทธิ์ผู้ใช้หรือกลุ่มผู้ใช้ใน AD "
1713
"ในการเข้าใช้งานแชร์ในแซมบ้าด้วยล่ะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
1714
"linkend=\"samba-fileprint-security\"/>"
1715
1716
#: serverguide/C/windows-networking.xml:1188(title)
1717
msgid "Accessing a Windows Share"
1718
msgstr "การเข้าใช้งานแชร์ในวินโดว์"
1719
1720
#: serverguide/C/windows-networking.xml:1190(para)
1721
msgid ""
1722
"Now that the Samba server is part of the Active Directory domain you can "
1723
"access any Windows server shares:"
1724
msgstr ""
1725
"เครื่องเซิร์ฟเวอร์แซมบ้าที่เป็นส่วนหนึ่งของโดเมน Active Directory "
1726
"สามารถใช้งานแชร์ของเครื่องเซิร์ฟเวอร์ที่ทำงานบนระบบวินโดว์ได้:"
1727
1728
#: serverguide/C/windows-networking.xml:1197(para)
1729
msgid ""
1730
"To mount a Windows file share enter the following in a terminal prompt:"
1731
msgstr "คุณสามารถ mount แชร์ในวินโดว์ได้โดยพิมพ์คำสั่ง:"
1732
1733
#: serverguide/C/windows-networking.xml:1201(command)
1734
msgid "mount.cifs //fs01.example.com/share mount_point"
1735
msgstr "mount.cifs //fs01.example.com/share mount_point"
1736
1737
#: serverguide/C/windows-networking.xml:1204(para)
1738
msgid ""
1739
"It is also possible to access shares on computers not part of an AD domain, "
1740
"but a username and password will need to be provided."
1741
msgstr ""
1742
"นอกจากนั้นคุณยังสามารถใช้งานแชร์บนเครื่องคอมพิวเตอร์ที่ไม่ได้อยู่ในโดเมน AD "
1743
"ด้วยเช่นกัน แต่คุณต้องระบุชื่อผู้ใช้และรหัสผ่านสำหรับใช้งานด้วย"
1744
1745
#: serverguide/C/windows-networking.xml:1212(para)
1746
msgid ""
1747
"To mount the share during boot place an entry in "
1748
"<filename>/etc/fstab</filename>, for example:"
1749
msgstr ""
1750
"ถ้าคุณต้องการ mount แชร์เมื่อเปิดเครื่อง ให้ใส่รายการในไฟล์ "
1751
"<filename>/etc/fstab</filename> เช่น:"
1752
1753
#: serverguide/C/windows-networking.xml:1216(programlisting)
1754
#, no-wrap
1755
msgid ""
1756
"\n"
1757
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1758
"0 0\n"
1759
msgstr ""
1760
"\n"
1761
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1762
"0 0\n"
1763
1764
#: serverguide/C/windows-networking.xml:1223(para)
1765
msgid ""
1766
"Another way to copy files from a Windows server is to use the "
1767
"<application>smbclient</application> utility. To list the files in a Windows "
1768
"share:"
1769
msgstr ""
1770
"อีกวิธีที่คุณสามารถคัดลอกไฟล์จากเครื่องเซิร์ฟเวอร์วินโดว์คือการใช้โปรแกรม "
1771
"<application>smbclient</application> "
1772
"คุณสามารถแสดงรายชื่อของไฟล์ที่อยู่ในแชร์ของวินโดว์ได้โดยพิมพ์คำสั่ง:"
1773
1774
#: serverguide/C/windows-networking.xml:1229(command)
1775
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1776
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1777
1778
#: serverguide/C/windows-networking.xml:1235(para)
1779
msgid "To copy a file from the share, enter:"
1780
msgstr "ถ้าต้องการคัดลอกไฟล์จากแชร์ให้พิมพ์:"
1781
1782
#: serverguide/C/windows-networking.xml:1240(command)
1783
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1784
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1785
1786
#: serverguide/C/windows-networking.xml:1243(para)
1787
msgid ""
1788
"This will copy the <filename>file.txt</filename> into the current directory."
1789
msgstr ""
1790
"คำสั่งนี้จะคัดลอกไฟล์ชื่อ <filename>file.txt</filename> "
1791
"ไปที่แฟ้มข้อมูลปัจจุบัน"
1792
1793
#: serverguide/C/windows-networking.xml:1250(para)
1794
msgid "And to copy a file to the share:"
1795
msgstr "และถ้าคุณต้องการคัดลอกไฟล์ไปไว้ที่แชร์ก็พิมพ์:"
1796
1797
#: serverguide/C/windows-networking.xml:1255(command)
1798
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1799
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1800
1801
#: serverguide/C/windows-networking.xml:1258(para)
1802
msgid ""
1803
"This will copy the <filename>/etc/hosts</filename> to "
1804
"<filename>//fs01.example.com/share/hosts</filename>."
1805
msgstr ""
1806
1807
#: serverguide/C/windows-networking.xml:1265(para)
1808
msgid ""
1809
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1810
"<application>smbclient</application> command all at once. This is useful for "
1811
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1812
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1813
"and directory commands, simply execute:"
1814
msgstr ""
1815
"การใช้ตัวเลือก <emphasis>c</emphasis> ด้านบนทำให้คุณสามารถใช้คำสั่ง "
1816
"<application>smbclient</application> ได้ทีเดียวในหนึ่งคำสั่งเลย "
1817
"ซึ่งก็เป็นประโยชน์สำหรับการเขียนสคริปต์หรือทำงานทั่วๆไปกับไฟล์ได้ "
1818
"แต่ถ้าคุณต้องการใช้งานพร๊อมต์ (prompt) <emphasis>smb:\\></emphasis> "
1819
"ซึ่งเป็นพร๊อมต์คล้ายๆ FTP ที่คุณสามารถพิมพ์คำสั่งต่างๆกับไฟล์และแฟ้มข้อมูล "
1820
"คุณต้องพิมพ์:"
1821
1822
#: serverguide/C/windows-networking.xml:1272(command)
1823
msgid "smbclient //fs01.example.com/share -k"
1824
msgstr "smbclient //fs01.example.com/share -k"
1825
1826
#: serverguide/C/windows-networking.xml:1279(para)
1827
msgid ""
1828
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1829
"<emphasis>//192.168.0.5/share</emphasis>, "
1830
"<emphasis>username=steve,password=secret</emphasis>, and "
1831
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1832
"file name, and an actual username and password with rights to the share."
1833
msgstr ""
1834
"เปลี่ยน <emphasis>fs01.example.com/share</emphasis>, "
1835
"<emphasis>//192.168.0.5/share</emphasis>, "
1836
"<emphasis>username=steve,password=secret</emphasis> และ "
1837
"<emphasis>file.txt</emphasis> เป็นเลขที่ IP ของเครื่องเซิร์ฟเวอร์คุณ, "
1838
"ชื่อของเครื่องเซิร์ฟเวอร์, ชื่อไฟล์, "
1839
"และชื่อของผู้ใช้และรหัสผ่านที่มีสิทธิ์ในการใช้งานแชร์นั้นๆได้"
1840
1841
#: serverguide/C/windows-networking.xml:1290(para)
1842
msgid ""
1843
"For more <application>smbclient</application> options see the man page: "
1844
"<command>man smbclient</command>, also available <ulink "
1845
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1846
">online</ulink>."
1847
msgstr ""
1848
1849
#: serverguide/C/windows-networking.xml:1295(para)
1850
msgid ""
1851
"The <application>mount.cifs</application><ulink "
1852
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1853
"\">man page</ulink> is also useful for more detailed information."
1854
msgstr ""
1855
1856
#: serverguide/C/windows-networking.xml:1308(title)
1857
msgid "Likewise Open"
1858
msgstr "Likewise Open"
1859
1860
#: serverguide/C/windows-networking.xml:1310(para)
1861
msgid ""
1862
"<application>Likewise Open</application> simplifies the necessary "
1863
"configuration needed to authenticate a Linux machine to an Active Directory "
1864
"domain. Based on <application>winbind</application>, the "
1865
"<application>likewise-open</application> package takes the pain out of "
1866
"integrating Ubuntu authentication into an existing Windows network."
1867
msgstr ""
1868
"<application>Likewise Open</application> "
1869
"ทำให้การตั้งค่าต่างๆเพื่อให้เครื่องลีนุกซ์เข้าร่วมกับโดเมน Active Directory "
1870
"ง่ายดายยิ่งขึ้น ด้วยการใช้โปรแกรม <application>winbind</application> "
1871
"ชุดโปรแกรม <application>likewise-open</application> "
1872
"จะช่วยลดความปวดหัวที่อาจเกิดจากการทำให้เครื่องอูบุนตูของคุณลงชื่อเข้าใช้ระบบใ"
1873
"นเครือข่ายวินโดว์ที่มีอยู่ได้แล้วอย่างมาก"
1874
1875
#: serverguide/C/windows-networking.xml:1319(para)
1876
msgid ""
1877
"There are two ways to use Likewise Open, <application>likewise-"
1878
"open</application> the command line utility and <application>likewise-open-"
1879
"gui</application>. This section focuses on the command line utility."
1880
msgstr ""
1881
"มีสองวิธีที่คุณสามารถใช้ <application>Likewise Open</application> "
1882
"ได้นั่นก็คือผ่านโปรแกรม command line อย่าง <application>likewise-"
1883
"open</application> หรือผ่านหน้าจอด้วย <application>likewise-open-"
1884
"gui</application> บทความส่วนนี้จะเน้นที่การใช้งานโปรแกรม command line"
1885
1886
#: serverguide/C/windows-networking.xml:1324(para)
1887
msgid ""
1888
"To install the <application>likewise-open</application> package, open a "
1889
"terminal prompt and enter:"
1890
msgstr ""
1891
"คุณสามารถติดตั้ง <application>likewise-open</application> ได้โดยการเปิด "
1892
"terminal และพิมพ์:"
1893
1894
#: serverguide/C/windows-networking.xml:1329(command)
1895
msgid "sudo apt-get install likewise-open"
1896
msgstr "sudo apt-get install likewise-open"
1897
1898
#: serverguide/C/windows-networking.xml:1334(title)
1899
msgid "Joining a Domain"
1900
msgstr "การเข้าร่วมกับโดเมน"
1901
1902
#: serverguide/C/windows-networking.xml:1336(para)
1903
msgid ""
1904
"The main executable file of the <application>likewise-open</application> "
1905
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1906
"join your computer to the domain. Before you join a domain you will need to "
1907
"make sure you have:"
1908
msgstr ""
1909
1910
#: serverguide/C/windows-networking.xml:1344(para)
1911
msgid ""
1912
"Access to an Active Directory user with appropriate rights to join the "
1913
"domain."
1914
msgstr ""
1915
"คุณมีชื่อผู้ใช้ใน Active Directory "
1916
"ที่มีสิทธ์ในการอนุญาติให้เครื่องคอมพิวเตอร์เข้าร่วมกับโดเมนได้"
1917
1918
#: serverguide/C/windows-networking.xml:1349(para)
1919
msgid ""
1920
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1921
"you want to join. If your AD domain does not match a valid domain such as "
1922
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1923
"the form of <emphasis>domainname.local</emphasis>."
1924
msgstr ""
1925
"ชื่อเต็มของโดเมนหรือ <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) "
1926
"ที่คุณต้องการเข้าร่วมด้วย ถ้าโดเมน AD ของคุณไม่ได้มีชื่อแบบทั่วไปเช่น "
1927
"<emphasis role=\"italic\">example.com</emphasis> "
1928
"อาจเป็นไปได้ว่าชื่อของโดเมนคุณอยู่ในรูปแบบของ "
1929
"<emphasis>domainname.local</emphasis> แทน"
1930
1931
#: serverguide/C/windows-networking.xml:1356(para)
1932
msgid ""
1933
"DNS for the domain setup properly. In a production AD environment this "
1934
"should be the case. Proper Microsoft DNS is needed so that client "
1935
"workstations can determine the Active Directory domain is available."
1936
msgstr ""
1937
"DNS ในโดเมนของคุณทำงานได้อย่างถูกต้อง "
1938
"ในเน็ตเวิร์กที่ใช้งานจริงกรณีนี้มักไม่เป็นปัญหาเพราะว่า DNS "
1939
"ใช้งานได้อยู่แล้ว DNS "
1940
"เป็นสิ่งที่จำเป็นเนื่องจากว่าเครื่องลูกข่ายจะต้องระบุได้ว่ามีโดเมน Active "
1941
"Directory อยู่หรือเปล่า"
1942
1943
#: serverguide/C/windows-networking.xml:1360(para)
1944
msgid ""
1945
"If you don't have a Windows DNS server on your network, see <xref "
1946
"linkend=\"likewise-open-ms-dns\"/> for details."
1947
msgstr ""
1948
"ถ้าคุณไม่มีเครื่อง DNS เซิร์ฟเวอร์ของวินโดว์ในเครือข่ายกรุณาอ่าน <xref "
1949
"linkend=\"likewise-open-ms-dns\"/> สำหรับรายละเอียดเพิ่มเติม"
1950
1951
#: serverguide/C/windows-networking.xml:1367(para)
1952
msgid "To join a domain, from a terminal prompt enter:"
1953
msgstr "สำหรับการเข้าร่วมกับโดเมน ให้พิมพ์คำสั่ง:"
1954
1955
#: serverguide/C/windows-networking.xml:1372(command)
1956
msgid "sudo domainjoin-cli join example.com Administrator"
1957
msgstr "sudo domainjoin-cli join example.com Administrator"
1958
1959
#: serverguide/C/windows-networking.xml:1376(para)
1960
msgid ""
1961
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1962
"<emphasis>Administrator</emphasis> with the appropriate user name."
1963
msgstr ""
1964
"แทนที่ <emphasis>example.com</emphasis> ด้วยชื่อโดเมนของคุณ และ "
1965
"<emphasis>Administrator</emphasis> ด้วยชื่อผู้ใช้ที่เหมาะสม"
1966
1967
#: serverguide/C/windows-networking.xml:1382(para)
1968
msgid ""
1969
"You will then be prompted for the user's password. If all goes well a "
1970
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1971
msgstr ""
1972
"จากนั้นคุณจะต้องใส่รหัสผ่าน ซึ่งถ้าใส่ถูกต้องคุณจะเห็นข้อความ "
1973
"<emphasis>SUCCESS</emphasis>บนหน้าจอ"
1974
1975
#: serverguide/C/windows-networking.xml:1388(para)
1976
msgid ""
1977
"After joining the domain, it is necessary to reboot before attempting to "
1978
"authenticate against the domain."
1979
msgstr ""
1980
1981
#: serverguide/C/windows-networking.xml:1394(para)
1982
msgid ""
1983
"After successfully joining an Ubuntu machine to an Active Directory domain "
1984
"you can authenticate using any valid AD user. To login you will need to "
1985
"enter the user name as 'domain\\username'. For example to ssh to a server "
1986
"joined to the domain enter:"
1987
msgstr ""
1988
"หลังจากเครื่องอูบุนตูของคุณเข้าร่วมกับโดเมนได้สำเร็จ "
1989
"คุณจะสามารถลงชื่อเข้าใช้จากเครื่องคุณได้โดยใช้ชื่อผู้ใช้ได้ๆก็ได้ที่อยู่ใน "
1990
"AD โดยพิมพ์ชื่อผู้ใช้ในรูปแบบ 'โดเมน\\ชื่อผู้ใช้' "
1991
"ยกตัวอย่างเช่นถ้าคุณต้องการต่อ ssh ไปที่เซิร์ฟเวอร์ที่อยู่ในโดเมน ให้พิมพ์:"
1992
1993
#: serverguide/C/windows-networking.xml:1401(command)
1994
msgid "ssh 'example\\steve'@hostname"
1995
msgstr "ssh 'example\\steve'@hostname"
1996
1997
#: serverguide/C/windows-networking.xml:1405(para)
1998
msgid ""
1999
"If configuring a Desktop the user name will need to be prefixed with "
2000
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
2001
msgstr ""
2002
"ถ้าคุณใช้งานบนเครื่องเดสก์ท๊อป (Desktop) ที่มีระบบลงชื่อเข้าใช้แบบกราฟฟิค "
2003
"(graphical) คุณต้องนำหน้าชื่อผู้ใช้ด้วยชื่อของโดเมนเช่น <emphasis "
2004
"role=\"italic\">โดเมน\\</emphasis> เช่นกัน"
2005
2006
#: serverguide/C/windows-networking.xml:1411(para)
2007
msgid ""
2008
"To make likewise-open use a default domain, you can add the following "
2009
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
2010
msgstr ""
2011
"เพื่อที่จะทำให้ likewise-open ใช้โดเมนมาตรฐาน "
2012
"คุณสามารถเพิ่มบรรทัดต่อไปนี้ในไฟล์ "
2013
"<filename>/etc/samba/lwiauthd.conf</filename>:"
2014
2015
#: serverguide/C/windows-networking.xml:1415(programlisting)
2016
#, no-wrap
2017
msgid ""
2018
"\n"
2019
"winbind use default domain = yes\n"
2020
msgstr ""
2021
"\n"
2022
"winbind use default domain = yes\n"
2023
2024
#: serverguide/C/windows-networking.xml:1419(para)
2025
msgid "Then restart the <application>likewise-open</application> daemons:"
2026
msgstr ""
2027
"จากนั้นให้เริ่มโปรแกรม <application>likewise-open</application> ใหม่โดยพิมพ์:"
2028
2029
#: serverguide/C/windows-networking.xml:1424(command)
2030
msgid "sudo /etc/init.d/likewise-open restart"
2031
msgstr "sudo /etc/init.d/likewise-open restart"
2032
2033
#: serverguide/C/windows-networking.xml:1428(para)
2034
msgid ""
2035
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
2036
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
2037
"using only their username."
2038
msgstr ""
2039
"หลังจากที่คุณตั้งค่าให้ใช้งานกับ <emphasis>default domain</emphasis> "
2040
"แล้วคุณก็ไม่ต้องมี <emphasis role=\"italic\">'domain\\'</emphasis> "
2041
"นำหน้าของผู้ใช้อีก และผู้ใช้สามารถลงชื่อเข้าใช้ระบบได้โดยใช้ชื่อผู้ใช้ได้เลย"
2042
2043
#: serverguide/C/windows-networking.xml:1434(para)
2044
msgid ""
2045
"The <application>domainjoin-cli</application> utility can also be used to "
2046
"leave the domain. From a terminal:"
2047
msgstr ""
2048
"คุณสามารถใช้โปรแกรม <application>domainjoin-cli</application> "
2049
"กรณีที่ต้องการออกจากโดเมนได้เช่นกัน สำหรับกรณีนี้ให้พิมพ์:"
2050
2051
#: serverguide/C/windows-networking.xml:1439(command)
2052
msgid "sudo domainjoin-cli leave"
2053
msgstr "sudo domainjoin-cli leave"
2054
2055
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
2056
msgid "Other Utilities"
2057
msgstr "เครื่องมืออื่นๆ"
2058
2059
#: serverguide/C/windows-networking.xml:1446(para)
2060
msgid ""
2061
"The <application>likewise-open</application> package comes with a few other "
2062
"utilities that may be useful for gathering information about the Active "
2063
"Directory environment. These utilities are used to join the machine to the "
2064
"domain, and are the same as those available in the <application>samba-"
2065
"common</application> and <application>winbind</application> packages:"
2066
msgstr ""
2067
"ชุดโปรแกรม <application>likewise-open</application> "
2068
"มาพร้อมกับเครื่องมืออื่นๆซึ่งมีประโยชน์สำหรับใช้ศึกษาข้อมูลเกี่ยวกับ Active "
2069
"Directory "
2070
"คุณสามารถใช้เครื่องมือเหล่านี้เพื่อให้เครื่องคอมพิวเตอร์เข้าร่วมกับโดเมนเหมือ"
2071
"นๆกับที่ชุดโปรแกรม <application>samba-common</application> และ "
2072
"<application>winbind</application> ทำได้:"
2073
2074
#: serverguide/C/windows-networking.xml:1455(para)
2075
msgid ""
2076
"<application>lwinet</application>: Returns information about the network and "
2077
"the domain."
2078
msgstr ""
2079
"โปรแกรม <application>lwinet</application>: "
2080
"คืนข้อมูลต่างๆเกี่ยวกับเครือข่ายและโดเมน"
2081
2082
#: serverguide/C/windows-networking.xml:1460(para)
2083
msgid ""
2084
"<application>lwimsg</application>: Allows interaction with the "
2085
"<application>likewise-winbindd</application> daemon."
2086
msgstr ""
2087
"โปรแกรม <application>lwimsg</application>: สำหรับใช้ร่วมกับโปรแกรม "
2088
"<application>likewise-winbindd</application> daemon."
2089
2090
#: serverguide/C/windows-networking.xml:1465(para)
2091
msgid ""
2092
"<application>lwiinfo</application>: Displays information about various parts "
2093
"of the Domain."
2094
msgstr ""
2095
"โปรแกรม <application>lwiinfo</application>: "
2096
"แสดงข้อมูลเกี่ยวกับส่วนต่างๆของโดเมน"
2097
2098
#: serverguide/C/windows-networking.xml:1471(para)
2099
msgid "Please refer to each utility's man page specific for details."
2100
msgstr "กรุณาอ่านคู่มือของโปรแกรมแต่ละตัวสำหรับรายละเอียด"
2101
2102
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
2103
msgid "Troubleshooting"
2104
msgstr "การแก้ปัญหา"
2105
2106
#: serverguide/C/windows-networking.xml:1481(para)
2107
msgid ""
2108
"If the client has trouble joining the domain, double check that the "
2109
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2110
"example:"
2111
msgstr ""
2112
"ถ้าเครื่องลูกข่ายไม่สามารถเข้าร่วมกับโดเมนได้ "
2113
"ให้เช็คอีกทีว่าเครื่องเซิร์ฟเวอร์ DNS "
2114
"ของไมโครซอฟท์นั้นอยู่เป็นอันดับแรกของไฟล์ "
2115
"<filename>/etc/resolv.conf</filename> ยกตัวอย่างเช่น:"
2116
2117
#: serverguide/C/windows-networking.xml:1486(programlisting)
2118
#, no-wrap
2119
msgid ""
2120
"\n"
2121
"nameserver 192.168.0.1\n"
2122
msgstr ""
2123
"\n"
2124
"nameserver 192.168.0.1\n"
2125
2126
#: serverguide/C/windows-networking.xml:1491(para)
2127
msgid ""
2128
"For more information when joining a domain, use the <emphasis>--loglevel "
2129
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2130
"<application>domainjoin-cli</application> utility:"
2131
msgstr ""
2132
"คุณสามารถดูข้อมูลแบบละเอียดเวลาเข้าร่วมกับโดเมนได้โดยใช้ตัวเลือก <emphasis>--"
2133
"loglevel verbose</emphasis> หรือ <emphasis>--advanced</emphasis> กับคำสั่ง "
2134
"<application>domainjoin-cli</application>:"
2135
2136
#: serverguide/C/windows-networking.xml:1497(command)
2137
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2138
msgstr ""
2139
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2140
2141
#: serverguide/C/windows-networking.xml:1501(para)
2142
msgid ""
2143
"If an Active Directory user has trouble logging in, check the "
2144
"<filename>/var/log/auth.log</filename> for details."
2145
msgstr ""
2146
"ถ้าผู้ใช้ใน Active Directory ไม่สามารถลงชื่อเข้าใช้ระบบได้ "
2147
"ให้ลองดูสาเหตุและรายละเอียดจากไฟล์ <filename>/var/log/auth.log</filename>"
2148
2149
#: serverguide/C/windows-networking.xml:1506(para)
2150
msgid ""
2151
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2152
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2153
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2154
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2155
"<emphasis>hosts</emphasis> option. For example:"
2156
msgstr ""
2157
2158
#: serverguide/C/windows-networking.xml:1512(programlisting)
2159
#, no-wrap
2160
msgid ""
2161
"\n"
2162
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2163
msgstr ""
2164
"\n"
2165
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2166
2167
#: serverguide/C/windows-networking.xml:1516(para)
2168
msgid "Change the above to:"
2169
msgstr "แก้ไขบรรทัดด้านบนเป็น:"
2170
2171
#: serverguide/C/windows-networking.xml:1520(programlisting)
2172
#, no-wrap
2173
msgid ""
2174
"\n"
2175
"hosts: files dns [NOTFOUND=return]\n"
2176
msgstr ""
2177
"\n"
2178
"hosts: files dns [NOTFOUND=return]\n"
2179
2180
#: serverguide/C/windows-networking.xml:1524(para)
2181
msgid "Then restart networking by entering:"
2182
msgstr "จากนั้นก็ให้เริ่มการใช้เครือข่ายใหม่โดยพิมพ์คำสั่ง:"
2183
2184
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
2185
msgid "sudo /etc/init.d/networking restart"
2186
msgstr "sudo /etc/init.d/networking restart"
2187
2188
#: serverguide/C/windows-networking.xml:1532(para)
2189
msgid "You should now be able to join the Active Directory domain."
2190
msgstr "จากนั้นคุณน่าจะเข้าร่วมกับโดเมน Active Directory ได้แล้ว"
2191
2192
#: serverguide/C/windows-networking.xml:1540(title)
2193
msgid "Microsoft DNS"
2194
msgstr "ไมโครซอฟท์ DNS"
2195
2196
#: serverguide/C/windows-networking.xml:1542(para)
2197
msgid ""
2198
"The following are instructions for installing DNS on an Active Directory "
2199
"domain controller running Windows Server 2003, but the instructions should "
2200
"be similar for other versions:"
2201
msgstr ""
2202
"ในส่วนนี้จะให้คำแนะนำในการติดตั้ง DNS บนเครื่องควบคุมโดเมน Active Directory "
2203
"ที่ทำงานบนวินโดว์ เซิร์ฟเวอร์ 2003 "
2204
"แต่คำแนะนำนี้น่าจะนำไปใช้กับวินโดว์เซิร์ฟเวอร์เวอร์ชั่นอื่นๆได้เช่นกัน:"
2205
2206
#: serverguide/C/windows-networking.xml:1551(para)
2207
msgid ""
2208
"Click "
2209
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2210
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2211
"This will open the <application>Server Role Mangement</application> utility."
2212
msgstr ""
2213
2214
#: serverguide/C/windows-networking.xml:1559(para)
2215
msgid "Click <guilabel>Add or remove a role</guilabel>"
2216
msgstr ""
2217
2218
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
2219
msgid "Click Next"
2220
msgstr "คลิ๊กปุ่ม Next"
2221
2222
#: serverguide/C/windows-networking.xml:1561(para)
2223
msgid "Select \"DNS Server\""
2224
msgstr "เลือก \"DNS Server\""
2225
2226
#: serverguide/C/windows-networking.xml:1563(para)
2227
msgid "Click Next again to proceed"
2228
msgstr ""
2229
2230
#: serverguide/C/windows-networking.xml:1564(para)
2231
msgid "Select \"Create a forward lookup zone\" if it is not selected."
2232
msgstr "เลือก \"Create a forward lookup zone\" ถ้าตัวเลือกนี้ยังไม่ถูกเลือก"
2233
2234
#: serverguide/C/windows-networking.xml:1566(para)
2235
msgid ""
2236
"Make sure \"This server maintains the zone\" is selected and click Next."
2237
msgstr ""
2238
"ตรวจสอบว่า \"This server maintains the zone\" ได้ถูกเลือก "
2239
"จากนั้นให้คลิ๊กปุ่ม Next"
2240
2241
#: serverguide/C/windows-networking.xml:1567(para)
2242
msgid "Enter your domain name and click Next"
2243
msgstr "ใส่ชื่อโดเมนของคุณและคลิ๊กปุ่ม Next"
2244
2245
#: serverguide/C/windows-networking.xml:1568(para)
2246
msgid "Click Next to \"Allow only secure dynamic updates\""
2247
msgstr ""
2248
"คลิ๊กปุ่ม Next เพื่ออนุญาติให้ทำการปรับปรุงข้อมูลแบบปลอดภัยเท่านั้น (\"Allow "
2249
"only secure dynamic updates\")"
2250
2251
#: serverguide/C/windows-networking.xml:1570(para)
2252
msgid ""
2253
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2254
"should not forward queries\" and click Next."
2255
msgstr ""
2256
"ใส่เลขที่ IP สำหรับเซิร์ฟเวอร์ DNS ที่จะโอนคำร้องขอไปให้ หรือเลือก \"No, it "
2257
"should not forward queries\" จากนั้นจึงคลิ๊กปุ่ม Next"
2258
2259
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2260
msgid "Click Finish"
2261
msgstr "คลิ๊กปุ่ม Finish"
2262
2263
#: serverguide/C/windows-networking.xml:1577(para)
2264
msgid ""
2265
"DNS is now installed and can be further configured using the "
2266
"<application>Microsoft Management Console</application> DNS snap-in."
2267
msgstr ""
2268
"DNS ได้ถูกติดตั้งเรียบร้อยและคุณสามารถปรับค่าเพิ่มเติมได้โดยใช้โปรแกรม "
2269
"<application>Microsoft Management Console</application> ผ่าน DNS snap-in"
2270
2271
#: serverguide/C/windows-networking.xml:1585(para)
2272
msgid "Click Start"
2273
msgstr "คลิ๊กปุ่ม Start"
2274
2275
#: serverguide/C/windows-networking.xml:1586(para)
2276
msgid "Control Panel"
2277
msgstr "แ"
2278
2279
#: serverguide/C/windows-networking.xml:1587(para)
2280
msgid "Network Connections"
2281
msgstr "การเชื่อมต่อเครือข่าย (Network Connections)"
2282
2283
#: serverguide/C/windows-networking.xml:1588(para)
2284
msgid "Right Click \"Local Area Connection\""
2285
msgstr "คลิ๊กขวาบนไอคอน \"Local Area Connection\""
2286
2287
#: serverguide/C/windows-networking.xml:1589(para)
2288
msgid "Click Properties"
2289
msgstr "คลิ๊กที่ Properties"
2290
2291
#: serverguide/C/windows-networking.xml:1590(para)
2292
msgid "Double click \"Internet Protocol (TCP/IP)\""
2293
msgstr "ดับเบิ้ลคลิ๊กที่รายการ \"Internet Protocol (TCP/IP)\""
2294
2295
#: serverguide/C/windows-networking.xml:1591(para)
2296
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2297
msgstr "ใส่เลขที่ IP ของเซิร์ฟเวอร์ในช่อง \"Preferred DNS server\""
2298
2299
#: serverguide/C/windows-networking.xml:1592(para)
2300
msgid "Click Ok"
2301
msgstr "คลิ๊กปุ่ม OK"
2302
2303
#: serverguide/C/windows-networking.xml:1593(para)
2304
msgid "Click Ok again to save the settings"
2305
msgstr "คลิ๊กปุ่ม OK อีกครั้งเพื่อบันทึกการตั้งค่า"
2306
2307
#: serverguide/C/windows-networking.xml:1582(para)
2308
msgid ""
2309
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2310
msgstr ""
2311
"จากนั้นให้ตั้งค่าเซิร์ฟเวอร์ให้ใช้ตัวเองเพื่อตอบคำร้องขอ DNS: <placeholder-"
2312
"1/>"
2313
2314
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2315
msgid "References"
2316
msgstr "แหล่งอ้างอิง"
2317
2318
#: serverguide/C/windows-networking.xml:1602(para)
2319
msgid ""
2320
"Please refer to the <ulink "
2321
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2322
"further information."
2323
msgstr ""
2324
"กรุณาไปที่หน้าโฮมเพจของ <ulink "
2325
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> "
2326
"สำหรับข้อมูลเพิ่มเติม"
2327
2328
#: serverguide/C/windows-networking.xml:1606(para)
2329
msgid ""
2330
"For more <application>domainjoin-cli</application> options see the man page: "
2331
"<command>man domainjoin-cli</command>."
2332
msgstr ""
2333
"ถ้าคุณต้องการดูตัวเลือกอื่นๆของคำสั่ง <application>domainjoin-"
2334
"cli</application> กรุณาดูคู่มือโดยพิมพ์คำสั่ง: <command>man domainjoin-"
2335
"cli</command>"
2336
2337
#: serverguide/C/windows-networking.xml:1610(para)
2338
msgid ""
2339
"Also, see the <ulink "
2340
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2341
"LikewiseOpen</ulink> page."
2342
msgstr ""
2343
2344
#: serverguide/C/web-servers.xml:13(title)
2345
msgid "Web Servers"
2346
msgstr "เว็บเซิร์ฟเวอร์"
2347
2348
#: serverguide/C/web-servers.xml:14(para)
2349
msgid ""
2350
"A Web server is a software responsible for accepting HTTP requests from "
2351
"clients, which are known as Web browsers, and serving them HTTP responses "
2352
"along with optional data contents, which usually are Web pages such as HTML "
2353
"documents and linked objects (images, etc.)."
2354
msgstr ""
2355
"เว็บเซิร์ฟเวอร์เป็นโปรแกรมที่ตอบสนองคำร้องขอแบบ HTTP จากโปรแกรมเว็บเบราเซอร์ "
2356
"และส่งข้อมูลต่างๆที่เว็บเบราเซอร์ได้ร้องขอซึ่งโดยปกติมักจะเป็นหน้าเว็บเพจเช่น"
2357
"เอกสาร HTML และข้อมูลอื่นๆเช่นรูปภาพ"
2358
2359
#: serverguide/C/web-servers.xml:19(title)
2360
msgid "HTTPD - Apache2 Web Server"
2361
msgstr "HTTPD - Apache2 เว็บเซิร์ฟเวอร์"
2362
2363
#: serverguide/C/web-servers.xml:20(para)
2364
msgid ""
2365
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2366
"are used to serve Web Pages requested by client computers. Clients typically "
2367
"request and view Web Pages using Web Browser applications such as "
2368
"<application>Firefox</application>, <application>Opera</application>, or "
2369
"<application>Mozilla</application>."
2370
msgstr ""
2371
"Apache เป็นโปรแกรมเว็บเซิร์ฟเวอร์ที่ใช้กันอย่างแพร่หลายที่สุดบนระบบลีนุกซ์ "
2372
"โปรแกรมเว็บเซิร์ฟเวอร์นั้นมีไว้เพื่อส่งหน้าเว็บหรือที่เรียกว่าเว็บเพจกลับไปให"
2373
"้เครื่องที่ร้องขอ "
2374
"โดยผู้ใช้มักขอและดูหน้าเว็บผ่านโปรแกรมที่เรียกว่าเว็บเบราเซอร์เช่นโปรแกรม "
2375
"<application>Firefox</application>, <application>Opera</application> หรือ "
2376
"<application>Mozilla</application>"
2377
2378
#: serverguide/C/web-servers.xml:24(para)
2379
msgid ""
2380
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2381
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2382
"resource. For example, to view the home page of the <ulink "
2383
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2384
"the FQDN. To request specific information about <ulink "
2385
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2386
"enter the FQDN followed by a path."
2387
msgstr ""
2388
"ผู้ใช้ระบุหน้าเว็บที่ต้องการโดยดูใส่ที่อยู่หรือที่เรียกว่า Uniform Resource "
2389
"Locator (URL) ที่ชี้ไปที่หน้าเว็บที่อยู่บนเว็บเซิร์ฟเวอร์ โดย URL "
2390
"นี้จะอยู่ในรูปแบบของชื่อโดเมนแบบเต็ม (Fully Qualified Domain Name หรือ FQDN) "
2391
"และ path สำหรับหน้าเว็บนั้นๆ เช่น ถ้าผู้ใช้ต้องการดูโฮมเพจของ<ulink "
2392
"url=\"http://www.ubuntu.com\">เว็บไซต์อูบุนตู</ulink>เธอต้องใส่แค่ FQDN "
2393
"แต่ถ้าผู้ใช้ต้องการดูหน้าเว็บที่เกี่ยวกับ <ulink "
2394
"url=\"http://www.ubuntu.com/support/paid\">การจ่ายค่าช่วยดูแล</ulink> "
2395
"เธอต้องใส่ FQDN ตามด้วย path สำหรับหน้าการจ่ายค่าช่วยดูแล"
2396
2397
#: serverguide/C/web-servers.xml:29(para)
2398
msgid ""
2399
"The most common protocol used to transfer Web pages is the Hyper Text "
2400
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2401
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2402
"protocol for uploading and downloading files, are also supported."
2403
msgstr ""
2404
"โปรโตคอลหลักที่ใช้ถ่ายโอนหน้าเว็บต่างๆก็คือ Hyper Text Transfer Protocol "
2405
"(HTTP) แต่โปรโตคอลอื่นๆเช่น Hyper Text Transfer Protocol over Secure Sockets "
2406
"Layer (HTTPS) และ File Transfer Protocol (FTP) "
2407
"ซึ่งเป็นโปรโตคอลสำหรับอัพโหลดและดาวน์โหลดไฟล์ก็สนับสนุนเช่นกัน"
2408
2409
#: serverguide/C/web-servers.xml:33(para)
2410
msgid ""
2411
"Apache Web Servers are often used in combination with the "
2412
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2413
"(<application>PHP</application>) scripting language, and other popular "
2414
"scripting languages such as <application>Python</application> and "
2415
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2416
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2417
"for the development and deployment of Web-based applications."
2418
msgstr ""
2419
"บ่อยครั้งที่เว็บเซิร์ฟเวอร์ Apache ถูกใช้ร่วมกับฐานข้อมูล "
2420
"<application>MySQL</application>, ภาษา HyperText Preprocessor "
2421
"(<application>PHP</application>) และภาษาสำหรับ scripting อื่นๆเช่น "
2422
"<application>Python</application> และ <application>Perl</application> "
2423
"เป็นต้น ชุดโปรแกรมทั้งหมดนี้รวมกันมีชื่อเรียกว่า LAMP (ซึ่งเป็นคำย่อจาก "
2424
"Linux, Apache, MySQL และ Perl/Python/PHP) "
2425
"และเป็นแพลทฟอร์มสำหรับพัฒนาแอพพลิเคชั่นบนเว็บที่มีประสิทธิภาพอย่างมาก"
2426
2427
#: serverguide/C/web-servers.xml:42(para)
2428
msgid ""
2429
"The <application>Apache2</application> web server is available in Ubuntu "
2430
"Linux. To install Apache2:"
2431
msgstr ""
2432
2433
#: serverguide/C/web-servers.xml:48(para)
2434
msgid "At a terminal prompt enter the following command:"
2435
msgstr "ในพร๊อมต์เทอร์มินัล ให้พิมพ์คำสั่งดังนี้:"
2436
2437
#: serverguide/C/web-servers.xml:53(command)
2438
msgid "sudo apt-get install apache2"
2439
msgstr "sudo apt-get install apache2"
2440
2441
#: serverguide/C/web-servers.xml:63(para)
2442
msgid ""
2443
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2444
"text configuration files. These <emphasis>directives</emphasis> are "
2445
"separated between the following files and directories:"
2446
msgstr ""
2447
2448
#: serverguide/C/web-servers.xml:71(para)
2449
msgid ""
2450
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2451
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2452
msgstr ""
2453
2454
#: serverguide/C/web-servers.xml:77(para)
2455
msgid ""
2456
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2457
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2458
"serve content may add files, or symlinks, to this directory."
2459
msgstr ""
2460
2461
#: serverguide/C/web-servers.xml:83(para)
2462
msgid ""
2463
"<emphasis>envvars:</emphasis> file where Apache2 "
2464
"<emphasis>environment</emphasis> variables are set."
2465
msgstr ""
2466
2467
#: serverguide/C/web-servers.xml:88(para)
2468
msgid ""
2469
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2470
"file, named after the <application>httpd</application> daemon. The file can "
2471
"be used for <emphasis>user specific</emphasis> configuration options that "
2472
"globally effect Apache2."
2473
msgstr ""
2474
2475
#: serverguide/C/web-servers.xml:95(para)
2476
msgid ""
2477
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2478
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2479
"modules will have specific configuration files, however."
2480
msgstr ""
2481
2482
#: serverguide/C/web-servers.xml:101(para)
2483
msgid ""
2484
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2485
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2486
"configuration file is symlinked it will be enabled the next time "
2487
"<application>apache2</application> is restarted."
2488
msgstr ""
2489
2490
#: serverguide/C/web-servers.xml:108(para)
2491
msgid ""
2492
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2493
"TCP ports Apache2 is listening on."
2494
msgstr ""
2495
2496
#: serverguide/C/web-servers.xml:113(para)
2497
msgid ""
2498
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2499
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2500
"to be configured for multiple sites that have separate configurations."
2501
msgstr ""
2502
2503
#: serverguide/C/web-servers.xml:119(para)
2504
msgid ""
2505
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2506
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2507
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2508
"a configuration file in sites-available is symlinked, the site configured by "
2509
"it will be active once Apache2 is restarted."
2510
msgstr ""
2511
2512
#: serverguide/C/web-servers.xml:127(para)
2513
msgid ""
2514
"In addition, other configuration files may be added using the "
2515
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2516
"many configuration files. Any directive may be placed in any of these "
2517
"configuration files. Changes to the main configuration files are only "
2518
"recognized by Apache2 when it is started or restarted."
2519
msgstr ""
2520
2521
#: serverguide/C/web-servers.xml:136(para)
2522
msgid ""
2523
"The server also reads a file containing mime document types; the filename is "
2524
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2525
"<filename>/etc/mime.types</filename> by default."
2526
msgstr ""
2527
2528
#: serverguide/C/web-servers.xml:141(title)
2529
msgid "Basic Settings"
2530
msgstr "การตั้งค่าพื้นฐาน"
2531
2532
#: serverguide/C/web-servers.xml:142(para)
2533
msgid ""
2534
"This section explains Apache2 server essential configuration parameters. "
2535
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2536
"Documentation</ulink> for more details."
2537
msgstr ""
2538
"ในส่วนนี้จะอธิบายถึงการตั้งค่าพื้นฐานต่างๆ กรุณาอ่าน <ulink "
2539
"url=\"http://httpd.apache.org/docs/2.2/\">คู่มือการใช้งาน Apache2</ulink> "
2540
"สำหรับรายละเอียดเพิ่มเติม"
2541
2542
#: serverguide/C/web-servers.xml:150(para)
2543
msgid ""
2544
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2545
"it is configured with a single default virtual host (using the "
2546
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2547
"if you have a single site, or used as a template for additional virtual "
2548
"hosts if you have multiple sites. If left alone, the default virtual host "
2549
"will serve as your default site, or the site users will see if the URL they "
2550
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2551
"your custom sites. To modify the default virtual host, edit the file "
2552
"<filename>/etc/apache2/sites-available/default</filename>."
2553
msgstr ""
2554
2555
#: serverguide/C/web-servers.xml:163(para)
2556
msgid ""
2557
"The directives set for a virtual host only apply to that particular virtual "
2558
"host. If a directive is set server-wide and not defined within the virtual "
2559
"host settings, the default setting is used. For example, you can define a "
2560
"Webmaster email address and not define individual email addresses for each "
2561
"virtual host."
2562
msgstr ""
2563
"การตั้งค่าของโฮสต์เสมือนอันใดอันหนึ่งจะมีผลเฉพาะกับโฮสต์เสมือนนั้นเท่านั้น "
2564
"และจะไม่กระทบกับโฮสต์เสมือนอื่นๆ "
2565
"แต่ถ้าคุณตั้งค่าใดที่มีผลสำหรับทั้งเซิร์ฟเวอร์และไม่ได้ตั้งค่าอื่นๆสำหรับโฮสต"
2566
"์เสมือน ค่าที่คุณตั้งไว้ในระดับเซิร์ฟเวอร์จะมีผลบังคับใช้แทน "
2567
"เช่นคุณสามารถตั้งค่าอีเมล์ของผู้ดูแลเว็บในระดับเซิร์ฟเวอร์แทนที่จะต้องตั้งค่า"
2568
"นี้ในทุกๆโฮสต์เสมือนได้"
2569
2570
#: serverguide/C/web-servers.xml:171(para)
2571
msgid ""
2572
"If you wish to configure a new virtual host or site, copy that file into the "
2573
"same directory with a name you choose. For example:"
2574
msgstr ""
2575
2576
#: serverguide/C/web-servers.xml:177(command)
2577
msgid ""
2578
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2579
"available/mynewsite"
2580
msgstr ""
2581
2582
#: serverguide/C/web-servers.xml:180(para)
2583
msgid ""
2584
"Edit the new file to configure the new site using some of the directives "
2585
"described below."
2586
msgstr ""
2587
2588
#: serverguide/C/web-servers.xml:187(para)
2589
msgid ""
2590
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2591
"to be advertised for the server's administrator. The default value is "
2592
"webmaster@localhost. This should be changed to an email address that is "
2593
"delivered to you (if you are the server's administrator). If your website "
2594
"has a problem, Apache2 will display an error message containing this email "
2595
"address to report the problem to. Find this directive in your site's "
2596
"configuration file in /etc/apache2/sites-available."
2597
msgstr ""
2598
"คำสั่ง <emphasis>ServerAdmin</emphasis> ใช้สำหรับระบุอีเมล์ของผู้ดูแลระบบ "
2599
"ค่าเริ่มต้นของคำสั่งนี้คือ webmaster@localhost "
2600
"ซึ่งเราแนะนำให้คุณเปลี่ยนเป็นอีเมล์ของคุณ (ถ้าคุณเป็นผู้ดูแลระบบ) "
2601
"ถ้าเว็บไซต์ของคุณมีปัญหา Apache2 "
2602
"จะแสดงข้อความเกี่ยวกับข้อผิดพลาดซึ่งมีอีเมล์ที่คุณระบุเพื่อให้ผู้ใช้สามารถส่ง"
2603
"อีเมล์รายงานปัญหาได้ คุณสามารถเปลี่ยนค่าของคำสั่งนี้ในไฟล์ "
2604
"/etc/apache2/sites-available"
2605
2606
#: serverguide/C/web-servers.xml:198(para)
2607
msgid ""
2608
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2609
"the IP address, Apache2 should listen on. If the IP address is not "
2610
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2611
"it runs on. The default value for the Listen directive is 80. Change this to "
2612
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2613
"that it will not be available to the Internet, to (for example) 81 to change "
2614
"the port that it listens on, or leave it as is for normal operation. This "
2615
"directive can be found and changed in its own file, "
2616
"<filename>/etc/apache2/ports.conf</filename>"
2617
msgstr ""
2618
"คำสั่ง <emphasis>Listen</emphasis> ใช้เพื่อระบุเลขที่พอร์ต (และ IP address "
2619
"ถ้าต้องการ ) ที่ Apache2 ต้องรอรับคำร้องขอ ถ้าคุณไม่ได้ระบุ IP address "
2620
"เซิร์ฟเวอร์จะรับคำร้องขอผ่านทุก IP address ที่เครื่องเซิร์ฟเวอร์มี "
2621
"ค่าเริ่มต้นสำหรับคำสั่ง Listen นี้คือ 80 คุณสามารถเปลี่ยนค่าเป็น "
2622
"127.0.0.1:80 เพื่อให้ Apache2 "
2623
"รับคำร้องขอเฉพาะจากการ์ดเน็ตเวิร์คภายในของเครื่องเซิร์ฟเวอร์ (loopback "
2624
"interface) ทำให้เครื่องไม่รับคำร้องขอจากอินเตอร์เน็ต หรือเปลี่ยนค่าเป็น 81 "
2625
"เพื่อเปลี่ยนพอร์ตที่เซิร์ฟเวอร์จะรับคำร้องขอ "
2626
"หรือทิ้งค่าเริ่มต้นเอาไว้สำหรับการทำงานแบบปกติ "
2627
"คุณสามารถเปลี่ยนค่าของคำสั่งนี้ได้ในไฟล์ "
2628
"<filename>/etc/apache2/ports.conf</filename>"
2629
2630
#: serverguide/C/web-servers.xml:211(para)
2631
msgid ""
2632
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2633
"FQDN your site should answer to. The default virtual host has no ServerName "
2634
"directive specified, so it will respond to all requests that do not match a "
2635
"ServerName directive in another virtual host. If you have just acquired the "
2636
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2637
"value of the ServerName directive in your virtual host configuration file "
2638
"should be ubunturocks.com. Add this directive to the new virtual host file "
2639
"you created earlier (<filename>/etc/apache2/sites-"
2640
"available/mynewsite</filename>)."
2641
msgstr ""
2642
2643
#: serverguide/C/web-servers.xml:223(para)
2644
msgid ""
2645
"You may also want your site to respond to www.ubunturocks.com, since many "
2646
"users will assume the www prefix is appropriate. Use the "
2647
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2648
"wildcards in the ServerAlias directive."
2649
msgstr ""
2650
2651
#: serverguide/C/web-servers.xml:230(para)
2652
msgid ""
2653
"For example, the following configuration will cause your site to respond to "
2654
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2655
msgstr ""
2656
2657
#: serverguide/C/web-servers.xml:236(programlisting)
2658
#, no-wrap
2659
msgid ""
2660
"\n"
2661
"ServerAlias *.ubunturocks.com\n"
2662
msgstr ""
2663
2664
#: serverguide/C/web-servers.xml:242(para)
2665
msgid ""
2666
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2667
"should look for the files that make up the site. The default value is "
2668
"/var/www. No site is configured there, but if you uncomment the "
2669
"<emphasis>RedirectMatch</emphasis> directive in "
2670
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2671
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2672
"this value in your site's virtual host file, and remember to create that "
2673
"directory if necessary!"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:254(para)
2677
msgid ""
2678
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2679
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2680
"enabled point to \"available\" sites."
2681
msgstr ""
2682
2683
#: serverguide/C/web-servers.xml:260(para)
2684
msgid ""
2685
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2686
"<application>a2ensite</application> utility and restart Apache2:"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:266(command)
2690
msgid "sudo a2ensite mynewsite"
2691
msgstr ""
2692
2693
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2694
msgid "sudo /etc/init.d/apache2 restart"
2695
msgstr "sudo /etc/init.d/apache2 restart"
2696
2697
#: serverguide/C/web-servers.xml:271(para)
2698
msgid ""
2699
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2700
"name for the VirtualHost. One method is to name the file after the "
2701
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2702
msgstr ""
2703
2704
#: serverguide/C/web-servers.xml:278(para)
2705
msgid ""
2706
"Similarly, use the <application>a2dissite</application> utility to disable "
2707
"sites. This is can be useful when troubleshooting configuration problems "
2708
"with multiple VirtualHosts:"
2709
msgstr ""
2710
2711
#: serverguide/C/web-servers.xml:284(command)
2712
msgid "sudo a2dissite mynewsite"
2713
msgstr ""
2714
2715
#: serverguide/C/web-servers.xml:290(title)
2716
msgid "Default Settings"
2717
msgstr "ค่าเริ่มต้น (ที่มาพร้อมกับการติดตั้ง)"
2718
2719
#: serverguide/C/web-servers.xml:292(para)
2720
msgid ""
2721
"This section explains configuration of the Apache2 server default settings. "
2722
"For example, if you add a virtual host, the settings you configure for the "
2723
"virtual host take precedence for that virtual host. For a directive not "
2724
"defined within the virtual host settings, the default value is used."
2725
msgstr ""
2726
"ในส่วนนี้จะอธิบายเกี่ยวกับค่าเริ่มต้นของเซิร์ฟเวอร์ Apache2 "
2727
"ที่มากับการติดตั้ง ยกตัวอย่างเช่นถ้าคุณเพิ่ม virtual host ใหม่ "
2728
"ค่าที่ตั้งไว้สำหรับ virtual host "
2729
"นั้นจะมีผลเหนือค่าเริ่มต้นที่มากับการติดตั้ง ถ้าไม่มีคำสั่งพิเศษสำหรับ "
2730
"virtual host เซิร์ฟเวอร์จะใช้ค่าเริ่มต้นที่มากับการติดตั้งแทน"
2731
2732
#: serverguide/C/web-servers.xml:304(para)
2733
msgid ""
2734
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2735
"server when a user requests an index of a directory by specifying a forward "
2736
"slash (/) at the end of the directory name."
2737
msgstr ""
2738
"ค่า <emphasis>DirectoryIndex</emphasis> "
2739
"เป็นค่าที่ใช้ระบุหน้าเว็บที่เว็บเซิร์ฟเวอร์จะคืนให้เบราเซอร์กรณีที่ผู้ใช้งานร"
2740
"้องขอหน้าดัชนีของเว็บไซต์โดยใส่เครื่องหมาย forward slash (/) "
2741
"ต่อท้ายชื่อไดเรคทอรี"
2742
2743
#: serverguide/C/web-servers.xml:311(para)
2744
msgid ""
2745
"For example, when a user requests the page "
2746
"http://www.example.com/this_directory/, he or she will get either the "
2747
"DirectoryIndex page if it exists, a server-generated directory list if it "
2748
"does not and the Indexes option is specified, or a Permission Denied page if "
2749
"neither is true. The server will try to find one of the files listed in the "
2750
"DirectoryIndex directive and will return the first one it finds. If it does "
2751
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2752
"set for that directory, the server will generate and return a list, in HTML "
2753
"format, of the subdirectories and files in the directory. The default value, "
2754
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2755
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2756
"Apache2 finds a file in a requested directory matching any of these names, "
2757
"the first will be displayed."
2758
msgstr ""
2759
2760
#: serverguide/C/web-servers.xml:332(para)
2761
msgid ""
2762
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2763
"file for Apache2 to use for specific error events. For example, if a user "
2764
"requests a resource that does not exist, a 404 error will occur, and per "
2765
"Apache2's default configuration, the file "
2766
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2767
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2768
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2769
"redirects requests to the /error directory to "
2770
"<filename>/usr/share/apache2/error/</filename>."
2771
msgstr ""
2772
2773
#: serverguide/C/web-servers.xml:344(para)
2774
msgid ""
2775
"To see a list of the default ErrorDocument directives, use this command:"
2776
msgstr ""
2777
2778
#: serverguide/C/web-servers.xml:350(command)
2779
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2780
msgstr ""
2781
2782
#: serverguide/C/web-servers.xml:355(para)
2783
msgid ""
2784
"By default, the server writes the transfer log to the file "
2785
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2786
"per-site basis in your virtual host configuration files with the "
2787
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2788
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2789
"specify the file to which errors are logged, via the "
2790
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2791
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2792
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2793
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2794
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2795
"/etc/apache2/apache2.conf</filename> for the default value)."
2796
msgstr ""
2797
2798
#: serverguide/C/web-servers.xml:370(para)
2799
msgid ""
2800
"Some options are specified on a per-directory basis rather than per-server. "
2801
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2802
"is enclosed in XML-like tags, like so:"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:376(programlisting)
2806
#, no-wrap
2807
msgid ""
2808
"\n"
2809
"<Directory /var/www/mynewsite>\n"
2810
"...\n"
2811
"</Directory>\n"
2812
msgstr ""
2813
2814
#: serverguide/C/web-servers.xml:382(para)
2815
msgid ""
2816
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2817
"one or more of the following values (among others), separated by spaces:"
2818
msgstr ""
2819
2820
#: serverguide/C/web-servers.xml:394(para)
2821
msgid ""
2822
"Most files should not be executed as CGI scripts. This would be very "
2823
"dangerous. CGI scripts should kept in a directory separate from and outside "
2824
"your DocumentRoot, and only this directory should have the ExecCGI option "
2825
"set. This is the default, and the default location for CGI scripts is "
2826
"<filename>/usr/lib/cgi-bin</filename>."
2827
msgstr ""
2828
2829
#: serverguide/C/web-servers.xml:389(para)
2830
msgid ""
2831
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2832
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2833
msgstr ""
2834
"<emphasis role=\"bold\">ExecCGI</emphasis> - อนุญาติให้ใช้งาน CGI สคริปต์ได้ "
2835
"ถ้าไม่ได้เลือกตัวเลือกนี้จะไม่สามารถใช้ CGI สคริปต์ได้\r\n"
2836
"<placeholder-1/>"
2837
2838
#: serverguide/C/web-servers.xml:405(para)
2839
msgid ""
2840
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2841
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2842
"other files. This is not a common option. See <ulink "
2843
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2844
"HOWTO</ulink> for more information."
2845
msgstr ""
2846
"<emphasis role=\"bold\">Includes</emphasis> - อนุญาติให้ใช้งาน server-side "
2847
"includes ซึ่งจะทำให้ไฟล์ HTML สามารถใช้หรือนำเข้า (<emphasis> "
2848
"include</emphasis>) ไฟล์อื่นๆได้ "
2849
"ตัวเลือกนี้เป็นตัวเลือกที่ไม่ค่อยถูกใช้บ่อยนัก กรุณาอ่าน <ulink "
2850
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">Apache2 SSI "
2851
"HOWTO</ulink> ถ้าต้องการรายละเอียดเพิ่มเติม"
2852
2853
#: serverguide/C/web-servers.xml:414(para)
2854
msgid ""
2855
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2856
"includes, but disable the <emphasis>#exec</emphasis> and "
2857
"<emphasis>#include</emphasis> commands in CGI scripts."
2858
msgstr ""
2859
2860
#: serverguide/C/web-servers.xml:426(para)
2861
msgid ""
2862
"For security reasons, this should usually not be set, and certainly should "
2863
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2864
"per-directory basis only if you are certain you want users to see the entire "
2865
"contents of the directory."
2866
msgstr ""
2867
"เพื่อความปลอดภัย โดยทั่วไปแล้วคุณไม่ควรใช้งานตัวเลือกนี้ "
2868
"โดยเฉพาะอย่างยิ่งไม่ควรใช้กับไดเร็คทอรี่ DocumentRoot ของคุณ "
2869
"กรุณาใช้ตัวเลือกนี้อย่างระมัดระวังเป็นไดเร็คทอรี่ๆไป "
2870
"กรณีที่คุณต้องการให้ผู้ใช้เห็นเนื้อหาที่อยู่ในไดเร็คทอรี่ของคุณ"
2871
2872
#: serverguide/C/web-servers.xml:421(para)
2873
msgid ""
2874
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2875
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2876
"index.html) exists in the requested directory. <placeholder-1/>"
2877
msgstr ""
2878
"<emphasis role=\"bold\">Indexes</emphasis> - แสดงเนื้อหา "
2879
"(รายชื่อของไฟล์และไดเร็คทอรี่ย่อย) ถ้าไม่ได้ระบุคำสั่ง "
2880
"<emphasis>DirectoryIndex</emphasis> (เช่น index.html) สำหรับไดเร็คทอรี่นี้ "
2881
"<placeholder-1/>"
2882
2883
#: serverguide/C/web-servers.xml:436(para)
2884
msgid ""
2885
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2886
"multiviews; this option is disabled by default for security reasons. See the "
2887
"<ulink "
2888
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2889
"Apache2 documentation on this option</ulink>."
2890
msgstr ""
2891
2892
#: serverguide/C/web-servers.xml:444(para)
2893
msgid ""
2894
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2895
"symbolic links if the target file or directory has the same owner as the "
2896
"link."
2897
msgstr ""
2898
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - ให้ไล่ตาม symbolic "
2899
"links ถ้าไฟล์หรือไดเร็คทอรี่ที่ถูกลิงก์หามีเจ้าของเดียวกันกับลิงก์"
2900
2901
#: serverguide/C/web-servers.xml:456(title)
2902
msgid "httpd Settings"
2903
msgstr ""
2904
2905
#: serverguide/C/web-servers.xml:458(para)
2906
msgid ""
2907
"This section explains some basic <application>httpd</application> daemon "
2908
"configuration settings."
2909
msgstr ""
2910
2911
#: serverguide/C/web-servers.xml:462(para)
2912
msgid ""
2913
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2914
"the path to the lockfile used when the server is compiled with either "
2915
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2916
"stored on the local disk. It should be left to the default value unless the "
2917
"logs directory is located on an NFS share. If this is the case, the default "
2918
"value should be changed to a location on the local disk and to a directory "
2919
"that is readable only by root."
2920
msgstr ""
2921
"<emphasis role=\"bold\">LockFile</emphasis> - คำสั่ง LockFile "
2922
"ระบุไดเร็คทอรี่ที่เก็บไฟล์ล็อกที่ถูกใช้ตอนคอมไพล์เซิร์ฟเวอร์ด้วย "
2923
"USE_FCNTL_SERIALIZED_ACCEPT หรือ USE_FLOCK_SERIALIZED_ACCEPT "
2924
"ค่านี้ไม่ควรถูกเปลี่ยนแปลงนอกเสียจากว่าไดเรคทอรี่ที่ใช้เก็บบันทึก (logs) "
2925
"จะอยู่ในแชร์ของเครือข่าย (NFS) "
2926
"ถ้าเกิดเป็นเช่นนั้นคุณควรเปลี่ยนค่าเริ่มต้นให้ชี้ไปที่ไฟล์ในฮาร์ดดิสก์ของเครื"
2927
"่องซึ่งอยู่ในไดเร็คทอรี่ที่อ่านได้โดย root เท่านั้น"
2928
2929
#: serverguide/C/web-servers.xml:471(para)
2930
msgid ""
2931
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2932
"file in which the server records its process ID (pid). This file should only "
2933
"be readable by root. In most cases, it should be left to the default value."
2934
msgstr ""
2935
"<emphasis role=\"bold\">PidFile</emphasis> - คำสั่ง PidFile "
2936
"ระบุไฟล์ที่เซิร์ฟเวอร์ใช้เพื่อบันทึกเลขที่โปรเซส (process ID หรือ pid) "
2937
"ของตัวเอง ไฟล์นี้ควรถูกอ่านได้โดย root เท่านั้น "
2938
"และโดยทั่วไปแล้วคุณไม่ควรแก้ไขค่าเริ่มต้นที่มาพร้อมกับการติดตั้ง"
2939
2940
#: serverguide/C/web-servers.xml:477(para)
2941
msgid ""
2942
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2943
"used by the server to answer requests. This setting determines the server's "
2944
"access. Any files inaccessible to this user will also be inaccessible to "
2945
"your website's visitors. The default value for User is www-data."
2946
msgstr ""
2947
"<emphasis role=\"bold\">User</emphasis> - คำสั่ง User ระบุเลขที่ผู้ใช้ "
2948
"(userid) ที่เซิร์ฟเวอร์จะใช้เพื่อตอบสนองคำร้องขอ "
2949
"โดยค่านี้จะเป็นตัวกำหนดว่าเซิร์ฟเวอร์สามารถเข้าถึงไฟล์หรือไดเร็คทอรี่อะไรได้บ"
2950
"้าง "
2951
"ผู้เยี่ยมชมเว็บไซต์จะไม่สามารถอ่านไฟล์ใดๆก็ตามที่เซิร์ฟเวอร์ไม่สามารถอ่านได้ "
2952
" ค่าเริ่มต้นสำหรับคำสั่งนี้คือ www-data"
2953
2954
#: serverguide/C/web-servers.xml:484(para)
2955
msgid ""
2956
"Unless you know exactly what you are doing, do not set the User directive to "
2957
"root. Using root as the User will create large security holes for your Web "
2958
"server."
2959
msgstr ""
2960
"นอกจากว่าคุณจะรู้ตัวว่ากำลังทำอะไรอยู่ อย่าตั้งค่าคำสั่ง User เป็น root "
2961
"เพราะการใช้ root "
2962
"สำหรับคำสั่งนี้จะทำให้เกิดช่องโหว่ด้านความปลอดภัยกับเว็บเซิร์ฟเวอร์ของคุณเป็น"
2963
"อย่างมาก"
2964
2965
#: serverguide/C/web-servers.xml:490(para)
2966
msgid ""
2967
"The Group directive is similar to the User directive. Group sets the group "
2968
"under which the server will answer requests. The default group is also www-"
2969
"data."
2970
msgstr ""
2971
"คำสั่ง Group นั้นก็คล้ายๆกับคำสั่ง User โดย Group "
2972
"ระบุกลุ่มผู้ใช้ที่ใช้เพื่อตอบคำร้องขอต่างๆ โดยค่าเริ่มต้นก็คือ www-data "
2973
"เช่นกัน"
2974
2975
#: serverguide/C/web-servers.xml:496(title)
2976
msgid "Apache2 Modules"
2977
msgstr ""
2978
2979
#: serverguide/C/web-servers.xml:498(para)
2980
msgid ""
2981
"Apache2 is a modular server. This implies that only the most basic "
2982
"functionality is included in the core server. Extended features are "
2983
"available through modules which can be loaded into Apache2. By default, a "
2984
"base set of modules is included in the server at compile-time. If the server "
2985
"is compiled to use dynamically loaded modules, then modules can be compiled "
2986
"separately, and added at any time using the LoadModule directive. Otherwise, "
2987
"Apache2 must be recompiled to add or remove modules."
2988
msgstr ""
2989
2990
#: serverguide/C/web-servers.xml:510(para)
2991
msgid ""
2992
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2993
"Configuration directives may be conditionally included on the presence of a "
2994
"particular module by enclosing them in an "
2995
"<emphasis><IfModule></emphasis> block."
2996
msgstr ""
2997
2998
#: serverguide/C/web-servers.xml:517(para)
2999
msgid ""
3000
"You can install additional Apache2 modules and use them with your Web "
3001
"server. For example, run the following command from a terminal prompt to "
3002
"install the <emphasis>MySQL Authentication</emphasis> module:"
3003
msgstr ""
3004
3005
#: serverguide/C/web-servers.xml:524(command)
3006
msgid "sudo apt-get install libapache2-mod-auth-mysql"
3007
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
3008
3009
#: serverguide/C/web-servers.xml:527(para)
3010
msgid ""
3011
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
3012
"additional modules."
3013
msgstr ""
3014
3015
#: serverguide/C/web-servers.xml:531(para)
3016
msgid ""
3017
"Use the <application>a2enmod</application> utility to enable a module:"
3018
msgstr ""
3019
3020
#: serverguide/C/web-servers.xml:537(command)
3021
msgid "sudo a2enmod auth_mysql"
3022
msgstr ""
3023
3024
#: serverguide/C/web-servers.xml:541(para)
3025
msgid "Similarly, <application>a2dismod</application> will disable a module:"
3026
msgstr ""
3027
3028
#: serverguide/C/web-servers.xml:546(command)
3029
msgid "sudo a2dismod auth_mysql"
3030
msgstr ""
3031
3032
#: serverguide/C/web-servers.xml:553(title)
3033
msgid "HTTPS Configuration"
3034
msgstr "การตั้งค่า HTTPS"
3035
3036
#: serverguide/C/web-servers.xml:555(para)
3037
msgid ""
3038
"The <application>mod_ssl</application> module adds an important feature to "
3039
"the Apache2 server - the ability to encrypt communications. Thus, when your "
3040
"browser is communicating using SSL, the https:// prefix is used at the "
3041
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
3042
"bar."
3043
msgstr ""
3044
"โมดูล <application>mod_ssl</application> "
3045
"นั้นเพิ่มความสามารถที่สำคัญยิ่งให้กับ Apache2 "
3046
"นั่นก็คือความสามารถในการเข้ารหัสข้อมูลที่ถูกส่งไปมา "
3047
"เพราะฉะนั้นเมื่อเบราเซอร์ของคุณสื่อสารผ่าน SSL ที่อยู่เว็บหรือที่เรียกกันว่า "
3048
"Uniform Resource Locator (URL) จะเริ่มต้นด้วย https://"
3049
3050
#: serverguide/C/web-servers.xml:564(para)
3051
msgid ""
3052
"The <application>mod_ssl</application> module is available in "
3053
"<application>apache2-common</application> package. Execute the following "
3054
"command from a terminal prompt to enable the "
3055
"<application>mod_ssl</application> module:"
3056
msgstr ""
3057
"โมดูล <application>mod_ssl</application> อยู่ในชุดโปรแกรม "
3058
"<application>apache2-common</application> ถ้าคุณต้องการเริ่มใช้งาน "
3059
"<application>mod_ssl</application> ให้พิมพ์คำสั่งดังนี้:"
3060
3061
#: serverguide/C/web-servers.xml:571(command)
3062
msgid "sudo a2enmod ssl"
3063
msgstr "sudo a2enmod ssl"
3064
3065
#: serverguide/C/web-servers.xml:574(para)
3066
msgid ""
3067
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
3068
"available/default-ssl</filename>. In order for "
3069
"<application>Apache2</application> to provide HTTPS, a "
3070
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
3071
"needed. The default HTTPS configuration will use a certificate and key "
3072
"generated by the <application>ssl-cert</application> package. They are good "
3073
"for testing, but the auto-generated certificate and key should be replaced "
3074
"by a certificate specific to the site or server. For information on "
3075
"generating a key and obtaining a certificate see <xref "
3076
"linkend=\"certificates-and-security\"/>"
3077
msgstr ""
3078
3079
#: serverguide/C/web-servers.xml:584(para)
3080
msgid ""
3081
"To configure <application>Apache2</application> for HTTPS, enter the "
3082
"following:"
3083
msgstr ""
3084
3085
#: serverguide/C/web-servers.xml:589(command)
3086
msgid "sudo a2ensite default-ssl"
3087
msgstr "sudo a2ensite default-ssl"
3088
3089
#: serverguide/C/web-servers.xml:593(para)
3090
msgid ""
3091
"The directories <filename>/etc/ssl/certs</filename> and "
3092
"<filename>/etc/ssl/private</filename> are the default locations. If you "
3093
"install the certificate and key in another directory make sure to change "
3094
"<emphasis>SSLCertificateFile</emphasis> and "
3095
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
3096
msgstr ""
3097
"โดยปกติแล้วหนังสือรับรอง (certificate) "
3098
"และกุญแจสำหรับเข้าและถอดรหัสจะถูกเก็บอยู่ที่ "
3099
"<filename>/etc/ssl/certs</filename> และ "
3100
"<filename>/etc/ssl/private</filename> ถ้าคุณเก็บไฟล์เหล่านี้ไว้ที่อื่น "
3101
"อย่าลืมเปลี่ยน <emphasis>SSLCertificateFile</emphasis> และ "
3102
"<emphasis>SSLCertificateKeyFile</emphasis> ให้ชี้ไปที่เก็บไฟล์ที่ถูกต้องด้วย"
3103
3104
#: serverguide/C/web-servers.xml:600(para)
3105
msgid ""
3106
"With Apache2 now configured for HTTPS, restart the service to enable the new "
3107
"settings:"
3108
msgstr ""
3109
3110
#: serverguide/C/web-servers.xml:611(para)
3111
msgid ""
3112
"Depending on how you obtained your certificate you may need to enter a "
3113
"passphrase when <application>Apache2</application> starts."
3114
msgstr ""
3115
3116
#: serverguide/C/web-servers.xml:617(para)
3117
msgid ""
3118
"You can access the secure server pages by typing https://your_hostname/url/ "
3119
"in your browser address bar."
3120
msgstr ""
3121
"คุณสามารถใช้งานหน้าเว็บที่ถูกเข้ารหัสได้โดยพิพม์ https://your_hostname/url/ "
3122
"ในแถบที่อยู่ของเบราเซอร์ของคุณ"
3123
3124
#: serverguide/C/web-servers.xml:628(para)
3125
msgid ""
3126
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3127
"Documentation</ulink> contains in depth information on Apache2 configuration "
3128
"directives. Also, see the <application>apache2-doc</application> package for "
3129
"the official Apache2 docs."
3130
msgstr ""
3131
3132
#: serverguide/C/web-servers.xml:635(para)
3133
msgid ""
3134
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3135
"Documentation</ulink> site for more SSL related information."
3136
msgstr ""
3137
3138
#: serverguide/C/web-servers.xml:641(para)
3139
msgid ""
3140
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3141
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3142
"configurations."
3143
msgstr ""
3144
3145
#: serverguide/C/web-servers.xml:647(para)
3146
msgid ""
3147
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3148
"server</emphasis> IRC channel on <ulink "
3149
"url=\"http://freenode.net/\">freenode.net</ulink>."
3150
msgstr ""
3151
3152
#: serverguide/C/web-servers.xml:653(para)
3153
msgid ""
3154
"Usually integrated with PHP and MySQL the <ulink "
3155
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3156
"Ubuntu Wiki </ulink> page is a good resource."
3157
msgstr ""
3158
3159
#: serverguide/C/web-servers.xml:664(title)
3160
msgid "PHP5 - Scripting Language"
3161
msgstr "ภาษาสคริปต์ PHP5"
3162
3163
#: serverguide/C/web-servers.xml:665(para)
3164
msgid ""
3165
"PHP is a general-purpose scripting language suited for Web development. The "
3166
"PHP script can be embedded into HTML. This section explains how to install "
3167
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3168
msgstr ""
3169
"PHP เป็นภาษาสำหรับเขียนสคริปต์ที่เหมาะกับการใช้พัฒนาเว็บไซต์ โดยสคริปต์ PHP "
3170
"นั้นสามารถอยู่ในไฟล์ HTML ได้ ในส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่า "
3171
"PHP5 ในอูบุนตูที่มี Apache2 และ MySQL อยู่แล้ว"
3172
3173
#: serverguide/C/web-servers.xml:669(para)
3174
msgid ""
3175
"This section assumes you have installed and configured Apache2 Web Server "
3176
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3177
"sections in this document to install and configure Apache2 and MySQL "
3178
"respectively."
3179
msgstr ""
3180
3181
#: serverguide/C/web-servers.xml:676(para)
3182
msgid "The PHP5 is available in Ubuntu Linux."
3183
msgstr ""
3184
3185
#: serverguide/C/web-servers.xml:678(para)
3186
msgid ""
3187
"To install PHP5 you can enter the following command in the terminal prompt: "
3188
"<screen>\n"
3189
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3190
"</screen>"
3191
msgstr ""
3192
"เพื่อติดตั้ง PHP5 ให้พิมพ์คำสั่งดังนี้: <screen>\n"
3193
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3194
"</screen>"
3195
3196
#: serverguide/C/web-servers.xml:687(para)
3197
msgid ""
3198
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3199
"line you should install <application>php5-cli</application> package. To "
3200
"install <application>php5-cli</application> you can enter the following "
3201
"command in the terminal prompt: <screen>\n"
3202
"<command>sudo apt-get install php5-cli</command>\n"
3203
"</screen>"
3204
msgstr ""
3205
"คุณสามารถใช้งานสคริปต์ PHP5 จาก command line แต่ก่อนอื่นคุณต้องลงชุดโปรแกรม "
3206
"<application>php5-cli</application> เสียก่อน โดยพิมพ์คำสั่งดังนี้:<screen>\n"
3207
"<command>sudo apt-get install php5-cli</command>\n"
3208
"</screen>"
3209
3210
#: serverguide/C/web-servers.xml:696(para)
3211
msgid ""
3212
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3213
"accomplish this, you should install <application>php5-cgi</application> "
3214
"package. You can run the following command in a terminal prompt to install "
3215
"<application>php5-cgi</application> package: <screen>\n"
3216
"<command>sudo apt-get install php5-cgi</command>\n"
3217
"</screen>"
3218
msgstr ""
3219
"นอกจากนั้นคุณยังสามารถใช้งานสคริปต์ PHP5 ได้โดยไม่ต้องติดตั้งโมดูล PHP5 "
3220
"สำหรับ Apache อีกด้วย สำหรับกรณีนี้คุณจะต้องติดตั้งชุดโปรแกรม "
3221
"<application>php5-cgi</application> แทนโดยพิมพ์คำสั่ง:<screen>\n"
3222
"<command>sudo apt-get install php5-cgi</command>\n"
3223
"</screen>"
3224
3225
#: serverguide/C/web-servers.xml:706(para)
3226
msgid ""
3227
"To use <application>MySQL</application> with PHP5 you should install "
3228
"<application>php5-mysql</application> package. To install <application>php5-"
3229
"mysql</application> you can enter the following command in the terminal "
3230
"prompt: <screen>\n"
3231
"<command>sudo apt-get install php5-mysql</command>\n"
3232
"</screen>"
3233
msgstr ""
3234
"เพื่อที่จะใช้งาน <application>MySQL</application> จาก PHP5 "
3235
"ได้คุณต้องติดตั้งชุดโปรแกรม <application>php5-mysql</application> "
3236
"โดยพิมพ์คำสั่ง:<screen>\n"
3237
"<command>sudo apt-get install php5-mysql</command>\n"
3238
"</screen>"
3239
3240
#: serverguide/C/web-servers.xml:714(para)
3241
msgid ""
3242
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3243
"install <application>php5-pgsql</application> package. To install "
3244
"<application>php5-pgsql</application> you can enter the following command in "
3245
"the terminal prompt: <screen>\n"
3246
"<command>sudo apt-get install php5-pgsql</command>\n"
3247
"</screen>"
3248
msgstr ""
3249
"ในทำนองเดียวกัน ถ้าคุณต้องการใช้ <application>PostgreSQL</application> กับ "
3250
"PHP5 คุณจะต้องติดตั้งชุดโปรแกรม <application>php5-pgsql</application> "
3251
"โดยพิมพ์คำสั่ง:<screen>\n"
3252
"<command>sudo apt-get install php5-pgsql</command>\n"
3253
"</screen>"
3254
3255
#: serverguide/C/web-servers.xml:727(para)
3256
msgid ""
3257
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3258
"you have installed <application>php5-cli</application> package, you can run "
3259
"PHP5 scripts from your command prompt."
3260
msgstr ""
3261
"หลังจากคุณได้ติดตั้ง PHP5 คุณสามารถใช้งานสคริปติ์ PHP5 จากเบราเซอร์ของคุณ "
3262
"แต่ถ้าคุณติดตั้งชุดโปรแกรม <application>php5-cli</application> "
3263
"คุณจะสามารถใช้งานสคริปต์ PHP5 จากพร๊อมต์คำสั่ง (command prompt) ได้อีกด้วย"
3264
3265
#: serverguide/C/web-servers.xml:734(para)
3266
msgid ""
3267
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3268
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3269
"when you install the module. Please verify if the files "
3270
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3271
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3272
"not exists, you can enable the module using <command>a2enmod</command> "
3273
"command."
3274
msgstr ""
3275
"โดยปกติแล้ว Apache2 จะถูกตั้งค่าให้ใช้งานสคริปต์ PHP5 ได้อยู่แล้ว "
3276
"หรือจะพูดอีกแบบก็คือ Apache2 นั้นจะใช้งานโมดูล PHP5 "
3277
"โดยอัตโนมัติเวลาคุณติดตั้งโมดูล ลองตรวจสอบดูว่ามีไฟล์ "
3278
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> และ "
3279
"<filename>/etc/apache2/mods-enabled/php5.load</filename> อยู่ "
3280
"ถ้าไม่มีคุณสามารถเริ่มใช้โมดูล PHP5 ได้โดยใช้คำสั่ง "
3281
"<command>a2enmod</command>"
3282
3283
#: serverguide/C/web-servers.xml:745(para)
3284
msgid ""
3285
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3286
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3287
"following command at a terminal prompt to restart your web server: "
3288
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3289
msgstr ""
3290
"หลังจากที่คุณติดตั้งชุดโปรแกรมที่เกี่ยวข้องกับ PHP5 และได้เริ่มใช้งานโมดูล "
3291
"PHP2 ใน Apache2 แล้ว คุณจะต้องเริ่มโปรแกรม Apache2 "
3292
"ใหม่เพื่อทำให้ใช้งานสคริปต์ PHP5 ได้ คุณสามารถเริ่มโปรแกรม Apache2 "
3293
"ใหม่ได้โดยใช้คำสั่งนี้: <screen><command>sudo /etc/init.d/apache2 "
3294
"restart</command> </screen>"
3295
3296
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3297
msgid "Testing"
3298
msgstr "ทดสอบ"
3299
3300
#: serverguide/C/web-servers.xml:754(para)
3301
msgid ""
3302
"To verify your installation, you can run following PHP5 phpinfo script:"
3303
msgstr ""
3304
"เพื่อทดสอบว่าการติดตั้งเรียบร้อยดี คุณสามารถลองใช้สคริปต์ phpinfo ดู:"
3305
3306
#: serverguide/C/web-servers.xml:757(programlisting)
3307
#, no-wrap
3308
msgid ""
3309
"\n"
3310
"<?php\n"
3311
" phpinfo();\n"
3312
"?>\n"
3313
msgstr ""
3314
3315
#: serverguide/C/web-servers.xml:762(para)
3316
msgid ""
3317
"You can save the content in a file <filename>phpinfo.php</filename> and "
3318
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3319
"server. When point your browser to "
3320
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3321
"various PHP5 configuration parameters."
3322
msgstr ""
3323
"คุณสามารถบันทึกเนื้อหาในไฟล์ <filename>phpinfo.php</filename> "
3324
"และวางไฟล์ไว้ในไดเร็คทอรี่ <command>DocumentRoot</command> ของ Apache2 "
3325
"เมื่อคุณชี้เบราเซอร์ของคุณไปที่ "
3326
"<filename>http://hostname/phpinfo.php</filename> "
3327
"เบราเซอร์ของคุณจะแสดงการตั้งค่าต่างๆของ PHP5"
3328
3329
#: serverguide/C/web-servers.xml:776(para)
3330
msgid ""
3331
"For more in depth information see <ulink "
3332
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3333
msgstr ""
3334
3335
#: serverguide/C/web-servers.xml:781(para)
3336
msgid ""
3337
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3338
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3339
"5</ulink> and the <ulink "
3340
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3341
msgstr ""
3342
3343
#: serverguide/C/web-servers.xml:788(para)
3344
msgid ""
3345
"Also, see the <ulink "
3346
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3347
"Ubuntu Wiki</ulink> page for more information."
3348
msgstr ""
3349
3350
#: serverguide/C/web-servers.xml:799(title)
3351
msgid "Squid - Proxy Server"
3352
msgstr "Squid - พร๊อกซี่เซิร์ฟเวอร์"
3353
3354
#: serverguide/C/web-servers.xml:800(para)
3355
msgid ""
3356
"Squid is a full-featured web proxy cache server application which provides "
3357
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3358
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3359
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3360
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3361
"caching. Squid also supports a wide variety of caching protocols, such as "
3362
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3363
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3364
"Protocol. (WCCP)"
3365
msgstr ""
3366
"Squid "
3367
"เป็นโปรแกรมพร๊อกซี่เซิร์ฟเวอร์เต็มรูปแบบที่ให้บริการพร๊อกซี่และแคชข้อมูลสำหรั"
3368
"บ Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), "
3369
"และโปรโตคอลเครือข่ายอื่นๆ นอกจากนั้น Squid ยังให้บริการแคชและพร๊อกซี่สำหรับ "
3370
"Secure Sockets Layer (SSL) และแคชสำหรับคำร้องขอ Domain Name Server (DNS) "
3371
"อีกด้วย โปรโตคอลแคชที่สนับสนุนโดย Squid ก็มีเช่น Internet Cache Protocol "
3372
"(ICP), Hyper Text Caching Protocol (HTCP), Cache Array Routing Protocol "
3373
"(CARP), และ Web Cache Coordination Protocol. (WCCP)"
3374
3375
#: serverguide/C/web-servers.xml:808(para)
3376
msgid ""
3377
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3378
"and caching server needs, and scales from the branch office to enterprise "
3379
"level networks while providing extensive, granular access control mechanisms "
3380
"and monitoring of critical parameters via the Simple Network Management "
3381
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3382
"Squid proxy, or caching servers, ensure your system is configured with a "
3383
"large amount of physical memory, as Squid maintains an in-memory cache for "
3384
"increased performance."
3385
msgstr ""
3386
"เซิร์ฟเวอร์ Squid เป็นทางออกที่ดีเยี่ยมถ้าคุณต้องการใช้บริการพร๊อกซี่และแคช "
3387
"เพราะ Squid สามารถทำงานได้ในออฟฟิศสาขาเล็กๆไปจนถึงเครือข่ายในองค์กรระดับใหญ่ "
3388
" ให้คุณตั้งค่ารักษาความปลอดภัยได้อย่างละเอียด "
3389
"และมีเครื่องมือสำหรับเฝ้าสังเกตุปัจจัยสำคัญต่างๆในเครือข่ายผ่าน Simple "
3390
"Network Management Protocol (SNMP) "
3391
"เมื่อคุณเลือกเครื่องคอมพิวเตอร์เพื่อทำหน้าที่เป็นพร๊อกซี่เซิร์ฟเวอร์ที่ใช้งาน"
3392
" Squid เราแนะนำให้คุณเลือกเครื่องคอมพิวเตอร์ที่มีหน่วยความจำมากๆ "
3393
"เนื่องจากว่า Squid ใช้หน่วยความจำเป็นตัวเก็บข้อมูลแคชเพื่อประสิทธิภาพ"
3394
3395
#: serverguide/C/web-servers.xml:817(para)
3396
msgid ""
3397
"At a terminal prompt, enter the following command to install the Squid "
3398
"server:"
3399
msgstr "ในพร๊อมต์เทอร์มินัล พิมพ์คำสั่งดังนี้เพื่อติดตั้ง Squid:"
3400
3401
#: serverguide/C/web-servers.xml:822(command)
3402
msgid "sudo apt-get install squid"
3403
msgstr "sudo apt-get install squid"
3404
3405
#: serverguide/C/web-servers.xml:828(para)
3406
msgid ""
3407
"Squid is configured by editing the directives contained within the "
3408
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3409
"examples illustrate some of the directives which may be modified to affect "
3410
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3411
"see the References section."
3412
msgstr ""
3413
"คุณสามารถตั้งค่า Squid ได้โดยแก้ไขคำสั่งในไฟล์ "
3414
"<filename>/etc/squid/squid.conf</filename> "
3415
"ตัวอย่างต่อไปนี้จะแสดงคำสั่งบางอันที่คุณสามารถแก้ไขได้เพื่อเปลี่ยนพฤติกรรมของ"
3416
" Squid แต่ถ้าคุณต้องการข้อมูลการตั้งค่าแบบละเอียด กรุณาดูส่วนอ้างอิง"
3417
3418
#: serverguide/C/web-servers.xml:834(para)
3419
msgid ""
3420
"Prior to editing the configuration file, you should make a copy of the "
3421
"original file and protect it from writing so you will have the original "
3422
"settings as a reference, and to re-use as necessary."
3423
msgstr ""
3424
"ก่อนที่คุณจะแก้ไขไฟล์การตั้งค่า คุณควรจะทำสำเนาของไฟล์ไว้ก่อน "
3425
"และป้องกันไฟล์จากการถูกแก้ไขเพื่อที่คุณจะได้มีค่าเริ่มต้นไว้สำหรับอ้างอิงและน"
3426
"ำกลับมาใช้งานเมื่อจำเป็น"
3427
3428
#: serverguide/C/web-servers.xml:837(para)
3429
msgid ""
3430
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3431
"writing with the following commands entered at a terminal prompt:"
3432
msgstr ""
3433
"คัดลอกไฟล์ <filename>/etc/squid/squid.conf</filename> "
3434
"และป้องกันไม่ให้ถูกแก้ไขได้โดยพิมพ์คำสั่งดังนี้:"
3435
3436
#: serverguide/C/web-servers.xml:842(command)
3437
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3438
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3439
3440
#: serverguide/C/web-servers.xml:843(command)
3441
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3442
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3443
3444
#: serverguide/C/web-servers.xml:849(para)
3445
msgid ""
3446
"To set your Squid server to listen on TCP port 8888 instead of the default "
3447
"TCP port 3128, change the http_port directive as such:"
3448
msgstr ""
3449
"เพื่อให้เซิร์ฟเวอร์ Squid ของคุณฟังคำร้องขอที่พอร์ต TCP เลขที่ 8888 "
3450
"แทนที่จะใช้เลขที่ 3128 ที่เป็นค่าเริ่มต้น ให้เปลี่ยนคำสั่ง http_port ดังนี้:"
3451
3452
#: serverguide/C/web-servers.xml:853(programlisting)
3453
#, no-wrap
3454
msgid ""
3455
"\n"
3456
"http_port 8888\n"
3457
msgstr ""
3458
"\n"
3459
"http_port 8888\n"
3460
3461
#: serverguide/C/web-servers.xml:858(para)
3462
msgid ""
3463
"Change the visible_hostname directive in order to give the Squid server a "
3464
"specific hostname. This hostname does not necessarily need to be the "
3465
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3466
msgstr ""
3467
"เปลี่ยนค่าของคำสั่ง visible_hostname เพื่อให้ชื่อกับเครื่องเซิร์ฟเวอร์ Squid "
3468
"ของคุณ ชื่อนี้ไม่จำเป็นจะต้องเป็นชื่อเดียวกับชื่อคอมพิวเตอร์ "
3469
"ในตัวอย่างนี้เราจะตั้งชื่อเครื่องเป็น <emphasis>weezie</emphasis>"
3470
3471
#: serverguide/C/web-servers.xml:862(programlisting)
3472
#, no-wrap
3473
msgid ""
3474
"\n"
3475
"visible_hostname weezie\n"
3476
msgstr ""
3477
"\n"
3478
"visible_hostname weezie\n"
3479
3480
#: serverguide/C/web-servers.xml:867(para)
3481
msgid ""
3482
"Using Squid's access control, you may configure use of Internet services "
3483
"proxied by Squid to be available only users with certain Internet Protocol "
3484
"(IP) addresses. For example, we will illustrate access by users of the "
3485
"192.168.42.0/24 subnetwork only:"
3486
msgstr ""
3487
3488
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3489
msgid ""
3490
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3491
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3492
msgstr ""
3493
"เพิ่มบรรทัดนี้<emphasis role=\"bold\">ต่อท้าย</emphasis> หมวด ACL ของไฟล์ "
3494
"<filename>/etc/squid/squid.conf</filename>:"
3495
3496
#: serverguide/C/web-servers.xml:875(programlisting)
3497
#, no-wrap
3498
msgid ""
3499
"\n"
3500
"acl fortytwo_network src 192.168.42.0/24\n"
3501
msgstr ""
3502
"\n"
3503
"acl fortytwo_network src 192.168.42.0/24\n"
3504
3505
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3506
msgid ""
3507
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3508
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3509
msgstr ""
3510
"จากนั้นให้เพิ่มบรรทัดนี้เป็น<emphasis role=\"bold\">บรรทัดแรก</emphasis> "
3511
"ของหมวด http_access ในไฟล์ <filename>/etc/squid/squid.conf</filename>:"
3512
3513
#: serverguide/C/web-servers.xml:882(programlisting)
3514
#, no-wrap
3515
msgid ""
3516
"\n"
3517
"http_access allow fortytwo_network\n"
3518
msgstr ""
3519
"\n"
3520
"http_access allow fortytwo_network\n"
3521
3522
#: serverguide/C/web-servers.xml:887(para)
3523
msgid ""
3524
"Using the excellent access control features of Squid, you may configure use "
3525
"of Internet services proxied by Squid to be available only during normal "
3526
"business hours. For example, we'll illustrate access by employees of a "
3527
"business which is operating between 9:00AM and 5:00PM, Monday through "
3528
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3529
msgstr ""
3530
"เมื่อคุณใช้ความสามารถในการกำหนดสิทธิ์สุดเจ๋งของ Squid "
3531
"คุณสามารถที่จะระบุได้ว่าพร๊อกซี่ Squid จะให้บริการอินเตอร์เน็ตในเวลาไหนบ้าง "
3532
"เช่นจะให้บริการเฉพาะช่วงเวลาทำงานเท่านั้น "
3533
"เพื่อเป็นตัวอยางเราจะแสดงให้ให้วิธีการตั้งค่าให้พนักงานใช้งาน Squid "
3534
"ได้ระหว่างเวลา 9 โมงเช้าถึง 5 โมงเย็น วันจันทร์ถึงศุกร์ และใช้เครือข่ายย่อย "
3535
"10.1.42.0/42:"
3536
3537
#: serverguide/C/web-servers.xml:895(programlisting)
3538
#, no-wrap
3539
msgid ""
3540
"\n"
3541
"acl biz_network src 10.1.42.0/24\n"
3542
"acl biz_hours time M T W T F 9:00-17:00\n"
3543
msgstr ""
3544
"\n"
3545
"acl biz_network src 10.1.42.0/24\n"
3546
"acl biz_hours time M T W T F 9:00-17:00\n"
3547
3548
#: serverguide/C/web-servers.xml:903(programlisting)
3549
#, no-wrap
3550
msgid ""
3551
"\n"
3552
"http_access allow biz_network biz_hours\n"
3553
msgstr ""
3554
"\n"
3555
"http_access allow biz_network biz_hours\n"
3556
3557
#: serverguide/C/web-servers.xml:910(para)
3558
msgid ""
3559
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3560
"save the file and restart the <application>squid</application> server "
3561
"application to effect the changes using the following command entered at a "
3562
"terminal prompt:"
3563
msgstr ""
3564
"หลังจากคุณแก้ไขไฟล์ <filename>/etc/squid/squid.conf</filename> แล้ว "
3565
"ให้บันทึกไฟล์และเริ่มโปรแกรม <application>squid</application> "
3566
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้โดยพิมพ์คำสั่ง:"
3567
3568
#: serverguide/C/web-servers.xml:917(command)
3569
msgid "sudo /etc/init.d/squid restart"
3570
msgstr "sudo /etc/init.d/squid restart"
3571
3572
#: serverguide/C/web-servers.xml:924(ulink)
3573
msgid "Squid Website"
3574
msgstr "เว็บไซต์ Squid"
3575
3576
#: serverguide/C/web-servers.xml:926(para)
3577
msgid ""
3578
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3579
"Squid</ulink> page."
3580
msgstr ""
3581
3582
#: serverguide/C/web-servers.xml:933(title)
3583
msgid "Ruby on Rails"
3584
msgstr "Ruby on Rails"
3585
3586
#: serverguide/C/web-servers.xml:934(para)
3587
msgid ""
3588
"Ruby on Rails is an open source web framework for developing database backed "
3589
"web applications. It is optimized for sustainable productivity of the "
3590
"programmer since it lets the programmer to write code by favouring "
3591
"convention over configuration."
3592
msgstr ""
3593
"Ruby on Rails เป็นเฟรมเวิร์คโอเพนซอร์สสำหรับพัฒนาเว็บแอพพลิเคชั่น "
3594
"ซึ่งได้ถูกออกแบบมาเพื่อให้นักพัฒนาโปรแกรมเขียนโค๊ดได้อย่างมีประสิทธิภาพยิ่งขึ"
3595
"้นเนื่องจากว่า Ruby on Rails ไม่เน้นการตั้งค่ามากมาย "
3596
"แต่จะใช้รูปแบบการเขียนที่เป็นมาตรฐานของเฟรมเวิร์คเพื่อเขียนแอพพลิเคชั่นแทน"
3597
3598
#: serverguide/C/web-servers.xml:941(para)
3599
msgid ""
3600
"Before installing <application>Rails</application> you should install "
3601
"<application>Apache</application> and <application>MySQL</application>. To "
3602
"install the <application>Apache</application> package, please refer to <xref "
3603
"linkend=\"httpd\"/>. For instructions on installing "
3604
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3605
msgstr ""
3606
"ก่อนที่จะติดตั้ง <application>Rails</application> คุณควรติดตั้งโปรแกรม "
3607
"<application>Apache</application> และ <application>MySQL</application> "
3608
"เสียก่อน สำหรับวิธีการติดตั้ง <application>Apache</application> "
3609
"กรุณาอ่านที่ <xref linkend=\"httpd\"/> และสำหรับวิธีการติดตั้ง "
3610
"<application>MySQL</application> กรุณาอ่านที่ <xref linkend=\"mysql\"/>"
3611
3612
#: serverguide/C/web-servers.xml:949(para)
3613
msgid ""
3614
"Once you have <application>Apache</application> and "
3615
"<application>MySQL</application> packages installed, you are ready to "
3616
"install <application>Ruby on Rails</application> package."
3617
msgstr ""
3618
"หลังจากที่คุณได้ติดตั้งโปรแกรม <application>Apache</application> และ "
3619
"<application>MySQL</application> แล้ว คุณก็พร้อมที่จะติดตั้ง "
3620
"<application>Ruby on Rails</application>"
3621
3622
#: serverguide/C/web-servers.xml:956(para)
3623
msgid ""
3624
"To install the <application>Ruby</application> base packages and "
3625
"<application>Ruby on Rails</application>, you can enter the following "
3626
"command in the terminal prompt:"
3627
msgstr ""
3628
"คุณสามารถพิมพ์คำสั่งดังนี้เพื่อติดตั้งแพคเกจ <application>Ruby</application> "
3629
"และ <application>Ruby on Rails</application>"
3630
3631
#: serverguide/C/web-servers.xml:962(command)
3632
msgid "sudo apt-get install rails"
3633
msgstr "sudo apt-get install rails"
3634
3635
#: serverguide/C/web-servers.xml:968(para)
3636
msgid ""
3637
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3638
"configuration file to setup your domains."
3639
msgstr ""
3640
"แก้ไขไฟล์ <filename>/etc/apache2/sites-available/default</filename> "
3641
"เพื่อตั้งค่าโดเมนของคุณ"
3642
3643
#: serverguide/C/web-servers.xml:972(para)
3644
msgid ""
3645
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3646
msgstr ""
3647
"สิ่งแรกที่ต้องทำคือเปลี่ยนค่าของคำสั่ง <emphasis>DocumentRoot</emphasis>:"
3648
3649
#: serverguide/C/web-servers.xml:976(programlisting)
3650
#, no-wrap
3651
msgid ""
3652
"\n"
3653
"DocumentRoot /path/to/rails/application/public\n"
3654
msgstr ""
3655
"\n"
3656
"DocumentRoot /path/to/rails/application/public\n"
3657
3658
#: serverguide/C/web-servers.xml:979(para)
3659
msgid ""
3660
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3661
"directive:"
3662
msgstr ""
3663
"จากนั้นให้แก้ไขค่าของคำสั่ง <Directory "
3664
"\"/path/to/rails/application/public\">"
3665
3666
#: serverguide/C/web-servers.xml:983(programlisting)
3667
#, no-wrap
3668
msgid ""
3669
"\n"
3670
"<Directory \"/path/to/rails/application/public\">\n"
3671
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3672
" AllowOverride All\n"
3673
" Order allow,deny\n"
3674
" allow from all\n"
3675
" AddHandler cgi-script .cgi\n"
3676
"</Directory>\n"
3677
msgstr ""
3678
"\n"
3679
"<Directory \"/path/to/rails/application/public\">\n"
3680
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3681
" AllowOverride All\n"
3682
" Order allow,deny\n"
3683
" allow from all\n"
3684
" AddHandler cgi-script .cgi\n"
3685
"</Directory>\n"
3686
3687
#: serverguide/C/web-servers.xml:993(para)
3688
msgid ""
3689
"You should also enable the <application>mod_rewrite</application> module for "
3690
"Apache. To enable <application>mod_rewrite</application> module, please "
3691
"enter the following command in a terminal prompt:"
3692
msgstr ""
3693
"คุณควรจะเปิดใช้งานโมดูล <application>mod_rewrite</application> ใน Apache "
3694
"ด้วย โดยพิมพ์คำสั่งดังนี้:"
3695
3696
#: serverguide/C/web-servers.xml:999(command)
3697
msgid "sudo a2enmod rewrite"
3698
msgstr "sudo a2enmod rewrite"
3699
3700
#: serverguide/C/web-servers.xml:1002(para)
3701
msgid ""
3702
"Finally you will need to change the ownership of the "
3703
"<filename>/path/to/rails/application/public</filename> and "
3704
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3705
"used to run the <application>Apache</application> process:"
3706
msgstr ""
3707
"ท้ายที่สุดคุณจะต้องแก้ไขเจ้าของๆไดเร็คทอรี่ "
3708
"<filename>/path/to/rails/application/public</filename> และ "
3709
"<filename>/path/to/rails/application/tmp</filename> "
3710
"เป็นผู้ใช้ที่ถูกใช้เพื่อรันโปรเซส <application>Apache</application>"
3711
3712
#: serverguide/C/web-servers.xml:1008(command)
3713
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3714
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
3715
3716
#: serverguide/C/web-servers.xml:1009(command)
3717
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3718
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3719
3720
#: serverguide/C/web-servers.xml:1012(para)
3721
msgid ""
3722
"That's it! Now you have your Server ready for your <application>Ruby on "
3723
"Rails</application> applications."
3724
msgstr ""
3725
"แค่นี้ก็เสร็จแล้ว! ตอนนี้คุณก็ตั้งค่าเซิร์ฟเวอร์ให้พร้อมใช้งานสำหรับ "
3726
"<application>Ruby on Rails</application> แล้ว"
3727
3728
#: serverguide/C/web-servers.xml:1021(para)
3729
msgid ""
3730
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3731
"for more information."
3732
msgstr ""
3733
3734
#: serverguide/C/web-servers.xml:1026(para)
3735
msgid ""
3736
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3737
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3738
"resource."
3739
msgstr ""
3740
3741
#: serverguide/C/web-servers.xml:1032(para)
3742
msgid ""
3743
"Another place for more information is the <ulink "
3744
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3745
"Wiki</ulink> page."
3746
msgstr ""
3747
3748
#: serverguide/C/web-servers.xml:1043(title)
3749
msgid "Apache Tomcat"
3750
msgstr "Apache Tomcat"
3751
3752
#: serverguide/C/web-servers.xml:1044(para)
3753
msgid ""
3754
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3755
"JSP (Java Server Pages) web applications."
3756
msgstr ""
3757
"Apache Tomcat "
3758
"เป็นโปรแกรมที่จะทำให้คุณให้บริการเว็บแอพพลิเคชั่นที่สนับสนุนเทคโนโลยีจาวาเซิร"
3759
"์ฟเล็ต (Java Servlet) และ JSP (Java Server Pages) ได้"
3760
3761
#: serverguide/C/web-servers.xml:1046(para)
3762
msgid ""
3763
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3764
"different ways of running Tomcat. You can install them as a classic unique "
3765
"system-wide instance, that will be started at boot time and will run as the "
3766
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3767
"will run with your own user rights, and that you should start and stop by "
3768
"yourself. This second way is particularly useful in a development server "
3769
"context where multiple users need to test on their own private Tomcat "
3770
"instances."
3771
msgstr ""
3772
"แพคเกจ <application>Tomcat 6.0</application> "
3773
"ในอูบุนตูสนับสนุนวิธีการใช้งานได้สองแบบด้วยกัน "
3774
"คุณสามารถติดตั้งเป็นแบบคลาสสิกนั่นก็คือติดตั้งแบบ instance "
3775
"เดียวในเซิร์ฟเวอร์ซึ่งจะเริ่มทำงานเมื่อเครื่องบูตและจะทำงานเป็นชื่อผู้ใช้ปกติ"
3776
"ที่ชื่อ tomcat6 ส่วนอีกวิธีก็คือคุณสามารถติดตั้งเป็น instance "
3777
"ส่วนตัวที่จะทำงานในชื่อผู้ใช้ที่คุณกำหนดและคุณจะต้องเริ่มและหยุดเซิร์ฟเวอร์ด้"
3778
"วยตัวเอง "
3779
"วิธีที่สองนี้เหมาะสำหรับการใช้สำหรับติดตั้งเซิร์ฟเวอร์เพื่อพัฒนาโปรแกรมที่ผู้"
3780
"ใช้แต่ละคนจะต้องต่อเข้าใช้งาน instance ของ Tomcat ของตัวเอง"
3781
3782
#: serverguide/C/web-servers.xml:1056(title)
3783
msgid "System-wide installation"
3784
msgstr "การติดตั้งแบบ system-wide"
3785
3786
#: serverguide/C/web-servers.xml:1057(para)
3787
msgid ""
3788
"To install the <application>Tomcat</application> server, you can enter the "
3789
"following command in the terminal prompt:"
3790
msgstr ""
3791
"คุณสามารถพิมพ์คำสั่งดังนี้เพื่อติดตั้งเซิร์ฟเวอร์ "
3792
"<application>Tomcat</application>:"
3793
3794
#: serverguide/C/web-servers.xml:1060(command)
3795
msgid "sudo apt-get install tomcat6"
3796
msgstr "sudo apt-get install tomcat6"
3797
3798
#: serverguide/C/web-servers.xml:1062(para)
3799
msgid ""
3800
"This will install a Tomcat server with just a default ROOT webapp that "
3801
"displays a minimal \"It works\" page by default."
