« back to all changes in this revision
Viewing changes to serverguide/po/vi.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/vi.po
1
# Vietnamese translation for ubuntu-docs
2
# Copyright (c) 2007 Rosetta Contributors and Canonical Ltd 2007
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2007.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2009-10-20 03:54+0000\n"
12
"Last-Translator: Launchpad Translations Administrators "
13
"<rosetta@launchpad.net>\n"
14
"Language-Team: Vietnamese <vi@li.org>\n"
15
"MIME-Version: 1.0\n"
16
"Content-Type: text/plain; charset=UTF-8\n"
17
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2010-09-18 10:45+0000\n"
19
"X-Generator: Launchpad (build Unknown)\n"
20
21
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
22
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
msgstr ""
24
25
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
msgid "Ubuntu Server Guide"
27
msgstr ""
28
29
#: serverguide/C/serverguide-C.omf:9(date)
30
msgid "2007-09-30"
31
msgstr ""
32
33
#: serverguide/C/windows-networking.xml:13(title)
34
msgid "Windows Networking"
35
msgstr "Nối mạng Windows"
36
37
#: serverguide/C/windows-networking.xml:15(para)
38
msgid ""
39
"Computer networks are often comprised of diverse systems, and while "
40
"operating a network made up entirely of Ubuntu desktop and server computers "
41
"would certainly be fun, some network environments must consist of both "
42
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
43
"class=\"registered\">Windows</trademark> systems working together in "
44
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
45
"principles and tools used in configuring your Ubuntu Server for sharing "
46
"network resources with Windows computers."
47
msgstr ""
48
"Các mạng máy tính thường bao gồm nhiều hệ thống khác nhau. Một mạng chỉ bao "
49
"gồm các máy để bàn và máy chủ chạy Ubuntu hoạt động rất hiệu quả. Tuy nhiên, "
50
"một số môi trường mạng buộc phải bao gồm cả các máy chạy Ubuntu lẫn "
51
"<trademark class=\"registered\">Microsoft</trademark><trademark "
52
"class=\"registered\">Windows</trademark> làm việc với nhau một cách hài hoà. "
53
"Phần Hướng dẫn Máy chủ <phrase>Ubuntu</phrase> này sẽ giới thiệu nguyên tắc "
54
"và công cụ sử dụng trong việc cấu hình máy chủ Ubuntu để chia sẻ tài nguyên "
55
"mạng với các máy khác sử dụng Windows trong mạng."
56
57
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
58
msgid "Introduction"
59
msgstr "Giới thiệu"
60
61
#: serverguide/C/windows-networking.xml:27(para)
62
msgid ""
63
"Successfully networking your Ubuntu system with Windows clients involves "
64
"providing and integrating with services common to Windows environments. Such "
65
"services assist the sharing of data and information about the computers and "
66
"users involved in the network, and may be classified under three major "
67
"categories of functionality:"
68
msgstr ""
69
"Kết nối máy chủ Ubuntu với các máy khách Windows liên quan đến việc cung cấp "
70
"và tích hợp các dịch vụ dùng chung với môi trường Windows. Các dịch vụ này "
71
"hỗ trợ việc chia sẻ dữ liệu và thông tin về máy tính cũng như người dùng "
72
"trong mạng, và có thể được chia theo chức năng thành 3 phần."
73
74
#: serverguide/C/windows-networking.xml:35(para)
75
msgid ""
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
79
msgstr ""
80
"<emphasis role=\"bold\">Dịch vụ chia sẻ Tệp tin và Máy in</emphasis>. Sử "
81
"dụng giao thức Server Message Block (SMB) để thực hiện việc chia sẻ tệp tin, "
82
"thư mục, ổ đĩa và máy in xuyên suốt mạng."
83
84
#: serverguide/C/windows-networking.xml:41(para)
85
msgid ""
86
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
87
"information about the computers and users of the network with such "
88
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
89
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
90
msgstr ""
91
"<emphasis role=\"bold\">Dịch vụ Thư mục</emphasis>. Chia sẻ các thông tin "
92
"thiết yếu về máy tính và người dùng trên mạng với công nghệ như Lightweight "
93
"Directory Access Protocol (LDAP) và Microsoft <trademark "
94
"class=\"registered\">Active Directory</trademark>."
95
96
#: serverguide/C/windows-networking.xml:48(para)
97
msgid ""
98
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
99
"the identity of a computer or user of the network and determining the "
100
"information the computer or user is authorized to access using such "
101
"principles and technologies as file permissions, group policies, and the "
102
"Kerberos authentication service."
103
msgstr ""
104
"<emphasis role=\"bold\">Chứng thực và Truy cập</emphasis>. Thiết lập định "
105
"danh của một máy tính hoặc người dùng trên mạng và quyết định thông tin mà "
106
"người dùng hoặc máy tính được phép truy cập, sử dụng các nguyên lý và công "
107
"nghệ như thẩm quyền tệp tin, chính sách nhóm, dịch vụ chứng thực Kerberos."
108
109
#: serverguide/C/windows-networking.xml:56(para)
110
msgid ""
111
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
112
"clients and share network resources among them. One of the principal pieces "
113
"of software your Ubuntu system includes for Windows networking is the Samba "
114
"suite of SMB server applications and tools."
115
msgstr ""
116
117
#: serverguide/C/windows-networking.xml:62(para)
118
msgid ""
119
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
120
"of the common Samba use cases, and how to install and configure the "
121
"necessary packages. Additional detailed documentation and information on "
122
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
123
"website</ulink>."
124
msgstr ""
125
126
#: serverguide/C/windows-networking.xml:70(title)
127
msgid "Samba File Server"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:72(para)
131
msgid ""
132
"One of the most common ways to network Ubuntu and Windows computers is to "
133
"configure Samba as a File Server. This section covers setting up a "
134
"<application>Samba</application> server to share files with Windows clients."
135
msgstr ""
136
137
#: serverguide/C/windows-networking.xml:77(para)
138
msgid ""
139
"The server will be configured to share files with any client on the network "
140
"without prompting for a password. If your environment requires stricter "
141
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
142
msgstr ""
143
144
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
145
msgid "Installation"
146
msgstr ""
147
148
#: serverguide/C/windows-networking.xml:85(para)
149
msgid ""
150
"The first step is to install the <application>samba</application> package. "
151
"From a terminal prompt enter:"
152
msgstr ""
153
154
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
155
msgid "sudo apt-get install samba"
156
msgstr ""
157
158
#: serverguide/C/windows-networking.xml:93(para)
159
msgid ""
160
"That's all there is to it; you are now ready to configure Samba to share "
161
"files."
162
msgstr ""
163
164
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
165
msgid "Configuration"
166
msgstr ""
167
168
#: serverguide/C/windows-networking.xml:101(para)
169
msgid ""
170
"The main Samba configuration file is located in "
171
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
172
"a significant amount of comments in order to document various configuration "
173
"directives."
174
msgstr ""
175
176
#: serverguide/C/windows-networking.xml:106(para)
177
msgid ""
178
"Not all the available options are included in the default configuration "
179
"file. See the <filename>smb.conf</filename><application>man</application> "
180
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
181
"Collection/\">Samba HOWTO Collection</ulink> for more details."
182
msgstr ""
183
184
#: serverguide/C/windows-networking.xml:116(para)
185
msgid ""
186
"First, edit the following key/value pairs in the "
187
"<emphasis>[global]</emphasis> section of "
188
"<filename>/etc/samba/smb.conf</filename>:"
189
msgstr ""
190
191
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
192
#, no-wrap
193
msgid ""
194
"\n"
195
" workgroup = EXAMPLE\n"
196
" ...\n"
197
" security = user\n"
198
msgstr ""
199
200
#: serverguide/C/windows-networking.xml:127(para)
201
msgid ""
202
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
203
"section, and is commented by default. Also, change "
204
"<emphasis>EXAMPLE</emphasis> to better match your environment."
205
msgstr ""
206
207
#: serverguide/C/windows-networking.xml:135(para)
208
msgid ""
209
"Create a new section at the bottom of the file, or uncomment one of the "
210
"examples, for the directory to be shared:"
211
msgstr ""
212
213
#: serverguide/C/windows-networking.xml:139(programlisting)
214
#, no-wrap
215
msgid ""
216
"\n"
217
"[share]\n"
218
" comment = Ubuntu File Server Share\n"
219
" path = /srv/samba/share\n"
220
" browsable = yes\n"
221
" guest ok = yes\n"
222
" read only = no\n"
223
" create mask = 0755\n"
224
msgstr ""
225
226
#: serverguide/C/windows-networking.xml:151(para)
227
msgid ""
228
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
229
"fit your needs."
230
msgstr ""
231
232
#: serverguide/C/windows-networking.xml:156(para)
233
msgid "<emphasis>path:</emphasis> the path to the directory to share."
234
msgstr ""
235
236
#: serverguide/C/windows-networking.xml:159(para)
237
msgid ""
238
"This example uses <filename>/srv/samba/sharename</filename> because, "
239
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
240
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
241
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
242
"specific data should be served. Technically Samba shares can be placed "
243
"anywhere on the filesystem as long as the permissions are correct, but "
244
"adhering to standards is recommended."
245
msgstr ""
246
247
#: serverguide/C/windows-networking.xml:168(para)
248
msgid ""
249
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
250
"directory using <application>Windows Explorer</application>."
251
msgstr ""
252
253
#: serverguide/C/windows-networking.xml:174(para)
254
msgid ""
255
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
256
"without supplying a password."
257
msgstr ""
258
259
#: serverguide/C/windows-networking.xml:179(para)
260
msgid ""
261
"<emphasis>read only:</emphasis> determines if the share is read only or if "
262
"write privileges are granted. Write privileges are allowed only when the "
263
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
264
"is <emphasis>yes</emphasis>, then access to the share is read only."
265
msgstr ""
266
267
#: serverguide/C/windows-networking.xml:184(para)
268
msgid ""
269
"<emphasis>create mask:</emphasis> determines the permissions new files will "
270
"have when created."
271
msgstr ""
272
273
#: serverguide/C/windows-networking.xml:193(para)
274
msgid ""
275
"Now that <application>Samba</application> is configured, the directory needs "
276
"to be created and the permissions changed. From a terminal enter:"
277
msgstr ""
278
279
#: serverguide/C/windows-networking.xml:199(command)
280
msgid "sudo mkdir -p /srv/samba/share"
281
msgstr ""
282
283
#: serverguide/C/windows-networking.xml:200(command)
284
msgid "sudo chown nobody.nogroup /srv/samba/share/"
285
msgstr ""
286
287
#: serverguide/C/windows-networking.xml:204(para)
288
msgid ""
289
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
290
"directory tree if it doesn't exist. Change the share name to fit your "
291
"environment."
292
msgstr ""
293
294
#: serverguide/C/windows-networking.xml:213(para)
295
msgid ""
296
"Finally, restart the <application>samba</application> services to enable the "
297
"new configuration:"
298
msgstr ""
299
300
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
301
msgid "sudo restart smbd"
302
msgstr ""
303
304
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
305
msgid "sudo restart nmbd"
306
msgstr ""
307
308
#: serverguide/C/windows-networking.xml:226(para)
309
msgid ""
310
"Once again, the above configuration gives all access to any client on the "
311
"local network. For a more secure configuration see <xref linkend=\"samba-"
312
"fileprint-security\"/>."
313
msgstr ""
314
315
#: serverguide/C/windows-networking.xml:232(para)
316
msgid ""
317
"From a Windows client you should now be able to browse to the Ubuntu file "
318
"server and see the shared directory. To check that everything is working try "
319
"creating a directory from Windows."
320
msgstr ""
321
322
#: serverguide/C/windows-networking.xml:237(para)
323
msgid ""
324
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
325
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
326
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
327
"share actually exists and the permissions are correct."
328
msgstr ""
329
330
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
331
msgid "Resources"
332
msgstr ""
333
334
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
335
msgid ""
336
"For in depth Samba configurations see the <ulink "
337
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
338
"Collection</ulink>"
339
msgstr ""
340
341
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
342
msgid ""
343
"The guide is also available in <ulink "
344
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
345
"format</ulink>."
346
msgstr ""
347
348
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
349
msgid ""
350
"O'Reilly's <ulink "
351
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
352
"another good reference."
353
msgstr ""
354
355
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
356
msgid ""
357
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
358
"</ulink> page."
359
msgstr ""
360
361
#: serverguide/C/windows-networking.xml:275(title)
362
msgid "Samba Print Server"
363
msgstr ""
364
365
#: serverguide/C/windows-networking.xml:277(para)
366
msgid ""
367
"Another common use of Samba is to configure it to share printers installed, "
368
"either locally or over the network, on an Ubuntu server. Similar to <xref "
369
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
370
"any client on the local network to use the installed printers without "
371
"prompting for a username and password."
372
msgstr ""
373
374
#: serverguide/C/windows-networking.xml:283(para)
375
msgid ""
376
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
377
"security\"/>."
378
msgstr ""
379
380
#: serverguide/C/windows-networking.xml:290(para)
381
msgid ""
382
"Before installing and configuring Samba it is best to already have a working "
383
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
384
"for details."
385
msgstr ""
386
387
#: serverguide/C/windows-networking.xml:295(para)
388
msgid ""
389
"To install the <application>samba</application> package, from a terminal "
390
"enter:"
391
msgstr ""
392
393
#: serverguide/C/windows-networking.xml:306(para)
394
msgid ""
395
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
396
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
397
"network, and change <emphasis>security</emphasis> to <emphasis "
398
"role=\"italic\">share</emphasis>:"
399
msgstr ""
400
401
#: serverguide/C/windows-networking.xml:318(para)
402
msgid ""
403
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
404
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
405
msgstr ""
406
407
#: serverguide/C/windows-networking.xml:322(programlisting)
408
#, no-wrap
409
msgid ""
410
"\n"
411
" browsable = yes\n"
412
" guest ok = yes\n"
413
msgstr ""
414
415
#: serverguide/C/windows-networking.xml:327(para)
416
msgid "After editing <filename>smb.conf</filename> restart Samba:"
417
msgstr ""
418
419
#: serverguide/C/windows-networking.xml:336(para)
420
msgid ""
421
"The default Samba configuration will automatically share any printers "
422
"installed. Simply install the printer locally on your Windows clients."
423
msgstr ""
424
425
#: serverguide/C/windows-networking.xml:365(para)
426
msgid ""
427
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
428
"more information on configuring CUPS."
429
msgstr ""
430
431
#: serverguide/C/windows-networking.xml:379(title)
432
msgid "Securing a Samba File and Print Server"
433
msgstr ""
434
435
#: serverguide/C/windows-networking.xml:382(title)
436
msgid "Samba Security Modes"
437
msgstr ""
438
439
#: serverguide/C/windows-networking.xml:384(para)
440
msgid ""
441
"There are two security levels available to the Common Internet Filesystem "
442
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
443
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
444
"allows more flexibility, providing four ways of implementing user-level "
445
"security and one way to implement share-level:"
446
msgstr ""
447
448
#: serverguide/C/windows-networking.xml:393(para)
449
msgid ""
450
"<emphasis>security = user:</emphasis> requires clients to supply a username "
451
"and password to connect to shares. Samba user accounts are separate from "
452
"system accounts, but the <application>libpam-smbpass</application> package "
453
"will sync system users and passwords with the Samba user database."
454
msgstr ""
455
456
#: serverguide/C/windows-networking.xml:400(para)
457
msgid ""
458
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
459
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
460
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
461
"linkend=\"samba-dc\"/> for further information."
462
msgstr ""
463
464
#: serverguide/C/windows-networking.xml:407(para)
465
msgid ""
466
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
467
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
468
"integration\"/> for details."
469
msgstr ""
470
471
#: serverguide/C/windows-networking.xml:413(para)
472
msgid ""
473
"<emphasis>security = server:</emphasis> this mode is left over from before "
474
"Samba could become a member server, and due to some security issues should "
475
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
476
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
477
"of the Samba guide for more details."
478
msgstr ""
479
480
#: serverguide/C/windows-networking.xml:421(para)
481
msgid ""
482
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
483
"without supplying a username and password."
484
msgstr ""
485
486
#: serverguide/C/windows-networking.xml:428(para)
487
msgid ""
488
"The security mode you choose will depend on your environment and what you "
489
"need the Samba server to accomplish."
490
msgstr ""
491
492
#: serverguide/C/windows-networking.xml:434(title)
493
msgid "Security = User"
494
msgstr ""
495
496
#: serverguide/C/windows-networking.xml:436(para)
497
msgid ""
498
"This section will reconfigure the Samba file and print server, from <xref "
499
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
500
"require authentication."
501
msgstr ""
502
503
#: serverguide/C/windows-networking.xml:441(para)
504
msgid ""
505
"First, install the <application>libpam-smbpass</application> package which "
506
"will sync the system users to the Samba user database:"
507
msgstr ""
508
509
#: serverguide/C/windows-networking.xml:447(command)
510
msgid "sudo apt-get install libpam-smbpass"
511
msgstr ""
512
513
#: serverguide/C/windows-networking.xml:451(para)
514
msgid ""
515
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
516
"<application>libpam-smbpass</application> is already installed."
517
msgstr ""
518
519
#: serverguide/C/windows-networking.xml:457(para)
520
msgid ""
521
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
522
"<emphasis>[share]</emphasis> section change:"
523
msgstr ""
524
525
#: serverguide/C/windows-networking.xml:461(programlisting)
526
#, no-wrap
527
msgid ""
528
"\n"
529
" guest ok = no\n"
530
msgstr ""
531
532
#: serverguide/C/windows-networking.xml:465(para)
533
msgid "Finally, restart Samba for the new settings to take effect:"
534
msgstr ""
535
536
#: serverguide/C/windows-networking.xml:474(para)
537
msgid ""
538
"Now when connecting to the shared directories or printers you should be "
539
"prompted for a username and password."