3802
msgstr ""
3803
"คำสั่งนี้จะติดตั้งเซิร์ฟเวอร์ Tomcat พร้อมกับเว็บแอพพลิเคชั่นชื่อ ROOT "
3804
"ที่จะแสดงหน้า \"It works\" เพื่อแสดงให้ดูว่าใช้งานได้แล้วเท่านั้น"
3805
3806
#: serverguide/C/web-servers.xml:1068(para)
3807
msgid ""
3808
"Tomcat configuration files can be found in "
3809
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3810
"will be described here, please see <ulink "
3811
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3812
"documentation</ulink> for more."
3813
msgstr ""
3814
"ไฟล์การตั้งค่าของ Tomcat อยู่ที่ <filename>/etc/tomcat6</filename> "
3815
"ในส่วนนี้จะอธิบายถึงการปรับค่าที่ใช้ทั่วไปไม่กี่ค่า "
3816
"สำหรับรายละเอียดเพิ่มเติมกรุณาดูที่ <ulink "
3817
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">เอกสารอ้างอิงของ "
3818
"Tomcat 6.0</ulink>"
3819
3820
#: serverguide/C/web-servers.xml:1074(title)
3821
msgid "Changing default ports"
3822
msgstr "เปลี่ยนพอร์ตเริ่มต้นที่มาพร้อมกับการติดตั้ง"
3823
3824
#: serverguide/C/web-servers.xml:1075(para)
3825
msgid ""
3826
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3827
"connector on port 8009. You might want to change those default ports to "
3828
"avoid conflict with another server on the system. This is done by changing "
3829
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3830
msgstr ""
3831
"โดยปกติแล้ว Tomcat 6.0 จะใช้งาน HTTP connector บนพอร์ต 8080 และ AJP "
3832
"connector บนพอร์ต 8009 "
3833
"คุณสามารถเปลี่ยนค่าเริ่มต้นได้ถ้าพอร์ตเหล่านี้ถูกใช้งานอยู่แล้ว "
3834
"โดยคุณสามารถแก้ไขบรรทัดเหล่านี้ในไฟล์ "
3835
"<filename>/etc/tomcat6/server.xml</filename>:"
3836
3837
#: serverguide/C/web-servers.xml:1080(programlisting)
3838
#, no-wrap
3839
msgid ""
3840
"\n"
3841
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3842
" connectionTimeout=\"20000\" \n"
3843
" redirectPort=\"8443\" />\n"
3844
"...\n"
3845
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3846
"/>\n"
3847
msgstr ""
3848
"\n"
3849
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3850
" connectionTimeout=\"20000\" \n"
3851
" redirectPort=\"8443\" />\n"
3852
"...\n"
3853
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3854
"/>\n"
3855
3856
#: serverguide/C/web-servers.xml:1089(title)
3857
msgid "Changing JVM used"
3858
msgstr "เปลี่ยน JVM ที่ถูกใช้งาน"
3859
3860
#: serverguide/C/web-servers.xml:1090(para)
3861
msgid ""
3862
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3863
"then try some other JVMs. If you have various JVMs installed, you can set "
3864
"which should be used by setting JAVA_HOME in "
3865
"<filename>/etc/default/tomcat6</filename>:"
3866
msgstr ""
3867
"โดยปกติ Tomcat จะทำงานโดยใช้ OpenJDK-6 จากนั้นถึงจะใช้ JVM ของ Sun "
3868
"จากนั้นจึงจะลอง JVM อื่นๆ ถ้าคุณติดตั้ง JVM ไว้หลายตัว "
3869
"คุณสามารถเลือกได้ว่าจะใช้ JVM ตัวไหนโดยการระบุค่าของ JAVA_HOME ในไฟล์ "
3870
"<filename>/etc/default/tomcat6</filename>:"
3871
3872
#: serverguide/C/web-servers.xml:1094(programlisting)
3873
#, no-wrap
3874
msgid ""
3875
"\n"
3876
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3877
msgstr ""
3878
"\n"
3879
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3880
3881
#: serverguide/C/web-servers.xml:1099(title)
3882
msgid "Declaring users and roles"
3883
msgstr "การสร้างผู้ใช้และบทบาท"
3884
3885
#: serverguide/C/web-servers.xml:1100(para)
3886
msgid ""
3887
"Usernames, passwords and roles (groups) can be defined centrally in a "
3888
"Servlet container. In Tomcat 6.0 this is done in the "
3889
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3890
msgstr ""
3891
"ชื่อผู้ใช้ รหัสผ่าน และบทบาท (กลุ่มผู้ใช้) สามารถถูกระบุได้ใน Servlet "
3892
"container ใน Tomcat 6.0 คุณสามารถตั้งค่าเหล่านี้ได้ในไฟล์ "
3893
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3894
3895
#: serverguide/C/web-servers.xml:1103(programlisting)
3896
#, no-wrap
3897
msgid ""
3898
"\n"
3899
"<role rolename=\"admin\"/>\n"
3900
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3901
msgstr ""
3902
"\n"
3903
"<role rolename=\"admin\"/>\n"
3904
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3905
3906
#: serverguide/C/web-servers.xml:1111(title)
3907
msgid "Using Tomcat standard webapps"
3908
msgstr "การใช้งานเว็บแอพพลิเคชั่นมาตรฐานที่มากับ Tomcat"
3909
3910
#: serverguide/C/web-servers.xml:1112(para)
3911
msgid ""
3912
"Tomcat is shipped with webapps that you can install for documentation, "
3913
"administration or demo purposes."
3914
msgstr ""
3915
"Tomcat นั้นมาพร้อมกับเว็บแอพพลิเคชั่นที่คุณสามารถติดตั้งเพื่อดูคู่มือ "
3916
"ดูแลระบบ หรือเพื่อสาธิต"
3917
3918
#: serverguide/C/web-servers.xml:1115(title)
3919
msgid "Tomcat documentation"
3920
msgstr "เอกสารคู่มือ Tomcat"
3921
3922
#: serverguide/C/web-servers.xml:1116(para)
3923
msgid ""
3924
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3925
"documentation, packaged as a webapp that you can access by default at "
3926
"http://yourserver:8080/docs. You can install it by entering the following "
3927
"command in the terminal prompt:"
3928
msgstr ""
3929
"แพคเกจ <application>tomcat6-docs</application> มีเอกสารคู่มือของ Tomcat 6.0 "
3930
"ในรูปแบบของเว็บแอพพลิเคชั่นที่คุณสามารถใช้งานได้โดยไปที่ "
3931
"http://yourserver:8080/docs คุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
3932
3933
#: serverguide/C/web-servers.xml:1121(command)
3934
msgid "sudo apt-get install tomcat6-docs"
3935
msgstr "sudo apt-get install tomcat6-docs"
3936
3937
#: serverguide/C/web-servers.xml:1125(title)
3938
msgid "Tomcat administration webapps"
3939
msgstr "เว็บแอพพลิเคชั่นสำหรับจัดการ Tomcat"
3940
3941
#: serverguide/C/web-servers.xml:1126(para)
3942
msgid ""
3943
"The <application>tomcat6-admin</application> package contains two webapps "
3944
"that can be used to administer the Tomcat server using a web interface. You "
3945
"can install them by entering the following command in the terminal prompt:"
3946
msgstr ""
3947
"แพคเกจ <application>tomcat6-admin</application> "
3948
"มาพร้อมกับเว็บแอพพลิเคชั่นสองตัวที่คุณสามารถใช้เพื่อดูแลเซิร์ฟเวอร์ Tomcat "
3949
"ได้ผ่านหน้าเว็บ คุณสามารถติดตั้งแอพพลิเคชั่นเหล่านี้ได้โดยพิมพ์คำสั่ง:"
3950
3951
#: serverguide/C/web-servers.xml:1131(command)
3952
msgid "sudo apt-get install tomcat6-admin"
3953
msgstr "sudo apt-get install tomcat6-admin"
3954
3955
#: serverguide/C/web-servers.xml:1133(para)
3956
msgid ""
3957
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3958
"access by default at http://yourserver:8080/manager/html. It is primarily "
3959
"used to get server status and restart webapps."
3960
msgstr ""
3961
"แอพพลิเคชั่นแรกคือ <emphasis>manager</emphasis> และคุณสามารถใช้งานได้ที่ "
3962
"http://yourserver:8080/manager/html "
3963
"ประโยชน์หลักของแอพพลิเคชั่นนี้คือเพื่อดูสถานะของเซิร์ฟเวอร์และเพื่อเริ่มต้นเว"
3964
"็บแอพพลิเคชั่นใหม่"
3965
3966
#: serverguide/C/web-servers.xml:1136(para)
3967
msgid ""
3968
"Access to the <emphasis>manager</emphasis> application is protected by "
3969
"default: you need to define a user with the role \"manager\" in "
3970
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3971
msgstr ""
3972
"โดยปกติ Tomcat จะจำกัดการเข้าใช้งานแอพพลิเคชั่น <emphasis>manager</emphasis> "
3973
"เพื่อรักษาความปลอดภัย คุณจะต้องกำหนดผู้ใช้ที่มีบทบาทของ \"manager\" ในไฟล์ "
3974
"<filename>/etc/tomcat6/tomcat-users.xml</filename> "
3975
"ก่อนที่คุณจะใช้แอพพลิเคชั่นนี้ได้"
3976
3977
#: serverguide/C/web-servers.xml:1140(para)
3978
msgid ""
3979
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3980
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3981
"used to create virtual hosts dynamically."
3982
msgstr ""
3983
"แอพพลิเคชั่นตัวที่สองคือ <emphasis>host-manager</emphasis> "
3984
"ซึ่งมีไว้เพื่อสร้างโฮสต์เสมือน (virtual hosts) โดยคุณสามารถใช้งานได้ที่ "
3985
"http://yourserver:8080/host-manager/html"
3986
3987
#: serverguide/C/web-servers.xml:1144(para)
3988
msgid ""
3989
"Access to the <emphasis>host-manager</emphasis> application is also "
3990
"protected by default: you need to define a user with the role \"admin\" in "
3991
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3992
msgstr ""
3993
"การใช้งาน <emphasis>host-manager</emphasis> "
3994
"จะถูกจำกัดไว้ตั้งแต่ตอนติดตั้งเพื่อความปลอดภัย: "
3995
"คุณจะต้องสร้างผู้ใช้ที่มีบทบาทเป็น \"admin\" หรือผู้ดูแลระบบในไฟล์ "
3996
"<filename>/etc/tomcat6/tomcat-users.xml</filename> ก่อนที่คุณจะใช้งานได้"
3997
3998
#: serverguide/C/web-servers.xml:1149(para)
3999
msgid ""
4000
"For security reasons, the tomcat6 user cannot write to the "
4001
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
4002
"these admin webapps (application deployment, virtual host creation) need "
4003
"write access to that directory. If you want to use these features execute "
4004
"the following, to give users in the tomcat6 group the necessary rights:"
4005
msgstr ""
4006
"เพื่อความปลอดภัย ผู้ใช้ชื่อ tomcat6 จะไม่สามารถแก้ไขไฟล์ใน "
4007
"<filename>/etc/tomcat6</filename> ได้ "
4008
"แต่บางฟีเจอร์ในแอพพลิเคชั่นสำหรับจัดการ Tomcat "
4009
"จะต้องสามารถแก้ไขไฟล์ในไดเร็คทอรี่นี้ได้ ถ้าคุณต้องการใช้ฟีเจอร์อย่าง "
4010
"application deployment หรือ virtual host creation "
4011
"คุณจะต้องให้สิทธิ์การแก้ไขไฟล์กับผู้ใช้ในกลุ่ม tomcat6 ด้วย "
4012
"โดยคุณสามารถพิมพ์คำสั่ง:"
4013
4014
#: serverguide/C/web-servers.xml:1156(command)
4015
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
4016
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
4017
4018
#: serverguide/C/web-servers.xml:1157(command)
4019
msgid "sudo chmod -R g+w /etc/tomcat6"
4020
msgstr "sudo chmod -R g+w /etc/tomcat6"
4021
4022
#: serverguide/C/web-servers.xml:1162(title)
4023
msgid "Tomcat examples webapps"
4024
msgstr "เว็บแอพพลิเคชั่นตัวอย่างของ Tomcat"
4025
4026
#: serverguide/C/web-servers.xml:1163(para)
4027
msgid ""
4028
"The <application>tomcat6-examples</application> package contains two webapps "
4029
"that can be used to test or demonstrate Servlets and JSP features, which you "
4030
"can access them by default at http://yourserver:8080/examples. You can "
4031
"install them by entering the following command in the terminal prompt:"
4032
msgstr ""
4033
"แพคเกจ <application>tomcat6-examples</application> "
4034
"มีเว็บแอพพลิเคชั่นสองตัวสำหรับใช้เพื่อทดสอบหรือแสดงความสามารถของ Servlets "
4035
"และ JSP คุณสามารถใช้งานแอพพลิเคชั่นเหล่านี้ได้ที่ "
4036
"http://yourserver:8080/examples "
4037
"และคุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
4038
4039
#: serverguide/C/web-servers.xml:1169(command)
4040
msgid "sudo apt-get install tomcat6-examples"
4041
msgstr "sudo apt-get install tomcat6-examples"
4042
4043
#: serverguide/C/web-servers.xml:1175(title)
4044
msgid "Using private instances"
4045
msgstr "การใช้งาน instance ส่วนตัว"
4046
4047
#: serverguide/C/web-servers.xml:1176(para)
4048
msgid ""
4049
"Tomcat is heavily used in development and testing scenarios where using a "
4050
"single system-wide instance doesn't meet the requirements of multiple users "
4051
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
4052
"help deploy your own user-oriented instances, allowing every user on a "
4053
"system to run (without root rights) separate private instances while still "
4054
"using the system-installed libraries."
4055
msgstr ""
4056
"Tomcat ได้ถูกนำไปใช้เพื่อการพัฒนาและทดสอบอย่างหลากหลาย ทำให้การใช้งาน "
4057
"instance เดียวต่อเครื่องไม่สามารถตอบสนองความต้องการของผู้ใช้ต่างๆได้ แพคเกจ "
4058
"Tomcat 6.0 ในอูบุนตูมาพร้อมกับเครื่องที่จะช่วยให้คุณ instance หลายๆตัวได้ "
4059
"เพื่อที่จะให้ผู้ใช้แต่ละคนในระบบสามารถใช้งาน instance ส่วนตัวของตัวเอง "
4060
"(โดยไม่ต้องใช้สิทธิ์ของ root)"
4061
4062
#: serverguide/C/web-servers.xml:1183(para)
4063
msgid ""
4064
"It is possible to run the system-wide instance and the private instances in "
4065
"parallel, as long as they do not use the same TCP ports."
4066
msgstr ""
4067
"นอกจากนั้นคุณยังสามารถใช้งาน instance ของระบบคู่ไปกับ instance "
4068
"ส่วนตัวได้อีกด้วย ตราบใดที่ instance ทั้งสองไม่ใช้พอร์ต TCP เลขเดียวกัน"
4069
4070
#: serverguide/C/web-servers.xml:1187(title)
4071
msgid "Installing private instance support"
4072
msgstr "การติดตั้ง instance ส่วนตัว"
4073
4074
#: serverguide/C/web-servers.xml:1188(para)
4075
msgid ""
4076
"You can install everything necessary to run private instances by entering "
4077
"the following command in the terminal prompt:"
4078
msgstr ""
4079
"คุณสามารถติดตั้งทุกอย่างที่จะต้องใช้เพื่อใช้งาน instance "
4080
"ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
4081
4082
#: serverguide/C/web-servers.xml:1191(command)
4083
msgid "sudo apt-get install tomcat6-user"
4084
msgstr "sudo apt-get install tomcat6-user"
4085
4086
#: serverguide/C/web-servers.xml:1195(title)
4087
msgid "Creating a private instance"
4088
msgstr "การสร้าง instance ส่วนตัว"
4089
4090
#: serverguide/C/web-servers.xml:1196(para)
4091
msgid ""
4092
"You can create a private instance directory by entering the following "
4093
"command in the terminal prompt:"
4094
msgstr ""
4095
"คุณสามารถสร้างไดเร็คทอรี่สำหรับ instance ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
4096
4097
#: serverguide/C/web-servers.xml:1199(command)
4098
msgid "tomcat6-instance-create my-instance"
4099
msgstr "tomcat6-instance-create my-instance"
4100
4101
#: serverguide/C/web-servers.xml:1201(para)
4102
msgid ""
4103
"This will create a new <filename>my-instance</filename> directory with all "
4104
"the necessary subdirectories and scripts. You can for example install your "
4105
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
4106
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
4107
"are deployed by default."
4108
msgstr ""
4109
"คำสั่งนี้จะสร้างไดเร็คทอรี่ใหม่ชื่อ <filename>my-instance</filename> "
4110
"ที่มีไฟล์สคริปต์และไดเร็คทอรี่ย่อยที่จำเป็นอยู่แล้ว "
4111
"คุณสามารถติดตั้งไลบรารี่ต่างๆที่คุณใช้ร่วมกันระหว่างแอพพลิเคชั่นต่างๆในไดเร็ค"
4112
"ทอรี่ย่อยชื่อ <filename>lib/</filename> และ deploy "
4113
"แอพพลิเคชั่นของคุณในไดเร็คทอรี่ย่อยชื่อ <filename>webapps/</filename>"
4114
4115
#: serverguide/C/web-servers.xml:1209(title)
4116
msgid "Configuring your private instance"
4117
msgstr "การตั้งค่า instance ส่วนตัวของคุณ"
4118
4119
#: serverguide/C/web-servers.xml:1210(para)
4120
msgid ""
4121
"You will find the classic Tomcat configuration files for your private "
4122
"instance in the <filename>conf/</filename> subdirectory. You should for "
4123
"example certainly edit the <filename>conf/server.xml</filename> file to "
4124
"change the default ports used by your private Tomcat instance to avoid "
4125
"conflict with other instances that might be running."
4126
msgstr ""
4127
"คุณจะพบไฟล์การตั้งค่าสำหรับ instance ส่วนตัวของ Tomcat "
4128
"ในไดเร็คทอรี่ย่อยที่ชื่อ <filename>conf/</filename> คุณควรจะแก้ไขไฟล์ "
4129
"<filename>conf/server.xml</filename> เพื่อเปลี่ยนตัวเลขพอร์ตที่ใช้ใน Tomcat "
4130
"instance ของคุณเพื่อป้องกันการขัดแย้งกับ instance "
4131
"อื่นๆที่ทำงานอยู่ในเวลาเดียวกัน"
4132
4133
#: serverguide/C/web-servers.xml:1218(title)
4134
msgid "Starting/stopping your private instance"
4135
msgstr "การเริ่ม/หยุด instance ส่วนตัวของคุณ"
4136
4137
#: serverguide/C/web-servers.xml:1219(para)
4138
msgid ""
4139
"You can start your private instance by entering the following command in the "
4140
"terminal prompt (supposing your instance is located in the <filename>my-"
4141
"instance</filename> directory):"
4142
msgstr ""
4143
"คุณสามารถเริ่ม instance ส่วนตัวของคุณได้โดยพิมพ์คำสั่งดังนี้ "
4144
"(ในตัวอย่างจะสมมุติว่า instance ของคุณอยู่ในไดเร็คทอรี่ <filename>my-"
4145
"instance</filename>):"
4146
4147
#: serverguide/C/web-servers.xml:1223(command)
4148
msgid "my-instance/bin/startup.sh"
4149
msgstr "my-instance/bin/startup.sh"
4150
4151
#: serverguide/C/web-servers.xml:1225(para)
4152
msgid ""
4153
"You should check the <filename>logs/</filename> subdirectory for any error. "
4154
"If you have a <emphasis>java.net.BindException: Address already in "
4155
"use<null>:8080</emphasis> error, it means that the port you're using "
4156
"is already taken and that you should change it."
4157
msgstr ""
4158
"คุณควรตรวจสอบไดเร็คทอรี่ย่อยชื่อ <filename>logs/</filename> "
4159
"เพื่อดูว่ามีข้อผิดพลาดใดๆหรือไม่ ถ้าคุณพบข้อผิดพลาด "
4160
"<emphasis>java.net.BindException: Address already in "
4161
"use<null>:8080</emphasis> "
4162
"นั่นหมายความว่าเลขที่พอร์ตที่คุณเลือกใช้นั้นได้ถูกใช้อยู่แล้ว "
4163
"และคุณจะต้องเปลี่ยนเลขที่พอร์ต"
4164
4165
#: serverguide/C/web-servers.xml:1230(para)
4166
msgid ""
4167
"You can stop your instance by entering the following command in the terminal "
4168
"prompt (supposing your instance is located in the <filename>my-"
4169
"instance</filename> directory):"
4170
msgstr ""
4171
"คุณสามารถหยุด instance ของคุณได้โดยพิมพ์คำสั่งดังนี้ (สมมุติว่า instance "
4172
"ของคุณอยู่ในไดเร็คทอรี่ <filename>my-instance</filename>):"
4173
4174
#: serverguide/C/web-servers.xml:1234(command)
4175
msgid "my-instance/bin/shutdown.sh"
4176
msgstr "my-instance/bin/shutdown.sh"
4177
4178
#: serverguide/C/web-servers.xml:1243(para)
4179
msgid ""
4180
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
4181
"website for more information."
4182
msgstr ""
4183
4184
#: serverguide/C/web-servers.xml:1248(para)
4185
msgid ""
4186
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
4187
"Definitive Guide</ulink> is a good resource for building web applications "
4188
"with Tomcat."
4189
msgstr ""
4190
4191
#: serverguide/C/web-servers.xml:1254(para)
4192
msgid ""
4193
"For additional books see the <ulink "
4194
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
4195
"page."
4196
msgstr ""
4197
4198
#: serverguide/C/web-servers.xml:1259(para)
4199
msgid ""
4200
"Also, see the<ulink "
4201
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
4202
"Tomcat</ulink> page."
4203
msgstr ""
4204
4205
#: serverguide/C/vpn.xml:13(title)
4206
msgid "VPN"
4207
msgstr ""
4208
4209
#: serverguide/C/vpn.xml:15(para)
4210
msgid ""
4211
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
4212
"network connection between two or more networks. There are several ways to "
4213
"create a VPN using software as well as dedicated hardware appliances. This "
4214
"chapter will cover installing and configuring "
4215
"<application>OpenVPN</application> to create a VPN between two servers."
4216
msgstr ""
4217
4218
#: serverguide/C/vpn.xml:23(title)
4219
msgid "OpenVPN"
4220
msgstr ""
4221
4222
#: serverguide/C/vpn.xml:25(para)
4223
msgid ""
4224
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
4225
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
4226
"clients through a bridge interface on the VPN server. This guide will assume "
4227
"that one VPN node, the server in this case, has a bridge interface "
4228
"configured. For more information on setting up a bridge see <xref "
4229
"linkend=\"bridging\"/>."
4230
msgstr ""
4231
4232
#: serverguide/C/vpn.xml:35(para)
4233
msgid "To install <application>openvpn</application> in a terminal enter:"
4234
msgstr ""
4235
4236
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
4237
msgid "sudo apt-get install openvpn"
4238
msgstr ""
4239
4240
#: serverguide/C/vpn.xml:45(title)
4241
msgid "Server Certificates"
4242
msgstr ""
4243
4244
#: serverguide/C/vpn.xml:47(para)
4245
msgid ""
4246
"Now that the <application>openvpn</application> package is installed, the "
4247
"certificates for the VPN server need to be created."
4248
msgstr ""
4249
4250
#: serverguide/C/vpn.xml:52(para)
4251
msgid ""
4252
"First, copy the <filename>easy-rsa</filename> directory to "
4253
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
4254
"scripts will not be lost when the package is updated. You will also need to "
4255
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
4256
"the current user permission to create files. From a terminal enter:"
4257
msgstr ""
4258
4259
#: serverguide/C/vpn.xml:59(command)
4260
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
4261
msgstr ""
4262
4263
#: serverguide/C/vpn.xml:60(command)
4264
msgid ""
4265
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
4266
"rsa/"
4267
msgstr ""
4268
4269
#: serverguide/C/vpn.xml:61(command)
4270
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
4271
msgstr ""
4272
4273
#: serverguide/C/vpn.xml:64(para)
4274
msgid ""
4275
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
4276
"following to your environment:"
4277
msgstr ""
4278
4279
#: serverguide/C/vpn.xml:68(programlisting)
4280
#, no-wrap
4281
msgid ""
4282
"\n"
4283
"export KEY_COUNTRY=\"US\"\n"
4284
"export KEY_PROVINCE=\"NC\"\n"
4285
"export KEY_CITY=\"Winston-Salem\"\n"
4286
"export KEY_ORG=\"Example Company\"\n"
4287
"export KEY_EMAIL=\"steve@example.com\"\n"
4288
msgstr ""
4289
4290
#: serverguide/C/vpn.xml:76(para)
4291
msgid "Enter the following to create the server certificates:"
4292
msgstr ""
4293
4294
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
4295
msgid "cd /etc/openvpn/easy-rsa/"
4296
msgstr ""
4297
4298
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
4299
msgid "source vars"
4300
msgstr ""
4301
4302
#: serverguide/C/vpn.xml:83(command)
4303
msgid "./clean-all"
4304
msgstr ""
4305
4306
#: serverguide/C/vpn.xml:84(command)
4307
msgid "./build-dh"
4308
msgstr ""
4309
4310
#: serverguide/C/vpn.xml:85(command)
4311
msgid "./pkitool --initca"
4312
msgstr ""
4313
4314
#: serverguide/C/vpn.xml:86(command)
4315
msgid "./pkitool --server server"
4316
msgstr ""
4317
4318
#: serverguide/C/vpn.xml:87(command)
4319
msgid "cd keys"
4320
msgstr ""
4321
4322
#: serverguide/C/vpn.xml:88(command)
4323
msgid "openvpn --genkey --secret ta.key"
4324
msgstr ""
4325
4326
#: serverguide/C/vpn.xml:89(command)
4327
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4328
msgstr ""
4329
4330
#: serverguide/C/vpn.xml:94(title)
4331
msgid "Client Certificates"
4332
msgstr ""
4333
4334
#: serverguide/C/vpn.xml:96(para)
4335
msgid ""
4336
"The VPN client will also need a certificate to authenticate itself to the "
4337
"server. To create the certificate, enter the following in a terminal:"
4338
msgstr ""
4339
4340
#: serverguide/C/vpn.xml:104(command)
4341
msgid "./pkitool hostname"
4342
msgstr ""
4343
4344
#: serverguide/C/vpn.xml:108(para)
4345
msgid ""
4346
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4347
"machine connecting to the VPN."
4348
msgstr ""
4349
4350
#: serverguide/C/vpn.xml:113(para)
4351
msgid "Copy the following files to the client:"
4352
msgstr ""
4353
4354
#: serverguide/C/vpn.xml:118(para)
4355
msgid "/etc/openvpn/ca.crt"
4356
msgstr ""
4357
4358
#: serverguide/C/vpn.xml:119(para)
4359
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4360
msgstr ""
4361
4362
#: serverguide/C/vpn.xml:120(para)
4363
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4364
msgstr ""
4365
4366
#: serverguide/C/vpn.xml:121(para)
4367
msgid "/etc/openvpn/ta.key"
4368
msgstr ""
4369
4370
#: serverguide/C/vpn.xml:125(para)
4371
msgid ""
4372
"Remember to adjust the above file names for your client machine's "
4373
"<emphasis>hostname</emphasis>."
4374
msgstr ""
4375
4376
#: serverguide/C/vpn.xml:130(para)
4377
msgid ""
4378
"It is best to use a secure method to copy the certificate and key files. The "
4379
"<application>scp</application> utility is a good choice, but copying the "
4380
"files to removable media then to the client, also works well."
4381
msgstr ""
4382
4383
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4384
msgid "Server Configuration"
4385
msgstr ""
4386
4387
#: serverguide/C/vpn.xml:143(para)
4388
msgid ""
4389
"Now configure the <application>openvpn</application> server by creating "
4390
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4391
"terminal enter:"
4392
msgstr ""
4393
4394
#: serverguide/C/vpn.xml:149(command)
4395
msgid ""
4396
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4397
"/etc/openvpn/"
4398
msgstr ""
4399
4400
#: serverguide/C/vpn.xml:150(command)
4401
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4402
msgstr ""
4403
4404
#: serverguide/C/vpn.xml:153(para)
4405
msgid ""
4406
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4407
"options to:"
4408
msgstr ""
4409
4410
#: serverguide/C/vpn.xml:157(programlisting)
4411
#, no-wrap
4412
msgid ""
4413
"\n"
4414
"local 172.18.100.101\n"
4415
"dev tap0\n"
4416
"up \"/etc/openvpn/up.sh br0\"\n"
4417
"down \"/etc/openvpn/down.sh br0\"\n"
4418
";server 10.8.0.0 255.255.255.0\n"
4419
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4420
"push \"route 172.18.100.1 255.255.255.0\"\n"
4421
"push \"dhcp-option DNS 172.18.100.20\"\n"
4422
"push \"dhcp-option DOMAIN example.com\"\n"
4423
"tls-auth ta.key 0 # This file is secret\n"
4424
"user nobody\n"
4425
"group nogroup\n"
4426
msgstr ""
4427
4428
#: serverguide/C/vpn.xml:174(para)
4429
msgid ""
4430
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4431
msgstr ""
4432
4433
#: serverguide/C/vpn.xml:179(para)
4434
msgid ""
4435
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4436
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4437
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4438
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4439
"to clients."
4440
msgstr ""
4441
4442
#: serverguide/C/vpn.xml:186(para)
4443
msgid ""
4444
"<emphasis>push</emphasis>: are directives to add networking options for "
4445
"clients."
4446
msgstr ""
4447
4448
#: serverguide/C/vpn.xml:191(para)
4449
msgid ""
4450
"<emphasis>user and group</emphasis>: configure which user and group the "
4451
"<application>openvpn</application> daemon executes as."
4452
msgstr ""
4453
4454
#: serverguide/C/vpn.xml:198(para)
4455
msgid ""
4456
"Replace all IP addresses and domain names above with those of your network."
4457
msgstr ""
4458
4459
#: serverguide/C/vpn.xml:203(para)
4460
msgid ""
4461
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4462
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4463
msgstr ""
4464
4465
#: serverguide/C/vpn.xml:207(programlisting)
4466
#, no-wrap
4467
msgid ""
4468
"\n"
4469
"#!/bin/sh\n"
4470
"\n"
4471
"BR=$1\n"
4472
"DEV=$2\n"
4473
"MTU=$3\n"
4474
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4475
"/usr/sbin/brctl addif $BR $DEV\n"
4476
msgstr ""
4477
4478
#: serverguide/C/vpn.xml:217(para)
4479
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4480
msgstr ""
4481
4482
#: serverguide/C/vpn.xml:221(programlisting)
4483
#, no-wrap
4484
msgid ""
4485
"\n"
4486
"#!/bin/sh\n"
4487
"\n"
4488
"BR=$1\n"
4489
"DEV=$2\n"
4490
"\n"
4491
"/usr/sbin/brctl delif $BR $DEV\n"
4492
"/sbin/ifconfig $DEV down\n"
4493
msgstr ""
4494
4495
#: serverguide/C/vpn.xml:231(para)
4496
msgid "Then make them executable:"
4497
msgstr ""
4498
4499
#: serverguide/C/vpn.xml:236(command)
4500
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4501
msgstr ""
4502
4503
#: serverguide/C/vpn.xml:237(command)
4504
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4505
msgstr ""
4506
4507
#: serverguide/C/vpn.xml:240(para)
4508
msgid ""
4509
"After configuring the server, restart <application>openvpn</application> by "
4510
"entering:"
4511
msgstr ""
4512
4513
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4514
msgid "sudo /etc/init.d/openvpn restart"
4515
msgstr ""
4516
4517
#: serverguide/C/vpn.xml:250(title)
4518
msgid "Client Configuration"
4519
msgstr ""
4520
4521
#: serverguide/C/vpn.xml:252(para)
4522
msgid "First, install <application>openvpn</application> on the client:"
4523
msgstr ""
4524
4525
#: serverguide/C/vpn.xml:260(para)
4526
msgid ""
4527
"Then with the server configured and the client certificates copied to the "
4528
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4529
"file by copying the example. In a terminal on the client machine enter:"
4530
msgstr ""
4531
4532
#: serverguide/C/vpn.xml:266(command)
4533
msgid ""
4534
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4535
"/etc/openvpn"
4536
msgstr ""
4537
4538
#: serverguide/C/vpn.xml:269(para)
4539
msgid ""
4540
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4541
"following options:"
4542
msgstr ""
4543
4544
#: serverguide/C/vpn.xml:273(programlisting)
4545
#, no-wrap
4546
msgid ""
4547
"\n"
4548
"dev tap\n"
4549
"remote vpn.example.com 1194\n"
4550
"cert hostname.crt\n"
4551
"key hostname.key\n"
4552
"tls-auth ta.key 1\n"
4553
msgstr ""
4554
4555
#: serverguide/C/vpn.xml:282(para)
4556
msgid ""
4557
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4558
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4559
"key filenames."
4560
msgstr ""
4561
4562
#: serverguide/C/vpn.xml:288(para)
4563
msgid "Finally, restart <application>openvpn</application>:"
4564
msgstr ""
4565
4566
#: serverguide/C/vpn.xml:296(para)
4567
msgid "You should now be able to connect to the remote LAN through the VPN."
4568
msgstr ""
4569
4570
#: serverguide/C/vpn.xml:307(para)
4571
msgid ""
4572
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4573
"additional information."
4574
msgstr ""
4575
4576
#: serverguide/C/vpn.xml:312(para)
4577
msgid ""
4578
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4579
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4580
msgstr ""
4581
4582
#: serverguide/C/vpn.xml:318(para)
4583
msgid ""
4584
"Another source of further information is the <ulink "
4585
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4586
"OpenVPN</ulink> page."
4587
msgstr ""
4588
4589
#: serverguide/C/virtualization.xml:13(title)
4590
msgid "Virtualization"
4591
msgstr ""
4592
4593
#: serverguide/C/virtualization.xml:14(para)
4594
msgid ""
4595
"Virtualization is being adopted in many different environments and "
4596
"situations. If you are a developer, virtualization can provide you with a "
4597
"contained environment where you can safely do almost any sort of development "
4598
"safe from messing up your main working environment. If you are a systems "
4599
"administrator, you can use virtualization to more easily separate your "
4600
"services and move them around based on demand."
4601
msgstr ""
4602
4603
#: serverguide/C/virtualization.xml:20(para)
4604
msgid ""
4605
"The default virtualization technology supported in Ubuntu is "
4606
"<application>KVM</application>, a technology that takes advantage of "
4607
"virtualization extensions built into Intel and AMD hardware. For hardware "
4608
"without virtualization extensions <application>Xen</application> and "
4609
"<application>Qemu</application> are popular solutions."
4610
msgstr ""
4611
4612
#: serverguide/C/virtualization.xml:27(title)
4613
msgid "libvirt"
4614
msgstr ""
4615
4616
#: serverguide/C/virtualization.xml:28(para)
4617
msgid ""
4618
"The <application>libvirt</application> library is used to interface with "
4619
"different virtualization technologies. Before getting started with "
4620
"<application>libvirt</application> it is best to make sure your hardware "
4621
"supports the necessary virtualization extensions for "
4622
"<application>KVM</application>. Enter the following from a terminal prompt:"
4623
msgstr ""
4624
4625
#: serverguide/C/virtualization.xml:35(command)
4626
msgid "kvm-ok"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:37(para)
4630
msgid ""
4631
"A message will be printed informing you if your CPU "
4632
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4633
"virtualization."
4634
msgstr ""
4635
4636
#: serverguide/C/virtualization.xml:41(para)
4637
msgid ""
4638
"On most computer whose processor supports virtualization, it is necessary to "
4639
"activate an option in the BIOS to enable it."
4640
msgstr ""
4641
4642
#: serverguide/C/virtualization.xml:47(title)
4643
msgid "Virtual Networking"
4644
msgstr ""
4645
4646
#: serverguide/C/virtualization.xml:49(para)
4647
msgid ""
4648
"There are a few different ways to allow a virtual machine access to the "
4649
"external network. The default virtual network configuration is "
4650
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4651
"traffic is NATed through the host interface to the outside network."
4652
msgstr ""
4653
4654
#: serverguide/C/virtualization.xml:54(para)
4655
msgid ""
4656
"To enable external hosts to directly access services on virtual machines a "
4657
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4658
"interfaces to connect to the outside network through the physical interface, "
4659
"making them appear as normal hosts to the rest of the network. For "
4660
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4661
msgstr ""
4662
4663
#: serverguide/C/virtualization.xml:63(para)
4664
msgid "To install the necessary packages, from a terminal prompt enter:"
4665
msgstr ""
4666
4667
#: serverguide/C/virtualization.xml:67(command)
4668
msgid "sudo apt-get install kvm libvirt-bin"
4669
msgstr ""
4670
4671
#: serverguide/C/virtualization.xml:69(para)
4672
msgid ""
4673
"After installing <application>libvirt-bin</application>, the user used to "
4674
"manage virtual machines will need to be added to the "
4675
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4676
"the advanced networking options."
4677
msgstr ""
4678
4679
#: serverguide/C/virtualization.xml:73(para)
4680
msgid "In a terminal enter:"
4681
msgstr ""
4682
4683
#: serverguide/C/virtualization.xml:77(command)
4684
msgid "sudo adduser $USER libvirtd"
4685
msgstr ""
4686
4687
#: serverguide/C/virtualization.xml:80(para)
4688
msgid ""
4689
"If the user chosen is the current user, you will need to log out and back in "
4690
"for the new group membership to take effect."
4691
msgstr ""
4692
4693
#: serverguide/C/virtualization.xml:84(para)
4694
msgid ""
4695
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4696
"Installing a virtual machine follows the same process as installing the "
4697
"operating system directly on the hardware. You either need a way to automate "
4698
"the installation, or a keyboard and monitor will need to be attached to the "
4699
"physical machine."
4700
msgstr ""
4701
4702
#: serverguide/C/virtualization.xml:89(para)
4703
msgid ""
4704
"In the case of virtual machines a Graphical User Interface (GUI) is "
4705
"analogous to using a physical keyboard and mouse. Instead of installing a "
4706
"GUI the <application>virt-viewer</application> application can be used to "
4707
"connect to a virtual machine's console using <application>VNC</application>. "
4708
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4709
msgstr ""
4710
4711
#: serverguide/C/virtualization.xml:94(para)
4712
msgid ""
4713
"There are several ways to automate the Ubuntu installation process, for "
4714
"example using preseeds, kickstart, etc. Refer to the <ulink "
4715
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4716
"Installation Guide</ulink> for details."
4717
msgstr ""
4718
4719
#: serverguide/C/virtualization.xml:98(para)
4720
msgid ""
4721
"Yet another way to install an Ubuntu virtual machine is to use "
4722
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4723
"builder</application> allows you to setup advanced partitions, execute "
4724
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4725
"vmbuilder\"/>"
4726
msgstr ""
4727
4728
#: serverguide/C/virtualization.xml:104(title)
4729
msgid "virt-install"
4730
msgstr ""
4731
4732
#: serverguide/C/virtualization.xml:105(para)
4733
msgid ""
4734
"<application>virt-install</application> is part of the <application>python-"
4735
"virtinst</application> package. To install it, from a terminal prompt enter:"
4736
msgstr ""
4737
4738
#: serverguide/C/virtualization.xml:109(command)
4739
msgid "sudo apt-get install python-virtinst"
4740
msgstr ""
4741
4742
#: serverguide/C/virtualization.xml:111(para)
4743
msgid ""
4744
"There are several options available when using <application>virt-"
4745
"install</application>. For example:"
4746
msgstr ""
4747
4748
#: serverguide/C/virtualization.xml:115(command)
4749
msgid ""
4750
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4751
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4752
msgstr ""
4753
4754
#: serverguide/C/virtualization.xml:122(para)
4755
msgid ""
4756
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4757
"be <emphasis>web_devel</emphasis> in this example."
4758
msgstr ""
4759
4760
#: serverguide/C/virtualization.xml:127(para)
4761
msgid ""
4762
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4763
"machine will use."
4764
msgstr ""
4765
4766
#: serverguide/C/virtualization.xml:132(para)
4767
msgid ""
4768
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4769
"disk which can be a file, partition, or logical volume. In this example a "
4770
"file named <filename>web_devel.img</filename>."
4771
msgstr ""
4772
4773
#: serverguide/C/virtualization.xml:138(para)
4774
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4775
msgstr ""
4776
4777
#: serverguide/C/virtualization.xml:143(para)
4778
msgid ""
4779
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4780
"file can be either an ISO file or the path to the host's CDROM device."
4781
msgstr ""
4782
4783
#: serverguide/C/virtualization.xml:149(para)
4784
msgid ""
4785
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4786
"technologies."
4787
msgstr ""
4788
4789
#: serverguide/C/virtualization.xml:154(para)
4790
msgid ""
4791
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4792
msgstr ""
4793
4794
#: serverguide/C/virtualization.xml:159(para)
4795
msgid ""
4796
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4797
"virtual machine's console."
4798
msgstr ""
4799
4800
#: serverguide/C/virtualization.xml:164(para)
4801
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4802
msgstr ""
4803
4804
#: serverguide/C/virtualization.xml:169(para)
4805
msgid ""
4806
"After launching <application>virt-install</application> you can connect to "
4807
"the virtual machine's console either locally using a GUI or with the "
4808
"<application>virt-viewer</application> utility."
4809
msgstr ""
4810
4811
#: serverguide/C/virtualization.xml:175(title)
4812
msgid "virt-clone"
4813
msgstr ""
4814
4815
#: serverguide/C/virtualization.xml:176(para)
4816
msgid ""
4817
"The <application>virt-clone</application> application can be used to copy "
4818
"one virtual machine to another. For example:"
4819
msgstr ""
4820
4821
#: serverguide/C/virtualization.xml:180(command)
4822
msgid ""
4823
"sudo virt-clone -o web_devel -n database_devel -f "
4824
"/path/to/database_devel.img --connect=qemu:///system"
4825
msgstr ""
4826
4827
#: serverguide/C/virtualization.xml:184(para)
4828
msgid "<emphasis>-o:</emphasis> original virtual machine."
4829
msgstr ""
4830
4831
#: serverguide/C/virtualization.xml:189(para)
4832
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4833
msgstr ""
4834
4835
#: serverguide/C/virtualization.xml:194(para)
4836
msgid ""
4837
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4838
"be used by the new virtual machine."
4839
msgstr ""
4840
4841
#: serverguide/C/virtualization.xml:199(para)
4842
msgid ""
4843
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4844
msgstr ""
4845
4846
#: serverguide/C/virtualization.xml:204(para)
4847
msgid ""
4848
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4849
"help troubleshoot problems with <application>virt-clone</application>."
4850
msgstr ""
4851
4852
#: serverguide/C/virtualization.xml:209(para)
4853
msgid ""
4854
"Replace <emphasis>web_devel</emphasis> and "
4855
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4856
msgstr ""
4857
4858
#: serverguide/C/virtualization.xml:215(title)
4859
msgid "Virtual Machine Management"
4860
msgstr ""
4861
4862
#: serverguide/C/virtualization.xml:217(title)
4863
msgid "virsh"
4864
msgstr ""
4865
4866
#: serverguide/C/virtualization.xml:218(para)
4867
msgid ""
4868
"There are several utilities available to manage virtual machines and "
4869
"<application>libvirt</application>. The <application>virsh</application> "
4870
"utility can be used from the command line. Some examples:"
4871
msgstr ""
4872
4873
#: serverguide/C/virtualization.xml:224(para)
4874
msgid "To list running virtual machines:"
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:228(command)
4878
msgid "virsh -c qemu:///system list"
4879
msgstr ""
4880
4881
#: serverguide/C/virtualization.xml:232(para)
4882
msgid "To start a virtual machine:"
4883
msgstr ""
4884
4885
#: serverguide/C/virtualization.xml:236(command)
4886
msgid "virsh -c qemu:///system start web_devel"
4887
msgstr ""
4888
4889
#: serverguide/C/virtualization.xml:240(para)
4890
msgid "Similarly, to start a virtual machine at boot:"
4891
msgstr ""
4892
4893
#: serverguide/C/virtualization.xml:244(command)
4894
msgid "virsh -c qemu:///system autostart web_devel"
4895
msgstr ""
4896
4897
#: serverguide/C/virtualization.xml:248(para)
4898
msgid "Reboot a virtual machine with:"
4899
msgstr ""
4900
4901
#: serverguide/C/virtualization.xml:252(command)
4902
msgid "virsh -c qemu:///system reboot web_devel"
4903
msgstr ""
4904
4905
#: serverguide/C/virtualization.xml:256(para)
4906
msgid ""
4907
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4908
"order to be restored later. The following will save the virtual machine "
4909
"state into a file named according to the date:"
4910
msgstr ""
4911
4912
#: serverguide/C/virtualization.xml:261(command)
4913
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4914
msgstr ""
4915
4916
#: serverguide/C/virtualization.xml:263(para)
4917
msgid "Once saved the virtual machine will no longer be running."
4918
msgstr ""
4919
4920
#: serverguide/C/virtualization.xml:268(para)
4921
msgid "A saved virtual machine can be restored using:"
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:272(command)
4925
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4926
msgstr ""
4927
4928
#: serverguide/C/virtualization.xml:276(para)
4929
msgid "To shutdown a virtual machine do:"
4930
msgstr ""
4931
4932
#: serverguide/C/virtualization.xml:280(command)
4933
msgid "virsh -c qemu:///system shutdown web_devel"
4934
msgstr ""
4935
4936
#: serverguide/C/virtualization.xml:284(para)
4937
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:288(command)
4941
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4942
msgstr ""
4943
4944
#: serverguide/C/virtualization.xml:293(para)
4945
msgid ""
4946
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4947
"appropriate virtual machine name, and <filename>web_devel-"
4948
"022708.state</filename> with a descriptive file name."
4949
msgstr ""
4950
4951
#: serverguide/C/virtualization.xml:300(title)
4952
msgid "Virtual Machine Manager"
4953
msgstr ""
4954
4955
#: serverguide/C/virtualization.xml:301(para)
4956
msgid ""
4957
"The <application>virt-manager</application> package contains a graphical "
4958
"utility to manage local and remote virtual machines. To install virt-manager "
4959
"enter:"
4960
msgstr ""
4961
4962
#: serverguide/C/virtualization.xml:306(command)
4963
msgid "sudo apt-get install virt-manager"
4964
msgstr ""
4965
4966
#: serverguide/C/virtualization.xml:308(para)
4967
msgid ""
4968
"Since <application>virt-manager</application> requires a Graphical User "
4969
"Interface (GUI) environment it is recommended to be installed on a "
4970
"workstation or test machine instead of a production server. To connect to "
4971
"the local <application>libvirt</application> service enter:"
4972
msgstr ""
4973
4974
#: serverguide/C/virtualization.xml:314(command)
4975
msgid "virt-manager -c qemu:///system"
4976
msgstr ""
4977
4978
#: serverguide/C/virtualization.xml:316(para)
4979
msgid ""
4980
"You can connect to the <application>libvirt</application> service running on "
4981
"another host by entering the following in a terminal prompt:"
4982
msgstr ""
4983
4984
#: serverguide/C/virtualization.xml:320(command)
4985
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:323(para)
4989
msgid ""
4990
"The above example assumes that <application>SSH</application> connectivity "
4991
"between the management system and virtnode1.mydomain.com has already been "
4992
"configured, and uses SSH keys for authentication. SSH "
4993
"<emphasis>keys</emphasis> are needed because "
4994
"<application>libvirt</application> sends the password prompt to another "
4995
"process. For details on configuring <application>SSH</application> see <xref "
4996
"linkend=\"openssh-server\"/>"
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:333(title)
5000
msgid "Virtual Machine Viewer"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:334(para)
5004
msgid ""
5005
"The <application>virt-viewer</application> application allows you to connect "
5006
"to a virtual machine's console. <application>virt-viewer</application> does "
5007
"require a Graphical User Interface (GUI) to interface with the virtual "
5008
"machine."
5009
msgstr ""
5010
5011
#: serverguide/C/virtualization.xml:338(para)
5012
msgid ""
5013
"To install <application>virt-viewer</application> from a terminal enter:"
5014
msgstr ""
5015
5016
#: serverguide/C/virtualization.xml:342(command)
5017
msgid "sudo apt-get install virt-viewer"
5018
msgstr ""
5019
5020
#: serverguide/C/virtualization.xml:344(para)
5021
msgid ""
5022
"Once a virtual machine is installed and running you can connect to the "
5023
"virtual machine's console by using:"
5024
msgstr ""
5025
5026
#: serverguide/C/virtualization.xml:348(command)
5027
msgid "virt-viewer -c qemu:///system web_devel"
5028
msgstr ""
5029
5030
#: serverguide/C/virtualization.xml:350(para)
5031
msgid ""
5032
"Similar to <application>virt-manager</application>, <application>virt-"
5033
"viewer</application> can connect to a remote host using "
5034
"<emphasis>SSH</emphasis> with key authentication, as well:"
5035
msgstr ""
5036
5037
#: serverguide/C/virtualization.xml:355(command)
5038
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
5039
msgstr ""
5040
5041
#: serverguide/C/virtualization.xml:357(para)
5042
msgid ""
5043
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
5044
"appropriate virtual machine name."
5045
msgstr ""
5046
5047
#: serverguide/C/virtualization.xml:360(para)
5048
msgid ""
5049
"If configured to use a <emphasis>bridged</emphasis> network interface you "
5050
"can also setup <application>SSH</application> access to the virtual machine. "
5051
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
5052
"more details."
5053
msgstr ""
5054
5055
#: serverguide/C/virtualization.xml:369(para)
5056
msgid ""
5057
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
5058
"for more details."
5059
msgstr ""
5060
5061
#: serverguide/C/virtualization.xml:374(para)
5062
msgid ""
5063
"For more information on <application>libvirt</application> see the <ulink "
5064
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
5065
msgstr ""
5066
5067
#: serverguide/C/virtualization.xml:379(para)
5068
msgid ""
5069
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
5070
"Manager</ulink> site has more information on <application>virt-"
5071
"manager</application> development."
5072
msgstr ""
5073
5074
#: serverguide/C/virtualization.xml:385(para)
5075
msgid ""
5076
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
5077
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
5078
"technology in Ubuntu."
5079
msgstr ""
5080
5081
#: serverguide/C/virtualization.xml:391(para)
5082
msgid ""
5083
"Another good resource is the <ulink "
5084
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
5085
msgstr ""
5086
5087
#: serverguide/C/virtualization.xml:399(title)
5088
msgid "JeOS and vmbuilder"
5089
msgstr ""
5090
5091
#: serverguide/C/virtualization.xml:405(title)
5092
msgid "What is JeOS"
5093
msgstr ""
5094
5095
#: serverguide/C/virtualization.xml:407(para)
5096
msgid ""
5097
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
5098
"variant of the Ubuntu Server operating system, configured specifically for "
5099
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
5100
"only as an option either:"
5101
msgstr ""
5102
5103
#: serverguide/C/virtualization.xml:414(para)
5104
msgid ""
5105
"While installing from the Server Edition ISO (pressing "
5106
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
5107
"installation\", which is the package selection equivalent to JeOS)."
5108
msgstr ""
5109
5110
#: serverguide/C/virtualization.xml:420(para)
5111
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
5112
msgstr ""
5113
5114
#: serverguide/C/virtualization.xml:426(para)
5115
msgid ""
5116
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
5117
"kernel that only contains the base elements needed to run within a "
5118
"virtualized environment."
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:431(para)
5122
msgid ""
5123
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
5124
"in the latest virtualization products from VMware. This combination of "
5125
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
5126
"delivers a highly efficient use of server resources in large virtual "
5127
"deployments."
5128
msgstr ""
5129
5130
#: serverguide/C/virtualization.xml:437(para)
5131
msgid ""
5132
"Without unnecessary drivers, and only the minimal required packages, ISVs "
5133
"can configure their supporting OS exactly as they require. They have the "
5134
"peace of mind that updates, whether for security or enhancement reasons, "
5135
"will be limited to the bare minimum of what is required in their specific "
5136
"environment. In turn, users deploying virtual appliances built on top of "
5137
"JeOS will have to go through fewer updates and therefore less maintenance "
5138
"than they would have had to with a standard full installation of a server."
5139
msgstr ""
5140
5141
#: serverguide/C/virtualization.xml:446(title)
5142
msgid "What is vmbuilder"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:448(para)
5146
msgid ""
5147
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
5148
"will fetch the various package and build a virtual machine tailored for your "
5149
"needs in about a minute. vmbuilder is a script that automates the process of "
5150
"creating a ready to use Linux based VM. The currently supported hypervisors "
5151
"are KVM and Xen."
5152
msgstr ""
5153
5154
#: serverguide/C/virtualization.xml:454(para)
5155
msgid ""
5156
"You can pass command line options to add extra packages, remove packages, "
5157
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
5158
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
5159
"a local mirror, you can bootstrap a VM in less than a minute."
5160
msgstr ""
5161
5162
#: serverguide/C/virtualization.xml:460(para)
5163
msgid ""
5164
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
5165
"vm-builder</application> started with little emphasis as a hack to help "
5166
"developers test their new code in a virtual machine without having to "
5167
"restart from scratch each time. As a few Ubuntu administrators started to "
5168
"notice this script, a few of them went on improving it and adapting it for "
5169
"so many use case that Soren Hansen (the author of the script and Ubuntu "
5170
"virtualization specialist, not the golf player) decided to rewrite it from "
5171
"scratch for Intrepid as a python script with a few new design goals:"
5172
msgstr ""
5173
5174
#: serverguide/C/virtualization.xml:470(para)
5175
msgid "Develop it so that it can be reused by other distributions."
5176
msgstr ""
5177
5178
#: serverguide/C/virtualization.xml:475(para)
5179
msgid ""
5180
"Use a plugin mechanisms for all virtualization interactions so that others "
5181
"can easily add logic for other virtualization environments."
5182
msgstr ""
5183
5184
#: serverguide/C/virtualization.xml:480(para)
5185
msgid ""
5186
"Provide an easy to maintain web interface as an option to the command line "
5187
"interface."
5188
msgstr ""
5189
5190
#: serverguide/C/virtualization.xml:486(para)
5191
msgid "But the general principles and commands remain the same."
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:493(title)
5195
msgid "Initial Setup"
5196
msgstr ""
5197
5198
#: serverguide/C/virtualization.xml:495(para)
5199
msgid ""
5200
"It is assumed that you have installed and configured "
5201
"<application>libvirt</application> and <application>KVM</application> "
5202
"locally on the machine you are using. For details on how to perform this, "
5203
"please refer to:"
5204
msgstr ""
5205
5206
#: serverguide/C/virtualization.xml:507(para)
5207
msgid ""
5208
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5209
"page."
5210
msgstr ""
5211
5212
#: serverguide/C/virtualization.xml:513(para)
5213
msgid ""
5214
"We also assume that you know how to use a text based text editor such as "
5215
"nano or vi. If you have not used any of them before, you can get an overview "
5216
"of the various text editors available by reading the <ulink "
5217
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5218
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5219
"principle should remain on other virtualization technologies."
5220
msgstr ""
5221
5222
#: serverguide/C/virtualization.xml:521(title)
5223
msgid "Install vmbuilder"
5224
msgstr ""
5225
5226
#: serverguide/C/virtualization.xml:523(para)
5227
msgid ""
5228
"The name of the package that we need to install is <application>python-vm-"
5229
"builder</application>. In a terminal prompt enter:"
5230
msgstr ""
5231
5232
#: serverguide/C/virtualization.xml:528(command)
5233
msgid "sudo apt-get install python-vm-builder"
5234
msgstr ""
5235
5236
#: serverguide/C/virtualization.xml:532(para)
5237
msgid ""
5238
"If you are running Hardy, you can still perform most of this using the older "
5239
"version of the package named <application>ubuntu-vm-builder</application>, "
5240
"there are only a few changes to the syntax of the tool."
5241
msgstr ""
5242
5243
#: serverguide/C/virtualization.xml:541(title)
5244
msgid "Defining Your Virtual Machine"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:543(para)
5248
msgid ""
5249
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5250
"are a few thing to consider:"
5251
msgstr ""
5252
5253
#: serverguide/C/virtualization.xml:549(para)
5254
msgid ""
5255
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5256
"will know how to extend disk size to fit their need, so either plan for a "
5257
"large virtual disk to allow for your appliance to grow, or explain fairly "
5258
"well in your documentation how to allocate more space. It might actually be "
5259
"a good idea to store data on some separate external storage."
5260
msgstr ""
5261
5262
#: serverguide/C/virtualization.xml:556(para)
5263
msgid ""
5264
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5265
"whatever you think is a safe minimum for your appliance."
5266
msgstr ""
5267
5268
#: serverguide/C/virtualization.xml:562(para)
5269
msgid ""
5270
"The <application>vmbuilder</application> command has 2 main parameters: the "
5271
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5272
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5273
"and can be found using the following command:"
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:568(command)
5277
msgid "vmbuilder --help"
5278
msgstr ""
5279
5280
#: serverguide/C/virtualization.xml:572(title)
5281
msgid "Base Parameters"
5282
msgstr ""
5283
5284
#: serverguide/C/virtualization.xml:574(para)
5285
msgid ""
5286
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5287
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5288
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5289
msgstr ""
5290
5291
#: serverguide/C/virtualization.xml:580(command)
5292
msgid ""
5293
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5294
"-libvirt qemu:///system"
5295
msgstr ""
5296
5297
#: serverguide/C/virtualization.xml:583(para)
5298
msgid ""
5299
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5300
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5301
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5302
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5303
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5304
"libvirt</emphasis> tells to inform the local virtualization environment to "
5305
"add the resulting VM to the list of available machines."
5306
msgstr ""
5307
5308
#: serverguide/C/virtualization.xml:591(para)
5309
msgid "Notes:"
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:597(para)
5313
msgid ""
5314
"Because of the nature of operations performed by vmbuilder, it needs to have "
5315
"root privilege, hence the use of sudo."
5316
msgstr ""
5317
5318
#: serverguide/C/virtualization.xml:602(para)
5319
msgid ""
5320
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5321
"a 64 bit machine (--arch amd64)."
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:607(para)
5325
msgid ""
5326
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5327
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5328
"use <emphasis>--flavour</emphasis> server instead."
5329
msgstr ""
5330
5331
#: serverguide/C/virtualization.xml:615(title)
5332
msgid "JeOS Installation Parameters"
5333
msgstr ""
5334
5335
#: serverguide/C/virtualization.xml:618(title)
5336
msgid "JeOS Networking"
5337
msgstr ""
5338
5339
#: serverguide/C/virtualization.xml:621(title)
5340
msgid "Assigning a fixed IP address"
5341
msgstr ""
5342
5343
#: serverguide/C/virtualization.xml:623(para)
5344
msgid ""
5345
"As a virtual appliance that may be deployed on various very different "
5346
"networks, it is very difficult to know what the actual network will look "
5347
"like. In order to simplify configuration, it is a good idea to take an "
5348
"approach similar to what network hardware vendors usually do, namely "
5349
"assigning an initial fixed IP address to the appliance in a private class "
5350
"network that you will provide in your documentation. An address in the range "
5351
"192.168.0.0/255 is usually a good choice."
5352
msgstr ""
5353
5354
#: serverguide/C/virtualization.xml:630(para)
5355
msgid "To do this we'll use the following parameters:"
5356
msgstr ""
5357
5358
#: serverguide/C/virtualization.xml:636(para)
5359
msgid ""
5360
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5361
"dhcp if not specified)"
5362
msgstr ""
5363
5364
#: serverguide/C/virtualization.xml:641(para)
5365
msgid ""
5366
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5367
"255.255.255.0)"
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:646(para)
5371
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:651(para)
5375
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:656(para)
5379
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:661(para)
5383
msgid ""
5384
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5385
msgstr ""
5386
5387
#: serverguide/C/virtualization.xml:667(para)
5388
msgid ""
5389
"We assume for now that default values are good enough, so the resulting "
5390
"invocation becomes:"
5391
msgstr ""
5392
5393
#: serverguide/C/virtualization.xml:672(command)
5394
msgid ""
5395
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5396
"-libvirt qemu:///system --ip 192.168.0.100"
5397
msgstr ""
5398
5399
#: serverguide/C/virtualization.xml:677(title)
5400
msgid "Modifying the libvirt Template to use Bridging"
5401
msgstr ""
5402
5403
#: serverguide/C/virtualization.xml:679(para)
5404
msgid ""
5405
"Because our appliance will be likely to need to be accessed by remote hosts, "
5406
"we need to configure libvirt so that the appliance uses bridge networking. "
5407
"To do this we use vmbuilder template mechanism to modify the default one."
5408
msgstr ""
5409
5410
#: serverguide/C/virtualization.xml:684(para)
5411
msgid ""
5412
"In our working directory we create the template hierarchy and copy the "
5413
"default template:"
5414
msgstr ""
5415
5416
#: serverguide/C/virtualization.xml:689(command)
5417
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5418
msgstr ""
5419
5420
#: serverguide/C/virtualization.xml:690(command)
5421
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5422
msgstr ""
5423
5424
#: serverguide/C/virtualization.xml:693(para)
5425
msgid ""
5426
"We can then edit "
5427
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5428
"change:"
5429
msgstr ""
5430
5431
#: serverguide/C/virtualization.xml:697(programlisting)
5432
#, no-wrap
5433
msgid ""
5434
"\n"
5435
" <interface type='network'>\n"
5436
" <source network='default'/>\n"
5437
" </interface>\n"
5438
msgstr ""
5439
5440
#: serverguide/C/virtualization.xml:703(para)
5441
msgid "To:"
5442
msgstr ""
5443
5444
#: serverguide/C/virtualization.xml:707(programlisting)
5445
#, no-wrap
5446
msgid ""
5447
"\n"
5448
" <interface type='bridge'>\n"
5449
" <source bridge='br0'/>\n"
5450
" </interface>\n"
5451
msgstr ""
5452
5453
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5454
msgid "Partitioning"
5455
msgstr ""
5456
5457
#: serverguide/C/virtualization.xml:719(para)
5458
msgid ""
5459
"Partitioning of the virtual appliance will have to take into consideration "
5460
"what you are planning to do with is. Because most appliances want to have a "
5461
"separate storage for data, having a separate <filename>/var</filename> would "
5462
"make sense."
5463
msgstr ""
5464
5465
#: serverguide/C/virtualization.xml:724(para)
5466
msgid ""
5467
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5468
msgstr ""
5469
5470
#: serverguide/C/virtualization.xml:728(programlisting)
5471
#, no-wrap
5472
msgid ""
5473
"\n"
5474
"--part PATH\n"
5475
" Allows you to specify a partition table in a partition file, located at "
5476
"PATH. Each line of the partition file should specify\n"
5477
" (root first):\n"
5478
" mountpoint size\n"
5479
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5480
"disk starts on a\n"
5481
" line with ’---’. ie :\n"
5482
" root 1000\n"
5483
" /opt 1000\n"
5484
" swap 256\n"
5485
" ---\n"
5486
" /var 2000\n"
5487
" /log 1500\n"
5488
msgstr ""
5489
5490
#: serverguide/C/virtualization.xml:743(para)
5491
msgid ""
5492
"In our case we will define a text file name "
5493
"<filename>vmbuilder.partition</filename> which will contain the following:"
5494
msgstr ""
5495
5496
#: serverguide/C/virtualization.xml:747(programlisting)
5497
#, no-wrap
5498
msgid ""
5499
"\n"
5500
"root 8000\n"
5501
"swap 4000\n"
5502
"---\n"
5503
"/var 20000\n"
5504
msgstr ""
5505
5506
#: serverguide/C/virtualization.xml:755(para)
5507
msgid ""
5508
"Note that as we are using virtual disk images, the actual sizes that we put "
5509
"here are maximum sizes for these volumes."
5510
msgstr ""
5511
5512
#: serverguide/C/virtualization.xml:760(para)
5513
msgid "Our command line now looks like:"
5514
msgstr ""
5515
5516
#: serverguide/C/virtualization.xml:765(command)
5517
msgid ""
5518
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5519
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5520
msgstr ""
5521
5522
#: serverguide/C/virtualization.xml:770(para)
5523
msgid ""
5524
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5525
"next line."
5526
msgstr ""
5527
5528
#: serverguide/C/virtualization.xml:777(title)
5529
msgid "User and Password"
5530
msgstr ""
5531
5532
#: serverguide/C/virtualization.xml:779(para)
5533
msgid ""
5534
"Again setting up a virtual appliance, you will need to provide a default "
5535
"user and password that is generic so that you can include it in your "
5536
"documentation. We will see later on in this tutorial how we will provide "
5537
"some security by defining a script that will be run the first time a user "
5538
"actually logs in the appliance, that will, among other things, ask him to "
5539
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5540
"as my user name, and <emphasis>'default'</emphasis> as the password."
5541
msgstr ""
5542
5543
#: serverguide/C/virtualization.xml:787(para)
5544
msgid "To do this we use the following optional parameters:"
5545
msgstr ""
5546
5547
#: serverguide/C/virtualization.xml:793(para)
5548
msgid ""
5549
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5550
"Default: ubuntu."
5551
msgstr ""
5552
5553
#: serverguide/C/virtualization.xml:798(para)
5554
msgid ""
5555
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5556
"added. Default: Ubuntu."
5557
msgstr ""
5558
5559
#: serverguide/C/virtualization.xml:803(para)
5560
msgid ""
5561
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5562
"Default: ubuntu."
5563
msgstr ""
5564
5565
#: serverguide/C/virtualization.xml:809(para)
5566
msgid "Our resulting command line becomes:"
5567
msgstr ""
5568
5569
#: serverguide/C/virtualization.xml:814(command)
5570
msgid ""
5571
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5572
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
5573
"-user user --name user --pass default"
5574
msgstr ""
5575
5576
#: serverguide/C/virtualization.xml:822(title)
5577
msgid "Installing Required Packages"
5578
msgstr ""
5579
5580
#: serverguide/C/virtualization.xml:824(para)
5581
msgid ""
5582
"In this example we will be installing a package "
5583
"<application>(Limesurvey)</application> that accesses a "
5584
"<application>MySQL</application> database and has a web interface. We will "
5585
"therefore require our OS to provide us with:"
5586
msgstr ""
5587
5588
#: serverguide/C/virtualization.xml:831(para)
5589
msgid "Apache"
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:832(para)
5593
msgid "PHP"
5594
msgstr ""
5595
5596
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5597
msgid "MySQL"
5598
msgstr ""
5599
5600
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5601
msgid "OpenSSH Server"
5602
msgstr ""
5603
5604
#: serverguide/C/virtualization.xml:835(para)
5605
msgid "Limesurvey (as an example application that we have packaged)"
5606
msgstr ""
5607
5608
#: serverguide/C/virtualization.xml:838(para)
5609
msgid ""
5610
"This is done using vmbuilder by specifying the --addpkg option multiple "
5611
"times:"
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:842(programlisting)
5615
#, no-wrap
5616
msgid ""
5617
"\n"
5618
"--addpkg PKG\n"
5619
" Install PKG into the guest (can be specfied multiple times)\n"
5620
msgstr ""
5621
5622
#: serverguide/C/virtualization.xml:847(para)
5623
msgid ""
5624
"However, due to the way vmbuilder operates, packages that have to ask "
5625
"questions to the user during the post install phase are not supported and "
5626
"should instead be installed while interactivity can occur. This is the case "
5627
"of Limesurvey, which we will have to install later, once the user logs in."
5628
msgstr ""
5629
5630
#: serverguide/C/virtualization.xml:853(para)
5631
msgid ""
5632
"Other packages that ask simple debconf question, such as <application>mysql-"
5633
"server</application> asking to set a password, the package can be installed "
5634
"immediately, but we will have to reconfigure it the first time the user logs "
5635
"in."
5636
msgstr ""
5637
5638
#: serverguide/C/virtualization.xml:859(para)
5639
msgid ""
5640
"If some packages that we need to install are not in main, we need to enable "
5641
"the additional repositories using --comp and --ppa:"
5642
msgstr ""
5643
5644
#: serverguide/C/virtualization.xml:863(programlisting)
5645
#, no-wrap
5646
msgid ""
5647
"\n"
5648
"--components COMP1,COMP2,...,COMPN\n"
5649
" A comma separated list of distro components to include (e.g. "
5650
"main,universe). This defaults\n"
5651
" to \"main\"\n"
5652
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5653
msgstr ""
5654
5655
#: serverguide/C/virtualization.xml:870(para)
5656
msgid ""
5657
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5658
"PPA (personal package archive) address so that it is added to the VM "
5659
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5660
"to the command line:"
5661
msgstr ""
5662
5663
#: serverguide/C/virtualization.xml:876(command)
5664
msgid ""
5665
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5666
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5667
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5668
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5669
"server --ppa nijaba"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:883(title)
5673
msgid "OpenSSH"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:885(para)
5677
msgid ""
5678
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5679
"it will allow our admins to access the appliance remotely. However, pushing "
5680
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5681
"security risk as all these server will share the same secret key, making it "
5682
"very easy for hackers to target our appliance with all the tools they need "
5683
"to crack it open in a breeze. As for the user password, we will instead rely "
5684
"on a script that will install OpenSSH the first time a user logs in so that "
5685
"the key generated will be different for each appliance. For this we'll use a "
5686
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5687
"interaction."
5688
msgstr ""
5689
5690
#: serverguide/C/virtualization.xml:897(title)
5691
msgid "Speed Considerations"
5692
msgstr ""
5693
5694
#: serverguide/C/virtualization.xml:900(title)
5695
msgid "Package Caching"
5696
msgstr ""
5697
5698
#: serverguide/C/virtualization.xml:902(para)
5699
msgid ""
5700
"When vmbuilder creates builds your system, it has to go fetch each one of "
5701
"the packages that composes it over the network to one of the official "
5702
"repositories, which, depending on your internet connection speed and the "
5703
"load of the mirror, can have a big impact on the actual build time. In order "
5704
"to reduce this, it is recommended to either have a local repository (which "
5705
"can be created using <application>apt-mirror</application>) or using a "
5706
"caching proxy such as <application>apt-proxy</application>. The later option "
5707
"being much simpler to implement and requiring less disk space, it is the one "
5708
"we will pick in this tutorial. To install it, simply type:"
5709
msgstr ""
5710
5711
#: serverguide/C/virtualization.xml:912(command)
5712
msgid "sudo apt-get install apt-proxy"
5713
msgstr ""
5714
5715
#: serverguide/C/virtualization.xml:915(para)
5716
msgid ""
5717
"Once this is complete, your (empty) proxy is ready for use on "
5718
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5719
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5720
"option:"
5721
msgstr ""
5722
5723
#: serverguide/C/virtualization.xml:920(programlisting)
5724
#, no-wrap
5725
msgid ""
5726
"\n"
5727
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5728
" is http://archive.ubuntu.com/ubuntu for official\n"
5729
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5730
" otherwise\n"
5731
msgstr ""
5732
5733
#: serverguide/C/virtualization.xml:927(para)
5734
msgid "So we add to the command line:"
5735
msgstr ""
5736
5737
#: serverguide/C/virtualization.xml:932(command)
5738
msgid "--mirror http://mirroraddress:9999/ubuntu"
5739
msgstr ""
5740
5741
#: serverguide/C/virtualization.xml:936(para)
5742
msgid ""
5743
"The mirror address specified here will also be used in the "
5744
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5745
"is useful to specify here an address that can be resolved by the guest or to "
5746
"plan on reseting this address later on, such as in a <emphasis>--"
5747
"firstboot</emphasis> script."
5748
msgstr ""
5749
5750
#: serverguide/C/virtualization.xml:945(title)
5751
msgid "Install a Local Mirror"
5752
msgstr ""
5753
5754
#: serverguide/C/virtualization.xml:947(para)
5755
msgid ""
5756
"If we are in a larger environment, it may make sense to setup a local mirror "
5757
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5758
"script that will handle the mirroring for you. You should plan on having "
5759
"about 20 gigabyte of free space per supported release and architecture."
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:953(para)
5763
msgid ""
5764
"By default, <application>apt-mirror</application> uses the configuration "
5765
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5766
"replicate only the architecture of the local machine. If you would like to "
5767
"support other architectures on your mirror, simply duplicate the lines "
5768
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5769
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5770
"archives as well, you will have:"
5771
msgstr ""
5772
5773
#: serverguide/C/virtualization.xml:960(programlisting)
5774
#, no-wrap
5775
msgid ""
5776
"\n"
5777
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5778
"multiverse \n"
5779
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5780
"universe multiverse\n"
5781
"\n"
5782
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5783
"universe multiverse \n"
5784
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5785
"universe multiverse \n"
5786
"\n"
5787
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5788
"universe multiverse \n"
5789
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5790
"restricted universe multiverse \n"
5791
"\n"
5792
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5793
"universe multiverse \n"
5794
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5795
"restricted universe multiverse \n"
5796
"\n"
5797
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5798
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5799
"installer \n"
5800
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5801
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5802
"installer \n"
5803
msgstr ""
5804
5805
#: serverguide/C/virtualization.xml:977(para)
5806
msgid ""
5807
"Notice that the source packages are not mirrored as they are seldom used "
5808
"compared to the binaries and they do take a lot more space, but they can be "
5809
"easily added to the list."
5810
msgstr ""
5811
5812
#: serverguide/C/virtualization.xml:982(para)
5813
msgid ""
5814
"Once the mirror has finished replicating (and this can be quite long), you "
5815
"need to configure Apache so that your mirror files (in "
5816
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5817
"default), are published by your Apache server. For more information on "
5818
"Apache see <xref linkend=\"httpd\"/>."
5819
msgstr ""
5820
5821
#: serverguide/C/virtualization.xml:991(title)
5822
msgid "Installing in a RAM Disk"
5823
msgstr ""
5824
5825
#: serverguide/C/virtualization.xml:993(para)
5826
msgid ""
5827
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5828
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5829
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5830
"-tmpfs</emphasis> will help you do just that:"
5831
msgstr ""
5832
5833
#: serverguide/C/virtualization.xml:999(programlisting)
5834
#, no-wrap
5835
msgid ""
5836
"\n"
5837
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5838
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5839
msgstr ""
5840
5841
#: serverguide/C/virtualization.xml:1004(para)
5842
msgid ""
5843
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5844
"have 1G of free ram."
5845
msgstr ""
5846
5847
#: serverguide/C/virtualization.xml:1011(title)
5848
msgid "Package the Application"
5849
msgstr ""
5850
5851
#: serverguide/C/virtualization.xml:1013(para)
5852
msgid "Two option are available to us:"
5853
msgstr ""
5854
5855
#: serverguide/C/virtualization.xml:1019(para)
5856
msgid ""
5857
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5858
"package. Since this is outside of the scope of this tutorial, we will not "
5859
"perform this here and invite the reader to read the documentation on how to "
5860
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5861
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5862
"repository for your package so that updates can be conveniently pulled from "
5863
"it. See the <ulink url=\"http://www.debian-"
5864
"administration.org/articles/286\">Debian Administration</ulink> article for "
5865
"a tutorial on this."
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1028(para)
5869
msgid ""
5870
"Manually install the application under <filename>/opt</filename> as "
5871
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5872
"guidelines</ulink>."
5873
msgstr ""
5874
5875
#: serverguide/C/virtualization.xml:1035(para)
5876
msgid ""
5877
"In our case we'll use <application>Limesurvey</application> as example web "
5878
"application for which we wish to provide a virtual appliance. As noted "
5879
"before, we've made a version of the package available in a PPA (Personal "
5880
"Package Archive)."
5881
msgstr ""
5882
5883
#: serverguide/C/virtualization.xml:1042(title)
5884
msgid "Finishing Install"
5885
msgstr ""
5886
5887
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5888
msgid "First Boot"
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1047(para)
5892
msgid ""
5893
"As we mentioned earlier, the first time the machine boots we'll need to "
5894
"install <application>openssh-server</application> so that the key generated "
5895
"for it is unique for each machine. To do this, we'll write a script called "
5896
"<filename>boot.sh</filename> as follows:"
5897
msgstr ""
5898
5899
#: serverguide/C/virtualization.xml:1053(programlisting)
5900
#, no-wrap
5901
msgid ""
5902
"\n"
5903
"# This script will run the first time the virtual machine boots\n"
5904
"# It is ran as root.\n"
5905
"\n"
5906
"apt-get update\n"
5907
"apt-get install -qqy --force-yes openssh-server\n"
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:1061(para)
5911
msgid ""
5912
"And we add the <command>--firstboot boot.sh</command> option to our command "
5913
"line."
5914
msgstr ""
5915
5916
#: serverguide/C/virtualization.xml:1067(title)
5917
msgid "First Login"
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1069(para)
5921
msgid ""
5922
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5923
"set them up the first time a user logs in using a script named login.sh. "
5924
"We'll also use this script to let the user specify:"
5925
msgstr ""
5926
5927
#: serverguide/C/virtualization.xml:1075(para)
5928
msgid "His own password"
5929
msgstr ""
5930
5931
#: serverguide/C/virtualization.xml:1076(para)
5932
msgid "Define the keyboard and other locale info he wants to use"
5933
msgstr ""
5934
5935
#: serverguide/C/virtualization.xml:1079(para)
5936
msgid "So we'll define <filename>login.sh</filename> as follows:"
5937
msgstr ""
5938
5939
#: serverguide/C/virtualization.xml:1083(programlisting)
5940
#, no-wrap
5941
msgid ""
5942
"\n"
5943
"# This script is ran the first time a user logs in\n"
5944
"\n"
5945
"echo \"Your appliance is about to be finished to be set up.\"\n"
5946
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5947
"echo \"starting by changing your user password.\"\n"
5948
"\n"
5949
"passwd\n"
5950
"\n"
5951
"#give the opportunity to change the keyboard\n"
5952
"sudo dpkg-reconfigure console-setup\n"
5953
"\n"
5954
"#configure the mysql server root password\n"
5955
"sudo dpkg-reconfigure mysql-server-5.0\n"
5956
"\n"
5957
"#install limesurvey\n"
5958
"sudo apt-get install -qqy --force-yes limesurvey\n"
5959
"\n"
5960
"echo \"Your appliance is now configured. To use it point your\"\n"
5961
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5962
msgstr ""
5963
5964
#: serverguide/C/virtualization.xml:1105(para)
5965
msgid ""
5966
"And we add the <command>--firstlogin login.sh</command> option to our "
5967
"command line."
5968
msgstr ""
5969
5970
#: serverguide/C/virtualization.xml:1112(title)
5971
msgid "Useful Additions"
5972
msgstr ""
5973
5974
#: serverguide/C/virtualization.xml:1115(title)
5975
msgid "Configuring Automatic Updates"
5976
msgstr ""
5977
5978
#: serverguide/C/virtualization.xml:1117(para)
5979
msgid ""
5980
"To have your system be configured to update itself on a regular basis, we "
5981
"will just install <application>unattended-upgrades</application>, so we add "
5982
"the following option to our command line:"
5983
msgstr ""
5984
5985
#: serverguide/C/virtualization.xml:1123(command)
5986
msgid "--addpkg unattended-upgrades"
5987
msgstr ""
5988
5989
#: serverguide/C/virtualization.xml:1126(para)
5990
msgid ""
5991
"As we have put our application package in a PPA, the process will update not "
5992
"only the system, but also the application each time we update the version in "
5993
"the PPA."
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1133(title)
5997
msgid "ACPI Event Handling"
5998
msgstr ""
5999
6000
#: serverguide/C/virtualization.xml:1135(para)
6001
msgid ""
6002
"For your virtual machine to be able to handle restart and shutdown events it "
6003
"is being sent, it is a good idea to install the acpid package as well. To do "
6004
"this we just add the following option:"
6005
msgstr ""
6006
6007
#: serverguide/C/virtualization.xml:1141(command)
6008
msgid "--addpkg acpid"
6009
msgstr ""
6010
6011
#: serverguide/C/virtualization.xml:1147(title)
6012
msgid "Final Command"
6013
msgstr ""
6014
6015
#: serverguide/C/virtualization.xml:1149(para)
6016
msgid "Here is the command with all the options discussed above:"
6017
msgstr ""
6018
6019
#: serverguide/C/virtualization.xml:1154(command)
6020
msgid ""
6021
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
6022
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
6023
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
6024
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
6025
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
6026
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
6027
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
6028
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
6029
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
6030
"firstlogin login.sh"
6031
msgstr ""
6032
6033
#: serverguide/C/virtualization.xml:1169(para)
6034
msgid ""
6035
"If you are interested in learning more, have questions or suggestions, "
6036
"please contact the Ubuntu Server Team at:"
6037
msgstr ""
6038
6039
#: serverguide/C/virtualization.xml:1174(para)
6040
msgid "IRC: #ubuntu-server on freenode"
6041
msgstr ""
6042
6043
#: serverguide/C/virtualization.xml:1179(para)
6044
msgid ""
6045
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
6046
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
6047
msgstr ""
6048
6049
#: serverguide/C/virtualization.xml:1184(para)
6050
msgid ""
6051
"Also, see the <ulink "
6052
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
6053
"Wiki</ulink> page."
6054
msgstr ""
6055
6056
#: serverguide/C/virtualization.xml:1192(title)
6057
msgid "UEC"
6058
msgstr ""
6059
6060
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
6061
msgid "Overview"
6062
msgstr ""
6063
6064
#: serverguide/C/virtualization.xml:1197(para)
6065
msgid ""
6066
"This tutorial covers <application>UEC</application> installation from the "
6067
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
6068
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
6069
"and one or more nodes attached."
6070
msgstr ""
6071
6072
#: serverguide/C/virtualization.xml:1202(para)
6073
msgid ""
6074
"From this Tutorial you will learn how to install, configure, register and "
6075
"perform several operations on a basic <application>UEC</application> setup "
6076
"that results in a cloud with a one controller <emphasis>\"front-"
6077
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6078
"instances. You will also use examples to help get you started using your own "
6079
"private compute cloud."
6080
msgstr ""
6081
6082
#: serverguide/C/virtualization.xml:1210(title)
6083
msgid "Prerequisites"
6084
msgstr ""
6085
6086
#: serverguide/C/virtualization.xml:1212(para)
6087
msgid ""
6088
"To deploy a minimal cloud infrastructure, you’ll need at least "
6089
"<emphasis>two</emphasis> dedicated systems:"
6090
msgstr ""
6091
6092
#: serverguide/C/virtualization.xml:1218(para)
6093
msgid "A front end."
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1223(para)
6097
msgid "One or more node(s)."
6098
msgstr ""
6099
6100
#: serverguide/C/virtualization.xml:1229(para)
6101
msgid ""
6102
"The following are recommendations, rather than fixed requirements. However, "
6103
"our experience in developing this documentation indicated the following "
6104
"suggestions."
6105
msgstr ""
6106
6107
#: serverguide/C/virtualization.xml:1234(title)
6108
msgid "Front End Requirements"
6109
msgstr ""
6110
6111
#: serverguide/C/virtualization.xml:1236(para)
6112
msgid "Use the following table for a system that will run one or more of:"
6113
msgstr ""
6114
6115
#: serverguide/C/virtualization.xml:1241(para)
6116
msgid "Cloud Controller (CLC)"
6117
msgstr ""
6118
6119
#: serverguide/C/virtualization.xml:1242(para)
6120
msgid "Cluster Controller (CC)"
6121
msgstr ""
6122
6123
#: serverguide/C/virtualization.xml:1243(para)
6124
msgid "Walrus (the S3-like storage service)"
6125
msgstr ""
6126
6127
#: serverguide/C/virtualization.xml:1244(para)
6128
msgid "Storage Controller (SC)"
6129
msgstr ""
6130
6131
#: serverguide/C/virtualization.xml:1248(title)
6132
msgid "UEC Front End Requirements"
6133
msgstr ""
6134
6135
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
6136
msgid "Hardware"
6137
msgstr ""
6138
6139
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
6140
msgid "Minimum"
6141
msgstr ""
6142
6143
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
6144
msgid "Suggested"
6145
msgstr ""
6146
6147
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
6148
msgid "Notes"
6149
msgstr ""
6150
6151
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
6152
msgid "CPU"
6153
msgstr ""
6154
6155
#: serverguide/C/virtualization.xml:1265(para)
6156
msgid "1 GHz"
6157
msgstr ""
6158
6159
#: serverguide/C/virtualization.xml:1266(para)
6160
msgid "2 x 2 GHz"
6161
msgstr ""
6162
6163
#: serverguide/C/virtualization.xml:1267(para)
6164
msgid ""
6165
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
6166
"a dual core processor."
6167
msgstr ""
6168
6169
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
6170
msgid "Memory"
6171
msgstr ""
6172
6173
#: serverguide/C/virtualization.xml:1271(para)
6174
msgid "2 GB"
6175
msgstr ""
6176
6177
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
6178
msgid "4 GB"
6179
msgstr ""
6180
6181
#: serverguide/C/virtualization.xml:1273(para)
6182
msgid "The Java web front end benefits from lots of available memory."
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
6186
msgid "Disk"
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
6190
msgid "5400 RPM IDE"
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:1278(para)
6194
msgid "7200 RPM SATA"
6195
msgstr ""
6196
6197
#: serverguide/C/virtualization.xml:1279(para)
6198
msgid ""
6199
"Slower disks will work, but will yield much longer instance startup times."
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
6203
msgid "Disk Space"
6204
msgstr ""
6205
6206
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
6207
msgid "40 GB"
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:1284(para)
6211
msgid "200 GB"
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:1285(para)
6215
msgid ""
6216
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
6217
"does not like to run out of disk space."
6218
msgstr ""
6219
6220
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
6221
msgid "Networking"
6222
msgstr ""
6223
6224
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
6225
msgid "100 Mbps"
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
6229
msgid "1000 Mbps"
6230
msgstr ""
6231
6232
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
6233
msgid ""
6234
"Machine images are hundreds of MB, and need to be copied over the network to "
6235
"nodes."
6236
msgstr ""
6237
6238
#: serverguide/C/virtualization.xml:1299(title)
6239
msgid "Node Requirements"
6240
msgstr ""
6241
6242
#: serverguide/C/virtualization.xml:1301(para)
6243
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
6244
msgstr ""
6245
6246
#: serverguide/C/virtualization.xml:1306(para)
6247
msgid "the Node Controller (NC)"
6248
msgstr ""
6249
6250
#: serverguide/C/virtualization.xml:1310(title)
6251
msgid "UEC Node Requirements"
6252
msgstr ""
6253
6254
#: serverguide/C/virtualization.xml:1327(para)
6255
msgid "VT Extensions"
6256
msgstr ""
6257
6258
#: serverguide/C/virtualization.xml:1328(para)
6259
msgid "VT, 64-bit, Multicore"
6260
msgstr ""
6261
6262
#: serverguide/C/virtualization.xml:1329(para)
6263
msgid ""
6264
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
6265
"only run 1 VM per CPU core on a Node."
6266
msgstr ""
6267
6268
#: serverguide/C/virtualization.xml:1333(para)
6269
msgid "1 GB"
6270
msgstr ""
6271
6272
#: serverguide/C/virtualization.xml:1335(para)
6273
msgid "Additional memory means more, and larger guests."
6274
msgstr ""
6275
6276
#: serverguide/C/virtualization.xml:1340(para)
6277
msgid "7200 RPM SATA or SCSI"
6278
msgstr ""
6279
6280
#: serverguide/C/virtualization.xml:1341(para)
6281
msgid ""
6282
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
6283
"bottleneck."
6284
msgstr ""
6285
6286
#: serverguide/C/virtualization.xml:1346(para)
6287
msgid "100 GB"
6288
msgstr ""
6289
6290
#: serverguide/C/virtualization.xml:1347(para)
6291
msgid ""
6292
"Images will be cached locally, Eucalyptus does not like to run out of disk "
6293
"space."
6294
msgstr ""
6295
6296
#: serverguide/C/virtualization.xml:1363(title)
6297
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
6298
msgstr ""
6299
6300
#: serverguide/C/virtualization.xml:1367(para)
6301
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
6302
msgstr ""
6303
6304
#: serverguide/C/virtualization.xml:1372(para)
6305
msgid ""
6306
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
6307
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
6308
"components are present."
6309
msgstr ""
6310
6311
#: serverguide/C/virtualization.xml:1377(para)
6312
msgid ""
6313
"You can then choose which components to install, based on your chosen <ulink "
6314
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
6315
msgstr ""
6316
6317
#: serverguide/C/virtualization.xml:1382(para)
6318
msgid ""
6319
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
6320
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:1388(para)
6324
msgid ""
6325
"It will ask two other cloud-specific questions during the course of the "
6326
"install:"
6327
msgstr ""
6328
6329
#: serverguide/C/virtualization.xml:1393(para)
6330
msgid "Name of your cluster."
6331
msgstr ""
6332
6333
#: serverguide/C/virtualization.xml:1396(para)
6334
msgid "e.g. <emphasis>cluster1</emphasis>."
6335
msgstr ""
6336
6337
#: serverguide/C/virtualization.xml:1399(para)
6338
msgid ""
6339
"A range of public IP addresses on the LAN that the cloud can allocate to "
6340
"instances."
6341
msgstr ""
6342
6343
#: serverguide/C/virtualization.xml:1402(para)
6344
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:1410(title)
6348
msgid "Installing the Node Controller(s)"
6349
msgstr ""
6350
6351
#: serverguide/C/virtualization.xml:1412(para)
6352
msgid ""
6353
"The node controller install is even simpler. Just make sure that you are "
6354
"connected to the network on which the cloud/cluster controller is already "
6355
"running."
6356
msgstr ""
6357
6358
#: serverguide/C/virtualization.xml:1418(para)
6359
msgid "Boot from the same ISO on the node(s)."
6360
msgstr ""
6361
6362
#: serverguide/C/virtualization.xml:1423(para)
6363
msgid ""
6364
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6365
msgstr ""
6366
6367
#: serverguide/C/virtualization.xml:1428(para)
6368
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6369
msgstr ""
6370
6371
#: serverguide/C/virtualization.xml:1433(para)
6372
msgid ""
6373
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6374
"install for you."
6375
msgstr ""
6376
6377
#: serverguide/C/virtualization.xml:1438(para)
6378
msgid "Confirm the partitioning scheme."
6379
msgstr ""
6380
6381
#: serverguide/C/virtualization.xml:1443(para)
6382
msgid ""
6383
"The rest of the installation should proceed uninterrupted; complete the "
6384
"installation and reboot the node."
6385
msgstr ""
6386
6387
#: serverguide/C/virtualization.xml:1451(title)
6388
msgid "Register the Node(s)"
6389
msgstr ""
6390
6391
#: serverguide/C/virtualization.xml:1456(para)
6392
msgid ""
6393
"Nodes are the physical systems within <application>UEC</application> that "
6394
"actually run the virtual machine instances of the cloud."
6395
msgstr ""
6396
6397
#: serverguide/C/virtualization.xml:1460(para)
6398
msgid "All component registration should be automatic, assuming:"
6399
msgstr ""
6400
6401
#: serverguide/C/virtualization.xml:1466(para)
6402
msgid "Public SSH keys have been exchanged properly."
6403
msgstr ""
6404
6405
#: serverguide/C/virtualization.xml:1471(para)
6406
msgid "The services are configured properly."
6407
msgstr ""
6408
6409
#: serverguide/C/virtualization.xml:1476(para)
6410
msgid ""
6411
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
6412
msgstr ""
6413
6414
#: serverguide/C/virtualization.xml:1481(para)
6415
msgid "Verify Registration."
6416
msgstr ""
6417
6418
#: serverguide/C/virtualization.xml:1487(para)
6419
msgid ""
6420
"Steps a to e should only be required if you're using the <ulink "
6421
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
6422
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
6423
"should already be completed automatically for you, and therefore you can "
6424
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
6425
msgstr ""
6426
6427
#: serverguide/C/virtualization.xml:1495(para)
6428
msgid "Exchange Public Keys"
6429
msgstr ""
6430
6431
#: serverguide/C/virtualization.xml:1497(para)
6432
msgid ""
6433
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
6434
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
6435
"Controller as the eucalyptus user."
6436
msgstr ""
6437
6438
#: serverguide/C/virtualization.xml:1502(para)
6439
msgid ""
6440
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
6441
"ssh key by:"
6442
msgstr ""
6443
6444
#: serverguide/C/virtualization.xml:1508(para)
6445
msgid ""
6446
"On the target controller, temporarily set a password for the eucalyptus user:"
6447
msgstr ""
6448
6449
#: serverguide/C/virtualization.xml:1512(command)
6450
msgid "sudo passwd eucalyptus"
6451
msgstr ""
6452
6453
#: serverguide/C/virtualization.xml:1516(para)
6454
msgid "Then, on the Cloud Controller:"
6455
msgstr ""
6456
6457
#: serverguide/C/virtualization.xml:1520(command)
6458
msgid ""
6459
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
6460
"eucalyptus@<IP_OF_NODE>"
6461
msgstr ""
6462
6463
#: serverguide/C/virtualization.xml:1524(para)
6464
msgid ""
6465
"You can now remove the password of the eucalyptus account on the target "
6466
"controller, if you wish:"
6467
msgstr ""
6468
6469
#: serverguide/C/virtualization.xml:1528(command)
6470
msgid "sudo passwd -d eucalyptus"
6471
msgstr ""
6472
6473
#: serverguide/C/virtualization.xml:1535(para)
6474
msgid "Configuring the Services"
6475
msgstr ""
6476
6477
#: serverguide/C/virtualization.xml:1537(para)
6478
msgid "On the <emphasis>Cloud Controller</emphasis>:"
6479
msgstr ""
6480
6481
#: serverguide/C/virtualization.xml:1543(para)
6482
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
6483
msgstr ""
6484
6485
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
6486
msgid ""
6487
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
6488
"cc.conf</filename>"
6489
msgstr ""
6490
6491
#: serverguide/C/virtualization.xml:1549(para)
6492
msgid ""
6493
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6494
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6495
"addresses."
6496
msgstr ""
6497
6498
#: serverguide/C/virtualization.xml:1556(para)
6499
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
6500
msgstr ""
6501
6502
#: serverguide/C/virtualization.xml:1560(para)
6503
msgid ""
6504
"Define the shell variable WALRUS_IP_ADDR in "
6505
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
6506
"address."
6507
msgstr ""
6508
6509
#: serverguide/C/virtualization.xml:1565(para)
6510
msgid "On the <emphasis>Cluster Controller</emphasis>:"
6511
msgstr ""
6512
6513
#: serverguide/C/virtualization.xml:1571(para)
6514
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
6515
msgstr ""
6516
6517
#: serverguide/C/virtualization.xml:1577(para)
6518
msgid ""
6519
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6520
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6521
"addresses."
6522
msgstr ""
6523
6524
#: serverguide/C/virtualization.xml:1587(para)
6525
msgid "Publish"
6526
msgstr ""
6527
6528
#: serverguide/C/virtualization.xml:1589(para)
6529
msgid "Now start the publication services."
6530
msgstr ""
6531
6532
#: serverguide/C/virtualization.xml:1595(emphasis)
6533
msgid "Walrus Controller:"
6534
msgstr ""
6535
6536
#: serverguide/C/virtualization.xml:1597(command)
6537
msgid "sudo start eucalyptus-walrus-publication"
6538
msgstr ""
6539
6540
#: serverguide/C/virtualization.xml:1601(emphasis)
6541
msgid "Cluster Controller:"
6542
msgstr ""
6543
6544
#: serverguide/C/virtualization.xml:1603(command)
6545
msgid "sudo start eucalyptus-cc-publication"
6546
msgstr ""
6547
6548
#: serverguide/C/virtualization.xml:1607(emphasis)
6549
msgid "Storage Controller:"
6550
msgstr ""
6551
6552
#: serverguide/C/virtualization.xml:1609(command)
6553
msgid "sudo start eucalyptus-sc-publication"
6554
msgstr ""
6555
6556
#: serverguide/C/virtualization.xml:1613(emphasis)
6557
msgid "Node Controller:"
6558
msgstr ""
6559
6560
#: serverguide/C/virtualization.xml:1615(command)
6561
msgid "sudo start eucalyptus-nc-publication"
6562
msgstr ""
6563
6564
#: serverguide/C/virtualization.xml:1622(para)
6565
msgid "Start the Listener"
6566
msgstr ""
6567
6568
#: serverguide/C/virtualization.xml:1624(para)
6569
msgid ""
6570
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
6571
"Controller(s)</emphasis>, run:"
6572
msgstr ""
6573
6574
#: serverguide/C/virtualization.xml:1629(command)
6575
msgid "sudo start uec-component-listener"
6576
msgstr ""
6577
6578
#: serverguide/C/virtualization.xml:1634(para)
6579
msgid "Verify Registration"
6580
msgstr ""
6581
6582
#: serverguide/C/virtualization.xml:1637(command)
6583
msgid "cat /var/log/eucalyptus/registration.log"
6584
msgstr ""
6585
6586
#: serverguide/C/virtualization.xml:1638(computeroutput)
6587
#, no-wrap
6588
msgid ""
6589
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
6590
"10.1.1.75\n"
6591
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
6592
"0\n"
6593
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
6594
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
6595
"0\n"
6596
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
6597
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
6598
"returned 0\n"
6599
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
6600
"10.1.1.71\n"
6601
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
6602
msgstr ""
6603
6604
#: serverguide/C/virtualization.xml:1649(para)
6605
msgid "The output on your machine will vary from the example above."
6606
msgstr ""
6607
6608
#: serverguide/C/virtualization.xml:1659(title)
6609
msgid "Obtain Credentials"
6610
msgstr ""
6611
6612
#: serverguide/C/virtualization.xml:1661(para)
6613
msgid ""
6614
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6615
"users of the cloud will need to retrieve their credentials. This can be done "
6616
"either through a web browser, or at the command line."
6617
msgstr ""
6618
6619
#: serverguide/C/virtualization.xml:1667(title)
6620
msgid "From a Web Browser"
6621
msgstr ""
6622
6623
#: serverguide/C/virtualization.xml:1671(para)
6624
msgid ""
6625
"From your web browser (either remotely or on your Ubuntu server) access the "
6626
"following URL:"
6627
msgstr ""
6628
6629
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6630
#, no-wrap
6631
msgid ""
6632
"\n"
6633
"https://<cloud-controller-ip-address>:8443/\n"
6634
msgstr ""
6635
6636
#: serverguide/C/virtualization.xml:1679(para)
6637
msgid ""
6638
"You must use a secure connection, so make sure you use \"https\" not "
6639
"\"http\" in your URL. You will get a security certificate warning. You will "
6640
"have to add an exception to view the page. If you do not accept it you will "
6641
"not be able to view the Eucalyptus configuration page."
6642
msgstr ""
6643
6644
#: serverguide/C/virtualization.xml:1687(para)
6645
msgid ""
6646
"Use username <emphasis>'admin'</emphasis> and password "
6647
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6648
"to change your password)."
6649
msgstr ""
6650
6651
#: serverguide/C/virtualization.xml:1693(para)
6652
msgid ""
6653
"Then follow the on-screen instructions to update the admin password and "
6654
"email address."
6655
msgstr ""
6656
6657
#: serverguide/C/virtualization.xml:1698(para)
6658
msgid ""
6659
"Once the first time configuration process is completed, click the "
6660
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6661
"the screen."
6662
msgstr ""
6663
6664
#: serverguide/C/virtualization.xml:1704(para)
6665
msgid ""
6666
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6667
"certificates."
6668
msgstr ""
6669
6670
#: serverguide/C/virtualization.xml:1709(para)
6671
msgid "Save them to <filename>~/.euca</filename>."
6672
msgstr ""
6673
6674
#: serverguide/C/virtualization.xml:1714(para)
6675
msgid ""
6676
"Unzip the downloaded zip file into a safe location "
6677
"(<filename>~/.euca</filename>)."
6678
msgstr ""
6679
6680
#: serverguide/C/virtualization.xml:1718(command)
6681
msgid "unzip -d ~/.euca mycreds.zip"
6682
msgstr ""
6683
6684
#: serverguide/C/virtualization.xml:1725(title)
6685
msgid "From a Command Line"
6686
msgstr ""
6687
6688
#: serverguide/C/virtualization.xml:1729(para)
6689
msgid ""
6690
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6691
"Controller</emphasis>, you can run:"
6692
msgstr ""
6693
6694
#: serverguide/C/virtualization.xml:1733(command)
6695
msgid "mkdir -p ~/.euca"
6696
msgstr ""
6697
6698
#: serverguide/C/virtualization.xml:1734(command)
6699
msgid "chmod 700 ~/.euca"
6700
msgstr ""
6701
6702
#: serverguide/C/virtualization.xml:1735(command)
6703
msgid "cd ~/.euca"
6704
msgstr ""
6705
6706
#: serverguide/C/virtualization.xml:1736(command)
6707
msgid "sudo euca_conf --get-credentials mycreds.zip"
6708
msgstr ""
6709
6710
#: serverguide/C/virtualization.xml:1737(command)
6711
msgid "unzip mycreds.zip"
6712
msgstr ""
6713
6714
#: serverguide/C/virtualization.xml:1738(command)
6715
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6716
msgstr ""
6717
6718
#: serverguide/C/virtualization.xml:1739(command)
6719
msgid "cd -"
6720
msgstr ""
6721
6722
#: serverguide/C/virtualization.xml:1746(title)
6723
msgid "Extracting and Using Your Credentials"
6724
msgstr ""
6725
6726
#: serverguide/C/virtualization.xml:1748(para)
6727
msgid ""
6728
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6729
"certificates."
6730
msgstr ""
6731
6732
#: serverguide/C/virtualization.xml:1754(para)
6733
msgid "Install the required cloud user tools:"
6734
msgstr ""
6735
6736
#: serverguide/C/virtualization.xml:1758(command)
6737
msgid "sudo apt-get install euca2ools"
6738
msgstr ""
6739
6740
#: serverguide/C/virtualization.xml:1762(para)
6741
msgid ""
6742
"To validate that everything is working correctly, get the local cluster "
6743
"availability details:"
6744
msgstr ""
6745
6746
#: serverguide/C/virtualization.xml:1766(command)
6747
msgid ". ~/.euca/eucarc"
6748
msgstr ""
6749
6750
#: serverguide/C/virtualization.xml:1767(command)
6751
msgid "euca-describe-availability-zones verbose"
6752
msgstr ""
6753
6754
#: serverguide/C/virtualization.xml:1768(computeroutput)
6755
#, no-wrap
6756
msgid ""
6757
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6758
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6759
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6760
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6761
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6762
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6763
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6764
msgstr ""
6765
6766
#: serverguide/C/virtualization.xml:1778(para)
6767
msgid "Your output from the above command will vary."
6768
msgstr ""
6769
6770
#: serverguide/C/virtualization.xml:1788(title)
6771
msgid "Install an Image from the Store"
6772
msgstr ""
6773
6774
#: serverguide/C/virtualization.xml:1790(para)
6775
msgid ""
6776
"The following is by far the simplest way to install an image. However, "
6777
"advanced users may be interested in learning how to <ulink "
6778
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6779
"own image</ulink>."
6780
msgstr ""
6781
6782
#: serverguide/C/virtualization.xml:1795(para)
6783
msgid ""
6784
"The simplest way to add an image to <application>UEC</application> is to "
6785
"install it from the Image Store on the UEC web interface."
6786
msgstr ""
6787
6788
#: serverguide/C/virtualization.xml:1801(para)
6789
msgid ""
6790
"Access the web interface at the following URL (Make sure you specify https):"
6791
msgstr ""
6792
6793
#: serverguide/C/virtualization.xml:1809(para)
6794
msgid ""
6795
"Enter your login and password (if requested, as you may still be logged in "
6796
"from earlier)."
6797
msgstr ""
6798
6799
#: serverguide/C/virtualization.xml:1814(para)
6800
msgid "Click on the <emphasis>Store</emphasis> tab."
6801
msgstr ""
6802
6803
#: serverguide/C/virtualization.xml:1819(para)
6804
msgid "Browse available images."
6805
msgstr ""
6806
6807
#: serverguide/C/virtualization.xml:1824(para)
6808
msgid "Click on <emphasis>install</emphasis> for the image you want."
6809
msgstr ""
6810
6811
#: serverguide/C/virtualization.xml:1830(para)
6812
msgid ""
6813
"Once the image has been downloaded and installed, you can click on "
6814
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6815
"button to view the command to execute to instantiate (start) this image. The "
6816
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6817
"tab."
6818
msgstr ""
6819
6820
#: serverguide/C/virtualization.xml:1838(title)
6821
msgid "Run an Image"
6822
msgstr ""
6823
6824
#: serverguide/C/virtualization.xml:1840(para)
6825
msgid "There are multiple ways to instantiate an image in UEC:"
6826
msgstr ""
6827
6828
#: serverguide/C/virtualization.xml:1845(para)
6829
msgid "Use the command line."
6830
msgstr ""
6831
6832
#: serverguide/C/virtualization.xml:1846(para)
6833
msgid ""
6834
"Use one of the UEC compatible management tools such as "
6835
"<emphasis>Landscape</emphasis>."
6836
msgstr ""
6837
6838
#: serverguide/C/virtualization.xml:1848(para)
6839
msgid ""
6840
"Use the <ulink "
6841
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6842
"extension to Firefox."
6843
msgstr ""
6844
6845
#: serverguide/C/virtualization.xml:1854(para)
6846
msgid "Here we will describe the process from the command line:"
6847
msgstr ""
6848
6849
#: serverguide/C/virtualization.xml:1860(para)
6850
msgid ""
6851
"Before running an instance of your image, you should first create a "
6852
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6853
"instance as root, once it boots. The key is stored, so you will only have to "
6854
"do this once."
6855
msgstr ""
6856
6857
#: serverguide/C/virtualization.xml:1864(para)
6858
msgid "Run the following command:"
6859
msgstr ""
6860
6861
#: serverguide/C/virtualization.xml:1867(programlisting)
6862
#, no-wrap
6863
msgid ""
6864
"\n"
6865
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6866
" mkdir -p -m 700 ~/.euca\n"
6867
" touch ~/.euca/mykey.priv\n"
6868
" chmod 0600 ~/.euca/mykey.priv\n"
6869
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6870
"fi\n"
6871
msgstr ""
6872
6873
#: serverguide/C/virtualization.xml:1876(para)
6874
msgid ""
6875
"You can call your key whatever you like (in this example, the key is called "
6876
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6877
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6878
"a list of created keys stored in the system."
6879
msgstr ""
6880
6881
#: serverguide/C/virtualization.xml:1883(para)
6882
msgid "You must also allow access to port 22 in your instances:"
6883
msgstr ""
6884
6885
#: serverguide/C/virtualization.xml:1887(command)
6886
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6887
msgstr ""
6888
6889
#: serverguide/C/virtualization.xml:1891(para)
6890
msgid "Next, you can create instances of your registered image:"
6891
msgstr ""
6892
6893
#: serverguide/C/virtualization.xml:1895(command)
6894
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6895
msgstr ""
6896
6897
#: serverguide/C/virtualization.xml:1898(para)
6898
msgid ""
6899
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6900
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6901
"on the <emphasis>Store</emphasis> page to see the sample command."
6902
msgstr ""
6903
6904
#: serverguide/C/virtualization.xml:1905(para)
6905
msgid ""
6906
"The first time you run an instance, the system will be setting up caches for "
6907
"the image from which it will be created. This can often take some time the "
6908
"first time an instance is run given that VM images are usually quite large."
6909
msgstr ""
6910
6911
#: serverguide/C/virtualization.xml:1909(para)
6912
msgid "To monitor the state of your instance, run:"
6913
msgstr ""
6914
6915
#: serverguide/C/virtualization.xml:1913(command)
6916
msgid "watch -n5 euca-describe-instances"
6917
msgstr ""
6918
6919
#: serverguide/C/virtualization.xml:1915(para)
6920
msgid ""
6921
"In the output, you should see information about the instance, including its "
6922
"state. While first-time caching is being performed, the instance's state "
6923
"will be <emphasis>'pending'</emphasis>."
6924
msgstr ""
6925
6926
#: serverguide/C/virtualization.xml:1921(para)
6927
msgid ""
6928
"When the instance is fully started, the above state will become "
6929
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6930
"instance in the output, then connect to it:"
6931
msgstr ""
6932
6933
#: serverguide/C/virtualization.xml:1926(command)
6934
msgid ""
6935
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6936
"'{print $4}')"
6937
msgstr ""
6938
6939
#: serverguide/C/virtualization.xml:1927(command)
6940
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6941
msgstr ""
6942
6943
#: serverguide/C/virtualization.xml:1931(para)
6944
msgid ""
6945
"And when you are done with this instance, exit your SSH connection, then "
6946
"terminate your instance:"
6947
msgstr ""
6948
6949
#: serverguide/C/virtualization.xml:1935(command)
6950
msgid ""
6951
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6952
"awk '{print $2}')"
6953
msgstr ""
6954
6955
#: serverguide/C/virtualization.xml:1936(command)
6956
msgid "euca-terminate-instances $INSTANCEID"
6957
msgstr ""
6958
6959
#: serverguide/C/virtualization.xml:1944(para)
6960
msgid ""
6961
"The <application>cloud-init</application> package provides \"first boot\" "
6962
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6963
"generic filesystem image that is booting and customizing it for this "
6964
"particular instance. That includes things like:"
6965
msgstr ""
6966
6967
#: serverguide/C/virtualization.xml:1952(para)
6968
msgid "Setting the hostname."
6969
msgstr ""
6970
6971
#: serverguide/C/virtualization.xml:1957(para)
6972
msgid ""
6973
"Putting the provided ssh public keys into "
6974
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6975
msgstr ""
6976
6977
#: serverguide/C/virtualization.xml:1962(para)
6978
msgid "Running a user provided script, or otherwise modifying the image."
6979
msgstr ""
6980
6981
#: serverguide/C/virtualization.xml:1968(para)
6982
msgid ""
6983
"Setting hostname and configuring a system so the person who launched it can "
6984
"actually log into it are not terribly interesting. The interesting things "
6985
"that can be done with <application>cloud-init</application> are made "
6986
"possible by data provided at launch time called <ulink "
6987
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6988
"85\">user-data</ulink>."
6989
msgstr ""
6990
6991
#: serverguide/C/virtualization.xml:1974(para)
6992
msgid "First, install the <application>cloud-init</application> package:"
6993
msgstr ""
6994
6995
#: serverguide/C/virtualization.xml:1979(command)
6996
msgid "sudo apt-get install cloud-init"
6997
msgstr ""
6998
6999
#: serverguide/C/virtualization.xml:1982(para)
7000
msgid ""
7001
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
7002
"stored and executed as root late in the boot process of the instance's first "
7003
"boot (similar to a traditional 'rc.local' script). Output from the script is "
7004
"directed to the console."
7005
msgstr ""
7006
7007
#: serverguide/C/virtualization.xml:1987(para)
7008
msgid ""
7009
"For example, create a file named <filename>ud.txt</filename> containing:"
7010
msgstr ""
7011
7012
#: serverguide/C/virtualization.xml:1991(programlisting)
7013
#, no-wrap
7014
msgid ""
7015
"\n"
7016
"#!/bin/sh\n"
7017
"echo ========== Hello World: $(date) ==========\n"
7018
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
7019
msgstr ""
7020
7021
#: serverguide/C/virtualization.xml:1997(para)
7022
msgid ""
7023
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
7024
msgstr ""
7025
7026
#: serverguide/C/virtualization.xml:2002(command)
7027
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
7028
msgstr ""
7029
7030
#: serverguide/C/virtualization.xml:2005(para)
7031
msgid ""
7032
"Wait now for the system to come up and console to be available. To see the "
7033
"result of the data file commands enter:"
7034
msgstr ""
7035
7036
#: serverguide/C/virtualization.xml:2010(command)
7037
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
7038
msgstr ""
7039
7040
#: serverguide/C/virtualization.xml:2011(computeroutput)
7041
#, no-wrap
7042
msgid ""
7043
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
7044
"I have been up for 28.26 sec"
7045
msgstr ""
7046
7047
#: serverguide/C/virtualization.xml:2016(para)
7048
msgid "Your output may vary."
7049
msgstr ""
7050
7051
#: serverguide/C/virtualization.xml:2021(para)
7052
msgid ""
7053
"The simple approach shown above gives a great deal of power. The user-data "
7054
"can contain a script in any language where an interpreter already exists in "
7055
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
7056
")."
7057
msgstr ""
7058
7059
#: serverguide/C/virtualization.xml:2026(para)
7060
msgid ""
7061
"For many cases, the user may not be interested in writing a program. For "
7062
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
7063
"configuration based approach towards customization. To utilize the cloud-"
7064
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
7065
"config'</emphasis>."
7066
msgstr ""
7067
7068
#: serverguide/C/virtualization.xml:2031(para)
7069
msgid ""
7070
"For example, create a text file named <filename>clout-config.txt</filename> "
7071
"containing:"
7072
msgstr ""
7073
7074
#: serverguide/C/virtualization.xml:2035(programlisting)
7075
#, no-wrap
7076
msgid ""
7077
"\n"
7078
"#cloud-config\n"
7079
"apt_upgrade: true\n"
7080
"apt_sources:\n"
7081
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
7082
"\n"
7083
"packages:\n"
7084
"- build-essential\n"
7085
"- pastebinit\n"
7086
"\n"
7087
"runcmd:\n"
7088
"- echo ======= Hello World =====\n"
7089
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
7090
msgstr ""
7091
7092
#: serverguide/C/virtualization.xml:2050(para)
7093
msgid "Create a new instance:"
7094
msgstr ""
7095
7096
#: serverguide/C/virtualization.xml:2055(command)
7097
msgid ""
7098
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
7099
"config.txt"
7100
msgstr ""
7101
7102
#: serverguide/C/virtualization.xml:2058(para)
7103
msgid "Now, when the above system is booted, it will have:"
7104
msgstr ""
7105
7106
#: serverguide/C/virtualization.xml:2063(para)
7107
msgid "Added the Apache Edgers PPA."
7108
msgstr ""
7109
7110
#: serverguide/C/virtualization.xml:2064(para)
7111
msgid "Run an upgrade to get all updates available"
7112
msgstr ""
7113
7114
#: serverguide/C/virtualization.xml:2065(para)
7115
msgid "Installed the 'build-essential' and 'pastebinit' packages"
7116
msgstr ""
7117
7118
#: serverguide/C/virtualization.xml:2066(para)
7119
msgid "Printed a similar message to the script above"
7120
msgstr ""
7121
7122
#: serverguide/C/virtualization.xml:2070(para)
7123
msgid ""
7124
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
7125
"the latest version of Apache from upstream source repositories. Package "
7126
"versions in the PPA are unsupported, and depending on your situation, this "
7127
"may or may not be desirable. See the <ulink "
7128
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
7129
"Edgers</ulink> web page for more details."
7130
msgstr ""
7131
7132
#: serverguide/C/virtualization.xml:2077(para)
7133
msgid ""
7134
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
7135
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
7136
"It is present to allow you to get the full power of a scripting language if "
7137
"you need it without abandoning <emphasis>cloud-config</emphasis>."
7138
msgstr ""
7139
7140
#: serverguide/C/virtualization.xml:2082(para)
7141
msgid ""
7142
"For more information on what kinds of things can be done with "
7143
"<application>cloud-config</application>, see <ulink "
7144
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
7145
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
7146
msgstr ""
7147
7148
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
7149
msgid "More Information"
7150
msgstr ""
7151
7152
#: serverguide/C/virtualization.xml:2093(para)
7153
msgid ""
7154
"How to use the <ulink "
7155
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
7156
"Controller</ulink>"
7157
msgstr ""
7158
7159
#: serverguide/C/virtualization.xml:2097(para)
7160
msgid "Controlling eucalyptus services:"
7161
msgstr ""
7162
7163
#: serverguide/C/virtualization.xml:2102(para)
7164
msgid ""
7165
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
7166
msgstr ""
7167
7168
#: serverguide/C/virtualization.xml:2103(para)
7169
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
7170
msgstr ""
7171
7172
#: serverguide/C/virtualization.xml:2106(para)
7173
msgid "Locations of some important files:"
7174
msgstr ""
7175
7176
#: serverguide/C/virtualization.xml:2113(emphasis)
7177
msgid "Log files:"
7178
msgstr ""
7179
7180
#: serverguide/C/virtualization.xml:2116(para)
7181
msgid "/var/log/eucalyptus"
7182
msgstr ""
7183
7184
#: serverguide/C/virtualization.xml:2121(emphasis)
7185
msgid "Configuration files:"
7186
msgstr ""
7187
7188
#: serverguide/C/virtualization.xml:2124(para)
7189
msgid "/etc/eucalyptus"
7190
msgstr ""
7191
7192
#: serverguide/C/virtualization.xml:2129(emphasis)
7193
msgid "Database:"
7194
msgstr ""
7195
7196
#: serverguide/C/virtualization.xml:2132(para)
7197
msgid "/var/lib/eucalyptus/db"
7198
msgstr ""
7199
7200
#: serverguide/C/virtualization.xml:2137(emphasis)
7201
msgid "Keys:"
7202
msgstr ""
7203
7204
#: serverguide/C/virtualization.xml:2140(para)
7205
msgid "/var/lib/eucalyptus"
7206
msgstr ""
7207
7208
#: serverguide/C/virtualization.xml:2141(para)
7209
msgid "/var/lib/eucalyptus/.ssh"
7210
msgstr ""
7211
7212
#: serverguide/C/virtualization.xml:2147(para)
7213
msgid ""
7214
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
7215
"running the client tools."
7216
msgstr ""
7217
7218
#: serverguide/C/virtualization.xml:2158(para)
7219
msgid ""
7220
"For information on loading instances see the <ulink "
7221
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
7222
"page."
7223
msgstr ""
7224
7225
#: serverguide/C/virtualization.xml:2163(para)
7226
msgid ""
7227
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
7228
"documentation, downloads)</ulink>."
7229
msgstr ""
7230
7231
#: serverguide/C/virtualization.xml:2168(para)
7232
msgid ""
7233
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
7234
"(bugs, code)</ulink>."
7235
msgstr ""
7236
7237
#: serverguide/C/virtualization.xml:2173(para)
7238
msgid ""
7239
"<ulink "
7240
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
7241
"ptus Troubleshooting (1.5)</ulink>."
7242
msgstr ""
7243
7244
#: serverguide/C/virtualization.xml:2178(para)
7245
msgid ""
7246
"<ulink url=\"http://support.rightscale.com/2._References/02-"
7247
"Cloud_Infrastructures/Eucalyptus/03-"
7248
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
7249
"RightScale</ulink>."
7250
msgstr ""
7251
7252
#: serverguide/C/virtualization.xml:2184(para)
7253
msgid ""
7254
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
7255
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7256
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7257
msgstr ""
7258
7259
#: serverguide/C/virtualization.xml:2193(title)
7260
msgid "Glossary"
7261
msgstr ""
7262
7263
#: serverguide/C/virtualization.xml:2195(para)
7264
msgid ""
7265
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
7266
"unfamiliar to some readers. This page is intended to provide a glossary of "
7267
"such terms and acronyms."
7268
msgstr ""
7269
7270
#: serverguide/C/virtualization.xml:2202(para)
7271
msgid ""
7272
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
7273
"computing resources through virtual machines, provisioned and recollected "
7274
"dynamically."
7275
msgstr ""
7276
7277
#: serverguide/C/virtualization.xml:2208(para)
7278
msgid ""
7279
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
7280
"provides the web UI (an https server on port 8443), and implements the "
7281
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
7282
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
7283
"cloud</application> package."
7284
msgstr ""
7285
7286
#: serverguide/C/virtualization.xml:2215(para)
7287
msgid ""
7288
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
7289
"Cluster Controller. There can be more than one Cluster in an installation of "
7290
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
7291
"floor2, floor2)."
7292
msgstr ""
7293
7294
#: serverguide/C/virtualization.xml:2221(para)
7295
msgid ""
7296
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
7297
"manages collections of node resources. This service is provided by the "
7298
"Ubuntu <application>eucalyptus-cc</application> package."
7299
msgstr ""
7300
7301
#: serverguide/C/virtualization.xml:2227(para)
7302
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
7303
msgstr ""
7304
7305
#: serverguide/C/virtualization.xml:2232(para)
7306
msgid ""
7307
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
7308
"pay-by-the-gigabyte public cloud computing offering."
7309
msgstr ""
7310
7311
#: serverguide/C/virtualization.xml:2237(para)
7312
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
7313
msgstr ""
7314
7315
#: serverguide/C/virtualization.xml:2242(para)
7316
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
7317
msgstr ""
7318
7319
#: serverguide/C/virtualization.xml:2247(para)
7320
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
7321
msgstr ""
7322
7323
#: serverguide/C/virtualization.xml:2252(para)
7324
msgid ""
7325
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
7326
"Linking Your Programs To Useful Systems. An open source project originally "
7327
"from the University of California at Santa Barbara, now supported by "
7328
"Eucalyptus Systems, a Canonical Partner."
7329
msgstr ""
7330
7331
#: serverguide/C/virtualization.xml:2259(para)
7332
msgid ""
7333
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
7334
"the high level Eucalyptus components (cloud, walrus, storage controller, "
7335
"cluster controller)."
7336
msgstr ""
7337
7338
#: serverguide/C/virtualization.xml:2265(para)
7339
msgid ""
7340
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
7341
"running virtual machines, running a node controller. Within Ubuntu, this "
7342
"generally means that the CPU has VT extensions, and can run the KVM "
7343
"hypervisor."
7344
msgstr ""
7345
7346
#: serverguide/C/virtualization.xml:2271(para)
7347
msgid ""
7348
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
7349
"on nodes which host the virtual machines that comprise the cloud. This "
7350
"service is provided by the Ubuntu package <application>eucalyptus-"
7351
"nc</application>."
7352
msgstr ""
7353
7354
#: serverguide/C/virtualization.xml:2277(para)
7355
msgid ""
7356
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
7357
"gigabyte persistent storage solution for EC2."
7358
msgstr ""
7359
7360
#: serverguide/C/virtualization.xml:2282(para)
7361
msgid ""
7362
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
7363
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
7364
"installation can have its own Storage Controller. This component is provided "
7365
"by the <application>eucalyptus-sc</application> package."
7366
msgstr ""
7367
7368
#: serverguide/C/virtualization.xml:2289(para)
7369
msgid ""
7370
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
7371
"solution, based on Eucalyptus."
7372
msgstr ""
7373
7374
#: serverguide/C/virtualization.xml:2294(para)
7375
msgid "<emphasis>VM</emphasis> - Virtual Machine."
7376
msgstr ""
7377
7378
#: serverguide/C/virtualization.xml:2299(para)
7379
msgid ""
7380
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7381
"some modern CPUs, allowing for accelerated virtual machine hosting."
7382
msgstr ""
7383
7384
#: serverguide/C/virtualization.xml:2304(para)
7385
msgid ""
7386
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7387
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7388
"put/get abstractions."
7389
msgstr ""
7390
7391
#: serverguide/C/vcs.xml:13(title)
7392
msgid "Version Control System"
7393
msgstr ""
7394
7395
#: serverguide/C/vcs.xml:14(para)
7396
msgid ""
7397
"Version control is the art of managing changes to information. It has long "
7398
"been a critical tool for programmers, who typically spend their time making "
7399
"small changes to software and then undoing those changes the next day. But "
7400
"the usefulness of version control software extends far beyond the bounds of "
7401
"the software development world. Anywhere you can find people using computers "
7402
"to manage information that changes often, there is room for version control."
7403
msgstr ""
7404
7405
#: serverguide/C/vcs.xml:17(title)
7406
msgid "Bazaar"
7407
msgstr ""
7408
7409
#: serverguide/C/vcs.xml:18(para)
7410
msgid ""
7411
"Bazaar is a new version control system sponsored by Canonical, the "
7412
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7413
"support a central repository model, Bazaar also supports "
7414
"<emphasis>distributed version control</emphasis>, giving people the ability "
7415
"to collaborate more efficiently. In particular, Bazaar is designed to "
7416
"maximize the level of community participation in open source projects."
7417
msgstr ""
7418
7419
#: serverguide/C/vcs.xml:29(para)
7420
msgid ""
7421
"At a terminal prompt, enter the following command to install "
7422
"<application>bzr</application>: <screen>\n"
7423
"<command>sudo apt-get install bzr</command>\n"
7424
"</screen>"
7425
msgstr ""
7426
7427
#: serverguide/C/vcs.xml:40(para)
7428
msgid ""
7429
"To introduce yourself to <application>bzr</application>, use the "
7430
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7431
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7432
"</screen>"
7433
msgstr ""
7434
7435
#: serverguide/C/vcs.xml:49(title)
7436
msgid "Learning Bazaar"
7437
msgstr ""
7438
7439
#: serverguide/C/vcs.xml:50(para)
7440
msgid ""
7441
"Bazaar comes with bundled documentation installed into "
7442
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7443
"is a good place to start. The <application>bzr</application> command also "
7444
"comes with built-in help: <screen>\n"
7445
"<command>$ bzr help</command>\n"
7446
"</screen>"
7447
msgstr ""
7448
7449
#: serverguide/C/vcs.xml:60(para)
7450
msgid ""
7451
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7452
"<command>$ bzr help foo</command>\n"
7453
"</screen>"
7454
msgstr ""
7455
7456
#: serverguide/C/vcs.xml:68(title)
7457
msgid "Launchpad Integration"
7458
msgstr ""
7459
7460
#: serverguide/C/vcs.xml:69(para)
7461
msgid ""
7462
"While highly useful as a stand-alone system, Bazaar has good, optional "
7463
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7464
"the collaborative development system used by Canonical and the broader open "
7465
"source community to manage and extend Ubuntu itself. For information on how "
7466
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7467
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7468
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7469
msgstr ""
7470
7471
#: serverguide/C/vcs.xml:81(title)
7472
msgid "Subversion"
7473
msgstr ""
7474
7475
#: serverguide/C/vcs.xml:82(para)
7476
msgid ""
7477
"Subversion is an open source version control system. Using Subversion, you "
7478
"can record the history of source files and documents. It manages files and "
7479
"directories over time. A tree of files is placed into a central repository. "
7480
"The repository is much like an ordinary file server, except that it "
7481
"remembers every change ever made to files and directories."
7482
msgstr ""
7483
7484
#: serverguide/C/vcs.xml:87(para)
7485
msgid ""
7486
"To access Subversion repository using the HTTP protocol, you must install "
7487
"and configure a web server. Apache2 is proven to work with Subversion. "
7488
"Please refer to the HTTP subsection in the Apache2 section to install and "
7489
"configure Apache2. To access the Subversion repository using the HTTPS "
7490
"protocol, you must install and configure a digital certificate in your "
7491
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7492
"section to install and configure the digital certificate."
7493
msgstr ""
7494
7495
#: serverguide/C/vcs.xml:96(para)
7496
msgid ""
7497
"To install Subversion, run the following command from a terminal prompt:"
7498
msgstr ""
7499
7500
#: serverguide/C/vcs.xml:101(command)
7501
msgid "sudo apt-get install subversion libapache2-svn"
7502
msgstr ""
7503
7504
#: serverguide/C/vcs.xml:108(para)
7505
msgid ""
7506
"This step assumes you have installed above mentioned packages on your "
7507
"system. This section explains how to create a Subversion repository and "
7508
"access the project."
7509
msgstr ""
7510
7511
#: serverguide/C/vcs.xml:111(title)
7512
msgid "Create Subversion Repository"
7513
msgstr ""
7514
7515
#: serverguide/C/vcs.xml:112(para)
7516
msgid ""
7517
"The Subversion repository can be created using the following command from a "
7518
"terminal prompt:"
7519
msgstr ""
7520
7521
#: serverguide/C/vcs.xml:116(command)
7522
msgid "svnadmin create /path/to/repos/project"
7523
msgstr ""
7524
7525
#: serverguide/C/vcs.xml:121(title)
7526
msgid "Importing Files"
7527
msgstr ""
7528
7529
#: serverguide/C/vcs.xml:122(para)
7530
msgid ""
7531
"Once you create the repository you can <emphasis>import</emphasis> files "
7532
"into the repository. To import a directory, enter the following from a "
7533
"terminal prompt: <screen>\n"
7534
"<command>svn import /path/to/import/directory "
7535
"file:///path/to/repos/project</command>\n"
7536
"</screen>"
7537
msgstr ""
7538
7539
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7540
msgid "Access Methods"
7541
msgstr ""
7542
7543
#: serverguide/C/vcs.xml:135(para)
7544
msgid ""
7545
"Subversion repositories can be accessed (checked out) through many different "
7546
"methods --on local disk, or through various network protocols. A repository "
7547
"location, however, is always a URL. The table describes how different URL "
7548
"schemes map to the available access methods."
7549
msgstr ""
7550
7551
#: serverguide/C/vcs.xml:146(para)
7552
msgid "Schema"
7553
msgstr ""
7554
7555
#: serverguide/C/vcs.xml:147(para)
7556
msgid "Access Method"
7557
msgstr ""
7558
7559
#: serverguide/C/vcs.xml:152(para)
7560
msgid "file://"
7561
msgstr ""
7562
7563
#: serverguide/C/vcs.xml:153(para)
7564
msgid "direct repository access (on local disk)"
7565
msgstr ""
7566
7567
#: serverguide/C/vcs.xml:156(para)
7568
msgid "http://"
7569
msgstr ""
7570
7571
#: serverguide/C/vcs.xml:157(para)
7572
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7573
msgstr ""
7574
7575
#: serverguide/C/vcs.xml:160(para)
7576
msgid "https://"
7577
msgstr ""
7578
7579
#: serverguide/C/vcs.xml:161(para)
7580
msgid "Same as http://, but with SSL encryption"
7581
msgstr ""
7582
7583
#: serverguide/C/vcs.xml:164(para)
7584
msgid "svn://"
7585
msgstr ""
7586
7587
#: serverguide/C/vcs.xml:165(para)
7588
msgid "Access via custom protocol to an svnserve server"
7589
msgstr ""
7590
7591
#: serverguide/C/vcs.xml:168(para)
7592
msgid "svn+ssh://"
7593
msgstr ""
7594
7595
#: serverguide/C/vcs.xml:169(para)
7596
msgid "Same as svn://, but through an SSH tunnel"
7597
msgstr ""
7598
7599
#: serverguide/C/vcs.xml:175(para)
7600
msgid ""
7601
"In this section, we will see how to configure Subversion for all these "
7602
"access methods. Here, we cover the basics. For more advanced usage details, "
7603
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7604
msgstr ""
7605
7606
#: serverguide/C/vcs.xml:182(title)
7607
msgid "Direct repository access (file://)"
7608
msgstr ""
7609
7610
#: serverguide/C/vcs.xml:183(para)
7611
msgid ""
7612
"This is the simplest of all access methods. It does not require any "
7613
"Subversion server process to be running. This access method is used to "
7614
"access Subversion from the same machine. The syntax of the command, entered "
7615
"at a terminal prompt, is as follows:"
7616
msgstr ""
7617
7618
#: serverguide/C/vcs.xml:190(command)
7619
msgid "svn co file:///path/to/repos/project"
7620
msgstr ""
7621
7622
#: serverguide/C/vcs.xml:193(para)
7623
msgid "or"
7624
msgstr ""
7625
7626
#: serverguide/C/vcs.xml:196(command)
7627
msgid "svn co file://localhost/path/to/repos/project"
7628
msgstr ""
7629
7630
#: serverguide/C/vcs.xml:200(para)
7631
msgid ""
7632
"If you do not specify the hostname, there are three forward slashes (///) -- "
7633
"two for the protocol (file, in this case) plus the leading slash in the "
7634
"path. If you specify the hostname, you must use two forward slashes (//)."
7635
msgstr ""
7636
7637
#: serverguide/C/vcs.xml:202(para)
7638
msgid ""
7639
"The repository permissions depend on filesystem permissions. If the user has "
7640
"read/write permission, he can checkout from and commit to the repository."
7641
msgstr ""
7642
7643
#: serverguide/C/vcs.xml:205(title)
7644
msgid "Access via WebDAV protocol (http://)"
7645
msgstr ""
7646
7647
#: serverguide/C/vcs.xml:206(para)
7648
msgid ""
7649
"To access the Subversion repository via WebDAV protocol, you must configure "
7650
"your Apache 2 web server. Add the following snippet between the "
7651
"<emphasis><VirtualHost></emphasis> and "
7652
"<emphasis></VirtualHost></emphasis> elements in "
7653
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7654
"VirtualHost file:"
7655
msgstr ""
7656
7657
#: serverguide/C/vcs.xml:212(programlisting)
7658
#, no-wrap
7659
msgid ""
7660
"\n"
7661
" <Location /svn>\n"
7662
" DAV svn\n"
7663
" SVNPath /home/svn\n"
7664
" AuthType Basic\n"
7665
" AuthName \"Your repository name\"\n"
7666
" AuthUserFile /etc/subversion/passwd\n"
7667
" Require valid-user\n"
7668
" </Location> \n"
7669
msgstr ""
7670
7671
#: serverguide/C/vcs.xml:223(para)
7672
msgid ""
7673
"The above configuration snippet assumes that Subversion repositories are "
7674
"created under <filename>/home/svn/</filename> directory using "
7675
"<command>svnadmin</command> command. They can be accessible using "
7676
"<command>http://hostname/svn/repos_name</command> url."
7677
msgstr ""
7678
7679
#: serverguide/C/vcs.xml:229(para)
7680
msgid ""
7681
"To import or commit files to your Subversion repository over HTTP, the "
7682
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7683
"HTTP user is <command>www-data</command>. To change the ownership of the "
7684
"repository files enter the following command from terminal prompt:"
7685
msgstr ""
7686
7687
#: serverguide/C/vcs.xml:238(command)
7688
msgid "sudo chown -R www-data:www-data /path/to/repos"
7689
msgstr ""
7690
7691
#: serverguide/C/vcs.xml:241(para)
7692
msgid ""
7693
"By changing the ownership of repository as <command>www-data</command> you "
7694
"will not be able to import or commit files into the repository by running "
7695
"<command>svn import file:///</command> command as any user other than "
7696
"<command>www-data</command>."
7697
msgstr ""
7698
7699
#: serverguide/C/vcs.xml:250(para)
7700
msgid ""
7701
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7702
"that will contain user authentication details. To create a file issue the "
7703
"following command at a command prompt (which will create the file and add "
7704
"the first user):"
7705
msgstr ""
7706
7707
#: serverguide/C/vcs.xml:256(command)
7708
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7709
msgstr ""
7710
7711
#: serverguide/C/vcs.xml:259(para)
7712
msgid ""
7713
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7714
"option replaces the old file. Instead use this form:"
7715
msgstr ""
7716
7717
#: serverguide/C/vcs.xml:264(command)
7718
msgid "sudo htpasswd /etc/subversion/password user_name"
7719
msgstr ""
7720
7721
#: serverguide/C/vcs.xml:268(para)
7722
msgid ""
7723
"This command will prompt you to enter the password. Once you enter the "
7724
"password, the user is added. Now, to access the repository you can run the "
7725
"following command:"
7726
msgstr ""
7727
7728
#: serverguide/C/vcs.xml:269(command)
7729
msgid "svn co http://servername/svn"
7730
msgstr ""
7731
7732
#: serverguide/C/vcs.xml:271(para)
7733
msgid ""
7734
"The password is transmitted as plain text. If you are worried about password "
7735
"snooping, you are advised to use SSL encryption. For details, please refer "
7736
"next section."
7737
msgstr ""
7738
7739
#: serverguide/C/vcs.xml:277(title)
7740
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7741
msgstr ""
7742
7743
#: serverguide/C/vcs.xml:278(para)
7744
msgid ""
7745
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7746
"(https://) is similar to http:// except that you must install and configure "
7747
"the digital certificate in your Apache2 web server. To use SSL with "
7748
"Subversion add the above Apache2 configuration to "
7749
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7750
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7751
"configuration\"/>."
7752
msgstr ""
7753
7754
#: serverguide/C/vcs.xml:287(para)
7755
msgid ""
7756
"You can install a digital certificate issued by a signing authority. "
7757
"Alternatively, you can install your own self-signed certificate."
7758
msgstr ""
7759
7760
#: serverguide/C/vcs.xml:292(para)
7761
msgid ""
7762
"This step assumes you have installed and configured a digital certificate in "
7763
"your Apache 2 web server. Now, to access the Subversion repository, please "
7764
"refer to the above section! The access methods are exactly the same, except "
7765
"the protocol. You must use https:// to access the Subversion repository."
7766
msgstr ""
7767
7768
#: serverguide/C/vcs.xml:302(title)
7769
msgid "Access via custom protocol (svn://)"
7770
msgstr ""
7771
7772
#: serverguide/C/vcs.xml:303(para)
7773
msgid ""
7774
"Once the Subversion repository is created, you can configure the access "
7775
"control. You can edit the <filename> "
7776
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7777
"access control. For example, to set up authentication, you can uncomment the "
7778
"following lines in the configuration file:"
7779
msgstr ""
7780
7781
#: serverguide/C/vcs.xml:310(programlisting)
7782
#, no-wrap
7783
msgid ""
7784
"# [general]\n"
7785
"# password-db = passwd"
7786
msgstr ""
7787
7788
#: serverguide/C/vcs.xml:313(para)
7789
msgid ""
7790
"After uncommenting the above lines, you can maintain the user list in the "
7791
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7792
"directory and add the new user. The syntax is as follows:"
7793
msgstr ""
7794
7795
#: serverguide/C/vcs.xml:319(programlisting)
7796
#, no-wrap
7797
msgid "username = password"
7798
msgstr ""
7799
7800
#: serverguide/C/vcs.xml:320(para)
7801
msgid "For more details, please refer to the file."
7802
msgstr ""
7803
7804
#: serverguide/C/vcs.xml:324(para)
7805
msgid ""
7806
"Now, to access Subversion via the svn:// custom protocol, either from the "
7807
"same machine or a different machine, you can run svnserver using svnserve "
7808
"command. The syntax is as follows:"
7809
msgstr ""
7810
7811
#: serverguide/C/vcs.xml:329(programlisting)
7812
#, no-wrap
7813
msgid ""
7814
"$ svnserve -d --foreground -r /path/to/repos\n"
7815
"# -d -- daemon mode\n"
7816
"# --foreground -- run in foreground (useful for debugging)\n"
7817
"# -r -- root of directory to serve\n"
7818
"\n"
7819
"For more usage details, please refer to:\n"
7820
"$ svnserve --help"
7821
msgstr ""
7822
7823
#: serverguide/C/vcs.xml:337(para)
7824
msgid ""
7825
"Once you run this command, Subversion starts listening on default port "
7826
"(3690). To access the project repository, you must run the following command "
7827
"from a terminal prompt:"
7828
msgstr ""
7829
7830
#: serverguide/C/vcs.xml:340(command)
7831
msgid "svn co svn://hostname/project project --username user_name"
7832
msgstr ""
7833
7834
#: serverguide/C/vcs.xml:343(para)
7835
msgid ""
7836
"Based on server configuration, it prompts for password. Once you are "
7837
"authenticated, it checks out the code from Subversion repository. To "
7838
"synchronize the project repository with the local copy, you can run the "
7839
"<command>update</command> sub-command. The syntax of the command, entered at "
7840
"a terminal prompt, is as follows:"
7841
msgstr ""
7842
7843
#: serverguide/C/vcs.xml:351(command)
7844
msgid "cd project_dir ; svn update"
7845
msgstr ""
7846
7847
#: serverguide/C/vcs.xml:354(para)
7848
msgid ""
7849
"For more details about using each Subversion sub-command, you can refer to "
7850
"the manual. For example, to learn more about the co (checkout) command, "
7851
"please run the following command from a terminal prompt:"
7852
msgstr ""
7853
7854
#: serverguide/C/vcs.xml:358(command)
7855
msgid "svn co help"
7856
msgstr ""
7857
7858
#: serverguide/C/vcs.xml:362(title)
7859
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7860
msgstr ""
7861
7862
#: serverguide/C/vcs.xml:363(para)
7863
msgid ""
7864
"The configuration and server process is same as in the svn:// method. For "
7865
"details, please refer to the above section. This step assumes you have "
7866
"followed the above step and started the Subversion server using "
7867
"<application>svnserve</application> command."
7868
msgstr ""
7869
7870
#: serverguide/C/vcs.xml:369(para)
7871
msgid ""
7872
"It is also assumed that the ssh server is running on that machine and that "
7873
"it is allowing incoming connections. To confirm, please try to login to that "
7874
"machine using ssh. If you can login, everything is perfect. If you cannot "
7875
"login, please address it before continuing further."
7876
msgstr ""
7877
7878
#: serverguide/C/vcs.xml:375(para)
7879
msgid ""
7880
"The svn+ssh:// protocol is used to access the Subversion repository using "
7881
"SSL encryption. The data transfer is encrypted using this method. To access "
7882
"the project repository (for example with a checkout), you must use the "
7883
"following command syntax:"
7884
msgstr ""
7885
7886
#: serverguide/C/vcs.xml:382(command)
7887
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7888
msgstr ""
7889
7890
#: serverguide/C/vcs.xml:386(para)
7891
msgid ""
7892
"You must use the full path (/path/to/repos/project) to access the Subversion "
7893
"repository using this access method."
7894
msgstr ""
7895
7896
#: serverguide/C/vcs.xml:389(para)
7897
msgid ""
7898
"Based on server configuration, it prompts for password. You must enter the "
7899
"password you use to login via ssh. Once you are authenticated, it checks out "
7900
"the code from the Subversion repository."
7901
msgstr ""
7902
7903
#: serverguide/C/vcs.xml:399(title)
7904
msgid "CVS Server"
7905
msgstr ""
7906
7907
#: serverguide/C/vcs.xml:400(para)
7908
msgid ""
7909
"CVS is a version control system. You can use it to record the history of "
7910
"source files."
7911
msgstr ""
7912
7913
#: serverguide/C/vcs.xml:406(para)
7914
msgid ""
7915
"To install <application>CVS</application>, run the following command from a "
7916
"terminal prompt: <screen>\n"
7917
"<command>sudo apt-get install cvs</command>\n"
7918
"</screen> After you install <application>cvs</application>, you should "
7919
"install <application>xinetd</application> to start/stop the cvs server. At "
7920
"the prompt, enter the following command to install "
7921
"<application>xinetd</application>: <screen>\n"
7922
"<command>sudo apt-get install xinetd</command>\n"
7923
"</screen>"
7924
msgstr ""
7925
7926
#: serverguide/C/vcs.xml:439(programlisting)
7927
#, no-wrap
7928
msgid ""
7929
"\n"
7930
"service cvspserver\n"
7931
"{\n"
7932
" port = 2401\n"
7933
" socket_type = stream\n"
7934
" protocol = tcp\n"
7935
" user = root\n"
7936
" wait = no\n"
7937
" type = UNLISTED\n"
7938
" server = /usr/bin/cvs\n"
7939
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7940
" disable = no\n"
7941
"}\n"
7942
msgstr ""
7943
7944
#: serverguide/C/vcs.xml:455(para)
7945
msgid ""
7946
"Be sure to edit the repository if you have changed the default repository "
7947
"(<application>/var/lib/cvs</application>) directory."
7948
msgstr ""
7949
7950
#: serverguide/C/vcs.xml:424(para)
7951
msgid ""
7952
"Once you install cvs, the repository will be automatically initialized. By "
7953
"default, the repository resides under the "
7954
"<application>/var/lib/cvs</application> directory. You can change this path "
7955
"by running following command: <screen>\n"
7956
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7957
"</screen> Once the initial repository is set up, you can configure "
7958
"<application>xinetd</application> to start the CVS server. You can copy the "
7959
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7960
"<placeholder-1/><placeholder-2/> Once you have configured "
7961
"<application>xinetd</application> you can start the cvs server by running "
7962
"following command: <screen>\n"
7963
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7964
"</screen>"
7965
msgstr ""
7966
7967
#: serverguide/C/vcs.xml:468(para)
7968
msgid ""
7969
"You can confirm that the CVS server is running by issuing the following "
7970
"command:"
7971
msgstr ""
7972
7973
#: serverguide/C/vcs.xml:475(command)
7974
msgid "sudo netstat -tap | grep cvs"
7975
msgstr ""
7976
7977
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7978
msgid ""
7979
"When you run this command, you should see the following line or something "
7980
"similar:"
7981
msgstr ""
7982
7983
#: serverguide/C/vcs.xml:484(programlisting)
7984
#, no-wrap
7985
msgid ""
7986
"\n"
7987
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7988
msgstr ""
7989
7990
#: serverguide/C/vcs.xml:488(para)
7991
msgid ""
7992
"From here you can continue to add users, add new projects, and manage the "
7993
"CVS server."
7994
msgstr ""
7995
7996
#: serverguide/C/vcs.xml:493(para)
7997
msgid ""
7998
"CVS allows the user to add users independently of the underlying OS "
7999
"installation. Probably the easiest way is to use the Linux Users for CVS, "
8000
"although it has potential security issues. Please refer to the CVS manual "
8001
"for details."
8002
msgstr ""
8003
8004
#: serverguide/C/vcs.xml:503(title)
8005
msgid "Add Projects"
8006
msgstr ""
8007
8008
#: serverguide/C/vcs.xml:515(para)
8009
msgid ""
8010
"You can use the CVSROOT environment variable to store the CVS root "
8011
"directory. Once you export the CVSROOT environment variable, you can avoid "
8012
"using -d option in the above cvs command."
8013
msgstr ""
8014
8015
#: serverguide/C/vcs.xml:527(para)
8016
msgid ""
8017
"When you add a new project, the CVS user you use must have write access to "
8018
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
8019
"the <application>src</application> group has write access to the CVS "
8020
"repository. So, you can add the user to this group, and he can then add and "
8021
"manage projects in the CVS repository."
8022
msgstr ""
8023
8024
#: serverguide/C/vcs.xml:504(para)
8025
msgid ""
8026
"This section explains how to add new project to the CVS repository. Create "
8027
"the directory and add necessary document and source files to the directory. "
8028
"Now, run the following command to add this project to CVS repository: "
8029
"<screen>\n"
8030
"<command>cd your/project</command>\n"
8031
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
8032
"\"Importing my project to CVS repository\" . new_project start</command>\n"
8033
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
8034
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
8035
"purpose in this context, but since CVS requires them, they must be present. "
8036
"<placeholder-2/>"
8037
msgstr ""
8038
8039
#: serverguide/C/vcs.xml:540(ulink)
8040
msgid "Bazaar Home Page"
8041
msgstr ""
8042
8043
#: serverguide/C/vcs.xml:541(ulink)
8044
msgid "Launchpad"
8045
msgstr ""
8046
8047
#: serverguide/C/vcs.xml:542(ulink)
8048
msgid "Subversion Home Page"
8049
msgstr ""
8050
8051
#: serverguide/C/vcs.xml:543(ulink)
8052
msgid "Subversion Book"
8053
msgstr ""
8054
8055
#: serverguide/C/vcs.xml:545(ulink)
8056
msgid "CVS Manual"
8057
msgstr ""
8058
8059
#: serverguide/C/vcs.xml:546(ulink)
8060
msgid "Easy Bazaar Ubuntu Wiki page"
8061
msgstr ""
8062
8063
#: serverguide/C/vcs.xml:547(ulink)
8064
msgid "Ubuntu Wiki Subversion page"
8065
msgstr ""
8066
8067
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
8068
msgid "Credits and License"
8069
msgstr ""
8070
8071
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
8072
msgid ""
8073
"This document is maintained by the Ubuntu documentation team "
8074
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
8075
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
8076
msgstr ""
8077
8078
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
8079
msgid ""
8080
"This document is made available under the Creative Commons ShareAlike 2.5 "
8081
"License (CC-BY-SA)."
8082
msgstr ""
8083
8084
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
8085
msgid ""
8086
"You are free to modify, extend, and improve the Ubuntu documentation source "
8087
"code under the terms of this license. All derivative works must be released "
8088
"under this license."
8089
msgstr ""
8090
8091
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
8092
msgid ""
8093
"This documentation is distributed in the hope that it will be useful, but "
8094
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
8095
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
8096
msgstr ""
8097
8098
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
8099
msgid ""
8100
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
8101
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
8102
msgstr ""
8103
8104
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
8105
msgid "2010"
8106
msgstr ""
8107
8108
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
8109
msgid "Ubuntu Documentation Project"
8110
msgstr ""
8111
8112
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
8113
msgid "Canonical Ltd. and members of the <placeholder-1/>"
8114
msgstr ""
8115
8116
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
8117
msgid "The Ubuntu Documentation Project"
8118
msgstr ""
8119
8120
#: serverguide/C/serverguide.xml:17(para)
8121
msgid ""
8122
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
8123
"information on how to install and configure various server applications on "
8124
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
8125
"guide for configuring and customizing your system."
8126
msgstr ""
8127
8128
#: serverguide/C/security.xml:13(title)
8129
msgid "Security"
8130
msgstr ""
8131
8132
#: serverguide/C/security.xml:14(para)
8133
msgid ""
8134
"Security should always be considered when installing, deploying, and using "
8135
"any type of computer system. Although a fresh installation of Ubuntu is "
8136
"relatively safe for immediate use on the Internet, it is important to have a "
8137
"balanced understanding of your systems security posture based on how it will "
8138
"be used after deployment."
8139
msgstr ""
8140
8141
#: serverguide/C/security.xml:17(para)
8142
msgid ""
8143
"This chapter provides an overview of security related topics as they pertain "
8144
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
8145
"protect your server and network from any number of potential security "
8146
"threats."
8147
msgstr ""
8148
8149
#: serverguide/C/security.xml:21(title)
8150
msgid "User Management"
8151
msgstr ""
8152
8153
#: serverguide/C/security.xml:22(para)
8154
msgid ""
8155
"User management is a critical part of maintaining a secure system. "
8156
"Ineffective user and privilege management often lead many systems into being "
8157
"compromised. Therefore, it is important that you understand how you can "
8158
"protect your server through simple and effective user account management "
8159
"techniques."
8160
msgstr ""
8161
8162
#: serverguide/C/security.xml:26(title)
8163
msgid "Where is root?"
8164
msgstr ""
8165
8166
#: serverguide/C/security.xml:27(para)
8167
msgid ""
8168
"Ubuntu developers made a conscientious decision to disable the "
8169
"administrative root account by default in all Ubuntu installations. This "
8170
"does not mean that the root account has been deleted or that it may not be "
8171
"accessed. It merely has been given a password which matches no possible "
8172
"encrypted value, therefore may not log in directly by itself."
8173
msgstr ""
8174
8175
#: serverguide/C/security.xml:30(para)
8176
msgid ""
8177
"Instead, users are encouraged to make use of a tool by the name of "
8178
"<application>sudo</application> to carry out system administrative duties. "
8179
"<application>Sudo</application> allows an authorized user to temporarily "
8180
"elevate their privileges using their own password instead of having to know "
8181
"the password belonging to the root account. This simple yet effective "
8182
"methodology provides accountability for all user actions, and gives the "
8183
"administrator granular control over which actions a user can perform with "
8184
"said privileges."
8185
msgstr ""
8186
8187
#: serverguide/C/security.xml:35(para)
8188
msgid ""
8189
"If for some reason you wish to enable the root account, simply give it a "
8190
"password:"
8191
msgstr ""
8192
8193
#: serverguide/C/security.xml:39(command)
8194
msgid "sudo passwd"
8195
msgstr ""
8196
8197
#: serverguide/C/security.xml:41(para)
8198
msgid ""
8199
"Sudo will prompt you for your password, and then ask you to supply a new "
8200
"password for root as shown below:"
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:44(userinput)
8204
#, no-wrap
8205
msgid "(enter your own password)"
8206
msgstr ""
8207
8208
#: serverguide/C/security.xml:45(userinput)
8209
#, no-wrap
8210
msgid "(enter a new password for root)"
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:46(userinput)
8214
#, no-wrap
8215
msgid "(repeat new password for root)"
8216
msgstr ""
8217
8218
#: serverguide/C/security.xml:44(computeroutput)
8219
#, no-wrap
8220
msgid ""
8221
"[sudo] password for username: <placeholder-1/>\n"
8222
"Enter new UNIX password: <placeholder-2/>\n"
8223
"Retype new UNIX password: <placeholder-3/>\n"
8224
"passwd: password updated successfully"
8225
msgstr ""
8226
8227
#: serverguide/C/security.xml:51(para)
8228
msgid "To disable the root account, use the following passwd syntax:"
8229
msgstr ""
8230
8231
#: serverguide/C/security.xml:55(command)
8232
msgid "sudo passwd -l root"
8233
msgstr ""
8234
8235
#: serverguide/C/security.xml:59(para)
8236
msgid ""
8237
"You should read more on <application>Sudo</application> by checking out it's "
8238
"man page:"
8239
msgstr ""
8240
8241
#: serverguide/C/security.xml:63(command)
8242
msgid "man sudo"
8243
msgstr ""
8244
8245
#: serverguide/C/security.xml:67(para)
8246
msgid ""
8247
"By default, the initial user created by the Ubuntu installer is a member of "
8248
"the group \"admin\" which is added to the file "
8249
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
8250
"give any other account full root access through "
8251
"<application>sudo</application>, simply add them to the admin group."
8252
msgstr ""
8253
8254
#: serverguide/C/security.xml:73(title)
8255
msgid "Adding and Deleting Users"
8256
msgstr ""
8257
8258
#: serverguide/C/security.xml:74(para)
8259
msgid ""
8260
"The process for managing local users and groups is straight forward and "
8261
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
8262
"other Debian based distributions, encourage the use of the \"adduser\" "
8263
"package for account management."
8264
msgstr ""
8265
8266
#: serverguide/C/security.xml:79(para)
8267
msgid ""
8268
"To add a user account, use the following syntax, and follow the prompts to "
8269
"give the account a password and identifiable characteristics such as a full "
8270
"name, phone number, etc."
8271
msgstr ""
8272
8273
#: serverguide/C/security.xml:83(command)
8274
msgid "sudo adduser username"
8275
msgstr ""
8276
8277
#: serverguide/C/security.xml:87(para)
8278
msgid ""
8279
"To delete a user account and its primary group, use the following syntax:"
8280
msgstr ""
8281
8282
#: serverguide/C/security.xml:91(command)
8283
msgid "sudo deluser username"
8284
msgstr ""
8285
8286
#: serverguide/C/security.xml:93(para)
8287
msgid ""
8288
"Deleting an account does not remove their respective home folder. It is up "
8289
"to you whether or not you wish to delete the folder manually or keep it "
8290
"according to your desired retention policies."
8291
msgstr ""
8292
8293
#: serverguide/C/security.xml:96(para)
8294
msgid ""
8295
"Remember, any user added later on with the same UID/GID as the previous "
8296
"owner will now have access to this folder if you have not taken the "
8297
"necessary precautions."
8298
msgstr ""
8299
8300
#: serverguide/C/security.xml:99(para)
8301
msgid ""
8302
"You may want to change these UID/GID values to something more appropriate, "
8303
"such as the root account, and perhaps even relocate the folder to avoid "
8304
"future conflicts:"
8305
msgstr ""
8306
8307
#: serverguide/C/security.xml:103(command)
8308
msgid "sudo chown -R root:root /home/username/"
8309
msgstr ""
8310
8311
#: serverguide/C/security.xml:104(command)
8312
msgid "sudo mkdir /home/archived_users/"
8313
msgstr ""
8314
8315
#: serverguide/C/security.xml:105(command)
8316
msgid "sudo mv /home/username /home/archived_users/"
8317
msgstr ""
8318
8319
#: serverguide/C/security.xml:109(para)
8320
msgid ""
8321
"To temporarily lock or unlock a user account, use the following syntax, "
8322
"respectively:"
8323
msgstr ""
8324
8325
#: serverguide/C/security.xml:113(command)
8326
msgid "sudo passwd -l username"
8327
msgstr ""
8328
8329
#: serverguide/C/security.xml:114(command)
8330
msgid "sudo passwd -u username"
8331
msgstr ""
8332
8333
#: serverguide/C/security.xml:118(para)
8334
msgid ""
8335
"To add or delete a personalized group, use the following syntax, "
8336
"respectively:"
8337
msgstr ""
8338
8339
#: serverguide/C/security.xml:122(command)
8340
msgid "sudo addgroup groupname"
8341
msgstr ""
8342
8343
#: serverguide/C/security.xml:123(command)
8344
msgid "sudo delgroup groupname"
8345
msgstr ""
8346
8347
#: serverguide/C/security.xml:127(para)
8348
msgid "To add a user to a group, use the following syntax:"
8349
msgstr ""
8350
8351
#: serverguide/C/security.xml:131(command)
8352
msgid "sudo adduser username groupname"
8353
msgstr ""
8354
8355
#: serverguide/C/security.xml:138(title)
8356
msgid "User Profile Security"
8357
msgstr ""
8358
8359
#: serverguide/C/security.xml:139(para)
8360
msgid ""
8361
"When a new user is created, the adduser utility creates a brand new home "
8362
"directory named <filename class=\"directory\">/home/username</filename>, "
8363
"respectively. The default profile is modeled after the contents found in the "
8364
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
8365
"includes all profile basics."
8366
msgstr ""
8367
8368
#: serverguide/C/security.xml:142(para)
8369
msgid ""
8370
"If your server will be home to multiple users, you should pay close "
8371
"attention to the user home directory permissions to ensure confidentiality. "
8372
"By default, user home directories in Ubuntu are created with world "
8373
"read/execute permissions. This means that all users can browse and access "
8374
"the contents of other users home directories. This may not be suitable for "
8375
"your environment."
8376
msgstr ""
8377
8378
#: serverguide/C/security.xml:147(para)
8379
msgid ""
8380
"To verify your current users home directory permissions, use the following "
8381
"syntax:"
8382
msgstr ""
8383
8384
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8385
msgid "ls -ld /home/username"
8386
msgstr ""
8387
8388
#: serverguide/C/security.xml:153(para)
8389
msgid ""
8390
"The following output shows that the directory <filename "
8391
"class=\"directory\">/home/username</filename> has world readable permissions:"
8392
msgstr ""
8393
8394
#: serverguide/C/security.xml:156(computeroutput)
8395
#, no-wrap
8396
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8397
msgstr ""
8398
8399
#: serverguide/C/security.xml:160(para)
8400
msgid ""
8401
"You can remove the world readable permissions using the following syntax:"
8402
msgstr ""
8403
8404
#: serverguide/C/security.xml:164(command)
8405
msgid "sudo chmod 0750 /home/username"
8406
msgstr ""
8407
8408
#: serverguide/C/security.xml:167(para)
8409
msgid ""
8410
"Some people tend to use the recursive option (-R) indiscriminately which "
8411
"modifies all child folders and files, but this is not necessary, and may "
8412
"yield other undesirable results. The parent directory alone is sufficient "
8413
"for preventing unauthorized access to anything below the parent."
8414
msgstr ""
8415
8416
#: serverguide/C/security.xml:171(para)
8417
msgid ""
8418
"A much more efficient approach to the matter would be to modify the "
8419
"<application>adduser</application> global default permissions when creating "
8420
"user home folders. Simply edit the file "
8421
"<filename>/etc/adduser.conf</filename> and modify the "
8422
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8423
"new home directories will receive the correct permissions."
8424
msgstr ""
8425
8426
#: serverguide/C/security.xml:174(programlisting)
8427
#, no-wrap
8428
msgid ""
8429
"\n"
8430
"DIR_MODE=0750\n"
8431
msgstr ""
8432
8433
#: serverguide/C/security.xml:179(para)
8434
msgid ""
8435
"After correcting the directory permissions using any of the previously "
8436
"mentioned techniques, verify the results using the following syntax:"
8437
msgstr ""
8438
8439
#: serverguide/C/security.xml:185(para)
8440
msgid ""
8441
"The results below show that world readable permissions have been removed:"
8442
msgstr ""
8443
8444
#: serverguide/C/security.xml:188(computeroutput)
8445
#, no-wrap
8446
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8447
msgstr ""
8448
8449
#: serverguide/C/security.xml:195(title)
8450
msgid "Password Policy"
8451
msgstr ""
8452
8453
#: serverguide/C/security.xml:196(para)
8454
msgid ""
8455
"A strong password policy is one of the most important aspects of your "
8456
"security posture. Many successful security breaches involve simple brute "
8457
"force and dictionary attacks against weak passwords. If you intend to offer "
8458
"any form of remote access involving your local password system, make sure "
8459
"you adequately address minimum password complexity requirements, maximum "
8460
"password lifetimes, and frequent audits of your authentication systems."
8461
msgstr ""
8462
8463
#: serverguide/C/security.xml:200(title)
8464
msgid "Minimum Password Length"
8465
msgstr ""
8466
8467
#: serverguide/C/security.xml:201(para)
8468
msgid ""
8469
"By default, Ubuntu requires a minimum password length of 6 characters, as "
8470
"well as some basic entropy checks. These values are controlled in the file "
8471
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8472
msgstr ""
8473
8474
#: serverguide/C/security.xml:204(programlisting)
8475
#, no-wrap
8476
msgid ""
8477
"\n"
8478
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
8479
msgstr ""
8480
8481
#: serverguide/C/security.xml:207(para)
8482
msgid ""
8483
"If you would like to adjust the minimum length to 8 characters, change the "
8484
"appropriate variable to min=8. The modification is outlined below."
8485
msgstr ""
8486
8487
#: serverguide/C/security.xml:210(programlisting)
8488
#, no-wrap
8489
msgid ""
8490
"\n"
8491
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
8492
"min=8\n"
8493
msgstr ""
8494
8495
#: serverguide/C/security.xml:215(title)
8496
msgid "Password Expiration"
8497
msgstr ""
8498
8499
#: serverguide/C/security.xml:216(para)
8500
msgid ""
8501
"When creating user accounts, you should make it a policy to have a minimum "
8502
"and maximum password age forcing users to change their passwords when they "
8503
"expire."
8504
msgstr ""
8505
8506
#: serverguide/C/security.xml:221(para)
8507
msgid ""
8508
"To easily view the current status of a user account, use the following "
8509
"syntax:"
8510
msgstr ""
8511
8512
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
8513
msgid "sudo chage -l username"
8514
msgstr ""
8515
8516
#: serverguide/C/security.xml:227(para)
8517
msgid ""
8518
"The output below shows interesting facts about the user account, namely that "
8519
"there are no policies applied:"
8520
msgstr ""
8521
8522
#: serverguide/C/security.xml:230(computeroutput)
8523
#, no-wrap
8524
msgid ""
8525
"Last password change : Jan 20, 2008\n"
8526
"Password expires : never\n"
8527
"Password inactive : never\n"
8528
"Account expires : never\n"
8529
"Minimum number of days between password change : 0\n"
8530
"Maximum number of days between password change : 99999\n"
8531
"Number of days of warning before password expires : 7"
8532
msgstr ""
8533
8534
#: serverguide/C/security.xml:240(para)
8535
msgid ""
8536
"To set any of these values, simply use the following syntax, and follow the "
8537
"interactive prompts:"
8538
msgstr ""
8539
8540
#: serverguide/C/security.xml:244(command)
8541
msgid "sudo chage username"
8542
msgstr ""
8543
8544
#: serverguide/C/security.xml:246(para)
8545
msgid ""
8546
"The following is also an example of how you can manually change the explicit "
8547
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8548
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8549
"password expiration, and a warning time period (-W) of 14 days before "
8550
"password expiration."
8551
msgstr ""
8552
8553
#: serverguide/C/security.xml:250(command)
8554
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
8555
msgstr ""
8556
8557
#: serverguide/C/security.xml:254(para)
8558
msgid "To verify changes, use the same syntax as mentioned previously:"
8559
msgstr ""
8560
8561
#: serverguide/C/security.xml:260(para)
8562
msgid ""
8563
"The output below shows the new policies that have been established for the "
8564
"account:"
8565
msgstr ""
8566
8567
#: serverguide/C/security.xml:263(computeroutput)
8568
#, no-wrap
8569
msgid ""
8570
"Last password change : Jan 20, 2008\n"
8571
"Password expires : Apr 19, 2008\n"
8572
"Password inactive : May 19, 2008\n"
8573
"Account expires : Jan 31, 2008\n"
8574
"Minimum number of days between password change : 5\n"
8575
"Maximum number of days between password change : 90\n"
8576
"Number of days of warning before password expires : 14"
8577
msgstr ""
8578
8579
#: serverguide/C/security.xml:279(title)
8580
msgid "Other Security Considerations"
8581
msgstr ""
8582
8583
#: serverguide/C/security.xml:280(para)
8584
msgid ""
8585
"Many applications use alternate authentication mechanisms that can be easily "
8586
"overlooked by even experienced system administrators. Therefore, it is "
8587
"important to understand and control how users authenticate and gain access "
8588
"to services and applications on your server."
8589
msgstr ""
8590
8591
#: serverguide/C/security.xml:285(title)
8592
msgid "SSH Access by Disabled Users"
8593
msgstr ""
8594
8595
#: serverguide/C/security.xml:286(para)
8596
msgid ""
8597
"Simply disabling/locking a user account will not prevent a user from logging "
8598
"into your server remotely if they have previously set up RSA public key "
8599
"authentication. They will still be able to gain shell access to the server, "
8600
"without the need for any password. Remember to check the users home "
8601
"directory for files that will allow for this type of authenticated SSH "
8602
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8603
msgstr ""
8604
8605
#: serverguide/C/security.xml:289(para)
8606
msgid ""
8607
"Remove or rename the directory <filename "
8608
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8609
"further SSH authentication capabilities."
8610
msgstr ""
8611
8612
#: serverguide/C/security.xml:292(para)
8613
msgid ""
8614
"Be sure to check for any established SSH connections by the disabled user, "
8615
"as it is possible they may have existing inbound or outbound connections. "
8616
"Kill any that are found."
8617
msgstr ""
8618
8619
#: serverguide/C/security.xml:295(para)
8620
msgid ""
8621
"Restrict SSH access to only user accounts that should have it. For example, "
8622
"you may create a group called \"sshlogin\" and add the group name as the "
8623
"value associated with the <varname>AllowGroups</varname> variable located in "
8624
"the file <filename>/etc/ssh/sshd_config</filename>."
8625
msgstr ""
8626
8627
#: serverguide/C/security.xml:298(programlisting)
8628
#, no-wrap
8629
msgid ""
8630
"\n"
8631
"AllowGroups sshlogin\n"
8632
msgstr ""
8633
8634
#: serverguide/C/security.xml:301(para)
8635
msgid ""
8636
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8637
"SSH service."
8638
msgstr ""
8639
8640
#: serverguide/C/security.xml:305(command)
8641
msgid "sudo adduser username sshlogin"
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8645
msgid "sudo /etc/init.d/ssh restart"
8646
msgstr ""
8647
8648
#: serverguide/C/security.xml:310(title)
8649
msgid "External User Database Authentication"
8650
msgstr ""
8651
8652
#: serverguide/C/security.xml:311(para)
8653
msgid ""
8654
"Most enterprise networks require centralized authentication and access "
8655
"controls for all system resources. If you have configured your server to "
8656
"authenticate users against external databases, be sure to disable the user "
8657
"accounts both externally and locally, this way you ensure that local "
8658
"fallback authentication is not possible."
8659
msgstr ""
8660
8661
#: serverguide/C/security.xml:320(title)
8662
msgid "Console Security"
8663
msgstr ""
8664
8665
#: serverguide/C/security.xml:321(para)
8666
msgid ""
8667
"As with any other security barrier you put in place to protect your server, "
8668
"it is pretty tough to defend against untold damage caused by someone with "
8669
"physical access to your environment, for example, theft of hard drives, "
8670
"power or service disruption and so on. Therefore, console security should be "
8671
"addressed merely as one component of your overall physical security "
8672
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8673
"very least slow down a determined one, so it is still advisable to perform "
8674
"basic precautions with regard to console security."
8675
msgstr ""
8676
8677
#: serverguide/C/security.xml:324(para)
8678
msgid ""
8679
"The following instructions will help defend your server against issues that "
8680
"could otherwise yield very serious consequences."
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:329(title)
8684
msgid "Disable Ctrl+Alt+Delete"
8685
msgstr ""
8686
8687
#: serverguide/C/security.xml:330(para)
8688
msgid ""
8689
"First and foremost, anyone that has physical access to the keyboard can "
8690
"simply use the "
8691
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8692
"eycombo> key combination to reboot the server without having to log on. "
8693
"Sure, someone could simply unplug the power source, but you should still "
8694
"prevent the use of this key combination on a production server. This forces "
8695
"an attacker to take more drastic measures to reboot the server, and will "
8696
"prevent accidental reboots at the same time."
8697
msgstr ""
8698
8699
#: serverguide/C/security.xml:335(para)
8700
msgid ""
8701
"To disable the reboot action taken by pressing the "
8702
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8703
"eycombo> key combination, comment out the following line in the file "
8704
"<filename>/etc/init/control-alt-delete.conf</filename>."
8705
msgstr ""
8706
8707
#: serverguide/C/security.xml:338(programlisting)
8708
#, no-wrap
8709
msgid ""
8710
"\n"
8711
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8712
msgstr ""
8713
8714
#: serverguide/C/security.xml:347(title)
8715
msgid "Firewall"
8716
msgstr ""
8717
8718
#: serverguide/C/security.xml:350(para)
8719
msgid ""
8720
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8721
"which is used to manipulate or decide the fate of network traffic headed "
8722
"into or through your server. All modern Linux firewall solutions use this "
8723
"system for packet filtering."
8724
msgstr ""
8725
8726
#: serverguide/C/security.xml:355(para)
8727
msgid ""
8728
"The kernel's packet filtering system would be of little use to "
8729
"administrators without a userspace interface to manage it. This is the "
8730
"purpose of iptables. When a packet reaches your server, it will be handed "
8731
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8732
"based on the rules supplied to it from userspace via iptables. Thus, "
8733
"iptables is all you need to manage your firewall if you're familiar with it, "
8734
"but many frontends are available to simplify the task."
8735
msgstr ""
8736
8737
#: serverguide/C/security.xml:365(title)
8738
msgid "ufw - Uncomplicated Firewall"
8739
msgstr ""
8740
8741
#: serverguide/C/security.xml:366(para)
8742
msgid ""
8743
"The default firewall configuration tool for Ubuntu is "
8744
"<application>ufw</application>. Developed to ease iptables firewall "
8745
"configuration, <application>ufw</application> provides a user friendly way "
8746
"to create an IPv4 or IPv6 host-based firewall."
8747
msgstr ""
8748
8749
#: serverguide/C/security.xml:370(para)
8750
msgid ""
8751
"<application>ufw</application> by default is initially disabled. From the "
8752
"<application>ufw</application> man page:"
8753
msgstr ""
8754
8755
#: serverguide/C/security.xml:374(quote)
8756
msgid ""
8757
"ufw is not intended to provide complete firewall functionality via its "
8758
"command interface, but instead provides an easy way to add or remove simple "
8759
"rules. It is currently mainly used for host-based firewalls."
8760
msgstr ""
8761
8762
#: serverguide/C/security.xml:378(para)
8763
msgid ""
8764
"The following are some examples of how to use <application>ufw</application>:"
8765
msgstr ""
8766
8767
#: serverguide/C/security.xml:383(para)
8768
msgid ""
8769
"First, <application>ufw</application> needs to be enabled. From a terminal "
8770
"prompt enter:"
8771
msgstr ""
8772
8773
#: serverguide/C/security.xml:387(command)
8774
msgid "sudo ufw enable"
8775
msgstr ""
8776
8777
#: serverguide/C/security.xml:391(para)
8778
msgid "To open a port (ssh in this example):"
8779
msgstr ""
8780
8781
#: serverguide/C/security.xml:395(command)
8782
msgid "sudo ufw allow 22"
8783
msgstr ""
8784
8785
#: serverguide/C/security.xml:399(para)
8786
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8787
msgstr ""
8788
8789
#: serverguide/C/security.xml:403(command)
8790
msgid "sudo ufw insert 1 allow 80"
8791
msgstr ""
8792
8793
#: serverguide/C/security.xml:407(para)
8794
msgid "Similarly, to close an opened port:"
8795
msgstr ""
8796
8797
#: serverguide/C/security.xml:411(command)
8798
msgid "sudo ufw deny 22"
8799
msgstr ""
8800
8801
#: serverguide/C/security.xml:415(para)
8802
msgid "To remove a rule, use delete followed by the rule:"
8803
msgstr ""
8804
8805
#: serverguide/C/security.xml:419(command)
8806
msgid "sudo ufw delete deny 22"
8807
msgstr ""
8808
8809
#: serverguide/C/security.xml:423(para)
8810
msgid ""
8811
"It is also possible to allow access from specific hosts or networks to a "
8812
"port. The following example allows ssh access from host 192.168.0.2 to any "
8813
"ip address on this host:"
8814
msgstr ""
8815
8816
#: serverguide/C/security.xml:428(command)
8817
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8818
msgstr ""
8819
8820
#: serverguide/C/security.xml:430(para)
8821
msgid ""
8822
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8823
"subnet."
8824
msgstr ""
8825
8826
#: serverguide/C/security.xml:436(para)
8827
msgid ""
8828
"Adding the <emphasis>--dry-run</emphasis> option to a "
8829
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8830
"apply them. For example, the following is what would be applied if opening "
8831
"the HTTP port:"
8832
msgstr ""
8833
8834
#: serverguide/C/security.xml:442(command)
8835
msgid "sudo ufw --dry-run allow http"
8836
msgstr ""
8837
8838
#: serverguide/C/security.xml:446(computeroutput)
8839
#, no-wrap
8840
msgid ""
8841
"*filter\n"
8842
":ufw-user-input - [0:0]\n"
8843
":ufw-user-output - [0:0]\n"
8844
":ufw-user-forward - [0:0]\n"
8845
":ufw-user-limit - [0:0]\n"
8846
":ufw-user-limit-accept - [0:0]\n"
8847
"### RULES ###\n"
8848
"\n"
8849
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8850
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8851
"\n"
8852
"### END RULES ###\n"
8853
"-A ufw-user-input -j RETURN\n"
8854
"-A ufw-user-output -j RETURN\n"
8855
"-A ufw-user-forward -j RETURN\n"
8856
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8857
"LIMIT]: \"\n"
8858
"-A ufw-user-limit -j REJECT\n"
8859
"-A ufw-user-limit-accept -j ACCEPT\n"
8860
"COMMIT\n"
8861
"Rules updated"
8862
msgstr ""
8863
8864
#: serverguide/C/security.xml:470(para)
8865
msgid "<application>ufw</application> can be disabled by:"
8866
msgstr ""
8867
8868
#: serverguide/C/security.xml:474(command)
8869
msgid "sudo ufw disable"
8870
msgstr ""
8871
8872
#: serverguide/C/security.xml:478(para)
8873
msgid "To see the firewall status, enter:"
8874
msgstr ""
8875
8876
#: serverguide/C/security.xml:482(command)
8877
msgid "sudo ufw status"
8878
msgstr ""
8879
8880
#: serverguide/C/security.xml:486(para)
8881
msgid "And for more verbose status information use:"
8882
msgstr ""
8883
8884
#: serverguide/C/security.xml:490(command)
8885
msgid "sudo ufw status verbose"
8886
msgstr ""
8887
8888
#: serverguide/C/security.xml:494(para)
8889
msgid "To view the <emphasis>numbered</emphasis> format:"
8890
msgstr ""
8891
8892
#: serverguide/C/security.xml:498(command)
8893
msgid "sudo ufw status numbered"
8894
msgstr ""
8895
8896
#: serverguide/C/security.xml:503(para)
8897
msgid ""
8898
"If the port you want to open or close is defined in "
8899
"<filename>/etc/services</filename>, you can use the port name instead of the "
8900
"number. In the above examples, replace <emphasis>22</emphasis> with "
8901
"<emphasis>ssh</emphasis>."
8902
msgstr ""
8903
8904
#: serverguide/C/security.xml:509(para)
8905
msgid ""
8906
"This is a quick introduction to using <application>ufw</application>. Please "
8907
"refer to the <application>ufw</application> man page for more information."
8908
msgstr ""
8909
8910
#: serverguide/C/security.xml:515(title)
8911
msgid "ufw Application Integration"
8912
msgstr ""
8913
8914
#: serverguide/C/security.xml:517(para)
8915
msgid ""
8916
"Applications that open ports can include an <application>ufw</application> "
8917
"profile, which details the ports needed for the application to function "
8918
"properly. The profiles are kept in <filename "
8919
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8920
"the default ports have been changed."
8921
msgstr ""
8922
8923
#: serverguide/C/security.xml:526(para)
8924
msgid ""
8925
"To view which applications have installed a profile, enter the following in "
8926
"a terminal:"
8927
msgstr ""
8928
8929
#: serverguide/C/security.xml:531(command)
8930
msgid "sudo ufw app list"
8931
msgstr ""
8932
8933
#: serverguide/C/security.xml:537(para)
8934
msgid ""
8935
"Similar to allowing traffic to a port, using an application profile is "
8936
"accomplished by entering:"
8937
msgstr ""
8938
8939
#: serverguide/C/security.xml:542(command)
8940
msgid "sudo ufw allow Samba"
8941
msgstr ""
8942
8943
#: serverguide/C/security.xml:548(para)
8944
msgid "An extended syntax is available as well:"
8945
msgstr ""
8946
8947
#: serverguide/C/security.xml:553(command)
8948
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8949
msgstr ""
8950
8951
#: serverguide/C/security.xml:556(para)
8952
msgid ""
8953
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8954
"with the application profile you are using and the IP range for your network."
8955
msgstr ""
8956
8957
#: serverguide/C/security.xml:562(para)
8958
msgid ""
8959
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8960
"application, because that information is detailed in the profile. Also, note "
8961
"that the <emphasis>app</emphasis> name replaces the "
8962
"<emphasis>port</emphasis> number."
8963
msgstr ""
8964
8965
#: serverguide/C/security.xml:571(para)
8966
msgid ""
8967
"To view details about which ports, protocols, etc are defined for an "
8968
"application, enter:"
8969
msgstr ""
8970
8971
#: serverguide/C/security.xml:576(command)
8972
msgid "sudo ufw app info Samba"
8973
msgstr ""
8974
8975
#: serverguide/C/security.xml:582(para)
8976
msgid ""
8977
"Not all applications that require opening a network port come with "
8978
"<application>ufw</application> profiles, but if you have profiled an "
8979
"application and want the file to be included with the package, please file a "
8980
"bug against the package in <ulink "
8981
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8982
msgstr ""
8983
8984
#: serverguide/C/security.xml:591(title)
8985
msgid "IP Masquerading"
8986
msgstr ""
8987
8988
#: serverguide/C/security.xml:592(para)
8989
msgid ""
8990
"The purpose of IP Masquerading is to allow machines with private, non-"
8991
"routable IP addresses on your network to access the Internet through the "
8992
"machine doing the masquerading. Traffic from your private network destined "
8993
"for the Internet must be manipulated for replies to be routable back to the "
8994
"machine that made the request. To do this, the kernel must modify the "
8995
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8996
"be routed back to it, rather than to the private IP address that made the "
8997
"request, which is impossible over the Internet. Linux uses "
8998
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8999
"connections belong to which machines and reroute each return packet "
9000
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
9001
"having originated from your Ubuntu gateway machine. This process is referred "
9002
"to in Microsoft documentation as Internet Connection Sharing."
9003
msgstr ""
9004
9005
#: serverguide/C/security.xml:608(title)
9006
msgid "ufw Masquerading"
9007
msgstr ""
9008
9009
#: serverguide/C/security.xml:609(para)
9010
msgid ""
9011
"IP Masquerading can be achieved using custom <application>ufw</application> "
9012
"rules. This is possible because the current back-end for "
9013
"<application>ufw</application> is <application>iptables-"
9014
"restore</application> with the rules files located in "
9015
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
9016
"legacy iptables rules used without <application>ufw</application>, and rules "
9017
"that are more network gateway or bridge related."
9018
msgstr ""
9019
9020
#: serverguide/C/security.xml:615(para)
9021
msgid ""
9022
"The rules are split into two different files, rules that should be executed "
9023
"before <application>ufw</application> command line rules, and rules that are "
9024
"executed after <application>ufw</application> command line rules."
9025
msgstr ""
9026
9027
#: serverguide/C/security.xml:621(para)
9028
msgid ""
9029
"First, packet forwarding needs to be enabled in "
9030
"<application>ufw</application>. Two configuration files will need to be "
9031
"adjusted, in <filename>/etc/default/ufw</filename> change the "
9032
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
9033
msgstr ""
9034
9035
#: serverguide/C/security.xml:625(programlisting)
9036
#, no-wrap
9037
msgid ""
9038
"\n"
9039
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:628(para)
9043
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
9044
msgstr ""
9045
9046
#: serverguide/C/security.xml:631(programlisting)
9047
#, no-wrap
9048
msgid ""
9049
"\n"
9050
"net/ipv4/ip_forward=1\n"
9051
msgstr ""
9052
9053
#: serverguide/C/security.xml:634(para)
9054
msgid "Similarly, for IPv6 forwarding uncomment:"
9055
msgstr ""
9056
9057
#: serverguide/C/security.xml:637(programlisting)
9058
#, no-wrap
9059
msgid ""
9060
"\n"
9061
"net/ipv6/conf/default/forwarding=1\n"
9062
msgstr ""
9063
9064
#: serverguide/C/security.xml:642(para)
9065
msgid ""
9066
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
9067
"file. The default rules only configure the <emphasis>filter</emphasis> "
9068
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
9069
"need to be configured. Add the following to the top of the file just after "
9070
"the header comments:"
9071
msgstr ""
9072
9073
#: serverguide/C/security.xml:647(programlisting)
9074
#, no-wrap
9075
msgid ""
9076
"\n"
9077
"# nat Table rules\n"
9078
"*nat\n"
9079
":POSTROUTING ACCEPT [0:0]\n"
9080
"\n"
9081
"# Forward traffic from eth1 through eth0.\n"
9082
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
9083
"\n"
9084
"# don't delete the 'COMMIT' line or these nat table rules won't be "
9085
"processed\n"
9086
"COMMIT\n"
9087
msgstr ""
9088
9089
#: serverguide/C/security.xml:658(para)
9090
msgid ""
9091
"The comments are not strictly necessary, but it is considered good practice "
9092
"to document your configuration. Also, when modifying any of the "
9093
"<emphasis>rules</emphasis> files in <filename "
9094
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
9095
"line for each table modified:"
9096
msgstr ""
9097
9098
#: serverguide/C/security.xml:664(programlisting)
9099
#, no-wrap
9100
msgid ""
9101
"\n"
9102
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
9103
"COMMIT\n"
9104
msgstr ""
9105
9106
#: serverguide/C/security.xml:669(para)
9107
msgid ""
9108
"For each <emphasis>Table</emphasis> a corresponding "
9109
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
9110
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
9111
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
9112
"<emphasis>mangle</emphasis> tables."
9113
msgstr ""
9114
9115
#: serverguide/C/security.xml:676(para)
9116
msgid ""
9117
"In the above example replace <emphasis>eth0</emphasis>, "
9118
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
9119
"appropriate interfaces and IP range for your network."
9120
msgstr ""
9121
9122
#: serverguide/C/security.xml:684(para)
9123
msgid ""
9124
"Finally, disable and re-enable <application>ufw</application> to apply the "
9125
"changes:"
9126
msgstr ""
9127
9128
#: serverguide/C/security.xml:688(command)
9129
msgid "sudo ufw disable && sudo ufw enable"
9130
msgstr ""
9131
9132
#: serverguide/C/security.xml:692(para)
9133
msgid ""
9134
"IP Masquerading should now be enabled. You can also add any additional "
9135
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
9136
"recommended that these additional rules be added to the <emphasis>ufw-before-"
9137
"forward</emphasis> chain."
9138
msgstr ""
9139
9140
#: serverguide/C/security.xml:699(title)
9141
msgid "iptables Masquerading"
9142
msgstr ""
9143
9144
#: serverguide/C/security.xml:700(para)
9145
msgid ""
9146
"<application>iptables</application> can also be used to enable masquerading."
9147
msgstr ""
9148
9149
#: serverguide/C/security.xml:705(para)
9150
msgid ""
9151
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
9152
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
9153
"uncomment the following line"
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:709(programlisting)
9157
#, no-wrap
9158
msgid ""
9159
"\n"
9160
"net.ipv4.ip_forward=1\n"
9161
msgstr ""
9162
9163
#: serverguide/C/security.xml:712(para)
9164
msgid "If you wish to enable IPv6 forwarding also uncomment:"
9165
msgstr ""
9166
9167
#: serverguide/C/security.xml:715(programlisting)
9168
#, no-wrap
9169
msgid ""
9170
"\n"
9171
"net.ipv6.conf.default.forwarding=1\n"
9172
msgstr ""
9173
9174
#: serverguide/C/security.xml:720(para)
9175
msgid ""
9176
"Next, execute the <application>sysctl</application> command to enable the "
9177
"new settings in the configuration file:"
9178
msgstr ""
9179
9180
#: serverguide/C/security.xml:724(command)
9181
msgid "sudo sysctl -p"
9182
msgstr ""
9183
9184
#: serverguide/C/security.xml:728(para)
9185
msgid ""
9186
"IP Masquerading can now be accomplished with a single iptables rule, which "
9187
"may differ slightly based on your network configuration:"
9188
msgstr ""
9189
9190
#: serverguide/C/security.xml:731(screen)
9191
#, no-wrap
9192
msgid ""
9193
"\n"
9194
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9195
msgstr ""
9196
9197
#: serverguide/C/security.xml:734(para)
9198
msgid ""
9199
"The above command assumes that your private address space is 192.168.0.0/16 "
9200
"and that your Internet-facing device is ppp0. The syntax is broken down as "
9201
"follows:"
9202
msgstr ""
9203
9204
#: serverguide/C/security.xml:739(para)
9205
msgid "-t nat -- the rule is to go into the nat table"
9206
msgstr ""
9207
9208
#: serverguide/C/security.xml:740(para)
9209
msgid ""
9210
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
9211
msgstr ""
9212
9213
#: serverguide/C/security.xml:741(para)
9214
msgid ""
9215
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
9216
"specified address space"
9217
msgstr ""
9218
9219
#: serverguide/C/security.xml:742(para)
9220
msgid ""
9221
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
9222
"specified network device"
9223
msgstr ""
9224
9225
#: serverguide/C/security.xml:744(para)
9226
msgid ""
9227
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
9228
"MASQUERADE target to be manipulated as described above"
9229
msgstr ""
9230
9231
#: serverguide/C/security.xml:752(para)
9232
msgid ""
9233
"Also, each chain in the filter table (the default table, and where most or "
9234
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
9235
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
9236
"you may have set the policies to DROP or REJECT, in which case your "
9237
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
9238
"above rule to work:"
9239
msgstr ""
9240
9241
#: serverguide/C/security.xml:759(screen)
9242
#, no-wrap
9243
msgid ""
9244
"\n"
9245
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9246
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9247
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9248
msgstr ""
9249
9250
#: serverguide/C/security.xml:763(para)
9251
msgid ""
9252
"The above commands will allow all connections from your local network to the "
9253
"Internet and all traffic related to those connections to return to the "
9254
"machine that initiated them."
9255
msgstr ""
9256
9257
#: serverguide/C/security.xml:770(para)
9258
msgid ""
9259
"If you want masquerading to be enabled on reboot, which you probably do, "
9260
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
9261
"example add the first command with no filtering:"
9262
msgstr ""
9263
9264
#: serverguide/C/security.xml:774(screen)
9265
#, no-wrap
9266
msgid ""
9267
"\n"
9268
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9269
msgstr ""
9270
9271
#: serverguide/C/security.xml:782(title)
9272
msgid "Logs"
9273
msgstr ""
9274
9275
#: serverguide/C/security.xml:783(para)
9276
msgid ""
9277
"Firewall logs are essential for recognizing attacks, troubleshooting your "
9278
"firewall rules, and noticing unusual activity on your network. You must "
9279
"include logging rules in your firewall for them to be generated, though, and "
9280
"logging rules must come before any applicable terminating rule (a rule with "
9281
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
9282
"REJECT)."
9283
msgstr ""
9284
9285
#: serverguide/C/security.xml:790(para)
9286
msgid ""
9287
"If you are using <application>ufw</application>, you can turn on logging by "
9288
"entering the following in a terminal:"
9289
msgstr ""
9290
9291
#: serverguide/C/security.xml:794(command)
9292
msgid "sudo ufw logging on"
9293
msgstr ""
9294
9295
#: serverguide/C/security.xml:796(para)
9296
msgid ""
9297
"To turn logging off in <application>ufw</application>, simply replace "
9298
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
9299
"role=\"italic\">off</emphasis> in the above command."
9300
msgstr ""
9301
9302
#: serverguide/C/security.xml:799(para)
9303
msgid ""
9304
"If using <application>iptables</application> instead of "
9305
"<application>ufw</application>, enter:"
9306
msgstr ""
9307
9308
#: serverguide/C/security.xml:802(screen)
9309
#, no-wrap
9310
msgid ""
9311
"\n"
9312
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9313
"prefix \"NEW_HTTP_CONN: \"\n"
9314
msgstr ""
9315
9316
#: serverguide/C/security.xml:805(para)
9317
msgid ""
9318
"A request on port 80 from the local machine, then, would generate a log in "
9319
"dmesg that looks like this:"
9320
msgstr ""
9321
9322
#: serverguide/C/security.xml:810(programlisting)
9323
#, no-wrap
9324
msgid ""
9325
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9326
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9327
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9328
"WINDOW=32767 RES=0x00 SYN URGP=0"
9329
msgstr ""
9330
9331
#: serverguide/C/security.xml:812(para)
9332
msgid ""
9333
"The above log will also appear in <filename>/var/log/messages</filename>, "
9334
"<filename>/var/log/syslog</filename>, and "
9335
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
9336
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
9337
"and configuring <application>ulogd</application> and using the ULOG target "
9338
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
9339
"server that listens for logging instructions from the kernel specifically "
9340
"for firewalls, and can log to any file you like, or even to a "
9341
"<application>PostgreSQL</application> or <application>MySQL</application> "
9342
"database. Making sense of your firewall logs can be simplified by using a "
9343
"log analyzing tool such as <application>fwanalog</application>, "
9344
"<application> fwlogwatch</application>, or <application>lire</application>."
9345
msgstr ""
9346
9347
#: serverguide/C/security.xml:827(title)
9348
msgid "Other Tools"
9349
msgstr ""
9350
9351
#: serverguide/C/security.xml:828(para)
9352
msgid ""
9353
"There are many tools available to help you construct a complete firewall "
9354
"without intimate knowledge of iptables. For the GUI-inclined:"
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:834(para)
9358
msgid ""
9359
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
9360
"popular and easy to use."
9361
msgstr ""
9362
9363
#: serverguide/C/security.xml:839(para)
9364
msgid ""
9365
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
9366
"and will look familiar to an administrator who has used a commercial "
9367
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9368
msgstr ""
9369
9370
#: serverguide/C/security.xml:845(para)
9371
msgid ""
9372
"If you prefer a command-line tool with plain-text configuration files:"
9373
msgstr ""
9374
9375
#: serverguide/C/security.xml:850(para)
9376
msgid ""
9377
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9378
"powerful solution to help you configure an advanced firewall for any network."
9379
msgstr ""
9380
9381
#: serverguide/C/security.xml:856(para)
9382
msgid ""
9383
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9384
"a working firewall \"out of the box\" with zero configuration, and will "
9385
"allow you to easily set up a more advanced firewall by editing simple, well-"
9386
"documented configuration files."
9387
msgstr ""
9388
9389
#: serverguide/C/security.xml:863(para)
9390
msgid ""
9391
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9392
"designed to be a desktop firewall application. It is made up of a server "
9393
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9394
"like many popular interactive firewall applications for Windows."
9395
msgstr ""
9396
9397
#: serverguide/C/security.xml:875(para)
9398
msgid ""
9399
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9400
"Firewall</ulink> wiki page contains information on the development of "
9401
"<application>ufw</application>."
9402
msgstr ""
9403
9404
#: serverguide/C/security.xml:881(para)
9405
msgid ""
9406
"Also, the <application>ufw</application> manual page contains some very "
9407
"useful information: <command>man ufw</command>."
9408
msgstr ""
9409
9410
#: serverguide/C/security.xml:886(para)
9411
msgid ""
9412
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9413
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9414
"on using <application>iptables</application>."
9415
msgstr ""
9416
9417
#: serverguide/C/security.xml:892(para)
9418
msgid ""
9419
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9420
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9421
msgstr ""
9422
9423
#: serverguide/C/security.xml:898(para)
9424
msgid ""
9425
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9426
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9427
msgstr ""
9428
9429
#: serverguide/C/security.xml:906(title)
9430
msgid "AppArmor"
9431
msgstr ""
9432
9433
#: serverguide/C/security.xml:907(para)
9434
msgid ""
9435
"<application>AppArmor</application> is a Linux Security Module "
9436
"implementation of name-based mandatory access controls. AppArmor confines "
9437
"individual programs to a set of listed files and posix 1003.1e draft "
9438
"capabilities."
9439
msgstr ""
9440
9441
#: serverguide/C/security.xml:911(para)
9442
msgid ""
9443
"<application>AppArmor</application> is installed and loaded by default. It "
9444
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9445
"and permissions the application requires. Some packages will install their "
9446
"own profiles, and additional profiles can be found in the "
9447
"<application>apparmor-profiles</application> package."
9448
msgstr ""
9449
9450
#: serverguide/C/security.xml:916(para)
9451
msgid ""
9452
"To install the <application>apparmor-profiles</application> package from a "
9453
"terminal prompt:"
9454
msgstr ""
9455
9456
#: serverguide/C/security.xml:922(para)
9457
msgid "AppArmor profiles have two modes of execution:"
9458
msgstr ""
9459
9460
#: serverguide/C/security.xml:927(para)
9461
msgid ""
9462
"Complaining/Learning: profile violations are permitted and logged. Useful "
9463
"for testing and developing new profiles."
9464
msgstr ""
9465
9466
#: serverguide/C/security.xml:932(para)
9467
msgid ""
9468
"Enforced/Confined: enforces profile policy as well as logging the violation."
9469
msgstr ""
9470
9471
#: serverguide/C/security.xml:938(title)
9472
msgid "Using AppArmor"
9473
msgstr ""
9474
9475
#: serverguide/C/security.xml:939(para)
9476
msgid ""
9477
"The <application>apparmor-utils</application> package contains command line "
9478
"utilities that you can use to change the <application>AppArmor</application> "
9479
"execution mode, find the status of a profile, create new profiles, etc."
9480
msgstr ""
9481
9482
#: serverguide/C/security.xml:945(para)
9483
msgid ""
9484
"<application>apparmor_status</application> is used to view the current "
9485
"status of AppArmor profiles."
9486
msgstr ""
9487
9488
#: serverguide/C/security.xml:949(command)
9489
msgid "sudo apparmor_status"
9490
msgstr ""
9491
9492
#: serverguide/C/security.xml:953(para)
9493
msgid ""
9494
"<application>aa-complain</application> places a profile into "
9495
"<emphasis>complain</emphasis> mode."
9496
msgstr ""
9497
9498
#: serverguide/C/security.xml:957(command)
9499
msgid "sudo aa-complain /path/to/bin"
9500
msgstr ""
9501
9502
#: serverguide/C/security.xml:961(para)
9503
msgid ""
9504
"<application>aa-enforce</application> places a profile into "
9505
"<emphasis>enforce</emphasis> mode."
9506
msgstr ""
9507
9508
#: serverguide/C/security.xml:965(command)
9509
msgid "sudo aa-enforce /path/to/bin"
9510
msgstr ""
9511
9512
#: serverguide/C/security.xml:969(para)
9513
msgid ""
9514
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9515
"profiles are located. It can be used to manipulate the "
9516
"<emphasis>mode</emphasis> of all profiles."
9517
msgstr ""
9518
9519
#: serverguide/C/security.xml:973(para)
9520
msgid "Enter the following to place all profiles into complain mode:"
9521
msgstr ""
9522
9523
#: serverguide/C/security.xml:977(command)
9524
msgid "sudo aa-complain /etc/apparmor.d/*"
9525
msgstr ""
9526
9527
#: serverguide/C/security.xml:979(para)
9528
msgid "To place all profiles in enforce mode:"
9529
msgstr ""
9530
9531
#: serverguide/C/security.xml:983(command)
9532
msgid "sudo aa-enforce /etc/apparmor.d/*"
9533
msgstr ""
9534
9535
#: serverguide/C/security.xml:987(para)
9536
msgid ""
9537
"<application>apparmor_parser</application> is used to load a profile into "
9538
"the kernel. It can also be used to reload a currently loaded profile using "
9539
"the <emphasis>-r</emphasis> option. To load a profile:"
9540
msgstr ""
9541
9542
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
9543
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9544
msgstr ""
9545
9546
#: serverguide/C/security.xml:994(para)
9547
msgid "To reload a profile:"
9548
msgstr ""
9549
9550
#: serverguide/C/security.xml:998(command)
9551
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9552
msgstr ""
9553
9554
#: serverguide/C/security.xml:1002(para)
9555
msgid ""
9556
"<filename>/etc/init.d/apparmor</filename> can be used to "
9557
"<emphasis>reload</emphasis> all profiles:"
9558
msgstr ""
9559
9560
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
9561
msgid "sudo /etc/init.d/apparmor reload"
9562
msgstr ""
9563
9564
#: serverguide/C/security.xml:1010(para)
9565
msgid ""
9566
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9567
"with the <application>apparmor_parser -R</application> option to "
9568
"<emphasis>disable</emphasis> a profile."
9569
msgstr ""
9570
9571
#: serverguide/C/security.xml:1015(command)
9572
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9573
msgstr ""
9574
9575
#: serverguide/C/security.xml:1016(command)
9576
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9577
msgstr ""
9578
9579
#: serverguide/C/security.xml:1018(para)
9580
msgid ""
9581
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9582
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9583
"load the profile using the <emphasis>-a</emphasis> option."
9584
msgstr ""
9585
9586
#: serverguide/C/security.xml:1023(command)
9587
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9588
msgstr ""
9589
9590
#: serverguide/C/security.xml:1028(para)
9591
msgid ""
9592
"<application>AppArmor</application> can be disabled, and the kernel module "
9593
"unloaded by entering the following:"
9594
msgstr ""
9595
9596
#: serverguide/C/security.xml:1032(command)
9597
msgid "sudo /etc/init.d/apparmor stop"
9598
msgstr ""
9599
9600
#: serverguide/C/security.xml:1033(command)
9601
msgid "sudo update-rc.d -f apparmor remove"
9602
msgstr ""
9603
9604
#: serverguide/C/security.xml:1037(para)
9605
msgid "To re-enable <application>AppArmor</application> enter:"
9606
msgstr ""
9607
9608
#: serverguide/C/security.xml:1041(command)
9609
msgid "sudo /etc/init.d/apparmor start"
9610
msgstr ""
9611
9612
#: serverguide/C/security.xml:1042(command)
9613
msgid "sudo update-rc.d apparmor defaults"
9614
msgstr ""
9615
9616
#: serverguide/C/security.xml:1047(para)
9617
msgid ""
9618
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9619
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9620
"the actual executable file path. For example for the "
9621
"<application>ping</application> command use <filename>/bin/ping</filename>"
9622
msgstr ""
9623
9624
#: serverguide/C/security.xml:1055(title)
9625
msgid "Profiles"
9626
msgstr ""
9627
9628
#: serverguide/C/security.xml:1056(para)
9629
msgid ""
9630
"<application>AppArmor</application> profiles are simple text files located "
9631
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9632
"path to the executable they profile replacing the \"/\" with \".\". For "
9633
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9634
"profile for the <filename>/bin/ping</filename> command."
9635
msgstr ""
9636
9637
#: serverguide/C/security.xml:1062(para)
9638
msgid "There are two main type of rules used in profiles:"
9639
msgstr ""
9640
9641
#: serverguide/C/security.xml:1067(para)
9642
msgid ""
9643
"<emphasis>Path entries:</emphasis> which detail which files an application "
9644
"can access in the file system."
9645
msgstr ""
9646
9647
#: serverguide/C/security.xml:1072(para)
9648
msgid ""
9649
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9650
"confined process is allowed to use."
9651
msgstr ""
9652
9653
#: serverguide/C/security.xml:1077(para)
9654
msgid ""
9655
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9656
msgstr ""
9657
9658
#: serverguide/C/security.xml:1080(programlisting)
9659
#, no-wrap
9660
msgid ""
9661
"\n"
9662
"#include <tunables/global>\n"
9663
"/bin/ping flags=(complain) {\n"
9664
" #include <abstractions/base>\n"
9665
" #include <abstractions/consoles>\n"
9666
" #include <abstractions/nameservice>\n"
9667
"\n"
9668
" capability net_raw,\n"
9669
" capability setuid,\n"
9670
" network inet raw,\n"
9671
" \n"
9672
" /bin/ping mixr,\n"
9673
" /etc/modules.conf r,\n"
9674
"}\n"
9675
msgstr ""
9676
9677
#: serverguide/C/security.xml:1097(para)
9678
msgid ""
9679
"<emphasis>#include <tunables/global>:</emphasis> include statements "
9680
"from other files. This allows statements pertaining to multiple applications "
9681
"to be placed in a common file."
9682
msgstr ""
9683
9684
#: serverguide/C/security.xml:1103(para)
9685
msgid ""
9686
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
9687
"program, also setting the mode to <emphasis>complain</emphasis>."
9688
msgstr ""
9689
9690
#: serverguide/C/security.xml:1109(para)
9691
msgid ""
9692
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
9693
"the CAP_NET_RAW Posix.1e capability."
9694
msgstr ""
9695
9696
#: serverguide/C/security.xml:1114(para)
9697
msgid ""
9698
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9699
"execute access to the file."
9700
msgstr ""
9701
9702
#: serverguide/C/security.xml:1120(para)
9703
msgid ""
9704
"After editing a profile file the profile must be reloaded. See <xref "
9705
"linkend=\"apparmor-usage\"/> for details."
9706
msgstr ""
9707
9708
#: serverguide/C/security.xml:1125(title)
9709
msgid "Creating a Profile"
9710
msgstr ""
9711
9712
#: serverguide/C/security.xml:1128(para)
9713
msgid ""
9714
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9715
"application should be exercised. The test plan should be divided into small "
9716
"test cases. Each test case should have a small description and list the "
9717
"steps to follow."
9718
msgstr ""
9719
9720
#: serverguide/C/security.xml:1132(para)
9721
msgid "Some standard test cases are:"
9722
msgstr ""
9723
9724
#: serverguide/C/security.xml:1137(para)
9725
msgid "Starting the program."
9726
msgstr ""
9727
9728
#: serverguide/C/security.xml:1142(para)
9729
msgid "Stopping the program."
9730
msgstr ""
9731
9732
#: serverguide/C/security.xml:1147(para)
9733
msgid "Reloading the program."
9734
msgstr ""
9735
9736
#: serverguide/C/security.xml:1152(para)
9737
msgid "Testing all the commands supported by the init script."
9738
msgstr ""
9739
9740
#: serverguide/C/security.xml:1159(para)
9741
msgid ""
9742
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9743
"genprof</application> to generate a new profile. From a terminal:"
9744
msgstr ""
9745
9746
#: serverguide/C/security.xml:1164(command)
9747
msgid "sudo aa-genprof executable"
9748
msgstr ""
9749
9750
#: serverguide/C/security.xml:1166(para)
9751
msgid "For example:"
9752
msgstr ""
9753
9754
#: serverguide/C/security.xml:1170(command)
9755
msgid "sudo aa-genprof slapd"
9756
msgstr ""
9757
9758
#: serverguide/C/security.xml:1174(para)
9759
msgid ""
9760
"To get your new profile included in the <application>apparmor-"
9761
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9762
"against the <ulink "
9763
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
9764
"/ulink> package:"
9765
msgstr ""
9766
9767
#: serverguide/C/security.xml:1181(para)
9768
msgid "Include your test plan and test cases."
9769
msgstr ""
9770
9771
#: serverguide/C/security.xml:1186(para)
9772
msgid "Attach your new profile to the bug."
9773
msgstr ""
9774
9775
#: serverguide/C/security.xml:1195(title)
9776
msgid "Updating Profiles"
9777
msgstr ""
9778
9779
#: serverguide/C/security.xml:1196(para)
9780
msgid ""
9781
"When the program is misbehaving, audit messages are sent to the log files. "
9782
"The program <application>aa-logprof</application> can be used to scan log "
9783
"files for <application>AppArmor</application> audit messages, review them "
9784
"and update the profiles. From a terminal:"
9785
msgstr ""
9786
9787
#: serverguide/C/security.xml:1201(command)
9788
msgid "sudo aa-logprof"
9789
msgstr ""
9790
9791
#: serverguide/C/security.xml:1209(para)
9792
msgid ""
9793
"See the <ulink "
9794
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9795
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9796
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9797
"configuration options."
9798
msgstr ""
9799
9800
#: serverguide/C/security.xml:1216(para)
9801
msgid ""
9802
"For details using AppArmor with other Ubuntu releases see the <ulink "
9803
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9804
"Wiki</ulink> page."
9805
msgstr ""
9806
9807
#: serverguide/C/security.xml:1224(para)
9808
msgid ""
9809
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9810
"page is another introduction to AppArmor."
9811
msgstr ""
9812
9813
#: serverguide/C/security.xml:1231(para)
9814
msgid ""
9815
"A great place to ask for <application>AppArmor</application> assistance, and "
9816
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9817
"server</emphasis> IRC channel on <ulink "
9818
"url=\"http://freenode.net\">freenode</ulink>."
9819
msgstr ""
9820
9821
#: serverguide/C/security.xml:1241(title)
9822
msgid "Certificates"
9823
msgstr ""
9824
9825
#: serverguide/C/security.xml:1242(para)
9826
msgid ""
9827
"One of the most common forms of cryptography today is <emphasis>public-"
9828
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9829
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9830
"system works by <emphasis>encrypting</emphasis> information using the public "
9831
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9832
"the private key."
9833
msgstr ""
9834
9835
#: serverguide/C/security.xml:1248(para)
9836
msgid ""
9837
"A common use for public-key cryptography is encrypting application traffic "
9838
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9839
"connection. For example, configuring Apache to provide "
9840
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9841
"encrypt traffic using a protocol that does not itself provide encryption."
9842
msgstr ""
9843
9844
#: serverguide/C/security.xml:1253(para)
9845
msgid ""
9846
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9847
"<emphasis>public key</emphasis> and other information about a server and the "
9848
"organization who is responsible for it. Certificates can be digitally signed "
9849
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
9850
"third party that has confirmed that the information contained in the "
9851
"certificate is accurate."
9852
msgstr ""
9853
9854
#: serverguide/C/security.xml:1260(title)
9855
msgid "Types of Certificates"
9856
msgstr ""
9857
9858
#: serverguide/C/security.xml:1261(para)
9859
msgid ""
9860
"To set up a secure server using public-key cryptography, in most cases, you "
9861
"send your certificate request (including your public key), proof of your "
9862
"company's identity, and payment to a CA. The CA verifies the certificate "
9863
"request and your identity, and then sends back a certificate for your secure "
9864
"server. Alternatively, you can create your own <emphasis>self-"
9865
"signed</emphasis> certificate."
9866
msgstr ""
9867
9868
#: serverguide/C/security.xml:1271(para)
9869
msgid ""
9870
"Note, that self-signed certificates should not be used in most production "
9871
"environments."
9872
msgstr ""
9873
9874
#: serverguide/C/security.xml:1275(para)
9875
msgid ""
9876
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9877
"capabilities that a self-signed certificate does not:"
9878
msgstr ""
9879
9880
#: serverguide/C/security.xml:1282(para)
9881
msgid ""
9882
"Browsers (usually) automatically recognize the certificate and allow a "
9883
"secure connection to be made without prompting the user."
9884
msgstr ""
9885
9886
#: serverguide/C/security.xml:1289(para)
9887
msgid ""
9888
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9889
"the organization that is providing the web pages to the browser."