540
msgstr ""
541
542
#: serverguide/C/windows-networking.xml:479(para)
543
msgid ""
544
"If you choose to map a network drive to the share you can check the "
545
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
546
"enter the username and password once, at least until the password changes."
547
msgstr ""
548
549
#: serverguide/C/windows-networking.xml:487(title)
550
msgid "Share Security"
551
msgstr ""
552
553
#: serverguide/C/windows-networking.xml:489(para)
554
msgid ""
555
"There are several options available to increase the security for each "
556
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
557
"this section will cover some common options."
558
msgstr ""
559
560
#: serverguide/C/windows-networking.xml:495(title)
561
msgid "Groups"
562
msgstr ""
563
564
#: serverguide/C/windows-networking.xml:497(para)
565
msgid ""
566
"Groups define a collection of computers or users which have a common level "
567
"of access to particular network resources and offer a level of granularity "
568
"in controlling access to such resources. For example, if a group <emphasis "
569
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
570
"role=\"italic\">freda</emphasis>, <emphasis "
571
"role=\"italic\">danika</emphasis>, and <emphasis "
572
"role=\"italic\">rob</emphasis> and a second group <emphasis "
573
"role=\"italic\">support</emphasis> is defined and consists of users "
574
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
575
"role=\"italic\">jeremy</emphasis>, and <emphasis "
576
"role=\"italic\">vincent</emphasis> then certain network resources configured "
577
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
578
"subsequently enable access by freda, danika, and rob, but not jeremy or "
579
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
580
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
581
"role=\"italic\">support</emphasis> groups, she will be able to access "
582
"resources configured for access by both groups, whereas all other users will "
583
"have only access to resources explicitly allowing the group they are part of."
584
msgstr ""
585
586
#: serverguide/C/windows-networking.xml:511(para)
587
msgid ""
588
"By default Samba looks for the local system groups defined in "
589
"<filename>/etc/group</filename> to determine which users belong to which "
590
"groups. For more information on adding and removing users from groups see "
591
"<xref linkend=\"adding-deleting-users\"/>."
592
msgstr ""
593
594
#: serverguide/C/windows-networking.xml:517(para)
595
msgid ""
596
"When defining groups in the Samba configuration file, "
597
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
598
"preface the group name with an \"@\" symbol. For example, if you wished to "
599
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
600
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
601
"do so by entering the group name as <emphasis "
602
"role=\"bold\">@sysadmin</emphasis>."
603
msgstr ""
604
605
#: serverguide/C/windows-networking.xml:526(title)
606
msgid "File Permissions"
607
msgstr ""
608
609
#: serverguide/C/windows-networking.xml:528(para)
610
msgid ""
611
"File Permissions define the explicit rights a computer or user has to a "
612
"particular directory, file, or set of files. Such permissions may be defined "
613
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
614
"the explicit permissions of a defined file share."
615
msgstr ""
616
617
#: serverguide/C/windows-networking.xml:534(para)
618
msgid ""
619
"For example, if you have defined a Samba share called "
620
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
621
"only</emphasis> permissions to the group of users known as <emphasis "
622
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
623
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
624
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
625
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
626
"under the <emphasis>[share]</emphasis> entry:"
627
msgstr ""
628
629
#: serverguide/C/windows-networking.xml:543(programlisting)
630
#, no-wrap
631
msgid ""
632
"\n"
633
" read list = @qa\n"
634
" write list = @sysadmin, vincent\n"
635
msgstr ""
636
637
#: serverguide/C/windows-networking.xml:548(para)
638
msgid ""
639
"Another possible Samba permission is to declare "
640
"<emphasis>administrative</emphasis> permissions to a particular shared "
641
"resource. Users having administrative permissions may read, write, or modify "
642
"any information contained in the resource the user has been given explicit "
643
"administrative permissions to."
644
msgstr ""
645
646
#: serverguide/C/windows-networking.xml:554(para)
647
msgid ""
648
"For example, if you wanted to give the user <emphasis "
649
"role=\"italic\">melissa</emphasis> administrative permissions to the "
650
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
651
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
652
"under the <emphasis>[share]</emphasis> entry:"
653
msgstr ""
654
655
#: serverguide/C/windows-networking.xml:561(programlisting)
656
#, no-wrap
657
msgid ""
658
"\n"
659
" admin users = melissa\n"
660
msgstr ""
661
662
#: serverguide/C/windows-networking.xml:565(para)
663
msgid ""
664
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
665
"the changes to take effect:"
666
msgstr ""
667
668
#: serverguide/C/windows-networking.xml:575(para)
669
msgid ""
670
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
671
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
672
"<emphasis role=\"italic\">security = share</emphasis>"
673
msgstr ""
674
675
#: serverguide/C/windows-networking.xml:581(para)
676
msgid ""
677
"Now that Samba has been configured to limit which groups have access to the "
678
"shared directory, the filesystem permissions need to be updated."
679
msgstr ""
680
681
#: serverguide/C/windows-networking.xml:586(para)
682
msgid ""
683
"Traditional Linux file permissions do not map well to Windows NT Access "
684
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
685
"providing more fine grained control. For example, to enable ACLs on "
686
"<filename>/srv</filename> an EXT3 filesystem, edit "
687
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
688
msgstr ""
689
690
#: serverguide/C/windows-networking.xml:593(programlisting)
691
#, no-wrap
692
msgid ""
693
"\n"
694
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
695
"0 1\n"
696
msgstr ""
697
698
#: serverguide/C/windows-networking.xml:597(para)
699
msgid "Then remount the partition:"
700
msgstr ""
701
702
#: serverguide/C/windows-networking.xml:602(command)
703
msgid "sudo mount -v -o remount /srv"
704
msgstr ""
705
706
#: serverguide/C/windows-networking.xml:606(para)
707
msgid ""
708
"The above example assumes <filename>/srv</filename> on a separate partition. "
709
"If <filename>/srv</filename>, or wherever you have configured your share "
710
"path, is part of the <filename>/</filename> partition a reboot may be "
711
"required."
712
msgstr ""
713
714
#: serverguide/C/windows-networking.xml:613(para)
715
msgid ""
716
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
717
"group will be given read, write, and execute permissions to "
718
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
719
"will be given read and execute permissions, and the files will be owned by "
720
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
721
msgstr ""
722
723
#: serverguide/C/windows-networking.xml:621(command)
724
msgid "sudo chown -R melissa /srv/samba/share/"
725
msgstr ""
726
727
#: serverguide/C/windows-networking.xml:622(command)
728
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
729
msgstr ""
730
731
#: serverguide/C/windows-networking.xml:623(command)
732
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
733
msgstr ""
734
735
#: serverguide/C/windows-networking.xml:627(para)
736
msgid ""
737
"The <application>setfacl</application> command above gives "
738
"<emphasis>execute</emphasis> permissions to all files in the "
739
"<filename>/srv/samba/share</filename> directory, which you may or may not "
740
"want."
741
msgstr ""
742
743
#: serverguide/C/windows-networking.xml:633(para)
744
msgid ""
745
"Now from a Windows client you should notice the new file permissions are "
746
"implemented. See the <application>acl</application> and "
747
"<application>setfacl</application> man pages for more information on POSIX "
748
"ACLs."
749
msgstr ""
750
751
#: serverguide/C/windows-networking.xml:641(title)
752
msgid "Samba AppArmor Profile"
753
msgstr ""
754
755
#: serverguide/C/windows-networking.xml:643(para)
756
msgid ""
757
"Ubuntu comes with the <application>AppArmor</application> security module, "
758
"which provides mandatory access controls. The default AppArmor profile for "
759
"Samba will need to be adapted to your configuration. For more details on "
760
"using AppArmor see <xref linkend=\"apparmor\"/>."
761
msgstr ""
762
763
#: serverguide/C/windows-networking.xml:649(para)
764
msgid ""
765
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
766
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
767
"of the <application>apparmor-profiles</application> packages. To install the "
768
"package, from a terminal prompt enter:"
769
msgstr ""
770
771
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
772
msgid "sudo apt-get install apparmor-profiles"
773
msgstr ""
774
775
#: serverguide/C/windows-networking.xml:660(para)
776
msgid "This package contains profiles for several other binaries."
777
msgstr ""
778
779
#: serverguide/C/windows-networking.xml:665(para)
780
msgid ""
781
"By default the profiles for <application>smbd</application> and "
782
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
783
"allowing Samba to work without modifying the profile, and only logging "
784
"errors. To place the <application>smbd</application> profile into "
785
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
786
"profile will need to be modified to reflect any directories that are shared."
787
msgstr ""
788
789
#: serverguide/C/windows-networking.xml:672(para)
790
msgid ""
791
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
792
"for <emphasis>[share]</emphasis> from the file server example:"
793
msgstr ""
794
795
#: serverguide/C/windows-networking.xml:677(programlisting)
796
#, no-wrap
797
msgid ""
798
"\n"
799
" /srv/samba/share/ r,\n"
800
" /srv/samba/share/** rwkix,\n"
801
msgstr ""
802
803
#: serverguide/C/windows-networking.xml:682(para)
804
msgid ""
805
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
806
msgstr ""
807
808
#: serverguide/C/windows-networking.xml:687(command)
809
msgid "sudo aa-enforce /usr/sbin/smbd"
810
msgstr ""
811
812
#: serverguide/C/windows-networking.xml:688(command)
813
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
814
msgstr ""
815
816
#: serverguide/C/windows-networking.xml:691(para)
817
msgid ""
818
"You should now be able to read, write, and execute files in the shared "
819
"directory as normal, and the <application>smbd</application> binary will "
820
"have access to only the configured files and directories. Be sure to add "
821
"entries for each directory you configure Samba to share. Also, any errors "
822
"will be logged to <filename>/var/log/syslog</filename>."
823
msgstr ""
824
825
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
826
msgid ""
827
"O'Reilly's <ulink "
828
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
829
"also a good reference."
830
msgstr ""
831
832
#: serverguide/C/windows-networking.xml:722(para)
833
msgid ""
834
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
835
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
836
"security."
837
msgstr ""
838
839
#: serverguide/C/windows-networking.xml:728(para)
840
msgid ""
841
"For more information on Samba and ACLs see the <ulink "
842
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
843
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
844
msgstr ""
845
846
#: serverguide/C/windows-networking.xml:744(title)
847
msgid "Samba as a Domain Controller"
848
msgstr ""
849
850
#: serverguide/C/windows-networking.xml:746(para)
851
msgid ""
852
"Although it cannot act as an Active Directory Primary Domain Controller "
853
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
854
"domain controller. A major advantage of this configuration is the ability to "
855
"centralize user and machine credentials. Samba can also use multiple "
856
"backends to store the user information."
857
msgstr ""
858
859
#: serverguide/C/windows-networking.xml:753(title)
860
msgid "Primary Domain Controller"
861
msgstr ""
862
863
#: serverguide/C/windows-networking.xml:755(para)
864
msgid ""
865
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
866
"using the default smbpasswd backend."
867
msgstr ""
868
869
#: serverguide/C/windows-networking.xml:762(para)
870
msgid ""
871
"First, install Samba, and <application>libpam-smbpass</application> to sync "
872
"the user accounts, by entering the following in a terminal prompt:"
873
msgstr ""
874
875
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
876
msgid "sudo apt-get install samba libpam-smbpass"
877
msgstr ""
878
879
#: serverguide/C/windows-networking.xml:774(para)
880
msgid ""
881
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
882
"The <emphasis>security</emphasis> mode should be set to <emphasis "
883
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
884
"should relate to your organization:"
885
msgstr ""
886
887
#: serverguide/C/windows-networking.xml:789(para)
888
msgid ""
889
"In the commented <quote>Domains</quote> section add or uncomment the "
890
"following:"
891
msgstr ""
892
893
#: serverguide/C/windows-networking.xml:793(programlisting)
894
#, no-wrap
895
msgid ""
896
"\n"
897
" domain logons = yes\n"
898
" logon path = \\\\%N\\%U\\profile\n"
899
" logon drive = H:\n"
900
" logon home = \\\\%N\\%U\n"
901
" logon script = logon.cmd\n"
902
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
903
"/var/lib/samba -s /bin/false %u\n"
904
msgstr ""
905
906
#: serverguide/C/windows-networking.xml:804(para)
907
msgid ""
908
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
909
"Samba to act as a domain controller."
910
msgstr ""
911
912
#: serverguide/C/windows-networking.xml:809(para)
913
msgid ""
914
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
915
"their home directory. It is also possible to configure a "
916
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
917
"directory."
918
msgstr ""
919
920
#: serverguide/C/windows-networking.xml:815(para)
921
msgid ""
922
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
923
msgstr ""
924
925
#: serverguide/C/windows-networking.xml:820(para)
926
msgid ""
927
"<emphasis>logon home:</emphasis> specifies the home directory location."
928
msgstr ""
929
930
#: serverguide/C/windows-networking.xml:825(para)
931
msgid ""
932
"<emphasis>logon script:</emphasis> determines the script to be run locally "
933
"once a user has logged in. The script needs to be placed in the "
934
"<emphasis>[netlogon]</emphasis> share."
935
msgstr ""
936
937
#: serverguide/C/windows-networking.xml:831(para)
938
msgid ""
939
"<emphasis>add machine script:</emphasis> a script that will automatically "
940
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
941
"workstation to join the domain."
942
msgstr ""
943
944
#: serverguide/C/windows-networking.xml:835(para)
945
msgid ""
946
"In this example the <emphasis>machines</emphasis> group will need to be "
947
"created using the <application>addgroup</application> utility see <xref "
948
"linkend=\"adding-deleting-users\"/> for details."
949
msgstr ""
950
951
#: serverguide/C/windows-networking.xml:839(para)
952
msgid ""
953
"Also, rights need to be explicitly provided to the <emphasis>Domain "
954
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
955
"(and other admin functions) to work. This is achieved by executing:"
956
msgstr ""
957
958
#: serverguide/C/windows-networking.xml:844(command)
959
msgid ""
960
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
961
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
962
"SeRemoteShutdownPrivilege"
963
msgstr ""
964
965
#: serverguide/C/windows-networking.xml:851(para)
966
msgid ""
967
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
968
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
969
"commented."
970
msgstr ""
971
972
#: serverguide/C/windows-networking.xml:860(para)
973
msgid ""
974
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
975
"role=\"italic\">logon home</emphasis> to be mapped:"
976
msgstr ""
977
978
#: serverguide/C/windows-networking.xml:865(programlisting)
979
#, no-wrap
980
msgid ""
981
"\n"
982
"[homes]\n"
983
" comment = Home Directories\n"
984
" browseable = no\n"
985
" read only = no\n"
986
" create mask = 0700\n"
987
" directory mask = 0700\n"
988
" valid users = %S\n"
989
msgstr ""
990
991
#: serverguide/C/windows-networking.xml:878(para)
992
msgid ""
993
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
994
"share needs to be configured. To enable the share, uncomment:"
995
msgstr ""
996
997
#: serverguide/C/windows-networking.xml:883(programlisting)
998
#, no-wrap
999
msgid ""
1000
"\n"
1001
"[netlogon]\n"
1002
" comment = Network Logon Service\n"
1003
" path = /srv/samba/netlogon\n"
1004
" guest ok = yes\n"
1005
" read only = yes\n"
1006
" share modes = no\n"
1007
msgstr ""
1008
1009
#: serverguide/C/windows-networking.xml:893(para)
1010
msgid ""
1011
"The original <emphasis>netlogon</emphasis> share path is "
1012
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1013
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1014
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1015
"location for site-specific data provided by the system."
1016
msgstr ""
1017
1018
#: serverguide/C/windows-networking.xml:904(para)
1019
msgid ""
1020
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1021
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1022
msgstr ""
1023
1024
#: serverguide/C/windows-networking.xml:910(command)
1025
msgid "sudo mkdir -p /srv/samba/netlogon"
1026
msgstr ""
1027
1028
#: serverguide/C/windows-networking.xml:911(command)
1029
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1030
msgstr ""
1031
1032
#: serverguide/C/windows-networking.xml:914(para)
1033
msgid ""
1034
"You can enter any normal Windows logon script commands in "
1035
"<filename>logon.cmd</filename> to customize the client's environment."
1036
msgstr ""
1037
1038
#: serverguide/C/windows-networking.xml:922(para)
1039
msgid ""
1040
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1041
"workstation to the domain, a system group needs to be mapped to the Windows "
1042
"<emphasis>Domain Admins</emphasis> group. Using the "
1043
"<application>net</application> utility, from a terminal enter:"
1044
msgstr ""
1045
1046
#: serverguide/C/windows-networking.xml:929(command)
1047
msgid ""
1048
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1049
"type=d"
1050
msgstr ""
1051
1052
#: serverguide/C/windows-networking.xml:933(para)
1053
msgid ""
1054
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1055
"prefer. Also, the user used to join the domain needs to be a member of the "
1056
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1057
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1058
"allows <application>sudo</application> use."
1059
msgstr ""
1060
1061
#: serverguide/C/windows-networking.xml:944(para)
1062
msgid "Finally, restart Samba to enable the new domain controller:"
1063
msgstr ""
1064
1065
#: serverguide/C/windows-networking.xml:956(para)
1066
msgid ""
1067
"You should now be able to join Windows clients to the Domain in the same "
1068
"manner as joining them to an NT4 domain running on a Windows server."
1069
msgstr ""
1070
1071
#: serverguide/C/windows-networking.xml:966(title)
1072
msgid "Backup Domain Controller"
1073
msgstr ""
1074
1075
#: serverguide/C/windows-networking.xml:968(para)
1076
msgid ""
1077
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1078
"Backup Domain Controller (BDC) as well. This will allow clients to "
1079
"authenticate in case the PDC becomes unavailable."
1080
msgstr ""
1081
1082
#: serverguide/C/windows-networking.xml:973(para)
1083
msgid ""
1084
"When configuring Samba as a BDC you need a way to sync account information "
1085
"with the PDC. There are multiple ways of accomplishing this "
1086
"<application>scp</application>, <application>rsync</application>, or by "
1087
"using <application>LDAP</application> as the <emphasis>passdb "
1088
"backend</emphasis>."
1089
msgstr ""
1090
1091
#: serverguide/C/windows-networking.xml:979(para)
1092
msgid ""
1093
"Using LDAP is the most robust way to sync account information, because both "
1094
"domain controllers can use the same information in real time. However, "
1095
"setting up a LDAP server may be overly complicated for a small number of "
1096
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1097
msgstr ""
1098
1099
#: serverguide/C/windows-networking.xml:988(para)
1100
msgid ""
1101
"First, install <application>samba</application> and <application>libpam-"
1102
"smbpass</application>. From a terminal enter:"
1103
msgstr ""
1104
1105
#: serverguide/C/windows-networking.xml:999(para)
1106
msgid ""
1107
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1108
"following in the <emphasis>[global]</emphasis>:"
1109
msgstr ""
1110
1111
#: serverguide/C/windows-networking.xml:1012(para)
1112
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1113
msgstr ""
1114
1115
#: serverguide/C/windows-networking.xml:1016(programlisting)
1116
#, no-wrap
1117
msgid ""
1118
"\n"
1119
" domain logons = yes\n"
1120
" domain master = no\n"
1121
msgstr ""
1122
1123
#: serverguide/C/windows-networking.xml:1024(para)
1124
msgid ""
1125
"Make sure a user has rights to read the files in "
1126
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1127
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1128
"files, enter:"
1129
msgstr ""
1130
1131
#: serverguide/C/windows-networking.xml:1030(command)
1132
msgid "sudo chgrp -R admin /var/lib/samba"
1133
msgstr ""
1134
1135
#: serverguide/C/windows-networking.xml:1036(para)
1136
msgid ""
1137
"Next, sync the user accounts, using <application>scp</application> to copy "
1138
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1139
msgstr ""
1140
1141
#: serverguide/C/windows-networking.xml:1042(command)
1142
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1143
msgstr ""
1144
1145
#: serverguide/C/windows-networking.xml:1046(para)
1146
msgid ""
1147
"Replace <emphasis>username</emphasis> with a valid username and "
1148
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1149
msgstr ""
1150
1151
#: serverguide/C/windows-networking.xml:1055(para)
1152
msgid "Finally, restart <application>samba</application>:"
1153
msgstr ""
1154
1155
#: serverguide/C/windows-networking.xml:1067(para)
1156
msgid ""
1157
"You can test that your Backup Domain controller is working by stopping the "
1158
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1159
"the domain."
1160
msgstr ""
1161
1162
#: serverguide/C/windows-networking.xml:1072(para)
1163
msgid ""
1164
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1165
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1166
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1167
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1168
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1169
msgstr ""
1170
1171
#: serverguide/C/windows-networking.xml:1102(para)
1172
msgid ""
1173
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1174
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1175
"up a Primary Domain Controller."
1176
msgstr ""
1177
1178
#: serverguide/C/windows-networking.xml:1108(para)
1179
msgid ""
1180
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1181
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1182
"explains setting up a Backup Domain Controller."
1183
msgstr ""
1184
1185
#: serverguide/C/windows-networking.xml:1123(title)
1186
msgid "Samba Active Directory Integration"
1187
msgstr ""
1188
1189
#: serverguide/C/windows-networking.xml:1126(title)
1190
msgid "Accessing a Samba Share"
1191
msgstr ""
1192
1193
#: serverguide/C/windows-networking.xml:1128(para)
1194
msgid ""
1195
"Another, use for Samba is to integrate into an existing Windows network. "
1196
"Once part of an Active Directory domain, Samba can provide file and print "
1197
"services to AD users."
1198
msgstr ""
1199
1200
#: serverguide/C/windows-networking.xml:1133(para)
1201
msgid ""
1202
"The simplest way to join an AD domain is to use <application>Likewise-"
1203
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1204
"open\"/>."
1205
msgstr ""
1206
1207
#: serverguide/C/windows-networking.xml:1138(para)
1208
msgid ""
1209
"Once part of the domain, enter the following command in the terminal prompt:"
1210
msgstr ""
1211
1212
#: serverguide/C/windows-networking.xml:1143(command)
1213
msgid "sudo apt-get install samba smbfs smbclient"
1214
msgstr ""
1215
1216
#: serverguide/C/windows-networking.xml:1146(para)
1217
msgid ""
1218
"Since the <application>likewise-open</application> and "
1219
"<application>samba</application> packages use separate "
1220
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1221
"<filename role=\"directory\">/var/lib/samba</filename>:"
1222
msgstr ""
1223
1224
#: serverguide/C/windows-networking.xml:1152(command)
1225
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1226
msgstr ""
1227
1228
#: serverguide/C/windows-networking.xml:1153(command)
1229
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1230
msgstr ""
1231
1232
#: serverguide/C/windows-networking.xml:1156(para)
1233
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1234
msgstr ""
1235
1236
#: serverguide/C/windows-networking.xml:1160(programlisting)
1237
#, no-wrap
1238
msgid ""
1239
"\n"
1240
" workgroup = EXAMPLE\n"
1241
" ...\n"
1242
" security = ads\n"
1243
" realm = EXAMPLE.COM\n"
1244
" ...\n"
1245
" idmap backend = lwopen\n"
1246
" idmap uid = 50-9999999999\n"
1247
" idmap gid = 50-9999999999\n"
1248
msgstr ""
1249
1250
#: serverguide/C/windows-networking.xml:1171(para)
1251
msgid ""
1252
"Restart <application>samba</application> for the new settings to take effect:"
1253
msgstr ""
1254
1255
#: serverguide/C/windows-networking.xml:1180(para)
1256
msgid ""
1257
"You should now be able to access any <application>Samba</application> shares "
1258
"from a Windows client. However, be sure to give the appropriate AD users or "
1259
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1260
"security\"/> for more details."
1261
msgstr ""
1262
1263
#: serverguide/C/windows-networking.xml:1188(title)
1264
msgid "Accessing a Windows Share"
1265
msgstr ""
1266
1267
#: serverguide/C/windows-networking.xml:1190(para)
1268
msgid ""
1269
"Now that the Samba server is part of the Active Directory domain you can "
1270
"access any Windows server shares:"
1271
msgstr ""
1272
1273
#: serverguide/C/windows-networking.xml:1197(para)
1274
msgid ""
1275
"To mount a Windows file share enter the following in a terminal prompt:"
1276
msgstr ""
1277
1278
#: serverguide/C/windows-networking.xml:1201(command)
1279
msgid "mount.cifs //fs01.example.com/share mount_point"
1280
msgstr ""
1281
1282
#: serverguide/C/windows-networking.xml:1204(para)
1283
msgid ""
1284
"It is also possible to access shares on computers not part of an AD domain, "
1285
"but a username and password will need to be provided."
1286
msgstr ""
1287
1288
#: serverguide/C/windows-networking.xml:1212(para)
1289
msgid ""
1290
"To mount the share during boot place an entry in "
1291
"<filename>/etc/fstab</filename>, for example:"
1292
msgstr ""
1293
1294
#: serverguide/C/windows-networking.xml:1216(programlisting)
1295
#, no-wrap
1296
msgid ""
1297
"\n"
1298
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1299
"0 0\n"
1300
msgstr ""
1301
1302
#: serverguide/C/windows-networking.xml:1223(para)
1303
msgid ""
1304
"Another way to copy files from a Windows server is to use the "
1305
"<application>smbclient</application> utility. To list the files in a Windows "
1306
"share:"
1307
msgstr ""
1308
1309
#: serverguide/C/windows-networking.xml:1229(command)
1310
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1311
msgstr ""
1312
1313
#: serverguide/C/windows-networking.xml:1235(para)
1314
msgid "To copy a file from the share, enter:"
1315
msgstr ""
1316
1317
#: serverguide/C/windows-networking.xml:1240(command)
1318
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1319
msgstr ""
1320
1321
#: serverguide/C/windows-networking.xml:1243(para)
1322
msgid ""
1323
"This will copy the <filename>file.txt</filename> into the current directory."
1324
msgstr ""
1325
1326
#: serverguide/C/windows-networking.xml:1250(para)
1327
msgid "And to copy a file to the share:"
1328
msgstr ""
1329
1330
#: serverguide/C/windows-networking.xml:1255(command)
1331
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1332
msgstr ""
1333
1334
#: serverguide/C/windows-networking.xml:1258(para)
1335
msgid ""
1336
"This will copy the <filename>/etc/hosts</filename> to "
1337
"<filename>//fs01.example.com/share/hosts</filename>."
1338
msgstr ""
1339
1340
#: serverguide/C/windows-networking.xml:1265(para)
1341
msgid ""
1342
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1343
"<application>smbclient</application> command all at once. This is useful for "
1344
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1345
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1346
"and directory commands, simply execute:"
1347
msgstr ""
1348
1349
#: serverguide/C/windows-networking.xml:1272(command)
1350
msgid "smbclient //fs01.example.com/share -k"
1351
msgstr ""
1352
1353
#: serverguide/C/windows-networking.xml:1279(para)
1354
msgid ""
1355
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1356
"<emphasis>//192.168.0.5/share</emphasis>, "
1357
"<emphasis>username=steve,password=secret</emphasis>, and "
1358
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1359
"file name, and an actual username and password with rights to the share."
1360
msgstr ""
1361
1362
#: serverguide/C/windows-networking.xml:1290(para)
1363
msgid ""
1364
"For more <application>smbclient</application> options see the man page: "
1365
"<command>man smbclient</command>, also available <ulink "
1366
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1367
">online</ulink>."
1368
msgstr ""
1369
1370
#: serverguide/C/windows-networking.xml:1295(para)
1371
msgid ""
1372
"The <application>mount.cifs</application><ulink "
1373
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1374
"\">man page</ulink> is also useful for more detailed information."
1375
msgstr ""
1376
1377
#: serverguide/C/windows-networking.xml:1308(title)
1378
msgid "Likewise Open"
1379
msgstr ""
1380
1381
#: serverguide/C/windows-networking.xml:1310(para)
1382
msgid ""
1383
"<application>Likewise Open</application> simplifies the necessary "
1384
"configuration needed to authenticate a Linux machine to an Active Directory "
1385
"domain. Based on <application>winbind</application>, the "
1386
"<application>likewise-open</application> package takes the pain out of "
1387
"integrating Ubuntu authentication into an existing Windows network."
1388
msgstr ""
1389
1390
#: serverguide/C/windows-networking.xml:1319(para)
1391
msgid ""
1392
"There are two ways to use Likewise Open, <application>likewise-"
1393
"open</application> the command line utility and <application>likewise-open-"
1394
"gui</application>. This section focuses on the command line utility."
1395
msgstr ""
1396
1397
#: serverguide/C/windows-networking.xml:1324(para)
1398
msgid ""
1399
"To install the <application>likewise-open</application> package, open a "
1400
"terminal prompt and enter:"
1401
msgstr ""
1402
1403
#: serverguide/C/windows-networking.xml:1329(command)
1404
msgid "sudo apt-get install likewise-open"
1405
msgstr ""
1406
1407
#: serverguide/C/windows-networking.xml:1334(title)
1408
msgid "Joining a Domain"
1409
msgstr ""
1410
1411
#: serverguide/C/windows-networking.xml:1336(para)
1412
msgid ""
1413
"The main executable file of the <application>likewise-open</application> "
1414
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1415
"join your computer to the domain. Before you join a domain you will need to "
1416
"make sure you have:"
1417
msgstr ""
1418
1419
#: serverguide/C/windows-networking.xml:1344(para)
1420
msgid ""
1421
"Access to an Active Directory user with appropriate rights to join the "
1422
"domain."
1423
msgstr ""
1424
1425
#: serverguide/C/windows-networking.xml:1349(para)
1426
msgid ""
1427
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1428
"you want to join. If your AD domain does not match a valid domain such as "
1429
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1430
"the form of <emphasis>domainname.local</emphasis>."
1431
msgstr ""
1432
1433
#: serverguide/C/windows-networking.xml:1356(para)
1434
msgid ""
1435
"DNS for the domain setup properly. In a production AD environment this "
1436
"should be the case. Proper Microsoft DNS is needed so that client "
1437
"workstations can determine the Active Directory domain is available."
1438
msgstr ""
1439
1440
#: serverguide/C/windows-networking.xml:1360(para)
1441
msgid ""
1442
"If you don't have a Windows DNS server on your network, see <xref "
1443
"linkend=\"likewise-open-ms-dns\"/> for details."
1444
msgstr ""
1445
1446
#: serverguide/C/windows-networking.xml:1367(para)
1447
msgid "To join a domain, from a terminal prompt enter:"
1448
msgstr ""
1449
1450
#: serverguide/C/windows-networking.xml:1372(command)
1451
msgid "sudo domainjoin-cli join example.com Administrator"
1452
msgstr ""
1453
1454
#: serverguide/C/windows-networking.xml:1376(para)
1455
msgid ""
1456
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1457
"<emphasis>Administrator</emphasis> with the appropriate user name."
1458
msgstr ""
1459
1460
#: serverguide/C/windows-networking.xml:1382(para)
1461
msgid ""
1462
"You will then be prompted for the user's password. If all goes well a "
1463
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1464
msgstr ""
1465
1466
#: serverguide/C/windows-networking.xml:1388(para)
1467
msgid ""
1468
"After joining the domain, it is necessary to reboot before attempting to "
1469
"authenticate against the domain."
1470
msgstr ""
1471
1472
#: serverguide/C/windows-networking.xml:1394(para)
1473
msgid ""
1474
"After successfully joining an Ubuntu machine to an Active Directory domain "
1475
"you can authenticate using any valid AD user. To login you will need to "
1476
"enter the user name as 'domain\\username'. For example to ssh to a server "
1477
"joined to the domain enter:"
1478
msgstr ""
1479
1480
#: serverguide/C/windows-networking.xml:1401(command)
1481
msgid "ssh 'example\\steve'@hostname"
1482
msgstr ""
1483
1484
#: serverguide/C/windows-networking.xml:1405(para)
1485
msgid ""
1486
"If configuring a Desktop the user name will need to be prefixed with "
1487
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1488
msgstr ""
1489
1490
#: serverguide/C/windows-networking.xml:1411(para)
1491
msgid ""
1492
"To make likewise-open use a default domain, you can add the following "
1493
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1494
msgstr ""
1495
1496
#: serverguide/C/windows-networking.xml:1415(programlisting)
1497
#, no-wrap
1498
msgid ""
1499
"\n"
1500
"winbind use default domain = yes\n"
1501
msgstr ""
1502
1503
#: serverguide/C/windows-networking.xml:1419(para)
1504
msgid "Then restart the <application>likewise-open</application> daemons:"
1505
msgstr ""
1506
1507
#: serverguide/C/windows-networking.xml:1424(command)
1508
msgid "sudo /etc/init.d/likewise-open restart"
1509
msgstr ""
1510
1511
#: serverguide/C/windows-networking.xml:1428(para)
1512
msgid ""
1513
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1514
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1515
"using only their username."
1516
msgstr ""
1517
1518
#: serverguide/C/windows-networking.xml:1434(para)
1519
msgid ""
1520
"The <application>domainjoin-cli</application> utility can also be used to "
1521
"leave the domain. From a terminal:"
1522
msgstr ""
1523
1524
#: serverguide/C/windows-networking.xml:1439(command)
1525
msgid "sudo domainjoin-cli leave"
1526
msgstr ""
1527
1528
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1529
msgid "Other Utilities"
1530
msgstr ""
1531
1532
#: serverguide/C/windows-networking.xml:1446(para)
1533
msgid ""
1534
"The <application>likewise-open</application> package comes with a few other "
1535
"utilities that may be useful for gathering information about the Active "
1536
"Directory environment. These utilities are used to join the machine to the "
1537
"domain, and are the same as those available in the <application>samba-"
1538
"common</application> and <application>winbind</application> packages:"
1539
msgstr ""
1540
1541
#: serverguide/C/windows-networking.xml:1455(para)
1542
msgid ""
1543
"<application>lwinet</application>: Returns information about the network and "
1544
"the domain."
1545
msgstr ""
1546
1547
#: serverguide/C/windows-networking.xml:1460(para)
1548
msgid ""
1549
"<application>lwimsg</application>: Allows interaction with the "
1550
"<application>likewise-winbindd</application> daemon."
1551
msgstr ""
1552
1553
#: serverguide/C/windows-networking.xml:1465(para)
1554
msgid ""
1555
"<application>lwiinfo</application>: Displays information about various parts "
1556
"of the Domain."
1557
msgstr ""
1558
1559
#: serverguide/C/windows-networking.xml:1471(para)
1560
msgid "Please refer to each utility's man page specific for details."
1561
msgstr ""
1562
1563
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1564
msgid "Troubleshooting"
1565
msgstr ""
1566
1567
#: serverguide/C/windows-networking.xml:1481(para)
1568
msgid ""
1569
"If the client has trouble joining the domain, double check that the "
1570
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1571
"example:"
1572
msgstr ""
1573
1574
#: serverguide/C/windows-networking.xml:1486(programlisting)
1575
#, no-wrap
1576
msgid ""
1577
"\n"
1578
"nameserver 192.168.0.1\n"
1579
msgstr ""
1580
1581
#: serverguide/C/windows-networking.xml:1491(para)
1582
msgid ""
1583
"For more information when joining a domain, use the <emphasis>--loglevel "
1584
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1585
"<application>domainjoin-cli</application> utility:"
1586
msgstr ""
1587
1588
#: serverguide/C/windows-networking.xml:1497(command)
1589
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1590
msgstr ""
1591
1592
#: serverguide/C/windows-networking.xml:1501(para)
1593
msgid ""
1594
"If an Active Directory user has trouble logging in, check the "
1595
"<filename>/var/log/auth.log</filename> for details."