9890
msgstr ""
9891
9892
#: serverguide/C/security.xml:1297(para)
9893
msgid ""
9894
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9895
"certificates they automatically accept. If a browser encounters a "
9896
"certificate whose authorizing CA is not in the list, the browser asks the "
9897
"user to either accept or decline the connection. Also, other applications "
9898
"may generate an error message when using a self-singed certificate."
9899
msgstr ""
9900
9901
#: serverguide/C/security.xml:1305(para)
9902
msgid ""
9903
"The process of getting a certificate from a CA is fairly easy. A quick "
9904
"overview is as follows:"
9905
msgstr ""
9906
9907
#: serverguide/C/security.xml:1312(para)
9908
msgid "Create a private and public encryption key pair."
9909
msgstr ""
9910
9911
#: serverguide/C/security.xml:1315(para)
9912
msgid ""
9913
"Create a certificate request based on the public key. The certificate "
9914
"request contains information about your server and the company hosting it."
9915
msgstr ""
9916
9917
#: serverguide/C/security.xml:1320(para)
9918
msgid ""
9919
"Send the certificate request, along with documents proving your identity, to "
9920
"a CA. We cannot tell you which certificate authority to choose. Your "
9921
"decision may be based on your past experiences, or on the experiences of "
9922
"your friends or colleagues, or purely on monetary factors."
9923
msgstr ""
9924
9925
#: serverguide/C/security.xml:1326(para)
9926
msgid ""
9927
"Once you have decided upon a CA, you need to follow the instructions they "
9928
"provide on how to obtain a certificate from them."
9929
msgstr ""
9930
9931
#: serverguide/C/security.xml:1331(para)
9932
msgid ""
9933
"When the CA is satisfied that you are indeed who you claim to be, they send "
9934
"you a digital certificate."
9935
msgstr ""
9936
9937
#: serverguide/C/security.xml:1335(para)
9938
msgid ""
9939
"Install this certificate on your secure server, and configure the "
9940
"appropriate applications to use the certificate."
9941
msgstr ""
9942
9943
#: serverguide/C/security.xml:1344(title)
9944
msgid "Generating a Certificate Signing Request (CSR)"
9945
msgstr ""
9946
9947
#: serverguide/C/security.xml:1346(para)
9948
msgid ""
9949
"Whether you are getting a certificate from a CA or generating your own self-"
9950
"signed certificate, the first step is to generate a key."
9951
msgstr ""
9952
9953
#: serverguide/C/security.xml:1351(para)
9954
msgid ""
9955
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9956
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9957
"passphrase allows the services to start without manual intervention, usually "
9958
"the preferred way to start a daemon."
9959
msgstr ""
9960
9961
#: serverguide/C/security.xml:1357(para)
9962
msgid ""
9963
"This section will cover generating a key with a passphrase, and one without. "
9964
"The non-passphrase key will then be used to generate a certificate that can "
9965
"be used with various service daemons."
9966
msgstr ""
9967
9968
#: serverguide/C/security.xml:1363(para)
9969
msgid ""
9970
"Running your secure service without a passphrase is convenient because you "
9971
"will not need to enter the passphrase every time you start your secure "
9972
"service. But it is insecure and a compromise of the key means a compromise "
9973
"of the server as well."
9974
msgstr ""
9975
9976
#: serverguide/C/security.xml:1370(para)
9977
msgid ""
9978
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9979
"Request (CSR) run the following command from a terminal prompt:"
9980
msgstr ""
9981
9982
#: serverguide/C/security.xml:1376(command)
9983
msgid "openssl genrsa -des3 -out server.key 1024"
9984
msgstr ""
9985
9986
#: serverguide/C/security.xml:1379(programlisting)
9987
#, no-wrap
9988
msgid ""
9989
"\n"
9990
"Generating RSA private key, 1024 bit long modulus\n"
9991
".....................++++++\n"
9992
".................++++++\n"
9993
"unable to write 'random state'\n"
9994
"e is 65537 (0x10001)\n"
9995
"Enter pass phrase for server.key:\n"
9996
msgstr ""
9997
9998
#: serverguide/C/security.xml:1388(para)
9999
msgid ""
10000
"You can now enter your passphrase. For best security, it should at least "
10001
"contain eight characters. The minimum length when specifying -des3 is four "
10002
"characters. It should include numbers and/or punctuation and not be a word "
10003
"in a dictionary. Also remember that your passphrase is case-sensitive."
10004
msgstr ""
10005
10006
#: serverguide/C/security.xml:1396(para)
10007
msgid ""
10008
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
10009
"server key is generated and stored in the <filename>server.key</filename> "
10010
"file."
10011
msgstr ""
10012
10013
#: serverguide/C/security.xml:1402(para)
10014
msgid ""
10015
"Now create the insecure key, the one without a passphrase, and shuffle the "
10016
"key names:"
10017
msgstr ""
10018
10019
#: serverguide/C/security.xml:1408(command)
10020
msgid "openssl rsa -in server.key -out server.key.insecure"
10021
msgstr ""
10022
10023
#: serverguide/C/security.xml:1409(command)
10024
msgid "mv server.key server.key.secure"
10025
msgstr ""
10026
10027
#: serverguide/C/security.xml:1410(command)
10028
msgid "mv server.key.insecure server.key"
10029
msgstr ""
10030
10031
#: serverguide/C/security.xml:1413(para)
10032
msgid ""
10033
"The insecure key is now named <filename>server.key</filename>, and you can "
10034
"use this file to generate the CSR without passphrase."
10035
msgstr ""
10036
10037
#: serverguide/C/security.xml:1418(para)
10038
msgid "To create the CSR, run the following command at a terminal prompt:"
10039
msgstr ""
10040
10041
#: serverguide/C/security.xml:1423(command)
10042
msgid "openssl req -new -key server.key -out server.csr"
10043
msgstr ""
10044
10045
#: serverguide/C/security.xml:1426(para)
10046
msgid ""
10047
"It will prompt you enter the passphrase. If you enter the correct "
10048
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
10049
"etc. Once you enter all these details, your CSR will be created and it will "
10050
"be stored in the <filename>server.csr</filename> file."
10051
msgstr ""
10052
10053
#: serverguide/C/security.xml:1434(para)
10054
msgid ""
10055
"You can now submit this CSR file to a CA for processing. The CA will use "
10056
"this CSR file and issue the certificate. On the other hand, you can create "
10057
"self-signed certificate using this CSR."
10058
msgstr ""
10059
10060
#: serverguide/C/security.xml:1442(title)
10061
msgid "Creating a Self-Signed Certificate"
10062
msgstr ""
10063
10064
#: serverguide/C/security.xml:1443(para)
10065
msgid ""
10066
"To create the self-signed certificate, run the following command at a "
10067
"terminal prompt:"
10068
msgstr ""
10069
10070
#: serverguide/C/security.xml:1448(command)
10071
msgid ""
10072
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
10073
"server.crt"
10074
msgstr ""
10075
10076
#: serverguide/C/security.xml:1451(para)
10077
msgid ""
10078
"The above command will prompt you to enter the passphrase. Once you enter "
10079
"the correct passphrase, your certificate will be created and it will be "
10080
"stored in the <filename>server.crt</filename> file."
10081
msgstr ""
10082
10083
#: serverguide/C/security.xml:1456(para)
10084
msgid ""
10085
"If your secure server is to be used in a production environment, you "
10086
"probably need a CA-signed certificate. It is not recommended to use self-"
10087
"signed certificate."
10088
msgstr ""
10089
10090
#: serverguide/C/security.xml:1464(title)
10091
msgid "Installing the Certificate"
10092
msgstr ""
10093
10094
#: serverguide/C/security.xml:1466(para)
10095
msgid ""
10096
"You can install the key file <filename>server.key</filename> and certificate "
10097
"file <filename>server.crt</filename>, or the certificate file issued by your "
10098
"CA, by running following commands at a terminal prompt:"
10099
msgstr ""
10100
10101
#: serverguide/C/security.xml:1472(command)
10102
msgid "sudo cp server.crt /etc/ssl/certs"
10103
msgstr ""
10104
10105
#: serverguide/C/security.xml:1473(command)
10106
msgid "sudo cp server.key /etc/ssl/private"
10107
msgstr ""
10108
10109
#: serverguide/C/security.xml:1475(para)
10110
msgid ""
10111
"Now simply configure any applications, with the ability to use public-key "
10112
"cryptography, to use the <emphasis>certificate</emphasis> and "
10113
"<emphasis>key</emphasis> files. For example, "
10114
"<application>Apache</application> can provide HTTPS, "
10115
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
10116
msgstr ""
10117
10118
#: serverguide/C/security.xml:1482(title)
10119
msgid "Certification Authority"
10120
msgstr ""
10121
10122
#: serverguide/C/security.xml:1484(para)
10123
msgid ""
10124
"If the services on your network require more than a few self-signed "
10125
"certificates it may be worth the additional effort to setup your own "
10126
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
10127
"certificates signed by your own CA, allows the various services using the "
10128
"certificates to easily trust other services using certificates issued from "
10129
"the same CA."
10130
msgstr ""
10131
10132
#: serverguide/C/security.xml:1494(para)
10133
msgid ""
10134
"First, create the directories to hold the CA certificate and related files:"
10135
msgstr ""
10136
10137
#: serverguide/C/security.xml:1499(command)
10138
msgid "sudo mkdir /etc/ssl/CA"
10139
msgstr ""
10140
10141
#: serverguide/C/security.xml:1500(command)
10142
msgid "sudo mkdir /etc/ssl/newcerts"
10143
msgstr ""
10144
10145
#: serverguide/C/security.xml:1506(para)
10146
msgid ""
10147
"The CA needs a few additional files to operate, one to keep track of the "
10148
"last serial number used by the CA, each certificate must have a unique "
10149
"serial number, and another file to record which certificates have been "
10150
"issued:"
10151
msgstr ""
10152
10153
#: serverguide/C/security.xml:1513(command)
10154
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10155
msgstr ""
10156
10157
#: serverguide/C/security.xml:1514(command)
10158
msgid "sudo touch /etc/ssl/CA/index.txt"
10159
msgstr ""
10160
10161
#: serverguide/C/security.xml:1520(para)
10162
msgid ""
10163
"The third file is a CA configuration file. Though not strictly necessary, it "
10164
"is very convenient when issuing multiple certificates. Edit "
10165
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
10166
"]</emphasis> change:"
10167
msgstr ""
10168
10169
#: serverguide/C/security.xml:1526(programlisting)
10170
#, no-wrap
10171
msgid ""
10172
"\n"
10173
"dir = /etc/ssl/ # Where everything is kept\n"
10174
"database = $dir/CA/index.txt # database index file.\n"
10175
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10176
"serial = $dir/CA/serial # The current serial number\n"
10177
"private_key = $dir/private/cakey.pem# The private key\n"
10178
msgstr ""
10179
10180
#: serverguide/C/security.xml:1537(para)
10181
msgid "Next, create the self-singed root certificate:"
10182
msgstr ""
10183
10184
#: serverguide/C/security.xml:1542(command)
10185
msgid ""
10186
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10187
"days 3650"
10188
msgstr ""
10189
10190
#: serverguide/C/security.xml:1545(para)
10191
msgid "You will then be asked to enter the details about the certificate."
10192
msgstr ""
10193
10194
#: serverguide/C/security.xml:1552(para)
10195
msgid "Now install the root certificate and key:"
10196
msgstr ""
10197
10198
#: serverguide/C/security.xml:1557(command)
10199
msgid "sudo mv cakey.pem /etc/ssl/private/"
10200
msgstr ""
10201
10202
#: serverguide/C/security.xml:1558(command)
10203
msgid "sudo mv cacert.pem /etc/ssl/certs/"
10204
msgstr ""
10205
10206
#: serverguide/C/security.xml:1564(para)
10207
msgid ""
10208
"You are now ready to start signing certificates. The first item needed is a "
10209
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
10210
"for details. Once you have a CSR, enter the following to generate a "
10211
"certificate signed by the CA:"
10212
msgstr ""
10213
10214
#: serverguide/C/security.xml:1571(command)
10215
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10216
msgstr ""
10217
10218
#: serverguide/C/security.xml:1574(para)
10219
msgid ""
10220
"After entering the password for the CA key, you will be prompted to sign the "
10221
"certificate, and again to commit the new certificate. You should then see a "
10222
"somewhat large amount of output related to the certificate creation."
10223
msgstr ""
10224
10225
#: serverguide/C/security.xml:1583(para)
10226
msgid ""
10227
"There should now be a new file, "
10228
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
10229
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
10230
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
10231
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
10232
"the server where the certificate will be installed. For example "
10233
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
10234
msgstr ""
10235
10236
#: serverguide/C/security.xml:1591(para)
10237
msgid ""
10238
"Subsequent certificates will be named <filename>02.pem</filename>, "
10239
"<filename>03.pem</filename>, etc."
10240
msgstr ""
10241
10242
#: serverguide/C/security.xml:1596(para)
10243
msgid ""
10244
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
10245
"name."
10246
msgstr ""
10247
10248
#: serverguide/C/security.xml:1604(para)
10249
msgid ""
10250
"Finally, copy the new certificate to the host that needs it, and configure "
10251
"the appropriate applications to use it. The default location to install "
10252
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
10253
"enables multiple services to use the same certificate without overly "
10254
"complicated file permissions."
10255
msgstr ""
10256
10257
#: serverguide/C/security.xml:1610(para)
10258
msgid ""
10259
"For applications that can be configured to use a CA certificate, you should "
10260
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
10261
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
10262
"server."
10263
msgstr ""
10264
10265
#: serverguide/C/security.xml:1624(para)
10266
msgid ""
10267
"For more detailed instructions on using cryptography see the <ulink "
10268
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
10269
"Certificates HOWTO</ulink> by tlpd.org"
10270
msgstr ""
10271
10272
#: serverguide/C/security.xml:1630(para)
10273
msgid ""
10274
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
10275
"of Certificate Authorities."
10276
msgstr ""
10277
10278
#: serverguide/C/security.xml:1635(para)
10279
msgid ""
10280
"The Wikipedia <ulink "
10281
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
10282
"information regarding HTTPS."
10283
msgstr ""
10284
10285
#: serverguide/C/security.xml:1640(para)
10286
msgid ""
10287
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
10288
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
10289
msgstr ""
10290
10291
#: serverguide/C/security.xml:1645(para)
10292
msgid ""
10293
"Also, O'Reilly's <ulink "
10294
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
10295
"OpenSSL</ulink> is a good in depth reference."
10296
msgstr ""
10297
10298
#: serverguide/C/security.xml:1654(title)
10299
msgid "eCryptfs"
10300
msgstr ""
10301
10302
#: serverguide/C/security.xml:1656(para)
10303
msgid ""
10304
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
10305
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
10306
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
10307
"filesystem, partition type, etc."
10308
msgstr ""
10309
10310
#: serverguide/C/security.xml:1662(para)
10311
msgid ""
10312
"During installation there is an option to encrypt the <filename "
10313
"role=\"directory\">/home</filename> partition. This will automatically "
10314
"configure everything needed to encrypt and mount the partition."
10315
msgstr ""
10316
10317
#: serverguide/C/security.xml:1667(para)
10318
msgid ""
10319
"As an example, this section will cover configuring <filename "
10320
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
10321
msgstr ""
10322
10323
#: serverguide/C/security.xml:1672(title)
10324
msgid "Using eCryptfs"
10325
msgstr ""
10326
10327
#: serverguide/C/security.xml:1674(para)
10328
msgid "First, install the necessary packages. From a terminal prompt enter:"
10329
msgstr ""
10330
10331
#: serverguide/C/security.xml:1679(command)
10332
msgid "sudo apt-get install ecryptfs-utils"
10333
msgstr ""
10334
10335
#: serverguide/C/security.xml:1682(para)
10336
msgid "Now mount the partition to be encrypted:"
10337
msgstr ""
10338
10339
#: serverguide/C/security.xml:1687(command)
10340
msgid "sudo mount -t ecryptfs /srv /srv"
10341
msgstr ""
10342
10343
#: serverguide/C/security.xml:1690(para)
10344
msgid ""
10345
"You will then be prompted for some details on how "
10346
"<application>ecryptfs</application> should encrypt the data."
10347
msgstr ""
10348
10349
#: serverguide/C/security.xml:1694(para)
10350
msgid ""
10351
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
10352
"copy the <filename>/etc/default</filename> folder to "
10353
"<filename>/srv</filename>:"
10354
msgstr ""
10355
10356
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
10357
msgid "sudo cp -r /etc/default /srv"
10358
msgstr ""
10359
10360
#: serverguide/C/security.xml:1703(para)
10361
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
10362
msgstr ""
10363
10364
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
10365
msgid "sudo umount /srv"
10366
msgstr ""
10367
10368
#: serverguide/C/security.xml:1709(command)
10369
msgid "cat /srv/default/cron"
10370
msgstr ""
10371
10372
#: serverguide/C/security.xml:1712(para)
10373
msgid ""
10374
"Remounting <filename>/srv</filename> using "
10375
"<application>ecryptfs</application> will make the data viewable once again."
10376
msgstr ""
10377
10378
#: serverguide/C/security.xml:1718(title)
10379
msgid "Automatically Mounting Encrypted Partitions"
10380
msgstr ""
10381
10382
#: serverguide/C/security.xml:1720(para)
10383
msgid ""
10384
"There are a couple of ways to automatically mount an "
10385
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10386
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10387
"mount options, along with a passphrase file residing on a USB key."
10388
msgstr ""
10389
10390
#: serverguide/C/security.xml:1726(para)
10391
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10392
msgstr ""
10393
10394
#: serverguide/C/security.xml:1730(programlisting)
10395
#, no-wrap
10396
msgid ""
10397
"\n"
10398
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10399
"ecryptfs_sig=5826dd62cf81c615\n"
10400
"ecryptfs_cipher=aes\n"
10401
"ecryptfs_key_bytes=16\n"
10402
"ecryptfs_passthrough=n\n"
10403
"ecryptfs_enable_filename_crypto=n\n"
10404
msgstr ""
10405
10406
#: serverguide/C/security.xml:1740(para)
10407
msgid ""
10408
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10409
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10410
msgstr ""
10411
10412
#: serverguide/C/security.xml:1745(para)
10413
msgid ""
10414
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10415
"file:"
10416
msgstr ""
10417
10418
#: serverguide/C/security.xml:1749(programlisting)
10419
#, no-wrap
10420
msgid ""
10421
"\n"
10422
"passphrase_passwd=[secrets]\n"
10423
msgstr ""
10424
10425
#: serverguide/C/security.xml:1753(para)
10426
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10427
msgstr ""
10428
10429
#: serverguide/C/security.xml:1757(programlisting)
10430
#, no-wrap
10431
msgid ""
10432
"\n"
10433
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10434
"/srv /srv ecryptfs defaults 0 0\n"
10435
msgstr ""
10436
10437
#: serverguide/C/security.xml:1762(para)
10438
msgid "Make sure the USB drive is mounted before the encrypted partition."
10439
msgstr ""
10440
10441
#: serverguide/C/security.xml:1766(para)
10442
msgid ""
10443
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10444
"ecryptfs."
10445
msgstr ""
10446
10447
#: serverguide/C/security.xml:1774(para)
10448
msgid ""
10449
"The <application>ecryptfs-utils</application> package includes several other "
10450
"useful utilities:"
10451
msgstr ""
10452
10453
#: serverguide/C/security.xml:1780(para)
10454
msgid ""
10455
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10456
"<filename>~/Private</filename> directory to contain encrypted information. "
10457
"This utility can be run by unprivileged users to keep data private from "
10458
"other users on the system."
10459
msgstr ""
10460
10461
#: serverguide/C/security.xml:1787(para)
10462
msgid ""
10463
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10464
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10465
"directory."
10466
msgstr ""
10467
10468
#: serverguide/C/security.xml:1793(para)
10469
msgid ""
10470
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10471
"kernel keyring."
10472
msgstr ""
10473
10474
#: serverguide/C/security.xml:1798(para)
10475
msgid ""
10476
"<emphasis>ecryptfs-manager:</emphasis> manages "
10477
"<application>eCryptfs</application> objects such as keys."
10478
msgstr ""
10479
10480
#: serverguide/C/security.xml:1803(para)
10481
msgid ""
10482
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10483
"<application>ecryptfs</application> meta information for a file."
10484
msgstr ""
10485
10486
#: serverguide/C/security.xml:1816(para)
10487
msgid ""
10488
"For more information on eCryptfs see the <ulink "
10489
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10490
msgstr ""
10491
10492
#: serverguide/C/security.xml:1821(para)
10493
msgid ""
10494
"There is also a <ulink "
10495
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10496
"article covering eCryptfs."
10497
msgstr ""
10498
10499
#: serverguide/C/security.xml:1826(para)
10500
msgid ""
10501
"Also, for more <application>ecryptfs</application> options see the <ulink "
10502
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
10503
"ecryptfs man page</ulink>."
10504
msgstr ""
10505
10506
#: serverguide/C/security.xml:1832(para)
10507
msgid ""
10508
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10509
"Ubuntu Wiki</ulink> page also has more details."
10510
msgstr ""
10511
10512
#: serverguide/C/reporting-bugs.xml:13(title)
10513
msgid "Appendix"
10514
msgstr ""
10515
10516
#: serverguide/C/reporting-bugs.xml:16(title)
10517
msgid "Reporting Bugs in Ubuntu Server Edition"
10518
msgstr ""
10519
10520
#: serverguide/C/reporting-bugs.xml:18(para)
10521
msgid ""
10522
"While the Ubuntu Project attempts to release software with as few bugs as "
10523
"possible, they do occur. You can help fix these bugs by reporting ones that "
10524
"you find to the project. The Ubuntu Project uses <ulink "
10525
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10526
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10527
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10528
"account</ulink>."
10529
msgstr ""
10530
10531
#: serverguide/C/reporting-bugs.xml:30(title)
10532
msgid "Reporting Bugs With ubuntu-bug"
10533
msgstr ""
10534
10535
#: serverguide/C/reporting-bugs.xml:32(para)
10536
msgid ""
10537
"The preferred way to report a bug is with the <application>ubuntu-"
10538
"bug</application> command. The ubuntu-bug tool gathers information about the "
10539
"system useful to developers in diagnosing the reported problem that will "
10540
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10541
"need to be filed against a specific software package, thus the name of the "
10542
"package that the bug occurs in needs to be given to ubuntu-bug:"
10543
msgstr ""
10544
10545
#: serverguide/C/reporting-bugs.xml:43(command)
10546
msgid "ubuntu-bug PACKAGENAME"
10547
msgstr ""
10548
10549
#: serverguide/C/reporting-bugs.xml:46(para)
10550
msgid ""
10551
"For example, to file a bug against the openssh-server package, you would do:"
10552
msgstr ""
10553
10554
#: serverguide/C/reporting-bugs.xml:51(command)
10555
msgid "ubuntu-bug openssh-server"
10556
msgstr ""
10557
10558
#: serverguide/C/reporting-bugs.xml:54(para)
10559
msgid ""
10560
"You can specify either a binary package or the source package for ubuntu-"
10561
"bug. Again using openssh-server as an example, you could also generate the "
10562
"report against the source package for openssh-server, openssh:"
10563
msgstr ""
10564
10565
#: serverguide/C/reporting-bugs.xml:62(command)
10566
msgid "ubuntu-bug openssh"
10567
msgstr ""
10568
10569
#: serverguide/C/reporting-bugs.xml:66(para)
10570
msgid ""
10571
"See <xref linkend=\"package-management\"/> for more information about "
10572
"packages in Ubuntu."
10573
msgstr ""
10574
10575
#: serverguide/C/reporting-bugs.xml:72(para)
10576
msgid ""
10577
"The ubuntu-bug command will gather information about the system in question, "
10578
"possibly including information specific to the specified package, and then "
10579
"ask you what you would like to do with collected information:"
10580
msgstr ""
10581
10582
#: serverguide/C/reporting-bugs.xml:80(command)
10583
msgid "ubuntu-bug postgresql"
10584
msgstr ""
10585
10586
#: serverguide/C/reporting-bugs.xml:79(screen)
10587
#, no-wrap
10588
msgid ""
10589
"\n"
10590
"<placeholder-1/>\n"
10591
"\n"
10592
"*** Collecting problem information\n"
10593
"\n"
10594
"The collected information can be sent to the developers to improve the\n"
10595
"application. This might take a few minutes.\n"
10596
"..........\n"
10597
"\n"
10598
"*** Send problem report to the developers?\n"
10599
"\n"
10600
"After the problem report has been sent, please fill out the form in the\n"
10601
"automatically opened web browser.\n"
10602
"\n"
10603
"What would you like to do? Your options are:\n"
10604
" S: Send report (1.7 KiB)\n"
10605
" V: View report\n"
10606
" K: Keep report file for sending later or copying to somewhere else\n"
10607
" C: Cancel\n"
10608
"Please choose (S/V/K/C):\n"
10609
msgstr ""
10610
10611
#: serverguide/C/reporting-bugs.xml:101(para)
10612
msgid "The options available are:"
10613
msgstr ""
10614
10615
#: serverguide/C/reporting-bugs.xml:108(para)
10616
msgid ""
10617
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
10618
"the collected information to Launchpad as part of the the process of filing "
10619
"a bug report. You will be given the opportunity to describe the situation "
10620
"that led up to the occurrence of the bug."
10621
msgstr ""
10622
10623
#: serverguide/C/reporting-bugs.xml:115(screen)
10624
#, no-wrap
10625
msgid ""
10626
"\n"
10627
"*** Uploading problem information\n"
10628
"\n"
10629
"The collected information is being sent to the bug tracking system.\n"
10630
"This might take a few minutes.\n"
10631
"91%\n"
10632
"\n"
10633
"*** To continue, you must visit the following URL:\n"
10634
"\n"
10635
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
10636
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
10637
"\n"
10638
"You can launch a browser now, or copy this URL into a browser on another\n"
10639
"computer.\n"
10640
"\n"
10641
"Choices:\n"
10642
" 1: Launch a browser now\n"
10643
" C: Cancel\n"
10644
"Please choose (1/C):\n"
10645
msgstr ""
10646
10647
#: serverguide/C/reporting-bugs.xml:135(para)
10648
msgid ""
10649
"If you choose to start a browser, by default the text based web browser "
10650
"<application>w3m</application> will be used to finish filing the bug report. "
10651
"Alternately, you can copy the given URL to a currently running web browser."
10652
msgstr ""
10653
10654
#: serverguide/C/reporting-bugs.xml:144(para)
10655
msgid ""
10656
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
10657
"the collected information to be displayed to the terminal for review."
10658
msgstr ""
10659
10660
#: serverguide/C/reporting-bugs.xml:150(screen)
10661
#, no-wrap
10662
msgid ""
10663
"\n"
10664
"Package: postgresql 8.4.2-2\n"
10665
"PackageArchitecture: all\n"
10666
"Tags: lucid\n"
10667
"ProblemType: Bug\n"
10668
"ProcEnviron:\n"
10669
" LANG=en_US.UTF-8\n"
10670
" SHELL=/bin/bash\n"
10671
"Uname: Linux 2.6.32-16-server x86_64\n"
10672
"Dependencies:\n"
10673
" adduser 3.112ubuntu1\n"
10674
" base-files 5.0.0ubuntu10\n"
10675
" base-passwd 3.5.22\n"
10676
" coreutils 7.4-2ubuntu2\n"
10677
"...\n"
10678
msgstr ""
10679
10680
#: serverguide/C/reporting-bugs.xml:167(para)
10681
msgid ""
10682
"After viewing the report, you will be brought back to the same menu asking "
10683
"what you would like to do with the report."
10684
msgstr ""
10685
10686
#: serverguide/C/reporting-bugs.xml:174(para)
10687
msgid ""
10688
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
10689
"File causes the gathered information to be written to a file. This file can "
10690
"then be used to later file a bug report or transferred to a different Ubuntu "
10691
"system for reporting. To submit the report file, simply give it as an "
10692
"argument to the ubuntu-bug command:"
10693
msgstr ""
10694
10695
#: serverguide/C/reporting-bugs.xml:189(userinput)
10696
#, no-wrap
10697
msgid "k"
10698
msgstr ""
10699
10700
#: serverguide/C/reporting-bugs.xml:192(command)
10701
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10702
msgstr ""
10703
10704
#: serverguide/C/reporting-bugs.xml:183(screen)
10705
#, no-wrap
10706
msgid ""
10707
"\n"
10708
"What would you like to do? Your options are:\n"
10709
" S: Send report (1.7 KiB)\n"
10710
" V: View report\n"
10711
" K: Keep report file for sending later or copying to somewhere else\n"
10712
" C: Cancel\n"
10713
"Please choose (S/V/K/C): <placeholder-1/>\n"
10714
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
10715
"\n"
10716
"<placeholder-2/>\n"
10717
"\n"
10718
"*** Send problem report to the developers?\n"
10719
"...\n"
10720
msgstr ""
10721
10722
#: serverguide/C/reporting-bugs.xml:200(para)
10723
msgid ""
10724
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
10725
"collected information to be discarded."
10726
msgstr ""
10727
10728
#: serverguide/C/reporting-bugs.xml:210(title)
10729
msgid "Reporting Application Crashes"
10730
msgstr ""
10731
10732
#: serverguide/C/reporting-bugs.xml:212(para)
10733
msgid ""
10734
"The software package that provides the ubuntu-bug utility, "
10735
"<application>apport</application>, can be configured to trigger when "
10736
"applications crash. This is disabled by default, as capturing a crash can be "
10737
"resource intensive depending on how much memory the application that crashed "
10738
"was using as apport captures and processes the core dump."
10739
msgstr ""
10740
10741
#: serverguide/C/reporting-bugs.xml:221(para)
10742
msgid ""
10743
"Configuring apport to capture information about crashing applications "
10744
"requires a couple of steps. First, <application>gdb</application> needs to "
10745
"be installed; it is not installed by default in Ubuntu Server Edition."
10746
msgstr ""
10747
10748
#: serverguide/C/reporting-bugs.xml:229(command)
10749
msgid "sudo apt-get install gdb"
10750
msgstr ""
10751
10752
#: serverguide/C/reporting-bugs.xml:232(para)
10753
msgid ""
10754
"See <xref linkend=\"package-management\"/> for more information about "
10755
"managing packages in Ubuntu."
10756
msgstr ""
10757
10758
#: serverguide/C/reporting-bugs.xml:237(para)
10759
msgid ""
10760
"Once you have ensured that gdb is installed, open the file "
10761
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10762
"<emphasis>enabled</emphasis> setting to be <emphasis "
10763
"role=\"bold\">1</emphasis> like so:"
10764
msgstr ""
10765
10766
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10767
#, no-wrap
10768
msgid ""
10769
"\n"
10770
"# set this to 0 to disable apport, or to 1 to enable it\n"
10771
"# you can temporarily override this with\n"
10772
"# sudo service apport start force_start=1\n"
10773
"enabled=<userinput>1</userinput>\n"
10774
"\n"
10775
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10776
"maxsize=209715200\n"
10777
msgstr ""
10778
10779
#: serverguide/C/reporting-bugs.xml:254(para)
10780
msgid ""
10781
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10782
"start the apport service:"
10783
msgstr ""
10784
10785
#: serverguide/C/reporting-bugs.xml:261(command)
10786
msgid "sudo start apport"
10787
msgstr ""
10788
10789
#: serverguide/C/reporting-bugs.xml:264(para)
10790
msgid ""
10791
"After an application crashes, use the <application>apport-cli</application> "
10792
"command to search for the existing saved crash report information:"
10793
msgstr ""
10794
10795
#: serverguide/C/reporting-bugs.xml:271(command)
10796
msgid "apport-cli"
10797
msgstr ""
10798
10799
#: serverguide/C/reporting-bugs.xml:270(screen)
10800
#, no-wrap
10801
msgid ""
10802
"\n"
10803
"<placeholder-1/>\n"
10804
"\n"
10805
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10806
"\n"
10807
"If you were not doing anything confidential (entering passwords or other\n"
10808
"private information), you can help to improve the application by\n"
10809
"reporting\n"
10810
"the problem.\n"
10811
"\n"
10812
"What would you like to do? Your options are:\n"
10813
" R: Report Problem...\n"
10814
" I: Cancel and ignore future crashes of this program version\n"
10815
" C: Cancel\n"
10816
"Please choose (R/I/C):\n"
10817
msgstr ""
10818
10819
#: serverguide/C/reporting-bugs.xml:287(para)
10820
msgid ""
10821
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10822
"steps as when using ubuntu-bug. One important difference is that a crash "
10823
"report will be marked as private when filed on Launchpad, meaning that it "
10824
"will be visible to only a limited set of bug triagers. These triagers will "
10825
"review the gathered data for private information before making the bug "
10826
"report publicly visible."
10827
msgstr ""
10828
10829
#: serverguide/C/reporting-bugs.xml:307(para)
10830
msgid ""
10831
"See the <ulink "
10832
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10833
"Bugs</ulink> Ubuntu wiki page."
10834
msgstr ""
10835
10836
#: serverguide/C/reporting-bugs.xml:313(para)
10837
msgid ""
10838
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10839
"has some useful information. Though some of it pertains to using a GUI."
10840
msgstr ""
10841
10842
#: serverguide/C/remote-administration.xml:13(title)
10843
msgid "Remote Administration"
10844
msgstr ""
10845
10846
#: serverguide/C/remote-administration.xml:14(para)
10847
msgid ""
10848
"There are many ways to remotely administer a Linux server. This chapter will "
10849
"cover one of the most popular <application>OpenSSH</application>."
10850
msgstr ""
10851
10852
#: serverguide/C/remote-administration.xml:22(para)
10853
msgid ""
10854
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10855
"tools for the remote control of networked computers and transfer of data "
10856
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10857
"also learn about some of the configuration settings possible with the "
10858
"OpenSSH server application and how to change them on your Ubuntu system."
10859
msgstr ""
10860
10861
#: serverguide/C/remote-administration.xml:29(para)
10862
msgid ""
10863
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10864
"family of tools for remotely controlling a computer or transferring files "
10865
"between computers. Traditional tools used to accomplish these functions, "
10866
"such as <application>telnet</application> or <application>rcp</application>, "
10867
"are insecure and transmit the user's password in cleartext when used. "
10868
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10869
"encrypted remote control and file transfer operations, effectively replacing "
10870
"the legacy tools."
10871
msgstr ""
10872
10873
#: serverguide/C/remote-administration.xml:38(para)
10874
msgid ""
10875
"The OpenSSH server component, <application>sshd</application>, listens "
10876
"continuously for client connections from any of the client tools. When a "
10877
"connection request occurs, <application>sshd</application> sets up the "
10878
"correct connection depending on the type of client tool connecting. For "
10879
"example, if the remote computer is connecting with the "
10880
"<application>ssh</application> client application, the OpenSSH server sets "
10881
"up a remote control session after authentication. If a remote user connects "
10882
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
10883
"daemon initiates a secure copy of files between the server and client after "
10884
"authentication. OpenSSH can use many authentication methods, including plain "
10885
"password, public key, and <application>Kerberos</application> tickets."
10886
msgstr ""
10887
10888
#: serverguide/C/remote-administration.xml:52(para)
10889
msgid ""
10890
"Installation of the OpenSSH client and server applications is simple. To "
10891
"install the OpenSSH client applications on your Ubuntu system, use this "
10892
"command at a terminal prompt:"
10893
msgstr ""
10894
10895
#: serverguide/C/remote-administration.xml:58(command)
10896
msgid "sudo apt-get install openssh-client"
10897
msgstr ""
10898
10899
#: serverguide/C/remote-administration.xml:60(para)
10900
msgid ""
10901
"To install the OpenSSH server application, and related support files, use "
10902
"this command at a terminal prompt:"
10903
msgstr ""
10904
10905
#: serverguide/C/remote-administration.xml:65(command)
10906
msgid "sudo apt-get install openssh-server"
10907
msgstr ""
10908
10909
#: serverguide/C/remote-administration.xml:67(para)
10910
msgid ""
10911
"The <application>openssh-server</application> package can also be selected "
10912
"to install during the Server Edition installation process."
10913
msgstr ""
10914
10915
#: serverguide/C/remote-administration.xml:74(para)
10916
msgid ""
10917
"You may configure the default behavior of the OpenSSH server application, "
10918
"<application>sshd</application>, by editing the file "
10919
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10920
"configuration directives used in this file, you may view the appropriate "
10921
"manual page with the following command, issued at a terminal prompt:"
10922
msgstr ""
10923
10924
#: serverguide/C/remote-administration.xml:82(command)
10925
msgid "man sshd_config"
10926
msgstr ""
10927
10928
#: serverguide/C/remote-administration.xml:84(para)
10929
msgid ""
10930
"There are many directives in the <application>sshd</application> "
10931
"configuration file controlling such things as communication settings and "
10932
"authentication modes. The following are examples of configuration directives "
10933
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10934
"file."
10935
msgstr ""
10936
10937
#: serverguide/C/remote-administration.xml:91(para)
10938
msgid ""
10939
"Prior to editing the configuration file, you should make a copy of the "
10940
"original file and protect it from writing so you will have the original "
10941
"settings as a reference and to reuse as necessary."
10942
msgstr ""
10943
10944
#: serverguide/C/remote-administration.xml:95(para)
10945
msgid ""
10946
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10947
"writing with the following commands, issued at a terminal prompt:"
10948
msgstr ""
10949
10950
#: serverguide/C/remote-administration.xml:100(command)
10951
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10952
msgstr ""
10953
10954
#: serverguide/C/remote-administration.xml:101(command)
10955
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10956
msgstr ""
10957
10958
#: serverguide/C/remote-administration.xml:103(para)
10959
msgid ""
10960
"The following are examples of configuration directives you may change:"
10961
msgstr ""
10962
10963
#: serverguide/C/remote-administration.xml:108(para)
10964
msgid ""
10965
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10966
"port 22, change the Port directive as such:"
10967
msgstr ""
10968
10969
#: serverguide/C/remote-administration.xml:112(para)
10970
msgid "Port 2222"
10971
msgstr ""
10972
10973
#: serverguide/C/remote-administration.xml:117(para)
10974
msgid ""
10975
"To have <application>sshd</application> allow public key-based login "
10976
"credentials, simply add or modify the line:"
10977
msgstr ""
10978
10979
#: serverguide/C/remote-administration.xml:121(para)
10980
msgid "PubkeyAuthentication yes"
10981
msgstr ""
10982
10983
#: serverguide/C/remote-administration.xml:124(para)
10984
msgid ""
10985
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10986
"present, ensure the line is not commented out."
10987
msgstr ""
10988
10989
#: serverguide/C/remote-administration.xml:130(para)
10990
msgid ""
10991
"To make your OpenSSH server display the contents of the "
10992
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10993
"or modify the line:"
10994
msgstr ""
10995
10996
#: serverguide/C/remote-administration.xml:135(para)
10997
msgid "Banner /etc/issue.net"
10998
msgstr ""
10999
11000
#: serverguide/C/remote-administration.xml:138(para)
11001
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
11002
msgstr ""
11003
11004
#: serverguide/C/remote-administration.xml:143(para)
11005
msgid ""
11006
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
11007
"save the file, and restart the <application>sshd</application> server "
11008
"application to effect the changes using the following command at a terminal "
11009
"prompt:"
11010
msgstr ""
11011
11012
#: serverguide/C/remote-administration.xml:152(para)
11013
msgid ""
11014
"Many other configuration directives for <application>sshd</application> are "
11015
"available for changing the server application's behavior to fit your needs. "
11016
"Be advised, however, if your only method of access to a server is "
11017
"<application>ssh</application>, and you make a mistake in configuring "
11018
"<application>sshd</application> via the "
11019
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
11020
"out of the server upon restarting it, or that the "
11021
"<application>sshd</application> server refuses to start due to an incorrect "
11022
"configuration directive, so be extra careful when editing this file on a "
11023
"remote server."
11024
msgstr ""
11025
11026
#: serverguide/C/remote-administration.xml:167(title)
11027
msgid "SSH Keys"
11028
msgstr ""
11029
11030
#: serverguide/C/remote-administration.xml:168(para)
11031
msgid ""
11032
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
11033
"the need of a password. SSH key authentication uses two keys a "
11034
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
11035
msgstr ""
11036
11037
#: serverguide/C/remote-administration.xml:172(para)
11038
msgid "To generate the keys, from a terminal prompt enter:"
11039
msgstr ""
11040
11041
#: serverguide/C/remote-administration.xml:176(command)
11042
msgid "ssh-keygen -t dsa"
11043
msgstr ""
11044
11045
#: serverguide/C/remote-administration.xml:178(para)
11046
msgid ""
11047
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
11048
"identity of the user. During the process you will be prompted for a "
11049
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
11050
"key."
11051
msgstr ""
11052
11053
#: serverguide/C/remote-administration.xml:182(para)
11054
msgid ""
11055
"By default the <emphasis>public</emphasis> key is saved in the file "
11056
"<filename>~/.ssh/id_dsa.pub</filename>, while "
11057
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
11058
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
11059
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
11060
msgstr ""
11061
11062
#: serverguide/C/remote-administration.xml:188(command)
11063
msgid "ssh-copy-id username@remotehost"
11064
msgstr ""
11065
11066
#: serverguide/C/remote-administration.xml:190(para)
11067
msgid ""
11068
"Finally, double check the permissions on the "
11069
"<filename>authorized_keys</filename> file, only the authenticated user "
11070
"should have read and write permissions. If the permissions are not correct "
11071
"change them by:"
11072
msgstr ""
11073
11074
#: serverguide/C/remote-administration.xml:195(command)
11075
msgid "chmod 600 .ssh/authorized_keys"
11076
msgstr ""
11077
11078
#: serverguide/C/remote-administration.xml:197(para)
11079
msgid ""
11080
"You should now be able to SSH to the host without being prompted for a "
11081
"password."
11082
msgstr ""
11083
11084
#: serverguide/C/remote-administration.xml:206(para)
11085
msgid ""
11086
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
11087
"page."
11088
msgstr ""
11089
11090
#: serverguide/C/remote-administration.xml:212(ulink)
11091
msgid "OpenSSH Website"
11092
msgstr ""
11093
11094
#: serverguide/C/remote-administration.xml:217(ulink)
11095
msgid "Advanced OpenSSH Wiki Page"
11096
msgstr ""
11097
11098
#: serverguide/C/package-management.xml:13(title)
11099
msgid "Package Management"
11100
msgstr ""
11101
11102
#: serverguide/C/package-management.xml:14(para)
11103
msgid ""
11104
"Ubuntu features a comprehensive package management system for the "
11105
"installation, upgrade, configuration, and removal of software. In addition "
11106
"to providing access to an organized base of over 24,000 software packages "
11107
"for your Ubuntu computer, the package management facilities also feature "
11108
"dependency resolution capabilities and software update checking."
11109
msgstr ""
11110
11111
#: serverguide/C/package-management.xml:16(para)
11112
msgid ""
11113
"Several tools are available for interacting with Ubuntu's package management "
11114
"system, from simple command-line utilities which may be easily automated by "
11115
"system administrators, to a simple graphical interface which is easy to use "
11116
"by those new to Ubuntu."
11117
msgstr ""
11118
11119
#: serverguide/C/package-management.xml:21(para)
11120
msgid ""
11121
"Ubuntu's package management system is derived from the same system used by "
11122
"the Debian GNU/Linux distribution. The package files contain all of the "
11123
"necessary files, meta-data, and instructions to implement a particular "
11124
"functionality or software application on your Ubuntu computer."
11125
msgstr ""
11126
11127
#: serverguide/C/package-management.xml:24(para)
11128
msgid ""
11129
"Debian package files typically have the extension '.deb', and typically "
11130
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
11131
"collections of packages found on various media, such as CD-ROM discs, or "
11132
"online. Packages are normally of the pre-compiled binary format; thus "
11133
"installation is quick and requires no compiling of software."
11134
msgstr ""
11135
11136
#: serverguide/C/package-management.xml:27(para)
11137
msgid ""
11138
"Many complex packages use the concept of <emphasis "
11139
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
11140
"packages required by the principal package in order to function properly. "
11141
"For example, the speech synthesis package "
11142
"<application>Festival</application> depends upon the package "
11143
"<application>libasound2</application>, which is a package supplying the "
11144
"<application>ALSA</application> sound library needed for audio playback. In "
11145
"order for <application>Festival</application> to function, it and all of its "
11146
"dependencies must be installed. The software management tools in Ubuntu will "
11147
"do this automatically."
11148
msgstr ""
11149
11150
#: serverguide/C/package-management.xml:32(title)
11151
msgid "dpkg"
11152
msgstr ""
11153
11154
#: serverguide/C/package-management.xml:34(para)
11155
msgid ""
11156
"<application>dpkg</application> is a package manager for "
11157
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
11158
"packages, but unlike other package management system's it can not "
11159
"automatically download and install packages and their dependencies. This "
11160
"section covers using <application>dpkg</application> to manage locally "
11161
"installed packages:"
11162
msgstr ""
11163
11164
#: serverguide/C/package-management.xml:43(para)
11165
msgid ""
11166
"To list all packages installed on the system, from a terminal prompt enter:"
11167
msgstr ""
11168
11169
#: serverguide/C/package-management.xml:48(command)
11170
msgid "dpkg -l"
11171
msgstr ""
11172
11173
#: serverguide/C/package-management.xml:54(para)
11174
msgid ""
11175
"Depending on the amount of packages on your system, this can generate a "
11176
"large amount of output. Pipe the output through "
11177
"<application>grep</application> to see if a specific package is installed:"
11178
msgstr ""
11179
11180
#: serverguide/C/package-management.xml:60(command)
11181
msgid "dpkg -l | grep apache2"
11182
msgstr ""
11183
11184
#: serverguide/C/package-management.xml:63(para)
11185
msgid ""
11186
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
11187
"package name, or other regular expression."
11188
msgstr ""
11189
11190
#: serverguide/C/package-management.xml:70(para)
11191
msgid ""
11192
"To list the files installed by a package, in this case the "
11193
"<application>ufw</application> package, enter:"
11194
msgstr ""
11195
11196
#: serverguide/C/package-management.xml:75(command)
11197
msgid "dpkg -L ufw"
11198
msgstr ""
11199
11200
#: serverguide/C/package-management.xml:81(para)
11201
msgid ""
11202
"If you are not sure which package installed a file, <application>dpkg -"
11203
"S</application> may be able to tell you. For example:"
11204
msgstr ""
11205
11206
#: serverguide/C/package-management.xml:87(command)
11207
msgid "dpkg -S /etc/host.conf"
11208
msgstr ""
11209
11210
#: serverguide/C/package-management.xml:88(computeroutput)
11211
#, no-wrap
11212
msgid "base-files: /etc/host.conf"
11213
msgstr ""
11214
11215
#: serverguide/C/package-management.xml:91(para)
11216
msgid ""
11217
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
11218
"<application>base-files</application> package."
11219
msgstr ""
11220
11221
#: serverguide/C/package-management.xml:96(para)
11222
msgid ""
11223
"Many files are automatically generated during the package install process, "
11224
"and even though they are on the filesystem <command>dpkg -S</command> may "
11225
"not know which package they belong to."
11226
msgstr ""
11227
11228
#: serverguide/C/package-management.xml:105(para)
11229
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
11230
msgstr ""
11231
11232
#: serverguide/C/package-management.xml:110(command)
11233
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
11234
msgstr ""
11235
11236
#: serverguide/C/package-management.xml:113(para)
11237
msgid ""
11238
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
11239
"the local .deb file."
11240
msgstr ""
11241
11242
#: serverguide/C/package-management.xml:120(para)
11243
msgid "Uninstalling a package can be accomplished by:"
11244
msgstr ""
11245
11246
#: serverguide/C/package-management.xml:125(command)
11247
msgid "sudo dpkg -r zip"
11248
msgstr ""
11249
11250
#: serverguide/C/package-management.xml:129(para)
11251
msgid ""
11252
"Uninstalling packages using <application>dpkg</application>, in most cases, "
11253
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
11254
"manager that handles dependencies, to ensure that the system is in a "
11255
"consistent state. For example using <command>dpkg -r</command> you can "
11256
"remove the <application>zip</application> package, but any packages that "
11257
"depend on it will still be installed and may no longer function correctly."
11258
msgstr ""
11259
11260
#: serverguide/C/package-management.xml:140(para)
11261
msgid ""
11262
"For more <application>dpkg</application> options see the man page: "
11263
"<command>man dpkg</command>."
11264
msgstr ""
11265
11266
#: serverguide/C/package-management.xml:146(title)
11267
msgid "Apt-Get"
11268
msgstr ""
11269
11270
#: serverguide/C/package-management.xml:147(para)
11271
msgid ""
11272
"The <application>apt-get</application> command is a powerful command-line "
11273
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
11274
"(APT) performing such functions as installation of new software packages, "
11275
"upgrade of existing software packages, updating of the package list index, "
11276
"and even upgrading the entire Ubuntu system."
11277
msgstr ""
11278
11279
#: serverguide/C/package-management.xml:150(para)
11280
msgid ""
11281
"Being a simple command-line tool, <application>apt-get</application> has "
11282
"numerous advantages over other package management tools available in Ubuntu "
11283
"for server administrators. Some of these advantages include ease of use over "
11284
"simple terminal connections (SSH) and the ability to be used in system "
11285
"administration scripts, which can in turn be automated by the "
11286
"<application>cron</application> scheduling utility."
11287
msgstr ""
11288
11289
#: serverguide/C/package-management.xml:157(para)
11290
msgid ""
11291
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
11292
"packages using the <application>apt-get</application> tool is quite simple. "
11293
"For example, to install the network scanner <emphasis "
11294
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
11295
"<command>sudo apt-get install nmap</command>\n"
11296
"</screen>"
11297
msgstr ""
11298
11299
#: serverguide/C/package-management.xml:165(para)
11300
msgid ""
11301
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
11302
"packages is also a straightforward and simple process. To remove the nmap "
11303
"package installed in the previous example, type the following: <screen>\n"
11304
"<command>sudo apt-get remove nmap</command>\n"
11305
"</screen>"
11306
msgstr ""
11307
11308
#: serverguide/C/package-management.xml:172(para)
11309
msgid ""
11310
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
11311
"multiple packages to be installed or removed, separated by spaces."
11312
msgstr ""
11313
11314
#: serverguide/C/package-management.xml:175(para)
11315
msgid ""
11316
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
11317
"remove</command> will remove the package configuration files as well. This "
11318
"may or may not be the desired effect so use with caution."
11319
msgstr ""
11320
11321
#: serverguide/C/package-management.xml:181(para)
11322
msgid ""
11323
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
11324
"index is essentially a database of available packages from the repositories "
11325
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
11326
"the local package index with the latest changes made in repositories, type "
11327
"the following: <screen>\n"
11328
"<command>sudo apt-get update</command>\n"
11329
"</screen>"
11330
msgstr ""
11331
11332
#: serverguide/C/package-management.xml:189(para)
11333
msgid ""
11334
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
11335
"versions of packages currently installed on your computer may become "
11336
"available from the package repositories (for example security updates). To "
11337
"upgrade your system, first update your package index as outlined above, and "
11338
"then type: <screen>\n"
11339
"<command>sudo apt-get upgrade</command>\n"
11340
"</screen>"
11341
msgstr ""
11342
11343
#: serverguide/C/package-management.xml:195(para)
11344
msgid ""
11345
"For information on upgrading to a new Ubuntu release see <xref "
11346
"linkend=\"installing-upgrading\"/>."
11347
msgstr ""
11348
11349
#: serverguide/C/package-management.xml:153(para)
11350
msgid ""
11351
"Some examples of popular uses for the <application>apt-get</application> "
11352
"utility: <placeholder-1/>"
11353
msgstr ""
11354
11355
#: serverguide/C/package-management.xml:201(para)
11356
msgid ""
11357
"Actions of the <application>apt-get</application> command, such as "
11358
"installation and removal of packages, are logged in the /var/log/dpkg.log "
11359
"log file."
11360
msgstr ""
11361
11362
#: serverguide/C/package-management.xml:204(para)
11363
msgid ""
11364
"For further information about the use of <application>APT</application>, "
11365
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
11366
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11367
"help</screen>"
11368
msgstr ""
11369
11370
#: serverguide/C/package-management.xml:208(title)
11371
msgid "Aptitude"
11372
msgstr ""
11373
11374
#: serverguide/C/package-management.xml:209(para)
11375
msgid ""
11376
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11377
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11378
"the common package management functions, such as installation, removal, and "
11379
"upgrade, are performed in <application>Aptitude</application> with single-"
11380
"key commands, which are typically lowercase letters."
11381
msgstr ""
11382
11383
#: serverguide/C/package-management.xml:212(para)
11384
msgid ""
11385
"<application>Aptitude</application> is best suited for use in a non-"
11386
"graphical terminal environment to ensure proper functioning of the command "
11387
"keys. You may start <application>Aptitude</application> as a normal user "
11388
"with the following command at a terminal prompt: <screen>\n"
11389
"<command>sudo aptitude</command>\n"
11390
"</screen>"
11391
msgstr ""
11392
11393
#: serverguide/C/package-management.xml:219(para)
11394
msgid ""
11395
"When <application>Aptitude</application> starts, you will see a menu bar at "
11396
"the top of the screen and two panes below the menu bar. The top pane "
11397
"contains package categories, such as <emphasis role=\"italics\">New "
11398
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11399
"Packages</emphasis>. The bottom pane contains information related to the "
11400
"packages and package categories."
11401
msgstr ""
11402
11403
#: serverguide/C/package-management.xml:222(para)
11404
msgid ""
11405
"Using <application>Aptitude</application> for package management is "
11406
"relatively straightforward, and the user interface makes common tasks simple "
11407
"to perform. The following are examples of common package management "
11408
"functions as performed in <application>Aptitude</application>:"
11409
msgstr ""
11410
11411
#: serverguide/C/package-management.xml:226(para)
11412
msgid ""
11413
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11414
"locate the package via the Not Installed Packages package category, for "
11415
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11416
"key, and highlight the package you wish to install. After highlighting the "
11417
"package you wish to install, press the <keycap>+</keycap> key, and the "
11418
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11419
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11420
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11421
"again, and you will be prompted to become root to complete the installation. "
11422
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11423
"your user password to become root. Finally, press <keycap>g</keycap> once "
11424
"more and you'll be prompted to download the package. Press "
11425
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11426
"prompt, and downloading and installation of the package will commence."
11427
msgstr ""
11428
11429
#: serverguide/C/package-management.xml:230(para)
11430
msgid ""
11431
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11432
"locate the package via the Installed Packages package category, for example, "
11433
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11434
"highlight the package you wish to remove. After highlighting the package you "
11435
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11436
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11437
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11438
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11439
"prompted to become root to complete the installation. Press "
11440
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11441
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11442
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11443
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11444
"the package will commence."
11445
msgstr ""
11446
11447
#: serverguide/C/package-management.xml:234(para)
11448
msgid ""
11449
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11450
"package index, simply press the <keycap>u</keycap> key and you will be "
11451
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11452
"which will result in a Password: prompt. Enter your user password to become "
11453
"root. Updating of the package index will commence. Press "
11454
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11455
"presented to complete the process."
11456
msgstr ""
11457
11458
#: serverguide/C/package-management.xml:238(para)
11459
msgid ""
11460
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11461
"perform the update of the package index as detailed above, and then press "
11462
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11463
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11464
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11465
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11466
"result in a Password: prompt. Enter your user password to become root. "
11467
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11468
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11469
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11470
"will commence."
11471
msgstr ""
11472
11473
#: serverguide/C/package-management.xml:245(para)
11474
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11475
msgstr ""
11476
11477
#: serverguide/C/package-management.xml:250(para)
11478
msgid ""
11479
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11480
"configuration remains on system"
11481
msgstr ""
11482
11483
#: serverguide/C/package-management.xml:254(para)
11484
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11485
msgstr ""
11486
11487
#: serverguide/C/package-management.xml:258(para)
11488
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11489
msgstr ""
11490
11491
#: serverguide/C/package-management.xml:262(para)
11492
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11493
msgstr ""
11494
11495
#: serverguide/C/package-management.xml:266(para)
11496
msgid ""
11497
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11498
"configured"
11499
msgstr ""
11500
11501
#: serverguide/C/package-management.xml:270(para)
11502
msgid ""
11503
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11504
"and requires fix"
11505
msgstr ""
11506
11507
#: serverguide/C/package-management.xml:274(para)
11508
msgid ""
11509
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11510
"requires fix"
11511
msgstr ""
11512
11513
#: serverguide/C/package-management.xml:242(para)
11514
msgid ""
11515
"The first column of information displayed in the package list in the top "
11516
"pane, when actually viewing packages lists the current state of the package, "
11517
"and uses the following key to describe the state of the package: "
11518
"<placeholder-1/>"
11519
msgstr ""
11520
11521
#: serverguide/C/package-management.xml:280(para)
11522
msgid ""
11523
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11524
"wish to exit. Many other functions are available from the Aptitude menu by "
11525
"pressing the <keycap>F10</keycap> key."
11526
msgstr ""
11527
11528
#: serverguide/C/package-management.xml:285(title)
11529
msgid "Automatic Updates"
11530
msgstr ""
11531
11532
#: serverguide/C/package-management.xml:287(para)
11533
msgid ""
11534
"The <application>unattended-upgrades</application> package can be used to "
11535
"automatically install updated packages, and can be configured to update all "
11536
"packages or just install security updates. First, install the package by "
11537
"entering the following in a terminal:"
11538
msgstr ""
11539
11540
#: serverguide/C/package-management.xml:293(command)
11541
msgid "sudo apt-get install unattended-upgrades"
11542
msgstr ""
11543
11544
#: serverguide/C/package-management.xml:296(para)
11545
msgid ""
11546
"To configure <application>unattended-upgrades</application>, edit "
11547
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11548
"the following to fit your needs:"
11549
msgstr ""
11550
11551
#: serverguide/C/package-management.xml:301(programlisting)
11552
#, no-wrap
11553
msgid ""
11554
"\n"
11555
"Unattended-Upgrade::Allowed-Origins {\n"
11556
" \"Ubuntu maverick-security\";\n"
11557
"// \"Ubuntu maverick-updates\";\n"
11558
"};\n"
11559
msgstr ""
11560
11561
#: serverguide/C/package-management.xml:308(para)
11562
msgid ""
11563
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11564
"will not be automatically updated. To blacklist a package, add it to the "
11565
"list:"
11566
msgstr ""
11567
11568
#: serverguide/C/package-management.xml:313(programlisting)
11569
#, no-wrap
11570
msgid ""
11571
"\n"
11572
"Unattended-Upgrade::Package-Blacklist {\n"
11573
"// \"vim\";\n"
11574
"// \"libc6\";\n"
11575
"// \"libc6-dev\";\n"
11576
"// \"libc6-i686\";\n"
11577
"};\n"
11578
msgstr ""
11579
11580
#: serverguide/C/package-management.xml:323(para)
11581
msgid ""
11582
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11583
"whatever follows \"//\" will not be evaluated."
11584
msgstr ""
11585
11586
#: serverguide/C/package-management.xml:328(para)
11587
msgid ""
11588
"To enable automatic updates, edit "
11589
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11590
"<application>apt</application> configuration options:"
11591
msgstr ""
11592
11593
#: serverguide/C/package-management.xml:332(programlisting)
11594
#, no-wrap
11595
msgid ""
11596
"\n"
11597
"APT::Periodic::Update-Package-Lists \"1\";\n"
11598
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
11599
"APT::Periodic::AutocleanInterval \"7\";\n"
11600
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11601
msgstr ""
11602
11603
#: serverguide/C/package-management.xml:339(para)
11604
msgid ""
11605
"The above configuration updates the package list, downloads, and installs "
11606
"available upgrades every day. The local download archive is cleaned every "
11607
"week."
11608
msgstr ""
11609
11610
#: serverguide/C/package-management.xml:345(para)
11611
msgid ""
11612
"You can read more about <application>apt</application> Periodic "
11613
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11614
"header."
11615
msgstr ""
11616
11617
#: serverguide/C/package-management.xml:350(para)
11618
msgid ""
11619
"The results of <application>unattended-upgrades</application> will be logged "
11620
"to <filename>/var/log/unattended-upgrades</filename>."
11621
msgstr ""
11622
11623
#: serverguide/C/package-management.xml:355(title)
11624
msgid "Notifications"
11625
msgstr ""
11626
11627
#: serverguide/C/package-management.xml:357(para)
11628
msgid ""
11629
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11630
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11631
"<application>unattended-upgrades</application> to email an administrator "
11632
"detailing any packages that need upgrading or have problems."
11633
msgstr ""
11634
11635
#: serverguide/C/package-management.xml:362(para)
11636
msgid ""
11637
"Another useful package is <application>apticron</application>. "
11638
"<application>apticron</application> will configure a "
11639
"<application>cron</application> job to email an administrator information "
11640
"about any packages on the system that have updates available, as well as a "
11641
"summary of changes in each package."
11642
msgstr ""
11643
11644
#: serverguide/C/package-management.xml:368(para)
11645
msgid ""
11646
"To install the <application>apticron</application> package, in a terminal "
11647
"enter:"
11648
msgstr ""
11649
11650
#: serverguide/C/package-management.xml:373(command)
11651
msgid "sudo apt-get install apticron"
11652
msgstr ""
11653
11654
#: serverguide/C/package-management.xml:376(para)
11655
msgid ""
11656
"Once the package is installed edit "
11657
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11658
"and other options:"
11659
msgstr ""
11660
11661
#: serverguide/C/package-management.xml:380(programlisting)
11662
#, no-wrap
11663
msgid ""
11664
"\n"
11665
"EMAIL=\"root@example.com\"\n"
11666
msgstr ""
11667
11668
#: serverguide/C/package-management.xml:389(para)
11669
msgid ""
11670
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11671
"system repositories is stored in the /etc/apt/sources.list configuration "
11672
"file. An example of this file is referenced here, along with information on "
11673
"adding or removing repository references from the file."
11674
msgstr ""
11675
11676
#: serverguide/C/package-management.xml:395(para)
11677
msgid ""
11678
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11679
"typical <filename>/etc/apt/sources.list</filename> file."
11680
msgstr ""
11681
11682
#: serverguide/C/package-management.xml:399(para)
11683
msgid ""
11684
"You may edit the file to enable repositories or disable them. For example, "
11685
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11686
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11687
"which appears at the top of the file:"
11688
msgstr ""
11689
11690
#: serverguide/C/package-management.xml:404(screen)
11691
#, no-wrap
11692
msgid ""
11693
"\n"
11694
"# no more prompting for CD-ROM please\n"
11695
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
11696
"main restricted\n"
11697
msgstr ""
11698
11699
#: serverguide/C/package-management.xml:410(title)
11700
msgid "Extra Repositories"
11701
msgstr ""
11702
11703
#: serverguide/C/package-management.xml:411(para)
11704
msgid ""
11705
"In addition to the officially supported package repositories available for "
11706
"Ubuntu, there exist additional community-maintained repositories which add "
11707
"thousands more potential packages for installation. Two of the most popular "
11708
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11709
"repositories. These repositories are not officially supported by Ubuntu, but "
11710
"because they are maintained by the community they generally provide packages "
11711
"which are safe for use with your Ubuntu computer."
11712
msgstr ""
11713
11714
#: serverguide/C/package-management.xml:414(para)
11715
msgid ""
11716
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11717
"licensing issues that prevent them from being distributed with a free "
11718
"operating system, and they may be illegal in your locality."
11719
msgstr ""
11720
11721
#: serverguide/C/package-management.xml:416(para)
11722
msgid ""
11723
"Be advised that neither the <emphasis>Universe</emphasis> or "
11724
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11725
"packages. In particular, there may not be security updates for these "
11726
"packages."
11727
msgstr ""
11728
11729
#: serverguide/C/package-management.xml:420(para)
11730
msgid ""
11731
"Many other package sources are available, sometimes even offering only one "
11732
"package, as in the case of package sources provided by the developer of a "
11733
"single application. You should always be very careful and cautious when "
11734
"using non-standard package sources, however. Research the source and "
11735
"packages carefully before performing any installation, as some package "
11736
"sources and their packages could render your system unstable or non-"
11737
"functional in some respects."
11738
msgstr ""
11739
11740
#: serverguide/C/package-management.xml:423(para)
11741
msgid ""
11742
"By default, the <emphasis>Universe</emphasis> and "
11743
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11744
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11745
"comment the following lines:"
11746
msgstr ""
11747
11748
#: serverguide/C/package-management.xml:430(programlisting)
11749
#, no-wrap
11750
msgid ""
11751
"\n"
11752
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11753
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11754
"\n"
11755
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11756
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11757
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11758
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11759
"\n"
11760
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11761
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11762
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11763
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11764
"\n"
11765
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
11766
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
11767
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11768
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11769
msgstr ""
11770
11771
#: serverguide/C/package-management.xml:456(para)
11772
msgid ""
11773
"Most of the material covered in this chapter is available in "
11774
"<application>man</application> pages, many of which are available online."
11775
msgstr ""
11776
11777
#: serverguide/C/package-management.xml:463(para)
11778
msgid ""
11779
"The <ulink "
11780
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11781
"re</ulink> Ubuntu wiki page has more information."
11782
msgstr ""
11783
11784
#: serverguide/C/package-management.xml:468(para)
11785
msgid ""
11786
"For more <application>dpkg</application> details see the <ulink "
11787
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
11788
" man page</ulink>."
11789
msgstr ""
11790
11791
#: serverguide/C/package-management.xml:474(para)
11792
msgid ""
11793
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11794
"HOWTO</ulink> and <ulink "
11795
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
11796
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
11797
"<application>apt-get</application> usage."
11798
msgstr ""
11799
11800
#: serverguide/C/package-management.xml:481(para)
11801
msgid ""
11802
"See the <ulink "
11803
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
11804
"itude man page</ulink> for more <application>aptitude</application> options."
11805
msgstr ""
11806
11807
#: serverguide/C/package-management.xml:487(para)
11808
msgid ""
11809
"The <ulink "
11810
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11811
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11812
"adding repositories."
11813
msgstr ""
11814
11815
#: serverguide/C/other-apps.xml:13(title)
11816
msgid "Other Useful Applications"
11817
msgstr ""
11818
11819
#: serverguide/C/other-apps.xml:15(para)
11820
msgid ""
11821
"There are many very useful applications developed by the Ubuntu Server Team, "
11822
"and others that are well integrated with Ubuntu Server Edition, that might "
11823
"not be well known. This chapter will showcase some useful applications that "
11824
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11825
"easier."
11826
msgstr ""
11827
11828
#: serverguide/C/other-apps.xml:23(title)
11829
msgid "pam_motd"
11830
msgstr ""
11831
11832
#: serverguide/C/other-apps.xml:25(para)
11833
msgid ""
11834
"When logging into an Ubuntu server you may have noticed the informative "
11835
"Message Of The Day (MOTD). This information is obtained and displayed using "
11836
"a couple of packages:"
11837
msgstr ""
11838
11839
#: serverguide/C/other-apps.xml:32(para)
11840
msgid ""
11841
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11842
"<application>landscape-client</application>, which can be used to manage "
11843
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11844
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11845
"utility which is used to gather the information displayed in the MOTD."
11846
msgstr ""
11847
11848
#: serverguide/C/other-apps.xml:40(para)
11849
msgid ""
11850
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11851
"the MOTD via <application>pam_motd</application> module."
11852
msgstr ""
11853
11854
#: serverguide/C/other-apps.xml:46(para)
11855
msgid ""
11856
"<application>pam_motd</application> executes the scripts in "
11857
"<filename>/etc/update-motd.d</filename> in order based on the number "
11858
"prepended to the script. The output of the scripts is written to "
11859
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11860
"concatenated with <filename>/etc/motd.tail</filename>."
11861
msgstr ""
11862
11863
#: serverguide/C/other-apps.xml:52(para)
11864
msgid ""
11865
"You can add your own dynamic information to the MOTD. For example, to add "
11866
"local weather information:"
11867
msgstr ""
11868
11869
#: serverguide/C/other-apps.xml:58(para)
11870
msgid "First, install the <application>weather-util</application> package:"
11871
msgstr ""
11872
11873
#: serverguide/C/other-apps.xml:63(command)
11874
msgid "sudo apt-get install weather-util"
11875
msgstr ""
11876
11877
#: serverguide/C/other-apps.xml:68(para)
11878
msgid ""
11879
"The <application>weather</application> utility uses METAR data from the "
11880
"National Oceanic and Atmospheric Administration and forecasts from the "
11881
"National Weather Service. In order to find local information you will need "
11882
"the 4-character ICAO location indicator. This can be determined by browsing "
11883
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11884
"Weather Service</ulink> site."
11885
msgstr ""
11886
11887
#: serverguide/C/other-apps.xml:75(para)
11888
msgid ""
11889
"Although the National Weather Service is a United States government agency "
11890
"there are weather stations available world wide. However, local weather "
11891
"information for all locations outside the U.S. may not be available."
11892
msgstr ""
11893
11894
#: serverguide/C/other-apps.xml:81(para)
11895
msgid ""
11896
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11897
"script to use <application>weather</application> with your local ICAO "
11898
"indicator:"
11899
msgstr ""
11900
11901
#: serverguide/C/other-apps.xml:86(programlisting)
11902
#, no-wrap
11903
msgid ""
11904
"\n"
11905
"#!/bin/sh\n"
11906
"#\n"
11907
"#\n"
11908
"# Prints the local weather information for the MOTD.\n"
11909
"#\n"
11910
"#\n"
11911
"\n"
11912
"# Replace KINT with your local weather station.\n"
11913
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11914
"\n"
11915
"echo\n"
11916
"weather -i KINT\n"
11917
"echo\n"
11918
"\n"
11919
msgstr ""
11920
11921
#: serverguide/C/other-apps.xml:104(para)
11922
msgid "Make the script executable:"
11923
msgstr ""
11924
11925
#: serverguide/C/other-apps.xml:109(command)
11926
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11927
msgstr ""
11928
11929
#: serverguide/C/other-apps.xml:113(para)
11930
msgid ""
11931
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11932
"weather</filename>:"
11933
msgstr ""
11934
11935
#: serverguide/C/other-apps.xml:118(command)
11936
msgid ""
11937
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11938
msgstr ""
11939
11940
#: serverguide/C/other-apps.xml:122(para)
11941
msgid "Finally, exit the server and re-login to view the new MOTD."
11942
msgstr ""
11943
11944
#: serverguide/C/other-apps.xml:128(para)
11945
msgid ""
11946
"You should now be greeted with some useful information, and some information "
11947
"about the local weather that may not be quite so useful. Hopefully the "
11948
"<application>local-weather</application> example demonstrates the "
11949
"flexibility of <application>pam_motd</application>."
11950
msgstr ""
11951
11952
#: serverguide/C/other-apps.xml:136(title)
11953
msgid "etckeeper"
11954
msgstr ""
11955
11956
#: serverguide/C/other-apps.xml:138(para)
11957
msgid ""
11958
"<application>etckeeper</application> allows the contents of <filename "
11959
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11960
"System (VCS) repository. It hooks into <application>apt</application> to "
11961
"automatically commit changes to <filename>/etc</filename> when packages are "
11962
"installed or upgraded. Placing <filename>/etc</filename> under version "
11963
"control is considered an industry best practice, and the goal of "
11964
"<application>etckeeper</application> is to make this process as painless as "
11965
"possible."
11966
msgstr ""
11967
11968
#: serverguide/C/other-apps.xml:146(para)
11969
msgid ""
11970
"Install <application>etckeeper</application> by entering the following in a "
11971
"terminal:"
11972
msgstr ""
11973
11974
#: serverguide/C/other-apps.xml:151(command)
11975
msgid "sudo apt-get install etckeeper"
11976
msgstr ""
11977
11978
#: serverguide/C/other-apps.xml:154(para)
11979
msgid ""
11980
"The main configuration file, "
11981
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11982
"main option is which VCS to use. By default "
11983
"<application>etckeeper</application> is configured to use "
11984
"<application>bzr</application> for version control. The repository is "
11985
"automatically initialized (and committed for the first time) during package "
11986
"installation. It is possible to undo this by entering the following command:"
11987
msgstr ""
11988
11989
#: serverguide/C/other-apps.xml:164(command)
11990
msgid "sudo etckeeper uninit"
11991
msgstr ""
11992
11993
#: serverguide/C/other-apps.xml:167(para)
11994
msgid ""
11995
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11996
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11997
"It will also automatically commit changes before and after package "
11998
"installation. For a more precise tracking of changes, it is recommended to "
11999
"commit your changes manually, together with a commit message, using:"
12000
msgstr ""
12001
12002
#: serverguide/C/other-apps.xml:176(command)
12003
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
12004
msgstr ""
12005
12006
#: serverguide/C/other-apps.xml:179(para)
12007
msgid ""
12008
"Using the VCS commands you can view log information about files in "
12009
"<filename>/etc</filename>:"
12010
msgstr ""
12011
12012
#: serverguide/C/other-apps.xml:184(command)
12013
msgid "sudo bzr log /etc/passwd"
12014
msgstr ""
12015
12016
#: serverguide/C/other-apps.xml:187(para)
12017
msgid ""
12018
"To demonstrate the integration with the package management system, install "
12019
"<application>postfix</application>:"
12020
msgstr ""
12021
12022
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
12023
msgid "sudo apt-get install postfix"
12024
msgstr ""
12025
12026
#: serverguide/C/other-apps.xml:195(para)
12027
msgid ""
12028
"When the installation is finished, all the "
12029
"<application>postfix</application> configuration files should be committed "
12030
"to the repository:"
12031
msgstr ""
12032
12033
#: serverguide/C/other-apps.xml:201(computeroutput)
12034
#, no-wrap
12035
msgid ""
12036
"Committing to: /etc/\n"
12037
"added aliases.db\n"
12038
"modified group\n"
12039
"modified group-\n"
12040
"modified gshadow\n"
12041
"modified gshadow-\n"
12042
"modified passwd\n"
12043
"modified passwd-\n"
12044
"added postfix\n"
12045
"added resolvconf\n"
12046
"added rsyslog.d\n"
12047
"modified shadow\n"
12048
"modified shadow-\n"
12049
"added init.d/postfix\n"
12050
"added network/if-down.d/postfix\n"
12051
"added network/if-up.d/postfix\n"
12052
"added postfix/dynamicmaps.cf\n"
12053
"added postfix/main.cf\n"
12054
"added postfix/master.cf\n"
12055
"added postfix/post-install\n"
12056
"added postfix/postfix-files\n"
12057
"added postfix/postfix-script\n"
12058
"added postfix/sasl\n"
12059
"added ppp/ip-down.d\n"
12060
"added ppp/ip-down.d/postfix\n"
12061
"added ppp/ip-up.d/postfix\n"
12062
"added rc0.d/K20postfix\n"
12063
"added rc1.d/K20postfix\n"
12064
"added rc2.d/S20postfix\n"
12065
"added rc3.d/S20postfix\n"
12066
"added rc4.d/S20postfix\n"
12067
"added rc5.d/S20postfix\n"
12068
"added rc6.d/K20postfix\n"
12069
"added resolvconf/update-libc.d\n"
12070
"added resolvconf/update-libc.d/postfix\n"
12071
"added rsyslog.d/postfix.conf\n"
12072
"added ufw/applications.d/postfix\n"
12073
"Committed revision 2."
12074
msgstr ""
12075
12076
#: serverguide/C/other-apps.xml:241(para)
12077
msgid ""
12078
"For an example of how <application>etckeeper</application> tracks manual "
12079
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12080
"<application>bzr</application> you can see which files have been modified:"
12081
msgstr ""
12082
12083
#: serverguide/C/other-apps.xml:247(command)
12084
msgid "sudo bzr status /etc/"
12085
msgstr ""
12086
12087
#: serverguide/C/other-apps.xml:248(computeroutput)
12088
#, no-wrap
12089
msgid ""
12090
"modified:\n"
12091
" hosts"
12092
msgstr ""
12093
12094
#: serverguide/C/other-apps.xml:252(para)
12095
msgid "Now commit the changes:"
12096
msgstr ""
12097
12098
#: serverguide/C/other-apps.xml:257(command)
12099
msgid "sudo etckeeper commit \"new host\""
12100
msgstr ""
12101
12102
#: serverguide/C/other-apps.xml:260(para)
12103
msgid ""
12104
"For more information on <application>bzr</application> see <xref "
12105
"linkend=\"bazaar\"/>."
12106
msgstr ""
12107
12108
#: serverguide/C/other-apps.xml:266(title)
12109
msgid "Byobu"
12110
msgstr ""
12111
12112
#: serverguide/C/other-apps.xml:268(para)
12113
msgid ""
12114
"One of the most useful applications for any system administrator is "
12115
"<application>screen</application>. It allows the execution of multiple "
12116
"shells in one terminal. To make some of the advanced "
12117
"<application>screen</application> features more user friendly, and provide "
12118
"some useful information about the system, the "
12119
"<application>byobu</application> package was created."
12120
msgstr ""
12121
12122
#: serverguide/C/other-apps.xml:275(para)
12123
msgid ""
12124
"When executing <application>byobu</application> pressing the "
12125
"<emphasis>F9</emphasis> key will bring up the "
12126
"<application>Configuration</application> menu. This menu will allow you to:"
12127
msgstr ""
12128
12129
#: serverguide/C/other-apps.xml:281(para)
12130
msgid "View the Help menu"
12131
msgstr ""
12132
12133
#: serverguide/C/other-apps.xml:282(para)
12134
msgid "Change Byobu's background color"
12135
msgstr ""
12136
12137
#: serverguide/C/other-apps.xml:283(para)
12138
msgid "Change Byobu's foreground color"
12139
msgstr ""
12140
12141
#: serverguide/C/other-apps.xml:284(para)
12142
msgid "Toggle status notifications"
12143
msgstr ""
12144
12145
#: serverguide/C/other-apps.xml:285(para)
12146
msgid "Change the key binding set"
12147
msgstr ""
12148
12149
#: serverguide/C/other-apps.xml:286(para)
12150
msgid "Change the escape sequence"
12151
msgstr ""
12152
12153
#: serverguide/C/other-apps.xml:287(para)
12154
msgid "Create new windows"
12155
msgstr ""
12156
12157
#: serverguide/C/other-apps.xml:288(para)
12158
msgid "Manage the default windows"
12159
msgstr ""
12160
12161
#: serverguide/C/other-apps.xml:289(para)
12162
msgid "Byobu currently does not launch at login (toggle on)"
12163
msgstr ""
12164
12165
#: serverguide/C/other-apps.xml:292(para)
12166
msgid ""
12167
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12168
"sequence, new window, change window, etc. There are two key binding sets to "
12169
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
12170
"keys</emphasis>. If you wish to use the original key bindings choose the "
12171
"<emphasis>none</emphasis> set."
12172
msgstr ""
12173
12174
#: serverguide/C/other-apps.xml:298(para)
12175
msgid ""
12176
"<application>byobu</application> provides a menu which displays the Ubuntu "
12177
"release, processor information, memory information, and the time and date. "
12178
"The effect is similar to a desktop menu."
12179
msgstr ""
12180
12181
#: serverguide/C/other-apps.xml:303(para)
12182
msgid ""
12183
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12184
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12185
"executed any time a terminal is opened. Changes made to "
12186
"<application>byobu</application> are on a per user basis, and will not "
12187
"affect other users on the system."
12188
msgstr ""
12189
12190
#: serverguide/C/other-apps.xml:309(para)
12191
msgid ""
12192
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12193
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12194
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
12195
"commands. Here is a quick list of movement commands:"
12196
msgstr ""
12197
12198
#: serverguide/C/other-apps.xml:316(para)
12199
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12200
msgstr ""
12201
12202
#: serverguide/C/other-apps.xml:317(para)
12203
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12204
msgstr ""
12205
12206
#: serverguide/C/other-apps.xml:318(para)
12207
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12208
msgstr ""
12209
12210
#: serverguide/C/other-apps.xml:319(para)
12211
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12212
msgstr ""
12213
12214
#: serverguide/C/other-apps.xml:320(para)
12215
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12216
msgstr ""
12217
12218
#: serverguide/C/other-apps.xml:321(para)
12219
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12220
msgstr ""
12221
12222
#: serverguide/C/other-apps.xml:322(para)
12223
msgid ""
12224
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12225
"the buffer)"
12226
msgstr ""
12227
12228
#: serverguide/C/other-apps.xml:323(para)
12229
msgid "<emphasis>/</emphasis> - Search forward"
12230
msgstr ""
12231
12232
#: serverguide/C/other-apps.xml:324(para)
12233
msgid "<emphasis>?</emphasis> - Search backward"
12234
msgstr ""
12235
12236
#: serverguide/C/other-apps.xml:325(para)
12237
msgid ""
12238
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
12239
msgstr ""
12240
12241
#: serverguide/C/other-apps.xml:334(para)
12242
msgid ""
12243
"See the <ulink "
12244
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
12245
"motd.1.html\">update-motd man page</ulink> for more options available to "
12246
"<application>update-motd</application>."
12247
msgstr ""
12248
12249
#: serverguide/C/other-apps.xml:340(para)
12250
msgid ""
12251
"The Debian Package of the Day <ulink "
12252
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12253
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12254
"details about using the <application>weather</application>utility."
12255
msgstr ""
12256
12257
#: serverguide/C/other-apps.xml:347(para)
12258
msgid ""
12259
"See the <ulink "
12260
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12261
"more details on using <application>etckeeper</application>."
12262
msgstr ""
12263
12264
#: serverguide/C/other-apps.xml:353(para)
12265
msgid ""
12266
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12267
"Ubuntu Wiki</ulink> page."
12268
msgstr ""
12269
12270
#: serverguide/C/other-apps.xml:358(para)
12271
msgid ""
12272
"For the latest news and information about <application>bzr</application> see "
12273
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12274
msgstr ""
12275
12276
#: serverguide/C/other-apps.xml:363(para)
12277
msgid ""
12278
"For more information on <application>screen</application> see the <ulink "
12279
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12280
msgstr ""
12281
12282
#: serverguide/C/other-apps.xml:368(para)
12283
msgid ""
12284
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12285
"screen</ulink> page."
12286
msgstr ""
12287
12288
#: serverguide/C/other-apps.xml:373(para)
12289
msgid ""
12290
"Also, see the <application>byobu</application><ulink "
12291
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12292
"information."
12293
msgstr ""
12294
12295
#: serverguide/C/network-config.xml:14(para)
12296
msgid ""
12297
"Networks consist of two or more devices, such as computer systems, printers, "
12298
"and related equipment which are connected by either physical cabling or "
12299
"wireless links for the purpose of sharing and distributing information among "
12300
"the connected devices."
12301
msgstr ""
12302
12303
#: serverguide/C/network-config.xml:20(para)
12304
msgid ""
12305
"This section provides general and specific information pertaining to "
12306
"networking, including an overview of network concepts and detailed "
12307
"discussion of popular network protocols."
12308
msgstr ""
12309
12310
#: serverguide/C/network-config.xml:27(title)
12311
msgid "Network Configuration"
12312
msgstr ""
12313
12314
#: serverguide/C/network-config.xml:28(para)
12315
msgid ""
12316
"Ubuntu ships with a number of graphical utilities to configure your network "
12317
"devices. This document is geared toward server administrators and will focus "
12318
"on managing your network on the command line."
12319
msgstr ""
12320
12321
#: serverguide/C/network-config.xml:35(title)
12322
msgid "Ethernet Interfaces"
12323
msgstr ""
12324
12325
#: serverguide/C/network-config.xml:36(para)
12326
msgid ""
12327
"Ethernet interfaces are identified by the system using the naming convention "
12328
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
12329
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
12330
"interface is typically identified as <emphasis "
12331
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
12332
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
12333
"order."
12334
msgstr ""
12335
12336
#: serverguide/C/network-config.xml:46(title)
12337
msgid "Identify Ethernet Interfaces"
12338
msgstr ""
12339
12340
#: serverguide/C/network-config.xml:47(para)
12341
msgid ""
12342
"To quickly identify all available Ethernet interfaces, you can use the "
12343
"<application>ifconfig</application> command as shown below."
12344
msgstr ""
12345
12346
#: serverguide/C/network-config.xml:52(userinput)
12347
#, no-wrap
12348
msgid "ifconfig -a | grep eth"
12349
msgstr ""
12350
12351
#: serverguide/C/network-config.xml:51(screen)
12352
#, no-wrap
12353
msgid ""
12354
"\n"
12355
"<placeholder-1/>\n"
12356
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
12357
msgstr ""
12358
12359
#: serverguide/C/network-config.xml:55(para)
12360
msgid ""
12361
"Another application that can help identify all network interfaces available "
12362
"to your system is the <application>lshw</application> command. In the "
12363
"example below, <application>lshw</application> shows a single Ethernet "
12364
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
12365
"along with bus information, driver details and all supported capabilities."
12366
msgstr ""
12367
12368
#: serverguide/C/network-config.xml:62(userinput)
12369
#, no-wrap
12370
msgid "sudo lshw -class network"
12371
msgstr ""
12372
12373
#: serverguide/C/network-config.xml:61(screen)
12374
#, no-wrap
12375
msgid ""
12376
"\n"
12377
"<placeholder-1/>\n"
12378
" *-network\n"
12379
" description: Ethernet interface\n"
12380
" product: BCM4401-B0 100Base-TX\n"
12381
" vendor: Broadcom Corporation\n"
12382
" physical id: 0\n"
12383
" bus info: pci@0000:03:00.0\n"
12384
" logical name: eth0\n"
12385
" version: 02\n"
12386
" serial: 00:15:c5:4a:16:5a\n"
12387
" size: 10MB/s\n"
12388
" capacity: 100MB/s\n"
12389
" width: 32 bits\n"
12390
" clock: 33MHz\n"
12391
" capabilities: (snipped for brevity)\n"
12392
" configuration: (snipped for brevity)\n"
12393
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12394
msgstr ""
12395
12396
#: serverguide/C/network-config.xml:83(title)
12397
msgid "Ethernet Interface Logical Names"
12398
msgstr ""
12399
12400
#: serverguide/C/network-config.xml:84(para)
12401
msgid ""
12402
"Interface logical names are configured in the file "
12403
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12404
"like control which interface receives a particular logical name, find the "
12405
"line matching the interfaces physical MAC address and modify the value of "
12406
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12407
"Reboot the system to commit your changes."
12408
msgstr ""
12409
12410
#: serverguide/C/network-config.xml:92(programlisting)
12411
#, no-wrap
12412
msgid ""
12413
"\n"
12414
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12415
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12416
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12417
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12418
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12419
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12420
msgstr ""
12421
12422
#: serverguide/C/network-config.xml:99(title)
12423
msgid "Ethernet Interface Settings"
12424
msgstr ""
12425
12426
#: serverguide/C/network-config.xml:100(para)
12427
msgid ""
12428
"<application>ethtool</application> is a program that displays and changes "
12429
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12430
"and Wake-on-LAN. It is not installed by default, but is available for "
12431
"installation in the repositories."
12432
msgstr ""
12433
12434
#: serverguide/C/network-config.xml:106(userinput)
12435
#, no-wrap
12436
msgid "sudo apt-get install ethtool"
12437
msgstr ""
12438
12439
#: serverguide/C/network-config.xml:108(para)
12440
msgid ""
12441
"The following is an example of how to view supported features and configured "
12442
"settings of an Ethernet interface."
12443
msgstr ""
12444
12445
#: serverguide/C/network-config.xml:113(userinput)
12446
#, no-wrap
12447
msgid "sudo ethtool eth0"
12448
msgstr ""
12449
12450
#: serverguide/C/network-config.xml:112(screen)
12451
#, no-wrap
12452
msgid ""
12453
"\n"
12454
"<placeholder-1/>\n"
12455
"Settings for eth0:\n"
12456
" Supported ports: [ TP ]\n"
12457
" Supported link modes: 10baseT/Half 10baseT/Full \n"
12458
" 100baseT/Half 100baseT/Full \n"
12459
" 1000baseT/Half 1000baseT/Full \n"
12460
" Supports auto-negotiation: Yes\n"
12461
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
12462
" 100baseT/Half 100baseT/Full \n"
12463
" 1000baseT/Half 1000baseT/Full \n"
12464
" Advertised auto-negotiation: Yes\n"
12465
" Speed: 1000Mb/s\n"
12466
" Duplex: Full\n"
12467
" Port: Twisted Pair\n"
12468
" PHYAD: 1\n"
12469
" Transceiver: internal\n"
12470
" Auto-negotiation: on\n"
12471
" Supports Wake-on: g\n"
12472
" Wake-on: d\n"
12473
" Current message level: 0x000000ff (255)\n"
12474
" Link detected: yes\n"
12475
msgstr ""
12476
12477
#: serverguide/C/network-config.xml:135(para)
12478
msgid ""
12479
"Changes made with the <application>ethtool</application> command are "
12480
"temporary and will be lost after a reboot. If you would like to retain "
12481
"settings, simply add the desired <application>ethtool</application> command "
12482
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
12483
"configuration file <filename>/etc/network/interfaces</filename>."
12484
msgstr ""
12485
12486
#: serverguide/C/network-config.xml:141(para)
12487
msgid ""
12488
"The following is an example of how the interface identified as <emphasis "
12489
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
12490
"speed of 1000Mb/s running in full duplex mode."
12491
msgstr ""
12492
12493
#: serverguide/C/network-config.xml:145(programlisting)
12494
#, no-wrap
12495
msgid ""
12496
"\n"
12497
"auto eth0\n"
12498
"iface eth0 inet static\n"
12499
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
12500
msgstr ""
12501
12502
#: serverguide/C/network-config.xml:151(para)
12503
msgid ""
12504
"Although the example above shows the interface configured to use the "
12505
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
12506
"other methods as well, such as DHCP. The example is meant to demonstrate "
12507
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
12508
"statement in relation to the rest of the interface configuration."
12509
msgstr ""
12510
12511
#: serverguide/C/network-config.xml:163(title)
12512
msgid "IP Addressing"
12513
msgstr ""
12514
12515
#: serverguide/C/network-config.xml:164(para)
12516
msgid ""
12517
"The following section describes the process of configuring your systems IP "
12518
"address and default gateway needed for communicating on a local area network "
12519
"and the Internet."
12520
msgstr ""
12521
12522
#: serverguide/C/network-config.xml:171(title)
12523
msgid "Temporary IP Address Assignment"
12524
msgstr ""
12525
12526
#: serverguide/C/network-config.xml:172(para)
12527
msgid ""
12528
"For temporary network configurations, you can use standard commands such as "
12529
"<application>ip</application>, <application>ifconfig</application> and "
12530
"<application>route</application>, which are also found on most other "
12531
"GNU/Linux operating systems. These commands allow you to configure settings "
12532
"which take effect immediately, however they are not persistent and will be "
12533
"lost after a reboot."
12534
msgstr ""
12535
12536
#: serverguide/C/network-config.xml:180(para)
12537
msgid ""
12538
"To temporarily configure an IP address, you can use the "
12539
"<application>ifconfig</application> command in the following manner. Just "
12540
"modify the IP address and subnet mask to match your network requirements."
12541
msgstr ""
12542
12543
#: serverguide/C/network-config.xml:186(userinput)
12544
#, no-wrap
12545
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
12546
msgstr ""
12547
12548
#: serverguide/C/network-config.xml:188(para)
12549
msgid ""
12550
"To verify the IP address configuration of <application>eth0</application>, "
12551
"you can use the <application>ifconfig</application> command in the following "
12552
"manner."
12553
msgstr ""
12554
12555
#: serverguide/C/network-config.xml:193(userinput)
12556
#, no-wrap
12557
msgid "ifconfig eth0"
12558
msgstr ""
12559
12560
#: serverguide/C/network-config.xml:192(screen)
12561
#, no-wrap
12562
msgid ""
12563
"\n"
12564
"<placeholder-1/>\n"
12565
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
12566
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
12567
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
12568
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
12569
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
12570
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
12571
" collisions:0 txqueuelen:1000 \n"
12572
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
12573
" Interrupt:16 \n"
12574
msgstr ""
12575
12576
#: serverguide/C/network-config.xml:204(para)
12577
msgid ""
12578
"To configure a default gateway, you can use the "
12579
"<application>route</application> command in the following manner. Modify the "
12580
"default gateway address to match your network requirements."
12581
msgstr ""
12582
12583
#: serverguide/C/network-config.xml:210(userinput)
12584
#, no-wrap
12585
msgid "sudo route add default gw 10.0.0.1 eth0"
12586
msgstr ""
12587
12588
#: serverguide/C/network-config.xml:212(para)
12589
msgid ""
12590
"To verify your default gateway configuration, you can use the "
12591
"<application>route</application> command in the following manner."
12592
msgstr ""
12593
12594
#: serverguide/C/network-config.xml:217(userinput)
12595
#, no-wrap
12596
msgid "route -n"
12597
msgstr ""
12598
12599
#: serverguide/C/network-config.xml:216(screen)
12600
#, no-wrap
12601
msgid ""
12602
"\n"
12603
"<placeholder-1/>\n"
12604
"Kernel IP routing table\n"
12605
"Destination Gateway Genmask Flags Metric Ref Use "
12606
"Iface\n"
12607
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12608
"eth0\n"
12609
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12610
"eth0\n"
12611
msgstr ""
12612
12613
#: serverguide/C/network-config.xml:223(para)
12614
msgid ""
12615
"If you require DNS for your temporary network configuration, you can add DNS "
12616
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12617
"example below shows how to enter two DNS servers to "
12618
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12619
"appropriate for your network. A more lengthy description of DNS client "
12620
"configuration is in a following section."
12621
msgstr ""
12622
12623
#: serverguide/C/network-config.xml:230(programlisting)
12624
#, no-wrap
12625
msgid ""
12626
"\n"
12627
"nameserver 8.8.8.8\n"
12628
"nameserver 8.8.4.4\n"
12629
msgstr ""
12630
12631
#: serverguide/C/network-config.xml:234(para)
12632
msgid ""
12633
"If you no longer need this configuration and wish to purge all IP "
12634
"configuration from an interface, you can use the "
12635
"<application>ip</application> command with the flush option as shown below."
12636
msgstr ""
12637
12638
#: serverguide/C/network-config.xml:240(userinput)
12639
#, no-wrap
12640
msgid "ip addr flush eth0"
12641
msgstr ""
12642
12643
#: serverguide/C/network-config.xml:243(para)
12644
msgid ""
12645
"Flushing the IP configuration using the <application>ip</application> "
12646
"command does not clear the contents of "
12647
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12648
"entries manually."
12649
msgstr ""
12650
12651
#: serverguide/C/network-config.xml:251(title)
12652
msgid "Dynamic IP Address Assignment (DHCP Client)"
12653
msgstr ""
12654
12655
#: serverguide/C/network-config.xml:252(para)
12656
msgid ""
12657
"To configure your server to use DHCP for dynamic address assignment, add the "
12658
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12659
"statement for the appropriate interface in the file "
12660
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12661
"are configuring your first Ethernet interface identified as <emphasis "
12662
"role=\"italic\">eth0</emphasis>."
12663
msgstr ""
12664
12665
#: serverguide/C/network-config.xml:259(programlisting)
12666
#, no-wrap
12667
msgid ""
12668
"\n"
12669
"auto eth0\n"
12670
"iface eth0 inet dhcp\n"
12671
msgstr ""
12672
12673
#: serverguide/C/network-config.xml:263(para)
12674
msgid ""
12675
"By adding an interface configuration as shown above, you can manually enable "
12676
"the interface through the <application>ifup</application> command which "
12677
"initiates the DHCP process via <application>dhclient</application>."
12678
msgstr ""
12679
12680
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12681
#, no-wrap
12682
msgid "sudo ifup eth0"
12683
msgstr ""
12684
12685
#: serverguide/C/network-config.xml:271(para)
12686
msgid ""
12687
"To manually disable the interface, you can use the "
12688
"<application>ifdown</application> command, which in turn will initiate the "
12689
"DHCP release process and shut down the interface."
12690
msgstr ""
12691
12692
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12693
#, no-wrap
12694
msgid "sudo ifdown eth0"
12695
msgstr ""
12696
12697
#: serverguide/C/network-config.xml:282(title)
12698
msgid "Static IP Address Assignment"
12699
msgstr ""
12700
12701
#: serverguide/C/network-config.xml:283(para)
12702
msgid ""
12703
"To configure your system to use a static IP address assignment, add the "
12704
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12705
"family statement for the appropriate interface in the file "
12706
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12707
"are configuring your first Ethernet interface identified as <emphasis "
12708
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12709
"role=\"italic\">address</emphasis>, <emphasis "
12710
"role=\"italic\">netmask</emphasis>, and <emphasis "
12711
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12712
"network."
12713
msgstr ""
12714
12715
#: serverguide/C/network-config.xml:292(programlisting)
12716
#, no-wrap
12717
msgid ""
12718
"\n"
12719
"auto eth0\n"
12720
"iface eth0 inet static\n"
12721
"address 10.0.0.100\n"
12722
"netmask 255.255.255.0\n"
12723
"gateway 10.0.0.1\n"
12724
msgstr ""
12725
12726
#: serverguide/C/network-config.xml:299(para)
12727
msgid ""
12728
"By adding an interface configuration as shown above, you can manually enable "
12729
"the interface through the <application>ifup</application> command."
12730
msgstr ""
12731
12732
#: serverguide/C/network-config.xml:306(para)
12733
msgid ""
12734
"To manually disable the interface, you can use the "
12735
"<application>ifdown</application> command."
12736
msgstr ""
12737
12738
#: serverguide/C/network-config.xml:316(title)
12739
msgid "Loopback Interface"
12740
msgstr ""
12741
12742
#: serverguide/C/network-config.xml:317(para)
12743
msgid ""
12744
"The loopback interface is identified by the system as <emphasis "
12745
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12746
"can be viewed using the ifconfig command."
12747
msgstr ""
12748
12749
#: serverguide/C/network-config.xml:322(userinput)
12750
#, no-wrap
12751
msgid "ifconfig lo"
12752
msgstr ""
12753
12754
#: serverguide/C/network-config.xml:321(screen)
12755
#, no-wrap
12756
msgid ""
12757
"\n"
12758
"<placeholder-1/>\n"
12759
"lo Link encap:Local Loopback \n"
12760
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12761
" inet6 addr: ::1/128 Scope:Host\n"
12762
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12763
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12764
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12765
" collisions:0 txqueuelen:0 \n"
12766
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12767
msgstr ""
12768
12769
#: serverguide/C/network-config.xml:332(para)
12770
msgid ""
12771
"By default, there should be two lines in "
12772
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12773
"configuring your loopback interface. It is recommended that you keep the "
12774
"default settings unless you have a specific purpose for changing them. An "
12775
"example of the two default lines are shown below."
12776
msgstr ""
12777
12778
#: serverguide/C/network-config.xml:338(programlisting)
12779
#, no-wrap
12780
msgid ""
12781
"\n"
12782
"auto lo\n"
12783
"iface lo inet loopback\n"
12784
msgstr ""
12785
12786
#: serverguide/C/network-config.xml:347(title)
12787
msgid "Name Resolution"
12788
msgstr ""
12789
12790
#: serverguide/C/network-config.xml:348(para)
12791
msgid ""
12792
"Name resolution as it relates to IP networking is the process of mapping IP "
12793
"addresses to hostnames, making it easier to identify resources on a network. "
12794
"The following section will explain how to properly configure your system for "
12795
"name resolution using DNS and static hostname records."
12796
msgstr ""
12797
12798
#: serverguide/C/network-config.xml:356(title)
12799
msgid "DNS Client Configuration"
12800
msgstr ""
12801
12802
#: serverguide/C/network-config.xml:357(para)
12803
msgid ""
12804
"To configure your system to use DNS for name resolution, add the IP "
12805
"addresses of the DNS servers that are appropriate for your network in the "
12806
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12807
"suffix search-lists to match your network domain names."
12808
msgstr ""
12809
12810
#: serverguide/C/network-config.xml:362(para)
12811
msgid ""
12812
"Below is an example of a typical configuration of "
12813
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12814
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12815
msgstr ""
12816
12817
#: serverguide/C/network-config.xml:367(programlisting)
12818
#, no-wrap
12819
msgid ""
12820
"\n"
12821
"search example.com\n"
12822
"nameserver 8.8.8.8\n"
12823
"nameserver 8.8.4.4\n"
12824
msgstr ""
12825
12826
#: serverguide/C/network-config.xml:372(para)
12827
msgid ""
12828
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12829
"multiple domain names so that DNS queries will be appended in the order in "
12830
"which they are entered. For example, your network may have multiple sub-"
12831
"domains to search; a parent domain of <emphasis "
12832
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12833
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12834
"role=\"italic\">dev.example.com</emphasis>."
12835
msgstr ""
12836
12837
#: serverguide/C/network-config.xml:380(para)
12838
msgid ""
12839
"If you have multiple domains you wish to search, your configuration might "
12840
"look like the following."
12841
msgstr ""
12842
12843
#: serverguide/C/network-config.xml:383(programlisting)
12844
#, no-wrap
12845
msgid ""
12846
"\n"
12847
"search example.com sales.example.com dev.example.com\n"
12848
"nameserver 8.8.8.8\n"
12849
"nameserver 8.8.4.4\n"
12850
msgstr ""
12851
12852
#: serverguide/C/network-config.xml:388(para)
12853
msgid ""
12854
"If you try to ping a host with the name of <emphasis "
12855
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12856
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12857
msgstr ""
12858
12859
#: serverguide/C/network-config.xml:394(para)
12860
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12861
msgstr ""
12862
12863
#: serverguide/C/network-config.xml:399(para)
12864
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12865
msgstr ""
12866
12867
#: serverguide/C/network-config.xml:404(para)
12868
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12869
msgstr ""
12870
12871
#: serverguide/C/network-config.xml:409(para)
12872
msgid ""
12873
"If no matches are found, the DNS server will provide a result of <emphasis "
12874
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12875
msgstr ""
12876
12877
#: serverguide/C/network-config.xml:416(title)
12878
msgid "Static Hostnames"
12879
msgstr ""
12880
12881
#: serverguide/C/network-config.xml:417(para)
12882
msgid ""
12883
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12884
"file <filename>/etc/hosts</filename>. Entries in the "
12885
"<filename>hosts</filename> file will have precedence over DNS by default. "
12886
"This means that if your system tries to resolve a hostname and it matches an "
12887
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12888
"some configurations, especially when Internet access is not required, "
12889
"servers that communicate with a limited number of resources can be "
12890
"conveniently set to use static hostnames instead of DNS."
12891
msgstr ""
12892
12893
#: serverguide/C/network-config.xml:424(para)
12894
msgid ""
12895
"The following is an example of a <filename>hosts</filename> file where a "
12896
"number of local servers have been identified by simple hostnames, aliases "
12897
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12898
msgstr ""
12899
12900
#: serverguide/C/network-config.xml:428(programlisting)
12901
#, no-wrap
12902
msgid ""
12903
"\n"
12904
"127.0.0.1\tlocalhost\n"
12905
"127.0.1.1\tubuntu-server\n"
12906
"10.0.0.11\tserver1 vpn server1.example.com\n"
12907
"10.0.0.12\tserver2 mail server2.example.com\n"
12908
"10.0.0.13\tserver3 www server3.example.com\n"
12909
"10.0.0.14\tserver4 file server4.example.com\n"
12910
msgstr ""
12911
12912
#: serverguide/C/network-config.xml:437(para)
12913
msgid ""
12914
"In the above example, notice that each of the servers have been given "
12915
"aliases in addition to their proper names and FQDN's. <emphasis "
12916
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12917
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12918
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12919
"role=\"italic\">server3</emphasis> as <emphasis "
12920
"role=\"italic\">www</emphasis>, and <emphasis "
12921
"role=\"italic\">server4</emphasis> as <emphasis "
12922
"role=\"italic\">file</emphasis>."