1596
msgstr ""
1597
1598
#: serverguide/C/windows-networking.xml:1506(para)
1599
msgid ""
1600
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1601
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1602
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1603
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1604
"<emphasis>hosts</emphasis> option. For example:"
1605
msgstr ""
1606
1607
#: serverguide/C/windows-networking.xml:1512(programlisting)
1608
#, no-wrap
1609
msgid ""
1610
"\n"
1611
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1612
msgstr ""
1613
1614
#: serverguide/C/windows-networking.xml:1516(para)
1615
msgid "Change the above to:"
1616
msgstr ""
1617
1618
#: serverguide/C/windows-networking.xml:1520(programlisting)
1619
#, no-wrap
1620
msgid ""
1621
"\n"
1622
"hosts: files dns [NOTFOUND=return]\n"
1623
msgstr ""
1624
1625
#: serverguide/C/windows-networking.xml:1524(para)
1626
msgid "Then restart networking by entering:"
1627
msgstr ""
1628
1629
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1630
msgid "sudo /etc/init.d/networking restart"
1631
msgstr ""
1632
1633
#: serverguide/C/windows-networking.xml:1532(para)
1634
msgid "You should now be able to join the Active Directory domain."
1635
msgstr ""
1636
1637
#: serverguide/C/windows-networking.xml:1540(title)
1638
msgid "Microsoft DNS"
1639
msgstr ""
1640
1641
#: serverguide/C/windows-networking.xml:1542(para)
1642
msgid ""
1643
"The following are instructions for installing DNS on an Active Directory "
1644
"domain controller running Windows Server 2003, but the instructions should "
1645
"be similar for other versions:"
1646
msgstr ""
1647
1648
#: serverguide/C/windows-networking.xml:1551(para)
1649
msgid ""
1650
"Click "
1651
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1652
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1653
"This will open the <application>Server Role Mangement</application> utility."
1654
msgstr ""
1655
1656
#: serverguide/C/windows-networking.xml:1559(para)
1657
msgid "Click <guilabel>Add or remove a role</guilabel>"
1658
msgstr ""
1659
1660
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1661
msgid "Click Next"
1662
msgstr ""
1663
1664
#: serverguide/C/windows-networking.xml:1561(para)
1665
msgid "Select \"DNS Server\""
1666
msgstr ""
1667
1668
#: serverguide/C/windows-networking.xml:1563(para)
1669
msgid "Click Next again to proceed"
1670
msgstr ""
1671
1672
#: serverguide/C/windows-networking.xml:1564(para)
1673
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1674
msgstr ""
1675
1676
#: serverguide/C/windows-networking.xml:1566(para)
1677
msgid ""
1678
"Make sure \"This server maintains the zone\" is selected and click Next."
1679
msgstr ""
1680
1681
#: serverguide/C/windows-networking.xml:1567(para)
1682
msgid "Enter your domain name and click Next"
1683
msgstr ""
1684
1685
#: serverguide/C/windows-networking.xml:1568(para)
1686
msgid "Click Next to \"Allow only secure dynamic updates\""
1687
msgstr ""
1688
1689
#: serverguide/C/windows-networking.xml:1570(para)
1690
msgid ""
1691
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1692
"should not forward queries\" and click Next."
1693
msgstr ""
1694
1695
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1696
msgid "Click Finish"
1697
msgstr ""
1698
1699
#: serverguide/C/windows-networking.xml:1577(para)
1700
msgid ""
1701
"DNS is now installed and can be further configured using the "
1702
"<application>Microsoft Management Console</application> DNS snap-in."
1703
msgstr ""
1704
1705
#: serverguide/C/windows-networking.xml:1585(para)
1706
msgid "Click Start"
1707
msgstr ""
1708
1709
#: serverguide/C/windows-networking.xml:1586(para)
1710
msgid "Control Panel"
1711
msgstr ""
1712
1713
#: serverguide/C/windows-networking.xml:1587(para)
1714
msgid "Network Connections"
1715
msgstr ""
1716
1717
#: serverguide/C/windows-networking.xml:1588(para)
1718
msgid "Right Click \"Local Area Connection\""
1719
msgstr ""
1720
1721
#: serverguide/C/windows-networking.xml:1589(para)
1722
msgid "Click Properties"
1723
msgstr ""
1724
1725
#: serverguide/C/windows-networking.xml:1590(para)
1726
msgid "Double click \"Internet Protocol (TCP/IP)\""
1727
msgstr ""
1728
1729
#: serverguide/C/windows-networking.xml:1591(para)
1730
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1731
msgstr ""
1732
1733
#: serverguide/C/windows-networking.xml:1592(para)
1734
msgid "Click Ok"
1735
msgstr ""
1736
1737
#: serverguide/C/windows-networking.xml:1593(para)
1738
msgid "Click Ok again to save the settings"
1739
msgstr ""
1740
1741
#: serverguide/C/windows-networking.xml:1582(para)
1742
msgid ""
1743
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1744
msgstr ""
1745
1746
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1747
msgid "References"
1748
msgstr ""
1749
1750
#: serverguide/C/windows-networking.xml:1602(para)
1751
msgid ""
1752
"Please refer to the <ulink "
1753
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1754
"further information."
1755
msgstr ""
1756
1757
#: serverguide/C/windows-networking.xml:1606(para)
1758
msgid ""
1759
"For more <application>domainjoin-cli</application> options see the man page: "
1760
"<command>man domainjoin-cli</command>."
1761
msgstr ""
1762
1763
#: serverguide/C/windows-networking.xml:1610(para)
1764
msgid ""
1765
"Also, see the <ulink "
1766
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1767
"LikewiseOpen</ulink> page."
1768
msgstr ""
1769
1770
#: serverguide/C/web-servers.xml:13(title)
1771
msgid "Web Servers"
1772
msgstr ""
1773
1774
#: serverguide/C/web-servers.xml:14(para)
1775
msgid ""
1776
"A Web server is a software responsible for accepting HTTP requests from "
1777
"clients, which are known as Web browsers, and serving them HTTP responses "
1778
"along with optional data contents, which usually are Web pages such as HTML "
1779
"documents and linked objects (images, etc.)."
1780
msgstr ""
1781
1782
#: serverguide/C/web-servers.xml:19(title)
1783
msgid "HTTPD - Apache2 Web Server"
1784
msgstr ""
1785
1786
#: serverguide/C/web-servers.xml:20(para)
1787
msgid ""
1788
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1789
"are used to serve Web Pages requested by client computers. Clients typically "
1790
"request and view Web Pages using Web Browser applications such as "
1791
"<application>Firefox</application>, <application>Opera</application>, or "
1792
"<application>Mozilla</application>."
1793
msgstr ""
1794
1795
#: serverguide/C/web-servers.xml:24(para)
1796
msgid ""
1797
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1798
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1799
"resource. For example, to view the home page of the <ulink "
1800
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1801
"the FQDN. To request specific information about <ulink "
1802
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1803
"enter the FQDN followed by a path."
1804
msgstr ""
1805
1806
#: serverguide/C/web-servers.xml:29(para)
1807
msgid ""
1808
"The most common protocol used to transfer Web pages is the Hyper Text "
1809
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1810
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1811
"protocol for uploading and downloading files, are also supported."
1812
msgstr ""
1813
1814
#: serverguide/C/web-servers.xml:33(para)
1815
msgid ""
1816
"Apache Web Servers are often used in combination with the "
1817
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1818
"(<application>PHP</application>) scripting language, and other popular "
1819
"scripting languages such as <application>Python</application> and "
1820
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1821
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1822
"for the development and deployment of Web-based applications."
1823
msgstr ""
1824
1825
#: serverguide/C/web-servers.xml:42(para)
1826
msgid ""
1827
"The <application>Apache2</application> web server is available in Ubuntu "
1828
"Linux. To install Apache2:"
1829
msgstr ""
1830
1831
#: serverguide/C/web-servers.xml:48(para)
1832
msgid "At a terminal prompt enter the following command:"
1833
msgstr ""
1834
1835
#: serverguide/C/web-servers.xml:53(command)
1836
msgid "sudo apt-get install apache2"
1837
msgstr ""
1838
1839
#: serverguide/C/web-servers.xml:63(para)
1840
msgid ""
1841
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1842
"text configuration files. These <emphasis>directives</emphasis> are "
1843
"separated between the following files and directories:"
1844
msgstr ""
1845
1846
#: serverguide/C/web-servers.xml:71(para)
1847
msgid ""
1848
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1849
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1850
msgstr ""
1851
1852
#: serverguide/C/web-servers.xml:77(para)
1853
msgid ""
1854
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1855
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1856
"serve content may add files, or symlinks, to this directory."
1857
msgstr ""
1858
1859
#: serverguide/C/web-servers.xml:83(para)
1860
msgid ""
1861
"<emphasis>envvars:</emphasis> file where Apache2 "
1862
"<emphasis>environment</emphasis> variables are set."
1863
msgstr ""
1864
1865
#: serverguide/C/web-servers.xml:88(para)
1866
msgid ""
1867
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1868
"file, named after the <application>httpd</application> daemon. The file can "
1869
"be used for <emphasis>user specific</emphasis> configuration options that "
1870
"globally effect Apache2."
1871
msgstr ""
1872
1873
#: serverguide/C/web-servers.xml:95(para)
1874
msgid ""
1875
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1876
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1877
"modules will have specific configuration files, however."
1878
msgstr ""
1879
1880
#: serverguide/C/web-servers.xml:101(para)
1881
msgid ""
1882
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1883
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1884
"configuration file is symlinked it will be enabled the next time "
1885
"<application>apache2</application> is restarted."
1886
msgstr ""
1887
1888
#: serverguide/C/web-servers.xml:108(para)
1889
msgid ""
1890
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1891
"TCP ports Apache2 is listening on."
1892
msgstr ""
1893
1894
#: serverguide/C/web-servers.xml:113(para)
1895
msgid ""
1896
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1897
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1898
"to be configured for multiple sites that have separate configurations."
1899
msgstr ""
1900
1901
#: serverguide/C/web-servers.xml:119(para)
1902
msgid ""
1903
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1904
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1905
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1906
"a configuration file in sites-available is symlinked, the site configured by "
1907
"it will be active once Apache2 is restarted."
1908
msgstr ""
1909
1910
#: serverguide/C/web-servers.xml:127(para)
1911
msgid ""
1912
"In addition, other configuration files may be added using the "
1913
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1914
"many configuration files. Any directive may be placed in any of these "
1915
"configuration files. Changes to the main configuration files are only "
1916
"recognized by Apache2 when it is started or restarted."
1917
msgstr ""
1918
1919
#: serverguide/C/web-servers.xml:136(para)
1920
msgid ""
1921
"The server also reads a file containing mime document types; the filename is "
1922
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1923
"<filename>/etc/mime.types</filename> by default."
1924
msgstr ""
1925
1926
#: serverguide/C/web-servers.xml:141(title)
1927
msgid "Basic Settings"
1928
msgstr ""
1929
1930
#: serverguide/C/web-servers.xml:142(para)
1931
msgid ""
1932
"This section explains Apache2 server essential configuration parameters. "
1933
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1934
"Documentation</ulink> for more details."
1935
msgstr ""
1936
1937
#: serverguide/C/web-servers.xml:150(para)
1938
msgid ""
1939
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1940
"it is configured with a single default virtual host (using the "
1941
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1942
"if you have a single site, or used as a template for additional virtual "
1943
"hosts if you have multiple sites. If left alone, the default virtual host "
1944
"will serve as your default site, or the site users will see if the URL they "
1945
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1946
"your custom sites. To modify the default virtual host, edit the file "
1947
"<filename>/etc/apache2/sites-available/default</filename>."
1948
msgstr ""
1949
1950
#: serverguide/C/web-servers.xml:163(para)
1951
msgid ""
1952
"The directives set for a virtual host only apply to that particular virtual "
1953
"host. If a directive is set server-wide and not defined within the virtual "
1954
"host settings, the default setting is used. For example, you can define a "
1955
"Webmaster email address and not define individual email addresses for each "
1956
"virtual host."
1957
msgstr ""
1958
1959
#: serverguide/C/web-servers.xml:171(para)
1960
msgid ""
1961
"If you wish to configure a new virtual host or site, copy that file into the "
1962
"same directory with a name you choose. For example:"
1963
msgstr ""
1964
1965
#: serverguide/C/web-servers.xml:177(command)
1966
msgid ""
1967
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1968
"available/mynewsite"
1969
msgstr ""
1970
1971
#: serverguide/C/web-servers.xml:180(para)
1972
msgid ""
1973
"Edit the new file to configure the new site using some of the directives "
1974
"described below."
1975
msgstr ""
1976
1977
#: serverguide/C/web-servers.xml:187(para)
1978
msgid ""
1979
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1980
"to be advertised for the server's administrator. The default value is "
1981
"webmaster@localhost. This should be changed to an email address that is "
1982
"delivered to you (if you are the server's administrator). If your website "
1983
"has a problem, Apache2 will display an error message containing this email "
1984
"address to report the problem to. Find this directive in your site's "
1985
"configuration file in /etc/apache2/sites-available."
1986
msgstr ""
1987
1988
#: serverguide/C/web-servers.xml:198(para)
1989
msgid ""
1990
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1991
"the IP address, Apache2 should listen on. If the IP address is not "
1992
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1993
"it runs on. The default value for the Listen directive is 80. Change this to "
1994
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1995
"that it will not be available to the Internet, to (for example) 81 to change "
1996
"the port that it listens on, or leave it as is for normal operation. This "
1997
"directive can be found and changed in its own file, "
1998
"<filename>/etc/apache2/ports.conf</filename>"
1999
msgstr ""
2000
2001
#: serverguide/C/web-servers.xml:211(para)
2002
msgid ""
2003
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2004
"FQDN your site should answer to. The default virtual host has no ServerName "
2005
"directive specified, so it will respond to all requests that do not match a "
2006
"ServerName directive in another virtual host. If you have just acquired the "
2007
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2008
"value of the ServerName directive in your virtual host configuration file "
2009
"should be ubunturocks.com. Add this directive to the new virtual host file "
2010
"you created earlier (<filename>/etc/apache2/sites-"
2011
"available/mynewsite</filename>)."
2012
msgstr ""
2013
2014
#: serverguide/C/web-servers.xml:223(para)
2015
msgid ""
2016
"You may also want your site to respond to www.ubunturocks.com, since many "
2017
"users will assume the www prefix is appropriate. Use the "
2018
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2019
"wildcards in the ServerAlias directive."
2020
msgstr ""
2021
2022
#: serverguide/C/web-servers.xml:230(para)
2023
msgid ""
2024
"For example, the following configuration will cause your site to respond to "
2025
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2026
msgstr ""
2027
2028
#: serverguide/C/web-servers.xml:236(programlisting)
2029
#, no-wrap
2030
msgid ""
2031
"\n"
2032
"ServerAlias *.ubunturocks.com\n"
2033
msgstr ""
2034
2035
#: serverguide/C/web-servers.xml:242(para)
2036
msgid ""
2037
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2038
"should look for the files that make up the site. The default value is "
2039
"/var/www. No site is configured there, but if you uncomment the "
2040
"<emphasis>RedirectMatch</emphasis> directive in "
2041
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2042
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2043
"this value in your site's virtual host file, and remember to create that "
2044
"directory if necessary!"
2045
msgstr ""
2046
2047
#: serverguide/C/web-servers.xml:254(para)
2048
msgid ""
2049
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2050
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2051
"enabled point to \"available\" sites."
2052
msgstr ""
2053
2054
#: serverguide/C/web-servers.xml:260(para)
2055
msgid ""
2056
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2057
"<application>a2ensite</application> utility and restart Apache2:"
2058
msgstr ""
2059
2060
#: serverguide/C/web-servers.xml:266(command)
2061
msgid "sudo a2ensite mynewsite"
2062
msgstr ""
2063
2064
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2065
msgid "sudo /etc/init.d/apache2 restart"
2066
msgstr ""
2067
2068
#: serverguide/C/web-servers.xml:271(para)
2069
msgid ""
2070
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2071
"name for the VirtualHost. One method is to name the file after the "
2072
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2073
msgstr ""
2074
2075
#: serverguide/C/web-servers.xml:278(para)
2076
msgid ""
2077
"Similarly, use the <application>a2dissite</application> utility to disable "
2078
"sites. This is can be useful when troubleshooting configuration problems "
2079
"with multiple VirtualHosts:"
2080
msgstr ""
2081
2082
#: serverguide/C/web-servers.xml:284(command)
2083
msgid "sudo a2dissite mynewsite"
2084
msgstr ""
2085
2086
#: serverguide/C/web-servers.xml:290(title)
2087
msgid "Default Settings"
2088
msgstr ""
2089
2090
#: serverguide/C/web-servers.xml:292(para)
2091
msgid ""
2092
"This section explains configuration of the Apache2 server default settings. "
2093
"For example, if you add a virtual host, the settings you configure for the "
2094
"virtual host take precedence for that virtual host. For a directive not "
2095
"defined within the virtual host settings, the default value is used."
2096
msgstr ""
2097
2098
#: serverguide/C/web-servers.xml:304(para)
2099
msgid ""
2100
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2101
"server when a user requests an index of a directory by specifying a forward "
2102
"slash (/) at the end of the directory name."
2103
msgstr ""
2104
2105
#: serverguide/C/web-servers.xml:311(para)
2106
msgid ""
2107
"For example, when a user requests the page "
2108
"http://www.example.com/this_directory/, he or she will get either the "
2109
"DirectoryIndex page if it exists, a server-generated directory list if it "
2110
"does not and the Indexes option is specified, or a Permission Denied page if "
2111
"neither is true. The server will try to find one of the files listed in the "
2112
"DirectoryIndex directive and will return the first one it finds. If it does "
2113
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2114
"set for that directory, the server will generate and return a list, in HTML "
2115
"format, of the subdirectories and files in the directory. The default value, "
2116
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2117
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2118
"Apache2 finds a file in a requested directory matching any of these names, "
2119
"the first will be displayed."
2120
msgstr ""
2121
2122
#: serverguide/C/web-servers.xml:332(para)
2123
msgid ""
2124
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2125
"file for Apache2 to use for specific error events. For example, if a user "
2126
"requests a resource that does not exist, a 404 error will occur, and per "
2127
"Apache2's default configuration, the file "
2128
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2129
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2130
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2131
"redirects requests to the /error directory to "
2132
"<filename>/usr/share/apache2/error/</filename>."
2133
msgstr ""
2134
2135
#: serverguide/C/web-servers.xml:344(para)
2136
msgid ""
2137
"To see a list of the default ErrorDocument directives, use this command:"
2138
msgstr ""
2139
2140
#: serverguide/C/web-servers.xml:350(command)
2141
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2142
msgstr ""
2143
2144
#: serverguide/C/web-servers.xml:355(para)
2145
msgid ""
2146
"By default, the server writes the transfer log to the file "
2147
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2148
"per-site basis in your virtual host configuration files with the "
2149
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2150
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2151
"specify the file to which errors are logged, via the "
2152
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2153
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2154
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2155
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2156
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2157
"/etc/apache2/apache2.conf</filename> for the default value)."
2158
msgstr ""
2159
2160
#: serverguide/C/web-servers.xml:370(para)
2161
msgid ""
2162
"Some options are specified on a per-directory basis rather than per-server. "
2163
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2164
"is enclosed in XML-like tags, like so:"
2165
msgstr ""
2166
2167
#: serverguide/C/web-servers.xml:376(programlisting)
2168
#, no-wrap
2169
msgid ""
2170
"\n"
2171
"<Directory /var/www/mynewsite>\n"
2172
"...\n"
2173
"</Directory>\n"
2174
msgstr ""
2175
2176
#: serverguide/C/web-servers.xml:382(para)
2177
msgid ""
2178
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2179
"one or more of the following values (among others), separated by spaces:"
2180
msgstr ""
2181
2182
#: serverguide/C/web-servers.xml:394(para)
2183
msgid ""
2184
"Most files should not be executed as CGI scripts. This would be very "
2185
"dangerous. CGI scripts should kept in a directory separate from and outside "
2186
"your DocumentRoot, and only this directory should have the ExecCGI option "
2187
"set. This is the default, and the default location for CGI scripts is "
2188
"<filename>/usr/lib/cgi-bin</filename>."
2189
msgstr ""
2190
2191
#: serverguide/C/web-servers.xml:389(para)
2192
msgid ""
2193
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2194
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2195
msgstr ""
2196
2197
#: serverguide/C/web-servers.xml:405(para)
2198
msgid ""
2199
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2200
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2201
"other files. This is not a common option. See <ulink "
2202
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2203
"HOWTO</ulink> for more information."
2204
msgstr ""
2205
2206
#: serverguide/C/web-servers.xml:414(para)
2207
msgid ""
2208
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2209
"includes, but disable the <emphasis>#exec</emphasis> and "
2210
"<emphasis>#include</emphasis> commands in CGI scripts."
2211
msgstr ""
2212
2213
#: serverguide/C/web-servers.xml:426(para)
2214
msgid ""
2215
"For security reasons, this should usually not be set, and certainly should "
2216
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2217
"per-directory basis only if you are certain you want users to see the entire "
2218
"contents of the directory."
2219
msgstr ""
2220
2221
#: serverguide/C/web-servers.xml:421(para)
2222
msgid ""
2223
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2224
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2225
"index.html) exists in the requested directory. <placeholder-1/>"
2226
msgstr ""
2227
2228
#: serverguide/C/web-servers.xml:436(para)
2229
msgid ""
2230
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2231
"multiviews; this option is disabled by default for security reasons. See the "
2232
"<ulink "
2233
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2234
"Apache2 documentation on this option</ulink>."
2235
msgstr ""
2236
2237
#: serverguide/C/web-servers.xml:444(para)
2238
msgid ""
2239
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2240
"symbolic links if the target file or directory has the same owner as the "
2241
"link."
2242
msgstr ""
2243
2244
#: serverguide/C/web-servers.xml:456(title)
2245
msgid "httpd Settings"
2246
msgstr ""
2247
2248
#: serverguide/C/web-servers.xml:458(para)
2249
msgid ""
2250
"This section explains some basic <application>httpd</application> daemon "
2251
"configuration settings."
2252
msgstr ""
2253
2254
#: serverguide/C/web-servers.xml:462(para)
2255
msgid ""
2256
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2257
"the path to the lockfile used when the server is compiled with either "
2258
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2259
"stored on the local disk. It should be left to the default value unless the "
2260
"logs directory is located on an NFS share. If this is the case, the default "
2261
"value should be changed to a location on the local disk and to a directory "
2262
"that is readable only by root."
2263
msgstr ""
2264
2265
#: serverguide/C/web-servers.xml:471(para)
2266
msgid ""
2267
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2268
"file in which the server records its process ID (pid). This file should only "
2269
"be readable by root. In most cases, it should be left to the default value."
2270
msgstr ""
2271
2272
#: serverguide/C/web-servers.xml:477(para)
2273
msgid ""
2274
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2275
"used by the server to answer requests. This setting determines the server's "
2276
"access. Any files inaccessible to this user will also be inaccessible to "
2277
"your website's visitors. The default value for User is www-data."
2278
msgstr ""
2279
2280
#: serverguide/C/web-servers.xml:484(para)
2281
msgid ""
2282
"Unless you know exactly what you are doing, do not set the User directive to "
2283
"root. Using root as the User will create large security holes for your Web "
2284
"server."
2285
msgstr ""
2286
2287
#: serverguide/C/web-servers.xml:490(para)
2288
msgid ""
2289
"The Group directive is similar to the User directive. Group sets the group "
2290
"under which the server will answer requests. The default group is also www-"
2291
"data."
2292
msgstr ""
2293
2294
#: serverguide/C/web-servers.xml:496(title)
2295
msgid "Apache2 Modules"
2296
msgstr ""
2297
2298
#: serverguide/C/web-servers.xml:498(para)
2299
msgid ""
2300
"Apache2 is a modular server. This implies that only the most basic "
2301
"functionality is included in the core server. Extended features are "
2302
"available through modules which can be loaded into Apache2. By default, a "
2303
"base set of modules is included in the server at compile-time. If the server "
2304
"is compiled to use dynamically loaded modules, then modules can be compiled "
2305
"separately, and added at any time using the LoadModule directive. Otherwise, "
2306
"Apache2 must be recompiled to add or remove modules."
2307
msgstr ""
2308
2309
#: serverguide/C/web-servers.xml:510(para)
2310
msgid ""
2311
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2312
"Configuration directives may be conditionally included on the presence of a "
2313
"particular module by enclosing them in an "
2314
"<emphasis><IfModule></emphasis> block."
2315
msgstr ""
2316
2317
#: serverguide/C/web-servers.xml:517(para)
2318
msgid ""
2319
"You can install additional Apache2 modules and use them with your Web "
2320
"server. For example, run the following command from a terminal prompt to "
2321
"install the <emphasis>MySQL Authentication</emphasis> module:"
2322
msgstr ""
2323
2324
#: serverguide/C/web-servers.xml:524(command)
2325
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2326
msgstr ""
2327
2328
#: serverguide/C/web-servers.xml:527(para)
2329
msgid ""
2330
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2331
"additional modules."
2332
msgstr ""
2333
2334
#: serverguide/C/web-servers.xml:531(para)
2335
msgid ""
2336
"Use the <application>a2enmod</application> utility to enable a module:"
2337
msgstr ""
2338
2339
#: serverguide/C/web-servers.xml:537(command)
2340
msgid "sudo a2enmod auth_mysql"
2341
msgstr ""
2342
2343
#: serverguide/C/web-servers.xml:541(para)
2344
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2345
msgstr ""
2346
2347
#: serverguide/C/web-servers.xml:546(command)
2348
msgid "sudo a2dismod auth_mysql"
2349
msgstr ""
2350
2351
#: serverguide/C/web-servers.xml:553(title)
2352
msgid "HTTPS Configuration"
2353
msgstr ""
2354
2355
#: serverguide/C/web-servers.xml:555(para)
2356
msgid ""
2357
"The <application>mod_ssl</application> module adds an important feature to "
2358
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2359
"browser is communicating using SSL, the https:// prefix is used at the "
2360
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2361
"bar."
2362
msgstr ""
2363
2364
#: serverguide/C/web-servers.xml:564(para)
2365
msgid ""
2366
"The <application>mod_ssl</application> module is available in "
2367
"<application>apache2-common</application> package. Execute the following "
2368
"command from a terminal prompt to enable the "
2369
"<application>mod_ssl</application> module:"
2370
msgstr ""
2371
2372
#: serverguide/C/web-servers.xml:571(command)
2373
msgid "sudo a2enmod ssl"
2374
msgstr ""
2375
2376
#: serverguide/C/web-servers.xml:574(para)
2377
msgid ""
2378
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2379
"available/default-ssl</filename>. In order for "
2380
"<application>Apache2</application> to provide HTTPS, a "
2381
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2382
"needed. The default HTTPS configuration will use a certificate and key "
2383
"generated by the <application>ssl-cert</application> package. They are good "
2384
"for testing, but the auto-generated certificate and key should be replaced "
2385
"by a certificate specific to the site or server. For information on "
2386
"generating a key and obtaining a certificate see <xref "
2387
"linkend=\"certificates-and-security\"/>"
2388
msgstr ""
2389
2390
#: serverguide/C/web-servers.xml:584(para)
2391
msgid ""
2392
"To configure <application>Apache2</application> for HTTPS, enter the "
2393
"following:"
2394
msgstr ""
2395
2396
#: serverguide/C/web-servers.xml:589(command)
2397
msgid "sudo a2ensite default-ssl"
2398
msgstr ""
2399
2400
#: serverguide/C/web-servers.xml:593(para)
2401
msgid ""
2402
"The directories <filename>/etc/ssl/certs</filename> and "
2403
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2404
"install the certificate and key in another directory make sure to change "
2405
"<emphasis>SSLCertificateFile</emphasis> and "
2406
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2407
msgstr ""
2408
2409
#: serverguide/C/web-servers.xml:600(para)
2410
msgid ""
2411
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2412
"settings:"
2413
msgstr ""
2414
2415
#: serverguide/C/web-servers.xml:611(para)
2416
msgid ""
2417
"Depending on how you obtained your certificate you may need to enter a "
2418
"passphrase when <application>Apache2</application> starts."
2419
msgstr ""
2420
2421
#: serverguide/C/web-servers.xml:617(para)
2422
msgid ""
2423
"You can access the secure server pages by typing https://your_hostname/url/ "
2424
"in your browser address bar."
2425
msgstr ""
2426
2427
#: serverguide/C/web-servers.xml:628(para)
2428
msgid ""
2429
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2430
"Documentation</ulink> contains in depth information on Apache2 configuration "
2431
"directives. Also, see the <application>apache2-doc</application> package for "
2432
"the official Apache2 docs."
2433
msgstr ""
2434
2435
#: serverguide/C/web-servers.xml:635(para)
2436
msgid ""
2437
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2438
"Documentation</ulink> site for more SSL related information."
2439
msgstr ""
2440
2441
#: serverguide/C/web-servers.xml:641(para)
2442
msgid ""
2443
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2444
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2445
"configurations."
2446
msgstr ""
2447
2448
#: serverguide/C/web-servers.xml:647(para)
2449
msgid ""
2450
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2451
"server</emphasis> IRC channel on <ulink "
2452
"url=\"http://freenode.net/\">freenode.net</ulink>."
2453
msgstr ""
2454
2455
#: serverguide/C/web-servers.xml:653(para)
2456
msgid ""
2457
"Usually integrated with PHP and MySQL the <ulink "
2458
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2459
"Ubuntu Wiki </ulink> page is a good resource."
2460
msgstr ""
2461
2462
#: serverguide/C/web-servers.xml:664(title)
2463
msgid "PHP5 - Scripting Language"
2464
msgstr ""
2465
2466
#: serverguide/C/web-servers.xml:665(para)
2467
msgid ""
2468
"PHP is a general-purpose scripting language suited for Web development. The "
2469
"PHP script can be embedded into HTML. This section explains how to install "
2470
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2471
msgstr ""
2472
2473
#: serverguide/C/web-servers.xml:669(para)
2474
msgid ""
2475
"This section assumes you have installed and configured Apache2 Web Server "
2476
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2477
"sections in this document to install and configure Apache2 and MySQL "
2478
"respectively."
2479
msgstr ""
2480
2481
#: serverguide/C/web-servers.xml:676(para)
2482
msgid "The PHP5 is available in Ubuntu Linux."
2483
msgstr ""
2484
2485
#: serverguide/C/web-servers.xml:678(para)
2486
msgid ""
2487
"To install PHP5 you can enter the following command in the terminal prompt: "
2488
"<screen>\n"
2489
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2490
"</screen>"
2491
msgstr ""
2492
2493
#: serverguide/C/web-servers.xml:687(para)
2494
msgid ""
2495
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2496
"line you should install <application>php5-cli</application> package. To "
2497
"install <application>php5-cli</application> you can enter the following "
2498
"command in the terminal prompt: <screen>\n"
2499
"<command>sudo apt-get install php5-cli</command>\n"
2500
"</screen>"
2501
msgstr ""
2502
2503
#: serverguide/C/web-servers.xml:696(para)
2504
msgid ""
2505
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2506
"accomplish this, you should install <application>php5-cgi</application> "
2507
"package. You can run the following command in a terminal prompt to install "
2508
"<application>php5-cgi</application> package: <screen>\n"
2509
"<command>sudo apt-get install php5-cgi</command>\n"
2510
"</screen>"
2511
msgstr ""
2512
2513
#: serverguide/C/web-servers.xml:706(para)
2514
msgid ""
2515
"To use <application>MySQL</application> with PHP5 you should install "
2516
"<application>php5-mysql</application> package. To install <application>php5-"
2517
"mysql</application> you can enter the following command in the terminal "
2518
"prompt: <screen>\n"
2519
"<command>sudo apt-get install php5-mysql</command>\n"
2520
"</screen>"
2521
msgstr ""
2522
2523
#: serverguide/C/web-servers.xml:714(para)
2524
msgid ""
2525
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2526
"install <application>php5-pgsql</application> package. To install "
2527
"<application>php5-pgsql</application> you can enter the following command in "
2528
"the terminal prompt: <screen>\n"
2529
"<command>sudo apt-get install php5-pgsql</command>\n"
2530
"</screen>"
2531
msgstr ""
2532
2533
#: serverguide/C/web-servers.xml:727(para)
2534
msgid ""
2535
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2536
"you have installed <application>php5-cli</application> package, you can run "
2537
"PHP5 scripts from your command prompt."
2538
msgstr ""
2539
2540
#: serverguide/C/web-servers.xml:734(para)
2541
msgid ""
2542
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2543
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2544
"when you install the module. Please verify if the files "
2545
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2546
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2547
"not exists, you can enable the module using <command>a2enmod</command> "
2548
"command."
2549
msgstr ""
2550
2551
#: serverguide/C/web-servers.xml:745(para)
2552
msgid ""
2553
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2554
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2555
"following command at a terminal prompt to restart your web server: "
2556
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2557
msgstr ""
2558
2559
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2560
msgid "Testing"
2561
msgstr ""
2562
2563
#: serverguide/C/web-servers.xml:754(para)
2564
msgid ""
2565
"To verify your installation, you can run following PHP5 phpinfo script:"
2566
msgstr ""
2567
2568
#: serverguide/C/web-servers.xml:757(programlisting)
2569
#, no-wrap
2570
msgid ""
2571
"\n"
2572
"<?php\n"
2573
" phpinfo();\n"
2574
"?>\n"
2575
msgstr ""
2576
2577
#: serverguide/C/web-servers.xml:762(para)
2578
msgid ""
2579
"You can save the content in a file <filename>phpinfo.php</filename> and "
2580
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2581
"server. When point your browser to "
2582
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2583
"various PHP5 configuration parameters."
2584
msgstr ""
2585
2586
#: serverguide/C/web-servers.xml:776(para)
2587
msgid ""
2588
"For more in depth information see <ulink "
2589
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2590
msgstr ""
2591
2592
#: serverguide/C/web-servers.xml:781(para)
2593
msgid ""
2594
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2595
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2596
"5</ulink> and the <ulink "
2597
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2598
msgstr ""
2599
2600
#: serverguide/C/web-servers.xml:788(para)
2601
msgid ""
2602
"Also, see the <ulink "
2603
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2604
"Ubuntu Wiki</ulink> page for more information."
2605
msgstr ""
2606
2607
#: serverguide/C/web-servers.xml:799(title)
2608
msgid "Squid - Proxy Server"
2609
msgstr ""
2610
2611
#: serverguide/C/web-servers.xml:800(para)
2612
msgid ""
2613
"Squid is a full-featured web proxy cache server application which provides "
2614
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2615
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2616
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2617
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2618
"caching. Squid also supports a wide variety of caching protocols, such as "
2619
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2620
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2621
"Protocol. (WCCP)"
2622
msgstr ""
2623
2624
#: serverguide/C/web-servers.xml:808(para)
2625
msgid ""
2626
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2627
"and caching server needs, and scales from the branch office to enterprise "
2628
"level networks while providing extensive, granular access control mechanisms "
2629
"and monitoring of critical parameters via the Simple Network Management "
2630
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2631
"Squid proxy, or caching servers, ensure your system is configured with a "
2632
"large amount of physical memory, as Squid maintains an in-memory cache for "
2633
"increased performance."