12923
msgstr ""
12924
12925
#: serverguide/C/network-config.xml:449(title)
12926
msgid "Name Service Switch Configuration"
12927
msgstr ""
12928
12929
#: serverguide/C/network-config.xml:450(para)
12930
msgid ""
12931
"The order in which your system selects a method of resolving hostnames to IP "
12932
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12933
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12934
"section, typically static hostnames defined in the systems "
12935
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12936
"from DNS. The following is an example of the line responsible for this order "
12937
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12938
msgstr ""
12939
12940
#: serverguide/C/network-config.xml:458(programlisting)
12941
#, no-wrap
12942
msgid ""
12943
"\n"
12944
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12945
msgstr ""
12946
12947
#: serverguide/C/network-config.xml:464(para)
12948
msgid ""
12949
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12950
"hostnames located in <filename>/etc/hosts</filename>."
12951
msgstr ""
12952
12953
#: serverguide/C/network-config.xml:470(para)
12954
msgid ""
12955
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12956
"name using Multicast DNS."
12957
msgstr ""
12958
12959
#: serverguide/C/network-config.xml:475(para)
12960
msgid ""
12961
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12962
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12963
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12964
"authoritative and that the system should not try to continue hunting for an "
12965
"answer."
12966
msgstr ""
12967
12968
#: serverguide/C/network-config.xml:483(para)
12969
msgid ""
12970
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12971
msgstr ""
12972
12973
#: serverguide/C/network-config.xml:488(para)
12974
msgid ""
12975
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12976
msgstr ""
12977
12978
#: serverguide/C/network-config.xml:494(para)
12979
msgid ""
12980
"To modify the order of the above mentioned name resolution methods, you can "
12981
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12982
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12983
"versus Multicast DNS, you can change the string in "
12984
"<filename>/etc/nsswitch.conf</filename> as shown below."
12985
msgstr ""
12986
12987
#: serverguide/C/network-config.xml:501(programlisting)
12988
#, no-wrap
12989
msgid ""
12990
"\n"
12991
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12992
msgstr ""
12993
12994
#: serverguide/C/network-config.xml:508(title)
12995
msgid "Bridging"
12996
msgstr ""
12997
12998
#: serverguide/C/network-config.xml:510(para)
12999
msgid ""
13000
"Bridging multiple interfaces is a more advanced configuration, but is very "
13001
"useful in multiple scenarios. One scenario is setting up a bridge with "
13002
"multiple network interfaces, then using a firewall to filter traffic between "
13003
"two network segments. Another scenario is using bridge on a system with one "
13004
"interface to allow virtual machines direct access to the outside network. "
13005
"The following example covers the latter scenario."
13006
msgstr ""
13007
13008
#: serverguide/C/network-config.xml:517(para)
13009
msgid ""
13010
"Before configuring a bridge you will need to install the <application>bridge-"
13011
"utils</application> package. To install the package, in a terminal enter:"
13012
msgstr ""
13013
13014
#: serverguide/C/network-config.xml:523(command)
13015
msgid "sudo apt-get install bridge-utils"
13016
msgstr ""
13017
13018
#: serverguide/C/network-config.xml:526(para)
13019
msgid ""
13020
"Next, configure the bridge by editing "
13021
"<filename>/etc/network/interfaces</filename>:"
13022
msgstr ""
13023
13024
#: serverguide/C/network-config.xml:530(programlisting)
13025
#, no-wrap
13026
msgid ""
13027
"\n"
13028
"auto lo\n"
13029
"iface lo inet loopback\n"
13030
"\n"
13031
"auto br0\n"
13032
"iface br0 inet static\n"
13033
" address 192.168.0.10\n"
13034
" network 192.168.0.0\n"
13035
" netmask 255.255.255.0\n"
13036
" broadcast 192.168.0.255\n"
13037
" gateway 192.168.0.1\n"
13038
" bridge_ports eth0\n"
13039
" bridge_fd 9\n"
13040
" bridge_hello 2\n"
13041
" bridge_maxage 12\n"
13042
" bridge_stp off\n"
13043
msgstr ""
13044
13045
#: serverguide/C/network-config.xml:549(para)
13046
msgid "Enter the appropriate values for your physical interface and network."
13047
msgstr ""
13048
13049
#: serverguide/C/network-config.xml:554(para)
13050
msgid "Now restart networking to enable the bridge interface:"
13051
msgstr ""
13052
13053
#: serverguide/C/network-config.xml:561(para)
13054
msgid ""
13055
"The new bridge interface should now be up and running. The "
13056
"<application>brctl</application> provides useful information about the state "
13057
"of the bridge, controls which interfaces are part of the bridge, etc. See "
13058
"<command>man brctl</command> for more information."
13059
msgstr ""
13060
13061
#: serverguide/C/network-config.xml:577(para)
13062
msgid ""
13063
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
13064
"Network page</ulink> has links to articles covering more advanced network "
13065
"configuration."
13066
msgstr ""
13067
13068
#: serverguide/C/network-config.xml:583(para)
13069
msgid ""
13070
"The <ulink "
13071
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
13072
"\">interfaces man page</ulink> has details on more options for "
13073
"<filename>/etc/network/interfaces</filename>."
13074
msgstr ""
13075
13076
#: serverguide/C/network-config.xml:589(para)
13077
msgid ""
13078
"The <ulink "
13079
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
13080
"dhclient man page</ulink> has details on more options for configuring DHCP "
13081
"client settings."
13082
msgstr ""
13083
13084
#: serverguide/C/network-config.xml:595(para)
13085
msgid ""
13086
"For more information on DNS client configuration see the <ulink "
13087
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
13088
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
13089
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
13090
"Administrator's Guide</ulink> is a good source of resolver and name service "
13091
"configuration information."
13092
msgstr ""
13093
13094
#: serverguide/C/network-config.xml:603(para)
13095
msgid ""
13096
"For more information on <emphasis>bridging</emphasis> see the <ulink "
13097
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
13098
"tl man page</ulink> and the Linux Foundation's <ulink "
13099
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
13100
msgstr ""
13101
13102
#: serverguide/C/network-config.xml:614(title)
13103
msgid "TCP/IP"
13104
msgstr ""
13105
13106
#: serverguide/C/network-config.xml:615(para)
13107
msgid ""
13108
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13109
"standard set of protocols developed in the late 1970s by the Defense "
13110
"Advanced Research Projects Agency (DARPA) as a means of communication "
13111
"between different types of computers and computer networks. TCP/IP is the "
13112
"driving force of the Internet, and thus it is the most popular set of "
13113
"network protocols on Earth."
13114
msgstr ""
13115
13116
#: serverguide/C/network-config.xml:623(title)
13117
msgid "TCP/IP Introduction"
13118
msgstr ""
13119
13120
#: serverguide/C/network-config.xml:624(para)
13121
msgid ""
13122
"The two protocol components of TCP/IP deal with different aspects of "
13123
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13124
"TCP/IP is a connectionless protocol which deals only with network packet "
13125
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
13126
"basic unit of networking information. The IP Datagram consists of a header "
13127
"followed by a message. The <emphasis> Transmission Control "
13128
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
13129
"establish connections which may be used to exchange data streams. TCP also "
13130
"guarantees that the data between connections is delivered and that it "
13131
"arrives at one network host in the same order as sent from another network "
13132
"host."
13133
msgstr ""
13134
13135
#: serverguide/C/network-config.xml:637(title)
13136
msgid "TCP/IP Configuration"
13137
msgstr ""
13138
13139
#: serverguide/C/network-config.xml:638(para)
13140
msgid ""
13141
"The TCP/IP protocol configuration consists of several elements which must be "
13142
"set by editing the appropriate configuration files, or deploying solutions "
13143
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
13144
"can be configured to provide the proper TCP/IP configuration settings to "
13145
"network clients automatically. These configuration values must be set "
13146
"correctly in order to facilitate the proper network operation of your Ubuntu "
13147
"system."
13148
msgstr ""
13149
13150
#: serverguide/C/network-config.xml:650(para)
13151
msgid ""
13152
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13153
"identifying string expressed as four decimal numbers ranging from zero (0) "
13154
"to two-hundred and fifty-five (255), separated by periods, with each of the "
13155
"four numbers representing eight (8) bits of the address for a total length "
13156
"of thirty-two (32) bits for the whole address. This format is called "
13157
"<emphasis>dotted quad notation</emphasis>."
13158
msgstr ""
13159
13160
#: serverguide/C/network-config.xml:660(para)
13161
msgid ""
13162
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13163
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13164
"separate the portions of an IP address significant to the network from the "
13165
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
13166
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
13167
"three bytes of the IP address and allows the last byte of the IP address to "
13168
"remain available for specifying hosts on the subnetwork."
13169
msgstr ""
13170
13171
#: serverguide/C/network-config.xml:671(para)
13172
msgid ""
13173
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13174
"represents the bytes comprising the network portion of an IP address. For "
13175
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
13176
"network address, where twelve (12) represents the first byte of the IP "
13177
"address, (the network part) and zeroes (0) in all of the remaining three "
13178
"bytes to represent the potential host values. A network host using the "
13179
"private IP address 192.168.1.100 would in turn use a Network Address of "
13180
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
13181
"network and a zero (0) for all the possible hosts on the network."
13182
msgstr ""
13183
13184
#: serverguide/C/network-config.xml:684(para)
13185
msgid ""
13186
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13187
"is an IP address which allows network data to be sent simultaneously to all "
13188
"hosts on a given subnetwork rather than specifying a particular host. The "
13189
"standard general broadcast address for IP networks is 255.255.255.255, but "
13190
"this broadcast address cannot be used to send a broadcast message to every "
13191
"host on the Internet because routers block it. A more appropriate broadcast "
13192
"address is set to match a specific subnetwork. For example, on the private "
13193
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
13194
"Broadcast messages are typically produced by network protocols such as the "
13195
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13196
msgstr ""
13197
13198
#: serverguide/C/network-config.xml:697(para)
13199
msgid ""
13200
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13201
"IP address through which a particular network, or host on a network, may be "
13202
"reached. If one network host wishes to communicate with another network "
13203
"host, and that host is not located on the same network, then a "
13204
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
13205
"Address will be that of a router on the same network, which will in turn "
13206
"pass traffic on to other networks or hosts, such as Internet hosts. The "
13207
"value of the Gateway Address setting must be correct, or your system will "
13208
"not be able to reach any hosts beyond those on the same network."
13209
msgstr ""
13210
13211
#: serverguide/C/network-config.xml:708(para)
13212
msgid ""
13213
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13214
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13215
"resolve network hostnames into IP addresses. There are three levels of "
13216
"Nameserver Addresses, which may be specified in order of precedence: The "
13217
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
13218
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
13219
"your system to be able to resolve network hostnames into their corresponding "
13220
"IP addresses, you must specify valid Nameserver Addresses which you are "
13221
"authorized to use in your system's TCP/IP configuration. In many cases these "
13222
"addresses can and will be provided by your network service provider, but "
13223
"many free and publicly accessible nameservers are available for use, such as "
13224
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
13225
msgstr ""
13226
13227
#: serverguide/C/network-config.xml:722(para)
13228
msgid ""
13229
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
13230
"Address are typically specified via the appropriate directives in the file "
13231
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
13232
"typically specified via <emphasis>nameserver</emphasis> directives in the "
13233
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
13234
"system manual page for <filename>interfaces</filename> or "
13235
"<filename>resolv.conf</filename> respectively, with the following commands "
13236
"typed at a terminal prompt:"
13237
msgstr ""
13238
13239
#: serverguide/C/network-config.xml:729(para)
13240
msgid ""
13241
"Access the system manual page for <filename>interfaces</filename> with the "
13242
"following command:"
13243
msgstr ""
13244
13245
#: serverguide/C/network-config.xml:734(command)
13246
msgid "man interfaces"
13247
msgstr ""
13248
13249
#: serverguide/C/network-config.xml:737(para)
13250
msgid ""
13251
"Access the system manual page for <filename>resolv.conf</filename> with the "
13252
"following command:"
13253
msgstr ""
13254
13255
#: serverguide/C/network-config.xml:741(command)
13256
msgid "man resolv.conf"
13257
msgstr ""
13258
13259
#: serverguide/C/network-config.xml:646(para)
13260
msgid ""
13261
"The common configuration elements of TCP/IP and their purposes are as "
13262
"follows: <placeholder-1/>"
13263
msgstr ""
13264
13265
#: serverguide/C/network-config.xml:748(title)
13266
msgid "IP Routing"
13267
msgstr ""
13268
13269
#: serverguide/C/network-config.xml:749(para)
13270
msgid ""
13271
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13272
"network along which network data may be sent. Routing uses a set of "
13273
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
13274
"packets from their source to the destination, often via many intermediary "
13275
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
13276
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
13277
"<emphasis>Dynamic Routing.</emphasis>"
13278
msgstr ""
13279
13280
#: serverguide/C/network-config.xml:758(para)
13281
msgid ""
13282
"Static routing involves manually adding IP routes to the system's routing "
13283
"table, and this is usually done by manipulating the routing table with the "
13284
"<application>route</application> command. Static routing enjoys many "
13285
"advantages over dynamic routing, such as simplicity of implementation on "
13286
"smaller networks, predictability (the routing table is always computed in "
13287
"advance, and thus the route is precisely the same each time it is used), and "
13288
"low overhead on other routers and network links due to the lack of a dynamic "
13289
"routing protocol. However, static routing does present some disadvantages as "
13290
"well. For example, static routing is limited to small networks and does not "
13291
"scale well. Static routing also fails completely to adapt to network outages "
13292
"and failures along the route due to the fixed nature of the route."
13293
msgstr ""
13294
13295
#: serverguide/C/network-config.xml:768(para)
13296
msgid ""
13297
"Dynamic routing depends on large networks with multiple possible IP routes "
13298
"from a source to a destination and makes use of special routing protocols, "
13299
"such as the Router Information Protocol (RIP), which handle the automatic "
13300
"adjustments in routing tables that make dynamic routing possible. Dynamic "
13301
"routing has several advantages over static routing, such as superior "
13302
"scalability and the ability to adapt to failures and outages along network "
13303
"routes. Additionally, there is less manual configuration of the routing "
13304
"tables, since routers learn from one another about their existence and "
13305
"available routes. This trait also eliminates the possibility of introducing "
13306
"mistakes in the routing tables via human error. Dynamic routing is not "
13307
"perfect, however, and presents disadvantages such as heightened complexity "
13308
"and additional network overhead from router communications, which does not "
13309
"immediately benefit the end users, but still consumes network bandwidth."
13310
msgstr ""
13311
13312
#: serverguide/C/network-config.xml:782(title)
13313
msgid "TCP and UDP"
13314
msgstr ""
13315
13316
#: serverguide/C/network-config.xml:783(para)
13317
msgid ""
13318
"TCP is a connection-based protocol, offering error correction and guaranteed "
13319
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13320
"Flow control determines when the flow of a data stream needs to be stopped, "
13321
"and previously sent data packets should to be re-sent due to problems such "
13322
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
13323
"accurate delivery of the data. TCP is typically used in the exchange of "
13324
"important information such as database transactions."
13325
msgstr ""
13326
13327
#: serverguide/C/network-config.xml:791(para)
13328
msgid ""
13329
"The User Datagram Protocol (UDP), on the other hand, is a "
13330
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13331
"transmission of important data because it lacks flow control or any other "
13332
"method to ensure reliable delivery of the data. UDP is commonly used in such "
13333
"applications as audio and video streaming, where it is considerably faster "
13334
"than TCP due to the lack of error correction and flow control, and where the "
13335
"loss of a few packets is not generally catastrophic."
13336
msgstr ""
13337
13338
#: serverguide/C/network-config.xml:801(title)
13339
msgid "ICMP"
13340
msgstr ""
13341
13342
#: serverguide/C/network-config.xml:802(para)
13343
msgid ""
13344
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13345
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13346
"supports network packets containing control, error, and informational "
13347
"messages. ICMP is used by such network applications as the "
13348
"<application>ping</application> utility, which can determine the "
13349
"availability of a network host or device. Examples of some error messages "
13350
"returned by ICMP which are useful to both network hosts and devices such as "
13351
"routers, include <emphasis>Destination Unreachable</emphasis> and "
13352
"<emphasis>Time Exceeded</emphasis>."
13353
msgstr ""
13354
13355
#: serverguide/C/network-config.xml:812(title)
13356
msgid "Daemons"
13357
msgstr ""
13358
13359
#: serverguide/C/network-config.xml:813(para)
13360
msgid ""
13361
"Daemons are special system applications which typically execute continuously "
13362
"in the background and await requests for the functions they provide from "
13363
"other applications. Many daemons are network-centric; that is, a large "
13364
"number of daemons executing in the background on an Ubuntu system may "
13365
"provide network-related functionality. Some examples of such network daemons "
13366
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13367
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13368
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13369
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13370
"Daemon</emphasis> (imapd), which provides E-Mail services."
13371
msgstr ""
13372
13373
#: serverguide/C/network-config.xml:828(para)
13374
msgid ""
13375
"There are man pages for <ulink "
13376
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
13377
"ulink> and <ulink "
13378
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
13379
"> that contain more useful information."
13380
msgstr ""
13381
13382
#: serverguide/C/network-config.xml:834(para)
13383
msgid ""
13384
"Also, see the <ulink "
13385
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13386
"and Technical Overview</ulink> IBM Redbook."
13387
msgstr ""
13388
13389
#: serverguide/C/network-config.xml:840(para)
13390
msgid ""
13391
"Another resource is O'Reilly's <ulink "
13392
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13393
"Administration</ulink>."
13394
msgstr ""
13395
13396
#: serverguide/C/network-config.xml:849(title)
13397
msgid "Dynamic Host Configuration Protocol (DHCP)"
13398
msgstr ""
13399
13400
#: serverguide/C/network-config.xml:850(para)
13401
msgid ""
13402
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13403
"enables host computers to be automatically assigned settings from a server "
13404
"as opposed to manually configuring each network host. Computers configured "
13405
"to be DHCP clients have no control over the settings they receive from the "
13406
"DHCP server, and the configuration is transparent to the computer's user."
13407
msgstr ""
13408
13409
#: serverguide/C/network-config.xml:857(para)
13410
msgid ""
13411
"The most common settings provided by a DHCP server to DHCP clients include:"
13412
msgstr ""
13413
13414
#: serverguide/C/network-config.xml:862(para)
13415
msgid "IP-Address and Netmask"
13416
msgstr ""
13417
13418
#: serverguide/C/network-config.xml:865(para)
13419
msgid "DNS"
13420
msgstr ""
13421
13422
#: serverguide/C/network-config.xml:868(para)
13423
msgid "WINS"
13424
msgstr ""
13425
13426
#: serverguide/C/network-config.xml:871(para)
13427
msgid ""
13428
"However, a DHCP server can also supply configuration properties such as:"
13429
msgstr ""
13430
13431
#: serverguide/C/network-config.xml:876(para)
13432
msgid "Host Name"
13433
msgstr ""
13434
13435
#: serverguide/C/network-config.xml:879(para)
13436
msgid "Domain Name"
13437
msgstr ""
13438
13439
#: serverguide/C/network-config.xml:882(para)
13440
msgid "Default Gateway"
13441
msgstr ""
13442
13443
#: serverguide/C/network-config.xml:885(para)
13444
msgid "Time Server"
13445
msgstr ""
13446
13447
#: serverguide/C/network-config.xml:888(para)
13448
msgid "Print Server"
13449
msgstr ""
13450
13451
#: serverguide/C/network-config.xml:891(para)
13452
msgid ""
13453
"The advantage of using DHCP is that changes to the network, for example a "
13454
"change in the address of the DNS server, need only be changed at the DHCP "
13455
"server, and all network hosts will be reconfigured the next time their DHCP "
13456
"clients poll the DHCP server. As an added advantage, it is also easier to "
13457
"integrate new computers into the network, as there is no need to check for "
13458
"the availability of an IP address. Conflicts in IP address allocation are "
13459
"also reduced."
13460
msgstr ""
13461
13462
#: serverguide/C/network-config.xml:899(para)
13463
msgid "A DHCP server can provide configuration settings using two methods:"
13464
msgstr ""
13465
13466
#: serverguide/C/network-config.xml:904(term)
13467
msgid "MAC Address"
13468
msgstr ""
13469
13470
#: serverguide/C/network-config.xml:906(para)
13471
msgid ""
13472
"This method entails using DHCP to identify the unique hardware address of "
13473
"each network card connected to the network and then continually supplying a "
13474
"constant configuration each time the DHCP client makes a request to the DHCP "
13475
"server using that network device."
13476
msgstr ""
13477
13478
#: serverguide/C/network-config.xml:915(term)
13479
msgid "Address Pool"
13480
msgstr ""
13481
13482
#: serverguide/C/network-config.xml:917(para)
13483
msgid ""
13484
"This method entails defining a pool (sometimes also called a range or scope) "
13485
"of IP addresses from which DHCP clients are supplied their configuration "
13486
"properties dynamically and on a \"first come, first served\" basis. When a "
13487
"DHCP client is no longer on the network for a specified period, the "
13488
"configuration is expired and released back to the address pool for use by "
13489
"other DHCP Clients."
13490
msgstr ""
13491
13492
#: serverguide/C/network-config.xml:928(para)
13493
msgid ""
13494
"Ubuntu is shipped with both DHCP server and client. The server is "
13495
"<application>dhcpd</application> (dynamic host configuration protocol "
13496
"daemon). The client provided with Ubuntu is "
13497
"<application>dhclient</application> and should be installed on all computers "
13498
"required to be automatically configured. Both programs are easy to install "
13499
"and configure and will be automatically started at system boot."
13500
msgstr ""
13501
13502
#: serverguide/C/network-config.xml:938(para)
13503
msgid ""
13504
"At a terminal prompt, enter the following command to install "
13505
"<application>dhcpd</application>:"
13506
msgstr ""
13507
13508
#: serverguide/C/network-config.xml:943(command)
13509
msgid "sudo apt-get install dhcp3-server"
13510
msgstr ""
13511
13512
#: serverguide/C/network-config.xml:945(para)
13513
msgid ""
13514
"You will probably need to change the default configuration by editing "
13515
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
13516
msgstr ""
13517
13518
#: serverguide/C/network-config.xml:949(para)
13519
msgid ""
13520
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
13521
"dhcpd should listen to. By default it listens to eth0."
13522
msgstr ""
13523
13524
#: serverguide/C/network-config.xml:953(para)
13525
msgid ""
13526
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13527
"messages."
13528
msgstr ""
13529
13530
#: serverguide/C/network-config.xml:960(para)
13531
msgid ""
13532
"The error message the installation ends with might be a little confusing, "
13533
"but the following steps will help you configure the service:"
13534
msgstr ""
13535
13536
#: serverguide/C/network-config.xml:964(para)
13537
msgid ""
13538
"Most commonly, what you want to do is assign an IP address randomly. This "
13539
"can be done with settings as follows:"
13540
msgstr ""
13541
13542
#: serverguide/C/network-config.xml:968(programlisting)
13543
#, no-wrap
13544
msgid ""
13545
"\n"
13546
"# Sample /etc/dhcpd.conf\n"
13547
"# (add your comments here) \n"
13548
"default-lease-time 600;\n"
13549
"max-lease-time 7200;\n"
13550
"option subnet-mask 255.255.255.0;\n"
13551
"option broadcast-address 192.168.1.255;\n"
13552
"option routers 192.168.1.254;\n"
13553
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
13554
"option domain-name \"mydomain.example\";\n"
13555
"\n"
13556
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
13557
"range 192.168.1.10 192.168.1.100;\n"
13558
"range 192.168.1.150 192.168.1.200;\n"
13559
"} \n"
13560
msgstr ""
13561
13562
#: serverguide/C/network-config.xml:984(para)
13563
msgid ""
13564
"This will result in the DHCP server giving a client an IP address from the "
13565
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
13566
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
13567
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
13568
"server will also \"advise\" the client that it should use 255.255.255.0 as "
13569
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
13570
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
13571
msgstr ""
13572
13573
#: serverguide/C/network-config.xml:993(para)
13574
msgid ""
13575
"If you need to specify a WINS server for your Windows clients, you will need "
13576
"to include the netbios-name-servers option, e.g."
13577
msgstr ""
13578
13579
#: serverguide/C/network-config.xml:997(programlisting)
13580
#, no-wrap
13581
msgid ""
13582
"\n"
13583
"option netbios-name-servers 192.168.1.1; \n"
13584
msgstr ""
13585
13586
#: serverguide/C/network-config.xml:1000(para)
13587
msgid ""
13588
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
13589
"be found <ulink "
13590
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
13591
msgstr ""
13592
13593
#: serverguide/C/network-config.xml:1010(para)
13594
msgid ""
13595
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13596
"server Ubuntu Wiki</ulink> page has more information."
13597
msgstr ""
13598
13599
#: serverguide/C/network-config.xml:1015(para)
13600
msgid ""
13601
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
13602
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
13603
"\">dhcpd.conf man page</ulink>."
13604
msgstr ""
13605
13606
#: serverguide/C/network-config.xml:1021(para)
13607
msgid ""
13608
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
13609
"FAQ</ulink>"
13610
msgstr ""
13611
13612
#: serverguide/C/network-config.xml:1031(title)
13613
msgid "Time Synchronisation with NTP"
13614
msgstr ""
13615
13616
#: serverguide/C/network-config.xml:1032(para)
13617
msgid ""
13618
"This page describes methods for keeping your computer's time accurate. This "
13619
"is useful for servers, but is not necessary (or desirable) for desktop "
13620
"machines."
13621
msgstr ""
13622
13623
#: serverguide/C/network-config.xml:1035(para)
13624
msgid ""
13625
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13626
"client requests the current time from a server, and uses it to set its own "
13627
"clock."
13628
msgstr ""
13629
13630
#: serverguide/C/network-config.xml:1038(para)
13631
msgid ""
13632
"Behind this simple description, there is a lot of complexity - there are "
13633
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13634
"clocks (often via GPS), and tier two and three servers spreading the load of "
13635
"actually handling requests across the Internet. Also the client software is "
13636
"a lot more complex than you might think - it has to factor out communication "
13637
"delays, and adjust the time in a way that does not upset all the other "
13638
"processes that run on the server. But luckily all that complexity is hidden "
13639
"from you!"
13640
msgstr ""
13641
13642
#: serverguide/C/network-config.xml:1041(para)
13643
msgid ""
13644
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
13645
msgstr ""
13646
13647
#: serverguide/C/network-config.xml:1046(title)
13648
msgid "ntpdate"
13649
msgstr ""
13650
13651
#: serverguide/C/network-config.xml:1047(para)
13652
msgid ""
13653
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13654
"set up your time according to Ubuntu's NTP server. However, a server's clock "
13655
"is likely to drift considerably between reboots, so it makes sense to "
13656
"correct the time occasionally. The easiest way to do this is to get cron to "
13657
"run ntpdate every day. With your favorite editor, as root, create a file "
13658
"<code>/etc/cron.daily/ntpdate</code> containing:"
13659
msgstr ""
13660
13661
#: serverguide/C/network-config.xml:1052(screen)
13662
#, no-wrap
13663
msgid "ntpdate ntp.ubuntu.com\n"
13664
msgstr ""
13665
13666
#: serverguide/C/network-config.xml:1054(para)
13667
msgid ""
13668
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13669
msgstr ""
13670
13671
#: serverguide/C/network-config.xml:1057(screen)
13672
#, no-wrap
13673
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13674
msgstr ""
13675
13676
#: serverguide/C/network-config.xml:1061(title)
13677
msgid "ntpd"
13678
msgstr ""
13679
13680
#: serverguide/C/network-config.xml:1062(para)
13681
msgid ""
13682
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13683
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13684
"calculates the drift of your system clock and continuously adjusts it, so "
13685
"there are no large corrections that could lead to inconsistent logs for "
13686
"instance. The cost is a little processing power and memory, but for a modern "
13687
"server this is negligible."
13688
msgstr ""
13689
13690
#: serverguide/C/network-config.xml:1065(para)
13691
msgid "To set up ntpd:"
13692
msgstr ""
13693
13694
#: serverguide/C/network-config.xml:1066(screen)
13695
#, no-wrap
13696
msgid "sudo apt-get install ntp\n"
13697
msgstr ""
13698
13699
#: serverguide/C/network-config.xml:1071(title)
13700
msgid "Changing Time Servers"
13701
msgstr ""
13702
13703
#: serverguide/C/network-config.xml:1072(para)
13704
msgid ""
13705
"In both cases above, your system will use Ubuntu's NTP server at "
13706
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13707
"use several servers to increase accuracy and resilience, and you may want to "
13708
"use time servers that are geographically closer to you. to do this for "
13709
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13710
msgstr ""
13711
13712
#: serverguide/C/network-config.xml:1079(screen)
13713
#, no-wrap
13714
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13715
msgstr ""
13716
13717
#: serverguide/C/network-config.xml:1081(para)
13718
msgid ""
13719
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13720
"lines:"
13721
msgstr ""
13722
13723
#: serverguide/C/network-config.xml:1086(screen)
13724
#, no-wrap
13725
msgid ""
13726
"server ntp.ubuntu.com\n"
13727
"server pool.ntp.org\n"
13728
msgstr ""
13729
13730
#: serverguide/C/network-config.xml:1089(para)
13731
msgid ""
13732
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13733
"really good idea which uses round-robin DNS to return an NTP server from a "
13734
"pool, spreading the load between several different servers. Even better, "
13735
"they have pools for different regions - for instance, if you are in New "
13736
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13737
"<code>pool.ntp.org</code> . Look at <ulink "
13738
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13739
"details."
13740
msgstr ""
13741
13742
#: serverguide/C/network-config.xml:1100(para)
13743
msgid ""
13744
"You can also Google for NTP servers in your region, and add these to your "
13745
"configuration. To test that a server works, just type <code>sudo ntpdate "
13746
"ntp.server.name</code> and see what happens."
13747
msgstr ""
13748
13749
#: serverguide/C/network-config.xml:1111(para)
13750
msgid ""
13751
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13752
"Time</ulink> wiki page for more information."
13753
msgstr ""
13754
13755
#: serverguide/C/network-config.xml:1117(ulink)
13756
msgid "NTP Support"
13757
msgstr ""
13758
13759
#: serverguide/C/network-config.xml:1122(ulink)
13760
msgid "The NTP FAQ and HOWTO"
13761
msgstr ""
13762
13763
#: serverguide/C/network-auth.xml:13(title)
13764
msgid "Network Authentication"
13765
msgstr ""
13766
13767
#: serverguide/C/network-auth.xml:15(para)
13768
msgid "This section explains various Network Authentication protocols."
13769
msgstr ""
13770
13771
#: serverguide/C/network-auth.xml:19(title)
13772
msgid "OpenLDAP Server"
13773
msgstr ""
13774
13775
#: serverguide/C/network-auth.xml:20(para)
13776
msgid ""
13777
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13778
"simplified version of the X.500 protocol. The directory setup in this "
13779
"section will be used for authentication. Nevertheless, LDAP can be used in "
13780
"numerous ways: authentication, shared directory (for mail clients), address "
13781
"book, etc."
13782
msgstr ""
13783
13784
#: serverguide/C/network-auth.xml:28(para)
13785
msgid ""
13786
"To describe LDAP quickly, all information is stored in a tree structure. "
13787
"With <application>OpenLDAP</application> you have freedom to determine the "
13788
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13789
"We will begin with a basic tree containing two nodes below the root:"
13790
msgstr ""
13791
13792
#: serverguide/C/network-auth.xml:37(para)
13793
msgid "\"People\" node where your users will be stored"
13794
msgstr ""
13795
13796
#: serverguide/C/network-auth.xml:40(para)
13797
msgid "\"Groups\" node where your groups will be stored"
13798
msgstr ""
13799
13800
#: serverguide/C/network-auth.xml:44(para)
13801
msgid ""
13802
"Before beginning, you should determine what the root of your LDAP directory "
13803
"will be. By default, your tree will be determined by your Fully Qualified "
13804
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13805
"example), your root node will be dc=example,dc=com."
13806
msgstr ""
13807
13808
#: serverguide/C/network-auth.xml:54(para)
13809
msgid ""
13810
"First, install the <application>OpenLDAP</application> server daemon "
13811
"<application>slapd</application> and <application>ldap-utils</application>, "
13812
"a package containing LDAP management utilities:"
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:60(command)
13816
msgid "sudo apt-get install slapd ldap-utils"
13817
msgstr ""
13818
13819
#: serverguide/C/network-auth.xml:63(para)
13820
msgid ""
13821
"By default <application>slapd</application> is configured with minimal "
13822
"options needed to run the <application>slapd</application> daemon."
13823
msgstr ""
13824
13825
#: serverguide/C/network-auth.xml:68(para)
13826
msgid ""
13827
"The configuration example in the following sections will match the domain "
13828
"name of the server. For example, if the machine's Fully Qualified Domain "
13829
"Name (FQDN) is ldap.example.com, the default suffix will be "
13830
"<emphasis>dc=example,dc=com</emphasis>."
13831
msgstr ""
13832
13833
#: serverguide/C/network-auth.xml:76(title)
13834
msgid "Populating LDAP"
13835
msgstr ""
13836
13837
#: serverguide/C/network-auth.xml:78(para)
13838
msgid ""
13839
"<application>OpenLDAP</application> uses a separate directory which contains "
13840
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13841
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13842
"<application>slapd</application> daemon, allowing the modification of schema "
13843
"definitions, indexes, ACLs, etc without stopping the service."
13844
msgstr ""
13845
13846
#: serverguide/C/network-auth.xml:86(para)
13847
msgid ""
13848
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13849
"configuration and will need additional configuration options in order to "
13850
"populate the frontend directory. The frontend will be populated with a "
13851
"\"classical\" scheme that will be compatible with address book applications "
13852
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13853
"various applications, such as web applications, email Mail Transfer Agent "
13854
"(MTA) applications, etc."
13855
msgstr ""
13856
13857
#: serverguide/C/network-auth.xml:95(para)
13858
msgid ""
13859
"For external applications to authenticate using LDAP they will each need to "
13860
"be specifically configured to do so. Refer to the individual application "
13861
"documentation for details."
13862
msgstr ""
13863
13864
#: serverguide/C/network-auth.xml:103(para)
13865
msgid ""
13866
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13867
"examples to match your LDAP configuration."
13868
msgstr ""
13869
13870
#: serverguide/C/network-auth.xml:108(para)
13871
msgid ""
13872
"First, some additional schema files need to be loaded. In a terminal enter:"
13873
msgstr ""
13874
13875
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13876
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13877
msgstr ""
13878
13879
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13880
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13881
msgstr ""
13882
13883
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13884
msgid ""
13885
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13886
msgstr ""
13887
13888
#: serverguide/C/network-auth.xml:118(para)
13889
msgid ""
13890
"Next, copy the following example LDIF file, naming it "
13891
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13892
msgstr ""
13893
13894
#: serverguide/C/network-auth.xml:123(programlisting)
13895
#, no-wrap
13896
msgid ""
13897
"\n"
13898
"# Load dynamic backend modules\n"
13899
"dn: cn=module,cn=config\n"
13900
"objectClass: olcModuleList\n"
13901
"cn: module\n"
13902
"olcModulepath: /usr/lib/ldap\n"
13903
"olcModuleload: back_hdb\n"
13904
"\n"
13905
"# Database settings\n"
13906
"dn: olcDatabase=hdb,cn=config\n"
13907
"objectClass: olcDatabaseConfig\n"
13908
"objectClass: olcHdbConfig\n"
13909
"olcDatabase: {1}hdb\n"
13910
"olcSuffix: dc=example,dc=com\n"
13911
"olcDbDirectory: /var/lib/ldap\n"
13912
"olcRootDN: cn=admin,dc=example,dc=com\n"
13913
"olcRootPW: secret\n"
13914
"olcDbConfig: set_cachesize 0 2097152 0\n"
13915
"olcDbConfig: set_lk_max_objects 1500\n"
13916
"olcDbConfig: set_lk_max_locks 1500\n"
13917
"olcDbConfig: set_lk_max_lockers 1500\n"
13918
"olcDbIndex: objectClass eq\n"
13919
"olcLastMod: TRUE\n"
13920
"olcDbCheckpoint: 512 30\n"
13921
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13922
"by anonymous auth by self write by * none\n"
13923
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13924
"olcAccess: to dn.base=\"\" by * read\n"
13925
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13926
"\n"
13927
msgstr ""
13928
13929
#: serverguide/C/network-auth.xml:155(para)
13930
msgid ""
13931
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13932
msgstr ""
13933
13934
#: serverguide/C/network-auth.xml:160(para)
13935
msgid "Now add the LDIF to the directory:"
13936
msgstr ""
13937
13938
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13939
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13940
msgstr ""
13941
13942
#: serverguide/C/network-auth.xml:168(para)
13943
msgid ""
13944
"The frontend directory is now ready to be populated. Create a "
13945
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13946
msgstr ""
13947
13948
#: serverguide/C/network-auth.xml:173(programlisting)
13949
#, no-wrap
13950
msgid ""
13951
"\n"
13952
"# Create top-level object in domain\n"
13953
"dn: dc=example,dc=com\n"
13954
"objectClass: top\n"
13955
"objectClass: dcObject\n"
13956
"objectclass: organization\n"
13957
"o: Example Organization\n"
13958
"dc: Example\n"
13959
"description: LDAP Example \n"
13960
"\n"
13961
"# Admin user.\n"
13962
"dn: cn=admin,dc=example,dc=com\n"
13963
"objectClass: simpleSecurityObject\n"
13964
"objectClass: organizationalRole\n"
13965
"cn: admin\n"
13966
"description: LDAP administrator\n"
13967
"userPassword: secret\n"
13968
"\n"
13969
"dn: ou=people,dc=example,dc=com\n"
13970
"objectClass: organizationalUnit\n"
13971
"ou: people\n"
13972
"\n"
13973
"dn: ou=groups,dc=example,dc=com\n"
13974
"objectClass: organizationalUnit\n"
13975
"ou: groups\n"
13976
"\n"
13977
"dn: uid=john,ou=people,dc=example,dc=com\n"
13978
"objectClass: inetOrgPerson\n"
13979
"objectClass: posixAccount\n"
13980
"objectClass: shadowAccount\n"
13981
"uid: john\n"
13982
"sn: Doe\n"
13983
"givenName: John\n"
13984
"cn: John Doe\n"
13985
"displayName: John Doe\n"
13986
"uidNumber: 1000\n"
13987
"gidNumber: 10000\n"
13988
"userPassword: password\n"
13989
"gecos: John Doe\n"
13990
"loginShell: /bin/bash\n"
13991
"homeDirectory: /home/john\n"
13992
"shadowExpire: -1\n"
13993
"shadowFlag: 0\n"
13994
"shadowWarning: 7\n"
13995
"shadowMin: 8\n"
13996
"shadowMax: 999999\n"
13997
"shadowLastChange: 10877\n"
13998
"mail: john.doe@example.com\n"
13999
"postalCode: 31000\n"
14000
"l: Toulouse\n"
14001
"o: Example\n"
14002
"mobile: +33 (0)6 xx xx xx xx\n"
14003
"homePhone: +33 (0)5 xx xx xx xx\n"
14004
"title: System Administrator\n"
14005
"postalAddress: \n"
14006
"initials: JD\n"
14007
"\n"
14008
"dn: cn=example,ou=groups,dc=example,dc=com\n"
14009
"objectClass: posixGroup\n"
14010
"cn: example\n"
14011
"gidNumber: 10000\n"
14012
msgstr ""
14013
14014
#: serverguide/C/network-auth.xml:236(para)
14015
msgid ""
14016
"In this example the directory structure, a user, and a group have been "
14017
"setup. In other examples you might see the <emphasis>objectClass: "
14018
"top</emphasis> added in every entry, but that is the default behaviour so "
14019
"you do not have to add it explicitly."
14020
msgstr ""
14021
14022
#: serverguide/C/network-auth.xml:243(para)
14023
msgid "Add the entries to the LDAP directory:"
14024
msgstr ""
14025
14026
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
14027
msgid ""
14028
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
14029
msgstr ""
14030
14031
#: serverguide/C/network-auth.xml:252(para)
14032
msgid ""
14033
"We can check that the content has been correctly added with the "
14034
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
14035
"directory:"
14036
msgstr ""
14037
14038
#: serverguide/C/network-auth.xml:258(command)
14039
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
14040
msgstr ""
14041
14042
#: serverguide/C/network-auth.xml:259(computeroutput)
14043
#, no-wrap
14044
msgid ""
14045
"\n"
14046
"dn: uid=john,ou=people,dc=example,dc=com\n"
14047
"cn: John Doe\n"
14048
"sn: Doe\n"
14049
"givenName: John\n"
14050
msgstr ""
14051
14052
#: serverguide/C/network-auth.xml:267(para)
14053
msgid "Just a quick explanation:"
14054
msgstr ""
14055
14056
#: serverguide/C/network-auth.xml:273(para)
14057
msgid ""
14058
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
14059
"the default."
14060
msgstr ""
14061
14062
#: serverguide/C/network-auth.xml:279(para)
14063
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
14064
msgstr ""
14065
14066
#: serverguide/C/network-auth.xml:287(title)
14067
msgid "Further Configuration"
14068
msgstr ""
14069
14070
#: serverguide/C/network-auth.xml:290(para)
14071
msgid ""
14072
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
14073
"utilities in the <application>ldap-utils</application> package. For example:"
14074
msgstr ""
14075
14076
#: serverguide/C/network-auth.xml:298(para)
14077
msgid ""
14078
"Use <application>ldapsearch</application> to view the tree, entering the "
14079
"admin password set during installation or reconfiguration:"
14080
msgstr ""
14081
14082
#: serverguide/C/network-auth.xml:304(command)
14083
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
14084
msgstr ""
14085
14086
#: serverguide/C/network-auth.xml:308(computeroutput)
14087
#, no-wrap
14088
msgid ""
14089
"\n"
14090
"SASL/EXTERNAL authentication started\n"
14091
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14092
"SASL SSF: 0\n"
14093
"dn: cn=config\n"
14094
"\n"
14095
"dn: cn=module{0},cn=config\n"
14096
"\n"
14097
"dn: cn=schema,cn=config\n"
14098
"\n"
14099
"dn: cn={0}core,cn=schema,cn=config\n"
14100
"\n"
14101
"dn: cn={1}cosine,cn=schema,cn=config\n"
14102
"\n"
14103
"dn: cn={2}nis,cn=schema,cn=config\n"
14104
"\n"
14105
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14106
"\n"
14107
"dn: olcDatabase={-1}frontend,cn=config\n"
14108
"\n"
14109
"dn: olcDatabase={0}config,cn=config\n"
14110
"\n"
14111
"dn: olcDatabase={1}hdb,cn=config\n"
14112
msgstr ""
14113
14114
#: serverguide/C/network-auth.xml:334(para)
14115
msgid ""
14116
"The output above is the current configuration options for the "
14117
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
14118
msgstr ""
14119
14120
#: serverguide/C/network-auth.xml:342(para)
14121
msgid ""
14122
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
14123
"another attribute to the index list using "
14124
"<application>ldapmodify</application>:"
14125
msgstr ""
14126
14127
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
14128
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
14129
msgstr ""
14130
14131
#: serverguide/C/network-auth.xml:356(userinput)
14132
#, no-wrap
14133
msgid ""
14134
"dn: olcDatabase={1}hdb,cn=config\n"
14135
"add: olcDbIndex\n"
14136
"olcDbIndex: uidNumber eq"
14137
msgstr ""
14138
14139
#: serverguide/C/network-auth.xml:352(computeroutput)
14140
#, no-wrap
14141
msgid ""
14142
"\n"
14143
"SASL/EXTERNAL authentication started\n"
14144
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14145
"SASL SSF: 0\n"
14146
"<placeholder-1/>\n"
14147
"\n"
14148
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14149
msgstr ""
14150
14151
#: serverguide/C/network-auth.xml:364(para)
14152
msgid ""
14153
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
14154
"exit the utility."
14155
msgstr ""
14156
14157
#: serverguide/C/network-auth.xml:371(para)
14158
msgid ""
14159
"<application>ldapmodify</application> can also read the changes from a file. "
14160
"Copy and paste the following into a file named "
14161
"<filename>uid_index.ldif</filename>:"
14162
msgstr ""
14163
14164
#: serverguide/C/network-auth.xml:376(programlisting)
14165
#, no-wrap
14166
msgid ""
14167
"\n"
14168
"dn: olcDatabase={1}hdb,cn=config\n"
14169
"add: olcDbIndex\n"
14170
"olcDbIndex: uid eq,pres,sub\n"
14171
msgstr ""
14172
14173
#: serverguide/C/network-auth.xml:382(para)
14174
msgid "Then execute <application>ldapmodify</application>:"
14175
msgstr ""
14176
14177
#: serverguide/C/network-auth.xml:387(command)
14178
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14179
msgstr ""
14180
14181
#: serverguide/C/network-auth.xml:391(computeroutput)
14182
#, no-wrap
14183
msgid ""
14184
"\n"
14185
"SASL/EXTERNAL authentication started\n"
14186
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14187
"SASL SSF: 0\n"
14188
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14189
msgstr ""
14190
14191
#: serverguide/C/network-auth.xml:399(para)
14192
msgid "The file method is very useful for large changes."
14193
msgstr ""
14194
14195
#: serverguide/C/network-auth.xml:406(para)
14196
msgid ""
14197
"Adding additional <emphasis>schemas</emphasis> to "
14198
"<application>slapd</application> requires the schema to be converted to LDIF "
14199
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
14200
"directory contains some schema files already converted to LDIF format as "
14201
"demonstrated in the previous section. Fortunately, the "
14202
"<application>slapd</application> program can be used to automate the "
14203
"conversion. The following example will add the "
14204
"<emphasis>dyngroup.schema</emphasis>:"
14205
msgstr ""
14206
14207
#: serverguide/C/network-auth.xml:416(para)
14208
msgid ""
14209
"First, create a conversion <filename>schema_convert.conf</filename> file "
14210
"containing the following lines:"
14211
msgstr ""
14212
14213
#: serverguide/C/network-auth.xml:421(programlisting)
14214
#, no-wrap
14215
msgid ""
14216
"\n"
14217
"include /etc/ldap/schema/core.schema\n"
14218
"include /etc/ldap/schema/collective.schema\n"
14219
"include /etc/ldap/schema/corba.schema\n"
14220
"include /etc/ldap/schema/cosine.schema\n"
14221
"include /etc/ldap/schema/duaconf.schema\n"
14222
"include /etc/ldap/schema/dyngroup.schema\n"
14223
"include /etc/ldap/schema/inetorgperson.schema\n"
14224
"include /etc/ldap/schema/java.schema\n"
14225
"include /etc/ldap/schema/misc.schema\n"
14226
"include /etc/ldap/schema/nis.schema\n"
14227
"include /etc/ldap/schema/openldap.schema\n"
14228
"include /etc/ldap/schema/ppolicy.schema\n"
14229
msgstr ""
14230
14231
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
14232
msgid "Next, create a temporary directory to hold the output:"
14233
msgstr ""
14234
14235
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
14236
msgid "mkdir /tmp/ldif_output"
14237
msgstr ""
14238
14239
#: serverguide/C/network-auth.xml:450(para)
14240
msgid ""
14241
"Now using <application>slapcat</application> convert the schema files to "
14242
"LDIF:"
14243
msgstr ""
14244
14245
#: serverguide/C/network-auth.xml:455(command)
14246
msgid ""
14247
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14248
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
14249
msgstr ""
14250
14251
#: serverguide/C/network-auth.xml:458(para)
14252
msgid ""
14253
"Adjust the configuration file name and temporary directory names if yours "
14254
"are different. Also, it may be worthwhile to keep the "
14255
"<filename>ldif_output</filename> directory around in case you want to add "
14256
"additional schemas in the future."
14257
msgstr ""
14258
14259
#: serverguide/C/network-auth.xml:467(para)
14260
msgid ""
14261
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
14262
"following attributes:"
14263
msgstr ""
14264
14265
#: serverguide/C/network-auth.xml:471(programlisting)
14266
#, no-wrap
14267
msgid ""
14268
"\n"
14269
"dn: cn=dyngroup,cn=schema,cn=config\n"
14270
"...\n"
14271
"cn: dyngroup\n"
14272
msgstr ""
14273
14274
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
14275
msgid "And remove the following lines from the bottom of the file:"
14276
msgstr ""
14277
14278
#: serverguide/C/network-auth.xml:481(programlisting)
14279
#, no-wrap
14280
msgid ""
14281
"\n"
14282
"structuralObjectClass: olcSchemaConfig\n"
14283
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
14284
"creatorsName: cn=config\n"
14285
"createTimestamp: 20080826021140Z\n"
14286
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
14287
"modifiersName: cn=config\n"
14288
"modifyTimestamp: 20080826021140Z\n"
14289
msgstr ""
14290
14291
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
14292
msgid ""
14293
"The attribute values will vary, just be sure the attributes are removed."
14294
msgstr ""
14295
14296
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
14297
msgid ""
14298
"Finally, using the <application>ldapadd</application> utility, add the new "
14299
"schema to the directory:"
14300
msgstr ""
14301
14302
#: serverguide/C/network-auth.xml:506(command)
14303
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
14304
msgstr ""
14305
14306
#: serverguide/C/network-auth.xml:512(para)
14307
msgid ""
14308
"There should now be a <emphasis>dn: "
14309
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:522(title)
14313
msgid "LDAP Replication"
14314
msgstr ""
14315
14316
#: serverguide/C/network-auth.xml:524(para)
14317
msgid ""
14318
"LDAP often quickly becomes a highly critical service to the network. "
14319
"Multiple systems will come to depend on LDAP for authentication, "
14320
"authorization, configuration, etc. It is a good idea to setup a redundant "
14321
"system through replication."
14322
msgstr ""
14323
14324
#: serverguide/C/network-auth.xml:530(para)
14325
msgid ""
14326
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
14327
"Syncrepl allows the changes to be synced using a "
14328
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
14329
"provider sends directory changes to consumers."
14330
msgstr ""
14331
14332
#: serverguide/C/network-auth.xml:537(title)
14333
msgid "Provider Configuration"
14334
msgstr ""
14335
14336
#: serverguide/C/network-auth.xml:539(para)
14337
msgid ""
14338
"The following is an example of a <emphasis>Single-Master</emphasis> "
14339
"configuration. In this configuration one OpenLDAP server is configured as a "
14340
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
14341
msgstr ""
14342
14343
#: serverguide/C/network-auth.xml:547(para)
14344
msgid ""
14345
"First, configure the provider server. Copy the following to a file named "
14346
"<filename>provider_sync.ldif</filename>:"
14347
msgstr ""
14348
14349
#: serverguide/C/network-auth.xml:552(programlisting)
14350
#, no-wrap
14351
msgid ""
14352
"\n"
14353
"# Add indexes to the frontend db.\n"
14354
"dn: olcDatabase={1}hdb,cn=config\n"
14355
"changetype: modify\n"
14356
"add: olcDbIndex\n"
14357
"olcDbIndex: entryCSN eq\n"
14358
"-\n"
14359
"add: olcDbIndex\n"
14360
"olcDbIndex: entryUUID eq\n"
14361
"\n"
14362
"#Load the syncprov and accesslog modules.\n"
14363
"dn: cn=module{0},cn=config\n"
14364
"changetype: modify\n"
14365
"add: olcModuleLoad\n"
14366
"olcModuleLoad: syncprov\n"
14367
"-\n"
14368
"add: olcModuleLoad\n"
14369
"olcModuleLoad: accesslog\n"
14370
"\n"
14371
"# Accesslog database definitions\n"
14372
"dn: olcDatabase={2}hdb,cn=config\n"
14373
"objectClass: olcDatabaseConfig\n"
14374
"objectClass: olcHdbConfig\n"
14375
"olcDatabase: {2}hdb\n"
14376
"olcDbDirectory: /var/lib/ldap/accesslog\n"
14377
"olcSuffix: cn=accesslog\n"
14378
"olcRootDN: cn=admin,dc=example,dc=com\n"
14379
"olcDbIndex: default eq\n"
14380
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
14381
"\n"
14382
"# Accesslog db syncprov.\n"
14383
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
14384
"changetype: add\n"
14385
"objectClass: olcOverlayConfig\n"
14386
"objectClass: olcSyncProvConfig\n"
14387
"olcOverlay: syncprov\n"
14388
"olcSpNoPresent: TRUE\n"
14389
"olcSpReloadHint: TRUE\n"
14390
"\n"
14391
"# syncrepl Provider for primary db\n"
14392
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
14393
"changetype: add\n"
14394
"objectClass: olcOverlayConfig\n"
14395
"objectClass: olcSyncProvConfig\n"
14396
"olcOverlay: syncprov\n"
14397
"olcSpNoPresent: TRUE\n"
14398
"\n"
14399
"# accesslog overlay definitions for primary db\n"
14400
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
14401
"objectClass: olcOverlayConfig\n"
14402
"objectClass: olcAccessLogConfig\n"
14403
"olcOverlay: accesslog\n"
14404
"olcAccessLogDB: cn=accesslog\n"
14405
"olcAccessLogOps: writes\n"
14406
"olcAccessLogSuccess: TRUE\n"
14407
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
14408
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14409
msgstr ""
14410
14411
#: serverguide/C/network-auth.xml:614(para)
14412
msgid ""
14413
"The <application>AppArmor</application> profile for "
14414
"<application>slapd</application> will need to be adjusted for the accesslog "
14415
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
14416
"adding:"
14417
msgstr ""
14418
14419
#: serverguide/C/network-auth.xml:619(programlisting)
14420
#, no-wrap
14421
msgid ""
14422
"\n"
14423
" /var/lib/ldap/accesslog/ r,\n"
14424
" /var/lib/ldap/accesslog/** rwk,\n"
14425
msgstr ""
14426
14427
#: serverguide/C/network-auth.xml:624(para)
14428
msgid ""
14429
"Then create the directory, reload the <application>apparmor</application> "
14430
"profile, and copy the <filename>DB_CONFIG</filename> file:"
14431
msgstr ""
14432
14433
#: serverguide/C/network-auth.xml:630(command)
14434
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14435
msgstr ""
14436
14437
#: serverguide/C/network-auth.xml:631(command)
14438
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
14439
msgstr ""
14440
14441
#: serverguide/C/network-auth.xml:636(para)
14442
msgid ""
14443
"Using the <emphasis>-u openldap</emphasis> option with the "
14444
"<application>sudo</application> commands above removes the need to adjust "
14445
"permissions for the new directory later."
14446
msgstr ""
14447
14448
#: serverguide/C/network-auth.xml:645(para)
14449
msgid ""
14450
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
14451
"directory:"
14452
msgstr ""
14453
14454
#: serverguide/C/network-auth.xml:649(programlisting)
14455
#, no-wrap
14456
msgid ""
14457
"\n"
14458
"olcRootDN: cn=admin,dc=example,dc=com\n"
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:657(para)
14462
msgid ""
14463
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
14464
msgstr ""
14465
14466
#: serverguide/C/network-auth.xml:662(command)
14467
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14468
msgstr ""
14469
14470
#: serverguide/C/network-auth.xml:669(para)
14471
msgid "Restart <application>slapd</application>:"
14472
msgstr ""
14473
14474
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
14475
msgid "sudo /etc/init.d/slapd restart"
14476
msgstr ""
14477
14478
#: serverguide/C/network-auth.xml:680(para)
14479
msgid ""
14480
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
14481
"to configure a <emphasis>Consumer</emphasis> server."
14482
msgstr ""
14483
14484
#: serverguide/C/network-auth.xml:687(title)
14485
msgid "Consumer Configuration"
14486
msgstr ""
14487
14488
#: serverguide/C/network-auth.xml:692(para)
14489
msgid ""
14490
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
14491
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
14492
"configuration steps."
14493
msgstr ""
14494
14495
#: serverguide/C/network-auth.xml:697(para)
14496
msgid "Add the additional schema files:"
14497
msgstr ""
14498
14499
#: serverguide/C/network-auth.xml:707(para)
14500
msgid ""
14501
"Also, create, or copy from the provider server, the "
14502
"<filename>backend.example.com.ldif</filename>"
14503
msgstr ""
14504
14505
#: serverguide/C/network-auth.xml:711(programlisting)
14506
#, no-wrap
14507
msgid ""
14508
"\n"
14509
"# Load dynamic backend modules\n"
14510
"dn: cn=module,cn=config\n"
14511
"objectClass: olcModuleList\n"
14512
"cn: module\n"
14513
"olcModulepath: /usr/lib/ldap\n"
14514
"olcModuleload: back_hdb\n"
14515
"\n"
14516
"# Database settings\n"
14517
"dn: olcDatabase=hdb,cn=config\n"
14518
"objectClass: olcDatabaseConfig\n"
14519
"objectClass: olcHdbConfig\n"
14520
"olcDatabase: {1}hdb\n"
14521
"olcSuffix: dc=example,dc=com\n"
14522
"olcDbDirectory: /var/lib/ldap\n"
14523
"olcRootDN: cn=admin,dc=example,dc=com\n"
14524
"olcRootPW: secret\n"
14525
"olcDbConfig: set_cachesize 0 2097152 0\n"
14526
"olcDbConfig: set_lk_max_objects 1500\n"
14527
"olcDbConfig: set_lk_max_locks 1500\n"
14528
"olcDbConfig: set_lk_max_lockers 1500\n"
14529
"olcDbIndex: objectClass eq\n"
14530
"olcLastMod: TRUE\n"
14531
"olcDbCheckpoint: 512 30\n"
14532
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14533
"by anonymous auth by self write by * none\n"
14534
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14535
"olcAccess: to dn.base=\"\" by * read\n"
14536
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14537
msgstr ""
14538
14539
#: serverguide/C/network-auth.xml:741(para)
14540
msgid "And add the LDIF by entering:"
14541
msgstr ""
14542
14543
#: serverguide/C/network-auth.xml:752(para)
14544
msgid ""
14545
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
14546
"listed above, and add it:"
14547
msgstr ""
14548
14549
#: serverguide/C/network-auth.xml:760(para)
14550
msgid ""
14551
"The two severs should now have the same configuration except for the "
14552
"<emphasis>Syncrepl</emphasis> options."
14553
msgstr ""
14554
14555
#: serverguide/C/network-auth.xml:768(para)
14556
msgid ""
14557
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
14558
msgstr ""
14559
14560
#: serverguide/C/network-auth.xml:772(programlisting)
14561
#, no-wrap
14562
msgid ""
14563
"\n"
14564
"#Load the syncprov module.\n"
14565
"dn: cn=module{0},cn=config\n"
14566
"changetype: modify\n"
14567
"add: olcModuleLoad\n"
14568
"olcModuleLoad: syncprov\n"
14569
"\n"
14570
"# syncrepl specific indices\n"
14571
"dn: olcDatabase={1}hdb,cn=config\n"
14572
"changetype: modify\n"
14573
"add: olcDbIndex\n"
14574
"olcDbIndex: entryUUID eq\n"
14575
"-\n"
14576
"add: olcSyncRepl\n"
14577
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14578
"binddn=\"cn=admin,dc=example,dc=com\" \n"
14579
" credentials=secret searchbase=\"dc=example,dc=com\" "
14580
"logbase=\"cn=accesslog\" \n"
14581
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
14582
"schemachecking=on \n"
14583
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
14584
"-\n"
14585
"add: olcUpdateRef\n"
14586
"olcUpdateRef: ldap://ldap01.example.com\n"
14587
msgstr ""
14588
14589
#: serverguide/C/network-auth.xml:795(para)
14590
msgid "You will probably want to change the following attributes:"
14591
msgstr ""
14592
14593
#: serverguide/C/network-auth.xml:800(para)
14594
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
14595
msgstr ""
14596
14597
#: serverguide/C/network-auth.xml:801(emphasis)
14598
msgid "binddn"
14599
msgstr ""
14600
14601
#: serverguide/C/network-auth.xml:802(emphasis)
14602
msgid "credentials"
14603
msgstr ""
14604
14605
#: serverguide/C/network-auth.xml:803(emphasis)
14606
msgid "searchbase"
14607
msgstr ""
14608
14609
#: serverguide/C/network-auth.xml:804(emphasis)
14610
msgid "olcUpdateRef:"
14611
msgstr ""
14612
14613
#: serverguide/C/network-auth.xml:810(para)
14614
msgid "Add the LDIF file to the configuration tree:"
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:815(command)
14618
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14619
msgstr ""
14620
14621
#: serverguide/C/network-auth.xml:821(para)
14622
msgid ""
14623
"The frontend database should now sync between servers. You can add "
14624
"additional servers using the steps above as the need arises."
14625
msgstr ""
14626
14627
#: serverguide/C/network-auth.xml:831(programlisting)
14628
#, no-wrap
14629
msgid "127.0.0.1\tldap01.example.com ldap01"
14630
msgstr ""
14631
14632
#: serverguide/C/network-auth.xml:827(para)
14633
msgid ""
14634
"The <application>slapd</application> daemon will send log information to "
14635
"<filename>/var/log/syslog</filename> by default. So if all does "
14636
"<emphasis>not</emphasis> go well check there for errors and other "
14637
"troubleshooting information. Also, be sure that each server knows it's Fully "
14638
"Qualified Domain Name (FQDN). This is configured in "
14639
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
14640
msgstr ""
14641
14642
#: serverguide/C/network-auth.xml:839(title)
14643
msgid "Setting up ACL"
14644
msgstr ""
14645
14646
#: serverguide/C/network-auth.xml:841(para)
14647
msgid ""
14648
"Authentication requires access to the password field, that should be not "
14649
"accessible by default. Also, in order for users to change their own "
14650
"password, using <command>passwd</command> or other utilities, "
14651
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14652
"authenticated."
14653
msgstr ""
14654
14655
#: serverguide/C/network-auth.xml:848(para)
14656
msgid ""
14657
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
14658
"tree, use the <application>ldapsearch</application> utility:"
14659
msgstr ""
14660
14661
#: serverguide/C/network-auth.xml:854(command)
14662
msgid ""
14663
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14664
"olcDatabase=config olcAccess"
14665
msgstr ""
14666
14667
#: serverguide/C/network-auth.xml:858(computeroutput)
14668
#, no-wrap
14669
msgid ""
14670
"SASL/EXTERNAL authentication started\n"
14671
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14672
"SASL SSF: 0\n"
14673
"dn: olcDatabase={0}config,cn=config\n"
14674
"olcAccess: {0}to * by "
14675
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
14676
" ,cn=auth manage by * break\n"
14677
msgstr ""
14678
14679
#: serverguide/C/network-auth.xml:867(para)
14680
msgid "To see the ACL for the frontend tree enter:"
14681
msgstr ""
14682
14683
#: serverguide/C/network-auth.xml:872(command)
14684
msgid ""
14685
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14686
"olcDatabase={1}hdb olcAccess"
14687
msgstr ""
14688
14689
#: serverguide/C/network-auth.xml:878(title)
14690
msgid "TLS and SSL"
14691
msgstr ""
14692
14693
#: serverguide/C/network-auth.xml:880(para)
14694
msgid ""
14695
"When authenticating to an OpenLDAP server it is best to do so using an "
14696
"encrypted session. This can be accomplished using Transport Layer Security "
14697
"(TLS) and/or Secure Sockets Layer (SSL)."
14698
msgstr ""
14699
14700
#: serverguide/C/network-auth.xml:885(para)
14701
msgid ""
14702
"The first step in the process is to obtain or create a "
14703
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14704
"is compiled using the <application>gnutls</application> library, the "
14705
"<application>certtool</application> utility will be used to create "
14706
"certificates."
14707
msgstr ""
14708
14709
#: serverguide/C/network-auth.xml:894(para)
14710
msgid ""
14711
"First, install <application>gnutls-bin</application> by entering the "
14712
"following in a terminal:"
14713
msgstr ""
14714
14715
#: serverguide/C/network-auth.xml:899(command)
14716
msgid "sudo apt-get install gnutls-bin"
14717
msgstr ""
14718
14719
#: serverguide/C/network-auth.xml:905(para)
14720
msgid ""
14721
"Next, create a private key for the <emphasis>Certificate "
14722
"Authority</emphasis> (CA):"
14723
msgstr ""
14724
14725
#: serverguide/C/network-auth.xml:910(command)
14726
msgid ""
14727
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14728
msgstr ""
14729
14730
#: serverguide/C/network-auth.xml:916(para)
14731
msgid ""
14732
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14733
"CA certificate containing:"
14734
msgstr ""
14735
14736
#: serverguide/C/network-auth.xml:920(programlisting)
14737
#, no-wrap
14738
msgid ""
14739
"\n"
14740
"cn = Example Company\n"
14741
"ca\n"
14742
"cert_signing_key\n"
14743
msgstr ""
14744
14745
#: serverguide/C/network-auth.xml:929(para)
14746
msgid "Now create the self-signed CA certificate:"
14747
msgstr ""
14748
14749
#: serverguide/C/network-auth.xml:934(command)
14750
msgid ""
14751
"sudo certtool --generate-self-signed --load-privkey "
14752
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14753
"/etc/ssl/certs/cacert.pem"
14754
msgstr ""
14755
14756
#: serverguide/C/network-auth.xml:941(para)
14757
msgid "Make a private key for the server:"
14758
msgstr ""
14759
14760
#: serverguide/C/network-auth.xml:946(command)
14761
msgid ""
14762
"sudo sh -c \"certtool --generate-privkey > "
14763
"/etc/ssl/private/ldap01_slapd_key.pem\""
14764
msgstr ""
14765
14766
#: serverguide/C/network-auth.xml:950(para)
14767
msgid ""
14768
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14769
"hostname. Naming the certificate and key for the host and service that will "
14770
"be using them will help keep filenames and paths straight."
14771
msgstr ""
14772
14773
#: serverguide/C/network-auth.xml:959(para)
14774
msgid ""
14775
"To sign the server's certificate with the CA, create the "
14776
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14777
msgstr ""
14778
14779
#: serverguide/C/network-auth.xml:963(programlisting)
14780
#, no-wrap
14781
msgid ""
14782
"\n"
14783
"organization = Example Company\n"
14784
"cn = ldap01.example.com\n"
14785
"tls_www_server\n"
14786
"encryption_key\n"
14787
"signing_key\n"
14788
msgstr ""
14789
14790
#: serverguide/C/network-auth.xml:974(para)
14791
msgid "Create the server's certificate:"
14792
msgstr ""
14793
14794
#: serverguide/C/network-auth.xml:979(command)
14795
msgid ""
14796
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14797
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14798
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14799
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14800
msgstr ""
14801
14802
#: serverguide/C/network-auth.xml:987(para)
14803
msgid ""
14804
"Once you have a certificate, key, and CA cert installed, use "
14805
"<application>ldapmodify</application> to add the new configuration options:"
14806
msgstr ""
14807
14808
#: serverguide/C/network-auth.xml:998(userinput)
14809
#, no-wrap
14810
msgid ""
14811
"dn: cn=config\n"
14812
"add: olcTLSCACertificateFile\n"
14813
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14814
"-\n"
14815
"add: olcTLSCertificateFile\n"
14816
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14817
"-\n"
14818
"add: olcTLSCertificateKeyFile\n"
14819
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14820
msgstr ""
14821
14822
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14823
#, no-wrap
14824
msgid ""
14825
"Enter LDAP Password:\n"
14826
"<placeholder-1/>\n"
14827
"\n"
14828
"modifying entry \"cn=config\"\n"
14829
msgstr ""
14830
14831
#: serverguide/C/network-auth.xml:1013(para)
14832
msgid ""
14833
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14834
"<filename>ldap01_slapd_key.pem</filename>, and "
14835
"<filename>cacert.pem</filename> names if yours are different."
14836
msgstr ""
14837
14838
#: serverguide/C/network-auth.xml:1019(para)
14839
msgid ""
14840
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14841
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14842
msgstr ""
14843
14844
#: serverguide/C/network-auth.xml:1023(programlisting)
14845
#, no-wrap
14846
msgid ""
14847
"\n"
14848
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14849
msgstr ""
14850
14851
#: serverguide/C/network-auth.xml:1027(para)
14852
msgid ""
14853
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14854
msgstr ""
14855
14856
#: serverguide/C/network-auth.xml:1032(command)
14857
msgid "sudo adduser openldap ssl-cert"
14858
msgstr ""
14859
14860
#: serverguide/C/network-auth.xml:1033(command)
14861
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14862
msgstr ""
14863
14864
#: serverguide/C/network-auth.xml:1034(command)
14865
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14866
msgstr ""
14867
14868
#: serverguide/C/network-auth.xml:1038(para)
14869
msgid ""
14870
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14871
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14872
"adjust the commands appropriately."
14873
msgstr ""
14874
14875
#: serverguide/C/network-auth.xml:1044(para)
14876
msgid "Finally, restart <application>slapd</application>:"
14877
msgstr ""
14878
14879
#: serverguide/C/network-auth.xml:1052(para)
14880
msgid ""
14881
"The <application>slapd</application> daemon should now be listening for "
14882
"LDAPS connections and be able to use STARTTLS during authentication."
14883
msgstr ""
14884
14885
#: serverguide/C/network-auth.xml:1058(para)
14886
msgid ""
14887
"If you run into troubles with the server not starting, check the "
14888
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14889
"it is likely there is a configuration problem. Check that the certificate is "
14890
"signed by the authority from in the files configured, and that the ssl-cert "
14891
"group has read permissions on the private key."
14892
msgstr ""
14893
14894
#: serverguide/C/network-auth.xml:1070(title)
14895
msgid "TLS Replication"
14896
msgstr ""
14897
14898
#: serverguide/C/network-auth.xml:1072(para)
14899
msgid ""
14900
"If you have setup <application>Syncrepl</application> between servers, it is "
14901
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14902
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14903
"linkend=\"openldap-server-replication\"/>."
14904
msgstr ""
14905
14906
#: serverguide/C/network-auth.xml:1078(para)
14907
msgid ""
14908
"Assuming you have followed the above instructions and created a CA "
14909
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14910
"server. Follow the following instructions to create a certificate and key "
14911
"for the <emphasis>Consumer</emphasis> server."
14912
msgstr ""
14913
14914
#: serverguide/C/network-auth.xml:1087(para)
14915
msgid "Create a new key for the Consumer server:"
14916
msgstr ""
14917
14918
#: serverguide/C/network-auth.xml:1092(command)
14919
msgid "mkdir ldap02-ssl"
14920
msgstr ""
14921
14922
#: serverguide/C/network-auth.xml:1093(command)
14923
msgid "cd ldap02-ssl"
14924
msgstr ""
14925
14926
#: serverguide/C/network-auth.xml:1094(command)
14927
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14928
msgstr ""
14929
14930
#: serverguide/C/network-auth.xml:1098(para)
14931
msgid ""
14932
"Creating a new directory is not strictly necessary, but it will help keep "
14933
"things organized and make it easier to copy the files to the Consumer server."
14934
msgstr ""
14935
14936
#: serverguide/C/network-auth.xml:1107(para)
14937
msgid ""
14938
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14939
"server, changing the attributes to match your locality and server:"
14940
msgstr ""
14941
14942
#: serverguide/C/network-auth.xml:1112(programlisting)
14943
#, no-wrap
14944
msgid ""
14945
"\n"
14946
"country = US\n"
14947
"state = North Carolina\n"
14948
"locality = Winston-Salem\n"
14949
"organization = Example Company\n"
14950
"cn = ldap02.salem.edu\n"
14951
"tls_www_client\n"
14952
"encryption_key\n"
14953
"signing_key\n"
14954
msgstr ""
14955
14956
#: serverguide/C/network-auth.xml:1126(para)
14957
msgid "Create the certificate:"
14958
msgstr ""
14959
14960
#: serverguide/C/network-auth.xml:1131(command)
14961
msgid ""
14962
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14963
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14964
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14965
"ldap02_slapd_cert.pem"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1139(para)
14969
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14970
msgstr ""
14971
14972
#: serverguide/C/network-auth.xml:1144(command)
14973
msgid "cp /etc/ssl/certs/cacert.pem ."
14974
msgstr ""
14975
14976
#: serverguide/C/network-auth.xml:1150(para)
14977
msgid ""
14978
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14979
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14980
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14981
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14982
"<filename>/etc/ssl/private</filename>."
14983
msgstr ""
14984
14985
#: serverguide/C/network-auth.xml:1159(para)
14986
msgid ""
14987
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14988
"by entering:"
14989
msgstr ""
14990
14991
#: serverguide/C/network-auth.xml:1169(userinput)
14992
#, no-wrap
14993
msgid ""
14994
"dn: cn=config\n"
14995
"add: olcTLSCACertificateFile\n"
14996
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14997
"-\n"
14998
"add: olcTLSCertificateFile\n"
14999
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15000
"-\n"
15001
"add: olcTLSCertificateKeyFile\n"
15002
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
15003
msgstr ""
15004
15005
#: serverguide/C/network-auth.xml:1186(para)
15006
msgid ""
15007
"As with the Provider you can now edit "
15008
"<filename>/etc/default/slapd</filename> and add the "
15009
"<emphasis>ldaps:///</emphasis> parameter to the "
15010
"<emphasis>SLAPD_SERVICES</emphasis> option."
15011
msgstr ""
15012
15013
#: serverguide/C/network-auth.xml:1194(para)
15014
msgid ""
15015
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
15016
"modify the <emphasis>Consumer</emphasis> server's "
15017
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
15018
msgstr ""
15019
15020
#: serverguide/C/network-auth.xml:1207(userinput)
15021
#, no-wrap
15022
msgid ""
15023
"\n"
15024
"dn: olcDatabase={1}hdb,cn=config\n"
15025
"replace: olcSyncrepl\n"
15026
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15027
"binddn=\"cn=ad\n"
15028
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
15029
"logbas\n"
15030
" e=\"cn=accesslog\" "
15031
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
15032
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
15033
"starttls=yes"
15034
msgstr ""
15035
15036
#: serverguide/C/network-auth.xml:1204(computeroutput)
15037
#, no-wrap
15038
msgid ""
15039
"SASL/EXTERNAL authentication started\n"
15040
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15041
"SASL SSF: 0\n"
15042
"<placeholder-1/>\n"
15043
"\n"
15044
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15045
msgstr ""
15046
15047
#: serverguide/C/network-auth.xml:1219(para)
15048
msgid ""
15049
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
15050
"(FQDN) in the certificate, you may have to edit "
15051
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
15052
msgstr ""
15053
15054
#: serverguide/C/network-auth.xml:1224(programlisting)
15055
#, no-wrap
15056
msgid ""
15057
"\n"
15058
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15059
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
15060
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15061
msgstr ""
15062
15063
#: serverguide/C/network-auth.xml:1231(para)
15064
msgid ""
15065
"Finally, restart <application>slapd</application> on each of the servers:"
15066
msgstr ""
15067
15068
#: serverguide/C/network-auth.xml:1244(title)
15069
msgid "LDAP Authentication"
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:1246(para)
15073
msgid ""
15074
"Once you have a working LDAP server, the <application>auth-client-"
15075
"config</application> and <application>libnss-ldap</application> packages "
15076
"take the pain out of configuring an Ubuntu client to authenticate using "
15077
"LDAP. To install the packages from, a terminal prompt enter:"
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:1253(command)
15081
msgid "sudo apt-get install libnss-ldap"
15082
msgstr ""
15083
15084
#: serverguide/C/network-auth.xml:1256(para)
15085
msgid ""
15086
"During the install a menu dialog will ask you connection details about your "
15087
"LDAP server."
15088
msgstr ""
15089
15090
#: serverguide/C/network-auth.xml:1260(para)
15091
msgid ""
15092
"If you make a mistake when entering your information you can execute the "
15093
"dialog again using:"
15094
msgstr ""
15095
15096
#: serverguide/C/network-auth.xml:1265(command)
15097
msgid "sudo dpkg-reconfigure ldap-auth-config"
15098
msgstr ""
15099
15100
#: serverguide/C/network-auth.xml:1268(para)
15101
msgid ""
15102
"The results of the dialog can be seen in "
15103
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15104
"covered in the menu edit this file accordingly."
15105
msgstr ""
15106
15107
#: serverguide/C/network-auth.xml:1273(para)
15108
msgid ""
15109
"Now that <application>libnss-ldap</application> is configured enable the "
15110
"<application>auth-client-config</application> LDAP profile by entering:"
15111
msgstr ""
15112
15113
#: serverguide/C/network-auth.xml:1279(command)
15114
msgid "sudo auth-client-config -t nss -p lac_ldap"
15115
msgstr ""
15116
15117
#: serverguide/C/network-auth.xml:1284(para)
15118
msgid ""
15119
"<emphasis>-t:</emphasis> only modifies "
15120
"<filename>/etc/nsswitch.conf</filename>."
15121
msgstr ""
15122
15123
#: serverguide/C/network-auth.xml:1289(para)
15124
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
15125
msgstr ""
15126
15127
#: serverguide/C/network-auth.xml:1294(para)
15128
msgid ""
15129
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
15130
"config</application> profile that is part of the <application>ldap-auth-"
15131
"config</application> package."
15132
msgstr ""
15133
15134
#: serverguide/C/network-auth.xml:1301(para)
15135
msgid ""
15136
"Using the <application>pam-auth-update</application> utility, configure the "
15137
"system to use LDAP for authentication:"
15138
msgstr ""
15139
15140
#: serverguide/C/network-auth.xml:1306(command)
15141
msgid "sudo pam-auth-update"
15142
msgstr ""
15143
15144
#: serverguide/C/network-auth.xml:1309(para)
15145
msgid ""
15146
"From the <application>pam-auth-update</application> menu, choose LDAP and "
15147
"any other authentication mechanisms you need."
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:1313(para)
15151
msgid ""
15152
"You should now be able to login using user credentials stored in the LDAP "
15153
"directory."
15154
msgstr ""
15155
15156
#: serverguide/C/network-auth.xml:1318(para)
15157
msgid ""
15158
"If you are going to use LDAP to store Samba users you will need to configure "
15159
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
15160
"for details."
15161
msgstr ""
15162
15163
#: serverguide/C/network-auth.xml:1326(title)
15164
msgid "User and Group Management"
15165
msgstr ""
15166
15167
#: serverguide/C/network-auth.xml:1328(para)
15168
msgid ""
15169
"The <application>ldap-utils</application> package comes with multiple "
15170
"utilities to manage the directory, but the long string of options needed, "
15171
"can make them a burden to use. The <application>ldapscripts</application> "
15172
"package contains configurable scripts to easily manage LDAP users and groups."
15173
msgstr ""
15174
15175
#: serverguide/C/network-auth.xml:1334(para)
15176
msgid "To install the package, from a terminal enter:"
15177
msgstr ""
15178
15179
#: serverguide/C/network-auth.xml:1339(command)
15180
msgid "sudo apt-get install ldapscripts"
15181
msgstr ""
15182
15183
#: serverguide/C/network-auth.xml:1342(para)
15184
msgid ""
15185
"Next, edit the config file "
15186
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
15187
"changing the following to match your environment:"
15188
msgstr ""
15189
15190
#: serverguide/C/network-auth.xml:1347(programlisting)
15191
#, no-wrap
15192
msgid ""
15193
"\n"
15194
"SERVER=localhost\n"
15195
"BINDDN='cn=admin,dc=example,dc=com'\n"
15196
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
15197
"SUFFIX='dc=example,dc=com'\n"
15198
"GSUFFIX='ou=Groups'\n"
15199
"USUFFIX='ou=People'\n"
15200
"MSUFFIX='ou=Computers'\n"
15201
"GIDSTART=10000\n"
15202
"UIDSTART=10000\n"
15203
"MIDSTART=10000\n"
15204
msgstr ""
15205
15206
#: serverguide/C/network-auth.xml:1360(para)
15207
msgid ""
15208
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
15209
"authenticated access to the directory:"
15210
msgstr ""
15211
15212
#: serverguide/C/network-auth.xml:1365(command)
15213
msgid ""
15214
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15215
msgstr ""
15216
15217
#: serverguide/C/network-auth.xml:1366(command)
15218
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15219
msgstr ""
15220
15221
#: serverguide/C/network-auth.xml:1370(para)
15222
msgid ""
15223
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
15224
"user."
15225
msgstr ""
15226
15227
#: serverguide/C/network-auth.xml:1375(para)
15228
msgid ""
15229
"The <application>ldapscripts</application> are now ready to help manage your "
15230
"directory. The following are some examples of how to use the scripts:"
15231
msgstr ""
15232
15233
#: serverguide/C/network-auth.xml:1382(para)
15234
msgid "Create a new user:"
15235
msgstr ""
15236
15237
#: serverguide/C/network-auth.xml:1386(command)
15238
msgid "sudo ldapadduser george example"
15239
msgstr ""
15240
15241
#: serverguide/C/network-auth.xml:1388(para)
15242
msgid ""
15243
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15244
"and set the user's primary group (gid) to <emphasis "
15245
"role=\"italic\">example</emphasis>"
15246
msgstr ""
15247
15248
#: serverguide/C/network-auth.xml:1394(para)
15249
msgid "Change a user's password:"
15250
msgstr ""
15251
15252
#: serverguide/C/network-auth.xml:1398(command)
15253
msgid "sudo ldapsetpasswd george"
15254
msgstr ""
15255
15256
#: serverguide/C/network-auth.xml:1399(computeroutput)
15257
#, no-wrap
15258
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:1400(userinput)
15262
#, no-wrap
15263
msgid "New Password: "
15264
msgstr ""
15265
15266
#: serverguide/C/network-auth.xml:1401(userinput)
15267
#, no-wrap
15268
msgid "New Password (verify): "
15269
msgstr ""
15270
15271
#: serverguide/C/network-auth.xml:1405(para)
15272
msgid "Delete a user:"
15273
msgstr ""
15274
15275
#: serverguide/C/network-auth.xml:1409(command)
15276
msgid "sudo ldapdeleteuser george"
15277
msgstr ""
15278
15279
#: serverguide/C/network-auth.xml:1414(para)
15280
msgid "Add a group:"
15281
msgstr ""
15282
15283
#: serverguide/C/network-auth.xml:1418(command)
15284
msgid "sudo ldapaddgroup qa"
15285
msgstr ""
15286
15287
#: serverguide/C/network-auth.xml:1422(para)
15288
msgid "Delete a group:"
15289
msgstr ""
15290
15291
#: serverguide/C/network-auth.xml:1426(command)
15292
msgid "sudo ldapdeletegroup qa"
15293
msgstr ""
15294
15295
#: serverguide/C/network-auth.xml:1430(para)
15296
msgid "Add a user to a group:"
15297
msgstr ""
15298
15299
#: serverguide/C/network-auth.xml:1434(command)
15300
msgid "sudo ldapaddusertogroup george qa"
15301
msgstr ""
15302
15303
#: serverguide/C/network-auth.xml:1436(para)
15304
msgid ""
15305
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15306
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15307
"role=\"italic\">george</emphasis>."
15308
msgstr ""
15309
15310
#: serverguide/C/network-auth.xml:1442(para)
15311
msgid "Remove a user from a group:"
15312
msgstr ""
15313
15314
#: serverguide/C/network-auth.xml:1446(command)
15315
msgid "sudo ldapdeleteuserfromgroup george qa"
15316
msgstr ""
15317
15318
#: serverguide/C/network-auth.xml:1448(para)
15319
msgid ""
15320
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15321
"<emphasis role=\"italic\">qa</emphasis> group."
15322
msgstr ""
15323
15324
#: serverguide/C/network-auth.xml:1454(para)
15325
msgid ""
15326
"The <application>ldapmodifyuser</application> script allows you to add, "
15327
"remove, or replace a user's attributes. The script uses the same syntax as "
15328
"the <application>ldapmodify</application> utility. For example:"
15329
msgstr ""
15330
15331
#: serverguide/C/network-auth.xml:1459(command)
15332
msgid "sudo ldapmodifyuser george"
15333
msgstr ""
15334
15335
#: serverguide/C/network-auth.xml:1460(computeroutput)
15336
#, no-wrap
15337
msgid ""
15338
"# About to modify the following entry :\n"
15339
"dn: uid=george,ou=People,dc=example,dc=com\n"
15340
"objectClass: account\n"
15341
"objectClass: posixAccount\n"
15342
"cn: george\n"
15343
"uid: george\n"
15344
"uidNumber: 1001\n"
15345
"gidNumber: 1001\n"
15346
"homeDirectory: /home/george\n"
15347
"loginShell: /bin/bash\n"
15348
"gecos: george\n"
15349
"description: User account\n"
15350
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
15351
"\n"
15352
"# Enter your modifications here, end with CTRL-D.\n"
15353
"dn: uid=george,ou=People,dc=example,dc=com"
15354
msgstr ""
15355
15356
#: serverguide/C/network-auth.xml:1476(userinput)
15357
#, no-wrap
15358
msgid ""
15359
"replace: gecos\n"
15360
"gecos: George Carlin"
15361
msgstr ""
15362
15363
#: serverguide/C/network-auth.xml:1479(para)
15364
msgid ""
15365
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15366
"Carlin</quote>."
15367
msgstr ""
15368
15369
#: serverguide/C/network-auth.xml:1484(para)
15370
msgid ""
15371
"Another great feature of <application>ldapscripts</application>, is the "
15372
"template system. Templates allow you to customize the attributes of user, "
15373
"group, and machine objectes. For example, to enable the "
15374
"<emphasis>user</emphasis> template edit "
15375
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
15376
msgstr ""
15377
15378
#: serverguide/C/network-auth.xml:1491(programlisting)
15379
#, no-wrap
15380
msgid ""
15381
"\n"
15382
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15383
msgstr ""
15384
15385
#: serverguide/C/network-auth.xml:1495(para)
15386
msgid ""
15387
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15388
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15389
"<filename>ldapadduser.template.sample</filename> file to "
15390
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15391
msgstr ""
15392
15393
#: serverguide/C/network-auth.xml:1502(command)
15394
msgid ""
15395
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
15396
"/etc/ldapscripts/ldapadduser.template"
15397
msgstr ""
15398
15399
#: serverguide/C/network-auth.xml:1505(para)
15400
msgid ""
15401
"Edit the new template to add the desired attributes. The following will "
15402
"create new user's as with an <emphasis>objectClass</emphasis> of "
15403
"<emphasis>inetOrgPerson</emphasis>:"
15404
msgstr ""
15405
15406
#: serverguide/C/network-auth.xml:1510(programlisting)
15407
#, no-wrap
15408
msgid ""
15409
"\n"
15410
"dn: uid=<user>,<usuffix>,<suffix>\n"
15411
"objectClass: inetOrgPerson\n"
15412
"objectClass: posixAccount\n"
15413
"cn: <user>\n"
15414
"sn: <ask>\n"
15415
"uid: <user>\n"
15416
"uidNumber: <uid>\n"
15417
"gidNumber: <gid>\n"
15418
"homeDirectory: <home>\n"
15419
"loginShell: <shell>\n"
15420
"gecos: <user>\n"
15421
"description: User account\n"
15422
"title: Employee\n"
15423
msgstr ""
15424
15425
#: serverguide/C/network-auth.xml:1526(para)
15426
msgid ""
15427
"Notice the <emphasis><ask></emphasis> option used for the "
15428
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
15429
"<application>ldapadduser</application> to prompt you for the attribute value "
15430
"during user creation."
15431
msgstr ""
15432
15433
#: serverguide/C/network-auth.xml:1534(para)
15434
msgid ""
15435
"There are more useful scripts in the package, to see a full list enter: "
15436
"<command>dpkg -L ldapscripts | grep bin</command>"
15437
msgstr ""
15438
15439
#: serverguide/C/network-auth.xml:1543(para)
15440
msgid ""
15441
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15442
"Ubuntu Wiki</ulink> page has more details."
15443
msgstr ""
15444
15445
#: serverguide/C/network-auth.xml:1548(para)
15446
msgid ""
15447
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
15448
"Home Page</ulink>"
15449
msgstr ""
15450
15451
#: serverguide/C/network-auth.xml:1553(para)
15452
msgid ""
15453
"Though starting to show it's age, a great source for in depth LDAP "
15454
"information is O'Reilly's <ulink "
15455
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15456
"Administration</ulink>"
15457
msgstr ""
15458
15459
#: serverguide/C/network-auth.xml:1559(para)
15460
msgid ""
15461
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15462
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
15463
"newer versions of OpenLDAP."
15464
msgstr ""
15465
15466
#: serverguide/C/network-auth.xml:1565(para)
15467
msgid ""
15468
"For more information on <application>auth-client-config</application> see "
15469
"the man page: <command>man auth-client-config</command>."
15470
msgstr ""
15471
15472
#: serverguide/C/network-auth.xml:1570(para)
15473
msgid ""
15474
"For more details regarding the <application>ldapscripts</application> "
15475
"package see the man pages: <command>man ldapscripts</command>, <command>man "
15476
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
15477
msgstr ""
15478
15479
#: serverguide/C/network-auth.xml:1580(title)
15480
msgid "Samba and LDAP"
15481
msgstr ""
15482
15483
#: serverguide/C/network-auth.xml:1582(para)
15484
msgid ""
15485
"This section covers configuring Samba to use LDAP for user, group, and "
15486
"machine account information and authentication. The assumption is, you "
15487
"already have a working OpenLDAP directory installed and the server is "
15488
"configured to use it for authentication. See <xref linkend=\"openldap-"
15489
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
15490
"setting up OpenLDAP. For more information on installing and configuring "
15491
"Samba see <xref linkend=\"windows-networking\"/>."
15492
msgstr ""
15493
15494
#: serverguide/C/network-auth.xml:1592(para)
15495
msgid ""
15496
"There are three packages needed when integrating Samba with LDAP. "
15497
"<application>samba</application>, <application>samba-doc</application>, and "
15498
"<application>smbldap-tools</application> packages . To install the packages, "
15499
"from a terminal enter:"
15500
msgstr ""
15501
15502
#: serverguide/C/network-auth.xml:1598(command)
15503
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15504
msgstr ""
15505
15506
#: serverguide/C/network-auth.xml:1601(para)
15507
msgid ""
15508
"Strictly speaking the <application>smbldap-tools</application> package isn't "
15509
"needed, but unless you have another package or custom scripts, a method of "
15510
"managing users, groups, and computer accounts is needed."
15511
msgstr ""
15512
15513
#: serverguide/C/network-auth.xml:1608(title)
15514
msgid "OpenLDAP Configuration"
15515
msgstr ""
15516
15517
#: serverguide/C/network-auth.xml:1610(para)
15518
msgid ""
15519
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
15520
"the user objects in the directory will need additional attributes. This "
15521
"section assumes you want Samba to be configured as a Windows NT domain "
15522
"controller, and will add the necessary LDAP objects and attributes."
15523
msgstr ""
15524
15525
#: serverguide/C/network-auth.xml:1618(para)
15526
msgid ""
15527
"The Samba attributes are defined in the <filename>samba.schema</filename> "
15528
"file which is part of the <application>samba-doc</application> package. The "
15529
"schema file needs to be unzipped and copied to "
15530
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
15531
msgstr ""
15532
15533
#: serverguide/C/network-auth.xml:1625(command)
15534
msgid ""
15535
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15536
"/etc/ldap/schema/"
15537
msgstr ""
15538
15539
#: serverguide/C/network-auth.xml:1626(command)
15540
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15541
msgstr ""
15542
15543
#: serverguide/C/network-auth.xml:1632(para)
15544
msgid ""
15545
"The <emphasis>samba</emphasis> schema needs to be added to the "
15546
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15547
"<application>slapd</application> is also detailed in <xref "
15548
"linkend=\"openldap-configuration\"/>."
15549
msgstr ""
15550
15551
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
15552
msgid ""
15553
"First, create a configuration file named "
15554
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
15555
"containing the following lines:"
15556
msgstr ""
15557
15558
#: serverguide/C/network-auth.xml:1645(programlisting)
15559
#, no-wrap
15560
msgid ""
15561
"\n"
15562
"include /etc/ldap/schema/core.schema\n"
15563
"include /etc/ldap/schema/collective.schema\n"
15564
"include /etc/ldap/schema/corba.schema\n"
15565
"include /etc/ldap/schema/cosine.schema\n"
15566
"include /etc/ldap/schema/duaconf.schema\n"
15567
"include /etc/ldap/schema/dyngroup.schema\n"
15568
"include /etc/ldap/schema/inetorgperson.schema\n"
15569
"include /etc/ldap/schema/java.schema\n"
15570
"include /etc/ldap/schema/misc.schema\n"
15571
"include /etc/ldap/schema/nis.schema\n"
15572
"include /etc/ldap/schema/openldap.schema\n"
15573
"include /etc/ldap/schema/ppolicy.schema\n"
15574
"include /etc/ldap/schema/samba.schema\n"
15575
msgstr ""
15576
15577
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
15578
msgid ""
15579
"Now use <application>slapcat</application> to convert the schema files:"
15580
msgstr ""
15581
15582
#: serverguide/C/network-auth.xml:1680(command)
15583
msgid ""
15584
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15585
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
15586
msgstr ""
15587
15588
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
15589
msgid ""
15590
"Change the above file and path names to match your own if they are different."
15591
msgstr ""
15592
15593
#: serverguide/C/network-auth.xml:1690(para)
15594
msgid ""
15595
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
15596
"the following attributes:"
15597
msgstr ""
15598
15599
#: serverguide/C/network-auth.xml:1694(programlisting)
15600
#, no-wrap
15601
msgid ""
15602
"\n"
15603
"dn: cn=samba,cn=schema,cn=config\n"
15604
"...\n"
15605
"cn: samba\n"
15606
msgstr ""
15607
15608
#: serverguide/C/network-auth.xml:1704(programlisting)
15609
#, no-wrap
15610
msgid ""
15611
"\n"
15612
"structuralObjectClass: olcSchemaConfig\n"
15613
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15614
"creatorsName: cn=config\n"
15615
"createTimestamp: 20080827045234Z\n"
15616
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15617
"modifiersName: cn=config\n"
15618
"modifyTimestamp: 20080827045234Z\n"
15619
msgstr ""
15620
15621
#: serverguide/C/network-auth.xml:1729(command)
15622
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15623
msgstr ""
15624
15625
#: serverguide/C/network-auth.xml:1735(para)
15626
msgid ""
15627
"There should now be a <emphasis>dn: "
15628
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15629
"sequential schema, entry in the cn=config tree."
15630
msgstr ""
15631
15632
#: serverguide/C/network-auth.xml:1743(para)
15633
msgid ""
15634
"Copy and paste the following into a file named "
15635
"<filename>samba_indexes.ldif</filename>:"
15636
msgstr ""
15637
15638
#: serverguide/C/network-auth.xml:1747(programlisting)
15639
#, no-wrap
15640
msgid ""
15641
"\n"
15642
"dn: olcDatabase={1}hdb,cn=config\n"
15643
"changetype: modify\n"
15644
"add: olcDbIndex\n"
15645
"olcDbIndex: uidNumber eq\n"
15646
"olcDbIndex: gidNumber eq\n"
15647
"olcDbIndex: loginShell eq\n"
15648
"olcDbIndex: uid eq,pres,sub\n"
15649
"olcDbIndex: memberUid eq,pres,sub\n"
15650
"olcDbIndex: uniqueMember eq,pres\n"
15651
"olcDbIndex: sambaSID eq\n"
15652
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15653
"olcDbIndex: sambaGroupType eq\n"
15654
"olcDbIndex: sambaSIDList eq\n"
15655
"olcDbIndex: sambaDomainName eq\n"
15656
"olcDbIndex: default sub\n"
15657
msgstr ""
15658
15659
#: serverguide/C/network-auth.xml:1765(para)
15660
msgid ""
15661
"Using the <application>ldapmodify</application> utility load the new indexes:"
15662
msgstr ""
15663
15664
#: serverguide/C/network-auth.xml:1770(command)
15665
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15666
msgstr ""
15667
15668
#: serverguide/C/network-auth.xml:1772(para)
15669
msgid ""
15670
"If all went well you should see the new indexes using "
15671
"<application>ldapsearch</application>:"
15672
msgstr ""
15673
15674
#: serverguide/C/network-auth.xml:1777(command)
15675
msgid ""
15676
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:1783(para)
15680
msgid ""
15681
"Next, configure the <application>smbldap-tools</application> package to "
15682
"match your environment. The package comes with a configuration script that "
15683
"will ask questions about the needed options. To run the script enter:"
15684
msgstr ""
15685
15686
#: serverguide/C/network-auth.xml:1789(command)
15687
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15688
msgstr ""
15689
15690
#: serverguide/C/network-auth.xml:1790(command)
15691
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15692
msgstr ""
15693
15694
#: serverguide/C/network-auth.xml:1793(para)
15695
msgid ""
15696
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15697
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15698
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15699
"configure script, so if you made any mistakes while executing the script it "
15700
"may be simpler to edit the file appropriately."
15701
msgstr ""
15702
15703
#: serverguide/C/network-auth.xml:1803(para)
15704
msgid ""
15705
"The <application>smbldap-populate</application> script will add the "
15706
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15707
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15708
"<application>slapcat</application> before executing the command:"
15709
msgstr ""
15710
15711
#: serverguide/C/network-auth.xml:1810(command)
15712
msgid "sudo slapcat -l backup.ldif"
15713
msgstr ""
15714
15715
#: serverguide/C/network-auth.xml:1816(para)
15716
msgid ""
15717
"Once you have a current backup execute <application>smbldap-"
15718
"populate</application> by entering:"
15719
msgstr ""
15720
15721
#: serverguide/C/network-auth.xml:1821(command)
15722
msgid "sudo smbldap-populate"
15723
msgstr ""
15724
15725
#: serverguide/C/network-auth.xml:1825(para)
15726
msgid ""
15727
"You can create an LDIF file containing the new Samba objects by executing "
15728
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15729
"look over the changes making sure everything is correct."
15730
msgstr ""
15731
15732
#: serverguide/C/network-auth.xml:1833(para)
15733
msgid ""
15734
"Your LDAP directory now has the necessary domain information to authenticate "
15735
"Samba users."
15736
msgstr ""
15737
15738
#: serverguide/C/network-auth.xml:1839(title)
15739
msgid "Samba Configuration"
15740
msgstr ""
15741
15742
#: serverguide/C/network-auth.xml:1841(para)
15743
msgid ""
15744
"There a multiple ways to configure Samba for details on some common "
15745
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15746
"Samba to use LDAP, edit the main Samba configuration file "
15747
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15748
"backend</emphasis> option and adding the following:"
15749
msgstr ""
15750
15751
#: serverguide/C/network-auth.xml:1847(programlisting)
15752
#, no-wrap
15753
msgid ""
15754
"\n"
15755
"# passdb backend = tdbsam\n"
15756
"\n"
15757
"# LDAP Settings\n"
15758
" passdb backend = ldapsam:ldap://hostname\n"
15759
" ldap suffix = dc=example,dc=com\n"
15760
" ldap user suffix = ou=People\n"
15761
" ldap group suffix = ou=Groups\n"
15762
" ldap machine suffix = ou=Computers\n"
15763
" ldap idmap suffix = ou=Idmap\n"
15764
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15765
" ldap ssl = start tls\n"
15766
" ldap passwd sync = yes\n"
15767
"...\n"
15768
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15769
msgstr ""
15770
15771
#: serverguide/C/network-auth.xml:1864(para)
15772
msgid "Restart <application>samba</application> to enable the new settings:"
15773
msgstr ""
15774
15775
#: serverguide/C/network-auth.xml:1873(para)
15776
msgid ""
15777
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15778
"enter:"
15779
msgstr ""
15780
15781
#: serverguide/C/network-auth.xml:1878(command)
15782
msgid "sudo smbpasswd -w secret"
15783
msgstr ""
15784
15785
#: serverguide/C/network-auth.xml:1882(para)
15786
msgid ""
15787
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15788
"password."
15789
msgstr ""
15790
15791
#: serverguide/C/network-auth.xml:1887(para)
15792
msgid ""
15793
"If you currently have users in LDAP, and you want them to authenticate using "
15794
"Samba, they will need some Samba attributes defined in the "
15795
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15796
"users using the <application>smbpasswd</application> utility, replacing "
15797
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15798
msgstr ""
15799
15800
#: serverguide/C/network-auth.xml:1895(command)
15801
msgid "sudo smbpasswd -a username"
15802
msgstr ""
15803
15804
#: serverguide/C/network-auth.xml:1898(para)
15805
msgid "You will then be asked to enter the user's password."
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:1902(para)
15809
msgid ""
15810
"To add new user, group, and machine accounts use the utilities from the "
15811
"<application>smbldap-tools</application> package. Here are some examples:"
15812
msgstr ""
15813
15814
#: serverguide/C/network-auth.xml:1909(para)
15815
msgid ""
15816
"To add a new user to LDAP with Samba attributes enter the following, "
15817
"replacing username with an actual username:"
15818
msgstr ""
15819
15820
#: serverguide/C/network-auth.xml:1913(command)
15821
msgid "sudo smbldap-useradd -a -P username"
15822
msgstr ""
15823
15824
#: serverguide/C/network-auth.xml:1915(para)
15825
msgid ""
15826
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15827
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15828
"passwd</application> utility after the user is created allowing you to enter "
15829
"a password for the user."
15830
msgstr ""
15831
15832
#: serverguide/C/network-auth.xml:1921(para)
15833
msgid "To remove a user from the directory enter:"
15834
msgstr ""
15835
15836
#: serverguide/C/network-auth.xml:1925(command)
15837
msgid "sudo smbldap-userdel username"
15838
msgstr ""
15839
15840
#: serverguide/C/network-auth.xml:1927(para)
15841
msgid ""
15842
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15843
"r</emphasis> option to remove the user's home directory."
15844
msgstr ""
15845
15846
#: serverguide/C/network-auth.xml:1932(para)
15847
msgid ""
15848
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15849
"groupname with an appropriate group:"
15850
msgstr ""
15851
15852
#: serverguide/C/network-auth.xml:1936(command)
15853
msgid "sudo smbldap-groupadd -a groupname"
15854
msgstr ""
15855
15856
#: serverguide/C/network-auth.xml:1938(para)
15857
msgid ""
15858
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15859
"a</emphasis> adds the Samba attributes."
15860
msgstr ""
15861
15862
#: serverguide/C/network-auth.xml:1943(para)
15863
msgid ""
15864
"To add a user to a group use <application>smbldap-groupmod</application>:"
15865
msgstr ""
15866
15867
#: serverguide/C/network-auth.xml:1947(command)
15868
msgid "sudo smbldap-groupmod -m username groupname"
15869
msgstr ""
15870
15871
#: serverguide/C/network-auth.xml:1949(para)
15872
msgid ""
15873
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15874
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15875
"listing them in <emphasis>comma separated</emphasis> format."
15876
msgstr ""
15877
15878
#: serverguide/C/network-auth.xml:1955(para)
15879
msgid ""
15880
"<application>smbldap-groupmod</application> can also be used to remove a "
15881
"user from a group:"
15882
msgstr ""
15883
15884
#: serverguide/C/network-auth.xml:1959(command)
15885
msgid "sudo smbldap-groupmod -x username groupname"
15886
msgstr ""
15887
15888
#: serverguide/C/network-auth.xml:1963(para)
15889
msgid ""
15890
"Additionally, the <application>smbldap-useradd</application> utility can add "
15891
"Samba machine accounts:"
15892
msgstr ""
15893
15894
#: serverguide/C/network-auth.xml:1967(command)
15895
msgid "sudo smbldap-useradd -t 0 -w username"
15896
msgstr ""
15897
15898
#: serverguide/C/network-auth.xml:1969(para)
15899
msgid ""
15900
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15901
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15902
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15903
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15904
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15905
"<application>smbldap-useradd</application>."
15906
msgstr ""
15907
15908
#: serverguide/C/network-auth.xml:1978(para)
15909
msgid ""
15910
"There are more useful utilities and options in the <application>smbldap-"
15911
"tools</application> package. The man page for each utility provides more "
15912
"details."
15913
msgstr ""
15914
15915
#: serverguide/C/network-auth.xml:1989(para)
15916
msgid ""
15917
"There are multiple places where LDAP and Samba is documented in the <ulink "
15918
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15919
"Collection</ulink>."