2634
msgstr ""
2635
2636
#: serverguide/C/web-servers.xml:817(para)
2637
msgid ""
2638
"At a terminal prompt, enter the following command to install the Squid "
2639
"server:"
2640
msgstr ""
2641
2642
#: serverguide/C/web-servers.xml:822(command)
2643
msgid "sudo apt-get install squid"
2644
msgstr ""
2645
2646
#: serverguide/C/web-servers.xml:828(para)
2647
msgid ""
2648
"Squid is configured by editing the directives contained within the "
2649
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2650
"examples illustrate some of the directives which may be modified to affect "
2651
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2652
"see the References section."
2653
msgstr ""
2654
2655
#: serverguide/C/web-servers.xml:834(para)
2656
msgid ""
2657
"Prior to editing the configuration file, you should make a copy of the "
2658
"original file and protect it from writing so you will have the original "
2659
"settings as a reference, and to re-use as necessary."
2660
msgstr ""
2661
2662
#: serverguide/C/web-servers.xml:837(para)
2663
msgid ""
2664
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2665
"writing with the following commands entered at a terminal prompt:"
2666
msgstr ""
2667
2668
#: serverguide/C/web-servers.xml:842(command)
2669
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2670
msgstr ""
2671
2672
#: serverguide/C/web-servers.xml:843(command)
2673
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:849(para)
2677
msgid ""
2678
"To set your Squid server to listen on TCP port 8888 instead of the default "
2679
"TCP port 3128, change the http_port directive as such:"
2680
msgstr ""
2681
2682
#: serverguide/C/web-servers.xml:853(programlisting)
2683
#, no-wrap
2684
msgid ""
2685
"\n"
2686
"http_port 8888\n"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:858(para)
2690
msgid ""
2691
"Change the visible_hostname directive in order to give the Squid server a "
2692
"specific hostname. This hostname does not necessarily need to be the "
2693
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2694
msgstr ""
2695
2696
#: serverguide/C/web-servers.xml:862(programlisting)
2697
#, no-wrap
2698
msgid ""
2699
"\n"
2700
"visible_hostname weezie\n"
2701
msgstr ""
2702
2703
#: serverguide/C/web-servers.xml:867(para)
2704
msgid ""
2705
"Using Squid's access control, you may configure use of Internet services "
2706
"proxied by Squid to be available only users with certain Internet Protocol "
2707
"(IP) addresses. For example, we will illustrate access by users of the "
2708
"192.168.42.0/24 subnetwork only:"
2709
msgstr ""
2710
2711
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2712
msgid ""
2713
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2714
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2715
msgstr ""
2716
2717
#: serverguide/C/web-servers.xml:875(programlisting)
2718
#, no-wrap
2719
msgid ""
2720
"\n"
2721
"acl fortytwo_network src 192.168.42.0/24\n"
2722
msgstr ""
2723
2724
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2725
msgid ""
2726
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2727
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2728
msgstr ""
2729
2730
#: serverguide/C/web-servers.xml:882(programlisting)
2731
#, no-wrap
2732
msgid ""
2733
"\n"
2734
"http_access allow fortytwo_network\n"
2735
msgstr ""
2736
2737
#: serverguide/C/web-servers.xml:887(para)
2738
msgid ""
2739
"Using the excellent access control features of Squid, you may configure use "
2740
"of Internet services proxied by Squid to be available only during normal "
2741
"business hours. For example, we'll illustrate access by employees of a "
2742
"business which is operating between 9:00AM and 5:00PM, Monday through "
2743
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2744
msgstr ""
2745
2746
#: serverguide/C/web-servers.xml:895(programlisting)
2747
#, no-wrap
2748
msgid ""
2749
"\n"
2750
"acl biz_network src 10.1.42.0/24\n"
2751
"acl biz_hours time M T W T F 9:00-17:00\n"
2752
msgstr ""
2753
2754
#: serverguide/C/web-servers.xml:903(programlisting)
2755
#, no-wrap
2756
msgid ""
2757
"\n"
2758
"http_access allow biz_network biz_hours\n"
2759
msgstr ""
2760
2761
#: serverguide/C/web-servers.xml:910(para)
2762
msgid ""
2763
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2764
"save the file and restart the <application>squid</application> server "
2765
"application to effect the changes using the following command entered at a "
2766
"terminal prompt:"
2767
msgstr ""
2768
2769
#: serverguide/C/web-servers.xml:917(command)
2770
msgid "sudo /etc/init.d/squid restart"
2771
msgstr ""
2772
2773
#: serverguide/C/web-servers.xml:924(ulink)
2774
msgid "Squid Website"
2775
msgstr ""
2776
2777
#: serverguide/C/web-servers.xml:926(para)
2778
msgid ""
2779
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2780
"Squid</ulink> page."
2781
msgstr ""
2782
2783
#: serverguide/C/web-servers.xml:933(title)
2784
msgid "Ruby on Rails"
2785
msgstr ""
2786
2787
#: serverguide/C/web-servers.xml:934(para)
2788
msgid ""
2789
"Ruby on Rails is an open source web framework for developing database backed "
2790
"web applications. It is optimized for sustainable productivity of the "
2791
"programmer since it lets the programmer to write code by favouring "
2792
"convention over configuration."
2793
msgstr ""
2794
2795
#: serverguide/C/web-servers.xml:941(para)
2796
msgid ""
2797
"Before installing <application>Rails</application> you should install "
2798
"<application>Apache</application> and <application>MySQL</application>. To "
2799
"install the <application>Apache</application> package, please refer to <xref "
2800
"linkend=\"httpd\"/>. For instructions on installing "
2801
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2802
msgstr ""
2803
2804
#: serverguide/C/web-servers.xml:949(para)
2805
msgid ""
2806
"Once you have <application>Apache</application> and "
2807
"<application>MySQL</application> packages installed, you are ready to "
2808
"install <application>Ruby on Rails</application> package."
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:956(para)
2812
msgid ""
2813
"To install the <application>Ruby</application> base packages and "
2814
"<application>Ruby on Rails</application>, you can enter the following "
2815
"command in the terminal prompt:"
2816
msgstr ""
2817
2818
#: serverguide/C/web-servers.xml:962(command)
2819
msgid "sudo apt-get install rails"
2820
msgstr ""
2821
2822
#: serverguide/C/web-servers.xml:968(para)
2823
msgid ""
2824
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2825
"configuration file to setup your domains."
2826
msgstr ""
2827
2828
#: serverguide/C/web-servers.xml:972(para)
2829
msgid ""
2830
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2831
msgstr ""
2832
2833
#: serverguide/C/web-servers.xml:976(programlisting)
2834
#, no-wrap
2835
msgid ""
2836
"\n"
2837
"DocumentRoot /path/to/rails/application/public\n"
2838
msgstr ""
2839
2840
#: serverguide/C/web-servers.xml:979(para)
2841
msgid ""
2842
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2843
"directive:"
2844
msgstr ""
2845
2846
#: serverguide/C/web-servers.xml:983(programlisting)
2847
#, no-wrap
2848
msgid ""
2849
"\n"
2850
"<Directory \"/path/to/rails/application/public\">\n"
2851
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2852
" AllowOverride All\n"
2853
" Order allow,deny\n"
2854
" allow from all\n"
2855
" AddHandler cgi-script .cgi\n"
2856
"</Directory>\n"
2857
msgstr ""
2858
2859
#: serverguide/C/web-servers.xml:993(para)
2860
msgid ""
2861
"You should also enable the <application>mod_rewrite</application> module for "
2862
"Apache. To enable <application>mod_rewrite</application> module, please "
2863
"enter the following command in a terminal prompt:"
2864
msgstr ""
2865
2866
#: serverguide/C/web-servers.xml:999(command)
2867
msgid "sudo a2enmod rewrite"
2868
msgstr ""
2869
2870
#: serverguide/C/web-servers.xml:1002(para)
2871
msgid ""
2872
"Finally you will need to change the ownership of the "
2873
"<filename>/path/to/rails/application/public</filename> and "
2874
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2875
"used to run the <application>Apache</application> process:"
2876
msgstr ""
2877
2878
#: serverguide/C/web-servers.xml:1008(command)
2879
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2880
msgstr ""
2881
2882
#: serverguide/C/web-servers.xml:1009(command)
2883
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2884
msgstr ""
2885
2886
#: serverguide/C/web-servers.xml:1012(para)
2887
msgid ""
2888
"That's it! Now you have your Server ready for your <application>Ruby on "
2889
"Rails</application> applications."
2890
msgstr ""
2891
2892
#: serverguide/C/web-servers.xml:1021(para)
2893
msgid ""
2894
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2895
"for more information."
2896
msgstr ""
2897
2898
#: serverguide/C/web-servers.xml:1026(para)
2899
msgid ""
2900
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2901
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2902
"resource."
2903
msgstr ""
2904
2905
#: serverguide/C/web-servers.xml:1032(para)
2906
msgid ""
2907
"Another place for more information is the <ulink "
2908
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2909
"Wiki</ulink> page."
2910
msgstr ""
2911
2912
#: serverguide/C/web-servers.xml:1043(title)
2913
msgid "Apache Tomcat"
2914
msgstr ""
2915
2916
#: serverguide/C/web-servers.xml:1044(para)
2917
msgid ""
2918
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2919
"JSP (Java Server Pages) web applications."
2920
msgstr ""
2921
2922
#: serverguide/C/web-servers.xml:1046(para)
2923
msgid ""
2924
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2925
"different ways of running Tomcat. You can install them as a classic unique "
2926
"system-wide instance, that will be started at boot time and will run as the "
2927
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2928
"will run with your own user rights, and that you should start and stop by "
2929
"yourself. This second way is particularly useful in a development server "
2930
"context where multiple users need to test on their own private Tomcat "
2931
"instances."
2932
msgstr ""
2933
2934
#: serverguide/C/web-servers.xml:1056(title)
2935
msgid "System-wide installation"
2936
msgstr ""
2937
2938
#: serverguide/C/web-servers.xml:1057(para)
2939
msgid ""
2940
"To install the <application>Tomcat</application> server, you can enter the "
2941
"following command in the terminal prompt:"
2942
msgstr ""
2943
2944
#: serverguide/C/web-servers.xml:1060(command)
2945
msgid "sudo apt-get install tomcat6"
2946
msgstr ""
2947
2948
#: serverguide/C/web-servers.xml:1062(para)
2949
msgid ""
2950
"This will install a Tomcat server with just a default ROOT webapp that "
2951
"displays a minimal \"It works\" page by default."
2952
msgstr ""
2953
2954
#: serverguide/C/web-servers.xml:1068(para)
2955
msgid ""
2956
"Tomcat configuration files can be found in "
2957
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2958
"will be described here, please see <ulink "
2959
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2960
"documentation</ulink> for more."
2961
msgstr ""
2962
2963
#: serverguide/C/web-servers.xml:1074(title)
2964
msgid "Changing default ports"
2965
msgstr ""
2966
2967
#: serverguide/C/web-servers.xml:1075(para)
2968
msgid ""
2969
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2970
"connector on port 8009. You might want to change those default ports to "
2971
"avoid conflict with another server on the system. This is done by changing "
2972
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2973
msgstr ""
2974
2975
#: serverguide/C/web-servers.xml:1080(programlisting)
2976
#, no-wrap
2977
msgid ""
2978
"\n"
2979
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2980
" connectionTimeout=\"20000\" \n"
2981
" redirectPort=\"8443\" />\n"
2982
"...\n"
2983
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2984
"/>\n"
2985
msgstr ""
2986
2987
#: serverguide/C/web-servers.xml:1089(title)
2988
msgid "Changing JVM used"
2989
msgstr ""
2990
2991
#: serverguide/C/web-servers.xml:1090(para)
2992
msgid ""
2993
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2994
"then try some other JVMs. If you have various JVMs installed, you can set "
2995
"which should be used by setting JAVA_HOME in "
2996
"<filename>/etc/default/tomcat6</filename>:"
2997
msgstr ""
2998
2999
#: serverguide/C/web-servers.xml:1094(programlisting)
3000
#, no-wrap
3001
msgid ""
3002
"\n"
3003
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3004
msgstr ""
3005
3006
#: serverguide/C/web-servers.xml:1099(title)
3007
msgid "Declaring users and roles"
3008
msgstr ""
3009
3010
#: serverguide/C/web-servers.xml:1100(para)
3011
msgid ""
3012
"Usernames, passwords and roles (groups) can be defined centrally in a "
3013
"Servlet container. In Tomcat 6.0 this is done in the "
3014
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3015
msgstr ""
3016
3017
#: serverguide/C/web-servers.xml:1103(programlisting)
3018
#, no-wrap
3019
msgid ""
3020
"\n"
3021
"<role rolename=\"admin\"/>\n"
3022
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3023
msgstr ""
3024
3025
#: serverguide/C/web-servers.xml:1111(title)
3026
msgid "Using Tomcat standard webapps"
3027
msgstr ""
3028
3029
#: serverguide/C/web-servers.xml:1112(para)
3030
msgid ""
3031
"Tomcat is shipped with webapps that you can install for documentation, "
3032
"administration or demo purposes."
3033
msgstr ""
3034
3035
#: serverguide/C/web-servers.xml:1115(title)
3036
msgid "Tomcat documentation"
3037
msgstr ""
3038
3039
#: serverguide/C/web-servers.xml:1116(para)
3040
msgid ""
3041
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3042
"documentation, packaged as a webapp that you can access by default at "
3043
"http://yourserver:8080/docs. You can install it by entering the following "
3044
"command in the terminal prompt:"
3045
msgstr ""
3046
3047
#: serverguide/C/web-servers.xml:1121(command)
3048
msgid "sudo apt-get install tomcat6-docs"
3049
msgstr ""
3050
3051
#: serverguide/C/web-servers.xml:1125(title)
3052
msgid "Tomcat administration webapps"
3053
msgstr ""
3054
3055
#: serverguide/C/web-servers.xml:1126(para)
3056
msgid ""
3057
"The <application>tomcat6-admin</application> package contains two webapps "
3058
"that can be used to administer the Tomcat server using a web interface. You "
3059
"can install them by entering the following command in the terminal prompt:"
3060
msgstr ""
3061
3062
#: serverguide/C/web-servers.xml:1131(command)
3063
msgid "sudo apt-get install tomcat6-admin"
3064
msgstr ""
3065
3066
#: serverguide/C/web-servers.xml:1133(para)
3067
msgid ""
3068
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3069
"access by default at http://yourserver:8080/manager/html. It is primarily "
3070
"used to get server status and restart webapps."
3071
msgstr ""
3072
3073
#: serverguide/C/web-servers.xml:1136(para)
3074
msgid ""
3075
"Access to the <emphasis>manager</emphasis> application is protected by "
3076
"default: you need to define a user with the role \"manager\" in "
3077
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3078
msgstr ""
3079
3080
#: serverguide/C/web-servers.xml:1140(para)
3081
msgid ""
3082
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3083
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3084
"used to create virtual hosts dynamically."
3085
msgstr ""
3086
3087
#: serverguide/C/web-servers.xml:1144(para)
3088
msgid ""
3089
"Access to the <emphasis>host-manager</emphasis> application is also "
3090
"protected by default: you need to define a user with the role \"admin\" in "
3091
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3092
msgstr ""
3093
3094
#: serverguide/C/web-servers.xml:1149(para)
3095
msgid ""
3096
"For security reasons, the tomcat6 user cannot write to the "
3097
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3098
"these admin webapps (application deployment, virtual host creation) need "
3099
"write access to that directory. If you want to use these features execute "
3100
"the following, to give users in the tomcat6 group the necessary rights:"
3101
msgstr ""
3102
3103
#: serverguide/C/web-servers.xml:1156(command)
3104
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3105
msgstr ""
3106
3107
#: serverguide/C/web-servers.xml:1157(command)
3108
msgid "sudo chmod -R g+w /etc/tomcat6"
3109
msgstr ""
3110
3111
#: serverguide/C/web-servers.xml:1162(title)
3112
msgid "Tomcat examples webapps"
3113
msgstr ""
3114
3115
#: serverguide/C/web-servers.xml:1163(para)
3116
msgid ""
3117
"The <application>tomcat6-examples</application> package contains two webapps "
3118
"that can be used to test or demonstrate Servlets and JSP features, which you "
3119
"can access them by default at http://yourserver:8080/examples. You can "
3120
"install them by entering the following command in the terminal prompt:"
3121
msgstr ""
3122
3123
#: serverguide/C/web-servers.xml:1169(command)
3124
msgid "sudo apt-get install tomcat6-examples"
3125
msgstr ""
3126
3127
#: serverguide/C/web-servers.xml:1175(title)
3128
msgid "Using private instances"
3129
msgstr ""
3130
3131
#: serverguide/C/web-servers.xml:1176(para)
3132
msgid ""
3133
"Tomcat is heavily used in development and testing scenarios where using a "
3134
"single system-wide instance doesn't meet the requirements of multiple users "
3135
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3136
"help deploy your own user-oriented instances, allowing every user on a "
3137
"system to run (without root rights) separate private instances while still "
3138
"using the system-installed libraries."
3139
msgstr ""
3140
3141
#: serverguide/C/web-servers.xml:1183(para)
3142
msgid ""
3143
"It is possible to run the system-wide instance and the private instances in "
3144
"parallel, as long as they do not use the same TCP ports."
3145
msgstr ""
3146
3147
#: serverguide/C/web-servers.xml:1187(title)
3148
msgid "Installing private instance support"
3149
msgstr ""
3150
3151
#: serverguide/C/web-servers.xml:1188(para)
3152
msgid ""
3153
"You can install everything necessary to run private instances by entering "
3154
"the following command in the terminal prompt:"
3155
msgstr ""
3156
3157
#: serverguide/C/web-servers.xml:1191(command)
3158
msgid "sudo apt-get install tomcat6-user"
3159
msgstr ""
3160
3161
#: serverguide/C/web-servers.xml:1195(title)
3162
msgid "Creating a private instance"
3163
msgstr ""
3164
3165
#: serverguide/C/web-servers.xml:1196(para)
3166
msgid ""
3167
"You can create a private instance directory by entering the following "
3168
"command in the terminal prompt:"
3169
msgstr ""
3170
3171
#: serverguide/C/web-servers.xml:1199(command)
3172
msgid "tomcat6-instance-create my-instance"
3173
msgstr ""
3174
3175
#: serverguide/C/web-servers.xml:1201(para)
3176
msgid ""
3177
"This will create a new <filename>my-instance</filename> directory with all "
3178
"the necessary subdirectories and scripts. You can for example install your "
3179
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3180
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3181
"are deployed by default."