15920
msgstr ""
15921
15922
#: serverguide/C/network-auth.xml:1995(para)
15923
msgid ""
15924
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15925
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15926
msgstr ""
15927
15928
#: serverguide/C/network-auth.xml:2001(para)
15929
msgid ""
15930
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15931
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15932
msgstr ""
15933
15934
#: serverguide/C/network-auth.xml:2007(para)
15935
msgid ""
15936
"Again, for more information on <application>smbldap-tools</application> see "
15937
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15938
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15939
msgstr ""
15940
15941
#: serverguide/C/network-auth.xml:2014(para)
15942
msgid ""
15943
"Also, there is a list of <ulink "
15944
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15945
"wiki</ulink> articles with more information."
15946
msgstr ""
15947
15948
#: serverguide/C/network-auth.xml:2023(title)
15949
msgid "Kerberos"
15950
msgstr "Kerberos"
15951
15952
#: serverguide/C/network-auth.xml:2025(para)
15953
msgid ""
15954
"<application>Kerberos</application> is a network authentication system based "
15955
"on the principal of a trusted third party. The other two parties being the "
15956
"user and the service the user wishes to authenticate to. Not all services "
15957
"and applications can use Kerberos, but for those that can, it brings the "
15958
"network environment one step closer to being Single Sign On (SSO)."
15959
msgstr ""
15960
15961
#: serverguide/C/network-auth.xml:2031(para)
15962
msgid ""
15963
"This section covers installation and configuration of a Kerberos server, and "
15964
"some example client configurations."
15965
msgstr ""
15966
15967
#: serverguide/C/network-auth.xml:2038(para)
15968
msgid ""
15969
"If you are new to Kerberos there are a few terms that are good to understand "
15970
"before setting up a Kerberos server. Most of the terms will relate to things "
15971
"you may be familiar with in other environments:"
15972
msgstr ""
15973
15974
#: serverguide/C/network-auth.xml:2045(para)
15975
msgid ""
15976
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15977
"by servers need to be defined as Kerberos Principals."
15978
msgstr ""
15979
15980
#: serverguide/C/network-auth.xml:2050(para)
15981
msgid ""
15982
"<emphasis>Instances:</emphasis> are used for service principals and special "
15983
"administrative principals."
15984
msgstr ""
15985
15986
#: serverguide/C/network-auth.xml:2055(para)
15987
msgid ""
15988
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15989
"Kerberos installation. Usually the DNS domain converted to uppercase "
15990
"(EXAMPLE.COM)."
15991
msgstr ""
15992
15993
#: serverguide/C/network-auth.xml:2061(para)
15994
msgid ""
15995
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15996
"a database of all principals, the authentication server, and the ticket "
15997
"granting server. For each realm there must be at least one KDC."
15998
msgstr ""
15999
16000
#: serverguide/C/network-auth.xml:2067(para)
16001
msgid ""
16002
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16003
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16004
"password which is known only to the user and the KDC."
16005
msgstr ""
16006
16007
#: serverguide/C/network-auth.xml:2073(para)
16008
msgid ""
16009
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16010
"clients upon request."
16011
msgstr ""
16012
16013
#: serverguide/C/network-auth.xml:2078(para)
16014
msgid ""
16015
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16016
"One principal being a user and the other a service requested by the user. "
16017
"Tickets establish an encryption key used for secure communication during the "
16018
"authenticated session."
16019
msgstr ""
16020
16021
#: serverguide/C/network-auth.xml:2084(para)
16022
msgid ""
16023
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16024
"principal database and contain the encryption key for a service or host."
16025
msgstr ""
16026
16027
#: serverguide/C/network-auth.xml:2091(para)
16028
msgid ""
16029
"To put the pieces together, a Realm has at least one KDC, preferably two for "
16030
"redundancy, which contains a database of Principals. When a user principal "
16031
"logs into a workstation, configured for Kerberos authentication, the KDC "
16032
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
16033
"match, the user is authenticated and can then request tickets for Kerberized "
16034
"services from the Ticket Granting Server (TGS). The service tickets allow "
16035
"the user to authenticate to the service without entering another username "
16036
"and password."
16037
msgstr ""
16038
16039
#: serverguide/C/network-auth.xml:2100(title)
16040
msgid "Kerberos Server"
16041
msgstr ""
16042
16043
#: serverguide/C/network-auth.xml:2104(para)
16044
msgid ""
16045
"Before installing the Kerberos server a properly configured DNS server is "
16046
"needed for your domain. Since the Kerberos Realm by convention matches the "
16047
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
16048
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
16049
msgstr ""
16050
16051
#: serverguide/C/network-auth.xml:2110(para)
16052
msgid ""
16053
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16054
"between a client machine and the server differs by more than five minutes "
16055
"(by default), the workstation will not be able to authenticate. To correct "
16056
"the problem all hosts should have their time synchronized using the "
16057
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
16058
"NTP see <xref linkend=\"NTP\"/>."
16059
msgstr ""
16060
16061
#: serverguide/C/network-auth.xml:2117(para)
16062
msgid ""
16063
"The first step in installing a Kerberos Realm is to install the "
16064
"<application>krb5-kdc</application> and <application>krb5-admin-"
16065
"server</application> packages. From a terminal enter:"
16066
msgstr ""
16067
16068
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
16069
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16070
msgstr ""
16071
16072
#: serverguide/C/network-auth.xml:2126(para)
16073
msgid ""
16074
"You will be asked at the end of the install to supply a name for the "
16075
"Kerberos and Admin servers, which may or may not be the same server, for the "
16076
"realm."
16077
msgstr ""
16078
16079
#: serverguide/C/network-auth.xml:2131(para)
16080
msgid ""
16081
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16082
"utility:"
16083
msgstr ""
16084
16085
#: serverguide/C/network-auth.xml:2136(command)
16086
msgid "sudo krb5_newrealm"
16087
msgstr ""
16088
16089
#: serverguide/C/network-auth.xml:2143(para)
16090
msgid ""
16091
"The questions asked during installation are used to configure the "
16092
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16093
"Distribution Center (KDC) settings simply edit the file and restart the "
16094
"<application>krb5-kdc</application> daemon."
16095
msgstr ""
16096
16097
#: serverguide/C/network-auth.xml:2151(para)
16098
msgid ""
16099
"Now that the KDC running an admin user is needed. It is recommended to use a "
16100
"different username from your everyday username. Using the "
16101
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16102
msgstr ""
16103
16104
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
16105
msgid "sudo kadmin.local"
16106
msgstr ""
16107
16108
#: serverguide/C/network-auth.xml:2158(computeroutput)
16109
#, no-wrap
16110
msgid ""
16111
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16112
"kadmin.local:"
16113
msgstr ""
16114
16115
#: serverguide/C/network-auth.xml:2159(userinput)
16116
#, no-wrap
16117
msgid " addprinc steve/admin"
16118
msgstr ""
16119
16120
#: serverguide/C/network-auth.xml:2160(computeroutput)
16121
#, no-wrap
16122
msgid ""
16123
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16124
"policy\n"
16125
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16126
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16127
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
16128
"kadmin.local:"
16129
msgstr ""
16130
16131
#: serverguide/C/network-auth.xml:2164(userinput)
16132
#, no-wrap
16133
msgid " quit"
16134
msgstr ""
16135
16136
#: serverguide/C/network-auth.xml:2167(para)
16137
msgid ""
16138
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16139
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16140
"is an <emphasis>Instance</emphasis>, and <emphasis "
16141
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
16142
"role=\"italic\">\"every day\"</emphasis> Principal would be "
16143
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
16144
"rights."
16145
msgstr ""
16146
16147
#: serverguide/C/network-auth.xml:2175(para)
16148
msgid ""
16149
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16150
"your Realm and admin username."
16151
msgstr ""
16152
16153
#: serverguide/C/network-auth.xml:2183(para)
16154
msgid ""
16155
"Next, the new admin user needs to have the appropriate Access Control List "
16156
"(ACL) permissions. The permissions are configured in the "
16157
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16158
msgstr ""
16159
16160
#: serverguide/C/network-auth.xml:2188(programlisting)
16161
#, no-wrap
16162
msgid ""
16163
"\n"
16164
"steve/admin@EXAMPLE.COM *\n"
16165
msgstr ""
16166
16167
#: serverguide/C/network-auth.xml:2192(para)
16168
msgid ""
16169
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16170
"any operation on all principals in the realm."
16171
msgstr ""
16172
16173
#: serverguide/C/network-auth.xml:2199(para)
16174
msgid ""
16175
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16176
"to take affect:"
16177
msgstr ""
16178
16179
#: serverguide/C/network-auth.xml:2204(command)
16180
msgid "sudo /etc/init.d/krb5-admin-server restart"
16181
msgstr ""
16182
16183
#: serverguide/C/network-auth.xml:2210(para)
16184
msgid ""
16185
"The new user principal can be tested using the <application>kinit "
16186
"utility</application>:"
16187
msgstr ""
16188
16189
#: serverguide/C/network-auth.xml:2215(command)
16190
msgid "kinit steve/admin"
16191
msgstr ""
16192
16193
#: serverguide/C/network-auth.xml:2216(computeroutput)
16194
#, no-wrap
16195
msgid "steve/admin@EXAMPLE.COM's Password:"
16196
msgstr ""
16197
16198
#: serverguide/C/network-auth.xml:2219(para)
16199
msgid ""
16200
"After entering the password, use the <application>klist</application> "
16201
"utility to view information about the Ticket Granting Ticket (TGT):"
16202
msgstr ""
16203
16204
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
16205
msgid "klist"
16206
msgstr ""
16207
16208
#: serverguide/C/network-auth.xml:2226(computeroutput)
16209
#, no-wrap
16210
msgid ""
16211
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16212
" Principal: steve/admin@EXAMPLE.COM\n"
16213
"\n"
16214
" Issued Expires Principal\n"
16215
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16216
msgstr ""
16217
16218
#: serverguide/C/network-auth.xml:2233(para)
16219
msgid ""
16220
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
16221
"the KDC. For example:"
16222
msgstr ""
16223
16224
#: serverguide/C/network-auth.xml:2237(programlisting)
16225
#, no-wrap
16226
msgid ""
16227
"\n"
16228
"192.168.0.1 kdc01.example.com kdc01\n"
16229
msgstr ""
16230
16231
#: serverguide/C/network-auth.xml:2241(para)
16232
msgid ""
16233
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
16234
msgstr ""
16235
16236
#: serverguide/C/network-auth.xml:2248(para)
16237
msgid ""
16238
"In order for clients to determine the KDC for the Realm some DNS SRV records "
16239
"are needed. Add the following to "
16240
"<filename>/etc/named/db.example.com</filename>:"
16241
msgstr ""
16242
16243
#: serverguide/C/network-auth.xml:2253(programlisting)
16244
#, no-wrap
16245
msgid ""
16246
"\n"
16247
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16248
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16249
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16250
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16251
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16252
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16253
msgstr ""
16254
16255
#: serverguide/C/network-auth.xml:2263(para)
16256
msgid ""
16257
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16258
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16259
"KDC."
16260
msgstr ""
16261
16262
#: serverguide/C/network-auth.xml:2269(para)
16263
msgid ""
16264
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16265
msgstr ""
16266
16267
#: serverguide/C/network-auth.xml:2276(para)
16268
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16269
msgstr ""
16270
16271
#: serverguide/C/network-auth.xml:2283(title)
16272
msgid "Secondary KDC"
16273
msgstr ""
16274
16275
#: serverguide/C/network-auth.xml:2285(para)
16276
msgid ""
16277
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16278
"practice to have a Secondary KDC in case the primary becomes unavailable."
16279
msgstr ""
16280
16281
#: serverguide/C/network-auth.xml:2293(para)
16282
msgid ""
16283
"First, install the packages, and when asked for the Kerberos and Admin "
16284
"server names enter the name of the Primary KDC:"
16285
msgstr ""
16286
16287
#: serverguide/C/network-auth.xml:2304(para)
16288
msgid ""
16289
"Once you have the packages installed, create the Secondary KDC's host "
16290
"principal. From a terminal prompt, enter:"
16291
msgstr ""
16292
16293
#: serverguide/C/network-auth.xml:2309(command)
16294
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16295
msgstr ""
16296
16297
#: serverguide/C/network-auth.xml:2313(para)
16298
msgid ""
16299
"After, issuing any <application>kadmin</application> commands you will be "
16300
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16301
"password."
16302
msgstr ""
16303
16304
#: serverguide/C/network-auth.xml:2322(para)
16305
msgid "Extract the <emphasis>keytab</emphasis> file:"
16306
msgstr ""
16307
16308
#: serverguide/C/network-auth.xml:2327(command)
16309
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
16310
msgstr ""
16311
16312
#: serverguide/C/network-auth.xml:2333(para)
16313
msgid ""
16314
"There should now be a <filename>keytab.kdc02</filename> in the current "
16315
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16316
msgstr ""
16317
16318
#: serverguide/C/network-auth.xml:2339(command)
16319
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16320
msgstr ""
16321
16322
#: serverguide/C/network-auth.xml:2343(para)
16323
msgid ""
16324
"If the path to the <filename>keytab.kdc02</filename> file is different "
16325
"adjust accordingly."
16326
msgstr ""
16327
16328
#: serverguide/C/network-auth.xml:2348(para)
16329
msgid ""
16330
"Also, you can list the principals in a Keytab file, which can be useful when "
16331
"troubleshooting, using the <application>klist</application> utility:"
16332
msgstr ""
16333
16334
#: serverguide/C/network-auth.xml:2354(command)
16335
msgid "sudo klist -k /etc/krb5.keytab"
16336
msgstr ""
16337
16338
#: serverguide/C/network-auth.xml:2360(para)
16339
msgid ""
16340
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16341
"that lists all KDCs for the Realm. For example, on both primary and "
16342
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16343
msgstr ""
16344
16345
#: serverguide/C/network-auth.xml:2365(programlisting)
16346
#, no-wrap
16347
msgid ""
16348
"\n"
16349
"host/kdc01.example.com@EXAMPLE.COM\n"
16350
"host/kdc02.example.com@EXAMPLE.COM\n"
16351
msgstr ""
16352
16353
#: serverguide/C/network-auth.xml:2373(para)
16354
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16355
msgstr ""
16356
16357
#: serverguide/C/network-auth.xml:2378(command)
16358
msgid "sudo kdb5_util -s create"
16359
msgstr ""
16360
16361
#: serverguide/C/network-auth.xml:2384(para)
16362
msgid ""
16363
"Now start the <application>kpropd</application> daemon, which listens for "
16364
"connections from the <application>kprop</application> utility. "
16365
"<application>kprop</application> is used to transfer dump files:"
16366
msgstr ""
16367
16368
#: serverguide/C/network-auth.xml:2391(command)
16369
msgid "sudo kpropd -S"
16370
msgstr ""
16371
16372
#: serverguide/C/network-auth.xml:2397(para)
16373
msgid ""
16374
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16375
"of the principal database:"
16376
msgstr ""
16377
16378
#: serverguide/C/network-auth.xml:2402(command)
16379
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16380
msgstr ""
16381
16382
#: serverguide/C/network-auth.xml:2408(para)
16383
msgid ""
16384
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16385
"<filename>/etc/krb5.keytab</filename>:"
16386
msgstr ""
16387
16388
#: serverguide/C/network-auth.xml:2413(command)
16389
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16390
msgstr ""
16391
16392
#: serverguide/C/network-auth.xml:2414(command)
16393
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16394
msgstr ""
16395
16396
#: serverguide/C/network-auth.xml:2418(para)
16397
msgid ""
16398
"Make sure there is a <emphasis>host</emphasis> for "
16399
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16400
msgstr ""
16401
16402
#: serverguide/C/network-auth.xml:2426(para)
16403
msgid ""
16404
"Using the <application>kprop</application> utility push the database to the "
16405
"Secondary KDC:"
16406
msgstr ""
16407
16408
#: serverguide/C/network-auth.xml:2431(command)
16409
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16410
msgstr ""
16411
16412
#: serverguide/C/network-auth.xml:2435(para)
16413
msgid ""
16414
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16415
"worked. If there is an error message check "
16416
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
16417
"information."
16418
msgstr ""
16419
16420
#: serverguide/C/network-auth.xml:2441(para)
16421
msgid ""
16422
"You may also want to create a <application>cron</application> job to "
16423
"periodically update the database on the Secondary KDC. For example, the "
16424
"following will push the database every hour:"
16425
msgstr ""
16426
16427
#: serverguide/C/network-auth.xml:2446(programlisting)
16428
#, no-wrap
16429
msgid ""
16430
"\n"
16431
"# m h dom mon dow command\n"
16432
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
16433
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16434
msgstr ""
16435
16436
#: serverguide/C/network-auth.xml:2454(para)
16437
msgid ""
16438
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16439
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16440
msgstr ""
16441
16442
#: serverguide/C/network-auth.xml:2460(command)
16443
msgid "sudo kdb5_util stash"
16444
msgstr ""
16445
16446
#: serverguide/C/network-auth.xml:2466(para)
16447
msgid ""
16448
"Finally, start the <application>krb5-kdc</application> daemon on the "
16449
"Secondary KDC:"
16450
msgstr ""
16451
16452
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
16453
msgid "sudo /etc/init.d/krb5-kdc start"
16454
msgstr ""
16455
16456
#: serverguide/C/network-auth.xml:2477(para)
16457
msgid ""
16458
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16459
"for the Realm. You can test this by stopping the <application>krb5-"
16460
"kdc</application> daemon on the Primary KDC, then use "
16461
"<application>kinit</application> to request a ticket. If all goes well you "
16462
"should receive a ticket from the Secondary KDC."
16463
msgstr ""
16464
16465
#: serverguide/C/network-auth.xml:2485(title)
16466
msgid "Kerberos Linux Client"
16467
msgstr ""
16468
16469
#: serverguide/C/network-auth.xml:2487(para)
16470
msgid ""
16471
"This section covers configuring a Linux system as a "
16472
"<application>Kerberos</application> client. This will allow access to any "
16473
"kerberized services once a user has successfully logged into the system."
16474
msgstr ""
16475
16476
#: serverguide/C/network-auth.xml:2495(para)
16477
msgid ""
16478
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16479
"user</application> and <application>libpam-krb5</application> packages are "
16480
"needed, along with a few others that are not strictly necessary but make "
16481
"life easier. To install the packages enter the following in a terminal "
16482
"prompt:"
16483
msgstr ""
16484
16485
#: serverguide/C/network-auth.xml:2502(command)
16486
msgid ""
16487
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16488
msgstr ""
16489
16490
#: serverguide/C/network-auth.xml:2505(para)
16491
msgid ""
16492
"The <application>auth-client-config</application> package allows simple "
16493
"configuration of PAM for authentication from multiple sources, and the "
16494
"<application>libpam-ccreds</application> will cache authentication "
16495
"credentials allowing you to login in case the Key Distribution Center (KDC) "
16496
"is unavailable. This package is also useful for laptops that may "
16497
"authenticate using Kerberos while on the corporate network, but will need to "
16498
"be accessed off the network as well."
16499
msgstr ""
16500
16501
#: serverguide/C/network-auth.xml:2516(para)
16502
msgid "To configure the client in a terminal enter:"
16503
msgstr ""
16504
16505
#: serverguide/C/network-auth.xml:2521(command)
16506
msgid "sudo dpkg-reconfigure krb5-config"
16507
msgstr ""
16508
16509
#: serverguide/C/network-auth.xml:2524(para)
16510
msgid ""
16511
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16512
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16513
"records, the menu will prompt you for the hostname of the Key Distribution "
16514
"Center (KDC) and Realm Administration server."
16515
msgstr ""
16516
16517
#: serverguide/C/network-auth.xml:2530(para)
16518
msgid ""
16519
"The <application>dpkg-reconfigure</application> adds entries to the "
16520
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16521
"entries similar to the following:"
16522
msgstr ""
16523
16524
#: serverguide/C/network-auth.xml:2535(programlisting)
16525
#, no-wrap
16526
msgid ""
16527
"\n"
16528
"[libdefaults]\n"
16529
" default_realm = EXAMPLE.COM\n"
16530
"...\n"
16531
"[realms]\n"
16532
" EXAMPLE.COM = } \n"
16533
" kdc = 192.168.0.1 \n"
16534
" admin_server = 192.168.0.1\n"
16535
" }\n"
16536
msgstr ""
16537
16538
#: serverguide/C/network-auth.xml:2546(para)
16539
msgid ""
16540
"You can test the configuration by requesting a ticket using the "
16541
"<application>kinit</application> utility. For example:"
16542
msgstr ""
16543
16544
#: serverguide/C/network-auth.xml:2551(command)
16545
msgid "kinit steve@EXAMPLE.COM"
16546
msgstr ""
16547
16548
#: serverguide/C/network-auth.xml:2552(computeroutput)
16549
#, no-wrap
16550
msgid "Password for steve@EXAMPLE.COM:"
16551
msgstr ""
16552
16553
#: serverguide/C/network-auth.xml:2555(para)
16554
msgid ""
16555
"When a ticket has been granted, the details can be viewed using "
16556
"<application>klist</application>:"
16557
msgstr ""
16558
16559
#: serverguide/C/network-auth.xml:2561(computeroutput)
16560
#, no-wrap
16561
msgid ""
16562
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
16563
"Default principal: steve@EXAMPLE.COM\n"
16564
"\n"
16565
"Valid starting Expires Service principal\n"
16566
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
16567
" renew until 07/25/08 05:18:57\n"
16568
"\n"
16569
"\n"
16570
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
16571
"klist: You have no tickets cached"
16572
msgstr ""
16573
16574
#: serverguide/C/network-auth.xml:2573(para)
16575
msgid ""
16576
"Next, use the <application>auth-client-config</application> to configure the "
16577
"<application>libpam-krb5</application> module to request a ticket during "
16578
"login:"
16579
msgstr ""
16580
16581
#: serverguide/C/network-auth.xml:2579(command)
16582
msgid "sudo auth-client-config -a -p kerberos_example"
16583
msgstr ""
16584
16585
#: serverguide/C/network-auth.xml:2582(para)
16586
msgid ""
16587
"You will should now receive a ticket upon successful login authentication."
16588
msgstr ""
16589
16590
#: serverguide/C/network-auth.xml:2593(para)
16591
msgid ""
16592
"For more information on Kerberos see the <ulink "
16593
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
16594
msgstr ""
16595
16596
#: serverguide/C/network-auth.xml:2598(para)
16597
msgid ""
16598
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16599
"Kerberos</ulink> page has more details."
16600
msgstr ""
16601
16602
#: serverguide/C/network-auth.xml:2603(para)
16603
msgid ""
16604
"O'Reilly's <ulink "
16605
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16606
"Guide</ulink> is a great reference when setting up Kerberos."
16607
msgstr ""
16608
16609
#: serverguide/C/network-auth.xml:2609(para)
16610
msgid ""
16611
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16612
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16613
"Kerberos questions."
16614
msgstr ""
16615
16616
#: serverguide/C/network-auth.xml:2619(title)
16617
msgid "Kerberos and LDAP"
16618
msgstr ""
16619
16620
#: serverguide/C/network-auth.xml:2621(para)
16621
msgid ""
16622
"Replicating a Kerberos principal database between two servers can be "
16623
"complicated, and adds an additional user database to your network. "
16624
"Fortunately, MIT Kerberos can be configured to use an "
16625
"<application>LDAP</application> directory as a principal database. This "
16626
"section covers configuring a primary and secondary kerberos server to use "
16627
"<application>OpenLDAP</application> for the principal database."
16628
msgstr ""
16629
16630
#: serverguide/C/network-auth.xml:2629(title)
16631
msgid "Configuring OpenLDAP"
16632
msgstr ""
16633
16634
#: serverguide/C/network-auth.xml:2631(para)
16635
msgid ""
16636
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16637
"<application>OpenLDAP</application> server that has network connectivity to "
16638
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16639
"also have LDAP replication configured between at least two servers. For "
16640
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16641
msgstr ""
16642
16643
#: serverguide/C/network-auth.xml:2638(para)
16644
msgid ""
16645
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16646
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16647
"linkend=\"openldap-tls\"/> for details."
16648
msgstr ""
16649
16650
#: serverguide/C/network-auth.xml:2645(para)
16651
msgid ""
16652
"To load the schema into LDAP, on the LDAP server install the "
16653
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16654
msgstr ""
16655
16656
#: serverguide/C/network-auth.xml:2651(command)
16657
msgid "sudo apt-get install krb5-kdc-ldap"
16658
msgstr ""
16659
16660
#: serverguide/C/network-auth.xml:2656(para)
16661
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16662
msgstr ""
16663
16664
#: serverguide/C/network-auth.xml:2661(command)
16665
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16666
msgstr ""
16667
16668
#: serverguide/C/network-auth.xml:2662(command)
16669
msgid ""
16670
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16671
msgstr ""
16672
16673
#: serverguide/C/network-auth.xml:2668(para)
16674
msgid ""
16675
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16676
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16677
"<application>slapd</application> is also detailed in <xref "
16678
"linkend=\"openldap-configuration\"/>."
16679
msgstr ""
16680
16681
#: serverguide/C/network-auth.xml:2681(programlisting)
16682
#, no-wrap
16683
msgid ""
16684
"\n"
16685
"include /etc/ldap/schema/core.schema\n"
16686
"include /etc/ldap/schema/collective.schema\n"
16687
"include /etc/ldap/schema/corba.schema\n"
16688
"include /etc/ldap/schema/cosine.schema\n"
16689
"include /etc/ldap/schema/duaconf.schema\n"
16690
"include /etc/ldap/schema/dyngroup.schema\n"
16691
"include /etc/ldap/schema/inetorgperson.schema\n"
16692
"include /etc/ldap/schema/java.schema\n"
16693
"include /etc/ldap/schema/misc.schema\n"
16694
"include /etc/ldap/schema/nis.schema\n"
16695
"include /etc/ldap/schema/openldap.schema\n"
16696
"include /etc/ldap/schema/ppolicy.schema\n"
16697
"include /etc/ldap/schema/kerberos.schema\n"
16698
msgstr ""
16699
16700
#: serverguide/C/network-auth.xml:2701(para)
16701
msgid "Create a temporary directory to hold the LDIF files:"
16702
msgstr ""
16703
16704
#: serverguide/C/network-auth.xml:2716(command)
16705
msgid ""
16706
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16707
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16708
msgstr ""
16709
16710
#: serverguide/C/network-auth.xml:2726(para)
16711
msgid ""
16712
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16713
"changing the following attributes:"
16714
msgstr ""
16715
16716
#: serverguide/C/network-auth.xml:2730(programlisting)
16717
#, no-wrap
16718
msgid ""
16719
"\n"
16720
"dn: cn=kerberos,cn=schema,cn=config\n"
16721
"...\n"
16722
"cn: kerberos\n"
16723
msgstr ""
16724
16725
#: serverguide/C/network-auth.xml:2736(para)
16726
msgid "And remove the following lines from the end of the file:"
16727
msgstr ""
16728
16729
#: serverguide/C/network-auth.xml:2740(programlisting)
16730
#, no-wrap
16731
msgid ""
16732
"\n"
16733
"structuralObjectClass: olcSchemaConfig\n"
16734
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16735
"creatorsName: cn=config\n"
16736
"createTimestamp: 20090111203515Z\n"
16737
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16738
"modifiersName: cn=config\n"
16739
"modifyTimestamp: 20090111203515Z\n"
16740
msgstr ""
16741
16742
#: serverguide/C/network-auth.xml:2759(para)
16743
msgid "Load the new schema with <application>ldapadd</application>:"
16744
msgstr ""
16745
16746
#: serverguide/C/network-auth.xml:2764(command)
16747
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16748
msgstr ""
16749
16750
#: serverguide/C/network-auth.xml:2770(para)
16751
msgid ""
16752
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16753
msgstr ""
16754
16755
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
16756
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16757
msgstr ""
16758
16759
#: serverguide/C/network-auth.xml:2777(userinput)
16760
#, no-wrap
16761
msgid ""
16762
"dn: olcDatabase={1}hdb,cn=config\n"
16763
"add: olcDbIndex\n"
16764
"olcDbIndex: krbPrincipalName eq,pres,sub"
16765
msgstr ""
16766
16767
#: serverguide/C/network-auth.xml:2776(computeroutput)
16768
#, no-wrap
16769
msgid ""
16770
"Enter LDAP Password:\n"
16771
"<placeholder-1/>\n"
16772
"\n"
16773
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16774
msgstr ""
16775
16776
#: serverguide/C/network-auth.xml:2787(para)
16777
msgid "Finally, update the Access Control Lists (ACL):"
16778
msgstr ""
16779
16780
#: serverguide/C/network-auth.xml:2794(userinput)
16781
#, no-wrap
16782
msgid ""
16783
"dn: olcDatabase={1}hdb,cn=config\n"
16784
"replace: olcAccess\n"
16785
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16786
"dn=\"cn=admin,dc=exampl\n"
16787
" e,dc=com\" write by anonymous auth by self write by * none\n"
16788
"-\n"
16789
"add: olcAccess\n"
16790
"olcAccess: to dn.base=\"\" by * read\n"
16791
"-\n"
16792
"add: olcAccess\n"
16793
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16794
msgstr ""
16795
16796
#: serverguide/C/network-auth.xml:2793(computeroutput)
16797
#, no-wrap
16798
msgid ""
16799
"Enter LDAP Password: \n"
16800
"<placeholder-1/>\n"
16801
"\n"
16802
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16803
msgstr ""
16804
16805
#: serverguide/C/network-auth.xml:2814(para)
16806
msgid ""
16807
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16808
"database."
16809
msgstr ""
16810
16811
#: serverguide/C/network-auth.xml:2820(title)
16812
msgid "Primary KDC Configuration"
16813
msgstr ""
16814
16815
#: serverguide/C/network-auth.xml:2822(para)
16816
msgid ""
16817
"With <application>OpenLDAP</application> configured it is time to configure "
16818
"the KDC."
16819
msgstr ""
16820
16821
#: serverguide/C/network-auth.xml:2828(para)
16822
msgid "First, install the necessary packages, from a terminal enter:"
16823
msgstr ""
16824
16825
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
16826
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16827
msgstr ""
16828
16829
#: serverguide/C/network-auth.xml:2839(para)
16830
msgid ""
16831
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16832
"under the appropriate sections:"
16833
msgstr ""
16834
16835
#: serverguide/C/network-auth.xml:2843(programlisting)
16836
#, no-wrap
16837
msgid ""
16838
"\n"
16839
"[libdefaults]\n"
16840
" default_realm = EXAMPLE.COM\n"
16841
"\n"
16842
"...\n"
16843
"\n"
16844
"[realms]\n"
16845
" EXAMPLE.COM = {\n"
16846
" kdc = kdc01.example.com\n"
16847
" kdc = kdc02.example.com\n"
16848
" admin_server = kdc01.example.com\n"
16849
" admin_server = kdc02.example.com\n"
16850
" default_domain = example.com\n"
16851
" database_module = openldap_ldapconf\n"
16852
" }\n"
16853
"\n"
16854
"...\n"
16855
"\n"
16856
"[domain_realm]\n"
16857
" .example.com = EXAMPLE.COM\n"
16858
"\n"
16859
"\n"
16860
"...\n"
16861
"\n"
16862
"[dbdefaults]\n"
16863
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16864
"\n"
16865
"[dbmodules]\n"
16866
" openldap_ldapconf = {\n"
16867
" db_library = kldap\n"
16868
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16869
"\n"
16870
" # this object needs to have read rights on\n"
16871
" # the realm container, principal container and realm sub-"
16872
"trees\n"
16873
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16874
"\n"
16875
" # this object needs to have read and write rights on\n"
16876
" # the realm container, principal container and realm sub-"
16877
"trees\n"
16878
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16879
" ldap_servers = ldaps://ldap01.example.com "
16880
"ldaps://ldap02.example.com\n"
16881
" ldap_conns_per_server = 5\n"
16882
" }\n"
16883
msgstr ""
16884
16885
#: serverguide/C/network-auth.xml:2888(para)
16886
msgid ""
16887
"Change <emphasis>example.com</emphasis>, "
16888
"<emphasis>dc=example,dc=com</emphasis>, "
16889
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16890
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16891
"object, and LDAP server for your network."
16892
msgstr ""
16893
16894
#: serverguide/C/network-auth.xml:2897(para)
16895
msgid ""
16896
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16897
"the realm:"
16898
msgstr ""
16899
16900
#: serverguide/C/network-auth.xml:2902(command)
16901
msgid ""
16902
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16903
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16904
msgstr ""
16905
16906
#: serverguide/C/network-auth.xml:2908(para)
16907
msgid ""
16908
"Create a stash of the password used to bind to the LDAP server. This "
16909
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16910
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16911
"<filename>/etc/krb5.conf</filename>:"
16912
msgstr ""
16913
16914
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16915
msgid ""
16916
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16917
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16918
msgstr ""
16919
16920
#: serverguide/C/network-auth.xml:2920(para)
16921
msgid "Copy the CA certificate from the LDAP server:"
16922
msgstr ""
16923
16924
#: serverguide/C/network-auth.xml:2925(command)
16925
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16926
msgstr ""
16927
16928
#: serverguide/C/network-auth.xml:2926(command)
16929
msgid "sudo cp cacert.pem /etc/ssl/certs"
16930
msgstr ""
16931
16932
#: serverguide/C/network-auth.xml:2929(para)
16933
msgid ""
16934
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16935
msgstr ""
16936
16937
#: serverguide/C/network-auth.xml:2933(programlisting)
16938
#, no-wrap
16939
msgid ""
16940
"\n"
16941
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16942
msgstr ""
16943
16944
#: serverguide/C/network-auth.xml:2938(para)
16945
msgid ""
16946
"The certificate will also need to be copied to the Secondary KDC, to allow "
16947
"the connection to the LDAP servers using LDAPS."
16948
msgstr ""
16949
16950
#: serverguide/C/network-auth.xml:2947(para)
16951
msgid ""
16952
"You can now add Kerberos principals to the LDAP database, and they will be "
16953
"copied to any other LDAP servers configured for replication. To add a "
16954
"principal using the <application>kadmin.local</application> utility enter:"
16955
msgstr ""
16956
16957
#: serverguide/C/network-auth.xml:2955(userinput)
16958
#, no-wrap
16959
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16960
msgstr ""
16961
16962
#: serverguide/C/network-auth.xml:2954(computeroutput)
16963
#, no-wrap
16964
msgid ""
16965
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16966
"kadmin.local: <placeholder-1/>\n"
16967
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16968
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16969
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16970
"Principal \"steve@EXAMPLE.COM\" created."
16971
msgstr ""
16972
16973
#: serverguide/C/network-auth.xml:2962(para)
16974
msgid ""
16975
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16976
"krbExtraData attributes added to the "
16977
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16978
"the <application>kinit</application> and <application>klist</application> "
16979
"utilities to test that the user is indeed issued a ticket."
16980
msgstr ""
16981
16982
#: serverguide/C/network-auth.xml:2969(para)
16983
msgid ""
16984
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16985
"option is needed to add the Kerberos attributes. Otherwise a new "
16986
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16987
msgstr ""
16988
16989
#: serverguide/C/network-auth.xml:2977(title)
16990
msgid "Secondary KDC Configuration"
16991
msgstr ""
16992
16993
#: serverguide/C/network-auth.xml:2979(para)
16994
msgid ""
16995
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16996
"one using the normal Kerberos database."
16997
msgstr ""
16998
16999
#: serverguide/C/network-auth.xml:2985(para)
17000
msgid "First, install the necessary packages. In a terminal enter:"
17001
msgstr ""
17002
17003
#: serverguide/C/network-auth.xml:2996(para)
17004
msgid ""
17005
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17006
msgstr ""
17007
17008
#: serverguide/C/network-auth.xml:3000(programlisting)
17009
#, no-wrap
17010
msgid ""
17011
"\n"
17012
"[libdefaults]\n"
17013
" default_realm = EXAMPLE.COM\n"
17014
"\n"
17015
"...\n"
17016
"\n"
17017
"[realms]\n"
17018
" EXAMPLE.COM = {\n"
17019
" kdc = kdc01.example.com\n"
17020
" kdc = kdc02.example.com\n"
17021
" admin_server = kdc01.example.com\n"
17022
" admin_server = kdc02.example.com\n"
17023
" default_domain = example.com\n"
17024
" database_module = openldap_ldapconf\n"
17025
" }\n"
17026
"\n"
17027
"...\n"
17028
"\n"
17029
"[domain_realm]\n"
17030
" .example.com = EXAMPLE.COM\n"
17031
"\n"
17032
"...\n"
17033
"\n"
17034
"[dbdefaults]\n"
17035
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17036
"\n"
17037
"[dbmodules]\n"
17038
" openldap_ldapconf = {\n"
17039
" db_library = kldap\n"
17040
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17041
"\n"
17042
" # this object needs to have read rights on\n"
17043
" # the realm container, principal container and realm sub-"
17044
"trees\n"
17045
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17046
"\n"
17047
" # this object needs to have read and write rights on\n"
17048
" # the realm container, principal container and realm sub-"
17049
"trees\n"
17050
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17051
" ldap_servers = ldaps://ldap01.example.com "
17052
"ldaps://ldap02.example.com\n"
17053
" ldap_conns_per_server = 5\n"
17054
" }\n"
17055
msgstr ""
17056
17057
#: serverguide/C/network-auth.xml:3047(para)
17058
msgid "Create the stash for the LDAP bind password:"
17059
msgstr ""
17060
17061
#: serverguide/C/network-auth.xml:3058(para)
17062
msgid ""
17063
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17064
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17065
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
17066
"encrypted connection such as <application>scp</application>, or on physical "
17067
"media."
17068
msgstr ""
17069
17070
#: serverguide/C/network-auth.xml:3065(command)
17071
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17072
msgstr ""
17073
17074
#: serverguide/C/network-auth.xml:3066(command)
17075
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17076
msgstr ""
17077
17078
#: serverguide/C/network-auth.xml:3070(para)
17079
msgid ""
17080
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17081
msgstr ""
17082
17083
#: serverguide/C/network-auth.xml:3078(para)
17084
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17085
msgstr ""
17086
17087
#: serverguide/C/network-auth.xml:3089(para)
17088
msgid ""
17089
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17090
"you should be able to continue to authenticate users if one LDAP server, one "
17091
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17092
msgstr ""
17093
17094
#: serverguide/C/network-auth.xml:3101(para)
17095
msgid ""
17096
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17097
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17098
"Guide</ulink> has some additional details."
17099
msgstr ""
17100
17101
#: serverguide/C/network-auth.xml:3107(para)
17102
msgid ""
17103
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17104
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17105
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
17106
"5.6</ulink> and the <ulink "
17107
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
17108
"tml\">kdb5_ldap_util man page</ulink>."
17109
msgstr ""
17110
17111
#: serverguide/C/network-auth.xml:3115(para)
17112
msgid ""
17113
"Another useful link is the <ulink "
17114
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
17115
">krb5.conf man page</ulink>."
17116
msgstr ""
17117
17118
#: serverguide/C/network-auth.xml:3120(para)
17119
msgid ""
17120
"Also, see the <ulink "
17121
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17122
"and LDAP</ulink> Ubuntu wiki page."
17123
msgstr ""
17124
17125
#: serverguide/C/monitoring.xml:13(title)
17126
msgid "Monitoring"
17127
msgstr ""
17128
17129
#: serverguide/C/monitoring.xml:17(para)
17130
msgid ""
17131
"The monitoring of essential servers and services is an important part of "
17132
"system administration. Most network services are monitored for performance, "
17133
"availability, or both. This section will cover installation and "
17134
"configuration of <application>Nagios</application> for availability "
17135
"monitoring, and <application>Munin</application> for performance monitoring."
17136
msgstr ""
17137
17138
#: serverguide/C/monitoring.xml:24(para)
17139
msgid ""
17140
"The examples in this section will use two servers with hostnames "
17141
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
17142
"<emphasis>Server01</emphasis> will be configured with "
17143
"<application>Nagios</application> to monitor services on itself and "
17144
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
17145
"<application>munin</application> package to gather information from the "
17146
"network. Using the <application>munin-node</application> package, "
17147
"<emphasis>server02</emphasis> will be configured to send information to "
17148
"<emphasis>server01</emphasis>."
17149
msgstr ""
17150
17151
#: serverguide/C/monitoring.xml:33(para)
17152
msgid ""
17153
"Hopefully these simple examples will allow you to monitor additional servers "
17154
"and services on your network."
17155
msgstr ""
17156
17157
#: serverguide/C/monitoring.xml:39(title)
17158
msgid "Nagios"
17159
msgstr ""
17160
17161
#: serverguide/C/monitoring.xml:44(para)
17162
msgid ""
17163
"First, on <emphasis>server01</emphasis> install the "
17164
"<application>nagios</application> package. In a terminal enter:"
17165
msgstr ""
17166
17167
#: serverguide/C/monitoring.xml:50(command)
17168
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
17169
msgstr ""
17170
17171
#: serverguide/C/monitoring.xml:53(para)
17172
msgid ""
17173
"You will be asked to enter a password for the "
17174
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
17175
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
17176
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
17177
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
17178
"of the <application>apache2-utils</application> package."
17179
msgstr ""
17180
17181
#: serverguide/C/monitoring.xml:60(para)
17182
msgid ""
17183
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
17184
"user enter:"
17185
msgstr ""
17186
17187
#: serverguide/C/monitoring.xml:65(command)
17188
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
17189
msgstr ""
17190
17191
#: serverguide/C/monitoring.xml:68(para)
17192
msgid "To add a user:"
17193
msgstr ""
17194
17195
#: serverguide/C/monitoring.xml:73(command)
17196
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
17197
msgstr ""
17198
17199
#: serverguide/C/monitoring.xml:76(para)
17200
msgid ""
17201
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
17202
"server</application> package. From a terminal on server02 enter:"
17203
msgstr ""
17204
17205
#: serverguide/C/monitoring.xml:82(command)
17206
msgid "sudo apt-get install nagios-nrpe-server"
17207
msgstr ""
17208
17209
#: serverguide/C/monitoring.xml:86(para)
17210
msgid ""
17211
"<application>NRPE</application> allows you to execute local checks on remote "
17212
"hosts. There are other ways of accomplishing this through other Nagios "
17213
"plugins as well as other checks."
17214
msgstr ""
17215
17216
#: serverguide/C/monitoring.xml:94(title)
17217
msgid "Configuration Overview"
17218
msgstr ""
17219
17220
#: serverguide/C/monitoring.xml:96(para)
17221
msgid ""
17222
"There are a couple of directories containing "
17223
"<application>Nagios</application> configuration and check files."
17224
msgstr ""
17225
17226
#: serverguide/C/monitoring.xml:102(para)
17227
msgid ""
17228
"<filename>/etc/nagios3</filename>: contains configuration files for the "
17229
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
17230
"etc."
17231
msgstr ""
17232
17233
#: serverguide/C/monitoring.xml:108(para)
17234
msgid ""
17235
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
17236
"service checks."
17237
msgstr ""
17238
17239
#: serverguide/C/monitoring.xml:113(para)
17240
msgid ""
17241
"<filename>/etc/nagios</filename>: on the remote host contains the "
17242
"<application>nagios-nrpe-server</application> configuration files."
17243
msgstr ""
17244
17245
#: serverguide/C/monitoring.xml:118(para)
17246
msgid ""
17247
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
17248
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
17249
msgstr ""
17250
17251
#: serverguide/C/monitoring.xml:123(para)
17252
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
17253
msgstr ""
17254
17255
#: serverguide/C/monitoring.xml:129(para)
17256
msgid ""
17257
"There are a plethora of checks <application>Nagios</application> can be "
17258
"configured to execute for any given host. For this example Nagios will be "
17259
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
17260
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
17261
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
17262
msgstr ""
17263
17264
#: serverguide/C/monitoring.xml:136(para)
17265
msgid ""
17266
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
17267
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
17268
msgstr ""
17269
17270
#: serverguide/C/monitoring.xml:141(para)
17271
msgid ""
17272
"Additionally, there are some terms that once explained will hopefully make "
17273
"understanding Nagios configuration easier:"
17274
msgstr ""
17275
17276
#: serverguide/C/monitoring.xml:147(para)
17277
msgid ""
17278
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
17279
"is being monitored."
17280
msgstr ""
17281
17282
#: serverguide/C/monitoring.xml:152(para)
17283
msgid ""
17284
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
17285
"could group all web servers, file server, etc."
17286
msgstr ""
17287
17288
#: serverguide/C/monitoring.xml:157(para)
17289
msgid ""
17290
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
17291
"as HTTP, DNS, NFS, etc."
17292
msgstr ""
17293
17294
#: serverguide/C/monitoring.xml:162(para)
17295
msgid ""
17296
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
17297
"together. This is useful for grouping multiple HTTP for example."
17298
msgstr ""
17299
17300
#: serverguide/C/monitoring.xml:168(para)
17301
msgid ""
17302
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
17303
"place. Nagios can be configured to send emails, SMS messages, etc."
17304
msgstr ""
17305
17306
#: serverguide/C/monitoring.xml:174(para)
17307
msgid ""
17308
"By default Nagios is configured to check HTTP, disk space, SSH, current "
17309
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
17310
"will also <application>ping</application> check the "
17311
"<emphasis>gateway</emphasis>."
17312
msgstr ""
17313
17314
#: serverguide/C/monitoring.xml:179(para)
17315
msgid ""
17316
"Large Nagios installations can be quite complex to configure. It is usually "
17317
"best to start small, one or two hosts, get things configured the way you "
17318
"like then expand."
17319
msgstr ""
17320
17321
#: serverguide/C/monitoring.xml:194(para)
17322
msgid ""
17323
"First, create a <emphasis>host</emphasis> configuration file for "
17324
"<emphasis>server02</emphasis>. In a terminal enter:"
17325
msgstr ""
17326
17327
#: serverguide/C/monitoring.xml:199(command)
17328
msgid ""
17329
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
17330
"/etc/nagios3/conf.d/server02.cfg"
17331
msgstr ""
17332
17333
#: serverguide/C/monitoring.xml:203(para)
17334
msgid ""
17335
"In the above and following command examples, replace "
17336
"<emphasis>\"server01\"</emphasis>, "
17337
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
17338
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
17339
"your servers."
17340
msgstr ""
17341
17342
#: serverguide/C/monitoring.xml:212(para)
17343
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17344
msgstr ""
17345
17346
#: serverguide/C/monitoring.xml:216(programlisting)
17347
#, no-wrap
17348
msgid ""
17349
"\n"
17350
"define host{\n"
17351
" use generic-host ; Name of host "
17352
"template to use\n"
17353
" host_name server02\n"
17354
" alias Server 02\n"
17355
" address 172.18.100.101\n"
17356
"}\n"
17357
"\n"
17358
"# check DNS service.\n"
17359
"define service {\n"
17360
" use generic-service\n"
17361
" host_name server02\n"
17362
" service_description DNS\n"
17363
" check_command check_dns!172.18.100.101\n"
17364
"}\n"
17365
msgstr ""
17366
17367
#: serverguide/C/monitoring.xml:236(para)
17368
msgid ""
17369
"Restart the <application>nagios</application> daemon to enable the new "
17370
"configuration:"
17371
msgstr ""
17372
17373
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
17374
msgid "sudo /etc/init.d/nagios3 restart"
17375
msgstr ""
17376
17377
#: serverguide/C/monitoring.xml:251(para)
17378
msgid ""
17379
"Now add a service definition for the MySQL check by adding the following to "
17380
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
17381
msgstr ""
17382
17383
#: serverguide/C/monitoring.xml:255(programlisting)
17384
#, no-wrap
17385
msgid ""
17386
"\n"
17387
"# check MySQL servers.\n"
17388
"define service {\n"
17389
" hostgroup_name mysql-servers\n"
17390
" service_description MySQL\n"
17391
" check_command "
17392
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
17393
" use generic-service\n"
17394
" notification_interval 0 ; set > 0 if you want to be "
17395
"renotified\n"
17396
"}\n"
17397
msgstr ""
17398
17399
#: serverguide/C/monitoring.xml:269(para)
17400
msgid ""
17401
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
17402
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
17403
msgstr ""
17404
17405
#: serverguide/C/monitoring.xml:274(programlisting)
17406
#, no-wrap
17407
msgid ""
17408
"\n"
17409
"# MySQL hostgroup.\n"
17410
"define hostgroup {\n"
17411
" hostgroup_name mysql-servers\n"
17412
" alias MySQL servers\n"
17413
" members localhost, server02\n"
17414
" }\n"
17415
msgstr ""
17416
17417
#: serverguide/C/monitoring.xml:286(para)
17418
msgid ""
17419
"The Nagios check needs to authenticate to MySQL. To add a "
17420
"<emphasis>nagios</emphasis> user to MySQL enter:"
17421
msgstr ""
17422
17423
#: serverguide/C/monitoring.xml:291(command)
17424
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
17425
msgstr ""
17426
17427
#: serverguide/C/monitoring.xml:295(para)
17428
msgid ""
17429
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
17430
"<emphasis>mysql-servers</emphasis> hostgroup."
17431
msgstr ""
17432
17433
#: serverguide/C/monitoring.xml:303(para)
17434
msgid ""
17435
"Restart <application>nagios</application> to start checking the MySQL "
17436
"servers."
17437
msgstr ""
17438
17439
#: serverguide/C/monitoring.xml:318(para)
17440
msgid ""
17441
"Lastly configure NRPE to check the disk space on "
17442
"<emphasis>server02</emphasis>."
17443
msgstr ""
17444
17445
#: serverguide/C/monitoring.xml:322(para)
17446
msgid ""
17447
"On <emphasis>server01</emphasis> add the service check to "
17448
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17449
msgstr ""
17450
17451
#: serverguide/C/monitoring.xml:327(programlisting)
17452
#, no-wrap
17453
msgid ""
17454
"\n"
17455
"# NRPE disk check.\n"
17456
"define service {\n"
17457
" use generic-service\n"
17458
" host_name server02\n"
17459
" service_description nrpe-disk\n"
17460
" check_command "
17461
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
17462
"}\n"
17463
msgstr ""
17464
17465
#: serverguide/C/monitoring.xml:340(para)
17466
msgid ""
17467
"Now on <emphasis>server02</emphasis> edit "
17468
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
17469
msgstr ""
17470
17471
#: serverguide/C/monitoring.xml:344(programlisting)
17472
#, no-wrap
17473
msgid ""
17474
"\n"
17475
"allowed_hosts=172.18.100.100\n"
17476
msgstr ""
17477
17478
#: serverguide/C/monitoring.xml:348(para)
17479
msgid "And below in the command definition area add:"
17480
msgstr ""
17481
17482
#: serverguide/C/monitoring.xml:352(programlisting)
17483
#, no-wrap
17484
msgid ""
17485
"\n"
17486
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
17487
"e\n"
17488
msgstr ""
17489
17490
#: serverguide/C/monitoring.xml:359(para)
17491
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
17492
msgstr ""
17493
17494
#: serverguide/C/monitoring.xml:364(command)
17495
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
17496
msgstr ""
17497
17498
#: serverguide/C/monitoring.xml:370(para)
17499
msgid ""
17500
"Also, on <emphasis>server01</emphasis> restart "
17501
"<application>nagios</application>:"
17502
msgstr ""
17503
17504
#: serverguide/C/monitoring.xml:383(para)
17505
msgid ""
17506
"You should now be able to see the host and service checks in the Nagios CGI "
17507
"files. To access them point a browser to http://server01/nagios3. You will "
17508
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
17509
"password."
17510
msgstr ""
17511
17512
#: serverguide/C/monitoring.xml:393(para)
17513
msgid ""
17514
"This section has just scratched the surface of Nagios' features. The "
17515
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
17516
"plugins</application> contain many more service checks."
17517
msgstr ""
17518
17519
#: serverguide/C/monitoring.xml:400(para)
17520
msgid ""
17521
"For more information see <ulink "
17522
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
17523
msgstr ""
17524
17525
#: serverguide/C/monitoring.xml:405(para)
17526
msgid ""
17527
"Specifically the <ulink "
17528
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
17529
"site."
17530
msgstr ""
17531
17532
#: serverguide/C/monitoring.xml:410(para)
17533
msgid ""
17534
"There is also a list of <ulink "
17535
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
17536
"Nagios and network monitoring:"
17537
msgstr ""
17538
17539
#: serverguide/C/monitoring.xml:416(para)
17540
msgid ""
17541
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
17542
"Wiki</ulink> page also has more details."
17543
msgstr ""
17544
17545
#: serverguide/C/monitoring.xml:425(title)
17546
msgid "Munin"
17547
msgstr ""
17548
17549
#: serverguide/C/monitoring.xml:430(para)
17550
msgid ""
17551
"Before installing <application>Munin</application> on "
17552
"<emphasis>server01</emphasis><application>apache2</application> will need to "
17553
"be installed. The default configuration is fine for running a "
17554
"<application>munin</application> server. For more information see <xref "
17555
"linkend=\"httpd\"/>."
17556
msgstr ""
17557
17558
#: serverguide/C/monitoring.xml:436(para)
17559
msgid ""
17560
"First, on <emphasis>server01</emphasis> install "
17561
"<application>munin</application>. In a terminal enter:"
17562
msgstr ""
17563
17564
#: serverguide/C/monitoring.xml:441(command)
17565
msgid "sudo apt-get install munin"
17566
msgstr ""
17567
17568
#: serverguide/C/monitoring.xml:444(para)
17569
msgid ""
17570
"Now on <emphasis>server02</emphasis> install the <application>munin-"
17571
"node</application> package:"
17572
msgstr ""
17573
17574
#: serverguide/C/monitoring.xml:449(command)
17575
msgid "sudo apt-get install munin-node"
17576
msgstr ""
17577
17578
#: serverguide/C/monitoring.xml:456(para)
17579
msgid ""
17580
"On <emphasis>server01</emphasis> edit the "
17581
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
17582
"<emphasis>server02</emphasis>:"
17583
msgstr ""
17584
17585
#: serverguide/C/monitoring.xml:461(programlisting)
17586
#, no-wrap
17587
msgid ""
17588
"\n"
17589
"## First our \"normal\" host.\n"
17590
"[server02]\n"
17591
" address 172.18.100.101\n"
17592
msgstr ""
17593
17594
#: serverguide/C/monitoring.xml:468(para)
17595
msgid ""
17596
"Replace <emphasis>server02</emphasis> and "
17597
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17598
"for your server."
17599
msgstr ""
17600
17601
#: serverguide/C/monitoring.xml:474(para)
17602
msgid ""
17603
"Next, configure <application>munin-node</application> on "
17604
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17605
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17606
msgstr ""
17607
17608
#: serverguide/C/monitoring.xml:479(programlisting)
17609
#, no-wrap
17610
msgid ""
17611
"\n"
17612
"allow ^172\\.18\\.100\\.100$\n"
17613
msgstr ""
17614
17615
#: serverguide/C/monitoring.xml:484(para)
17616
msgid ""
17617
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17618
"<application>munin</application> server."
17619
msgstr ""
17620
17621
#: serverguide/C/monitoring.xml:489(para)
17622
msgid ""
17623
"Now restart <application>munin-node</application> on "
17624
"<emphasis>server02</emphasis> for the changes to take effect:"
17625
msgstr ""
17626
17627
#: serverguide/C/monitoring.xml:494(command)
17628
msgid "sudo /etc/init.d/munin-node restart"
17629
msgstr ""
17630
17631
#: serverguide/C/monitoring.xml:497(para)
17632
msgid ""
17633
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17634
"you should see links to nice graphs displaying information from the standard "
17635
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17636
msgstr ""
17637
17638
#: serverguide/C/monitoring.xml:503(para)
17639
msgid ""
17640
"Since this is a new install it may take some time for the graphs to display "
17641
"anything useful."
17642
msgstr ""
17643
17644
#: serverguide/C/monitoring.xml:510(title)
17645
msgid "Additional Plugins"
17646
msgstr ""
17647
17648
#: serverguide/C/monitoring.xml:512(para)
17649
msgid ""
17650
"The <application>munin-plugins-extra</application> package contains "
17651
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17652
"install the package, from a terminal enter:"
17653
msgstr ""
17654
17655
#: serverguide/C/monitoring.xml:518(command)
17656
msgid "sudo apt-get install munin-plugins-extra"
17657
msgstr ""
17658
17659
#: serverguide/C/monitoring.xml:521(para)
17660
msgid "Be sure to install the package on both the server and node machines."
17661
msgstr ""
17662
17663
#: serverguide/C/monitoring.xml:531(para)
17664
msgid ""
17665
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17666
"website for more details."
17667
msgstr ""
17668
17669
#: serverguide/C/monitoring.xml:536(para)
17670
msgid ""
17671
"Specifically the <ulink "
17672
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17673
"Documentation</ulink> page includes information on additional plugins, "
17674
"writing plugins, etc."
17675
msgstr ""
17676
17677
#: serverguide/C/monitoring.xml:542(para)
17678
msgid ""
17679
"Also, there is a book in German by Open Source Press: <ulink "
17680
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17681
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17682
msgstr ""
17683
17684
#: serverguide/C/monitoring.xml:548(para)
17685
msgid ""
17686
"Another resource is the <ulink "
17687
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17688
"page."
17689
msgstr ""
17690
17691
#: serverguide/C/mail.xml:13(title)
17692
msgid "Email Services"
17693
msgstr ""
17694
17695
#: serverguide/C/mail.xml:14(para)
17696
msgid ""
17697
"The process of getting an email from one person to another over a network or "
17698
"the Internet involves many systems working together. Each of these systems "
17699
"must be correctly configured for the process to work. The sender uses a "
17700
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17701
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17702
"the last of which will hand it off to a <emphasis>Mail Delivery "
17703
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17704
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17705
"IMAP server."
17706
msgstr ""
17707
17708
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17709
msgid "Postfix"
17710
msgstr ""
17711
17712
#: serverguide/C/mail.xml:25(para)
17713
msgid ""
17714
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17715
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17716
"compatible with the MTA <application>sendmail</application>. This section "
17717
"explains how to install and configure <application>postfix</application>. It "
17718
"also explains how to set it up as an SMTP server using a secure connection "
17719
"(for sending emails securely)."
17720
msgstr ""
17721
17722
#: serverguide/C/mail.xml:34(para)
17723
msgid ""
17724
"This guide does not cover setting up Postfix <emphasis>Virtual "
17725
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17726
"configurations see <xref linkend=\"postfix-references\"/>."
17727
msgstr ""
17728
17729
#: serverguide/C/mail.xml:41(para)
17730
msgid ""
17731
"To install <application>postfix</application> run the following command:"
17732
msgstr ""
17733
17734
#: serverguide/C/mail.xml:47(para)
17735
msgid ""
17736
"Simply press return when the installation process asks questions, the "
17737
"configuration will be done in greater detail in the next stage."
17738
msgstr ""
17739
17740
#: serverguide/C/mail.xml:52(title)
17741
msgid "Basic Configuration"
17742
msgstr ""
17743
17744
#: serverguide/C/mail.xml:53(para)
17745
msgid ""
17746
"To configure <application>postfix</application>, run the following command:"
17747
msgstr ""
17748
17749
#: serverguide/C/mail.xml:57(command)
17750
msgid "sudo dpkg-reconfigure postfix"
17751
msgstr ""
17752
17753
#: serverguide/C/mail.xml:63(para)
17754
msgid "Internet Site"
17755
msgstr ""
17756
17757
#: serverguide/C/mail.xml:64(para)
17758
msgid "mail.example.com"
17759
msgstr ""
17760
17761
#: serverguide/C/mail.xml:65(para)
17762
msgid "steve"
17763
msgstr ""
17764
17765
#: serverguide/C/mail.xml:66(para)
17766
msgid "mail.example.com, localhost.localdomain, localhost"
17767
msgstr ""
17768
17769
#: serverguide/C/mail.xml:67(para)
17770
msgid "No"
17771
msgstr ""
17772
17773
#: serverguide/C/mail.xml:68(para)
17774
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17775
msgstr ""
17776
17777
#: serverguide/C/mail.xml:69(para)
17778
msgid "0"
17779
msgstr ""
17780
17781
#: serverguide/C/mail.xml:70(para)
17782
msgid "+"
17783
msgstr ""
17784
17785
#: serverguide/C/mail.xml:71(para)
17786
msgid "all"
17787
msgstr ""
17788
17789
#: serverguide/C/mail.xml:59(para)
17790
msgid ""
17791
"The user interface will be displayed. On each screen, select the following "
17792
"values: <placeholder-1/>"
17793
msgstr ""
17794
17795
#: serverguide/C/mail.xml:75(para)
17796
msgid ""
17797
"Replace mail.example.com with the domain for which you'll accept email, "
17798
"192.168.0.0/24 with the actual network and class range of your mail server, "
17799
"and steve with the appropriate username."
17800
msgstr ""
17801
17802
#: serverguide/C/mail.xml:81(para)
17803
msgid ""
17804
"Now is a good time to decide which mailbox format you want to use. By "
17805
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17806
"mailbox format. Rather than editing the configuration file directly, you can "
17807
"use the <command>postconf</command> command to configure all "
17808
"<application>postfix</application> parameters. The configuration parameters "
17809
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17810
"you wish to re-configure a particular parameter, you can either run the "
17811
"command or change it manually in the file."
17812
msgstr ""
17813
17814
#: serverguide/C/mail.xml:92(para)
17815
msgid ""
17816
"To configure the mailbox format for <emphasis "
17817
"role=\"strong\">Maildir:</emphasis>"
17818
msgstr ""
17819
17820
#: serverguide/C/mail.xml:97(command)
17821
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17822
msgstr ""
17823
17824
#: serverguide/C/mail.xml:100(para)
17825
msgid ""
17826
"This will place new mail in /home/<emphasis "
17827
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17828
"your Mail Delivery Agent (MDA) to use the same path."
17829
msgstr ""
17830
17831
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17832
msgid "SMTP Authentication"
17833
msgstr ""
17834
17835
#: serverguide/C/mail.xml:110(para)
17836
msgid ""
17837
"SMTP-AUTH allows a client to identify itself through an authentication "
17838
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17839
"the authentication process. Once authenticated the SMTP server will allow "
17840
"the client to relay mail."
17841
msgstr ""
17842
17843
#: serverguide/C/mail.xml:117(para)
17844
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17845
msgstr ""
17846
17847
#: serverguide/C/mail.xml:120(screen)
17848
#, no-wrap
17849
msgid ""
17850
"\n"
17851
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17852
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17853
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17854
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17855
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17856
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17857
"sudo postconf -e 'smtpd_recipient_restrictions = "
17858
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17859
"sudo postconf -e 'inet_interfaces = all'\n"
17860
msgstr ""
17861
17862
#: serverguide/C/mail.xml:131(para)
17863
msgid ""
17864
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17865
"the Postfix queue directory."
17866
msgstr ""
17867
17868
#: serverguide/C/mail.xml:137(para)
17869
msgid ""
17870
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17871
"and-security\"/> for details. This example also uses a Certificate Authority "
17872
"(CA). For information on generating a CA certificate see <xref "
17873
"linkend=\"certificate-authority\"/>."
17874
msgstr ""
17875
17876
#: serverguide/C/mail.xml:143(para)
17877
msgid ""
17878
"You can get the digital certificate from a certificate authority. But unlike "
17879
"web clients, SMTP clients rarely complain about \"self-signed "
17880
"certificates\", so alternatively, you can create the certificate yourself. "
17881
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17882
"details."
17883
msgstr ""
17884
17885
#: serverguide/C/mail.xml:155(para)
17886
msgid ""
17887
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17888
"both incoming and outgoing mail:"
17889
msgstr ""
17890
17891
#: serverguide/C/mail.xml:158(screen)
17892
#, no-wrap
17893
msgid ""
17894
"\n"
17895
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17896
"sudo postconf -e 'smtp_use_tls = yes'\n"
17897
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17898
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17899
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17900
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17901
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17902
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17903
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17904
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17905
"sudo postconf -e 'myhostname = mail.example.com'\n"
17906
msgstr ""
17907
17908
#: serverguide/C/mail.xml:173(para)
17909
msgid ""
17910
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17911
"the certificate enter:"
17912
msgstr ""
17913
17914
#: serverguide/C/mail.xml:177(command)
17915
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17916
msgstr ""
17917
17918
#: serverguide/C/mail.xml:180(para)
17919
msgid ""
17920
"Again, for more details about certificates see <xref linkend=\"certificates-"
17921
"and-security\"/>."
17922
msgstr ""
17923
17924
#: serverguide/C/mail.xml:186(para)
17925
msgid ""
17926
"After running all the commands, <application>Postfix</application> is "
17927
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17928
"TLS encryption."
17929
msgstr ""
17930
17931
#: serverguide/C/mail.xml:191(para)
17932
msgid ""
17933
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17934
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17935
msgstr ""
17936
17937
#: serverguide/C/mail.xml:195(para)
17938
msgid ""
17939
"The postfix initial configuration is complete. Run the following command to "
17940
"restart the postfix daemon:"
17941
msgstr ""
17942
17943
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17944
msgid "sudo /etc/init.d/postfix restart"
17945
msgstr ""
17946
17947
#: serverguide/C/mail.xml:204(para)
17948
msgid ""
17949
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17950
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17951
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17952
"However it is still necessary to set up SASL authentication before you can "
17953
"use SMTP-AUTH."
17954
msgstr ""
17955
17956
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17957
msgid "Configuring SASL"
17958
msgstr ""
17959
17960
#: serverguide/C/mail.xml:215(para)
17961
msgid ""
17962
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17963
"enable Dovecot SASL the <application>dovecot-common</application> package "
17964
"will need to be installed. From a terminal prompt enter the following:"
17965
msgstr ""
17966
17967
#: serverguide/C/mail.xml:221(command)
17968
msgid "sudo apt-get install dovecot-common"
17969
msgstr ""
17970
17971
#: serverguide/C/mail.xml:223(para)
17972
msgid ""
17973
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17974
"In the <emphasis>auth default</emphasis> section uncomment the "
17975
"<emphasis>socket listen</emphasis> option and change the following:"
17976
msgstr ""
17977
17978
#: serverguide/C/mail.xml:227(programlisting)
17979
#, no-wrap
17980
msgid ""
17981
"\n"
17982
" socket listen {\n"
17983
" #master {\n"
17984
" # Master socket provides access to userdb information. It's typically\n"
17985
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17986
" # can find mailbox locations.\n"
17987
" #path = /var/run/dovecot/auth-master\n"
17988
" #mode = 0600\n"
17989
" # Default user/group is the one who started dovecot-auth (root)\n"
17990
" #user = \n"
17991
" #group = \n"
17992
" #}\n"
17993
" client {\n"
17994
" # The client socket is generally safe to export to everyone. Typical "
17995
"use\n"
17996
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17997
" # using it.\n"
17998
" path = /var/spool/postfix/private/auth-client\n"
17999
" mode = 0660\n"
18000
" user = postfix\n"
18001
" group = postfix\n"
18002
" }\n"
18003
" }\n"
18004
msgstr ""
18005
18006
#: serverguide/C/mail.xml:251(para)
18007
msgid ""
18008
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
18009
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
18010
"add <emphasis>\"login\"</emphasis>:"
18011
msgstr ""
18012
18013
#: serverguide/C/mail.xml:256(programlisting)
18014
#, no-wrap
18015
msgid ""
18016
"\n"
18017
" mechanisms = plain login\n"
18018
msgstr ""
18019
18020
#: serverguide/C/mail.xml:260(para)
18021
msgid ""
18022
"Once you have <application>Dovecot</application> configured restart it with:"
18023
msgstr ""
18024
18025
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
18026
msgid "sudo /etc/init.d/dovecot restart"
18027
msgstr ""
18028
18029
#: serverguide/C/mail.xml:269(title)
18030
msgid "Postfix-Dovecot"
18031
msgstr ""
18032
18033
#: serverguide/C/mail.xml:271(para)
18034
msgid ""
18035
"Another option for configuring <application>Postfix</application> for SMTP-"
18036
"AUTH is using the <application>dovecot-postfix</application> package. This "
18037
"package will install <application>Dovecot</application> and configure "
18038
"<application>Postfix</application> to use it for both SASL authentication "
18039
"and as a Mail Delivery Agent (MDA). The package also configures "
18040
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
18041
msgstr ""
18042
18043
#: serverguide/C/mail.xml:280(para)
18044
msgid ""
18045
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
18046
"server. For example, if you are configuring your server to be a mail "
18047
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
18048
"the above commands to configure Postfix for SMTPAUTH."
18049
msgstr ""
18050
18051
#: serverguide/C/mail.xml:287(para)
18052
msgid "To install the package, from a terminal prompt enter:"
18053
msgstr ""
18054
18055
#: serverguide/C/mail.xml:292(command)
18056
msgid "sudo apt-get install dovecot-postfix"
18057
msgstr ""
18058
18059
#: serverguide/C/mail.xml:295(para)
18060
msgid ""
18061
"You should now have a working mail server, but there are a few options that "
18062
"you may wish to further customize. For example, the package uses the "
18063
"certificate and key from the <application>ssl-cert</application> package, "
18064
"and in a production environment you should use a certificate and key "
18065
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
18066
"for more details."
18067
msgstr ""
18068
18069
#: serverguide/C/mail.xml:301(para)
18070
msgid ""
18071
"Once you have a customized certificate and key for the host, change the "
18072
"following options in <filename>/etc/postfix/main.cf</filename>:"
18073
msgstr ""
18074
18075
#: serverguide/C/mail.xml:305(programlisting)
18076
#, no-wrap
18077
msgid ""
18078
"\n"
18079
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
18080
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
18081
msgstr ""
18082
18083
#: serverguide/C/mail.xml:310(para)
18084
msgid "Then restart Postfix:"
18085
msgstr ""
18086
18087
#: serverguide/C/mail.xml:321(para)
18088
msgid ""
18089
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
18090
msgstr ""
18091
18092
#: serverguide/C/mail.xml:324(para)
18093
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
18094
msgstr ""
18095
18096
#: serverguide/C/mail.xml:329(command)
18097
msgid "telnet mail.example.com 25"
18098
msgstr ""
18099
18100
#: serverguide/C/mail.xml:331(para)
18101
msgid ""
18102
"After you have established the connection to the postfix mail server, type:"
18103
msgstr ""
18104
18105
#: serverguide/C/mail.xml:335(screen)
18106
#, no-wrap
18107
msgid ""
18108
"\n"
18109
"ehlo mail.example.com\n"
18110
msgstr ""
18111
18112
#: serverguide/C/mail.xml:338(para)
18113
msgid ""
18114
"If you see the following lines among others, then everything is working "
18115
"perfectly. Type <command>quit</command> to exit."
18116
msgstr ""
18117
18118
#: serverguide/C/mail.xml:342(programlisting)
18119
#, no-wrap
18120
msgid ""
18121
"\n"
18122
"250-STARTTLS\n"
18123
"250-AUTH LOGIN PLAIN\n"
18124
"250-AUTH=LOGIN PLAIN\n"
18125
"250 8BITMIME\n"
18126
msgstr ""
18127
18128
#: serverguide/C/mail.xml:352(para)
18129
msgid ""
18130
"This section introduces some common ways to determine the cause if problems "
18131
"arise."
18132
msgstr ""
18133
18134
#: serverguide/C/mail.xml:356(title)
18135
msgid "Escaping chroot"
18136
msgstr ""
18137
18138
#: serverguide/C/mail.xml:357(para)
18139
msgid ""
18140
"The Ubuntu <application>postfix</application> package will by default "
18141
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
18142
"This can add greater complexity when troubleshooting problems."
18143
msgstr ""
18144
18145
#: serverguide/C/mail.xml:361(para)
18146
msgid ""
18147
"To turn off the chroot operation locate for the following line in the "
18148
"<filename>/etc/postfix/master.cf</filename> configuration file:"
18149
msgstr ""
18150
18151
#: serverguide/C/mail.xml:365(screen)
18152
#, no-wrap
18153
msgid ""
18154
"\n"
18155
"smtp inet n - - - - smtpd\n"
18156
msgstr ""
18157
18158
#: serverguide/C/mail.xml:368(para)
18159
msgid "and modify it as follows:"
18160
msgstr ""
18161
18162
#: serverguide/C/mail.xml:371(screen)
18163
#, no-wrap
18164
msgid ""
18165
"\n"
18166
"smtp inet n - n - - smtpd\n"
18167
msgstr ""
18168
18169
#: serverguide/C/mail.xml:374(para)
18170
msgid ""
18171
"You will then need to restart Postfix to use the new configuration. From a "
18172
"terminal prompt enter:"
18173
msgstr ""
18174
18175
#: serverguide/C/mail.xml:382(title)
18176
msgid "Log Files"
18177
msgstr ""
18178
18179
#: serverguide/C/mail.xml:383(para)
18180
msgid ""
18181
"<application>Postfix</application> sends all log messages to "
18182
"<filename>/var/log/mail.log</filename>. However error and warning messages "
18183
"can sometimes get lost in the normal log output so they are also logged to "
18184
"<filename>/var/log/mail.err</filename> and "
18185
"<filename>/var/log/mail.warn</filename> respectively."
18186
msgstr ""
18187
18188
#: serverguide/C/mail.xml:388(para)
18189
msgid ""
18190
"To see messages entered into the logs in real time you can use the "
18191
"<application>tail -f</application> command:"
18192
msgstr ""
18193
18194
#: serverguide/C/mail.xml:393(command)
18195
msgid "tail -f /var/log/mail.err"
18196
msgstr ""
18197
18198
#: serverguide/C/mail.xml:395(para)
18199
msgid ""
18200
"The amount of detail that is recorded in the logs can be increased. Below "
18201
"are some configuration options for increasing the log level for some of the "
18202
"areas covered above."
18203
msgstr ""
18204
18205
#: serverguide/C/mail.xml:401(para)
18206
msgid ""
18207
"To increase <emphasis>TLS</emphasis> activity logging set the "
18208
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
18209
msgstr ""
18210
18211
#: serverguide/C/mail.xml:405(command)
18212
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18213
msgstr ""
18214
18215
#: serverguide/C/mail.xml:409(para)
18216
msgid ""
18217
"If you are having trouble sending or receiving mail from a specific domain "
18218
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
18219
msgstr ""
18220
18221
#: serverguide/C/mail.xml:414(command)
18222
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
18223
msgstr ""
18224
18225
#: serverguide/C/mail.xml:418(para)
18226
msgid ""
18227
"You can increase the verbosity of any <application>Postfix</application> "
18228
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
18229
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
18230
"<emphasis>smtp</emphasis> entry:"
18231
msgstr ""
18232
18233
#: serverguide/C/mail.xml:422(programlisting)
18234
#, no-wrap
18235
msgid ""
18236
"\n"
18237
"smtp unix - - - - - smtp -v\n"
18238
msgstr ""
18239
18240
#: serverguide/C/mail.xml:428(para)
18241
msgid ""
18242
"It is important to note that after making one of the logging changes above "
18243
"the <application>Postfix</application> process will need to be reloaded in "
18244
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
18245
"reload</command>"
18246
msgstr ""
18247
18248
#: serverguide/C/mail.xml:435(para)
18249
msgid ""
18250
"To increase the amount of information logged when troubleshooting "
18251
"<emphasis>SASL</emphasis> issues you can set the following options in "
18252
"<filename>/etc/dovecot/dovecot.conf</filename>"
18253
msgstr ""
18254
18255
#: serverguide/C/mail.xml:439(programlisting)
18256
#, no-wrap
18257
msgid ""
18258
"\n"
18259
"auth_debug=yes\n"
18260
"auth_debug_passwords=yes\n"
18261
msgstr ""
18262
18263
#: serverguide/C/mail.xml:446(para)
18264
msgid ""
18265
"Just like <application>Postfix</application> if you change a "
18266
"<application>Dovecot</application> configuration the process will need to be "
18267
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
18268
msgstr ""
18269
18270
#: serverguide/C/mail.xml:452(para)
18271
msgid ""
18272
"Some of the options above can drastically increase the amount of information "
18273
"sent to the log files. Remember to return the log level back to normal after "
18274
"you have corrected the problem. Then reload the appropriate daemon for the "
18275
"new configuration to take affect."
18276
msgstr ""
18277
18278
#: serverguide/C/mail.xml:460(para)
18279
msgid ""
18280
"Administering a <application>Postfix</application> server can be a very "
18281
"complicated task. At some point you may need to turn to the Ubuntu community "
18282
"for more experienced help."
18283
msgstr ""
18284
18285
#: serverguide/C/mail.xml:464(para)
18286
msgid ""
18287
"A great place to ask for <application>Postfix</application> assistance, and "
18288
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
18289
"server</emphasis> IRC channel on <ulink "
18290
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
18291
"one of the <ulink "
18292
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
18293
msgstr ""
18294
18295
#: serverguide/C/mail.xml:469(para)
18296
msgid ""
18297
"For in depth <application>Postfix</application> information Ubuntu "
18298
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
18299
"Book of Postfix</ulink>."
18300
msgstr ""
18301
18302
#: serverguide/C/mail.xml:473(para)
18303
msgid ""
18304
"Finally, the <ulink "
18305
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
18306
"also has great documentation on all the different configuration options "
18307
"available."
18308
msgstr ""
18309
18310
#: serverguide/C/mail.xml:477(para)
18311
msgid ""
18312
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
18313
"Wiki Postifx</ulink> page has more information."
18314
msgstr ""
18315
18316
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
18317
msgid "Exim4"
18318
msgstr ""
18319
18320
#: serverguide/C/mail.xml:486(para)
18321
msgid ""
18322
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
18323
"developed at the University of Cambridge for use on Unix systems connected "
18324
"to the Internet. Exim can be installed in place of "
18325
"<application>sendmail</application>, although the configuration of "
18326
"<application>exim</application> is quite different to that of "
18327
"<application>sendmail</application>."
18328
msgstr ""
18329
18330
#: serverguide/C/mail.xml:497(para)
18331
msgid ""
18332
"To install <application>exim4</application>, run the following command: "
18333
"<screen>\n"
18334
"<command>sudo apt-get install exim4</command>\n"
18335
"</screen>"
18336
msgstr ""
18337
18338
#: serverguide/C/mail.xml:506(para)
18339
msgid ""
18340
"To configure <application>Exim4</application>, run the following command:"
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:510(command)
18344
msgid "sudo dpkg-reconfigure exim4-config"
18345
msgstr ""
18346
18347
#: serverguide/C/mail.xml:512(para)
18348
msgid ""
18349
"The user interface will be displayed. The user interface lets you configure "
18350
"many parameters. For example, In <application>Exim4</application> the "
18351
"configuration files are split among multiple files. If you wish to have them "
18352
"in one file you can configure accordingly in this user interface."
18353
msgstr ""
18354
18355
#: serverguide/C/mail.xml:520(para)
18356
msgid ""
18357
"All the parameters you configure in the user interface are stored in "
18358
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
18359
"re-configure, either you re-run the configuration wizard or manually edit "
18360
"this file using your favorite editor. Once you configure, you can run the "
18361
"following command to generate the master configuration file:"
18362
msgstr ""
18363
18364
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
18365
msgid "sudo update-exim4.conf"
18366
msgstr ""
18367
18368
#: serverguide/C/mail.xml:533(para)
18369
msgid ""
18370
"The master configuration file, is generated and it is stored in "
18371
"<filename>/var/lib/exim4/config.autogenerated</filename>."
18372
msgstr ""
18373
18374
#: serverguide/C/mail.xml:539(para)
18375
msgid ""
18376
"At any time, you should not edit the master configuration file, "
18377
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
18378
"updated automatically every time you run <command>update-exim4.conf</command>"
18379
msgstr ""
18380
18381
#: serverguide/C/mail.xml:547(para)
18382
msgid ""
18383
"You can run the following command to start <application>Exim4</application> "
18384
"daemon."
18385
msgstr ""
18386
18387
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
18388
msgid "sudo /etc/init.d/exim4 start"
18389
msgstr ""
18390
18391
#: serverguide/C/mail.xml:557(para)
18392
msgid ""
18393
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
18394
msgstr ""
18395
18396
#: serverguide/C/mail.xml:560(para)
18397
msgid ""
18398
"The first step is to create a certificate for use with TLS. Enter the "
18399
"following into a terminal prompt:"
18400
msgstr ""
18401
18402
#: serverguide/C/mail.xml:564(command)
18403
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
18404
msgstr ""
18405
18406
#: serverguide/C/mail.xml:566(para)
18407
msgid ""
18408
"Now Exim4 needs to be configured for TLS by editing "
18409
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
18410
"the following:"
18411
msgstr ""
18412
18413
#: serverguide/C/mail.xml:570(programlisting)
18414
#, no-wrap
18415
msgid ""
18416
"\n"
18417
"MAIN_TLS_ENABLE = yes\n"
18418
msgstr ""
18419
18420
#: serverguide/C/mail.xml:573(para)
18421
msgid ""
18422
"Next you need to configure <application>Exim4</application> to use the "
18423
"<application>saslauthd</application> for authentication. Edit "
18424
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
18425
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
18426
"<emphasis>login_saslauthd_server</emphasis> sections:"
18427
msgstr ""
18428
18429
#: serverguide/C/mail.xml:578(programlisting)
18430
#, no-wrap
18431
msgid ""
18432
"\n"
18433
" plain_saslauthd_server:\n"
18434
" driver = plaintext\n"
18435
" public_name = PLAIN\n"
18436
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
18437
" server_set_id = $auth2\n"
18438
" server_prompts = :\n"
18439
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18440
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18441
" .endif\n"
18442
"#\n"
18443
" login_saslauthd_server:\n"
18444
" driver = plaintext\n"
18445
" public_name = LOGIN\n"
18446
" server_prompts = \"Username:: : Password::\"\n"
18447
" # don't send system passwords over unencrypted connections\n"
18448
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
18449
" server_set_id = $auth1\n"
18450
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18451
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18452
" .endif\n"
18453
msgstr ""
18454
18455
#: serverguide/C/mail.xml:600(para)
18456
msgid "Finally, update the Exim4 configuration and restart the service:"
18457
msgstr ""
18458
18459
#: serverguide/C/mail.xml:605(command)
18460
msgid "sudo /etc/init.d/exim4 restart"
18461
msgstr ""
18462
18463
#: serverguide/C/mail.xml:610(para)
18464
msgid ""
18465
"This section provides details on configuring the saslauthd to provide "
18466
"authentication for <application>Exim4</application>."
18467
msgstr ""
18468
18469
#: serverguide/C/mail.xml:613(para)
18470
msgid ""
18471
"The first step is to install the sasl2-bin package. From a terminal prompt "
18472
"enter the following:"
18473
msgstr ""
18474
18475
#: serverguide/C/mail.xml:617(command)
18476
msgid "sudo apt-get install sasl2-bin"
18477
msgstr ""
18478
18479
#: serverguide/C/mail.xml:619(para)
18480
msgid ""
18481
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
18482
"and set START=no to:"
18483
msgstr ""
18484
18485
#: serverguide/C/mail.xml:622(programlisting)
18486
#, no-wrap
18487
msgid ""
18488
"\n"
18489
"START=yes\n"
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:625(para)
18493
msgid ""
18494
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
18495
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
18496
"service:"
18497
msgstr ""
18498
18499
#: serverguide/C/mail.xml:630(command)
18500
msgid "sudo adduser Debian-exim sasl"
18501
msgstr ""
18502
18503
#: serverguide/C/mail.xml:632(para)
18504
msgid "Now start the <application>saslauthd</application> service:"
18505
msgstr ""
18506
18507
#: serverguide/C/mail.xml:636(command)
18508
msgid "sudo /etc/init.d/saslauthd start"
18509
msgstr ""
18510
18511
#: serverguide/C/mail.xml:638(para)
18512
msgid ""
18513
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
18514
"and SASL authentication."
18515
msgstr ""
18516
18517
#: serverguide/C/mail.xml:647(para)
18518
msgid ""
18519
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
18520
"information."
18521
msgstr ""
18522
18523
#: serverguide/C/mail.xml:652(para)
18524
msgid ""
18525
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18526
"server\">Exim4 Book</ulink> available."
18527
msgstr ""
18528
18529
#: serverguide/C/mail.xml:657(para)
18530
msgid ""
18531
"Another resource is the <ulink "
18532
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
18533
"page."
18534
msgstr ""
18535
18536
#: serverguide/C/mail.xml:666(title)
18537
msgid "Dovecot Server"
18538
msgstr ""
18539
18540
#: serverguide/C/mail.xml:667(para)
18541
msgid ""
18542
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
18543
"security primarily in mind. It supports the major mailbox formats: mbox or "
18544
"Maildir. This section explain how to set it up as an imap or pop3 server."
18545
msgstr ""
18546
18547
#: serverguide/C/mail.xml:675(para)
18548
msgid ""
18549
"To install <application>dovecot</application>, run the following command in "
18550
"the command prompt:"
18551
msgstr ""
18552
18553
#: serverguide/C/mail.xml:680(command)
18554
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
18555
msgstr ""
18556
18557
#: serverguide/C/mail.xml:685(para)
18558
msgid ""
18559
"To configure <application>dovecot</application>, you can edit the file "
18560
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
18561
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
18562
"secure). A description of these protocols is beyond the scope of this guide. "
18563
"For further information, refer to the Wikipedia articles on <ulink "
18564
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
18565
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
18566
"link>."
18567
msgstr ""
18568
18569
#: serverguide/C/mail.xml:695(para)
18570
msgid ""
18571
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
18572
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
18573
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
18574
msgstr ""
18575
18576
#: serverguide/C/mail.xml:701(programlisting)
18577
#, no-wrap
18578
msgid ""
18579
"\n"
18580
"protocols = pop3 pop3s imap imaps\n"
18581
msgstr ""
18582
18583
#: serverguide/C/mail.xml:704(para)
18584
msgid ""
18585
"Next, choose the mailbox you would like to use. "
18586
"<application>Dovecot</application> supports <emphasis "
18587
"role=\"strong\">maildir</emphasis> and <emphasis "
18588
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18589
"mailbox formats. They both have their own benefits and are discussed on "
18590
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18591
"site</ulink>."
18592
msgstr ""
18593
18594
#: serverguide/C/mail.xml:712(para)
18595
msgid ""
18596
"Once you have chosen your mailbox type, edit the file "
18597
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18598
msgstr ""
18599
18600
#: serverguide/C/mail.xml:717(programlisting)
18601
#, no-wrap
18602
msgid ""
18603
"\n"
18604
"mail_location = maildir:~/Maildir # (for maildir)\n"
18605
"or\n"
18606
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18607
msgstr ""
18608
18609
#: serverguide/C/mail.xml:723(para)
18610
msgid ""
18611
"You should configure your Mail Transport Agent (MTA) to transfer the "
18612
"incoming mail to this type of mailbox if it is different from the one you "
18613
"have configured."
18614
msgstr ""
18615
18616
#: serverguide/C/mail.xml:729(para)
18617
msgid ""
18618
"Once you have configured dovecot, restart the "
18619
"<application>dovecot</application> daemon in order to test your setup:"
18620
msgstr ""
18621
18622
#: serverguide/C/mail.xml:738(para)
18623
msgid ""
18624
"If you have enabled imap, or pop3, you can also try to log in with the "
18625
"commands <command>telnet localhost pop3</command> or <command>telnet "
18626
"localhost imap2</command>. If you see something like the following, the "
18627
"installation has been successful:"
18628
msgstr ""
18629
18630
#: serverguide/C/mail.xml:745(programlisting)
18631
#, no-wrap
18632
msgid ""
18633
"\n"
18634
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18635
"Trying 127.0.0.1...\n"
18636
"Connected to localhost.localdomain.\n"
18637
"Escape character is '^]'.\n"
18638
"+OK Dovecot ready.\n"
18639
msgstr ""
18640
18641
#: serverguide/C/mail.xml:754(title)
18642
msgid "Dovecot SSL Configuration"
18643
msgstr ""
18644
18645
#: serverguide/C/mail.xml:755(para)
18646
msgid ""
18647
"To configure <application>dovecot</application> to use SSL, you can edit the "
18648
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18649
"lines:"
18650
msgstr ""
18651
18652
#: serverguide/C/mail.xml:760(programlisting)
18653
#, no-wrap
18654
msgid ""
18655
"\n"
18656
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18657
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18658
"ssl_disable = no\n"
18659
"disable_plaintext_auth = no\n"
18660
msgstr ""
18661
18662
#: serverguide/C/mail.xml:766(para)
18663
msgid ""
18664
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18665
"can create self signed SSL certificate. The latter is a good option for "
18666
"email, because SMTP clients rarely complain about \"self-signed "
18667
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18668
"security\"/> for details about how to create self signed SSL certificate. "
18669
"Once you create the certificate, you will have a key file and a certificate "
18670
"file. Please copy them to the location pointed in the "
18671
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18672
msgstr ""
18673
18674
#: serverguide/C/mail.xml:781(title)
18675
msgid "Firewall Configuration for an Email Server"
18676
msgstr ""
18677
18678
#: serverguide/C/mail.xml:787(para)
18679
msgid "IMAP - 143"
18680
msgstr ""
18681
18682
#: serverguide/C/mail.xml:788(para)
18683
msgid "IMAPS - 993"
18684
msgstr ""
18685
18686
#: serverguide/C/mail.xml:789(para)
18687
msgid "POP3 - 110"
18688
msgstr ""
18689
18690
#: serverguide/C/mail.xml:790(para)
18691
msgid "POP3S - 995"
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:782(para)
18695
msgid ""
18696
"To access your mail server from another computer, you must configure your "
18697
"firewall to allow connections to the server on the necessary ports. "
18698
"<placeholder-1/>"
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:799(para)
18702
msgid ""
18703
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18704
"more information."
18705
msgstr ""
18706
18707
#: serverguide/C/mail.xml:804(para)
18708
msgid ""
18709
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18710
"Ubuntu Wiki</ulink> page has more details."
18711
msgstr ""
18712
18713
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18714
msgid "Mailman"
18715
msgstr ""
18716
18717
#: serverguide/C/mail.xml:814(para)
18718
msgid ""
18719
"Mailman is an open source program for managing electronic mail discussions "
18720
"and e-newsletter lists. Many open source mailing lists (including all the "
18721
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18722
"Mailman as their mailing list software. It is powerful and easy to install "
18723
"and maintain."
18724
msgstr ""
18725
18726
#: serverguide/C/mail.xml:824(para)
18727
msgid ""
18728
"Mailman provides a web interface for the administrators and users, using an "
18729
"external mail server to send and receive emails. It works perfectly with the "
18730
"following mail servers:"
18731
msgstr ""
18732
18733
#: serverguide/C/mail.xml:835(application)
18734
msgid "Exim"
18735
msgstr ""
18736
18737
#: serverguide/C/mail.xml:838(application)
18738
msgid "Sendmail"
18739
msgstr ""
18740
18741
#: serverguide/C/mail.xml:841(application)
18742
msgid "Qmail"
18743
msgstr ""
18744
18745
#: serverguide/C/mail.xml:846(para)
18746
msgid ""
18747
"We will see how to install and configure Mailman with, the Apache web "
18748
"server, and either the Postfix or Exim mail server. If you wish to install "
18749
"Mailman with a different mail server, please refer to the references section."
18750
msgstr ""
18751
18752
#: serverguide/C/mail.xml:853(para)
18753
msgid ""
18754
"You only need to install one mail server and "
18755
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18756
msgstr ""
18757
18758
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18759
msgid "Apache2"
18760
msgstr ""
18761
18762
#: serverguide/C/mail.xml:859(para)
18763
msgid ""
18764
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18765
"installation\">HTTPD Installation</ulink> section for details."
18766
msgstr ""
18767
18768
#: serverguide/C/mail.xml:867(para)
18769
msgid ""
18770
"For instructions on installing and configuring Postfix refer to <xref "
18771
"linkend=\"postfix\"/>"
18772
msgstr ""
18773
18774
#: serverguide/C/mail.xml:873(para)
18775
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18776
msgstr ""
18777
18778
#: serverguide/C/mail.xml:884(application)
18779
msgid "dc_use_split_config='true'"
18780
msgstr ""
18781
18782
#: serverguide/C/mail.xml:876(para)
18783
msgid ""
18784
"Once exim4 is installed, the configuration files are stored in the "
18785
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18786
"configuration files are split across different files. You can change this "
18787
"behavior by changing the following variable in the "
18788
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18789
msgstr ""
18790
18791
#: serverguide/C/mail.xml:891(para)
18792
msgid ""
18793
"To install <application>Mailman</application>, run following command at a "
18794
"terminal prompt:"
18795
msgstr ""
18796
18797
#: serverguide/C/mail.xml:895(command)
18798
msgid "sudo apt-get install mailman"
18799
msgstr ""
18800
18801
#: serverguide/C/mail.xml:897(para)
18802
msgid ""
18803
"It copies the installation files in "
18804
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18805
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18806
"creates <emphasis>list</emphasis> linux user. It creates the "
18807
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18808
"this user."
18809
msgstr ""
18810
18811
#: serverguide/C/mail.xml:909(para)
18812
msgid ""
18813
"This section assumes you have successfully installed "
18814
"<application>mailman</application>, <application>apache2</application>, and "
18815
"<application>postfix</application> or <application>exim4</application>. Now "
18816
"you just need to configure them."
18817
msgstr ""
18818
18819
#: serverguide/C/mail.xml:918(para)
18820
msgid ""
18821
"An example Apache configuration file comes with "
18822
"<application>Mailman</application> and is placed in "
18823
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18824
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18825
"available</filename>:"
18826
msgstr ""
18827
18828
#: serverguide/C/mail.xml:924(command)
18829
msgid ""
18830
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18831
msgstr ""
18832
18833
#: serverguide/C/mail.xml:926(para)
18834
msgid ""
18835
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18836
"Mailman administration site. Now enable the new configuration and restart "
18837
"Apache:"
18838
msgstr ""
18839
18840
#: serverguide/C/mail.xml:931(command)
18841
msgid "sudo a2ensite mailman.conf"
18842
msgstr ""
18843
18844
#: serverguide/C/mail.xml:934(para)
18845
msgid ""
18846
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18847
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18848
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18849
"can make changes to the <filename>/etc/apache2/sites-"
18850
"available/mailman.conf</filename> file if you wish to change this behavior."
18851
msgstr ""
18852
18853
#: serverguide/C/mail.xml:945(para)
18854
msgid ""
18855
"For <application>Postfix</application> integration, we will associate the "
18856
"domain lists.example.com with the mailing lists. Please replace "
18857
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18858
msgstr ""
18859
18860
#: serverguide/C/mail.xml:949(para)
18861
msgid ""
18862
"You can use the postconf command to add the necessary configuration to "
18863
"<filename>/etc/postfix/main.cf</filename>:"
18864
msgstr ""
18865
18866
#: serverguide/C/mail.xml:953(command)
18867
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18868
msgstr ""
18869
18870
#: serverguide/C/mail.xml:954(command)
18871
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18872
msgstr ""
18873
18874
#: serverguide/C/mail.xml:955(command)
18875
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18876
msgstr ""
18877
18878
#: serverguide/C/mail.xml:957(para)
18879
msgid ""
18880
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18881
"the following transport:"
18882
msgstr ""
18883
18884
#: serverguide/C/mail.xml:960(programlisting)
18885
#, no-wrap
18886
msgid ""
18887
"\n"
18888
"mailman unix - n n - - pipe\n"
18889
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18890
" ${nexthop} ${user}\n"
18891
msgstr ""
18892
18893
#: serverguide/C/mail.xml:965(para)
18894
msgid ""
18895
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18896
"is delivered to a list."
18897
msgstr ""
18898
18899
#: serverguide/C/mail.xml:968(para)
18900
msgid ""
18901
"Associate the domain lists.example.com to the Mailman transport with the "
18902
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18903
msgstr ""
18904
18905
#: serverguide/C/mail.xml:971(programlisting)
18906
#, no-wrap
18907
msgid ""
18908
"\n"
18909
"lists.example.com mailman:\n"
18910
msgstr ""
18911
18912
#: serverguide/C/mail.xml:974(para)
18913
msgid ""
18914
"Now have <application>Postfix</application> build the transport map by "
18915
"entering the following from a terminal prompt:"
18916
msgstr ""
18917
18918
#: serverguide/C/mail.xml:978(command)
18919
msgid "sudo postmap -v /etc/postfix/transport"
18920
msgstr ""
18921
18922
#: serverguide/C/mail.xml:980(para)
18923
msgid "Then restart Postfix to enable the new configurations:"
18924
msgstr ""
18925
18926
#: serverguide/C/mail.xml:989(para)
18927
msgid ""
18928
"Once Exim4 is installed, you can start the Exim server using the following "
18929
"command from a terminal prompt:"
18930
msgstr ""
18931
18932
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18933
msgid "Main"
18934
msgstr ""
18935
18936
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18937
msgid "Transport"
18938
msgstr ""
18939
18940
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18941
msgid "Router"
18942
msgstr ""
18943
18944
#: serverguide/C/mail.xml:996(para)
18945
msgid ""
18946
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18947
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18948
"different types. For details, please refer to the <ulink "
18949
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18950
"add new a configuration file to the following configuration types: "
18951
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18952
"these mini configuration files. So, the order of these configuration files "
18953
"is very important."
18954
msgstr ""
18955
18956
#: serverguide/C/mail.xml:1027(programlisting)
18957
#, no-wrap
18958
msgid ""
18959
"\n"
18960
"# start\n"
18961
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18962
"# directory.\n"
18963
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18964
"# This is normally the same as ~mailman\n"
18965
"MM_HOME=/var/lib/mailman\n"
18966
"#\n"
18967
"# User and group for Mailman, should match your --with-mail-gid\n"
18968
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18969
"MM_UID=list\n"
18970
"MM_GID=list\n"
18971
"#\n"
18972
"# Domains that your lists are in - colon separated list\n"
18973
"# you may wish to add these into local_domains as well\n"
18974
"domainlist mm_domains=hostname.com\n"
18975
"#\n"
18976
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18977
"#\n"
18978
"# These values are derived from the ones above and should not need\n"
18979
"# editing unless you have munged your mailman installation\n"
18980
"#\n"
18981
"# The path of the Mailman mail wrapper script\n"
18982
"MM_WRAP=MM_HOME/mail/mailman\n"
18983
"#\n"
18984
"# The path of the list config file (used as a required file when\n"
18985
"# verifying list addresses)\n"
18986
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18987
"# end\n"
18988
msgstr ""
18989
18990
#: serverguide/C/mail.xml:1021(para)
18991
msgid ""
18992
"All the configuration files belonging to the main type are stored in the "
18993
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18994
"following content to a new file, named <filename>04_exim4-"
18995
"config_mailman</filename>: <placeholder-1/>"
18996
msgstr ""
18997
18998
#: serverguide/C/mail.xml:1067(programlisting)
18999
#, no-wrap
19000
msgid ""
19001
"\n"
19002
" mailman_transport:\n"
19003
" driver = pipe\n"
19004
" command = MM_WRAP \\\n"
19005
" '${if def:local_part_suffix \\\n"
19006
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19007
"\\\n"
19008
" {post}}' \\\n"
19009
" $local_part\n"
19010
" current_directory = MM_HOME\n"
19011
" home_directory = MM_HOME\n"
19012
" user = MM_UID\n"
19013
" group = MM_GID\n"
19014
msgstr ""
19015
19016
#: serverguide/C/mail.xml:1061(para)
19017
msgid ""
19018
"All the configuration files belonging to transport type are stored in the "
19019
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
19020
"following content to a new file named <filename> 40_exim4-"
19021
"config_mailman</filename>: <placeholder-1/>"
19022
msgstr ""
19023
19024
#: serverguide/C/mail.xml:1088(programlisting)
19025
#, no-wrap
19026
msgid ""
19027
"\n"
19028
" mailman_router:\n"
19029
" driver = accept\n"
19030
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19031
" local_part_suffix_optional\n"
19032
" local_part_suffix = -bounces : -bounces+* : \\\n"
19033
" -confirm+* : -join : -leave : \\\n"
19034
" -owner : -request : -admin\n"
19035
" transport = mailman_transport\n"
19036
msgstr ""
19037
19038
#: serverguide/C/mail.xml:1084(para)
19039
msgid ""
19040
"All the configuration files belonging to router type are stored in the "
19041
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
19042
"following content in to a new file named <filename>101_exim4-"
19043
"config_mailman</filename>: <placeholder-1/>"
19044
msgstr ""
19045
19046
#: serverguide/C/mail.xml:1101(para)
19047
msgid ""
19048
"The order of main and transport configuration files can be in any order. "
19049
"But, the order of router configuration files must be the same. This "
19050
"particular file must appear before the <application>200_exim4-"
19051
"config_primary</application> file. These two configuration files contain "
19052
"same type of information. The first file takes the precedence. For more "
19053
"details, please refer to the references section."
19054
msgstr ""
19055
19056
#: serverguide/C/mail.xml:1114(para)
19057
msgid ""
19058
"Once mailman is installed, you can run it using the following command:"
19059
msgstr ""
19060
19061
#: serverguide/C/mail.xml:1118(command)
19062
msgid "sudo /etc/init.d/mailman start"
19063
msgstr ""
19064
19065
#: serverguide/C/mail.xml:1120(para)
19066
msgid ""
19067
"Once mailman is installed, you should create the default mailing list. Run "
19068
"the following command to create the mailing list:"
19069
msgstr ""
19070
19071
#: serverguide/C/mail.xml:1126(command)
19072
msgid "sudo /usr/sbin/newlist mailman"
19073
msgstr ""
19074
19075
#: serverguide/C/mail.xml:1129(programlisting)
19076
#, no-wrap
19077
msgid ""
19078
"\n"
19079
" Enter the email address of the person running the list: bhuvan at "
19080
"ubuntu.com\n"
19081
" Initial mailman password:\n"
19082
" To finish creating your mailing list, you must edit your "
19083
"<filename>/etc/aliases</filename> (or\n"
19084
" equivalent) file by adding the following lines, and possibly running the\n"
19085
" `newaliases' program:\n"
19086
"\n"
19087
" ## mailman mailing list\n"
19088
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19089
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19090
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19091
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19092
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19093
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19094
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19095
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19096
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
19097
"mailman\"\n"
19098
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19099
"mailman\"\n"
19100
"\n"
19101
" Hit enter to notify mailman owner...\n"
19102
"\n"
19103
" # \n"
19104
msgstr ""
19105
19106
#: serverguide/C/mail.xml:1152(para)
19107
msgid ""
19108
"We have configured either Postfix or Exim4 to recognize all emails from "
19109
"mailman. So, it is not mandatory to make any new entries in "
19110
"<filename>/etc/aliases</filename>. If you have made any changes to the "
19111
"configuration files, please ensure that you restart those services before "
19112
"continuing to next section."
19113
msgstr ""
19114
19115
#: serverguide/C/mail.xml:1160(para)
19116
msgid ""
19117
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
19118
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
19119
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
19120
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
19121
msgstr ""
19122
19123
#: serverguide/C/mail.xml:1171(title)
19124
msgid "Administration"
19125
msgstr ""
19126
19127
#: serverguide/C/mail.xml:1172(para)
19128
msgid ""
19129
"We assume you have a default installation. The mailman cgi scripts are still "
19130
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
19131
"Mailman provides a web based administration facility. To access this page, "
19132
"point your browser to the following url:"
19133
msgstr ""
19134
19135
#: serverguide/C/mail.xml:1180(para)
19136
msgid "http://hostname/cgi-bin/mailman/admin"
19137
msgstr ""
19138
19139
#: serverguide/C/mail.xml:1184(para)
19140
msgid ""
19141
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19142
"screen. If you click the mailing list name, it will ask for your "
19143
"authentication password. If you enter the correct password, you will be able "
19144
"to change administrative settings of this mailing list. You can create a new "
19145
"mailing list using the command line utility "
19146
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
19147
"mailing list using the web interface."
19148
msgstr ""
19149
19150
#: serverguide/C/mail.xml:1197(title)
19151
msgid "Users"
19152
msgstr ""
19153
19154
#: serverguide/C/mail.xml:1198(para)
19155
msgid ""
19156
"Mailman provides a web based interface for users. To access this page, point "
19157
"your browser to the following url:"
19158
msgstr ""
19159
19160
#: serverguide/C/mail.xml:1203(para)
19161
msgid "http://hostname/cgi-bin/mailman/listinfo"
19162
msgstr ""
19163
19164
#: serverguide/C/mail.xml:1207(para)
19165
msgid ""
19166
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19167
"screen. If you click the mailing list name, it will display the subscription "
19168
"form. You can enter your email address, name (optional), and password to "
19169
"subscribe. An email invitation will be sent to you. You can follow the "
19170
"instructions in the email to subscribe."