3182
msgstr ""
3183
3184
#: serverguide/C/web-servers.xml:1209(title)
3185
msgid "Configuring your private instance"
3186
msgstr ""
3187
3188
#: serverguide/C/web-servers.xml:1210(para)
3189
msgid ""
3190
"You will find the classic Tomcat configuration files for your private "
3191
"instance in the <filename>conf/</filename> subdirectory. You should for "
3192
"example certainly edit the <filename>conf/server.xml</filename> file to "
3193
"change the default ports used by your private Tomcat instance to avoid "
3194
"conflict with other instances that might be running."
3195
msgstr ""
3196
3197
#: serverguide/C/web-servers.xml:1218(title)
3198
msgid "Starting/stopping your private instance"
3199
msgstr ""
3200
3201
#: serverguide/C/web-servers.xml:1219(para)
3202
msgid ""
3203
"You can start your private instance by entering the following command in the "
3204
"terminal prompt (supposing your instance is located in the <filename>my-"
3205
"instance</filename> directory):"
3206
msgstr ""
3207
3208
#: serverguide/C/web-servers.xml:1223(command)
3209
msgid "my-instance/bin/startup.sh"
3210
msgstr ""
3211
3212
#: serverguide/C/web-servers.xml:1225(para)
3213
msgid ""
3214
"You should check the <filename>logs/</filename> subdirectory for any error. "
3215
"If you have a <emphasis>java.net.BindException: Address already in "
3216
"use<null>:8080</emphasis> error, it means that the port you're using "
3217
"is already taken and that you should change it."
3218
msgstr ""
3219
3220
#: serverguide/C/web-servers.xml:1230(para)
3221
msgid ""
3222
"You can stop your instance by entering the following command in the terminal "
3223
"prompt (supposing your instance is located in the <filename>my-"
3224
"instance</filename> directory):"
3225
msgstr ""
3226
3227
#: serverguide/C/web-servers.xml:1234(command)
3228
msgid "my-instance/bin/shutdown.sh"
3229
msgstr ""
3230
3231
#: serverguide/C/web-servers.xml:1243(para)
3232
msgid ""
3233
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3234
"website for more information."
3235
msgstr ""
3236
3237
#: serverguide/C/web-servers.xml:1248(para)
3238
msgid ""
3239
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3240
"Definitive Guide</ulink> is a good resource for building web applications "
3241
"with Tomcat."
3242
msgstr ""
3243
3244
#: serverguide/C/web-servers.xml:1254(para)
3245
msgid ""
3246
"For additional books see the <ulink "
3247
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3248
"page."
3249
msgstr ""
3250
3251
#: serverguide/C/web-servers.xml:1259(para)
3252
msgid ""
3253
"Also, see the<ulink "
3254
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3255
"Tomcat</ulink> page."
3256
msgstr ""
3257
3258
#: serverguide/C/vpn.xml:13(title)
3259
msgid "VPN"
3260
msgstr ""
3261
3262
#: serverguide/C/vpn.xml:15(para)
3263
msgid ""
3264
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3265
"network connection between two or more networks. There are several ways to "
3266
"create a VPN using software as well as dedicated hardware appliances. This "
3267
"chapter will cover installing and configuring "
3268
"<application>OpenVPN</application> to create a VPN between two servers."
3269
msgstr ""
3270
3271
#: serverguide/C/vpn.xml:23(title)
3272
msgid "OpenVPN"
3273
msgstr ""
3274
3275
#: serverguide/C/vpn.xml:25(para)
3276
msgid ""
3277
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3278
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3279
"clients through a bridge interface on the VPN server. This guide will assume "
3280
"that one VPN node, the server in this case, has a bridge interface "
3281
"configured. For more information on setting up a bridge see <xref "
3282
"linkend=\"bridging\"/>."
3283
msgstr ""
3284
3285
#: serverguide/C/vpn.xml:35(para)
3286
msgid "To install <application>openvpn</application> in a terminal enter:"
3287
msgstr ""
3288
3289
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3290
msgid "sudo apt-get install openvpn"
3291
msgstr ""
3292
3293
#: serverguide/C/vpn.xml:45(title)
3294
msgid "Server Certificates"
3295
msgstr ""
3296
3297
#: serverguide/C/vpn.xml:47(para)
3298
msgid ""
3299
"Now that the <application>openvpn</application> package is installed, the "
3300
"certificates for the VPN server need to be created."
3301
msgstr ""
3302
3303
#: serverguide/C/vpn.xml:52(para)
3304
msgid ""
3305
"First, copy the <filename>easy-rsa</filename> directory to "
3306
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3307
"scripts will not be lost when the package is updated. You will also need to "
3308
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3309
"the current user permission to create files. From a terminal enter:"
3310
msgstr ""
3311
3312
#: serverguide/C/vpn.xml:59(command)
3313
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3314
msgstr ""
3315
3316
#: serverguide/C/vpn.xml:60(command)
3317
msgid ""
3318
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3319
"rsa/"
3320
msgstr ""
3321
3322
#: serverguide/C/vpn.xml:61(command)
3323
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3324
msgstr ""
3325
3326
#: serverguide/C/vpn.xml:64(para)
3327
msgid ""
3328
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3329
"following to your environment:"
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:68(programlisting)
3333
#, no-wrap
3334
msgid ""
3335
"\n"
3336
"export KEY_COUNTRY=\"US\"\n"
3337
"export KEY_PROVINCE=\"NC\"\n"
3338
"export KEY_CITY=\"Winston-Salem\"\n"
3339
"export KEY_ORG=\"Example Company\"\n"
3340
"export KEY_EMAIL=\"steve@example.com\"\n"
3341
msgstr ""
3342
3343
#: serverguide/C/vpn.xml:76(para)
3344
msgid "Enter the following to create the server certificates:"
3345
msgstr ""
3346
3347
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3348
msgid "cd /etc/openvpn/easy-rsa/"
3349
msgstr ""
3350
3351
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3352
msgid "source vars"
3353
msgstr ""
3354
3355
#: serverguide/C/vpn.xml:83(command)
3356
msgid "./clean-all"
3357
msgstr ""
3358
3359
#: serverguide/C/vpn.xml:84(command)
3360
msgid "./build-dh"
3361
msgstr ""
3362
3363
#: serverguide/C/vpn.xml:85(command)
3364
msgid "./pkitool --initca"
3365
msgstr ""
3366
3367
#: serverguide/C/vpn.xml:86(command)
3368
msgid "./pkitool --server server"
3369
msgstr ""
3370
3371
#: serverguide/C/vpn.xml:87(command)
3372
msgid "cd keys"
3373
msgstr ""
3374
3375
#: serverguide/C/vpn.xml:88(command)
3376
msgid "openvpn --genkey --secret ta.key"
3377
msgstr ""
3378
3379
#: serverguide/C/vpn.xml:89(command)
3380
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3381
msgstr ""
3382
3383
#: serverguide/C/vpn.xml:94(title)
3384
msgid "Client Certificates"
3385
msgstr ""
3386
3387
#: serverguide/C/vpn.xml:96(para)
3388
msgid ""
3389
"The VPN client will also need a certificate to authenticate itself to the "
3390
"server. To create the certificate, enter the following in a terminal:"
3391
msgstr ""
3392
3393
#: serverguide/C/vpn.xml:104(command)
3394
msgid "./pkitool hostname"
3395
msgstr ""
3396
3397
#: serverguide/C/vpn.xml:108(para)
3398
msgid ""
3399
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3400
"machine connecting to the VPN."
3401
msgstr ""
3402
3403
#: serverguide/C/vpn.xml:113(para)
3404
msgid "Copy the following files to the client:"
3405
msgstr ""
3406
3407
#: serverguide/C/vpn.xml:118(para)
3408
msgid "/etc/openvpn/ca.crt"
3409
msgstr ""
3410
3411
#: serverguide/C/vpn.xml:119(para)
3412
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3413
msgstr ""
3414
3415
#: serverguide/C/vpn.xml:120(para)
3416
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3417
msgstr ""
3418
3419
#: serverguide/C/vpn.xml:121(para)
3420
msgid "/etc/openvpn/ta.key"
3421
msgstr ""
3422
3423
#: serverguide/C/vpn.xml:125(para)
3424
msgid ""
3425
"Remember to adjust the above file names for your client machine's "
3426
"<emphasis>hostname</emphasis>."
3427
msgstr ""
3428
3429
#: serverguide/C/vpn.xml:130(para)
3430
msgid ""
3431
"It is best to use a secure method to copy the certificate and key files. The "
3432
"<application>scp</application> utility is a good choice, but copying the "
3433
"files to removable media then to the client, also works well."
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3437
msgid "Server Configuration"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:143(para)
3441
msgid ""
3442
"Now configure the <application>openvpn</application> server by creating "
3443
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3444
"terminal enter:"
3445
msgstr ""
3446
3447
#: serverguide/C/vpn.xml:149(command)
3448
msgid ""
3449
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3450
"/etc/openvpn/"
3451
msgstr ""
3452
3453
#: serverguide/C/vpn.xml:150(command)
3454
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3455
msgstr ""
3456
3457
#: serverguide/C/vpn.xml:153(para)
3458
msgid ""
3459
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3460
"options to:"
3461
msgstr ""
3462
3463
#: serverguide/C/vpn.xml:157(programlisting)
3464
#, no-wrap
3465
msgid ""
3466
"\n"
3467
"local 172.18.100.101\n"
3468
"dev tap0\n"
3469
"up \"/etc/openvpn/up.sh br0\"\n"
3470
"down \"/etc/openvpn/down.sh br0\"\n"
3471
";server 10.8.0.0 255.255.255.0\n"
3472
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3473
"push \"route 172.18.100.1 255.255.255.0\"\n"
3474
"push \"dhcp-option DNS 172.18.100.20\"\n"
3475
"push \"dhcp-option DOMAIN example.com\"\n"
3476
"tls-auth ta.key 0 # This file is secret\n"
3477
"user nobody\n"
3478
"group nogroup\n"
3479
msgstr ""
3480
3481
#: serverguide/C/vpn.xml:174(para)
3482
msgid ""
3483
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3484
msgstr ""
3485
3486
#: serverguide/C/vpn.xml:179(para)
3487
msgid ""
3488
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3489
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3490
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3491
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3492
"to clients."
3493
msgstr ""
3494
3495
#: serverguide/C/vpn.xml:186(para)
3496
msgid ""
3497
"<emphasis>push</emphasis>: are directives to add networking options for "
3498
"clients."
3499
msgstr ""
3500
3501
#: serverguide/C/vpn.xml:191(para)
3502
msgid ""
3503
"<emphasis>user and group</emphasis>: configure which user and group the "
3504
"<application>openvpn</application> daemon executes as."
3505
msgstr ""
3506
3507
#: serverguide/C/vpn.xml:198(para)
3508
msgid ""
3509
"Replace all IP addresses and domain names above with those of your network."
3510
msgstr ""
3511
3512
#: serverguide/C/vpn.xml:203(para)
3513
msgid ""
3514
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3515
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3516
msgstr ""
3517
3518
#: serverguide/C/vpn.xml:207(programlisting)
3519
#, no-wrap
3520
msgid ""
3521
"\n"
3522
"#!/bin/sh\n"
3523
"\n"
3524
"BR=$1\n"
3525
"DEV=$2\n"
3526
"MTU=$3\n"
3527
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3528
"/usr/sbin/brctl addif $BR $DEV\n"
3529
msgstr ""
3530
3531
#: serverguide/C/vpn.xml:217(para)
3532
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3533
msgstr ""
3534
3535
#: serverguide/C/vpn.xml:221(programlisting)
3536
#, no-wrap
3537
msgid ""
3538
"\n"
3539
"#!/bin/sh\n"
3540
"\n"
3541
"BR=$1\n"
3542
"DEV=$2\n"
3543
"\n"
3544
"/usr/sbin/brctl delif $BR $DEV\n"
3545
"/sbin/ifconfig $DEV down\n"
3546
msgstr ""
3547
3548
#: serverguide/C/vpn.xml:231(para)
3549
msgid "Then make them executable:"
3550
msgstr ""
3551
3552
#: serverguide/C/vpn.xml:236(command)
3553
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3554
msgstr ""
3555
3556
#: serverguide/C/vpn.xml:237(command)
3557
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3558
msgstr ""
3559
3560
#: serverguide/C/vpn.xml:240(para)
3561
msgid ""
3562
"After configuring the server, restart <application>openvpn</application> by "
3563
"entering:"
3564
msgstr ""
3565
3566
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3567
msgid "sudo /etc/init.d/openvpn restart"
3568
msgstr ""
3569
3570
#: serverguide/C/vpn.xml:250(title)
3571
msgid "Client Configuration"
3572
msgstr ""
3573
3574
#: serverguide/C/vpn.xml:252(para)
3575
msgid "First, install <application>openvpn</application> on the client:"
3576
msgstr ""
3577
3578
#: serverguide/C/vpn.xml:260(para)
3579
msgid ""
3580
"Then with the server configured and the client certificates copied to the "
3581
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3582
"file by copying the example. In a terminal on the client machine enter:"
3583
msgstr ""
3584
3585
#: serverguide/C/vpn.xml:266(command)
3586
msgid ""
3587
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3588
"/etc/openvpn"
3589
msgstr ""
3590
3591
#: serverguide/C/vpn.xml:269(para)
3592
msgid ""
3593
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3594
"following options:"
3595
msgstr ""
3596
3597
#: serverguide/C/vpn.xml:273(programlisting)
3598
#, no-wrap
3599
msgid ""
3600
"\n"
3601
"dev tap\n"
3602
"remote vpn.example.com 1194\n"
3603
"cert hostname.crt\n"
3604
"key hostname.key\n"
3605
"tls-auth ta.key 1\n"
3606
msgstr ""
3607
3608
#: serverguide/C/vpn.xml:282(para)
3609
msgid ""
3610
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3611
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3612
"key filenames."
3613
msgstr ""
3614
3615
#: serverguide/C/vpn.xml:288(para)
3616
msgid "Finally, restart <application>openvpn</application>:"
3617
msgstr ""
3618
3619
#: serverguide/C/vpn.xml:296(para)
3620
msgid "You should now be able to connect to the remote LAN through the VPN."
3621
msgstr ""
3622
3623
#: serverguide/C/vpn.xml:307(para)
3624
msgid ""
3625
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3626
"additional information."
3627
msgstr ""
3628
3629
#: serverguide/C/vpn.xml:312(para)
3630
msgid ""
3631
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3632
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3633
msgstr ""
3634
3635
#: serverguide/C/vpn.xml:318(para)
3636
msgid ""
3637
"Another source of further information is the <ulink "
3638
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3639
"OpenVPN</ulink> page."
3640
msgstr ""
3641
3642
#: serverguide/C/virtualization.xml:13(title)
3643
msgid "Virtualization"
3644
msgstr ""
3645
3646
#: serverguide/C/virtualization.xml:14(para)
3647
msgid ""
3648
"Virtualization is being adopted in many different environments and "
3649
"situations. If you are a developer, virtualization can provide you with a "
3650
"contained environment where you can safely do almost any sort of development "
3651
"safe from messing up your main working environment. If you are a systems "
3652
"administrator, you can use virtualization to more easily separate your "
3653
"services and move them around based on demand."
3654
msgstr ""
3655
3656
#: serverguide/C/virtualization.xml:20(para)
3657
msgid ""
3658
"The default virtualization technology supported in Ubuntu is "
3659
"<application>KVM</application>, a technology that takes advantage of "
3660
"virtualization extensions built into Intel and AMD hardware. For hardware "
3661
"without virtualization extensions <application>Xen</application> and "
3662
"<application>Qemu</application> are popular solutions."
3663
msgstr ""
3664
3665
#: serverguide/C/virtualization.xml:27(title)
3666
msgid "libvirt"
3667
msgstr ""
3668
3669
#: serverguide/C/virtualization.xml:28(para)
3670
msgid ""
3671
"The <application>libvirt</application> library is used to interface with "
3672
"different virtualization technologies. Before getting started with "
3673
"<application>libvirt</application> it is best to make sure your hardware "
3674
"supports the necessary virtualization extensions for "
3675
"<application>KVM</application>. Enter the following from a terminal prompt:"
3676
msgstr ""
3677
3678
#: serverguide/C/virtualization.xml:35(command)
3679
msgid "kvm-ok"
3680
msgstr ""
3681
3682
#: serverguide/C/virtualization.xml:37(para)
3683
msgid ""
3684
"A message will be printed informing you if your CPU "
3685
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3686
"virtualization."
3687
msgstr ""
3688
3689
#: serverguide/C/virtualization.xml:41(para)
3690
msgid ""
3691
"On most computer whose processor supports virtualization, it is necessary to "
3692
"activate an option in the BIOS to enable it."
3693
msgstr ""
3694
3695
#: serverguide/C/virtualization.xml:47(title)
3696
msgid "Virtual Networking"
3697
msgstr ""
3698
3699
#: serverguide/C/virtualization.xml:49(para)
3700
msgid ""
3701
"There are a few different ways to allow a virtual machine access to the "
3702
"external network. The default virtual network configuration is "
3703
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3704
"traffic is NATed through the host interface to the outside network."