19171
msgstr ""
19172
19173
#: serverguide/C/mail.xml:1219(ulink)
19174
msgid "GNU Mailman - Installation Manual"
19175
msgstr ""
19176
19177
#: serverguide/C/mail.xml:1223(ulink)
19178
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
19179
msgstr ""
19180
19181
#: serverguide/C/mail.xml:1226(para)
19182
msgid ""
19183
"Also, see the <ulink "
19184
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
19185
"Wiki</ulink> page."
19186
msgstr ""
19187
19188
#: serverguide/C/mail.xml:1232(title)
19189
msgid "Mail Filtering"
19190
msgstr ""
19191
19192
#: serverguide/C/mail.xml:1233(para)
19193
msgid ""
19194
"One of the largest issues with email today is the problem of Unsolicited "
19195
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
19196
"and other forms of malware. According to some reports these messages make up "
19197
"the bulk of all email traffic on the Internet."
19198
msgstr ""
19199
19200
#: serverguide/C/mail.xml:1238(para)
19201
msgid ""
19202
"This section will cover integrating <application>Amavisd-new</application>, "
19203
"<application>Spamassassin</application>, and "
19204
"<application>ClamAV</application> with the "
19205
"<application>Postfix</application> Mail Transport Agent (MTA). "
19206
"<application>Postfix</application> can also check email validity by passing "
19207
"it through external content filters. These filters can sometimes determine "
19208
"if a message is spam without needing to process it with more resource "
19209
"intensive applications. Two common filters are "
19210
"<application>opendkim</application> and <application>python-policyd-"
19211
"spf</application>."
19212
msgstr ""
19213
19214
#: serverguide/C/mail.xml:1248(para)
19215
msgid ""
19216
"<application>Amavisd-new</application> is a wrapper program that can call "
19217
"any number of content filtering programs for spam detection, antivirus, etc."
19218
msgstr ""
19219
19220
#: serverguide/C/mail.xml:1254(para)
19221
msgid ""
19222
"<application>Spamassassin</application> uses a variety of mechanisms to "
19223
"filter email based on the message content."
19224
msgstr ""
19225
19226
#: serverguide/C/mail.xml:1259(para)
19227
msgid ""
19228
"<application>ClamAV</application> is an open source antivirus application."
19229
msgstr ""
19230
19231
#: serverguide/C/mail.xml:1264(para)
19232
msgid ""
19233
"<application>opendkim</application> implements a Sendmail Mail Filter "
19234
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
19235
msgstr ""
19236
19237
#: serverguide/C/mail.xml:1270(para)
19238
msgid ""
19239
"<application>python-policyd-spf</application> enables Sender Policy "
19240
"Framework (SPF) checking with <application>Postfix</application>."
19241
msgstr ""
19242
19243
#: serverguide/C/mail.xml:1275(para)
19244
msgid "This is how the pieces fit together:"
19245
msgstr ""
19246
19247
#: serverguide/C/mail.xml:1280(para)
19248
msgid "An email message is accepted by <application>Postfix</application>."
19249
msgstr ""
19250
19251
#: serverguide/C/mail.xml:1285(para)
19252
msgid ""
19253
"The message is passed through any external filters "
19254
"<application>opendkim</application> and <application>python-policyd-"
19255
"spf</application> in this case."
19256
msgstr ""
19257
19258
#: serverguide/C/mail.xml:1291(para)
19259
msgid "<application>Amavisd-new</application> then processes the message."
19260
msgstr ""
19261
19262
#: serverguide/C/mail.xml:1296(para)
19263
msgid ""
19264
"<application>ClamAV</application> is used to scan the message. If the "
19265
"message contains a virus <application>Postfix</application> will reject the "
19266
"message."
19267
msgstr ""
19268
19269
#: serverguide/C/mail.xml:1302(para)
19270
msgid ""
19271
"Clean messages will then be analyzed by "
19272
"<application>Spamassassin</application> to find out if the message is spam. "
19273
"<application>Spamassassin</application> will then add X-Header lines "
19274
"allowing <application>Amavisd-new</application> to further manipulate the "
19275
"message."
19276
msgstr ""
19277
19278
#: serverguide/C/mail.xml:1309(para)
19279
msgid ""
19280
"For example, if a message has a Spam score of over fifty the message could "
19281
"be automatically dropped from the queue without the recipient ever having to "
19282
"be bothered. Another, way to handle flagged messages is to deliver them to "
19283
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
19284
"see fit."
19285
msgstr ""
19286
19287
#: serverguide/C/mail.xml:1316(para)
19288
msgid ""
19289
"See <xref linkend=\"postfix\"/> for instructions on installing and "
19290
"configuring Postfix."
19291
msgstr ""
19292
19293
#: serverguide/C/mail.xml:1319(para)
19294
msgid ""
19295
"To install the rest of the applications enter the following from a terminal "
19296
"prompt:"
19297
msgstr ""
19298
19299
#: serverguide/C/mail.xml:1323(command)
19300
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
19301
msgstr ""
19302
19303
#: serverguide/C/mail.xml:1324(command)
19304
msgid "sudo apt-get install opendkim python-policyd-spf"
19305
msgstr ""
19306
19307
#: serverguide/C/mail.xml:1326(para)
19308
msgid ""
19309
"There are some optional packages that integrate with "
19310
"<application>Spamassassin</application> for better spam detection:"
19311
msgstr ""
19312
19313
#: serverguide/C/mail.xml:1330(command)
19314
msgid "sudo apt-get install pyzor razor"
19315
msgstr ""
19316
19317
#: serverguide/C/mail.xml:1332(para)
19318
msgid ""
19319
"Along with the main filtering applications compression utilities are needed "
19320
"to process some email attachments:"
19321
msgstr ""
19322
19323
#: serverguide/C/mail.xml:1336(command)
19324
msgid ""
19325
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
19326
msgstr ""
19327
19328
#: serverguide/C/mail.xml:1339(para)
19329
msgid ""
19330
"If some packages are not found, check that the "
19331
"<emphasis>multiverse</emphasis> repository is enabled in "
19332
"<filename>/etc/apt/sources.list</filename>"
19333
msgstr ""
19334
19335
#: serverguide/C/mail.xml:1340(para)
19336
msgid ""
19337
"If you make changes to the file, be sure to run <command>sudo apt-get "
19338
"update</command> before trying to install again."
19339
msgstr ""
19340
19341
#: serverguide/C/mail.xml:1345(para)
19342
msgid "Now configure everything to work together and filter email."
19343
msgstr ""
19344
19345
#: serverguide/C/mail.xml:1349(title)
19346
msgid "ClamAV"
19347
msgstr ""
19348
19349
#: serverguide/C/mail.xml:1350(para)
19350
msgid ""
19351
"The default behaviour of <application>ClamAV</application> will fit our "
19352
"needs. For more ClamAV configuration options, check the configuration files "
19353
"in <filename>/etc/clamav</filename>."
19354
msgstr ""
19355
19356
#: serverguide/C/mail.xml:1355(para)
19357
msgid ""
19358
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
19359
"group in order for <application>Amavisd-new</application> to have the "
19360
"appropriate access to scan files:"
19361
msgstr ""
19362
19363
#: serverguide/C/mail.xml:1360(command)
19364
msgid "sudo adduser clamav amavis"
19365
msgstr ""
19366
19367
#: serverguide/C/mail.xml:1364(title)
19368
msgid "Spamassassin"
19369
msgstr ""
19370
19371
#: serverguide/C/mail.xml:1365(para)
19372
msgid ""
19373
"Spamassassin automatically detects optional components and will use them if "
19374
"they are present. This means that there is no need to configure "
19375
"<application>pyzor</application> and <application>razor</application>."
19376
msgstr ""
19377
19378
#: serverguide/C/mail.xml:1369(para)
19379
msgid ""
19380
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
19381
"<application>Spamassassin</application> daemon. Change "
19382
"<emphasis>ENABLED=0</emphasis> to:"
19383
msgstr ""
19384
19385
#: serverguide/C/mail.xml:1373(programlisting)
19386
#, no-wrap
19387
msgid ""
19388
"\n"
19389
"ENABLED=1\n"
19390
msgstr ""
19391
19392
#: serverguide/C/mail.xml:1376(para)
19393
msgid "Now start the daemon:"
19394
msgstr ""
19395
19396
#: serverguide/C/mail.xml:1380(command)
19397
msgid "sudo /etc/init.d/spamassassin start"
19398
msgstr ""
19399
19400
#: serverguide/C/mail.xml:1384(title)
19401
msgid "Amavisd-new"
19402
msgstr ""
19403
19404
#: serverguide/C/mail.xml:1385(para)
19405
msgid ""
19406
"First activate spam and antivirus detection in <application>Amavisd-"
19407
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
19408
"content_filter_mode</filename>:"
19409
msgstr ""
19410
19411
#: serverguide/C/mail.xml:1389(programlisting)
19412
#, no-wrap
19413
msgid ""
19414
"\n"
19415
"use strict;\n"
19416
"\n"
19417
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
19418
"# and to re-enable antivirus checking.\n"
19419
"\n"
19420
"#\n"
19421
"# Default antivirus checking mode\n"
19422
"# Uncomment the two lines below to enable it\n"
19423
"#\n"
19424
"\n"
19425
"@bypass_virus_checks_maps = (\n"
19426
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
19427
"$bypass_virus_checks_re);\n"
19428
"\n"
19429
"\n"
19430
"#\n"
19431
"# Default SPAM checking mode\n"
19432
"# Uncomment the two lines below to enable it\n"
19433
"#\n"
19434
"\n"
19435
"@bypass_spam_checks_maps = (\n"
19436
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
19437
"$bypass_spam_checks_re);\n"
19438
"\n"
19439
"1; # insure a defined return\n"
19440
msgstr ""
19441
19442
#: serverguide/C/mail.xml:1414(para)
19443
msgid ""
19444
"Bouncing spam can be a bad idea as the return address is often faked. "
19445
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
19446
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
19447
"D_BOUNCE, as follows:"
19448
msgstr ""
19449
19450
#: serverguide/C/mail.xml:1420(programlisting)
19451
#, no-wrap
19452
msgid ""
19453
"\n"
19454
"$final_spam_destiny = D_DISCARD;\n"
19455
msgstr ""
19456
19457
#: serverguide/C/mail.xml:1424(para)
19458
msgid ""
19459
"Additionally, you may want to adjust the following options to flag more "
19460
"messages as spam:"
19461
msgstr ""
19462
19463
#: serverguide/C/mail.xml:1428(programlisting)
19464
#, no-wrap
19465
msgid ""
19466
"\n"
19467
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
19468
"level\n"
19469
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
19470
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
19471
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
19472
msgstr ""
19473
19474
#: serverguide/C/mail.xml:1435(para)
19475
msgid ""
19476
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
19477
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
19478
"option. Also, if the server receives mail for multiple domains the "
19479
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
19480
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
19481
msgstr ""
19482
19483
#: serverguide/C/mail.xml:1442(programlisting)
19484
#, no-wrap
19485
msgid ""
19486
"\n"
19487
"$myhostname = 'mail.example.com';\n"
19488
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19489
msgstr ""
19490
19491
#: serverguide/C/mail.xml:1447(para)
19492
msgid ""
19493
"After configuration <application>Amavisd-new</application> needs to be "
19494
"restarted:"
19495
msgstr ""
19496
19497
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
19498
msgid "sudo /etc/init.d/amavis restart"
19499
msgstr ""
19500
19501
#: serverguide/C/mail.xml:1454(title)
19502
msgid "DKIM Whitelist"
19503
msgstr ""
19504
19505
#: serverguide/C/mail.xml:1456(para)
19506
msgid ""
19507
"<application>Amavisd-new</application> can be configured to automatically "
19508
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
19509
"Keys. There are some pre-configured domains in the "
19510
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
19511
msgstr ""
19512
19513
#: serverguide/C/mail.xml:1462(para)
19514
msgid "There are multiple ways to configure the Whitelist for a domain:"
19515
msgstr ""
19516
19517
#: serverguide/C/mail.xml:1468(para)
19518
msgid ""
19519
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19520
"address from the \"example.com\" domain."
19521
msgstr ""
19522
19523
#: serverguide/C/mail.xml:1473(para)
19524
msgid ""
19525
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19526
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
19527
"have a valid signature."
19528
msgstr ""
19529
19530
#: serverguide/C/mail.xml:1479(para)
19531
msgid ""
19532
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
19533
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
19534
"role=\"italic\">example.com</emphasis> the parent domain."
19535
msgstr ""
19536
19537
#: serverguide/C/mail.xml:1485(para)
19538
msgid ""
19539
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
19540
"that have a valid signature from \"example.com\". This is usually used for "
19541
"discussion groups that sign their messages."
19542
msgstr ""
19543
19544
#: serverguide/C/mail.xml:1492(para)
19545
msgid ""
19546
"A domain can also have multiple Whitelist configurations. After, editing the "
19547
"file restart <application>amaisd-new</application>:"
19548
msgstr ""
19549
19550
#: serverguide/C/mail.xml:1501(para)
19551
msgid ""
19552
"In this context, once a domain has been added to the Whitelist the message "
19553
"will not receive any anti-virus or spam filtering. This may or may not be "
19554
"the intended behavior you wish for a domain."
19555
msgstr ""
19556
19557
#: serverguide/C/mail.xml:1511(para)
19558
msgid ""
19559
"For <application>Postfix</application> integration, enter the following from "
19560
"a terminal prompt:"
19561
msgstr ""
19562
19563
#: serverguide/C/mail.xml:1515(command)
19564
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19565
msgstr ""
19566
19567
#: serverguide/C/mail.xml:1517(para)
19568
msgid ""
19569
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19570
"to the end of the file:"
19571
msgstr ""
19572
19573
#: serverguide/C/mail.xml:1520(programlisting)
19574
#, no-wrap
19575
msgid ""
19576
"\n"
19577
"smtp-amavis unix - - - - 2 smtp\n"
19578
" -o smtp_data_done_timeout=1200\n"
19579
" -o smtp_send_xforward_command=yes\n"
19580
" -o disable_dns_lookups=yes\n"
19581
" -o max_use=20\n"
19582
"\n"
19583
"127.0.0.1:10025 inet n - - - - smtpd\n"
19584
" -o content_filter=\n"
19585
" -o local_recipient_maps=\n"
19586
" -o relay_recipient_maps=\n"
19587
" -o smtpd_restriction_classes=\n"
19588
" -o smtpd_delay_reject=no\n"
19589
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19590
" -o smtpd_helo_restrictions=\n"
19591
" -o smtpd_sender_restrictions=\n"
19592
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19593
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19594
" -o smtpd_end_of_data_restrictions=\n"
19595
" -o mynetworks=127.0.0.0/8\n"
19596
" -o smtpd_error_sleep_time=0\n"
19597
" -o smtpd_soft_error_limit=1001\n"
19598
" -o smtpd_hard_error_limit=1000\n"
19599
" -o smtpd_client_connection_count_limit=0\n"
19600
" -o smtpd_client_connection_rate_limit=0\n"
19601
" -o "
19602
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19603
msgstr ""
19604
19605
#: serverguide/C/mail.xml:1547(para)
19606
msgid ""
19607
"Also add the following two lines immediately below the "
19608
"<emphasis>\"pickup\"</emphasis> transport service:"
19609
msgstr ""
19610
19611
#: serverguide/C/mail.xml:1550(programlisting)
19612
#, no-wrap
19613
msgid ""
19614
"\n"
19615
" -o content_filter=\n"
19616
" -o receive_override_options=no_header_body_checks\n"
19617
msgstr ""
19618
19619
#: serverguide/C/mail.xml:1554(para)
19620
msgid ""
19621
"This will prevent messages that are generated to report on spam from being "
19622
"classified as spam."
19623
msgstr ""
19624
19625
#: serverguide/C/mail.xml:1557(para)
19626
msgid "Now restart <application>Postfix</application>:"
19627
msgstr ""
19628
19629
#: serverguide/C/mail.xml:1563(para)
19630
msgid "Content filtering with spam and virus detection is now enabled."
19631
msgstr ""
19632
19633
#: serverguide/C/mail.xml:1569(title)
19634
msgid "Amavisd-new and Spamassassin"
19635
msgstr ""
19636
19637
#: serverguide/C/mail.xml:1571(para)
19638
msgid ""
19639
"When integrating <application>Amavisd-new</application> with "
19640
"<application>Spamassassin</application>, if you choose to disable the bayes "
19641
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
19642
"<application>cron</application> to update the nightly rules, the result can "
19643
"cause a situation where a large amount of error messages are sent to the "
19644
"<emphasis>amavis</emphasis> user via the amavisd-new "
19645
"<application>cron</application> job."
19646
msgstr ""
19647
19648
#: serverguide/C/mail.xml:1578(para)
19649
msgid "There are several ways to handle this situation:"
19650
msgstr ""
19651
19652
#: serverguide/C/mail.xml:1584(para)
19653
msgid "Configure your MDA to filter messages you do not wish to see."
19654
msgstr ""
19655
19656
#: serverguide/C/mail.xml:1589(para)
19657
msgid ""
19658
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
19659
"<emphasis>use_bayes 0</emphasis>. For example, edit "
19660
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
19661
"the top before the <emphasis>test</emphasis> statements:"
19662
msgstr ""
19663
19664
#: serverguide/C/mail.xml:1593(programlisting)
19665
#, no-wrap
19666
msgid ""
19667
"\n"
19668
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
19669
"exit 0\n"
19670
msgstr ""
19671
19672
#: serverguide/C/mail.xml:1603(para)
19673
msgid ""
19674
"First, test that the <application>Amavisd-new</application> SMTP is "
19675
"listening:"
19676
msgstr ""
19677
19678
#: serverguide/C/mail.xml:1606(programlisting)
19679
#, no-wrap
19680
msgid ""
19681
"\n"
19682
"telnet localhost 10024\n"
19683
"Trying 127.0.0.1...\n"
19684
"Connected to localhost.\n"
19685
"Escape character is '^]'.\n"
19686
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19687
"^]\n"
19688
msgstr ""
19689
19690
#: serverguide/C/mail.xml:1614(para)
19691
msgid ""
19692
"In the Header of messages that go through the content filter you should see:"
19693
msgstr ""
19694
19695
#: serverguide/C/mail.xml:1617(programlisting)
19696
#, no-wrap
19697
msgid ""
19698
"\n"
19699
"X-Spam-Level: \n"
19700
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19701
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19702
"BAYES_00\n"
19703
"X-Spam-Level: \n"
19704
msgstr ""
19705
19706
#: serverguide/C/mail.xml:1624(para)
19707
msgid ""
19708
"Your output will vary, but the important thing is that there are <emphasis>X-"
19709
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19710
msgstr ""
19711
19712
#: serverguide/C/mail.xml:1632(para)
19713
msgid ""
19714
"The best way to figure out why something is going wrong is to check the log "
19715
"files."
19716
msgstr ""
19717
19718
#: serverguide/C/mail.xml:1637(para)
19719
msgid ""
19720
"For instructions on <application>Postfix</application> logging see the <xref "
19721
"linkend=\"postfix-troubleshooting\"/> section."
19722
msgstr ""
19723
19724
#: serverguide/C/mail.xml:1643(para)
19725
msgid ""
19726
"<application>Amavisd-new</application> uses "
19727
"<application>Syslog</application> to send messages to "
19728
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19729
"increased by adding the <emphasis>$log_level</emphasis> option to "
19730
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19731
"1 to 5."
19732
msgstr ""
19733
19734
#: serverguide/C/mail.xml:1648(programlisting)
19735
#, no-wrap
19736
msgid ""
19737
"\n"
19738
"$log_level = 2;\n"
19739
msgstr ""
19740
19741
#: serverguide/C/mail.xml:1652(para)
19742
msgid ""
19743
"When the <application>Amavisd-new</application> log output is increased "
19744
"<application>Spamassassin</application> log output is also increased."
19745
msgstr ""
19746
19747
#: serverguide/C/mail.xml:1659(para)
19748
msgid ""
19749
"The <application>ClamAV</application> log level can be increased by editing "
19750
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19751
msgstr ""
19752
19753
#: serverguide/C/mail.xml:1663(programlisting)
19754
#, no-wrap
19755
msgid ""
19756
"\n"
19757
"LogVerbose true\n"
19758
msgstr ""
19759
19760
#: serverguide/C/mail.xml:1666(para)
19761
msgid ""
19762
"By default <application>ClamAV</application> will send log messages to "
19763
"<filename>/var/log/clamav/clamav.log</filename>."
19764
msgstr ""
19765
19766
#: serverguide/C/mail.xml:1672(para)
19767
msgid ""
19768
"After changing an applications log settings remember to restart the service "
19769
"for the new settings to take affect. Also, once the issue you are "
19770
"troubleshooting is resolved it is a good idea to change the log settings "
19771
"back to normal."
19772
msgstr ""
19773
19774
#: serverguide/C/mail.xml:1680(para)
19775
msgid "For more information on filtering mail see the following links:"
19776
msgstr ""
19777
19778
#: serverguide/C/mail.xml:1686(ulink)
19779
msgid "Amavisd-new Documentation"
19780
msgstr ""
19781
19782
#: serverguide/C/mail.xml:1690(para)
19783
msgid ""
19784
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19785
"Documentation</ulink> and <ulink "
19786
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19787
msgstr ""
19788
19789
#: serverguide/C/mail.xml:1697(ulink)
19790
msgid "Spamassassin Wiki"
19791
msgstr ""
19792
19793
#: serverguide/C/mail.xml:1702(ulink)
19794
msgid "Pyzor Homepage"
19795
msgstr ""
19796
19797
#: serverguide/C/mail.xml:1707(ulink)
19798
msgid "Razor Homepage"
19799
msgstr ""
19800
19801
#: serverguide/C/mail.xml:1712(ulink)
19802
msgid "DKIM.org"
19803
msgstr ""
19804
19805
#: serverguide/C/mail.xml:1717(ulink)
19806
msgid "Postfix Amavis New"
19807
msgstr ""
19808
19809
#: serverguide/C/mail.xml:1721(para)
19810
msgid ""
19811
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19812
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19813
msgstr ""
19814
19815
#: serverguide/C/lamp-applications.xml:13(title)
19816
msgid "LAMP Applications"
19817
msgstr ""
19818
19819
#: serverguide/C/lamp-applications.xml:19(para)
19820
msgid ""
19821
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19822
"Ubuntu servers. There is a plethora of Open Source applications written "
19823
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19824
"Content Management Systems, and Management Software such as phpMyAdmin."
19825
msgstr ""
19826
19827
#: serverguide/C/lamp-applications.xml:26(para)
19828
msgid ""
19829
"One advantage of LAMP is the substantial flexibility for different database, "
19830
"web server, and scripting languages. Popular substitutes for MySQL include "
19831
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19832
"instead of PHP."
19833
msgstr ""
19834
19835
#: serverguide/C/lamp-applications.xml:32(para)
19836
msgid ""
19837
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19838
"is:"
19839
msgstr ""
19840
19841
#: serverguide/C/lamp-applications.xml:38(para)
19842
msgid "Download an archive containing the application source files."
19843
msgstr ""
19844
19845
#: serverguide/C/lamp-applications.xml:43(para)
19846
msgid ""
19847
"Unpack the archive, usually in a directory accessible to a web server."
19848
msgstr ""
19849
19850
#: serverguide/C/lamp-applications.xml:48(para)
19851
msgid ""
19852
"Depending on where the source was extracted, configure a web server to serve "
19853
"the files."
19854
msgstr ""
19855
19856
#: serverguide/C/lamp-applications.xml:53(para)
19857
msgid "Configure the application to connect to the database."
19858
msgstr ""
19859
19860
#: serverguide/C/lamp-applications.xml:58(para)
19861
msgid ""
19862
"Run a script, or browse to a page of the application, to install the "
19863
"database needed by the application."
19864
msgstr ""
19865
19866
#: serverguide/C/lamp-applications.xml:63(para)
19867
msgid ""
19868
"Once the steps above, or similar steps, are completed you are ready to begin "
19869
"using the application."
19870
msgstr ""
19871
19872
#: serverguide/C/lamp-applications.xml:69(para)
19873
msgid ""
19874
"A disadvantage of using this approach is that the application files are not "
19875
"placed in the file system in a standard way, which can cause confusion as to "
19876
"where the application is installed. Another larger disadvantage is updating "
19877
"the application. When a new version is released, the same process used to "
19878
"install the application is needed to apply updates."
19879
msgstr ""
19880
19881
#: serverguide/C/lamp-applications.xml:76(para)
19882
msgid ""
19883
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19884
"packaged for Ubuntu, and are available for installation in the same way as "
19885
"non-LAMP applications. Depending on the application some extra configuration "
19886
"and setup steps may be needed, however."
19887
msgstr ""
19888
19889
#: serverguide/C/lamp-applications.xml:82(para)
19890
msgid ""
19891
"This section covers howto install and configure the Wiki applications "
19892
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19893
"and the MySQL management application <application>phpMyAdmin</application>."
19894
msgstr ""
19895
19896
#: serverguide/C/lamp-applications.xml:88(para)
19897
msgid ""
19898
"A Wiki is a website that allows the visitors to easily add, remove and "
19899
"modify available content easily. The ease of interaction and operation makes "
19900
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19901
"also referred to the collaborative software."
19902
msgstr ""
19903
"วิกิเป็นเว็บที่อนุญาติให้ผู้เข้าชมเพิ่มเติม แก้ไข "
19904
"และลบเนื้อหาได้อย่างง่ายดาย "
19905
"ความง่ายของการใช้งานทำให้วิกิเป็นเครื่องมือที่เหมาะอย่างยิ่งสำหรับการเขียนบทค"
19906
"วามร่วมกันโดยหลายๆคน "
19907
"คำว่าวิกินั้นหมายความว่าซอฟต์แวร์สำหรับการทำงานร่วมกันได้เช่นกัน"
19908
19909
#: serverguide/C/lamp-applications.xml:100(title)
19910
msgid "Moin Moin"
19911
msgstr "Moin Moin"
19912
19913
#: serverguide/C/lamp-applications.xml:102(para)
19914
msgid ""
19915
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19916
"engine, and licensed under the GNU GPL."
19917
msgstr ""
19918
"MoinMoin เป็นโปรแกรมวิกิที่เขียนด้วยภาษาไพธอน (Python) "
19919
"โดยปรับปรุงจากโปรแกรมวิกิ PikiPiki และอยู่ภายใต้สัญญาแบบ GNU GPL"
19920
19921
#: serverguide/C/lamp-applications.xml:110(para)
19922
msgid ""
19923
"To install <application>MoinMoin</application>, run the following command in "
19924
"the command prompt:"
19925
msgstr ""
19926
"คุณสามารถติดตั้งโปรแกรม <application>MoinMoin</application> "
19927
"ได้โดยพิมพ์คำสั่ง:"
19928
19929
#: serverguide/C/lamp-applications.xml:116(command)
19930
msgid "sudo apt-get install python-moinmoin"
19931
msgstr "sudo apt-get install python-moinmoin"
19932
19933
#: serverguide/C/lamp-applications.xml:119(para)
19934
msgid ""
19935
"You should also install <application>apache2</application> web server. For "
19936
"installing <application>apache2</application> web server, please refer to "
19937
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19938
"linkend=\"httpd\"/> section."
19939
msgstr ""
19940
"เราแนะนำให้คุณติดตั้งโปรแกรมเว็บเซิร์ฟเวอร์ "
19941
"<application>apache2</application> ด้วย กรุณาอ่านบทความ <xref "
19942
"linkend=\"http-installation\"/> ในส่วน <xref linkend=\"httpd\"/> "
19943
"สำหรับคำแนะนำในการติดตั้ง <application>apache2</application>"
19944
19945
#: serverguide/C/lamp-applications.xml:130(para)
19946
msgid ""
19947
"For configuring your first Wiki application, please run the following set of "
19948
"commands. Let us assume that you are creating a Wiki named "
19949
"<emphasis>mywiki</emphasis>:"
19950
msgstr ""
19951
"สำหรับการตั้งค่าโปรแกรมวิกิแรกของคุณ กรุณาพิมพ์คำสั่งดังต่อไปนี้ "
19952
"สมมุติว่าคุณต้องการสร้างวิกิชื่อ <emphasis>mywiki</emphasis>:"
19953
19954
#: serverguide/C/lamp-applications.xml:137(command)
19955
msgid "cd /usr/share/moin"
19956
msgstr ""
19957
19958
#: serverguide/C/lamp-applications.xml:138(command)
19959
msgid "sudo mkdir mywiki"
19960
msgstr ""
19961
19962
#: serverguide/C/lamp-applications.xml:139(command)
19963
msgid "sudo cp -R data mywiki"
19964
msgstr ""
19965
19966
#: serverguide/C/lamp-applications.xml:140(command)
19967
msgid "sudo cp -R underlay mywiki"
19968
msgstr ""
19969
19970
#: serverguide/C/lamp-applications.xml:141(command)
19971
msgid "sudo cp server/moin.cgi mywiki"
19972
msgstr ""
19973
19974
#: serverguide/C/lamp-applications.xml:142(command)
19975
msgid "sudo chown -R www-data.www-data mywiki"
19976
msgstr ""
19977
19978
#: serverguide/C/lamp-applications.xml:143(command)
19979
msgid "sudo chmod -R ug+rwX mywiki"
19980
msgstr ""
19981
19982
#: serverguide/C/lamp-applications.xml:144(command)
19983
msgid "sudo chmod -R o-rwx mywiki"
19984
msgstr ""
19985
19986
#: serverguide/C/lamp-applications.xml:147(para)
19987
msgid ""
19988
"Now you should configure <application>MoinMoin</application> to find your "
19989
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19990
"<application>MoinMoin</application>, open "
19991
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19992
msgstr ""
19993
"จากนั้นคุณต้องตั้งค่า <application>MoinMoin</application> "
19994
"ให้รู้จักวิกิใหม่ของคุณที่ชื่อ <emphasis>mywiki</emphasis> โดยเปิดไฟล์ "
19995
"<filename>/etc/moin/mywiki.py</filename> และแก้ไขบรรทัดต่อไปนี้:"
19996
19997
#: serverguide/C/lamp-applications.xml:155(programlisting)
19998
#, no-wrap
19999
msgid "data_dir = '/org/mywiki/data'"
20000
msgstr ""
20001
20002
#: serverguide/C/lamp-applications.xml:157(para)
20003
msgid "to"
20004
msgstr "เป็น"
20005
20006
#: serverguide/C/lamp-applications.xml:161(programlisting)
20007
#, no-wrap
20008
msgid "data_dir = '/usr/share/moin/mywiki/data'"
20009
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
20010
20011
#: serverguide/C/lamp-applications.xml:163(para)
20012
msgid ""
20013
"Also, below the <emphasis>data_dir</emphasis> option add the "
20014
"<emphasis>data_underlay_dir</emphasis>:"
20015
msgstr ""
20016
20017
#: serverguide/C/lamp-applications.xml:167(programlisting)
20018
#, no-wrap
20019
msgid ""
20020
"\n"
20021
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
20022
msgstr ""
20023
20024
#: serverguide/C/lamp-applications.xml:172(para)
20025
msgid ""
20026
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
20027
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
20028
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
20029
"change."
20030
msgstr ""
20031
"ถ้าไม่มีไฟล์ <filename>/etc/moin/mywiki.py</filename> อยู่ "
20032
"คุณสามารถคัดลอกไฟล์ <filename>/etc/moin/moinmaster.py</filename> เป็นไฟล์ "
20033
"<filename>/etc/moin/mywiki.py</filename> และแก้ไขตามที่ได้อธิบายไว้"
20034
20035
#: serverguide/C/lamp-applications.xml:181(para)
20036
msgid ""
20037
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
20038
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
20039
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
20040
"<quote>(\"mywiki\", r\".*\")</quote>."
20041
msgstr ""
20042
"ถ้าคุณตั้งชื่อวิกิของคุณชื่อ <emphasis>my_wiki_name</emphasis> "
20043
"คุณควรแทรกบรรทัด <quote>(\"my_wiki_name\", r\".*\")</quote> หลังบรรทัด "
20044
"<quote>(\"mywiki\", r\".*\")</quote> ในไฟล์ "
20045
"<filename>/etc/moin/farmconfig.py</filename>"
20046
20047
#: serverguide/C/lamp-applications.xml:189(para)
20048
msgid ""
20049
"Once you have configured <application>MoinMoin</application> to find your "
20050
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
20051
"<application>apache2</application> and make it ready for your Wiki "
20052
"application."
20053
msgstr ""
20054
"หลังจากที่คุณได้ตั้งค่าของ <application>MoinMoin</application> ให้หาวิกิ "
20055
"<emphasis>mywiki</emphasis> ของคุณเจอแล้ว คุณจะต้องทำให้ "
20056
"<application>apache2</application> พร้อมที่จะให้บริการวิกิของคุณผ่านเว็บ"
20057
20058
#: serverguide/C/lamp-applications.xml:196(para)
20059
msgid ""
20060
"You should add the following lines in <filename>/etc/apache2/sites-"
20061
"available/default</filename> file inside the <quote><VirtualHost "
20062
"*></quote> tag:"
20063
msgstr ""
20064
"คุณควรเพิ่มบรรทัดต่อไปนี้ในไฟล์ <filename>/etc/apache2/sites-"
20065
"available/default</filename> ในแท็ก <quote><VirtualHost *></quote>"
20066
20067
#: serverguide/C/lamp-applications.xml:202(programlisting)
20068
#, no-wrap
20069
msgid ""
20070
"\n"
20071
"### moin\n"
20072
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
20073
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
20074
" <Directory /usr/share/moin/htdocs>\n"
20075
" Order allow,deny\n"
20076
" allow from all\n"
20077
" </Directory>\n"
20078
"### end moin\n"
20079
msgstr ""
20080
20081
#: serverguide/C/lamp-applications.xml:214(para)
20082
msgid ""
20083
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
20084
"<emphasis>alias</emphasis> line above, to the "
20085
"<application>moinmoin</application> version installed."
20086
msgstr ""
20087
20088
#: serverguide/C/lamp-applications.xml:220(para)
20089
msgid ""
20090
"Once you configure the <application>apache2</application> web server and "
20091
"make it ready for your Wiki application, you should restart it. You can run "
20092
"the following command to restart the <application>apache2</application> web "
20093
"server:"
20094
msgstr ""
20095
"หลังจากที่คุณตั้งค่าของโปรแกรม <application>apache2</application> "
20096
"เว็บเซิร์ฟเวอร์แล้ว คุณจะต้องเริ่มโปรแกรม <application>apache2</application> "
20097
"เว็บเซิร์ฟเวอร์ใหม่โดยพิมพ์คำสั่งดังนี้:"
20098
20099
#: serverguide/C/lamp-applications.xml:233(title)
20100
msgid "Verification"
20101
msgstr "ยืนยันว่าใช้งานได้อย่างถูกต้อง"
20102
20103
#: serverguide/C/lamp-applications.xml:235(para)
20104
msgid ""
20105
"You can verify the Wiki application and see if it works by pointing your web "
20106
"browser to the following URL:"
20107
msgstr ""
20108
"คุณสามารถทดสอบดูว่าวิกิของคุณทำงานได้อย่างถูกต้องโดยเปิดเว็บเบราเซอร์ของคุณแล"
20109
"ะไปที่ที่อยู่:"
20110
20111
#: serverguide/C/lamp-applications.xml:239(programlisting)
20112
#, no-wrap
20113
msgid ""
20114
"\n"
20115
"http://localhost/mywiki\n"
20116
msgstr ""
20117
"\n"
20118
"http://localhost/mywiki\n"
20119
20120
#: serverguide/C/lamp-applications.xml:243(para)
20121
msgid ""
20122
"You can also run the test command by pointing your web browser to the "
20123
"following URL:"
20124
msgstr "คุณยังสามารถทดสอบได้โดยชี้เว็บเบราเซอร์ของคุณไปที่ที่อยู่:"
20125
20126
#: serverguide/C/lamp-applications.xml:248(programlisting)
20127
#, no-wrap
20128
msgid ""
20129
"\n"
20130
"http://localhost/mywiki?action=test\n"
20131
msgstr ""
20132
"\n"
20133
"http://localhost/mywiki?action=test\n"
20134
20135
#: serverguide/C/lamp-applications.xml:252(para)
20136
msgid ""
20137
"For more details, please refer to the <ulink "
20138
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
20139
msgstr ""
20140
20141
#: serverguide/C/lamp-applications.xml:263(para)
20142
msgid ""
20143
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
20144
"Wiki</ulink>."
20145
msgstr ""
20146
20147
#: serverguide/C/lamp-applications.xml:268(para)
20148
msgid ""
20149
"Also, see the <ulink "
20150
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
20151
"MoinMoin</ulink> page."
20152
msgstr ""
20153
20154
#: serverguide/C/lamp-applications.xml:277(title)
20155
msgid "MediaWiki"
20156
msgstr "มีเดียวิกิ (MediaWiki)"
20157
20158
#: serverguide/C/lamp-applications.xml:279(para)
20159
msgid ""
20160
"MediaWiki is an web based Wiki software written in the PHP language. It can "
20161
"either use <application>MySQL</application> or "
20162
"<application>PostgreSQL</application> Database Management System."
20163
msgstr ""
20164
"มีเดียวิกิ (MediaWiki) เป็นระบบวิกิที่ทำงานบนเว็บและถูกเขียนด้วยภาษา PHP "
20165
"มีเดียวิกิสามารถใช้ฐานข้อมูล <application>MySQL</application> หรือ "
20166
"<application>PostgreSQL</application> เพื่อจัดเก็บข้อมูลในวิกิ"
20167
20168
#: serverguide/C/lamp-applications.xml:289(para)
20169
msgid ""
20170
"Before installing <application>MediaWiki</application> you should also "
20171
"install <application>Apache2</application>, the "
20172
"<application>PHP5</application> scripting language and Database a Management "
20173
"System. <application>MySQL</application> or "
20174
"<application>PostgreSQL</application> are the most common, choose one "
20175
"depending on your need. Please refer to those sections in this manual for "
20176
"installation instructions."
20177
msgstr ""
20178
"ก่อนติดตั้ง <application>MediaWiki</application> คุณควรติดตั้งโปรแกรม "
20179
"<application>Apache2</application>, ภาษาสคริปต์ "
20180
"<application>PHP5</application> และฐานข้อมูลเสียก่อน "
20181
"โดยคุณสามารถใช้ฐานข้อมูล <application>MySQL</application> หรือ "
20182
"<application>PostgreSQL</application> ก็ได้ "
20183
"กรุณาอ่านวิธีการติดตั้งโปรแกรมต่างๆเหล่านี้ในส่วนที่เกี่ยวข้องของคู่มือฉบับนี"
20184
"้"
20185
20186
#: serverguide/C/lamp-applications.xml:297(para)
20187
msgid ""
20188
"To install <application>MediaWiki</application>, run the following command "
20189
"in the command prompt:"
20190
msgstr ""
20191
"คุณสามารถติดตั้งโปรแกรม <application>MediaWiki</application> "
20192
"ได้โดยพิมพ์คำสั่งดังนี้:"
20193
20194
#: serverguide/C/lamp-applications.xml:303(command)
20195
msgid "sudo apt-get install mediawiki php5-gd"
20196
msgstr "sudo apt-get install mediawiki php5-gd"
20197
20198
#: serverguide/C/lamp-applications.xml:306(para)
20199
msgid ""
20200
"For additional <application>MediaWiki</application> functionality see the "
20201
"<application>mediawiki-extensions</application> package."
20202
msgstr ""
20203
20204
#: serverguide/C/lamp-applications.xml:316(para)
20205
msgid ""
20206
"The Apache configuration file <filename>mediawiki.conf</filename> for "
20207
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
20208
"directory. You should uncomment the following line in this file to access "
20209
"MediaWiki application."
20210
msgstr ""
20211
20212
#: serverguide/C/lamp-applications.xml:324(screen)
20213
#, no-wrap
20214
msgid ""
20215
"\n"
20216
"# Alias /mediawiki /var/lib/mediawiki\n"
20217
msgstr ""
20218
20219
#: serverguide/C/lamp-applications.xml:328(para)
20220
msgid ""
20221
"After you uncomment the above line, restart Apache server and access "
20222
"MediaWiki using the following url:"
20223
msgstr ""
20224
20225
#: serverguide/C/lamp-applications.xml:333(programlisting)
20226
#, no-wrap
20227
msgid ""
20228
"\n"
20229
"http://localhost/mediawiki/config/index.php\n"
20230
msgstr ""
20231
"\n"
20232
"http://localhost/mediawiki/config/index.php\n"
20233
20234
#: serverguide/C/lamp-applications.xml:338(para)
20235
msgid ""
20236
"Please read the <quote>Checking environment...</quote> section in this page. "
20237
"You should be able to fix many issues by carefully reading this section."
20238
msgstr ""
20239
"กรุณาอ่านส่วน <quote>ตรวจสอบสภาพแวดล้อม...</quote> ในหน้านี้ด้วย "
20240
"คุณจะสามารถแก้ปัญหาหลายๆข้อได้จากการอ่านส่วนดังกล่าวอย่างละเอียด"
20241
20242
#: serverguide/C/lamp-applications.xml:345(para)
20243
msgid ""
20244
"Once the configuration is complete, you should copy the "
20245
"<filename>LocalSettings.php</filename> file to "
20246
"<filename>/etc/mediawiki</filename> directory:"
20247
msgstr ""
20248
20249
#: serverguide/C/lamp-applications.xml:352(command)
20250
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
20251
msgstr ""
20252
20253
#: serverguide/C/lamp-applications.xml:355(para)
20254
msgid ""
20255
"You may also want to edit "
20256
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
20257
msgstr ""
20258
20259
#: serverguide/C/lamp-applications.xml:360(programlisting)
20260
#, no-wrap
20261
msgid ""
20262
"\n"
20263
"ini_set( 'memory_limit', '64M' );\n"
20264
msgstr ""
20265
20266
#: serverguide/C/lamp-applications.xml:367(title)
20267
msgid "Extensions"
20268
msgstr ""
20269
20270
#: serverguide/C/lamp-applications.xml:368(para)
20271
msgid ""
20272
"The extensions add new features and enhancements for the MediaWiki "
20273
"application. The extensions give wiki administrators and end users the "
20274
"ability to customize MediaWiki to their requirements."
20275
msgstr ""
20276
20277
#: serverguide/C/lamp-applications.xml:374(para)
20278
msgid ""
20279
"You can download MediaWiki extensions as an archive file or checkout from "
20280
"the Subversion repository. You should copy it to "
20281
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
20282
"also add the following line at the end of file: "
20283
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
20284
msgstr ""
20285
20286
#: serverguide/C/lamp-applications.xml:382(programlisting)
20287
#, no-wrap
20288
msgid ""
20289
"\n"
20290
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
20291
msgstr ""
20292
20293
#: serverguide/C/lamp-applications.xml:392(para)
20294
msgid ""
20295
"For more details, please refer to the <ulink "
20296
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
20297
msgstr ""
20298
"คุณสามารถอ่านรายละเอียดเพิ่มเติมได้จากเว็บ <ulink "
20299
"url=\"http://www.mediawiki.org\">MediaWiki</ulink>"
20300
20301
#: serverguide/C/lamp-applications.xml:398(para)
20302
msgid ""
20303
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
20304
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
20305
"new MediaWiki administrators."
20306
msgstr ""
20307
20308
#: serverguide/C/lamp-applications.xml:404(para)
20309
msgid ""
20310
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
20311
"Wiki MediaWiki</ulink> page is a good resource."
20312
msgstr ""
20313
20314
#: serverguide/C/lamp-applications.xml:414(title)
20315
msgid "phpMyAdmin"
20316
msgstr ""
20317
20318
#: serverguide/C/lamp-applications.xml:416(para)
20319
msgid ""
20320
"<application>phpMyAdmin</application> is a LAMP application specifically "
20321
"written for administering <application>MySQL</application> servers. Written "
20322
"in <application>PHP</application>, and accessed through a web browser, "
20323
"phpMyAdmin provides a graphical interface for database administration tasks."
20324
msgstr ""
20325
20326
#: serverguide/C/lamp-applications.xml:425(para)
20327
msgid ""
20328
"Before installing <application>phpMyAdmin</application> you will need access "
20329
"to a <application>MySQL</application> database either on the same host as "
20330
"that phpMyAdmin is installed on, or on a host accessible over the network. "
20331
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
20332
"enter:"
20333
msgstr ""
20334
20335
#: serverguide/C/lamp-applications.xml:432(command)
20336
msgid "sudo apt-get install phpmyadmin"
20337
msgstr ""
20338
20339
#: serverguide/C/lamp-applications.xml:435(para)
20340
msgid ""
20341
"At the prompt choose which web server to be configured for "
20342
"<application>phpMyAdmin</application>. The rest of this section will use "
20343
"<application>Apache2</application> for the web server."
20344
msgstr ""
20345
20346
#: serverguide/C/lamp-applications.xml:440(para)
20347
msgid ""
20348
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
20349
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
20350
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
20351
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
20352
"user if you any setup, and enter the <application>MySQL</application> user's "
20353
"password."
20354
msgstr ""
20355
20356
#: serverguide/C/lamp-applications.xml:447(para)
20357
msgid ""
20358
"Once logged in you can reset the <emphasis>root</emphasis> password if "
20359
"needed, create users, create/destroy databases and tables, etc."
20360
msgstr ""
20361
20362
#: serverguide/C/lamp-applications.xml:455(para)
20363
msgid ""
20364
"The configuration files for <application>phpMyAdmin</application> are "
20365
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
20366
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
20367
"configuration options that apply globally to "
20368
"<application>phpMyAdmin</application>."
20369
msgstr ""
20370
20371
#: serverguide/C/lamp-applications.xml:461(para)
20372
msgid ""
20373
"To use <application>phpMyAdmin</application> to administer a MySQL database "
20374
"hosted on another server, adjust the following in "
20375
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
20376
msgstr ""
20377
20378
#: serverguide/C/lamp-applications.xml:466(programlisting)
20379
#, no-wrap
20380
msgid ""
20381
"\n"
20382
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
20383
msgstr ""
20384
20385
#: serverguide/C/lamp-applications.xml:471(para)
20386
msgid ""
20387
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
20388
"remote database server name or IP address. Also, be sure that the "
20389
"<application>phpMyAdmin</application> host has permissions to access the "
20390
"remote database."
20391
msgstr ""
20392
20393
#: serverguide/C/lamp-applications.xml:477(para)
20394
msgid ""
20395
"Once configured, log out of <application>phpMyAdmin</application> and back "
20396
"in, and you should be accessing the new server."
20397
msgstr ""
20398
20399
#: serverguide/C/lamp-applications.xml:481(para)
20400
msgid ""
20401
"The <filename>config.header.inc.php</filename> and "
20402
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
20403
"header and footer to <application>phpMyAdmin</application>."
20404
msgstr ""
20405
20406
#: serverguide/C/lamp-applications.xml:486(para)
20407
msgid ""
20408
"Another important configuration file is "
20409
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
20410
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
20411
"configure <application>Apache2</application> to serve the "
20412
"<application>phpMyAdmin</application> site. The file contains directives for "
20413
"loading <application>PHP</application>, directory permissions, etc. For more "
20414
"information on configuring <application>Apache2</application> see <xref "
20415
"linkend=\"httpd\"/>."
20416
msgstr ""
20417
20418
#: serverguide/C/lamp-applications.xml:500(para)
20419
msgid ""
20420
"The <application>phpMyAdmin</application> documentation comes installed with "
20421
"the package and can be accessed from the <emphasis>phpMyAdmin "
20422
"Documentation</emphasis> link (a question mark with a box around it) under "
20423
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
20424
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
20425
msgstr ""
20426
20427
#: serverguide/C/lamp-applications.xml:507(para)
20428
msgid ""
20429
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
20430
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
20431
msgstr ""
20432
20433
#: serverguide/C/lamp-applications.xml:512(para)
20434
msgid ""
20435
"A third resource is the <ulink "
20436
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
20437
"Wiki</ulink> page."
20438
msgstr ""
20439
20440
#: serverguide/C/introduction.xml:14(para)
20441
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
20442
msgstr ""
20443
20444
#: serverguide/C/introduction.xml:15(para)
20445
msgid ""
20446
"Here you can find information on how to install and configure various server "
20447
"applications. It is a step-by-step, task-oriented guide for configuring and "
20448
"customizing your system."
20449
msgstr ""
20450
20451
#: serverguide/C/introduction.xml:19(para)
20452
msgid ""
20453
"This guide assumes you have a basic understanding of your Ubuntu system. "
20454
"Some installation details are covered in <xref linkend=\"installation\"/>, "
20455
"but if you need detailed instructions installing Ubuntu please refer to the "
20456
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20457
"Installation Guide</ulink>."
20458
msgstr ""
20459
20460
#: serverguide/C/introduction.xml:25(para)
20461
msgid ""
20462
"A HTML version of the manual is available online at <ulink "
20463
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
20464
"HTML files are also available in the <application>ubuntu-"
20465
"serverguide</application> package. See <xref linkend=\"package-"
20466
"management\"/> for details on installing packages."
20467
msgstr ""
20468
20469
#: serverguide/C/introduction.xml:32(para)
20470
msgid ""
20471
"If you choose to install the <application>ubuntu-serverguide</application> "
20472
"you can view this document from a console by:"
20473
msgstr ""
20474
20475
#: serverguide/C/introduction.xml:36(command)
20476
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
20477
msgstr ""
20478
20479
#: serverguide/C/introduction.xml:39(para)
20480
msgid ""
20481
"If you are using a localized version of Ubuntu, replace "
20482
"<emphasis>C</emphasis> with your language localization (e.g. "
20483
"<emphasis>en_GB</emphasis>)."
20484
msgstr ""
20485
20486
#: serverguide/C/introduction.xml:53(title)
20487
msgid "Support"
20488
msgstr ""
20489
20490
#: serverguide/C/introduction.xml:55(para)
20491
msgid ""
20492
"There are a couple of different ways that Ubuntu Server Edition is "
20493
"supported, commercial support and community support. The main commercial "
20494
"support (and development funding) is available from Canonical Ltd. They "
20495
"supply reasonably priced support contracts on a per desktop or per server "
20496
"basis. For more information see the <ulink "
20497
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
20498
"page."
20499
msgstr ""
20500
20501
#: serverguide/C/introduction.xml:62(para)
20502
msgid ""
20503
"Community support is also provided by dedicated individuals, and companies, "
20504
"that wish to make Ubuntu the best distribution possible. Support is provided "
20505
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
20506
"large amount of information available can be overwhelming, but a good search "
20507
"engine query can usually provide an answer to your questions. See the <ulink "
20508
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
20509
"information."
20510
msgstr ""
20511
20512
#: serverguide/C/installation.xml:14(para)
20513
msgid ""
20514
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
20515
"Edition. For more detailed instructions, please refer to the <ulink "
20516
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20517
"Installation Guide</ulink>."
20518
msgstr ""
20519
20520
#: serverguide/C/installation.xml:19(title)
20521
msgid "Preparing to Install"
20522
msgstr ""
20523
20524
#: serverguide/C/installation.xml:20(para)
20525
msgid ""
20526
"This section explains various aspects to consider before starting the "
20527
"installation."
20528
msgstr ""
20529
20530
#: serverguide/C/installation.xml:24(title)
20531
msgid "System Requirements"
20532
msgstr ""
20533
20534
#: serverguide/C/installation.xml:25(para)
20535
msgid ""
20536
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
20537
"and AMD64. The table below lists recommended hardware specifications. "
20538
"Depending on your needs, you might manage with less than this. However, most "
20539
"users risk being frustrated if they ignore these suggestions."
20540
msgstr ""
20541
20542
#: serverguide/C/installation.xml:27(title)
20543
msgid "Recommended Minimum Requirements"
20544
msgstr ""
20545
20546
#: serverguide/C/installation.xml:35(para)
20547
msgid "Install Type"
20548
msgstr ""
20549
20550
#: serverguide/C/installation.xml:36(para)
20551
msgid "RAM"
20552
msgstr ""
20553
20554
#: serverguide/C/installation.xml:37(para)
20555
msgid "Hard Drive Space"
20556
msgstr ""
20557
20558
#: serverguide/C/installation.xml:40(para)
20559
msgid "Base System"
20560
msgstr ""
20561
20562
#: serverguide/C/installation.xml:41(para)
20563
msgid "All Tasks Installed"
20564
msgstr ""
20565
20566
#: serverguide/C/installation.xml:46(para)
20567
msgid "Server"
20568
msgstr "เซิร์ฟเวอร์"
20569
20570
#: serverguide/C/installation.xml:47(para)
20571
msgid "128 megabytes"
20572
msgstr ""
20573
20574
#: serverguide/C/installation.xml:48(para)
20575
msgid "500 megabytes"
20576
msgstr ""
20577
20578
#: serverguide/C/installation.xml:49(para)
20579
msgid "1 gigabyte"
20580
msgstr ""
20581
20582
#: serverguide/C/installation.xml:54(para)
20583
msgid ""
20584
"The Server Edition provides a common base for all sorts of server "
20585
"applications. It is a minimalist design providing a platform for the desired "
20586
"services, such as file/print services, web hosting, email hosting, etc."
20587
msgstr ""
20588
20589
#: serverguide/C/installation.xml:60(para)
20590
msgid ""
20591
"The requirements for UEC are slightly different for Front End requirements "
20592
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
20593
"requirements see <xref linkend=\"uec-node-requirements\"/>."
20594
msgstr ""
20595
20596
#: serverguide/C/installation.xml:68(title)
20597
msgid "Server and Desktop Differences"
20598
msgstr ""
20599
20600
#: serverguide/C/installation.xml:69(para)
20601
msgid ""
20602
"There are a few differences between the <emphasis>Ubuntu Server "
20603
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
20604
"should be noted that both editions use the same "
20605
"<application>apt</application> repositories. Making it just as easy to "
20606
"install a <emphasis role=\"italic\">server</emphasis> application on the "
20607
"Desktop Edition as it is on the Server Edition."
20608
msgstr ""
20609
20610
#: serverguide/C/installation.xml:75(para)
20611
msgid ""
20612
"The differences between the two editions are the lack of an X window "
20613
"environment in the Server Edition, the installation process, and different "
20614
"Kernel options."
20615
msgstr ""
20616
20617
#: serverguide/C/installation.xml:82(title)
20618
msgid "Kernel Differences:"
20619
msgstr ""
20620
20621
#: serverguide/C/installation.xml:85(para)
20622
msgid ""
20623
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20624
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20625
"Edition."
20626
msgstr ""
20627
20628
#: serverguide/C/installation.xml:91(para)
20629
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20630
msgstr ""
20631
20632
#: serverguide/C/installation.xml:96(para)
20633
msgid ""
20634
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20635
"Desktop Edition."
20636
msgstr ""
20637
20638
#: serverguide/C/installation.xml:102(para)
20639
msgid ""
20640
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20641
"limited by memory addressing space."
20642
msgstr ""
20643
20644
#: serverguide/C/installation.xml:107(para)
20645
msgid ""
20646
"To see all kernel configuration options you can look through "
20647
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
20648
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
20649
"is a great resource on the options available."
20650
msgstr ""
20651
20652
#: serverguide/C/installation.xml:116(title)
20653
msgid "Backing Up"
20654
msgstr ""
20655
20656
#: serverguide/C/installation.xml:119(para)
20657
msgid ""
20658
"Before installing <application>Ubuntu Server Edition</application> you "
20659
"should make sure all data on the system is backed up. See <xref "
20660
"linkend=\"backups\"/> for backup options."
20661
msgstr ""
20662
20663
#: serverguide/C/installation.xml:123(para)
20664
msgid ""
20665
"If this is not the first time an operating system has been installed on your "
20666
"computer, it is likely you will need to re-partition your disk to make room "
20667
"for Ubuntu."
20668
msgstr ""
20669
20670
#: serverguide/C/installation.xml:127(para)
20671
msgid ""
20672
"Any time you partition your disk, you should be prepared to lose everything "
20673
"on the disk should you make a mistake or something goes wrong during "
20674
"partitioning. The programs used in installation are quite reliable, most "
20675
"have seen years of use, but they also perform destructive actions."
20676
msgstr ""
20677
20678
#: serverguide/C/installation.xml:139(title)
20679
msgid "Installing from CD"
20680
msgstr ""
20681
20682
#: serverguide/C/installation.xml:140(para)
20683
msgid ""
20684
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20685
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20686
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20687
"a graphical installation program. Instead the Server Edition uses a console "
20688
"menu based process."
20689
msgstr ""
20690
20691
#: serverguide/C/installation.xml:147(para)
20692
msgid ""
20693
"First, download and burn the appropriate ISO file from the <ulink "
20694
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20695
msgstr ""
20696
20697
#: serverguide/C/installation.xml:153(para)
20698
msgid "Boot the system from the CD-ROM drive."
20699
msgstr ""
20700
20701
#: serverguide/C/installation.xml:158(para)
20702
msgid ""
20703
"At the boot prompt you will be asked to select the language. Afterwards the "
20704
"installation process begins by asking for your keyboard layout."
20705
msgstr ""
20706
20707
#: serverguide/C/installation.xml:164(para)
20708
msgid ""
20709
"From the main boot menu there are some additional options to install Ubuntu "
20710
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20711
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20712
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20713
"will cover the basic Ubuntu Server install."
20714
msgstr ""
20715
20716
#: serverguide/C/installation.xml:172(para)
20717
msgid ""
20718
"The installer then discovers your hardware configuration, and configures the "
20719
"network settings using DHCP. If you do not wish to use DHCP at the next "
20720
"screen choose \"Go Back\", and you have the option to \"Configure the "
20721
"network manually\"."
20722
msgstr ""
20723
20724
#: serverguide/C/installation.xml:179(para)
20725
msgid "Next, the installer asks for the system's hostname and Time Zone."
20726
msgstr ""
20727
20728
#: serverguide/C/installation.xml:184(para)
20729
msgid ""
20730
"You can then choose from several options to configure the hard drive layout. "
20731
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20732
msgstr ""
20733
20734
#: serverguide/C/installation.xml:190(para)
20735
msgid "The Ubuntu base system is then installed."
20736
msgstr ""
20737
20738
#: serverguide/C/installation.xml:195(para)
20739
msgid ""
20740
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20741
"through the <application>sudo</application> utility."
20742
msgstr ""
20743
20744
#: serverguide/C/installation.xml:201(para)
20745
msgid ""
20746
"After the user is setup, you will be asked to encrypt your <filename "
20747
"role=\"directory\">home</filename> directory."
20748
msgstr ""
20749
20750
#: serverguide/C/installation.xml:207(para)
20751
msgid ""
20752
"The next step in the installation process is to decide how you want to "
20753
"update the system. There are three options:"
20754
msgstr ""
20755
20756
#: serverguide/C/installation.xml:213(para)
20757
msgid ""
20758
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20759
"log into the machine and manually install updates."
20760
msgstr ""
20761
20762
#: serverguide/C/installation.xml:219(para)
20763
msgid ""
20764
"<emphasis>Install security updates Automatically</emphasis>: will install "
20765
"the <application>unattended-upgrades</application> package, which will "
20766
"install security updates without the intervention of an administrator. For "
20767
"more details see <xref linkend=\"automatic-updates\"/>."
20768
msgstr ""
20769
20770
#: serverguide/C/installation.xml:226(para)
20771
msgid ""
20772
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20773
"service provided by Canonical to help manage your Ubuntu machines. See the "
20774
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20775
"site for details."
20776
msgstr ""
20777
20778
#: serverguide/C/installation.xml:235(para)
20779
msgid ""
20780
"You now have the option to install, or not install, several package tasks. "
20781
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20782
"to launch <application>aptitude</application> to choose specific packages to "
20783
"install. For more information see <xref linkend=\"aptitude\"/>."
20784
msgstr ""
20785
20786
#: serverguide/C/installation.xml:243(para)
20787
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20788
msgstr ""
20789
20790
#: serverguide/C/installation.xml:249(para)
20791
msgid ""
20792
"If at any point during installation you are not satisfied by the default "
20793
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20794
"detailed installation menu that will allow you to modify the default "
20795
"settings."
20796
msgstr ""
20797
20798
#: serverguide/C/installation.xml:254(para)
20799
msgid ""
20800
"At some point during the installation process you may want to read the help "
20801
"screen provided by the installation system. To do this, press F1."
20802
msgstr ""
20803
20804
#: serverguide/C/installation.xml:259(para)
20805
msgid ""
20806
"Once again, for detailed instructions see the <ulink "
20807
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
20808
"Installation Guide</ulink>."
20809
msgstr ""
20810
20811
#: serverguide/C/installation.xml:265(title)
20812
msgid "Package Tasks"
20813
msgstr ""
20814
20815
#: serverguide/C/installation.xml:266(para)
20816
msgid ""
20817
"During the Server Edition installation you have the option of installing "
20818
"additional packages from the CD. The packages are grouped by the type of "
20819
"service they provide."
20820
msgstr ""
20821
20822
#: serverguide/C/installation.xml:272(para)
20823
msgid "Cloud computing: Walrus storage service"
20824
msgstr ""
20825
20826
#: serverguide/C/installation.xml:277(para)
20827
msgid "Cloud computing: all-in-one cluster"
20828
msgstr ""
20829
20830
#: serverguide/C/installation.xml:282(para)
20831
msgid "Cloud computing: Cluster controller"
20832
msgstr ""
20833
20834
#: serverguide/C/installation.xml:287(para)
20835
msgid "Cloud computing: Node controller"
20836
msgstr ""
20837
20838
#: serverguide/C/installation.xml:292(para)
20839
msgid "Cloud computing: Storage controller"
20840
msgstr ""
20841
20842
#: serverguide/C/installation.xml:297(para)
20843
msgid "Cloud computing: top-level cloud controller"
20844
msgstr ""
20845
20846
#: serverguide/C/installation.xml:302(para)
20847
msgid "DNS server: Selects the BIND DNS server and its documentation."
20848
msgstr ""
20849
20850
#: serverguide/C/installation.xml:307(para)
20851
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20852
msgstr ""
20853
20854
#: serverguide/C/installation.xml:312(para)
20855
msgid ""
20856
"Mail server: This task selects a variety of package useful for a general "
20857
"purpose mail server system."
20858
msgstr ""
20859
20860
#: serverguide/C/installation.xml:317(para)
20861
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20862
msgstr ""
20863
20864
#: serverguide/C/installation.xml:322(para)
20865
msgid ""
20866
"PostgreSQL database: This task selects client and server packages for the "
20867
"PostgreSQL database."
20868
msgstr ""
20869
20870
#: serverguide/C/installation.xml:327(para)
20871
msgid "Print server: This task sets up your system to be a print server."
20872
msgstr ""
20873
20874
#: serverguide/C/installation.xml:332(para)
20875
msgid ""
20876
"Samba File server: This task sets up your system to be a Samba file server, "
20877
"which is especially suitable in networks with both Windows and Linux systems."
20878
msgstr ""
20879
20880
#: serverguide/C/installation.xml:338(para)
20881
msgid ""
20882
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20883
"etc."
20884
msgstr ""
20885
20886
#: serverguide/C/installation.xml:343(para)
20887
msgid ""
20888
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20889
msgstr ""
20890
20891
#: serverguide/C/installation.xml:348(para)
20892
msgid ""
20893
"Manually select packages: Executes <application>apptitude</application> "
20894
"allowing you to individually select packages."
20895
msgstr ""
20896
20897
#: serverguide/C/installation.xml:353(para)
20898
msgid ""
20899
"Installing the package groups is accomplished using the "
20900
"<application>tasksel</application> utility. One of the important difference "
20901
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20902
"installed, a package is also configured to reasonable defaults, eventually "
20903
"prompting you for additional required information. Likewise, when installing "
20904
"a task, the packages are not only installed, but also configured to provided "
20905
"a fully integrated service."
20906
msgstr ""
20907
20908
#: serverguide/C/installation.xml:360(para)
20909
msgid ""
20910
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20911
"<xref linkend=\"uec\"/>."
20912
msgstr ""
20913
20914
#: serverguide/C/installation.xml:363(para)
20915
msgid ""
20916
"Once the installation process has finished you can view a list of available "
20917
"tasks by entering the following from a terminal prompt:"
20918
msgstr ""
20919
20920
#: serverguide/C/installation.xml:368(command)
20921
msgid "tasksel --list-tasks"
20922
msgstr ""
20923
20924
#: serverguide/C/installation.xml:371(para)
20925
msgid ""
20926
"The output will list tasks from other Ubuntu based distributions such as "
20927
"Kubuntu and Edubuntu. Note that you can also invoke the "
20928
"<command>tasksel</command> command by itself, which will bring up a menu of "
20929
"the different tasks available."
20930
msgstr ""
20931
20932
#: serverguide/C/installation.xml:377(para)
20933
msgid ""
20934
"You can view a list of which packages are installed with each task using the "
20935
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20936
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20937
"following:"
20938
msgstr ""
20939
20940
#: serverguide/C/installation.xml:382(command)
20941
msgid "tasksel --task-packages dns-server"
20942
msgstr ""
20943
20944
#: serverguide/C/installation.xml:384(para)
20945
msgid "The output of the command should list:"
20946
msgstr ""
20947
20948
#: serverguide/C/installation.xml:387(programlisting)
20949
#, no-wrap
20950
msgid ""
20951
"\n"
20952
"bind9-doc \n"
20953
"bind9utils \n"
20954
"bind9\n"
20955
msgstr ""
20956
20957
#: serverguide/C/installation.xml:392(para)
20958
msgid ""
20959
"Also, if you did not install one of the tasks during the installation "
20960
"process, but for example you decide to make your new LAMP server a DNS "
20961
"server as well. Simply insert the installation CD and from a terminal:"
20962
msgstr ""
20963
20964
#: serverguide/C/installation.xml:397(command)
20965
msgid "sudo tasksel install dns-server"
20966
msgstr ""
20967
20968
#: serverguide/C/installation.xml:402(title)
20969
msgid "Upgrading"
20970
msgstr ""
20971
20972
#: serverguide/C/installation.xml:403(para)
20973
msgid ""
20974
"There are several ways to upgrade from one Ubuntu release to another. This "
20975
"section gives an overview of the recommended upgrade method."
20976
msgstr ""
20977
20978
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20979
msgid "do-release-upgrade"
20980
msgstr ""
20981
20982
#: serverguide/C/installation.xml:408(para)
20983
msgid ""
20984
"The recommended way to upgrade a Server Edition installation is to use the "
20985
"<application>do-release-upgrade</application> utility. Part of the "
20986
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20987
"graphical dependencies and is installed by default."
20988
msgstr ""
20989
20990
#: serverguide/C/installation.xml:413(para)
20991
msgid ""
20992
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20993
"upgrade</command>. However, using <application>do-release-"
20994
"upgrade</application> is recommended because it has the ability to handle "
20995
"system configuration changes sometimes needed between releases."
20996
msgstr ""
20997
20998
#: serverguide/C/installation.xml:418(para)
20999
msgid "To upgrade to a newer release, from a terminal prompt enter:"
21000
msgstr ""
21001
21002
#: serverguide/C/installation.xml:424(para)
21003
msgid ""
21004
"It is also possible to use <application>do-release-upgrade</application> to "
21005
"upgrade to a development version of Ubuntu. To accomplish this use the "
21006
"<emphasis>-d</emphasis> switch:"
21007
msgstr ""
21008
21009
#: serverguide/C/installation.xml:429(command)
21010
msgid "do-release-upgrade -d"
21011
msgstr ""
21012
21013
#: serverguide/C/installation.xml:432(para)
21014
msgid ""
21015
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
21016
"for production environments."
21017
msgstr ""
21018
21019
#: serverguide/C/installation.xml:439(title)
21020
msgid "Advanced Installation"
21021
msgstr ""
21022
21023
#: serverguide/C/installation.xml:442(title)
21024
msgid "Software RAID"
21025
msgstr ""
21026
21027
#: serverguide/C/installation.xml:444(para)
21028
msgid ""
21029
"RAID is a method of configuring multiple hard drives to act as one, reducing "
21030
"the probability of catastrophic data loss in case of drive failure. RAID is "
21031
"implemented in either software (where the operating system knows about both "
21032
"drives and actively maintains both of them) or hardware (where a special "
21033
"controller makes the OS think there's only one drive and maintains the "
21034
"drives 'invisibly')."
21035
msgstr ""
21036
21037
#: serverguide/C/installation.xml:451(para)
21038
msgid ""
21039
"The RAID software included with current versions of Linux (and Ubuntu) is "
21040
"based on the <application>'mdadm'</application> driver and works very well, "
21041
"better even than many so-called 'hardware' RAID controllers. This section "
21042
"will guide you through installing Ubuntu Server Edition using two RAID1 "
21043
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
21044
"another for <emphasis>swap</emphasis>."
21045
msgstr ""
21046
21047
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
21048
msgid ""
21049
"Follow the installation steps until you get to the <emphasis>Partition "
21050
"disks</emphasis> step, then:"
21051
msgstr ""
21052
21053
#: serverguide/C/installation.xml:468(para)
21054
msgid "Select <emphasis>Manual</emphasis> as the partition method."
21055
msgstr ""
21056
21057
#: serverguide/C/installation.xml:475(para)
21058
msgid ""
21059
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
21060
"partition table on this device?\"</emphasis>."
21061
msgstr ""
21062
21063
#: serverguide/C/installation.xml:479(para)
21064
msgid ""
21065
"Repeat this step for each drive you wish to be part of the RAID array."
21066
msgstr ""
21067
21068
#: serverguide/C/installation.xml:486(para)
21069
msgid ""
21070
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
21071
"select <emphasis>\"Create a new partition\"</emphasis>."
21072
msgstr ""
21073
21074
#: serverguide/C/installation.xml:493(para)
21075
msgid ""
21076
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
21077
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
21078
"size is twice that of RAM. Enter the partition size, then choose "
21079
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
21080
msgstr ""
21081
21082
#: serverguide/C/installation.xml:502(para)
21083
msgid ""
21084
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
21085
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
21086
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
21087
"<emphasis>\"Done setting up partition\"</emphasis>."
21088
msgstr ""
21089
21090
#: serverguide/C/installation.xml:511(para)
21091
msgid ""
21092
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
21093
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
21094
"partition\"</emphasis>."
21095
msgstr ""
21096
21097
#: serverguide/C/installation.xml:519(para)
21098
msgid ""
21099
"Use the rest of the free space on the drive and choose "
21100
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
21101
msgstr ""
21102
21103
#: serverguide/C/installation.xml:526(para)
21104
msgid ""
21105
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
21106
"at the top, changing it to <emphasis>\"physical volume for "
21107
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
21108
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
21109
"<emphasis>\"Done setting up partition\"</emphasis>."
21110
msgstr ""
21111
21112
#: serverguide/C/installation.xml:536(para)
21113
msgid "Repeat steps three through eight for the other disk and partitions."
21114
msgstr ""
21115
21116
#: serverguide/C/installation.xml:545(title)
21117
msgid "RAID Configuration"
21118
msgstr ""
21119
21120
#: serverguide/C/installation.xml:547(para)
21121
msgid "With the partitions setup the arrays are ready to be configured:"
21122
msgstr ""
21123
21124
#: serverguide/C/installation.xml:554(para)
21125
msgid ""
21126
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
21127
"Software RAID\"</emphasis> at the top."
21128
msgstr ""
21129
21130
#: serverguide/C/installation.xml:561(para)
21131
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
21132
msgstr ""
21133
21134
#: serverguide/C/installation.xml:568(para)
21135
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
21136
msgstr ""
21137
21138
#: serverguide/C/installation.xml:575(para)
21139
msgid ""
21140
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
21141
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
21142
msgstr ""
21143
21144
#: serverguide/C/installation.xml:581(para)
21145
msgid ""
21146
"In order to use <emphasis>RAID5</emphasis> you need at least "
21147
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
21148
"<emphasis>two</emphasis> drives are required."
21149
msgstr ""
21150
21151
#: serverguide/C/installation.xml:590(para)
21152
msgid ""
21153
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
21154
"of hard drives you have, for the array. Then select "
21155
"<emphasis>\"Continue\"</emphasis>."
21156
msgstr ""
21157
21158
#: serverguide/C/installation.xml:598(para)
21159
msgid ""
21160
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
21161
"default, then choose <emphasis>\"Continue\"</emphasis>."
21162
msgstr ""
21163
21164
#: serverguide/C/installation.xml:605(para)
21165
msgid ""
21166
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
21167
"etc. The numbers will usually match and the different letters correspond to "
21168
"different hard drives."
21169
msgstr ""
21170
21171
#: serverguide/C/installation.xml:610(para)
21172
msgid ""
21173
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
21174
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
21175
"go to the next step."
21176
msgstr ""
21177
21178
#: serverguide/C/installation.xml:618(para)
21179
msgid ""
21180
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
21181
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
21182
"and <emphasis>sdb2</emphasis>."
21183
msgstr ""
21184
21185
#: serverguide/C/installation.xml:626(para)
21186
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
21187
msgstr ""
21188
21189
#: serverguide/C/installation.xml:636(title)
21190
msgid "Formatting"
21191
msgstr ""
21192
21193
#: serverguide/C/installation.xml:638(para)
21194
msgid ""
21195
"There should now be a list of hard drives and RAID devices. The next step is "
21196
"to format and set the mount point for the RAID devices. Treat the RAID "
21197
"device as a local hard drive, format and mount accordingly."
21198
msgstr ""
21199
21200
#: serverguide/C/installation.xml:646(para)
21201
msgid ""
21202
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
21203
"#0\"</emphasis> partition."
21204
msgstr ""
21205
21206
#: serverguide/C/installation.xml:653(para)
21207
msgid ""
21208
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
21209
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
21210
msgstr ""
21211
21212
#: serverguide/C/installation.xml:661(para)
21213
msgid ""
21214
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
21215
"#1\"</emphasis> partition."
21216
msgstr ""
21217
21218
#: serverguide/C/installation.xml:668(para)
21219
msgid ""
21220
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
21221
"journaling file system\"</emphasis>."
21222
msgstr ""
21223
21224
#: serverguide/C/installation.xml:675(para)
21225
msgid ""
21226
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
21227
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
21228
"options as appropriate, then select <emphasis>\"Done setting up "
21229
"partition\"</emphasis>."
21230
msgstr ""
21231
21232
#: serverguide/C/installation.xml:683(para)
21233
msgid ""
21234
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21235
"disk\"</emphasis>."
21236
msgstr ""
21237
21238
#: serverguide/C/installation.xml:690(para)
21239
msgid ""
21240
"If you choose to place the root partition on a RAID array, the installer "
21241
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
21242
"state. See <xref linkend=\"raid-degraded\"/> for further details."
21243
msgstr ""
21244
21245
#: serverguide/C/installation.xml:695(para)
21246
msgid "The installation process will then continue normally."
21247
msgstr ""
21248
21249
#: serverguide/C/installation.xml:701(title)
21250
msgid "Degraded RAID"
21251
msgstr ""
21252
21253
#: serverguide/C/installation.xml:703(para)
21254
msgid ""
21255
"At some point in the life of the computer a disk failure event may occur. "
21256
"When this happens, using Software RAID, the operating system will place the "
21257
"array into what is known as a <emphasis>degraded</emphasis> state."
21258
msgstr ""
21259
21260
#: serverguide/C/installation.xml:708(para)
21261
msgid ""
21262
"If the array has become degraded, due to the chance of data corruption, by "
21263
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
21264
"after thirty seconds. Once the initramfs has booted there is a fifteen "
21265
"second prompt giving you the option to go ahead and boot the system, or "
21266
"attempt manual recover. Booting to the initramfs prompt may or may not be "
21267
"the desired behavior, especially if the machine is in a remote location. "
21268
"Booting to a degraded array can be configured several ways:"
21269
msgstr ""
21270
21271
#: serverguide/C/installation.xml:719(para)
21272
msgid ""
21273
"The <application>dpkg-reconfigure</application> utility can be used to "
21274
"configure the default behavior, and during the process you will be queried "
21275
"about additional settings related to the array. Such as monitoring, email "
21276
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
21277
"following:"
21278
msgstr ""
21279
21280
#: serverguide/C/installation.xml:726(command)
21281
msgid "sudo dpkg-reconfigure mdadm"
21282
msgstr ""
21283
21284
#: serverguide/C/installation.xml:732(para)
21285
msgid ""
21286
"The <command>dpkg-reconfigure mdadm</command> process will change the "
21287
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
21288
"The file has the advantage of being able to pre-configure the system's "
21289
"behavior, and can also be manually edited:"
21290
msgstr ""
21291
21292
#: serverguide/C/installation.xml:738(programlisting)
21293
#, no-wrap
21294
msgid ""
21295
"\n"
21296
"BOOT_DEGRADED=true\n"
21297
msgstr ""
21298
21299
#: serverguide/C/installation.xml:743(para)
21300
msgid "The configuration file can be overridden by using a Kernel argument."
21301
msgstr ""
21302
21303
#: serverguide/C/installation.xml:751(para)
21304
msgid ""
21305
"Using a Kernel argument will allow the system to boot to a degraded array as "
21306
"well:"
21307
msgstr ""
21308
21309
#: serverguide/C/installation.xml:757(para)
21310
msgid ""
21311
"When the server is booting press <keycap>Shift</keycap> to open the "
21312
"<application>Grub</application> menu."
21313
msgstr ""
21314
21315
#: serverguide/C/installation.xml:762(para)
21316
msgid "Press <keycap>e</keycap> to edit your kernel command options."
21317
msgstr ""
21318
21319
#: serverguide/C/installation.xml:767(para)
21320
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
21321
msgstr ""
21322
21323
#: serverguide/C/installation.xml:772(para)
21324
msgid ""
21325
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
21326
"end of the line."
21327
msgstr ""
21328
21329
#: serverguide/C/installation.xml:777(para)
21330
msgid ""
21331
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
21332
"the system."
21333
msgstr ""
21334
21335
#: serverguide/C/installation.xml:786(para)
21336
msgid ""
21337
"Once the system has booted you can either repair the array see <xref "
21338
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
21339
"another machine due to major hardware failure."
21340
msgstr ""
21341
21342
#: serverguide/C/installation.xml:793(title)
21343
msgid "RAID Maintenance"
21344
msgstr ""
21345
21346
#: serverguide/C/installation.xml:795(para)
21347
msgid ""
21348
"The <application>mdadm</application> utility can be used to view the status "
21349
"of an array, add disks to an array, remove disks, etc:"
21350
msgstr ""
21351
21352
#: serverguide/C/installation.xml:802(para)
21353
msgid "To view the status of an array, from a terminal prompt enter:"
21354
msgstr ""
21355
21356
#: serverguide/C/installation.xml:806(command)
21357
msgid "sudo mdadm -D /dev/md0"
21358
msgstr ""
21359
21360
#: serverguide/C/installation.xml:809(para)
21361
msgid ""
21362
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
21363
"display <emphasis>detailed</emphasis> information about the "
21364
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
21365
"with the appropriate RAID device."
21366
msgstr ""
21367
21368
#: serverguide/C/installation.xml:815(para)
21369
msgid "To view the status of a disk in an array:"
21370
msgstr ""
21371
21372
#: serverguide/C/installation.xml:819(command)
21373
msgid "sudo mdadm -E /dev/sda1"
21374
msgstr ""
21375
21376
#: serverguide/C/installation.xml:821(para)
21377
msgid ""
21378
"The output if very similar to the <command>mdadm -D</command> command, "
21379
"adjust <filename>/dev/sda1</filename> for each disk."
21380
msgstr ""
21381
21382
#: serverguide/C/installation.xml:826(para)
21383
msgid "If a disk fails and needs to be removed from an array enter:"
21384
msgstr ""
21385
21386
#: serverguide/C/installation.xml:830(command)
21387
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
21388
msgstr ""
21389
21390
#: serverguide/C/installation.xml:832(para)
21391
msgid ""
21392
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
21393
"the appropriate RAID device and disk."
21394
msgstr ""
21395
21396
#: serverguide/C/installation.xml:837(para)
21397
msgid "Similarly, to add a new disk:"
21398
msgstr ""
21399
21400
#: serverguide/C/installation.xml:841(command)
21401
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
21402
msgstr ""
21403
21404
#: serverguide/C/installation.xml:846(para)
21405
msgid ""
21406
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
21407
"though there is nothing physically wrong with the drive. It is usually "
21408
"worthwhile to remove the drive from the array then re-add it. This will "
21409
"cause the drive to re-sync with the array. If the drive will not sync with "
21410
"the array, it is a good indication of hardware failure."
21411
msgstr ""
21412
21413
#: serverguide/C/installation.xml:852(para)
21414
msgid ""
21415
"The <filename>/proc/mdstat</filename> file also contains useful information "
21416
"about the system's RAID devices:"
21417
msgstr ""
21418
21419
#: serverguide/C/installation.xml:857(command)
21420
msgid "cat /proc/mdstat"
21421
msgstr ""
21422
21423
#: serverguide/C/installation.xml:858(computeroutput)
21424
#, no-wrap
21425
msgid ""
21426
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
21427
"[raid10] \n"
21428
"md0 : active raid1 sda1[0] sdb1[1]\n"
21429
" 10016384 blocks [2/2] [UU]\n"
21430
" \n"
21431
"unused devices: <none>"
21432
msgstr ""
21433
21434
#: serverguide/C/installation.xml:865(para)
21435
msgid ""
21436
"The following command is great for watching the status of a syncing drive:"
21437
msgstr ""
21438
21439
#: serverguide/C/installation.xml:870(command)
21440
msgid "watch -n1 cat /proc/mdstat"
21441
msgstr ""
21442
21443
#: serverguide/C/installation.xml:873(para)
21444
msgid ""
21445
"Press <emphasis>Ctrl+c</emphasis> to stop the "
21446
"<application>watch</application> command."
21447
msgstr ""
21448
21449
#: serverguide/C/installation.xml:877(para)
21450
msgid ""
21451
"If you do need to replace a faulty drive, after the drive has been replaced "
21452
"and synced, <application>grub</application> will need to be installed. To "
21453
"install <application>grub</application> on the new drive, enter the "
21454
"following:"
21455
msgstr ""
21456
21457
#: serverguide/C/installation.xml:883(command)
21458
msgid "sudo grub-install /dev/md0"
21459
msgstr ""
21460
21461
#: serverguide/C/installation.xml:886(para)
21462
msgid ""
21463
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
21464
msgstr ""
21465
21466
#: serverguide/C/installation.xml:894(para)
21467
msgid ""
21468
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
21469
"can be configured. Please see the following links for more information:"
21470
msgstr ""
21471
21472
#: serverguide/C/installation.xml:901(para)
21473
msgid ""
21474
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
21475
"Wiki Articles on RAID</ulink>."
21476
msgstr ""
21477
21478
#: serverguide/C/installation.xml:907(ulink)
21479
msgid "Software RAID HOWTO"
21480
msgstr ""
21481
21482
#: serverguide/C/installation.xml:912(ulink)
21483
msgid "Managing RAID on Linux"
21484
msgstr ""
21485
21486
#: serverguide/C/installation.xml:919(title)
21487
msgid "Logical Volume Manager (LVM)"
21488
msgstr ""
21489
21490
#: serverguide/C/installation.xml:921(para)
21491
msgid ""
21492
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
21493
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
21494
"hard disks. LVM volumes can be created on both software RAID partitions and "
21495
"standard partitions residing on a single disk. Volumes can also be extended, "
21496
"giving greater flexibility to systems as requirements change."
21497
msgstr ""
21498
21499
#: serverguide/C/installation.xml:930(para)
21500
msgid ""
21501
"A side effect of LVM's power and flexibility is a greater degree of "
21502
"complication. Before diving into the LVM installation process, it is best to "
21503
"get familiar with some terms."
21504
msgstr ""
21505
21506
#: serverguide/C/installation.xml:937(para)
21507
msgid ""
21508
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
21509
"Volumes (LV)."
21510
msgstr ""
21511
21512
#: serverguide/C/installation.xml:942(para)
21513
msgid ""
21514
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
21515
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
21516
"which resides the actual EXT3, XFS, JFS, etc filesystem."
21517
msgstr ""
21518
21519
#: serverguide/C/installation.xml:948(para)
21520
msgid ""
21521
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
21522
"RAID partition. The Volume Group can be extended by adding more PVs."
21523
msgstr ""
21524
21525
#: serverguide/C/installation.xml:959(para)
21526
msgid ""
21527
"As an example this section covers installing Ubuntu Server Edition with "
21528
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
21529
"the initial install only one Physical Volume (PV) will be part of the Volume "
21530
"Group (VG). Another PV will be added after install to demonstrate how a VG "
21531
"can be extended."
21532
msgstr ""
21533
21534
#: serverguide/C/installation.xml:965(para)
21535
msgid ""
21536
"There are several installation options for LVM, <emphasis>\"Guided - use the "
21537
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
21538
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
21539
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
21540
"partitions and configure LVM. At this time the only way to configure a "
21541
"system with both LVM and standard partitions, during installation, is to use "
21542
"the Manual approach."
21543
msgstr ""
21544
21545
#: serverguide/C/installation.xml:982(para)
21546
msgid ""
21547
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
21548
"<emphasis>\"Manual\"</emphasis>."
21549
msgstr ""
21550
21551
#: serverguide/C/installation.xml:989(para)
21552
msgid ""
21553
"Select the hard disk and on the next screen choose \"yes\" to "
21554
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
21555
msgstr ""
21556
21557
#: serverguide/C/installation.xml:996(para)
21558
msgid ""
21559
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
21560
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
21561
msgstr ""
21562
21563
#: serverguide/C/installation.xml:1004(para)
21564
msgid ""
21565
"For the LVM <emphasis>/srv</emphasis>, create a new "
21566
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
21567
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
21568
"<emphasis>\"Done setting up the partition\"</emphasis>."
21569
msgstr ""
21570
21571
#: serverguide/C/installation.xml:1012(para)
21572
msgid ""
21573
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
21574
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
21575
"disk."
21576
msgstr ""
21577
21578
#: serverguide/C/installation.xml:1020(para)
21579
msgid ""
21580
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
21581
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
21582
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
21583
"After entering a name, select the partition configured for LVM, and choose "
21584
"<emphasis>\"Continue\"</emphasis>."
21585
msgstr ""
21586
21587
#: serverguide/C/installation.xml:1029(para)
21588
msgid ""
21589
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
21590
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
21591
"volume group, and enter a name for the new LV, for example "
21592
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
21593
"a size, which may be the full partition because it can always be extended "
21594
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
21595
"main <emphasis>\"Partition Disks\"</emphasis> screen."
21596
msgstr ""
21597
21598
#: serverguide/C/installation.xml:1039(para)
21599
msgid ""
21600
"Now add a filesystem to the new LVM. Select the partition under "
21601
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
21602
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
21603
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
21604
"select <emphasis>\"Done setting up the partition\"</emphasis>."
21605
msgstr ""
21606
21607
#: serverguide/C/installation.xml:1048(para)
21608
msgid ""
21609
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21610
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
21611
"the installation."
21612
msgstr ""
21613
21614
#: serverguide/C/installation.xml:1056(para)
21615
msgid "There are some useful utilities to view information about LVM:"
21616
msgstr ""
21617
21618
#: serverguide/C/installation.xml:1061(para)
21619
msgid ""
21620
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21621
msgstr ""
21622
21623
#: serverguide/C/installation.xml:1062(para)
21624
msgid ""
21625
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21626
msgstr ""
21627
21628
#: serverguide/C/installation.xml:1063(para)
21629
msgid ""
21630
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21631
"Physical Volumes."
21632
msgstr ""
21633
21634
#: serverguide/C/installation.xml:1068(title)
21635
msgid "Extending Volume Groups"
21636
msgstr ""
21637
21638
#: serverguide/C/installation.xml:1070(para)
21639
msgid ""
21640
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21641
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21642
"adding it to the volume group (VG), extending the logical volume <filename "
21643
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21644
"example assumes a second hard disk has been added to the system. This hard "
21645
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21646
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21647
"before issuing the commands below. You could lose some data if you issue "
21648
"those commands on a non-empty disk. In our example we will use the entire "
21649
"disk as a physical volume (you could choose to create partitions and use "
21650
"them as different physical volumes)"
21651
msgstr ""
21652
21653
#: serverguide/C/installation.xml:1082(para)
21654
msgid "First, create the physical volume, in a terminal execute:"
21655
msgstr ""
21656
21657
#: serverguide/C/installation.xml:1087(command)
21658
msgid "sudo pvcreate /dev/sdb"
21659
msgstr ""
21660
21661
#: serverguide/C/installation.xml:1093(para)
21662
msgid "Now extend the Volume Group (VG):"
21663
msgstr ""
21664
21665
#: serverguide/C/installation.xml:1098(command)
21666
msgid "sudo vgextend vg01 /dev/sdb"
21667
msgstr ""
21668
21669
#: serverguide/C/installation.xml:1104(para)
21670
msgid ""
21671
"Use <application>vgdisplay</application> to find out the free physical "
21672
"extents - Free PE / size (the size you can allocate). We will assume a free "
21673
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21674
"whole free space available. Use your own PE and/or free space."
21675
msgstr ""
21676
21677
#: serverguide/C/installation.xml:1110(para)
21678
msgid ""
21679
"The Logical Volume (LV) can now be extended by different methods, we will "
21680
"only see how to use the PE to extend the LV:"
21681
msgstr ""
21682
21683
#: serverguide/C/installation.xml:1115(command)
21684
msgid "sudo lvextend /dev/vg01/srv -l +511"
21685
msgstr ""
21686
21687
#: serverguide/C/installation.xml:1118(para)
21688
msgid ""
21689
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21690
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21691
"Gig, Tera, etc bytes."
21692
msgstr ""
21693
21694
#: serverguide/C/installation.xml:1126(para)
21695
msgid ""
21696
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21697
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21698
"practice to unmount it anyway and check the filesystem, so that you don't "
21699
"mess up the day you want to reduce a logical volume (in that case unmounting "
21700
"first is compulsory)."
21701
msgstr ""
21702
21703
#: serverguide/C/installation.xml:1132(para)
21704
msgid ""
21705
"The following commands are for an <emphasis>EXT3</emphasis> or "
21706
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21707
"there may be other utilities available."
21708
msgstr ""
21709
21710
#: serverguide/C/installation.xml:1139(command)
21711
msgid "sudo e2fsck -f /dev/vg01/srv"
21712
msgstr ""
21713
21714
#: serverguide/C/installation.xml:1142(para)
21715
msgid ""
21716
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21717
"forces checking even if the system seems clean."
21718
msgstr ""
21719
21720
#: serverguide/C/installation.xml:1149(para)
21721
msgid "Finally, resize the filesystem:"
21722
msgstr ""
21723
21724
#: serverguide/C/installation.xml:1154(command)
21725
msgid "sudo resize2fs /dev/vg01/srv"
21726
msgstr ""
21727
21728
#: serverguide/C/installation.xml:1160(para)
21729
msgid "Now mount the partition and check its size."
21730
msgstr ""
21731
21732
#: serverguide/C/installation.xml:1165(command)
21733
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21734
msgstr ""
21735
21736
#: serverguide/C/installation.xml:1177(para)
21737
msgid ""
21738
"See the <ulink "
21739
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21740
"Articles</ulink>."
21741
msgstr ""
21742
21743
#: serverguide/C/installation.xml:1182(para)
21744
msgid ""
21745
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21746
"HOWTO</ulink> for more information."
21747
msgstr ""
21748
21749
#: serverguide/C/installation.xml:1187(para)
21750
msgid ""
21751
"Another good article is <ulink "
21752
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21753
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21754
"linuxdevcenter.com site."
21755
msgstr ""
21756
21757
#: serverguide/C/installation.xml:1194(para)
21758
msgid ""
21759
"For more information on <application>fdisk</application> see the <ulink "
21760
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
21761
"sk man page</ulink>."
21762
msgstr ""
21763
21764
#: serverguide/C/file-server.xml:13(title)
21765
msgid "File Servers"
21766
msgstr ""
21767
21768
#: serverguide/C/file-server.xml:15(para)
21769
msgid ""
21770
"If you have more than one computer on a single network. At some point you "
21771
"will probably need to share files between them. In this section we cover "
21772
"installing and configuring FTP, NFS, and CUPS."
21773
msgstr ""
21774
21775
#: serverguide/C/file-server.xml:22(title)
21776
msgid "FTP Server"
21777
msgstr ""
21778
21779
#: serverguide/C/file-server.xml:24(para)
21780
msgid ""
21781
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21782
"files between computers. FTP works on a client/server model. The server "
21783
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21784
"listens for FTP requests from remote clients. When a request is received, it "
21785
"manages the login and sets up the connection. For the duration of the "
21786
"session it executes any of commands sent by the FTP client."
21787
msgstr ""
21788
21789
#: serverguide/C/file-server.xml:33(para)
21790
msgid "Access to an FTP server can be managed in two ways:"
21791
msgstr ""
21792
21793
#: serverguide/C/file-server.xml:37(para)
21794
msgid "Anonymous"
21795
msgstr ""
21796
21797
#: serverguide/C/file-server.xml:40(para)
21798
msgid "Authenticated"
21799
msgstr ""
21800
21801
#: serverguide/C/file-server.xml:43(para)
21802
msgid ""
21803
"In the Anonymous mode, remote clients can access the FTP server by using the "
21804
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21805
"address as the password. In the Authenticated mode a user must have an "
21806
"account and a password. User access to the FTP server directories and files "
21807
"is dependent on the permissions defined for the account used at login. As a "
21808
"general rule, the FTP daemon will hide the root directory of the FTP server "
21809
"and change it to the FTP Home directory. This hides the rest of the file "
21810
"system from remote sessions."
21811
msgstr ""
21812
21813
#: serverguide/C/file-server.xml:55(title)
21814
msgid "vsftpd - FTP Server Installation"
21815
msgstr ""
21816
21817
#: serverguide/C/file-server.xml:57(para)
21818
msgid ""
21819
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21820
"and maintain. To install <application>vsftpd</application> you can run the "
21821
"following command:"
21822
msgstr ""
21823
21824
#: serverguide/C/file-server.xml:65(command)
21825
msgid "sudo apt-get install vsftpd"
21826
msgstr ""
21827
21828
#: serverguide/C/file-server.xml:71(title)
21829
msgid "Anonymous FTP Configuration"
21830
msgstr ""
21831
21832
#: serverguide/C/file-server.xml:73(para)
21833
msgid ""
21834
"By default <application>vsftpd</application> is configured to only allow "
21835
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21836
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21837
"default FTP directory."
21838
msgstr ""
21839
21840
#: serverguide/C/file-server.xml:80(para)
21841
msgid ""
21842
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21843
"example, simply create a directory in another location and change the "
21844
"<emphasis>ftp</emphasis> user's home directory:"
21845
msgstr ""
21846
21847
#: serverguide/C/file-server.xml:87(command)
21848
msgid "sudo mkdir /srv/ftp"
21849
msgstr ""
21850
21851
#: serverguide/C/file-server.xml:88(command)
21852
msgid "sudo usermod -d /srv/ftp ftp"
21853
msgstr ""
21854
21855
#: serverguide/C/file-server.xml:91(para)
21856
msgid "After making the change restart <application>vsftpd</application>:"
21857
msgstr ""
21858
21859
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21860
msgid "sudo /etc/init.d/vsftpd restart"
21861
msgstr ""
21862
21863
#: serverguide/C/file-server.xml:99(para)
21864
msgid ""
21865
"Finally, copy any files and directories you would like to make available "
21866
"through anonymous FTP to <filename>/srv/ftp</filename>."
21867
msgstr ""
21868
21869
#: serverguide/C/file-server.xml:106(title)
21870
msgid "User Authenticated FTP Configuration"
21871
msgstr ""
21872
21873
#: serverguide/C/file-server.xml:108(para)
21874
msgid ""
21875
"To configure <application>vsftpd</application> to authenticate system users "
21876
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21877
msgstr ""
21878
21879
#: serverguide/C/file-server.xml:114(programlisting)
21880
#, no-wrap
21881
msgid ""
21882
"\n"
21883
"local_enable=YES\n"
21884
"write_enable=YES\n"
21885
msgstr ""
21886
21887
#: serverguide/C/file-server.xml:119(para)
21888
msgid "Now restart <application>vsftpd</application>:"
21889
msgstr ""
21890
21891
#: serverguide/C/file-server.xml:127(para)
21892
msgid ""
21893
"Now when system users login to FTP they will start in their "
21894
"<emphasis>home</emphasis> directories where they can download, upload, "
21895
"create directories, etc."
21896
msgstr ""
21897
21898
#: serverguide/C/file-server.xml:133(para)
21899
msgid ""
21900
"Similarly, by default, the anonymous users are not allowed to upload files "
21901
"to FTP server. To change this setting, you should uncomment the following "
21902
"line, and restart <application>vsftpd</application>:"
21903
msgstr ""
21904
21905
#: serverguide/C/file-server.xml:140(programlisting)
21906
#, no-wrap
21907
msgid ""
21908
"\n"
21909
"anon_upload_enable=YES\n"
21910
msgstr ""
21911
21912
#: serverguide/C/file-server.xml:145(para)
21913
msgid ""
21914
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21915
"not enable anonymous upload on servers accessed directly from the Internet."
21916
msgstr ""
21917
21918
#: serverguide/C/file-server.xml:151(para)
21919
msgid ""
21920
"The configuration file consists of many configuration parameters. The "
21921
"information about each parameter is available in the configuration file. "
21922
"Alternatively, you can refer to the man page, <command>man 5 "
21923
"vsftpd.conf</command> for details of each parameter."
21924
msgstr ""
21925
21926
#: serverguide/C/file-server.xml:162(title)
21927
msgid "Securing FTP"
21928
msgstr ""
21929
21930
#: serverguide/C/file-server.xml:164(para)
21931
msgid ""
21932
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21933
"<application>vsftpd</application> more secure. For example users can be "
21934
"limited to their home directories by uncommenting:"
21935
msgstr ""
21936
21937
#: serverguide/C/file-server.xml:170(programlisting)
21938
#, no-wrap
21939
msgid ""
21940
"\n"
21941
"chroot_local_user=YES\n"
21942
msgstr ""
21943
21944
#: serverguide/C/file-server.xml:174(para)
21945
msgid ""
21946
"You can also limit a specific list of users to just their home directories:"
21947
msgstr ""
21948
21949
#: serverguide/C/file-server.xml:178(programlisting)
21950
#, no-wrap
21951
msgid ""
21952
"\n"
21953
"chroot_list_enable=YES\n"
21954
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21955
msgstr ""
21956
21957
#: serverguide/C/file-server.xml:183(para)
21958
msgid ""
21959
"After uncommenting the above options, create a "
21960
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21961
"per line. Then restart <application>vsftpd</application>:"
21962
msgstr ""
21963
21964
#: serverguide/C/file-server.xml:192(para)
21965
msgid ""
21966
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21967
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21968
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21969
"add them to the list."
21970
msgstr ""
21971
21972
#: serverguide/C/file-server.xml:199(para)
21973
msgid ""
21974
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21975
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21976
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21977
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21978
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21979
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21980
"with a shell may not be ideal for some environments, such as a shared web "
21981
"host."
21982
msgstr ""
21983
21984
#: serverguide/C/file-server.xml:208(para)
21985
msgid ""
21986
"To configure <emphasis>FTPS</emphasis>, edit "
21987
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21988
msgstr ""
21989
21990
#: serverguide/C/file-server.xml:212(programlisting)
21991
#, no-wrap
21992
msgid ""
21993
"\n"
21994
"ssl_enable=Yes\n"
21995
msgstr ""
21996
21997
#: serverguide/C/file-server.xml:216(para)
21998
msgid "Also, notice the certificate and key related options:"
21999
msgstr ""
22000
22001
#: serverguide/C/file-server.xml:220(programlisting)
22002
#, no-wrap
22003
msgid ""
22004
"\n"
22005
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
22006
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
22007
msgstr ""
22008
22009
#: serverguide/C/file-server.xml:225(para)
22010
msgid ""
22011
"By default these options are set the certificate and key provided by the "
22012
"<application>ssl-cert</application> package. In a production environment "
22013
"these should be replaced with a certificate and key generated for the "
22014
"specific host. For more information on certificates see <xref "
22015
"linkend=\"certificates-and-security\"/>."
22016
msgstr ""
22017
22018
#: serverguide/C/file-server.xml:231(para)
22019
msgid ""
22020
"Now restart <application>vsftpd</application>, and non-anonymous users will "
22021
"be forced to use <emphasis>FTPS</emphasis>:"
22022
msgstr ""
22023
22024
#: serverguide/C/file-server.xml:240(para)
22025
msgid ""
22026
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
22027
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
22028
"adding the <emphasis>nologin</emphasis> shell:"
22029
msgstr ""
22030
22031
#: serverguide/C/file-server.xml:245(programlisting)
22032
#, no-wrap
22033
msgid ""
22034
"\n"
22035
"# /etc/shells: valid login shells\n"
22036
"/bin/csh\n"
22037
"/bin/sh\n"
22038
"/usr/bin/es\n"
22039
"/usr/bin/ksh\n"
22040
"/bin/ksh\n"
22041
"/usr/bin/rc\n"
22042
"/usr/bin/tcsh\n"
22043
"/bin/tcsh\n"
22044
"/usr/bin/esh\n"
22045
"/bin/dash\n"
22046
"/bin/bash\n"
22047
"/bin/rbash\n"
22048
"/usr/bin/screen\n"
22049
"/usr/sbin/nologin\n"
22050
msgstr ""
22051
22052
#: serverguide/C/file-server.xml:263(para)
22053
msgid ""
22054
"This is necessary because, by default <application>vsftpd</application> uses "
22055
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
22056
"configuration file contains:"
22057
msgstr ""
22058
22059
#: serverguide/C/file-server.xml:268(programlisting)
22060
#, no-wrap
22061
msgid ""
22062
"\n"
22063
"auth required pam_shells.so\n"
22064
msgstr ""
22065
22066
#: serverguide/C/file-server.xml:272(para)
22067
msgid ""
22068
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
22069
"in the <filename>/etc/shells</filename> file."
22070
msgstr ""
22071
22072
#: serverguide/C/file-server.xml:277(para)
22073
msgid ""
22074
"Most popular FTP clients can be configured connect using FTPS. The "
22075
"<application>lftp</application> command line FTP client has the ability to "
22076
"use FTPS as well."
22077
msgstr ""
22078
22079
#: serverguide/C/file-server.xml:288(para)
22080
msgid ""
22081
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
22082
"website</ulink> for more information."
22083
msgstr ""
22084
22085
#: serverguide/C/file-server.xml:293(para)
22086
msgid ""
22087
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
22088
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
22089
"\">vsftpd.conf man page</ulink>."
22090
msgstr ""
22091
22092
#: serverguide/C/file-server.xml:299(para)
22093
msgid ""
22094
"The CodeGurus article <ulink "
22095
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
22096
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
22097
"contrasting FTPS and SFTP."
22098
msgstr ""
22099
22100
#: serverguide/C/file-server.xml:305(para)
22101
msgid ""
22102
"Also, for more information see the <ulink "
22103
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
22104
"page."
22105
msgstr ""
22106
22107
#: serverguide/C/file-server.xml:315(title)
22108
msgid "Network File System (NFS)"
22109
msgstr ""
22110
22111
#: serverguide/C/file-server.xml:316(para)
22112
msgid ""
22113
"NFS allows a system to share directories and files with others over a "
22114
"network. By using NFS, users and programs can access files on remote systems "
22115
"almost as if they were local files."
22116
msgstr ""
22117
22118
#: serverguide/C/file-server.xml:322(para)
22119
msgid "Some of the most notable benefits that NFS can provide are:"
22120
msgstr ""
22121
22122
#: serverguide/C/file-server.xml:328(para)
22123
msgid ""
22124
"Local workstations use less disk space because commonly used data can be "
22125
"stored on a single machine and still remain accessible to others over the "
22126
"network."
22127
msgstr ""
22128
22129
#: serverguide/C/file-server.xml:333(para)
22130
msgid ""
22131
"There is no need for users to have separate home directories on every "
22132
"network machine. Home directories could be set up on the NFS server and made "
22133
"available throughout the network."
22134
msgstr ""
22135
22136
#: serverguide/C/file-server.xml:339(para)
22137
msgid ""
22138
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
22139
"be used by other machines on the network. This may reduce the number of "
22140
"removable media drives throughout the network."
22141
msgstr ""
22142
22143
#: serverguide/C/file-server.xml:349(para)
22144
msgid ""
22145
"At a terminal prompt enter the following command to install the NFS Server:"
22146
msgstr ""
22147
22148
#: serverguide/C/file-server.xml:355(command)
22149
msgid "sudo apt-get install nfs-kernel-server"
22150
msgstr ""
22151
22152
#: serverguide/C/file-server.xml:361(para)
22153
msgid ""
22154
"You can configure the directories to be exported by adding them to the "
22155
"<filename>/etc/exports</filename> file. For example:"
22156
msgstr ""
22157
22158
#: serverguide/C/file-server.xml:366(screen)
22159
#, no-wrap
22160
msgid ""
22161
"\n"
22162
"/ubuntu *(ro,sync,no_root_squash)\n"
22163
"/home *(rw,sync,no_root_squash)\n"
22164
msgstr ""
22165
22166
#: serverguide/C/file-server.xml:372(para)
22167
msgid ""
22168
"You can replace * with one of the hostname formats. Make the hostname "
22169
"declaration as specific as possible so unwanted systems cannot access the "
22170
"NFS mount."
22171
msgstr ""
22172
22173
#: serverguide/C/file-server.xml:378(para)
22174
msgid ""
22175
"To start the NFS server, you can run the following command at a terminal "
22176
"prompt:"
22177
msgstr ""
22178
22179
#: serverguide/C/file-server.xml:383(command)
22180
msgid "sudo /etc/init.d/nfs-kernel-server start"
22181
msgstr ""
22182
22183
#: serverguide/C/file-server.xml:388(title)
22184
msgid "NFS Client Configuration"
22185
msgstr ""
22186
22187
#: serverguide/C/file-server.xml:389(para)
22188
msgid ""
22189
"Use the <application>mount</application> command to mount a shared NFS "
22190
"directory from another machine, by typing a command line similar to the "
22191
"following at a terminal prompt:"
22192
msgstr ""
22193
22194
#: serverguide/C/file-server.xml:395(command)
22195
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
22196
msgstr ""
22197
22198
#: serverguide/C/file-server.xml:399(para)
22199
msgid ""
22200
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
22201
"There should be no files or subdirectories in the "
22202
"<filename>/local/ubuntu</filename> directory."
22203
msgstr ""
22204
22205
#: serverguide/C/file-server.xml:406(para)
22206
msgid ""
22207
"An alternate way to mount an NFS share from another machine is to add a line "
22208
"to the <filename>/etc/fstab</filename> file. The line must state the "
22209
"hostname of the NFS server, the directory on the server being exported, and "
22210
"the directory on the local machine where the NFS share is to be mounted."
22211
msgstr ""
22212
22213
#: serverguide/C/file-server.xml:414(para)
22214
msgid ""
22215
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
22216
"as follows:"
22217
msgstr ""
22218
22219
#: serverguide/C/file-server.xml:420(programlisting)
22220
#, no-wrap
22221
msgid ""
22222
"\n"
22223
"example.hostname.com:/ubuntu /local/ubuntu nfs "
22224
"rsize=8192,wsize=8192,timeo=14,intr\n"
22225
msgstr ""
22226
22227
#: serverguide/C/file-server.xml:424(para)
22228
msgid ""
22229
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
22230
"common</application> package is installed on your client. To install "
22231
"<application>nfs-common</application> enter the following command at the "
22232
"terminal prompt: <screen>\n"
22233
"<command>sudo apt-get install nfs-common</command>\n"
22234
"</screen>"
22235
msgstr ""
22236
22237
#: serverguide/C/file-server.xml:437(ulink)
22238
msgid "Linux NFS faq"
22239
msgstr ""
22240
22241
#: serverguide/C/file-server.xml:439(ulink)
22242
msgid "Ubuntu Wiki NFS Howto"
22243
msgstr ""
22244
22245
#: serverguide/C/file-server.xml:445(title)
22246
msgid "CUPS - Print Server"
22247
msgstr ""
22248
22249
#: serverguide/C/file-server.xml:446(para)
22250
msgid ""
22251
"The primary mechanism for Ubuntu printing and print services is the "
22252
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
22253
"printing system is a freely available, portable printing layer which has "
22254
"become the new standard for printing in most Linux distributions."
22255
msgstr ""
22256
22257
#: serverguide/C/file-server.xml:453(para)
22258
msgid ""
22259
"CUPS manages print jobs and queues and provides network printing using the "
22260
"standard Internet Printing Protocol (IPP), while offering support for a very "
22261
"large range of printers, from dot-matrix to laser and many in between. CUPS "
22262
"also supports PostScript Printer Description (PPD) and auto-detection of "
22263
"network printers, and features a simple web-based configuration and "
22264
"administration tool."
22265
msgstr ""
22266
22267
#: serverguide/C/file-server.xml:463(para)
22268
msgid ""
22269
"To install CUPS on your Ubuntu computer, simply use "
22270
"<application>sudo</application> with the <application>apt-get</application> "
22271
"command and give the packages to install as the first parameter. A complete "
22272
"CUPS install has many package dependencies, but they may all be specified on "
22273
"the same command line. Enter the following at a terminal prompt to install "
22274
"CUPS:"
22275
msgstr ""
22276
22277
#: serverguide/C/file-server.xml:468(command)
22278
msgid "sudo apt-get install cups"
22279
msgstr ""
22280
22281
#: serverguide/C/file-server.xml:471(para)
22282
msgid ""
22283
"Upon authenticating with your user password, the packages should be "
22284
"downloaded and installed without error. Upon the conclusion of installation, "
22285
"the CUPS server will be started automatically."
22286
msgstr ""
22287
22288
#: serverguide/C/file-server.xml:476(para)
22289
msgid ""
22290
"For troubleshooting purposes, you can access CUPS server errors via the "
22291
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
22292
"error log does not show enough information to troubleshoot any problems you "
22293
"encounter, the verbosity of the CUPS log can be increased by changing the "
22294
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
22295
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
22296
"everything, from the default of \"info\". If you make this change, remember "
22297
"to change it back once you've solved your problem, to prevent the log file "
22298
"from becoming overly large."
22299
msgstr ""
22300
22301
#: serverguide/C/file-server.xml:489(para)
22302
msgid ""
22303
"The Common UNIX Printing System server's behavior is configured through the "
22304
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
22305
"The CUPS configuration file follows the same syntax as the primary "
22306
"configuration file for the Apache HTTP server, so users familiar with "
22307
"editing Apache's configuration file should feel at ease when editing the "
22308
"CUPS configuration file. Some examples of settings you may wish to change "
22309
"initially will be presented here."
22310
msgstr ""
22311
22312
#: serverguide/C/file-server.xml:499(para)
22313
msgid ""
22314
"Prior to editing the configuration file, you should make a copy of the "
22315
"original file and protect it from writing, so you will have the original "
22316
"settings as a reference, and to reuse as necessary."
22317
msgstr ""
22318
22319
#: serverguide/C/file-server.xml:503(para)
22320
msgid ""
22321
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
22322
"writing with the following commands, issued at a terminal prompt:"
22323
msgstr ""
22324
22325
#: serverguide/C/file-server.xml:509(command)
22326
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
22327
msgstr ""
22328
22329
#: serverguide/C/file-server.xml:510(command)
22330
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
22331
msgstr ""
22332
22333
#: serverguide/C/file-server.xml:515(para)
22334
msgid ""
22335
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
22336
"address of the designated administrator of the CUPS server, simply edit the "
22337
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
22338
"preferred text editor, and add or modify the <emphasis "
22339
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
22340
"you are the Administrator for the CUPS server, and your e-mail address is "
22341
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
22342
"as such:"
22343
msgstr ""
22344
22345
#: serverguide/C/file-server.xml:526(screen)
22346
#, no-wrap
22347
msgid ""
22348
"\n"
22349
"ServerAdmin bjoy@somebigco.com\n"
22350
msgstr ""
22351
22352
#: serverguide/C/file-server.xml:532(para)
22353
msgid ""
22354
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
22355
"server installation listens only on the loopback interface at IP address "
22356
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
22357
"listen on an actual network adapter's IP address, you must specify either a "
22358
"hostname, the IP address, or optionally, an IP address/port pairing via the "
22359
"addition of a Listen directive. For example, if your CUPS server resides on "
22360
"a local network at the IP address <emphasis "
22361
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
22362
"accessible to the other systems on this subnetwork, you would edit the "
22363
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
22364
"such:"
22365
msgstr ""
22366
22367
#: serverguide/C/file-server.xml:546(screen)
22368
#, no-wrap
22369
msgid ""
22370
"\n"
22371
"Listen 127.0.0.1:631 # existing loopback Listen\n"
22372
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
22373
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
22374
"(IPP)\n"
22375
msgstr ""
22376
22377
#: serverguide/C/file-server.xml:552(para)
22378
msgid ""
22379
"In the example above, you may comment out or remove the reference to the "
22380
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
22381
"</application> to listen on that interface, but would rather have it only "
22382
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
22383
"listening for all network interfaces for which a certain hostname is bound, "
22384
"including the Loopback, you could create a Listen entry for the hostname "
22385
"<emphasis>socrates</emphasis> as such:"
22386
msgstr ""
22387
22388
#: serverguide/C/file-server.xml:562(screen)
22389
#, no-wrap
22390
msgid ""
22391
"\n"
22392
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
22393
msgstr ""
22394
22395
#: serverguide/C/file-server.xml:566(para)
22396
msgid ""
22397
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
22398
"instead, as in:"
22399
msgstr ""
22400
22401
#: serverguide/C/file-server.xml:568(screen)
22402
#, no-wrap
22403
msgid ""
22404
"\n"
22405
"Port 631 # Listen on port 631 on all interfaces\n"
22406
msgstr ""
22407
22408
#: serverguide/C/file-server.xml:575(para)
22409
msgid ""
22410
"For more examples of configuration directives in the CUPS server "
22411
"configuration file, view the associated system manual page by entering the "
22412
"following command at a terminal prompt:"
22413
msgstr ""
22414
22415
#: serverguide/C/file-server.xml:582(command)
22416
msgid "man cupsd.conf"
22417
msgstr ""
22418
22419
#: serverguide/C/file-server.xml:586(para)
22420
msgid ""
22421
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
22422
"configuration file, you'll need to restart the CUPS server by typing the "
22423
"following command at a terminal prompt:"
22424
msgstr ""
22425
22426
#: serverguide/C/file-server.xml:592(command)
22427
msgid "sudo /etc/init.d/cups restart"
22428
msgstr ""
22429
22430
#: serverguide/C/file-server.xml:598(title)
22431
msgid "Web Interface"
22432
msgstr ""
22433
22434
#: serverguide/C/file-server.xml:600(para)
22435
msgid ""
22436
"CUPS can be configured and monitored using a web interface, which by default "
22437
"is available at <ulink "
22438
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
22439
"web interface can be used to perform all printer management tasks."
22440
msgstr ""
22441
22442
#: serverguide/C/file-server.xml:604(para)
22443
msgid ""
22444
"In order to perform administrative tasks via the web interface, you must "
22445
"either have the root account enabled on your server, or authenticate as a "
22446
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
22447
"reasons, CUPS won't authenticate a user that doesn't have a password."
22448
msgstr ""
22449
22450
#: serverguide/C/file-server.xml:607(para)
22451
msgid ""
22452
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
22453
"at the terminal prompt: <screen>\n"
22454
"<command>sudo usermod -aG lpadmin username</command>\n"
22455
"</screen>"
22456
msgstr ""
22457
22458
#: serverguide/C/file-server.xml:613(para)
22459
msgid ""
22460
"Further documentation is available in the <emphasis "
22461
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
22462
msgstr ""
22463
22464
#: serverguide/C/file-server.xml:621(ulink)
22465
msgid "CUPS Website"
22466
msgstr ""
22467
22468
#: serverguide/C/file-server.xml:624(ulink)
22469
msgid "Ubuntu Wiki CUPS page"
22470
msgstr ""
22471
22472
#: serverguide/C/dns.xml:13(title)
22473
msgid "Domain Name Service (DNS)"
22474
msgstr ""
22475
22476
#: serverguide/C/dns.xml:14(para)
22477
msgid ""
22478
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
22479
"fully qualified domain names (FQDN) to one another. In this way, DNS "
22480
"alleviates the need to remember IP addresses. Computers that run DNS are "
22481
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
22482
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
22483
"common program used for maintaining a name server on Linux."
22484
msgstr ""
22485
22486
#: serverguide/C/dns.xml:24(para)
22487
msgid ""
22488
"At a terminal prompt, enter the following command to install "
22489
"<application>dns</application>:"
22490
msgstr ""
22491
22492
#: serverguide/C/dns.xml:28(command)
22493
msgid "sudo apt-get install bind9"
22494
msgstr ""
22495
22496
#: serverguide/C/dns.xml:30(para)
22497
msgid ""
22498
"A very useful package for testing and troubleshooting DNS issues is the "
22499
"dnsutils package. To install <application>dnsutils</application> enter the "
22500
"following:"
22501
msgstr ""
22502
22503
#: serverguide/C/dns.xml:35(command)
22504
msgid "sudo apt-get install dnsutils"
22505
msgstr ""
22506
22507
#: serverguide/C/dns.xml:40(para)
22508
msgid ""
22509
"There are many ways to configure <application>BIND9</application>. Some of "
22510
"the most common configurations are a caching nameserver, primary master, and "
22511
"as a secondary master."
22512
msgstr ""
22513
22514
#: serverguide/C/dns.xml:46(para)
22515
msgid ""
22516
"When configured as a caching nameserver BIND9 will find the answer to name "
22517
"queries and remember the answer when the domain is queried again."
22518
msgstr ""
22519
22520
#: serverguide/C/dns.xml:52(para)
22521
msgid ""
22522
"As a primary master server BIND9 reads the data for a zone from a file on "
22523
"it's host and is authoritative for that zone."
22524
msgstr ""
22525
22526
#: serverguide/C/dns.xml:57(para)
22527
msgid ""
22528
"In a secondary master configuration BIND9 gets the zone data from another "
22529
"nameserver authoritative for the zone."
22530
msgstr ""
22531
22532
#: serverguide/C/dns.xml:65(para)
22533
msgid ""
22534
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
22535
"directory. The primary configuration file is "
22536
"<filename>/etc/bind/named.conf</filename>."
22537
msgstr ""
22538
22539
#: serverguide/C/dns.xml:72(para)
22540
msgid ""
22541
"The <emphasis>include</emphasis> line specifies the filename which contains "
22542
"the DNS options. The <emphasis>directory</emphasis> line in the "
22543
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
22544
"look for files. All files BIND uses will be relative to this directory."
22545
msgstr ""
22546
22547
#: serverguide/C/dns.xml:80(para)
22548
msgid ""
22549
"The file named <filename>/etc/bind/db.root</filename> describes the root "
22550
"nameservers in the world. The servers change over time, so the "
22551
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
22552
"This is usually done as updates to the <application>bind9</application> "
22553
"package. The <emphasis>zone</emphasis> section defines a master server, and "
22554
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
22555
msgstr ""
22556
22557
#: serverguide/C/dns.xml:90(para)
22558
msgid ""
22559
"It is possible to configure the same server to be a caching name server, "
22560
"primary master, and secondary master. A server can be the Start of Authority "
22561
"(SOA) for one zone, while providing secondary service for another zone. All "
22562
"the while providing caching services for hosts on the local LAN."
22563
msgstr ""
22564
22565
#: serverguide/C/dns.xml:98(title)
22566
msgid "Caching Nameserver"
22567
msgstr ""
22568
22569
#: serverguide/C/dns.xml:99(para)
22570
msgid ""
22571
"The default configuration is setup to act as a caching server. All that is "
22572
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
22573
"uncomment and edit the following in "
22574
"<filename>/etc/bind/named.conf.options</filename>:"
22575
msgstr ""
22576
22577
#: serverguide/C/dns.xml:103(programlisting)
22578
#, no-wrap
22579
msgid ""
22580
"\n"
22581
"forwarders {\n"
22582
" 1.2.3.4;\n"
22583
" 5.6.7.8;\n"
22584
" };\n"
22585
msgstr ""
22586
22587
#: serverguide/C/dns.xml:110(para)
22588
msgid ""
22589
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
22590
"the IP Adresses of actual nameservers."
22591
msgstr ""
22592
22593
#: serverguide/C/dns.xml:114(para)
22594
msgid ""
22595
"Now restart the DNS server, to enable the new configuration. From a terminal "
22596
"prompt:"
22597
msgstr ""
22598
22599
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
22600
msgid "sudo /etc/init.d/bind9 restart"
22601
msgstr ""
22602
22603
#: serverguide/C/dns.xml:120(para)
22604
msgid ""
22605
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
22606
"DNS server."
22607
msgstr ""
22608
22609
#: serverguide/C/dns.xml:125(title)
22610
msgid "Primary Master"
22611
msgstr ""
22612
22613
#: serverguide/C/dns.xml:126(para)
22614
msgid ""
22615
"In this section <application>BIND9</application> will be configured as the "
22616
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
22617
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
22618
"(Fully Qualified Domain Name)."
22619
msgstr ""
22620
22621
#: serverguide/C/dns.xml:132(title)
22622
msgid "Forward Zone File"
22623
msgstr ""
22624
22625
#: serverguide/C/dns.xml:133(para)
22626
msgid ""
22627
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22628
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22629
msgstr ""
22630
22631
#: serverguide/C/dns.xml:137(programlisting)
22632
#, no-wrap
22633
msgid ""
22634
"\n"
22635
"zone \"example.com\" {\n"
22636
"\ttype master;\n"
22637
" file \"/etc/bind/db.example.com\";\n"
22638
"};\n"
22639
msgstr ""
22640
22641
#: serverguide/C/dns.xml:143(para)
22642
msgid ""
22643
"Now use an existing zone file as a template to create the "
22644
"<filename>/etc/bind/db.example.com</filename> file:"
22645
msgstr ""
22646
22647
#: serverguide/C/dns.xml:147(command)
22648
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22649
msgstr ""
22650
22651
#: serverguide/C/dns.xml:149(para)
22652
msgid ""
22653
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22654
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22655
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22656
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22657
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22658
"leaving the \".\" at the end."
22659
msgstr ""
22660
22661
#: serverguide/C/dns.xml:155(para)
22662
msgid ""
22663
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22664
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22665
msgstr ""
22666
22667
#: serverguide/C/dns.xml:159(programlisting)
22668
#, no-wrap
22669
msgid ""
22670
"\n"
22671
";\n"
22672
"; BIND data file for local loopback interface\n"
22673
";\n"
22674
"$TTL 604800\n"
22675
"@ IN SOA ns.example.com. root.example.com. (\n"
22676
" 2 ; Serial\n"
22677
" 604800 ; Refresh\n"
22678
" 86400 ; Retry\n"
22679
" 2419200 ; Expire\n"
22680
" 604800 ) ; Negative Cache TTL\n"
22681
";\n"
22682
"@ IN NS ns.example.com.\n"
22683
"@ IN A 127.0.0.1\n"
22684
"@ IN AAAA ::1\n"
22685
"ns IN A 192.168.1.10\n"
22686
msgstr ""
22687
22688
#: serverguide/C/dns.xml:176(para)
22689
msgid ""
22690
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22691
"make changes to the zone file. If you make multiple changes before "
22692
"restarting BIND9, simply increment the Serial once."
22693
msgstr ""
22694
22695
#: serverguide/C/dns.xml:180(para)
22696
msgid ""
22697
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22698
"linkend=\"dns-record-types\"/> for details."
22699
msgstr ""
22700
22701
#: serverguide/C/dns.xml:184(para)
22702
msgid ""
22703
"Many admins like to use the last date edited as the serial of a zone, such "
22704
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22705
"<emphasis>ss</emphasis> is the Serial Number)"
22706
msgstr ""
22707
22708
#: serverguide/C/dns.xml:189(para)
22709
msgid ""
22710
"Once you have made a change to the zone file "
22711
"<application>BIND9</application> will need to be restarted for the changes "
22712
"to take effect:"
22713
msgstr ""
22714
22715
#: serverguide/C/dns.xml:198(title)
22716
msgid "Reverse Zone File"
22717
msgstr ""
22718
22719
#: serverguide/C/dns.xml:199(para)
22720
msgid ""
22721
"Now that the zone is setup and resolving names to IP Adresses a "
22722
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22723
"DNS to resolve an address to a name."
22724
msgstr ""
22725
22726
#: serverguide/C/dns.xml:203(para)
22727
msgid "Edit /etc/bind/named.conf.local and add the following:"
22728
msgstr ""
22729
22730
#: serverguide/C/dns.xml:206(programlisting)
22731
#, no-wrap
22732
msgid ""
22733
"\n"
22734
"zone \"1.168.192.in-addr.arpa\" {\n"
22735
" type master;\n"
22736
" notify no;\n"
22737
" file \"/etc/bind/db.192\";\n"
22738
"};\n"
22739
msgstr ""
22740
22741
#: serverguide/C/dns.xml:214(para)
22742
msgid ""
22743
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22744
"whatever network you are using. Also, name the zone file "
22745
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22746
"first octet of your network."
22747
msgstr ""
22748
22749
#: serverguide/C/dns.xml:219(para)
22750
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22751
msgstr ""
22752
22753
#: serverguide/C/dns.xml:223(command)
22754
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22755
msgstr ""
22756
22757
#: serverguide/C/dns.xml:225(para)
22758
msgid ""
22759
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22760
"same options as <filename>/etc/bind/db.example.com</filename>:"
22761
msgstr ""
22762
22763
#: serverguide/C/dns.xml:229(programlisting)
22764
#, no-wrap
22765
msgid ""
22766
"\n"
22767
";\n"
22768
"; BIND reverse data file for local loopback interface\n"
22769
";\n"
22770
"$TTL 604800\n"
22771
"@ IN SOA ns.example.com. root.example.com. (\n"
22772
" 2 ; Serial\n"
22773
" 604800 ; Refresh\n"
22774
" 86400 ; Retry\n"
22775
" 2419200 ; Expire\n"
22776
" 604800 ) ; Negative Cache TTL\n"
22777
";\n"
22778
"@ IN NS ns.\n"
22779
"10 IN PTR ns.example.com.\n"
22780
msgstr ""
22781
22782
#: serverguide/C/dns.xml:244(para)
22783
msgid ""
22784
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22785
"incremented on each change as well. For each <emphasis>A record</emphasis> "
22786
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22787
"create a <emphasis>PTR record</emphasis> in "
22788
"<filename>/etc/bind/db.192</filename>."
22789
msgstr ""
22790
22791
#: serverguide/C/dns.xml:249(para)
22792
msgid ""
22793
"After creating the reverse zone file restart "
22794
"<application>BIND9</application>:"
22795
msgstr ""
22796
22797
#: serverguide/C/dns.xml:258(title)
22798
msgid "Secondary Master"
22799
msgstr ""
22800
22801
#: serverguide/C/dns.xml:259(para)
22802
msgid ""
22803
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22804
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22805
"availability of the domain should the Primary become unavailable."
22806
msgstr ""
22807
22808
#: serverguide/C/dns.xml:263(para)
22809
msgid ""
22810
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22811
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22812
"and Reverse zone definitions in "
22813
"<filename>/etc/bind/named.conf.local</filename>:"
22814
msgstr ""
22815
22816
#: serverguide/C/dns.xml:267(programlisting)
22817
#, no-wrap
22818
msgid ""
22819
"\n"
22820
"zone \"example.com\" {\n"
22821
" type master;\n"
22822
"\tfile \"/etc/bind/db.example.com\";\n"
22823
" allow-transfer { 192.168.1.11; };\n"
22824
"};\n"
22825
"\n"
22826
"zone \"1.168.192.in-addr.arpa\" {\n"
22827
" type master;\n"
22828
" notify no;\n"
22829
" file \"/etc/bind/db.192\";\n"
22830
"\tallow-transfer { 192.168.1.11; };\n"
22831
"};\n"
22832
msgstr ""
22833
22834
#: serverguide/C/dns.xml:282(para)
22835
msgid ""
22836
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22837
"Secondary nameserver."
22838
msgstr ""
22839
22840
#: serverguide/C/dns.xml:286(para)
22841
msgid ""
22842
"Next, on the Secondary Master, install the <application>bind9</application> "
22843
"package the same way as on the Primary. Then edit the "
22844
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22845
"declarations for the Forward and Reverse zones:"
22846
msgstr ""
22847
22848
#: serverguide/C/dns.xml:290(programlisting)
22849
#, no-wrap
22850
msgid ""
22851
"\n"
22852
"zone \"example.com\" {\n"
22853
"\ttype slave;\n"
22854
" file \"/var/cache/bind/db.example.com\";\n"
22855
" masters { 192.168.1.10; };\n"
22856
"}; \n"
22857
" \n"
22858
"zone \"1.168.192.in-addr.arpa\" {\n"
22859
"\ttype slave;\n"
22860
" file \"/var/cache/bind/db.192\";\n"
22861
" masters { 192.168.1.10; };\n"
22862
"};\n"
22863
msgstr ""
22864
22865
#: serverguide/C/dns.xml:304(para)
22866
msgid ""
22867
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22868
"Primary nameserver."
22869
msgstr ""
22870
22871
#: serverguide/C/dns.xml:308(para)
22872
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22873
msgstr ""
22874
22875
#: serverguide/C/dns.xml:314(para)
22876
msgid ""
22877
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22878
msgstr ""
22879
22880
#: serverguide/C/dns.xml:317(programlisting)
22881
#, no-wrap
22882
msgid ""
22883
"\n"
22884
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22885
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22886
msgstr ""
22887
22888
#: serverguide/C/dns.xml:322(para)
22889
msgid ""
22890
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22891
"on the Primary is larger than the one on the Secondary."
22892
msgstr ""
22893
22894
#: serverguide/C/dns.xml:328(para)
22895
msgid ""
22896
"The default directory for non-authoritative zone files is "
22897
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22898
"<application>AppArmor</application> to allow the "
22899
"<application>named</application> daemon to write to it. For more information "
22900
"on AppArmor see <xref linkend=\"apparmor\"/>."
22901
msgstr ""
22902
22903
#: serverguide/C/dns.xml:339(para)
22904
msgid ""
22905
"This section covers ways to help determine the cause when problems happen "
22906
"with DNS and <application>BIND9</application>."
22907
msgstr ""
22908
22909
#: serverguide/C/dns.xml:345(title)
22910
msgid "resolv.conf"
22911
msgstr ""
22912
22913
#: serverguide/C/dns.xml:346(para)
22914
msgid ""
22915
"The first step in testing <application>BIND9</application> is to add the "
22916
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22917
"be configured as well as another host to double check things. Simply edit "
22918
"<filename>/etc/resolv.conf</filename> and add the following:"
22919
msgstr ""
22920
22921
#: serverguide/C/dns.xml:351(programlisting)
22922
#, no-wrap
22923
msgid ""
22924
"\n"
22925
"nameserver\t192.168.1.10\n"
22926
"nameserver\t192.168.1.11\n"
22927
msgstr ""
22928
22929
#: serverguide/C/dns.xml:356(para)
22930
msgid ""
22931
"You should also add the IP Address of the Secondary nameserver in case the "
22932
"Primary becomes unavailable."
22933
msgstr ""
22934
22935
#: serverguide/C/dns.xml:362(title)
22936
msgid "dig"
22937
msgstr ""
22938
22939
#: serverguide/C/dns.xml:363(para)
22940
msgid ""
22941
"If you installed the <application>dnsutils</application> package you can "
22942
"test your setup using the DNS lookup utility <application>dig</application>:"
22943
msgstr ""
22944
22945
#: serverguide/C/dns.xml:369(para)
22946
msgid ""
22947
"After installing <application>BIND9</application> use "
22948
"<application>dig</application> against the loopback interface to make sure "
22949
"it is listening on port 53. From a terminal prompt:"
22950
msgstr ""
22951
22952
#: serverguide/C/dns.xml:374(command)
22953
msgid "dig -x 127.0.0.1"
22954
msgstr ""
22955
22956
#: serverguide/C/dns.xml:376(para)
22957
msgid "You should see lines similar to the following in the command output:"
22958
msgstr ""
22959
22960
#: serverguide/C/dns.xml:379(programlisting)
22961
#, no-wrap
22962
msgid ""
22963
"\n"
22964
";; Query time: 1 msec\n"
22965
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22966
msgstr ""
22967
22968
#: serverguide/C/dns.xml:385(para)
22969
msgid ""
22970
"If you have configured <application>BIND9</application> as a "
22971
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22972
"the query time:"
22973
msgstr ""
22974
22975
#: serverguide/C/dns.xml:390(command)
22976
msgid "dig ubuntu.com"
22977
msgstr ""
22978
22979
#: serverguide/C/dns.xml:392(para)
22980
msgid "Note the query time toward the end of the command output:"
22981
msgstr ""
22982
22983
#: serverguide/C/dns.xml:395(programlisting)
22984
#, no-wrap
22985
msgid ""
22986
"\n"
22987
";; Query time: 49 msec\n"
22988
msgstr ""
22989
22990
#: serverguide/C/dns.xml:398(para)
22991
msgid "After a second dig there should be improvement:"
22992
msgstr ""
22993
22994
#: serverguide/C/dns.xml:401(programlisting)
22995
#, no-wrap
22996
msgid ""
22997
"\n"
22998
";; Query time: 1 msec\n"
22999
msgstr ""
23000
23001
#: serverguide/C/dns.xml:408(title)
23002
msgid "ping"
23003
msgstr ""
23004
23005
#: serverguide/C/dns.xml:410(para)
23006
msgid ""
23007
"Now to demonstrate how applications make use of DNS to resolve a host name "
23008
"use the <application>ping</application> utility to send an ICMP echo "
23009
"request. From a terminal prompt enter:"
23010
msgstr ""
23011
23012
#: serverguide/C/dns.xml:416(command)
23013
msgid "ping example.com"
23014
msgstr ""
23015
23016
#: serverguide/C/dns.xml:418(para)
23017
msgid ""
23018
"This tests if the nameserver can resolve the name "
23019
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
23020
"should resemble:"
23021
msgstr ""
23022
23023
#: serverguide/C/dns.xml:422(programlisting)
23024
#, no-wrap
23025
msgid ""
23026
"\n"
23027
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
23028
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
23029
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
23030
msgstr ""
23031
23032
#: serverguide/C/dns.xml:429(title)
23033
msgid "named-checkzone"
23034
msgstr ""
23035
23036
#: serverguide/C/dns.xml:430(para)
23037
msgid ""
23038
"A great way to test your zone files is by using the <application>named-"
23039
"checkzone</application> utility installed with the "
23040
"<application>bind9</application> package. This utility allows you to make "
23041
"sure the configuration is correct before restarting "
23042
"<application>BIND9</application> and making the changes live."
23043
msgstr ""
23044
23045
#: serverguide/C/dns.xml:437(para)
23046
msgid ""
23047
"To test our example Forward zone file enter the following from a command "
23048
"prompt:"
23049
msgstr ""
23050
23051
#: serverguide/C/dns.xml:441(command)
23052
msgid "named-checkzone example.com /etc/bind/db.example.com"
23053
msgstr ""
23054
23055
#: serverguide/C/dns.xml:443(para)
23056
msgid ""
23057
"If everything is configured correctly you should see output similar to:"
23058
msgstr ""
23059
23060
#: serverguide/C/dns.xml:446(programlisting)
23061
#, no-wrap
23062
msgid ""
23063
"\n"
23064
"zone example.com/IN: loaded serial 6\n"
23065
"OK\n"
23066
msgstr ""
23067
23068
#: serverguide/C/dns.xml:452(para)
23069
msgid "Similarly, to test the Reverse zone file enter the following:"
23070
msgstr ""
23071
23072
#: serverguide/C/dns.xml:456(command)
23073
msgid "named-checkzone example.com /etc/bind/db.192"
23074
msgstr ""
23075
23076
#: serverguide/C/dns.xml:458(para)
23077
msgid "The output should be similar to:"
23078
msgstr ""
23079
23080
#: serverguide/C/dns.xml:461(programlisting)
23081
#, no-wrap
23082
msgid ""
23083
"\n"
23084
"zone example.com/IN: loaded serial 3\n"
23085
"OK\n"
23086
msgstr ""
23087
23088
#: serverguide/C/dns.xml:468(para)
23089
msgid ""
23090
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
23091
"different."
23092
msgstr ""
23093
23094
#: serverguide/C/dns.xml:475(title)
23095
msgid "Logging"
23096
msgstr ""
23097
23098
#: serverguide/C/dns.xml:476(para)
23099
msgid ""
23100
"<application>BIND9</application> has a wide variety of logging configuration "
23101
"options available. There are two main options. The "
23102
"<emphasis>channel</emphasis> option configures where logs go, and the "
23103
"<emphasis>category</emphasis> option determines what information to log."
23104
msgstr ""
23105
23106
#: serverguide/C/dns.xml:480(para)
23107
msgid "If no logging option is configured the default option is:"
23108
msgstr ""
23109
23110
#: serverguide/C/dns.xml:483(programlisting)
23111
#, no-wrap
23112
msgid ""
23113
"\n"
23114
"logging {\n"
23115
" category default { default_syslog; default_debug; };\n"
23116
" category unmatched { null; };\n"
23117
"};\n"
23118
msgstr ""
23119
23120
#: serverguide/C/dns.xml:489(para)
23121
msgid ""
23122
"This section covers configuring <application>BIND9</application> to send "
23123
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
23124
"file."
23125
msgstr ""
23126
23127
#: serverguide/C/dns.xml:494(para)
23128
msgid ""
23129
"First, we need to configure a channel to specify which file to send the "
23130
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
23131
"the following:"
23132
msgstr ""
23133
23134
#: serverguide/C/dns.xml:498(programlisting)
23135
#, no-wrap
23136
msgid ""
23137
"\n"
23138
"logging {\n"
23139
" channel query.log { \n"
23140
" file \"/var/log/query.log\";\n"
23141
" severity debug 3; \n"
23142
" }; \n"
23143
"};\n"
23144
msgstr ""
23145
23146
#: serverguide/C/dns.xml:508(para)
23147
msgid "Next, configure a category to send all DNS queries to the query file:"
23148
msgstr ""
23149
23150
#: serverguide/C/dns.xml:511(programlisting)
23151
#, no-wrap
23152
msgid ""
23153
"\n"
23154
"logging {\n"
23155
" channel query.log { \n"
23156
" file \"/var/log/query.log\"; \n"
23157
" severity debug 3; \n"
23158
" }; \n"
23159
" <emphasis>category queries { query.log; };</emphasis> \n"
23160
"};\n"
23161
msgstr ""
23162
23163
#: serverguide/C/dns.xml:523(para)
23164
msgid ""
23165
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
23166
"level isn't specified level 1 is the default."
23167
msgstr ""
23168
23169
#: serverguide/C/dns.xml:529(para)
23170
msgid ""
23171
"Since the <emphasis>named daemon</emphasis> runs as the "
23172
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
23173
"file must be created and the ownership changed:"
23174
msgstr ""
23175
23176
#: serverguide/C/dns.xml:534(command)
23177
msgid "sudo touch /var/log/query.log"
23178
msgstr ""
23179
23180
#: serverguide/C/dns.xml:535(command)
23181
msgid "sudo chown bind /var/log/query.log"
23182
msgstr ""
23183
23184
#: serverguide/C/dns.xml:539(para)
23185
msgid ""
23186
"Before <application>named</application> daemon can write to the new log file "
23187
"the <application>AppArmor</application> profile must be updated. First, edit "
23188
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
23189
msgstr ""
23190
23191
#: serverguide/C/dns.xml:543(programlisting)
23192
#, no-wrap
23193
msgid ""
23194
"\n"
23195
"/var/log/query.log w,\n"
23196
msgstr ""
23197
23198
#: serverguide/C/dns.xml:546(para)
23199
msgid "Next, reload the profile:"
23200
msgstr ""
23201
23202
#: serverguide/C/dns.xml:550(command)
23203
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
23204
msgstr ""
23205
23206
#: serverguide/C/dns.xml:552(para)
23207
msgid ""
23208
"For more information on <application>AppArmor</application> see <xref "
23209
"linkend=\"apparmor\"/>"
23210
msgstr ""
23211
23212
#: serverguide/C/dns.xml:557(para)
23213
msgid ""
23214
"Now restart <application>BIND9</application> for the changes to take effect:"
23215
msgstr ""
23216
23217
#: serverguide/C/dns.xml:565(para)
23218
msgid ""
23219
"You should see the file <filename>/var/log/query.log</filename> fill with "
23220
"query information. This is a simple example of the "
23221
"<application>BIND9</application> logging options. For coverage of advanced "
23222
"options see <xref linkend=\"dns-more-info\"/>."
23223
msgstr ""
23224
23225
#: serverguide/C/dns.xml:574(title)
23226
msgid "Common Record Types"
23227
msgstr ""
23228
23229
#: serverguide/C/dns.xml:575(para)
23230
msgid "This section covers some of the most common DNS record types."
23231
msgstr ""
23232
23233
#: serverguide/C/dns.xml:580(para)
23234
msgid ""
23235
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
23236
msgstr ""
23237
23238
#: serverguide/C/dns.xml:583(programlisting)
23239
#, no-wrap
23240
msgid ""
23241
"\n"
23242
"www IN A 192.168.1.12\n"
23243
msgstr ""
23244
23245
#: serverguide/C/dns.xml:588(para)
23246
msgid ""
23247
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
23248
"record. You cannot create a CNAME record pointing to another CNAME record."
23249
msgstr ""
23250
23251
#: serverguide/C/dns.xml:591(programlisting)
23252
#, no-wrap
23253
msgid ""
23254
"\n"
23255
"web IN CNAME www\n"
23256
msgstr ""
23257
23258
#: serverguide/C/dns.xml:596(para)
23259
msgid ""
23260
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
23261
"to. Must point to an A record, not a CNAME."
23262
msgstr ""
23263
23264
#: serverguide/C/dns.xml:599(programlisting)
23265
#, no-wrap
23266
msgid ""
23267
"\n"
23268
" IN MX 1 mail.example.com.\n"
23269
"mail IN A 192.168.1.13\n"
23270
msgstr ""
23271
23272
#: serverguide/C/dns.xml:605(para)
23273
msgid ""
23274
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
23275
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
23276
"Secondary servers are defined."
23277
msgstr ""
23278
23279
#: serverguide/C/dns.xml:609(programlisting)
23280
#, no-wrap
23281
msgid ""
23282
"\n"
23283
" IN NS ns.example.com.\n"
23284
"\tIN NS ns2.example.com.\n"
23285
"ns IN A 192.168.1.10\n"
23286
"ns2\tIN A\t 192.168.1.11\n"
23287
msgstr ""
23288
23289
#: serverguide/C/dns.xml:622(para)
23290
msgid ""
23291
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
23292
"HOWTO</ulink> explains more advanced options for configuring BIND9."
23293
msgstr ""
23294
23295
#: serverguide/C/dns.xml:627(para)
23296
msgid ""
23297
"For in depth coverage of <emphasis>DNS</emphasis> and "
23298
"<application>BIND9</application> see <ulink "
23299
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
23300
msgstr ""
23301
23302
#: serverguide/C/dns.xml:632(para)
23303
msgid ""
23304
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
23305
"BIND</ulink> is a popular book now in it's fifth edition."
23306
msgstr ""
23307
23308
#: serverguide/C/dns.xml:637(para)
23309
msgid ""
23310
"A great place to ask for <application>BIND9</application> assistance, and "
23311
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23312
"server</emphasis> IRC channel on <ulink "
23313
"url=\"http://freenode.net\">freenode</ulink>."
23314
msgstr ""
23315
23316
#: serverguide/C/dns.xml:643(para)
23317
msgid ""
23318
"Also, see the <ulink "
23319
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
23320
"HOWTO</ulink> in the Ubuntu Wiki."
23321
msgstr ""
23322
23323
#: serverguide/C/databases.xml:13(title)
23324
msgid "Databases"
23325
msgstr ""
23326
23327
#: serverguide/C/databases.xml:14(para)
23328
msgid "Ubuntu provides two popular database servers. They are:"
23329
msgstr ""
23330
23331
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
23332
msgid "PostgreSQL"
23333
msgstr ""
23334
23335
#: serverguide/C/databases.xml:25(para)
23336
msgid ""
23337
"They are available in the main repository. This section explains how to "
23338
"install and configure these database servers."
23339
msgstr ""
23340
23341
#: serverguide/C/databases.xml:32(para)
23342
msgid ""
23343
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
23344
"It is intended for mission-critical, heavy-load production systems as well "
23345
"as for embedding into mass-deployed software."
23346
msgstr ""
23347
23348
#: serverguide/C/databases.xml:41(para)
23349
msgid "To install MySQL, run the following command from a terminal prompt:"
23350
msgstr ""
23351
23352
#: serverguide/C/databases.xml:46(command)
23353
msgid "sudo apt-get install mysql-server"
23354
msgstr ""
23355
23356
#: serverguide/C/databases.xml:48(para)
23357
msgid ""
23358
"During the installation process you will be prompted to enter a password for "
23359
"the <application>MySQL</application> root user."
23360
msgstr ""
23361
23362
#: serverguide/C/databases.xml:53(para)
23363
msgid ""
23364
"Once the installation is complete, the MySQL server should be started "
23365
"automatically. You can run the following command from a terminal prompt to "
23366
"check whether the MySQL server is running:"
23367
msgstr ""
23368
23369
#: serverguide/C/databases.xml:61(command)
23370
msgid "sudo netstat -tap | grep mysql"
23371
msgstr ""
23372
23373
#: serverguide/C/databases.xml:70(programlisting)
23374
#, no-wrap
23375
msgid ""
23376
"\n"
23377
"tcp 0 0 localhost:mysql *:* LISTEN "
23378
" 2556/mysqld\n"
23379
msgstr ""
23380
23381
#: serverguide/C/databases.xml:74(para)
23382
msgid ""
23383
"If the server is not running correctly, you can type the following command "
23384
"to start it:"
23385
msgstr ""
23386
23387
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
23388
msgid "sudo /etc/init.d/mysql restart"
23389
msgstr ""
23390
23391
#: serverguide/C/databases.xml:85(para)
23392
msgid ""
23393
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
23394
"the basic settings -- log file, port number, etc. For example, to configure "
23395
"<application>MySQL</application> to listen for connections from network "
23396
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
23397
"server's IP address:"
23398
msgstr ""
23399
23400
#: serverguide/C/databases.xml:91(programlisting)
23401
#, no-wrap
23402
msgid ""
23403
"\n"
23404
"bind-address = 192.168.0.5\n"
23405
msgstr ""
23406
23407
#: serverguide/C/databases.xml:95(para)
23408
msgid "Replace 192.168.0.5 with the appropriate address."
23409
msgstr ""
23410
23411
#: serverguide/C/databases.xml:99(para)
23412
msgid ""
23413
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
23414
"<application>mysql</application> daemon will need to be restarted:"
23415
msgstr ""
23416
23417
#: serverguide/C/databases.xml:107(para)
23418
msgid ""
23419
"If you would like to change the "
23420
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
23421
"terminal enter:"
23422
msgstr ""
23423
23424
#: serverguide/C/databases.xml:113(command)
23425
msgid "sudo dpkg-reconfigure mysql-server-5.1"
23426
msgstr ""
23427
23428
#: serverguide/C/databases.xml:116(para)
23429
msgid ""
23430
"The <application>mysql</application> daemon will be stopped, and you will be "
23431
"prompted to enter a new password."
23432
msgstr ""
23433
23434
#: serverguide/C/databases.xml:125(para)
23435
msgid ""
23436
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
23437
"more information."
23438
msgstr ""
23439
23440
#: serverguide/C/databases.xml:130(para)
23441
msgid ""
23442
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
23443
"<application>mysql-doc-5.0</application> package. To install the package "
23444
"enter the following in a terminal:"
23445
msgstr ""
23446
23447
#: serverguide/C/databases.xml:135(command)
23448
msgid "sudo apt-get install mysql-doc-5.0"
23449
msgstr ""
23450
23451
#: serverguide/C/databases.xml:137(para)
23452
msgid ""
23453
"The documentation is in HTML format, to view them enter "
23454
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
23455
"chapter/index.html</command> in your browser's address bar."
23456
msgstr ""
23457
23458
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
23459
msgid ""
23460
"For general SQL information see <ulink "
23461
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
23462
"Special Edition</ulink> by Rafe Colburn."
23463
msgstr ""
23464
23465
#: serverguide/C/databases.xml:149(para)
23466
msgid ""
23467
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
23468
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
23469
msgstr ""
23470
23471
#: serverguide/C/databases.xml:158(para)
23472
msgid ""
23473
"PostgreSQL is an object-relational database system that has the features of "
23474
"traditional commercial database systems with enhancements to be found in "
23475
"next-generation DBMS systems."
23476
msgstr ""
23477
23478
#: serverguide/C/databases.xml:165(para)
23479
msgid ""
23480
"To install PostgreSQL, run the following command in the command prompt:"
23481
msgstr ""
23482
23483
#: serverguide/C/databases.xml:172(command)
23484
msgid "sudo apt-get install postgresql"
23485
msgstr ""
23486
23487
#: serverguide/C/databases.xml:176(para)
23488
msgid ""
23489
"Once the installation is complete, you should configure the PostgreSQL "
23490
"server based on your needs, although the default configuration is viable."
23491
msgstr ""
23492
23493
#: serverguide/C/databases.xml:184(para)
23494
msgid ""
23495
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
23496
"client authentication methods. By default, IDENT authentication method is "
23497
"used for <application>postgres</application> and local users. Please refer "
23498
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
23499
"PostgreSQL Administrator's Guide</ulink>."
23500
msgstr ""
23501
23502
#: serverguide/C/databases.xml:191(para)
23503
msgid ""
23504
"The following discussion assumes that you wish to enable TCP/IP connections "
23505
"and use the MD5 method for client authentication. PostgreSQL configuration "
23506
"files are stored in the "
23507
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
23508
"example, if you install PostgreSQL 8.4, the configuration files are stored "
23509
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
23510
msgstr ""
23511
23512
#: serverguide/C/databases.xml:201(para)
23513
msgid ""
23514
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
23515
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
23516
msgstr ""
23517
23518
#: serverguide/C/databases.xml:208(para)
23519
msgid ""
23520
"To enable TCP/IP connections, edit the file "
23521
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
23522
msgstr ""
23523
23524
#: serverguide/C/databases.xml:210(para)
23525
msgid ""
23526
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
23527
"change it to:"
23528
msgstr ""
23529
23530
#: serverguide/C/databases.xml:213(programlisting)
23531
#, no-wrap
23532
msgid ""
23533
"\n"
23534
"listen_addresses = 'localhost'\n"
23535
msgstr ""
23536
23537
#: serverguide/C/databases.xml:217(para)
23538
msgid ""
23539
"To allow other computers to connect to your "
23540
"<application>PostgreSQL</application> server replace 'localhost' with the "
23541
"<emphasis>IP Address</emphasis> of your server."
23542
msgstr ""
23543
23544
#: serverguide/C/databases.xml:222(para)
23545
msgid ""
23546
"You may also edit all other parameters, if you know what you are doing! For "
23547
"details, refer to the configuration file or to the PostgreSQL documentation."
23548
msgstr ""
23549
23550
#: serverguide/C/databases.xml:227(para)
23551
msgid ""
23552
"Now that we can connect to our <application>PostgreSQL</application> server, "
23553
"the next step is to set a password for the <emphasis>postgres</emphasis> "
23554
"user. Run the following command at a terminal prompt to connect to the "
23555
"default PostgreSQL template database:"
23556
msgstr ""
23557
23558
#: serverguide/C/databases.xml:234(command)
23559
msgid "sudo -u postgres psql template1"
23560
msgstr ""
23561
23562
#: serverguide/C/databases.xml:236(para)
23563
msgid ""
23564
"The above command connects to PostgreSQL database "
23565
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
23566
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
23567
"run the following SQL command at the <application>psql</application> prompt "
23568
"to configure the password for the user <emphasis "
23569
"role=\"italics\">postgres</emphasis>."
23570
msgstr ""
23571
23572
#: serverguide/C/databases.xml:244(command)
23573
msgid "ALTER USER postgres with encrypted password 'your_password';"
23574
msgstr ""
23575
23576
#: serverguide/C/databases.xml:246(para)
23577
msgid ""
23578
"After configuring the password, edit the file "
23579
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
23580
"<emphasis>MD5</emphasis> authentication with the "
23581
"<emphasis>postgres</emphasis> user:"
23582
msgstr ""
23583
23584
#: serverguide/C/databases.xml:252(programlisting)
23585
#, no-wrap
23586
msgid ""
23587
"\n"
23588
"local all postgres md5\n"
23589
msgstr ""
23590
23591
#: serverguide/C/databases.xml:256(para)
23592
msgid ""
23593
"Finally, you should restart the <application>PostgreSQL</application> "
23594
"service to initialize the new configuration. From a terminal prompt enter "
23595
"the following to restart <application>PostgreSQL</application>:"
23596
msgstr ""
23597
23598
#: serverguide/C/databases.xml:262(command)
23599
msgid "sudo /etc/init.d/postgresql-8.4 restart"
23600
msgstr ""
23601
23602
#: serverguide/C/databases.xml:265(para)
23603
msgid ""
23604
"The above configuration is not complete by any means. Please refer <ulink "
23605
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
23606
"Administrator's Guide</ulink> to configure more parameters."
23607
msgstr ""
23608
23609
#: serverguide/C/databases.xml:276(para)
23610
msgid ""
23611
"As mentioned above the <ulink "
23612
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23613
"Guide</ulink> is an excellent resource. The guide is also available in the "
23614
"<application>postgresql-doc-8.4</application> package. Execute the following "
23615
"in a terminal to install the package:"
23616
msgstr ""
23617
23618
#: serverguide/C/databases.xml:282(command)
23619
msgid "sudo apt-get install postgresql-doc-8.4"
23620
msgstr ""
23621
23622
#: serverguide/C/databases.xml:284(para)
23623
msgid ""
23624
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23625
"8.4/html/index.html</command> into the address bar of your browser."
23626
msgstr ""
23627
23628
#: serverguide/C/databases.xml:296(para)
23629
msgid ""
23630
"Also, see the <ulink "
23631
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23632
"Wiki</ulink> page for more information."
23633
msgstr ""
23634
23635
#: serverguide/C/clustering.xml:13(title)
23636
msgid "Clustering"
23637
msgstr ""
23638
23639
#: serverguide/C/clustering.xml:16(title)
23640
msgid "DRBD"
23641
msgstr ""
23642
23643
#: serverguide/C/clustering.xml:18(para)
23644
msgid ""
23645
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23646
"multiple hosts. The replication is transparent to other applications on the "
23647
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23648
"volumes, etc can be mirrored."
23649
msgstr ""
23650
23651
#: serverguide/C/clustering.xml:24(para)
23652
msgid ""
23653
"To get started using <application>drbd</application>, first install the "
23654
"necessary packages. From a terminal enter:"
23655
msgstr ""
23656
23657
#: serverguide/C/clustering.xml:29(command)
23658
msgid "sudo apt-get install drbd8-utils"
23659
msgstr ""
23660
23661
#: serverguide/C/clustering.xml:33(para)
23662
msgid ""
23663
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23664
"virtual machine you will need to manually compile the "
23665
"<application>drbd</application> module. It may be easier to install the "
23666
"<application>linux-server</application> package inside the virtual machine."
23667
msgstr ""
23668
23669
#: serverguide/C/clustering.xml:40(para)
23670
msgid ""
23671
"This section covers setting up a <application>drbd</application> to "
23672
"replicate a separate <filename>/srv</filename> partition, with an "
23673
"<application>ext3</application> filesystem between two hosts. The partition "
23674
"size is not particularly relevant, but both partitions need to be the same "
23675
"size."
23676
msgstr ""
23677
23678
#: serverguide/C/clustering.xml:49(para)
23679
msgid ""
23680
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23681
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23682
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23683
"See <xref linkend=\"dns\"/> for details."
23684
msgstr ""
23685
23686
#: serverguide/C/clustering.xml:57(para)
23687
msgid ""
23688
"To configure <application>drbd</application>, on the first host edit "
23689
"<filename>/etc/drbd.conf</filename>:"
23690
msgstr ""
23691
23692
#: serverguide/C/clustering.xml:61(programlisting)
23693
#, no-wrap
23694
msgid ""
23695
"\n"
23696
"global { usage-count no; }\n"
23697
"common { syncer { rate 100M; } }\n"
23698
"resource r0 {\n"
23699
" protocol C;\n"
23700
" startup {\n"
23701
" wfc-timeout 15;\n"
23702
" degr-wfc-timeout 60;\n"
23703
" }\n"
23704
" net {\n"
23705
" cram-hmac-alg sha1;\n"
23706
" shared-secret \"secret\";\n"
23707
" }\n"
23708
" on drbd01 {\n"
23709
" device /dev/drbd0;\n"
23710
" disk /dev/sdb1;\n"
23711
" address 192.168.0.1:7788;\n"
23712
" meta-disk internal;\n"
23713
" }\n"
23714
" on drbd02 {\n"
23715
" device /dev/drbd0;\n"
23716
" disk /dev/sdb1;\n"
23717
" address 192.168.0.2:7788;\n"
23718
" meta-disk internal;\n"
23719
" }\n"
23720
"} \n"
23721
msgstr ""
23722
23723
#: serverguide/C/clustering.xml:90(para)
23724
msgid ""
23725
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23726
"this example their default values are fine."
23727
msgstr ""
23728
23729
#: serverguide/C/clustering.xml:98(para)
23730
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23731
msgstr ""
23732
23733
#: serverguide/C/clustering.xml:103(command)
23734
msgid "scp /etc/drbd.conf drbd02:~"
23735
msgstr ""
23736
23737
#: serverguide/C/clustering.xml:109(para)
23738
msgid ""
23739
"And, on <emphasis>drbd02</emphasis> move the file to "
23740
"<filename>/etc</filename>:"
23741
msgstr ""
23742
23743
#: serverguide/C/clustering.xml:114(command)
23744
msgid "sudo mv drbd.conf /etc/"
23745
msgstr ""
23746
23747
#: serverguide/C/clustering.xml:120(para)
23748
msgid ""
23749
"Next, on both hosts, start the <application>drbd</application> daemon:"
23750
msgstr ""
23751
23752
#: serverguide/C/clustering.xml:125(command)
23753
msgid "sudo /etc/init.d/drbd start"
23754
msgstr ""
23755
23756
#: serverguide/C/clustering.xml:131(para)
23757
msgid ""
23758
"Now using the <application>drbdadm</application> utility initialize the meta "
23759
"data storage. On each server execute:"
23760
msgstr ""
23761
23762
#: serverguide/C/clustering.xml:137(command)
23763
msgid "sudo drbdadm create-md r0"
23764
msgstr ""
23765
23766
#: serverguide/C/clustering.xml:143(para)
23767
msgid ""
23768
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23769
"primary, enter the following:"
23770
msgstr ""
23771
23772
#: serverguide/C/clustering.xml:148(command)
23773
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23774
msgstr ""
23775
23776
#: serverguide/C/clustering.xml:154(para)
23777
msgid ""
23778
"After executing the above command, the data will start syncing with the "
23779
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
23780
"the following:"
23781
msgstr ""
23782
23783
#: serverguide/C/clustering.xml:160(command)
23784
msgid "watch -n1 cat /proc/drbd"
23785
msgstr ""
23786
23787
#: serverguide/C/clustering.xml:163(para)
23788
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23789
msgstr ""
23790
23791
#: serverguide/C/clustering.xml:170(para)
23792
msgid ""
23793
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23794
msgstr ""
23795
23796
#: serverguide/C/clustering.xml:175(command)
23797
msgid "sudo mkfs.ext3 /dev/drbd0"
23798
msgstr ""
23799
23800
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23801
msgid "sudo mount /dev/drbd0 /srv"
23802
msgstr ""
23803
23804
#: serverguide/C/clustering.xml:186(para)
23805
msgid ""
23806
"To test that the data is actually syncing between the hosts copy some files "
23807
"on the <emphasis>drbd01</emphasis>, the primary, to "
23808
"<filename>/srv</filename>:"
23809
msgstr ""
23810
23811
#: serverguide/C/clustering.xml:195(para)
23812
msgid "Next, unmount <filename>/srv</filename>:"
23813
msgstr ""
23814
23815
#: serverguide/C/clustering.xml:203(para)
23816
msgid ""
23817
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23818
"<emphasis>secondary</emphasis> role:"
23819
msgstr ""
23820
23821
#: serverguide/C/clustering.xml:208(command)
23822
msgid "sudo drbdadm secondary r0"
23823
msgstr ""
23824
23825
#: serverguide/C/clustering.xml:211(para)
23826
msgid ""
23827
"Now on the <emphasis>secondary</emphasis> server "
23828
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23829
msgstr ""
23830
23831
#: serverguide/C/clustering.xml:216(command)
23832
msgid "sudo drbdadm primary r0"
23833
msgstr ""
23834
23835
#: serverguide/C/clustering.xml:219(para)
23836
msgid "Lastly, mount the partition:"
23837
msgstr ""
23838
23839
#: serverguide/C/clustering.xml:227(para)
23840
msgid ""
23841
"Using <emphasis>ls</emphasis> you should see "
23842
"<filename>/srv/default</filename> copied from the former "
23843
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23844
msgstr ""
23845
23846
#: serverguide/C/clustering.xml:238(para)
23847
msgid ""
23848
"For more information on <application>DRBD</application> see the <ulink "
23849
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23850
msgstr ""
23851
23852
#: serverguide/C/clustering.xml:243(para)
23853
msgid ""
23854
"The <ulink "
23855
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
23856
">drbd.conf man page</ulink> contains details on the options not covered in "
23857
"this guide."
23858
msgstr ""
23859
23860
#: serverguide/C/clustering.xml:249(para)
23861
msgid ""
23862
"Also, see the <ulink "
23863
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
23864
"rbdadm man page</ulink>."
23865
msgstr ""
23866
23867
#: serverguide/C/clustering.xml:254(para)
23868
msgid ""
23869
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23870
"Wiki</ulink> page also has more information."
23871
msgstr ""
23872
23873
#: serverguide/C/chat.xml:13(title)
23874
msgid "Chat Applications"
23875
msgstr ""
23876
23877
#: serverguide/C/chat.xml:19(para)
23878
msgid ""
23879
"In this section, we will discuss how to install and configure a IRC server, "
23880
"<application>ircd-irc2</application>. We will also discuss how to install "
23881
"and configure Jabber, an instance messaging server."
23882
msgstr ""
23883
23884
#: serverguide/C/chat.xml:28(title)
23885
msgid "IRC Server"
23886
msgstr ""
23887
23888
#: serverguide/C/chat.xml:30(para)
23889
msgid ""
23890
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23891
"explains how to install and configure the original IRC server "
23892
"<application>ircd-irc2</application>."
23893
msgstr ""
23894
23895
#: serverguide/C/chat.xml:39(para)
23896
msgid ""
23897
"To install <application>ircd-irc2</application>, run the following command "
23898
"in the command prompt:"
23899
msgstr ""
23900
23901
#: serverguide/C/chat.xml:45(command)
23902
msgid "sudo apt-get install ircd-irc2"
23903
msgstr ""
23904
23905
#: serverguide/C/chat.xml:48(para)
23906
msgid ""
23907
"The configuration files are stored in <filename>/etc/ircd</filename> "
23908
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23909
"irc2</filename> directory."
23910
msgstr ""
23911
23912
#: serverguide/C/chat.xml:59(para)
23913
msgid ""
23914
"The IRC settings can be done in the configuration file "
23915
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23916
"this file by editing the following line:"
23917
msgstr ""
23918
23919
#: serverguide/C/chat.xml:64(programlisting)
23920
#, no-wrap
23921
msgid ""
23922
"\n"
23923
"M:irc.localhost::Debian ircd default configuration::000A\n"
23924
msgstr ""
23925
23926
#: serverguide/C/chat.xml:68(para)
23927
msgid ""
23928
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23929
"you set irc.livecipher.com as IRC host name, please make sure "
23930
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23931
"name should not be same as the host name."
23932
msgstr ""
23933
23934
#: serverguide/C/chat.xml:75(para)
23935
msgid ""
23936
"The IRC admin details can be configured by editing the following line:"
23937
msgstr ""
23938
23939
#: serverguide/C/chat.xml:80(programlisting)
23940
#, no-wrap
23941
msgid ""
23942
"\n"
23943
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23944
"Server::IRCnet:\n"
23945
msgstr ""
23946
23947
#: serverguide/C/chat.xml:84(para)
23948
msgid ""
23949
"You should add specific lines to configure the list of IRC ports to listen "
23950
"on, to configure Operator credentials, to configure client authentication, "
23951
"etc. For details, please refer to the example configuration file "
23952
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23953
msgstr ""
23954
23955
#: serverguide/C/chat.xml:92(para)
23956
msgid ""
23957
"The IRC banner to be displayed in the IRC client, when the user connects to "
23958
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23959
msgstr ""
23960
23961
#: serverguide/C/chat.xml:97(para)
23962
msgid ""
23963
"After making necessary changes to the configuration file, you can restart "
23964
"the IRC server using following command:"
23965
msgstr ""
23966
23967
#: serverguide/C/chat.xml:101(programlisting)
23968
#, no-wrap
23969
msgid ""
23970
"\n"
23971
"sudo /etc/init.d/ircd-irc2 restart\n"
23972
msgstr ""
23973
23974
#: serverguide/C/chat.xml:109(para)
23975
msgid ""
23976
"You may also be interested to take a look at other IRC servers available in "
23977
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23978
"<application>ircd-hybrid</application>."
23979
msgstr ""
23980
23981
#: serverguide/C/chat.xml:117(para)
23982
msgid ""
23983
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23984
"FAQ</ulink> for more details about the IRC Server."
23985
msgstr ""
23986
23987
#: serverguide/C/chat.xml:124(para)
23988
msgid ""
23989
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23990
"IRCD</ulink> page has more information."
23991
msgstr ""
23992
23993
#: serverguide/C/chat.xml:132(title)
23994
msgid "Jabber Instant Messaging Server"
23995
msgstr ""
23996
23997
#: serverguide/C/chat.xml:134(para)
23998
msgid ""
23999
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
24000
"XMPP, an open standard for instant messaging, and used by many popular "
24001
"applications. This section covers setting up a <emphasis>Jabberd "
24002
"2</emphasis> server on a local LAN. This configuration can also be adapted "
24003
"to providing messaging services to users over the Internet."
24004
msgstr ""
24005
24006
#: serverguide/C/chat.xml:143(para)
24007
msgid "To install <application>jabberd2</application>, in a terminal enter:"
24008
msgstr ""
24009
24010
#: serverguide/C/chat.xml:148(command)
24011
msgid "sudo apt-get install jabberd2"
24012
msgstr ""
24013
24014
#: serverguide/C/chat.xml:155(para)
24015
msgid ""
24016
"A couple of XML configuration files will be used to configure "
24017
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
24018
"authentication. This is a very simple form of authentication. However, "
24019
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
24020
"Postgresql, etc for for user authentication."
24021
msgstr ""
24022
24023
#: serverguide/C/chat.xml:162(para)
24024
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
24025
msgstr ""
24026
24027
#: serverguide/C/chat.xml:166(programlisting)
24028
#, no-wrap
24029
msgid ""
24030
"\n"
24031
" <id>jabber.example.com</id>\n"
24032
msgstr ""
24033
24034
#: serverguide/C/chat.xml:171(para)
24035
msgid ""
24036
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
24037
"id, of your server."
24038
msgstr ""
24039
24040
#: serverguide/C/chat.xml:176(para)
24041
msgid "Now in the <storage> section change the <driver> to:"
24042
msgstr ""
24043
24044
#: serverguide/C/chat.xml:180(programlisting)
24045
#, no-wrap
24046
msgid ""
24047
"\n"
24048
" <driver>db</driver>\n"
24049
msgstr ""
24050
24051
#: serverguide/C/chat.xml:184(para)
24052
msgid ""
24053
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
24054
"<emphasis><local></emphasis> section change:"
24055
msgstr ""
24056
24057
#: serverguide/C/chat.xml:188(programlisting)
24058
#, no-wrap
24059
msgid ""
24060
"\n"
24061
" <id>jabber.example.com</id>\n"
24062
msgstr ""
24063
24064
#: serverguide/C/chat.xml:192(para)
24065
msgid ""
24066
"And in the <authreg> section adjust the <module> section to:"
24067
msgstr ""
24068
24069
#: serverguide/C/chat.xml:196(programlisting)
24070
#, no-wrap
24071
msgid ""
24072
"\n"
24073
" <module>db</module>\n"
24074
msgstr ""
24075
24076
#: serverguide/C/chat.xml:200(para)
24077
msgid ""
24078
"Finally, restart <application>jabberd2</application> to enable the new "
24079
"settings:"
24080
msgstr ""
24081
24082
#: serverguide/C/chat.xml:205(command)
24083
msgid "sudo /etc/init.d/jabberd2 restart"
24084
msgstr ""
24085
24086
#: serverguide/C/chat.xml:208(para)
24087
msgid ""
24088
"You should now be able to connect to the server using a Jabber client like "
24089
"<application>Pidgin</application> for example."
24090
msgstr ""
24091
24092
#: serverguide/C/chat.xml:213(para)
24093
msgid ""
24094
"The advantage of using Berkeley DB for user data is that after being "
24095
"configured no additional maintenance is required. If you need more control "
24096
"over user accounts and credentials another authentication method is "
24097
"recommended."
24098
msgstr ""
24099
24100
#: serverguide/C/chat.xml:225(para)
24101
msgid ""
24102
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
24103
"Site</ulink> contains more details on configuring "
24104
"<application>Jabberd2</application>."
24105
msgstr ""
24106
24107
#: serverguide/C/chat.xml:231(para)
24108
msgid ""
24109
"For more authentication options see the <ulink "
24110
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
24111
"Guide</ulink>."
24112
msgstr ""
24113
24114
#: serverguide/C/chat.xml:236(para)
24115
msgid ""
24116
"Also, the <ulink "
24117
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
24118
"Jabber Server Ubuntu Wiki</ulink> page has more information."
24119
msgstr ""
24120
24121
#: serverguide/C/backups.xml:13(title)
24122
msgid "Backups"
24123
msgstr ""
24124
24125
#: serverguide/C/backups.xml:14(para)
24126
msgid ""
24127
"There are many ways to backup an Ubuntu installation. The most important "
24128
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
24129
"consisting of what to backup, where to back it up to, and how to restore it."
24130
msgstr ""
24131
24132
#: serverguide/C/backups.xml:18(para)
24133
msgid ""
24134
"The following sections discuss various ways of accomplishing these tasks."
24135
msgstr ""
24136
24137
#: serverguide/C/backups.xml:22(title)
24138
msgid "Shell Scripts"
24139
msgstr ""
24140
24141
#: serverguide/C/backups.xml:23(para)
24142
msgid ""
24143
"One of the simplest ways to backup a system is using a <emphasis>shell "
24144
"script</emphasis>. For example, a script can be used to configure which "
24145
"directories to backup, and use those directories as arguments to the "
24146
"<application>tar</application> utility creating an archive file. The archive "
24147
"file can then be moved or copied to another location. The archive can also "
24148
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
24149
msgstr ""
24150
24151
#: serverguide/C/backups.xml:29(para)
24152
msgid ""
24153
"The <application>tar</application> utility creates one archive file out of "
24154
"many files or directories. <application>tar</application> can also filter "
24155
"the files through compression utilities reducing the size of the archive "
24156
"file."
24157
msgstr ""
24158
24159
#: serverguide/C/backups.xml:35(title)
24160
msgid "Simple Shell Script"
24161
msgstr ""
24162
24163
#: serverguide/C/backups.xml:36(para)
24164
msgid ""
24165
"The following shell script uses <application>tar</application> to create an "
24166
"archive file on a remotely mounted NFS file system. The archive filename is "
24167
"determined using additional command line utilities."
24168
msgstr ""
24169
24170
#: serverguide/C/backups.xml:40(programlisting)
24171
#, no-wrap
24172
msgid ""
24173
"\n"
24174
"#!/bin/sh\n"
24175
"####################################\n"
24176
"#\n"
24177
"# Backup to NFS mount script.\n"
24178
"#\n"
24179
"####################################\n"
24180
"\n"
24181
"# What to backup. \n"
24182
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24183
"\n"
24184
"# Where to backup to.\n"
24185
"dest=\"/mnt/backup\"\n"
24186
"\n"
24187
"# Create archive filename.\n"
24188
"day=$(date +%A)\n"
24189
"hostname=$(hostname -s)\n"
24190
"archive_file=\"$hostname-$day.tgz\"\n"
24191
"\n"
24192
"# Print start status message.\n"
24193
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24194
"date\n"
24195
"echo\n"
24196
"\n"
24197
"# Backup the files using tar.\n"
24198
"tar czf $dest/$archive_file $backup_files\n"
24199
"\n"
24200
"# Print end status message.\n"
24201
"echo\n"
24202
"echo \"Backup finished\"\n"
24203
"date\n"
24204
"\n"
24205
"# Long listing of files in $dest to check file sizes.\n"
24206
"ls -lh $dest\n"
24207
msgstr ""
24208
24209
#: serverguide/C/backups.xml:77(para)
24210
msgid ""
24211
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
24212
"would like to backup. The list should be customized to fit your needs."
24213
msgstr ""
24214
24215
#: serverguide/C/backups.xml:83(para)
24216
msgid ""
24217
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
24218
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
24219
"day of the week, giving a backup history of seven days. There are other ways "
24220
"to accomplish this including other ways using the "
24221
"<application>date</application> utility."
24222
msgstr ""
24223
24224
#: serverguide/C/backups.xml:90(para)
24225
msgid ""
24226
"<emphasis>$hostname:</emphasis> variable containing the "
24227
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
24228
"archive filename gives you the option of placing daily archive files from "
24229
"multiple systems in the same directory."
24230
msgstr ""
24231
24232
#: serverguide/C/backups.xml:97(para)
24233
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
24234
msgstr ""
24235
24236
#: serverguide/C/backups.xml:102(para)
24237
msgid ""
24238
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
24239
"needs to be created and in this case <emphasis>mounted</emphasis> before "
24240
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
24241
"details using <emphasis>NFS</emphasis>."
24242
msgstr ""
24243
24244
#: serverguide/C/backups.xml:109(para)
24245
msgid ""
24246
"<emphasis>status messages:</emphasis> optional messages printed to the "
24247
"console using the <application>echo</application> utility."
24248
msgstr ""
24249
24250
#: serverguide/C/backups.xml:115(para)
24251
msgid ""
24252
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
24253
"<application>tar</application> command used to create the archive file."
24254
msgstr ""
24255
24256
#: serverguide/C/backups.xml:121(para)
24257
msgid "<emphasis>c:</emphasis> creates an archive."
24258
msgstr ""
24259
24260
#: serverguide/C/backups.xml:126(para)
24261
msgid ""
24262
"<emphasis>z:</emphasis> filter the archive through the "
24263
"<application>gzip</application> utility compressing the archive."
24264
msgstr ""
24265
24266
#: serverguide/C/backups.xml:131(para)
24267
msgid ""
24268
"<emphasis>f:</emphasis> use archive file. Otherwise the "
24269
"<application>tar</application> output will be sent to STDOUT."
24270
msgstr ""
24271
24272
#: serverguide/C/backups.xml:138(para)
24273
msgid ""
24274
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
24275
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
24276
"of the destination directory. This is useful for a quick file size check of "
24277
"the archive file. This check should not replace testing the archive file."
24278
msgstr ""
24279
24280
#: serverguide/C/backups.xml:145(para)
24281
msgid ""
24282
"This is a simple example of a backup shell script. There are large amount of "
24283
"options that can be included in a backup script. See <xref linkend=\"backup-"
24284
"shellscript-references\"/> for links to resources providing more in depth "
24285
"shell scripting information."
24286
msgstr ""
24287
24288
#: serverguide/C/backups.xml:152(title)
24289
msgid "Executing the Script"
24290
msgstr ""
24291
24292
#: serverguide/C/backups.xml:154(title)
24293
msgid "Executing from a Terminal"
24294
msgstr ""
24295
24296
#: serverguide/C/backups.xml:155(para)
24297
msgid ""
24298
"The simplest way of executing the above backup script is to copy and paste "
24299
"the contents into a file. <filename>backup.sh</filename> for example. Then "
24300
"from a terminal prompt:"
24301
msgstr ""
24302
24303
#: serverguide/C/backups.xml:160(command)
24304
msgid "sudo bash backup.sh"
24305
msgstr ""
24306
24307
#: serverguide/C/backups.xml:162(para)
24308
msgid ""
24309
"This is a great way to test the script to make sure everything works as "
24310
"expected."
24311
msgstr ""
24312
24313
#: serverguide/C/backups.xml:167(title)
24314
msgid "Executing with cron"
24315
msgstr ""
24316
24317
#: serverguide/C/backups.xml:168(para)
24318
msgid ""
24319
"The <application>cron</application> utility can be used to automate the "
24320
"script execution. The <application>cron</application> daemon allows the "
24321
"execution of scripts, or commands, at a specified time and date."
24322
msgstr ""
24323
24324
#: serverguide/C/backups.xml:172(para)
24325
msgid ""
24326
"<application>cron</application> is configured through entries in a "
24327
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
24328
"separated into fields:"
24329
msgstr ""
24330
24331
#: serverguide/C/backups.xml:176(programlisting)
24332
#, no-wrap
24333
msgid ""
24334
"\n"
24335
"# m h dom mon dow command\n"
24336
msgstr ""
24337
24338
#: serverguide/C/backups.xml:181(para)
24339
msgid ""
24340
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
24341
msgstr ""
24342
24343
#: serverguide/C/backups.xml:186(para)
24344
msgid ""
24345
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
24346
msgstr ""
24347
24348
#: serverguide/C/backups.xml:191(para)
24349
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
24350
msgstr ""
24351
24352
#: serverguide/C/backups.xml:196(para)
24353
msgid ""
24354
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
24355
msgstr ""
24356
24357
#: serverguide/C/backups.xml:201(para)
24358
msgid ""
24359
"<emphasis>dow:</emphasis> the day of the week the command executes on "
24360
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
24361
"valid."
24362
msgstr ""
24363
24364
#: serverguide/C/backups.xml:206(para)
24365
msgid "<emphasis>command:</emphasis> the command to execute."
24366
msgstr ""
24367
24368
#: serverguide/C/backups.xml:211(para)
24369
msgid ""
24370
"To add or change entries in a <filename>crontab</filename> file the "
24371
"<application>crontab -e</application> command should be used. Also, the "
24372
"contents of a <filename>crontab</filename> file can be viewed using the "
24373
"<application>crontab -l</application> command."
24374
msgstr ""
24375
24376
#: serverguide/C/backups.xml:215(para)
24377
msgid ""
24378
"To execute the <application>backup.sh</application> script listed above "
24379
"using <application>cron</application>. Enter the following from a terminal "
24380
"prompt:"
24381
msgstr ""
24382
24383
#: serverguide/C/backups.xml:220(command)
24384
msgid "sudo crontab -e"
24385
msgstr ""
24386
24387
#: serverguide/C/backups.xml:223(para)
24388
msgid ""
24389
"Using <application>sudo</application> with the <application>crontab -"
24390
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
24391
"This is necessary if you are backing up directories only the root user has "
24392
"access to."
24393
msgstr ""
24394
24395
#: serverguide/C/backups.xml:228(para)
24396
msgid "Add the following entry to the <filename>crontab</filename> file:"
24397
msgstr ""
24398
24399
#: serverguide/C/backups.xml:231(programlisting)
24400
#, no-wrap
24401
msgid ""
24402
"\n"
24403
"# m h dom mon dow command\n"
24404
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24405
msgstr ""
24406
24407
#: serverguide/C/backups.xml:235(para)
24408
msgid ""
24409
"The <application>backup.sh</application> script will now be executed every "
24410
"day at 12:00 am."
24411
msgstr ""
24412
24413
#: serverguide/C/backups.xml:239(para)
24414
msgid ""
24415
"The <application>backup.sh</application> script will need to be copied to "
24416
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
24417
"to execute properly. The script can reside anywhere on the file system "
24418
"simply change the script path appropriately."
24419
msgstr ""
24420
24421
#: serverguide/C/backups.xml:244(para)
24422
msgid ""
24423
"For more in depth <application>crontab</application> options see <xref "
24424
"linkend=\"backup-shellscript-references\"/>."
24425
msgstr ""
24426
24427
#: serverguide/C/backups.xml:250(title)
24428
msgid "Restoring from the Archive"
24429
msgstr ""
24430
24431
#: serverguide/C/backups.xml:251(para)
24432
msgid ""
24433
"Once an archive has been created it is important to test the archive. The "
24434
"archive can be tested by listing the files it contains, but the best test is "
24435
"to <emphasis>restore</emphasis> a file from the archive."
24436
msgstr ""
24437
24438
#: serverguide/C/backups.xml:257(para)
24439
msgid "To see a listing of the archive contents. From a terminal prompt:"
24440
msgstr ""
24441
24442
#: serverguide/C/backups.xml:261(command)
24443
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
24444
msgstr ""
24445
24446
#: serverguide/C/backups.xml:265(para)
24447
msgid "To restore a file from the archive to a different directory enter:"
24448
msgstr ""
24449
24450
#: serverguide/C/backups.xml:269(command)
24451
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24452
msgstr ""
24453
24454
#: serverguide/C/backups.xml:271(para)
24455
msgid ""
24456
"The <emphasis>-C</emphasis> option to <application>tar</application> "
24457
"redirects the extracted files to the specified directory. The above example "
24458
"will extract the <filename>/etc/hosts</filename> file to "
24459
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
24460
"recreates the directory structure that it contains."
24461
msgstr ""
24462
24463
#: serverguide/C/backups.xml:276(para)
24464
msgid ""
24465
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
24466
"the file to restore."
24467
msgstr ""
24468
24469
#: serverguide/C/backups.xml:281(para)
24470
msgid "To restore all files in the archive enter the following:"
24471
msgstr ""
24472
24473
#: serverguide/C/backups.xml:285(command)
24474
msgid "cd /"
24475
msgstr ""
24476
24477
#: serverguide/C/backups.xml:286(command)
24478
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24479
msgstr ""
24480
24481
#: serverguide/C/backups.xml:291(para)
24482
msgid "This will overwrite the files currently on the file system."
24483
msgstr ""
24484
24485
#: serverguide/C/backups.xml:300(para)
24486
msgid ""
24487
"For more information on shell scripting see the <ulink "
24488
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
24489
msgstr ""
24490
24491
#: serverguide/C/backups.xml:305(para)
24492
msgid ""
24493
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
24494
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
24495
"great resource for shell scripting."
24496
msgstr ""
24497
24498
#: serverguide/C/backups.xml:311(para)
24499
msgid ""
24500
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
24501
"Wiki Page</ulink> contains details on advanced "
24502
"<application>cron</application> options."
24503
msgstr ""
24504
24505
#: serverguide/C/backups.xml:318(para)
24506
msgid ""
24507
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
24508
"tar Manual</ulink> for more <application>tar</application> options."
24509
msgstr ""
24510
24511
#: serverguide/C/backups.xml:324(para)
24512
msgid ""
24513
"The Wikipedia <ulink "
24514
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
24515
"Scheme</ulink> article contains information on other backup rotation schemes."
24516
msgstr ""
24517
24518
#: serverguide/C/backups.xml:330(para)
24519
msgid ""
24520
"The shell script uses <application>tar</application> to create the archive, "
24521
"but there many other command line utilities that can be used. For example:"
24522
msgstr ""
24523
24524
#: serverguide/C/backups.xml:336(para)
24525
msgid ""
24526
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
24527
"files to and from archives."
24528
msgstr ""
24529
24530
#: serverguide/C/backups.xml:341(para)
24531
msgid ""
24532
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
24533
"the <application>coreutils</application> package. A low level utility that "
24534
"can copy data from one format to another"
24535
msgstr ""
24536
24537
#: serverguide/C/backups.xml:347(para)
24538
msgid ""
24539
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
24540
"snap shot utility used to create copies of an entire file system."
24541
msgstr ""
24542
24543
#: serverguide/C/backups.xml:358(title)
24544
msgid "Archive Rotation"
24545
msgstr ""
24546
24547
#: serverguide/C/backups.xml:359(para)
24548
msgid ""
24549
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
24550
"allows for seven different archives. For a server whose data doesn't change "
24551
"often this may be enough. If the server has a large amount of data a more "
24552
"robust rotation scheme should be used."
24553
msgstr ""
24554
24555
#: serverguide/C/backups.xml:365(title)
24556
msgid "Rotating NFS Archives"
24557
msgstr ""
24558
24559
#: serverguide/C/backups.xml:366(para)
24560
msgid ""
24561
"In this section the shell script will be slightly modified to implement a "
24562
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
24563
msgstr ""
24564
24565
#: serverguide/C/backups.xml:372(para)
24566
msgid ""
24567
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
24568
"Friday."
24569
msgstr ""
24570
24571
#: serverguide/C/backups.xml:377(para)
24572
msgid ""
24573
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
24574
"weekly backups a month."
24575
msgstr ""
24576
24577
#: serverguide/C/backups.xml:382(para)
24578
msgid ""
24579
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
24580
"rotating two monthly backups based on if the month is odd or even."
24581
msgstr ""
24582
24583
#: serverguide/C/backups.xml:388(para)
24584
msgid "Here is the new script:"
24585
msgstr ""
24586
24587
#: serverguide/C/backups.xml:391(programlisting)
24588
#, no-wrap
24589
msgid ""
24590
"\n"
24591
"#!/bin/bash\n"
24592
"####################################\n"
24593
"#\n"
24594
"# Backup to NFS mount script with\n"
24595
"# grandfather-father-son rotation.\n"
24596
"#\n"
24597
"####################################\n"
24598
"\n"
24599
"# What to backup. \n"
24600
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24601
"\n"
24602
"# Where to backup to.\n"
24603
"dest=\"/mnt/backup\"\n"
24604
"\n"
24605
"# Setup variables for the archive filename.\n"
24606
"day=$(date +%A)\n"
24607
"hostname=$(hostname -s)\n"
24608
"\n"
24609
"# Find which week of the month 1-4 it is.\n"
24610
"day_num=$(date +%d)\n"
24611
"if (( $day_num <= 7 )); then\n"
24612
" week_file=\"$hostname-week1.tgz\"\n"
24613
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24614
" week_file=\"$hostname-week2.tgz\"\n"
24615
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24616
" week_file=\"$hostname-week3.tgz\"\n"
24617
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24618
" week_file=\"$hostname-week4.tgz\"\n"
24619
"fi\n"
24620
"\n"
24621
"# Find if the Month is odd or even.\n"
24622
"month_num=$(date +%m)\n"
24623
"month=$(expr $month_num % 2)\n"
24624
"if [ $month -eq 0 ]; then\n"
24625
" month_file=\"$hostname-month2.tgz\"\n"
24626
"else\n"
24627
" month_file=\"$hostname-month1.tgz\"\n"
24628
"fi\n"
24629
"\n"
24630
"# Create archive filename.\n"
24631
"if [ $day_num == 1 ]; then\n"
24632
"\tarchive_file=$month_file\n"
24633
"elif [ $day != \"Saturday\" ]; then\n"
24634
" archive_file=\"$hostname-$day.tgz\"\n"
24635
"else \n"
24636
"\tarchive_file=$week_file\n"
24637
"fi\n"
24638
"\n"
24639
"# Print start status message.\n"
24640
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24641
"date\n"
24642
"echo\n"
24643
"\n"
24644
"# Backup the files using tar.\n"
24645
"tar czf $dest/$archive_file $backup_files\n"
24646
"\n"
24647
"# Print end status message.\n"
24648
"echo\n"
24649
"echo \"Backup finished\"\n"
24650
"date\n"
24651
"\n"
24652
"# Long listing of files in $dest to check file sizes.\n"
24653
"ls -lh $dest/\n"
24654
msgstr ""
24655
24656
#: serverguide/C/backups.xml:456(para)
24657
msgid ""
24658
"The script can be executed using the same methods as in <xref "
24659
"linkend=\"backup-executing-shellscript\"/>."
24660
msgstr ""
24661
24662
#: serverguide/C/backups.xml:459(para)
24663
msgid ""
24664
"It is good practice to take backup media off site in case of a disaster. In "
24665
"the shell script example the backup media is another server providing an NFS "
24666
"share. In all likelihood taking the NFS server to another location would not "
24667
"be practical. Depending upon connection speeds it may be an option to copy "
24668
"the archive file over a WAN link to a server in another location."
24669
msgstr ""
24670
24671
#: serverguide/C/backups.xml:465(para)
24672
msgid ""
24673
"Another option is to copy the archive file to an external hard drive which "
24674
"can then be taken off site. Since the price of external hard drives continue "
24675
"to decrease it may be cost-effective to use two drives for each archive "
24676
"level. This would allow you to have one external drive attached to the "
24677
"backup server and one in another location."
24678
msgstr ""
24679
24680
#: serverguide/C/backups.xml:472(title)
24681
msgid "Tape Drives"
24682
msgstr ""
24683
24684
#: serverguide/C/backups.xml:473(para)
24685
msgid ""
24686
"A tape drive attached to the server can be used instead of a NFS share. "
24687
"Using a tape drive simplifies archive rotation, and taking the media off "
24688
"site as well."
24689
msgstr ""
24690
24691
#: serverguide/C/backups.xml:477(para)
24692
msgid ""
24693
"When using a tape drive the filename portions of the script aren't needed "
24694
"because the date is sent directly to the tape device. Some commands to "
24695
"manipulate the tape are needed. This is accomplished using "
24696
"<application>mt</application>, a magnetic tape control utility part of the "
24697
"<application>cpio</application> package."
24698
msgstr ""
24699
24700
#: serverguide/C/backups.xml:482(para)
24701
msgid "Here is the shell script modified to use a tape drive:"
24702
msgstr ""
24703
24704
#: serverguide/C/backups.xml:485(programlisting)
24705
#, no-wrap
24706
msgid ""
24707
"\n"
24708
"#!/bin/bash\n"
24709
"####################################\n"
24710
"#\n"
24711
"# Backup to tape drive script.\n"
24712
"#\n"
24713
"####################################\n"
24714
"\n"
24715
"# What to backup. \n"
24716
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24717
"\n"
24718
"# Where to backup to.\n"
24719
"dest=\"/dev/st0\"\n"
24720
"\n"
24721
"# Print start status message.\n"
24722
"echo \"Backing up $backup_files to $dest\"\n"
24723
"date\n"
24724
"echo\n"
24725
"\n"
24726
"# Make sure the tape is rewound.\n"
24727
"mt -f $dest rewind\n"
24728
"\n"
24729
"# Backup the files using tar.\n"
24730
"tar czf $dest $backup_files\n"
24731
"\n"
24732
"# Rewind and eject the tape.\n"
24733
"mt -f $dest rewoffl\n"
24734
"\n"
24735
"# Print end status message.\n"
24736
"echo\n"
24737
"echo \"Backup finished\"\n"
24738
"date\n"
24739
msgstr ""
24740
24741
#: serverguide/C/backups.xml:519(para)
24742
msgid ""
24743
"The default device name for a SCSI tape drive is "
24744
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24745
"system."
24746
msgstr ""
24747
24748
#: serverguide/C/backups.xml:524(para)
24749
msgid ""
24750
"Restoring from a tape drive is basically the same as restoring from a file. "
24751
"Simply rewind the tape and use the device path instead of a file path. For "
24752
"example to restore the <filename>/etc/hosts</filename> file to "
24753
"<filename>/tmp/etc/hosts</filename>:"
24754
msgstr ""
24755
24756
#: serverguide/C/backups.xml:529(command)
24757
msgid "mt -f /dev/st0 rewind"
24758
msgstr ""
24759
24760
#: serverguide/C/backups.xml:530(command)
24761
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24762
msgstr ""
24763
24764
#: serverguide/C/backups.xml:535(title)
24765
msgid "Bacula"
24766
msgstr ""
24767
24768
#: serverguide/C/backups.xml:536(para)
24769
msgid ""
24770
"<application>Bacula</application> is a backup program enabling you to "
24771
"backup, restore, and verify data across your network. There are Bacula "
24772
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
24773
"wide solution."
24774
msgstr ""
24775
24776
#: serverguide/C/backups.xml:542(para)
24777
msgid ""
24778
"<application>Bacula</application> is made up of several components and "
24779
"services used to manage which files to backup and where to back them up to:"
24780
msgstr ""
24781
24782
#: serverguide/C/backups.xml:548(para)
24783
msgid ""
24784
"<application>Bacula Director:</application> a service that controls all "
24785
"backup, restore, verify, and archive operations."
24786
msgstr ""
24787
24788
#: serverguide/C/backups.xml:553(para)
24789
msgid ""
24790
"<application>Bacula Console:</application> an application allowing "
24791
"communication with the Director. There are three versions of the Console:"
24792
msgstr ""
24793
24794
#: serverguide/C/backups.xml:558(para)
24795
msgid "Text based command line version."
24796
msgstr ""
24797
24798
#: serverguide/C/backups.xml:559(para)
24799
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24800
msgstr ""
24801
24802
#: serverguide/C/backups.xml:560(para)
24803
msgid "wxWidgets GUI interface."
24804
msgstr ""
24805
24806
#: serverguide/C/backups.xml:564(para)
24807
msgid ""
24808
"<application>Bacula File:</application> also known as the "
24809
"<application>Bacula Client</application> program. This application is "
24810
"installed on machines to be backed up, and is responsible for the data "
24811
"requested by the Director."
24812
msgstr ""
24813
24814
#: serverguide/C/backups.xml:570(para)
24815
msgid ""
24816
"<application>Bacula Storage:</application> the programs that perform the "
24817
"storage and recovery of data to the physical media."
24818
msgstr ""
24819
24820
#: serverguide/C/backups.xml:575(para)
24821
msgid ""
24822
"<application>Bacula Catalog:</application> is responsible for maintaining "
24823
"the file indexes and volume databases for all files backed up, enabling "
24824
"quick location and restoration of archived files. The Catalog supports three "
24825
"different databases MySQL, PostgreSQL, and SQLite."
24826
msgstr ""
24827
24828
#: serverguide/C/backups.xml:581(para)
24829
msgid ""
24830
"<application>Bacula Monitor:</application> allows the monitoring of the "
24831
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24832
"available as a GTK+ GUI application."
24833
msgstr ""
24834
24835
#: serverguide/C/backups.xml:587(para)
24836
msgid ""
24837
"These services and applications can be run on multiple servers and clients, "
24838
"or they can be installed on one machine if backing up a single disk or "
24839
"volume."
24840
msgstr ""
24841
24842
#: serverguide/C/backups.xml:594(para)
24843
msgid ""
24844
"There are multiple packages containing the different "
24845
"<application>Bacula</application> components. To install Bacula, from a "
24846
"terminal prompt enter:"
24847
msgstr ""
24848
24849
#: serverguide/C/backups.xml:599(command)
24850
msgid "sudo apt-get install bacula"
24851
msgstr ""
24852
24853
#: serverguide/C/backups.xml:601(para)
24854
msgid ""
24855
"By default installing the <application>bacula</application> package will use "
24856
"a <application>MySQL</application> database for the Catalog. If you want to "
24857
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24858
"director-sqlite3</application> or <application>bacula-director-"
24859
"pgsql</application> respectively."
24860
msgstr ""
24861
24862
#: serverguide/C/backups.xml:607(para)
24863
msgid ""
24864
"During the install process you will be asked to supply credentials for the "
24865
"database <emphasis>administrator</emphasis> and the "
24866
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24867
"database administrator will need to have the appropriate rights to create a "
24868
"database, see <xref linkend=\"mysql\"/> for more information."
24869
msgstr ""
24870
24871
#: serverguide/C/backups.xml:617(para)
24872
msgid ""
24873
"<application>Bacula</application> configuration files are formatted based on "
24874
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24875
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24876
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24877
"directory."
24878
msgstr ""
24879
24880
#: serverguide/C/backups.xml:622(para)
24881
msgid ""
24882
"The various <application>Bacula</application> components must authorize "
24883
"themselves to each other. This is accomplished using the "
24884
"<emphasis>password</emphasis> directive. For example, the "
24885
"<emphasis>Storage</emphasis> resource password in the "
24886
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24887
"<emphasis>Director</emphasis> resource password in "
24888
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24889
msgstr ""
24890
24891
#: serverguide/C/backups.xml:628(para)
24892
msgid ""
24893
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24894
"to archive the <application>Bacula</application> Catalog. If you plan on "
24895
"using the server to backup more than one client you should change the name "
24896
"of this job to something more descriptive. To change the name edit "
24897
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24898
msgstr ""
24899
24900
#: serverguide/C/backups.xml:633(programlisting)
24901
#, no-wrap
24902
msgid ""
24903
"\n"
24904
"#\n"
24905
"# Define the main nightly save backup job\n"
24906
"# By default, this job will back up to disk in \n"
24907
"Job {\n"
24908
" Name = \"BackupServer\"\n"
24909
" JobDefs = \"DefaultJob\"\n"
24910
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24911
"}\n"
24912
msgstr ""
24913
24914
#: serverguide/C/backups.xml:644(para)
24915
msgid ""
24916
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24917
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24918
"your appropriate hostname, or other descriptive name."
24919
msgstr ""
24920
24921
#: serverguide/C/backups.xml:649(para)
24922
msgid ""
24923
"The <emphasis>Console</emphasis> can be used to query the "
24924
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24925
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24926
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24927
"the following from a terminal:"
24928
msgstr ""
24929
24930
#: serverguide/C/backups.xml:655(command)
24931
msgid "sudo adduser $username bacula"
24932
msgstr ""
24933
24934
#: serverguide/C/backups.xml:658(para)
24935
msgid ""
24936
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24937
"you are adding the current user to the group you should log out and back in "
24938
"for the new permissions to take effect."
24939
msgstr ""
24940
24941
#: serverguide/C/backups.xml:665(title)
24942
msgid "Localhost Backup"
24943
msgstr ""
24944
24945
#: serverguide/C/backups.xml:666(para)
24946
msgid ""
24947
"This section describes how to backup specified directories on a single host "
24948
"to a local tape drive."
24949
msgstr ""
24950
24951
#: serverguide/C/backups.xml:671(para)
24952
msgid ""
24953
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24954
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24955
msgstr ""
24956
24957
#: serverguide/C/backups.xml:674(programlisting)
24958
#, no-wrap
24959
msgid ""
24960
"\n"
24961
"Device {\n"
24962
" Name = \"Tape Drive\"\n"
24963
" Device Type = tape\n"
24964
" Media Type = DDS-4\n"
24965
" Archive Device = /dev/st0\n"
24966
" Hardware end of medium = No;\n"
24967
" AutomaticMount = yes; # when device opened, read it\n"
24968
" AlwaysOpen = Yes;\n"
24969
" RemovableMedia = yes;\n"
24970
" RandomAccess = no;\n"
24971
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24972
"}\n"
24973
msgstr ""
24974
24975
#: serverguide/C/backups.xml:688(para)
24976
msgid ""
24977
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24978
"Type and Archive Device to match your hardware."
24979
msgstr ""
24980
24981
#: serverguide/C/backups.xml:691(para)
24982
msgid "You could also uncomment one of the other examples in the file."
24983
msgstr ""
24984
24985
#: serverguide/C/backups.xml:696(para)
24986
msgid ""
24987
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24988
"<application>Storage</application> daemon will need to be restarted:"
24989
msgstr ""
24990
24991
#: serverguide/C/backups.xml:701(command)
24992
msgid "sudo /etc/init.d/bacula-sd restart"
24993
msgstr ""
24994
24995
#: serverguide/C/backups.xml:705(para)
24996
msgid ""
24997
"Now add a <emphasis>Storage</emphasis> resource in "
24998
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24999
msgstr ""
25000
25001
#: serverguide/C/backups.xml:708(programlisting)
25002
#, no-wrap
25003
msgid ""
25004
"\n"
25005
"# Definition of \"Tape Drive\" storage device\n"
25006
"Storage {\n"
25007
" Name = TapeDrive\n"
25008
" # Do not use \"localhost\" here \n"
25009
" Address = backupserver # N.B. Use a fully qualified name "
25010
"here\n"
25011
" SDPort = 9103\n"
25012
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
25013
" Device = \"Tape Drive\"\n"
25014
" Media Type = tape\n"
25015
"}\n"
25016
msgstr ""
25017
25018
#: serverguide/C/backups.xml:720(para)
25019
msgid ""
25020
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
25021
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
25022
"to the actual host name."
25023
msgstr ""
25024
25025
#: serverguide/C/backups.xml:724(para)
25026
msgid ""
25027
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
25028
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
25029
msgstr ""
25030
25031
#: serverguide/C/backups.xml:730(para)
25032
msgid ""
25033
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
25034
"directories to backup, by adding:"
25035
msgstr ""
25036
25037
#: serverguide/C/backups.xml:733(programlisting)
25038
#, no-wrap
25039
msgid ""
25040
"\n"
25041
"# LocalhostBacup FileSet.\n"
25042
"FileSet {\n"
25043
" Name = \"LocalhostFiles\"\n"
25044
" Include {\n"
25045
" Options {\n"
25046
" signature = MD5\n"
25047
" compression=GZIP\n"
25048
" }\n"
25049
" File = /etc\n"
25050
" File = /home\n"
25051
" }\n"
25052
"}\n"
25053
msgstr ""
25054
25055
#: serverguide/C/backups.xml:747(para)
25056
msgid ""
25057
"This <emphasis>FileSet</emphasis> will backup the <filename "
25058
"role=\"directory\">/etc</filename> and <filename "
25059
"role=\"directory\">/home</filename> directories. The "
25060
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
25061
"create a MD5 signature for each file backed up, and to compress the files "
25062
"using GZIP."
25063
msgstr ""
25064
25065
#: serverguide/C/backups.xml:754(para)
25066
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
25067
msgstr ""
25068
25069
#: serverguide/C/backups.xml:757(programlisting)
25070
#, no-wrap
25071
msgid ""
25072
"\n"
25073
"# LocalhostBackup Schedule -- Daily.\n"
25074
"Schedule {\n"
25075
" Name = \"LocalhostDaily\"\n"
25076
" Run = Full daily at 00:01\n"
25077
"}\n"
25078
msgstr ""
25079
25080
#: serverguide/C/backups.xml:764(para)
25081
msgid ""
25082
"The job will run every day at 00:01 or 12:01 am. There are many other "
25083
"scheduling options available."
25084
msgstr ""
25085
25086
#: serverguide/C/backups.xml:769(para)
25087
msgid "Finally create the <emphasis>Job</emphasis>:"
25088
msgstr ""
25089
25090
#: serverguide/C/backups.xml:772(programlisting)
25091
#, no-wrap
25092
msgid ""
25093
"\n"
25094
"# Localhost backup.\n"
25095
"Job {\n"
25096
" Name = \"LocalhostBackup\"\n"
25097
" JobDefs = \"DefaultJob\"\n"
25098
" Enabled = yes\n"
25099
" Level = Full\n"
25100
" FileSet = \"LocalhostFiles\"\n"
25101
" Schedule = \"LocalhostDaily\"\n"
25102
" Storage = TapeDrive\n"
25103
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
25104
"} \n"
25105
msgstr ""
25106
25107
#: serverguide/C/backups.xml:785(para)
25108
msgid ""
25109
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
25110
"drive."
25111
msgstr ""
25112
25113
#: serverguide/C/backups.xml:790(para)
25114
msgid ""
25115
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
25116
"current tape does not have a label <application>Bacula</application> will "
25117
"send an email letting you know. To label a tape using the "
25118
"<application>Console</application> enter the following from a terminal:"
25119
msgstr ""
25120
25121
#: serverguide/C/backups.xml:796(command)
25122
msgid "bconsole"
25123
msgstr ""
25124
25125
#: serverguide/C/backups.xml:800(para)
25126
msgid "At the Bacula Console prompt enter:"
25127
msgstr ""
25128
25129
#: serverguide/C/backups.xml:804(command)
25130
msgid "label"
25131
msgstr ""
25132
25133
#: serverguide/C/backups.xml:808(para)
25134
msgid ""
25135
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
25136
msgstr ""
25137
25138
#: serverguide/C/backups.xml:818(userinput)
25139
#, no-wrap
25140
msgid "2"
25141
msgstr ""
25142
25143
#: serverguide/C/backups.xml:812(computeroutput)
25144
#, no-wrap
25145
msgid ""
25146
"\n"
25147
"Automatically selected Catalog: MyCatalog\n"
25148
"Using Catalog \"MyCatalog\"\n"
25149
"The defined Storage resources are:\n"
25150
" 1: File\n"
25151
" 2: TapeDrive\n"
25152
"Select Storage resource (1-2):<placeholder-1/>\n"
25153
msgstr ""
25154
25155
#: serverguide/C/backups.xml:823(para)
25156
msgid "Enter the new <emphasis>Volume</emphasis> name:"
25157
msgstr ""
25158
25159
#: serverguide/C/backups.xml:828(userinput)
25160
#, no-wrap
25161
msgid "Sunday"
25162
msgstr ""
25163
25164
#: serverguide/C/backups.xml:827(computeroutput)
25165
#, no-wrap
25166
msgid ""
25167
"\n"
25168
"Enter new Volume name: <placeholder-1/>\n"
25169
"Defined Pools:\n"
25170
" 1: Default\n"
25171
" 2: Scratch"
25172
msgstr ""
25173
25174
#: serverguide/C/backups.xml:833(para)
25175
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
25176
msgstr ""
25177
25178
#: serverguide/C/backups.xml:838(para)
25179
msgid "Now, select the <emphasis>Pool</emphasis>:"
25180
msgstr ""
25181
25182
#: serverguide/C/backups.xml:843(userinput)
25183
#, no-wrap
25184
msgid "1"
25185
msgstr ""
25186
25187
#: serverguide/C/backups.xml:842(computeroutput)
25188
#, no-wrap
25189
msgid ""
25190
"\n"
25191
"Select the Pool (1-2): <placeholder-1/>\n"
25192
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
25193
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
25194
msgstr ""
25195
25196
#: serverguide/C/backups.xml:850(para)
25197
msgid ""
25198
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
25199
"backup the localhost to an attached tape drive."
25200
msgstr ""
25201
25202
#: serverguide/C/backups.xml:858(para)
25203
msgid ""
25204
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
25205
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
25206
"Manual</ulink>"
25207
msgstr ""
25208
25209
#: serverguide/C/backups.xml:864(para)
25210
msgid ""
25211
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
25212
"the latest Bacula news and developments."
25213
msgstr ""
25214
"คุณสามารถอ่านข่าวคราวล่าสุดเกี่ยวกับ Bacula ได้ที่<ulink "
25215
"url=\"http://www.bacula.org/\">หน้าโฮมเพจของ Bacula</ulink>"
25216
25217
#: serverguide/C/backups.xml:869(para)
25218
msgid ""
25219
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
25220
"Ubuntu Wiki</ulink> page."
25221
msgstr ""
25222
25223
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
25224
#: serverguide/C/backups.xml:0(None)
25225
msgid "translator-credits"
25226
msgstr ""
25227
"Launchpad Contributions:\n"
25228
" Matthew East https://launchpad.net/~mdke\n"
25229
" SiraNokyoongtong https://launchpad.net/~gumara\n"
25230
" Sukit Arseanrapoj https://launchpad.net/~sukit"
25231
25232
#~ msgid "sudo /etc/init.d/samba restart"
25233
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1