3705
msgstr ""
3706
3707
#: serverguide/C/virtualization.xml:54(para)
3708
msgid ""
3709
"To enable external hosts to directly access services on virtual machines a "
3710
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3711
"interfaces to connect to the outside network through the physical interface, "
3712
"making them appear as normal hosts to the rest of the network. For "
3713
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3714
msgstr ""
3715
3716
#: serverguide/C/virtualization.xml:63(para)
3717
msgid "To install the necessary packages, from a terminal prompt enter:"
3718
msgstr ""
3719
3720
#: serverguide/C/virtualization.xml:67(command)
3721
msgid "sudo apt-get install kvm libvirt-bin"
3722
msgstr ""
3723
3724
#: serverguide/C/virtualization.xml:69(para)
3725
msgid ""
3726
"After installing <application>libvirt-bin</application>, the user used to "
3727
"manage virtual machines will need to be added to the "
3728
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3729
"the advanced networking options."
3730
msgstr ""
3731
3732
#: serverguide/C/virtualization.xml:73(para)
3733
msgid "In a terminal enter:"
3734
msgstr ""
3735
3736
#: serverguide/C/virtualization.xml:77(command)
3737
msgid "sudo adduser $USER libvirtd"
3738
msgstr ""
3739
3740
#: serverguide/C/virtualization.xml:80(para)
3741
msgid ""
3742
"If the user chosen is the current user, you will need to log out and back in "
3743
"for the new group membership to take effect."
3744
msgstr ""
3745
3746
#: serverguide/C/virtualization.xml:84(para)
3747
msgid ""
3748
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3749
"Installing a virtual machine follows the same process as installing the "
3750
"operating system directly on the hardware. You either need a way to automate "
3751
"the installation, or a keyboard and monitor will need to be attached to the "
3752
"physical machine."
3753
msgstr ""
3754
3755
#: serverguide/C/virtualization.xml:89(para)
3756
msgid ""
3757
"In the case of virtual machines a Graphical User Interface (GUI) is "
3758
"analogous to using a physical keyboard and mouse. Instead of installing a "
3759
"GUI the <application>virt-viewer</application> application can be used to "
3760
"connect to a virtual machine's console using <application>VNC</application>. "
3761
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3762
msgstr ""
3763
3764
#: serverguide/C/virtualization.xml:94(para)
3765
msgid ""
3766
"There are several ways to automate the Ubuntu installation process, for "
3767
"example using preseeds, kickstart, etc. Refer to the <ulink "
3768
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3769
"Installation Guide</ulink> for details."
3770
msgstr ""
3771
3772
#: serverguide/C/virtualization.xml:98(para)
3773
msgid ""
3774
"Yet another way to install an Ubuntu virtual machine is to use "
3775
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3776
"builder</application> allows you to setup advanced partitions, execute "
3777
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3778
"vmbuilder\"/>"
3779
msgstr ""
3780
3781
#: serverguide/C/virtualization.xml:104(title)
3782
msgid "virt-install"
3783
msgstr ""
3784
3785
#: serverguide/C/virtualization.xml:105(para)
3786
msgid ""
3787
"<application>virt-install</application> is part of the <application>python-"
3788
"virtinst</application> package. To install it, from a terminal prompt enter:"
3789
msgstr ""
3790
3791
#: serverguide/C/virtualization.xml:109(command)
3792
msgid "sudo apt-get install python-virtinst"
3793
msgstr ""
3794
3795
#: serverguide/C/virtualization.xml:111(para)
3796
msgid ""
3797
"There are several options available when using <application>virt-"
3798
"install</application>. For example:"
3799
msgstr ""
3800
3801
#: serverguide/C/virtualization.xml:115(command)
3802
msgid ""
3803
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3804
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3805
msgstr ""
3806
3807
#: serverguide/C/virtualization.xml:122(para)
3808
msgid ""
3809
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3810
"be <emphasis>web_devel</emphasis> in this example."
3811
msgstr ""
3812
3813
#: serverguide/C/virtualization.xml:127(para)
3814
msgid ""
3815
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3816
"machine will use."
3817
msgstr ""
3818
3819
#: serverguide/C/virtualization.xml:132(para)
3820
msgid ""
3821
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3822
"disk which can be a file, partition, or logical volume. In this example a "
3823
"file named <filename>web_devel.img</filename>."
3824
msgstr ""
3825
3826
#: serverguide/C/virtualization.xml:138(para)
3827
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3828
msgstr ""
3829
3830
#: serverguide/C/virtualization.xml:143(para)
3831
msgid ""
3832
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3833
"file can be either an ISO file or the path to the host's CDROM device."
3834
msgstr ""
3835
3836
#: serverguide/C/virtualization.xml:149(para)
3837
msgid ""
3838
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3839
"technologies."
3840
msgstr ""
3841
3842
#: serverguide/C/virtualization.xml:154(para)
3843
msgid ""
3844
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3845
msgstr ""
3846
3847
#: serverguide/C/virtualization.xml:159(para)
3848
msgid ""
3849
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3850
"virtual machine's console."
3851
msgstr ""
3852
3853
#: serverguide/C/virtualization.xml:164(para)
3854
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3855
msgstr ""
3856
3857
#: serverguide/C/virtualization.xml:169(para)
3858
msgid ""
3859
"After launching <application>virt-install</application> you can connect to "
3860
"the virtual machine's console either locally using a GUI or with the "
3861
"<application>virt-viewer</application> utility."
3862
msgstr ""
3863
3864
#: serverguide/C/virtualization.xml:175(title)
3865
msgid "virt-clone"
3866
msgstr ""
3867
3868
#: serverguide/C/virtualization.xml:176(para)
3869
msgid ""
3870
"The <application>virt-clone</application> application can be used to copy "
3871
"one virtual machine to another. For example:"
3872
msgstr ""
3873
3874
#: serverguide/C/virtualization.xml:180(command)
3875
msgid ""
3876
"sudo virt-clone -o web_devel -n database_devel -f "
3877
"/path/to/database_devel.img --connect=qemu:///system"
3878
msgstr ""
3879
3880
#: serverguide/C/virtualization.xml:184(para)
3881
msgid "<emphasis>-o:</emphasis> original virtual machine."
3882
msgstr ""
3883
3884
#: serverguide/C/virtualization.xml:189(para)
3885
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3886
msgstr ""
3887
3888
#: serverguide/C/virtualization.xml:194(para)
3889
msgid ""
3890
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3891
"be used by the new virtual machine."
3892
msgstr ""
3893
3894
#: serverguide/C/virtualization.xml:199(para)
3895
msgid ""
3896
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3897
msgstr ""
3898
3899
#: serverguide/C/virtualization.xml:204(para)
3900
msgid ""
3901
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3902
"help troubleshoot problems with <application>virt-clone</application>."
3903
msgstr ""
3904
3905
#: serverguide/C/virtualization.xml:209(para)
3906
msgid ""
3907
"Replace <emphasis>web_devel</emphasis> and "
3908
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3909
msgstr ""
3910
3911
#: serverguide/C/virtualization.xml:215(title)
3912
msgid "Virtual Machine Management"
3913
msgstr ""
3914
3915
#: serverguide/C/virtualization.xml:217(title)
3916
msgid "virsh"
3917
msgstr ""
3918
3919
#: serverguide/C/virtualization.xml:218(para)
3920
msgid ""
3921
"There are several utilities available to manage virtual machines and "
3922
"<application>libvirt</application>. The <application>virsh</application> "
3923
"utility can be used from the command line. Some examples:"
3924
msgstr ""
3925
3926
#: serverguide/C/virtualization.xml:224(para)
3927
msgid "To list running virtual machines:"
3928
msgstr ""
3929
3930
#: serverguide/C/virtualization.xml:228(command)
3931
msgid "virsh -c qemu:///system list"
3932
msgstr ""
3933
3934
#: serverguide/C/virtualization.xml:232(para)
3935
msgid "To start a virtual machine:"
3936
msgstr ""
3937
3938
#: serverguide/C/virtualization.xml:236(command)
3939
msgid "virsh -c qemu:///system start web_devel"
3940
msgstr ""
3941
3942
#: serverguide/C/virtualization.xml:240(para)
3943
msgid "Similarly, to start a virtual machine at boot:"
3944
msgstr ""
3945
3946
#: serverguide/C/virtualization.xml:244(command)
3947
msgid "virsh -c qemu:///system autostart web_devel"
3948
msgstr ""
3949
3950
#: serverguide/C/virtualization.xml:248(para)
3951
msgid "Reboot a virtual machine with:"
3952
msgstr ""
3953
3954
#: serverguide/C/virtualization.xml:252(command)
3955
msgid "virsh -c qemu:///system reboot web_devel"
3956
msgstr ""
3957
3958
#: serverguide/C/virtualization.xml:256(para)
3959
msgid ""
3960
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3961
"order to be restored later. The following will save the virtual machine "
3962
"state into a file named according to the date:"
3963
msgstr ""
3964
3965
#: serverguide/C/virtualization.xml:261(command)
3966
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3967
msgstr ""
3968
3969
#: serverguide/C/virtualization.xml:263(para)
3970
msgid "Once saved the virtual machine will no longer be running."
3971
msgstr ""
3972
3973
#: serverguide/C/virtualization.xml:268(para)
3974
msgid "A saved virtual machine can be restored using:"
3975
msgstr ""
3976
3977
#: serverguide/C/virtualization.xml:272(command)
3978
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3979
msgstr ""
3980
3981
#: serverguide/C/virtualization.xml:276(para)
3982
msgid "To shutdown a virtual machine do:"
3983
msgstr ""
3984
3985
#: serverguide/C/virtualization.xml:280(command)
3986
msgid "virsh -c qemu:///system shutdown web_devel"
3987
msgstr ""
3988
3989
#: serverguide/C/virtualization.xml:284(para)
3990
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3991
msgstr ""
3992
3993
#: serverguide/C/virtualization.xml:288(command)
3994
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3995
msgstr ""
3996
3997
#: serverguide/C/virtualization.xml:293(para)
3998
msgid ""
3999
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4000
"appropriate virtual machine name, and <filename>web_devel-"
4001
"022708.state</filename> with a descriptive file name."
4002
msgstr ""
4003
4004
#: serverguide/C/virtualization.xml:300(title)
4005
msgid "Virtual Machine Manager"
4006
msgstr ""
4007
4008
#: serverguide/C/virtualization.xml:301(para)
4009
msgid ""
4010
"The <application>virt-manager</application> package contains a graphical "
4011
"utility to manage local and remote virtual machines. To install virt-manager "
4012
"enter:"
4013
msgstr ""
4014
4015
#: serverguide/C/virtualization.xml:306(command)
4016
msgid "sudo apt-get install virt-manager"
4017
msgstr ""
4018
4019
#: serverguide/C/virtualization.xml:308(para)
4020
msgid ""
4021
"Since <application>virt-manager</application> requires a Graphical User "
4022
"Interface (GUI) environment it is recommended to be installed on a "
4023
"workstation or test machine instead of a production server. To connect to "
4024
"the local <application>libvirt</application> service enter:"
4025
msgstr ""
4026
4027
#: serverguide/C/virtualization.xml:314(command)
4028
msgid "virt-manager -c qemu:///system"
4029
msgstr ""
4030
4031
#: serverguide/C/virtualization.xml:316(para)
4032
msgid ""
4033
"You can connect to the <application>libvirt</application> service running on "
4034
"another host by entering the following in a terminal prompt:"
4035
msgstr ""
4036
4037
#: serverguide/C/virtualization.xml:320(command)
4038
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4039
msgstr ""
4040
4041
#: serverguide/C/virtualization.xml:323(para)
4042
msgid ""
4043
"The above example assumes that <application>SSH</application> connectivity "
4044
"between the management system and virtnode1.mydomain.com has already been "
4045
"configured, and uses SSH keys for authentication. SSH "
4046
"<emphasis>keys</emphasis> are needed because "
4047
"<application>libvirt</application> sends the password prompt to another "
4048
"process. For details on configuring <application>SSH</application> see <xref "
4049
"linkend=\"openssh-server\"/>"
4050
msgstr ""
4051
4052
#: serverguide/C/virtualization.xml:333(title)
4053
msgid "Virtual Machine Viewer"
4054
msgstr ""
4055
4056
#: serverguide/C/virtualization.xml:334(para)
4057
msgid ""
4058
"The <application>virt-viewer</application> application allows you to connect "
4059
"to a virtual machine's console. <application>virt-viewer</application> does "
4060
"require a Graphical User Interface (GUI) to interface with the virtual "
4061
"machine."
4062
msgstr ""
4063
4064
#: serverguide/C/virtualization.xml:338(para)
4065
msgid ""
4066
"To install <application>virt-viewer</application> from a terminal enter:"
4067
msgstr ""
4068
4069
#: serverguide/C/virtualization.xml:342(command)
4070
msgid "sudo apt-get install virt-viewer"
4071
msgstr ""
4072
4073
#: serverguide/C/virtualization.xml:344(para)
4074
msgid ""
4075
"Once a virtual machine is installed and running you can connect to the "
4076
"virtual machine's console by using:"
4077
msgstr ""
4078
4079
#: serverguide/C/virtualization.xml:348(command)
4080
msgid "virt-viewer -c qemu:///system web_devel"
4081
msgstr ""
4082
4083
#: serverguide/C/virtualization.xml:350(para)
4084
msgid ""
4085
"Similar to <application>virt-manager</application>, <application>virt-"
4086
"viewer</application> can connect to a remote host using "
4087
"<emphasis>SSH</emphasis> with key authentication, as well:"
4088
msgstr ""
4089
4090
#: serverguide/C/virtualization.xml:355(command)
4091
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4092
msgstr ""
4093
4094
#: serverguide/C/virtualization.xml:357(para)
4095
msgid ""
4096
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4097
"appropriate virtual machine name."
4098
msgstr ""
4099
4100
#: serverguide/C/virtualization.xml:360(para)
4101
msgid ""
4102
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4103
"can also setup <application>SSH</application> access to the virtual machine. "
4104
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4105
"more details."
4106
msgstr ""
4107
4108
#: serverguide/C/virtualization.xml:369(para)
4109
msgid ""
4110
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4111
"for more details."
4112
msgstr ""
4113
4114
#: serverguide/C/virtualization.xml:374(para)
4115
msgid ""
4116
"For more information on <application>libvirt</application> see the <ulink "
4117
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4118
msgstr ""
4119
4120
#: serverguide/C/virtualization.xml:379(para)
4121
msgid ""
4122
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4123
"Manager</ulink> site has more information on <application>virt-"
4124
"manager</application> development."
4125
msgstr ""
4126
4127
#: serverguide/C/virtualization.xml:385(para)
4128
msgid ""
4129
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4130
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4131
"technology in Ubuntu."
4132
msgstr ""
4133
4134
#: serverguide/C/virtualization.xml:391(para)
4135
msgid ""
4136
"Another good resource is the <ulink "
4137
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4138
msgstr ""
4139
4140
#: serverguide/C/virtualization.xml:399(title)
4141
msgid "JeOS and vmbuilder"
4142
msgstr ""
4143
4144
#: serverguide/C/virtualization.xml:405(title)
4145
msgid "What is JeOS"
4146
msgstr ""
4147
4148
#: serverguide/C/virtualization.xml:407(para)
4149
msgid ""
4150
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4151
"variant of the Ubuntu Server operating system, configured specifically for "
4152
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4153
"only as an option either:"
4154
msgstr ""
4155
4156
#: serverguide/C/virtualization.xml:414(para)
4157
msgid ""
4158
"While installing from the Server Edition ISO (pressing "
4159
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4160
"installation\", which is the package selection equivalent to JeOS)."
4161
msgstr ""
4162
4163
#: serverguide/C/virtualization.xml:420(para)
4164
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4165
msgstr ""
4166
4167
#: serverguide/C/virtualization.xml:426(para)
4168
msgid ""
4169
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4170
"kernel that only contains the base elements needed to run within a "
4171
"virtualized environment."
4172
msgstr ""
4173
4174
#: serverguide/C/virtualization.xml:431(para)
4175
msgid ""
4176
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4177
"in the latest virtualization products from VMware. This combination of "
4178
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4179
"delivers a highly efficient use of server resources in large virtual "
4180
"deployments."
4181
msgstr ""
4182
4183
#: serverguide/C/virtualization.xml:437(para)
4184
msgid ""
4185
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4186
"can configure their supporting OS exactly as they require. They have the "
4187
"peace of mind that updates, whether for security or enhancement reasons, "
4188
"will be limited to the bare minimum of what is required in their specific "
4189
"environment. In turn, users deploying virtual appliances built on top of "
4190
"JeOS will have to go through fewer updates and therefore less maintenance "
4191
"than they would have had to with a standard full installation of a server."
4192
msgstr ""
4193
4194
#: serverguide/C/virtualization.xml:446(title)
4195
msgid "What is vmbuilder"
4196
msgstr ""
4197
4198
#: serverguide/C/virtualization.xml:448(para)
4199
msgid ""
4200
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4201
"will fetch the various package and build a virtual machine tailored for your "
4202
"needs in about a minute. vmbuilder is a script that automates the process of "
4203
"creating a ready to use Linux based VM. The currently supported hypervisors "
4204
"are KVM and Xen."
4205
msgstr ""
4206
4207
#: serverguide/C/virtualization.xml:454(para)
4208
msgid ""
4209
"You can pass command line options to add extra packages, remove packages, "
4210
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4211
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4212
"a local mirror, you can bootstrap a VM in less than a minute."
4213
msgstr ""
4214
4215
#: serverguide/C/virtualization.xml:460(para)
4216
msgid ""
4217
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4218
"vm-builder</application> started with little emphasis as a hack to help "
4219
"developers test their new code in a virtual machine without having to "
4220
"restart from scratch each time. As a few Ubuntu administrators started to "
4221
"notice this script, a few of them went on improving it and adapting it for "
4222
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4223
"virtualization specialist, not the golf player) decided to rewrite it from "
4224
"scratch for Intrepid as a python script with a few new design goals:"
4225
msgstr ""
4226
4227
#: serverguide/C/virtualization.xml:470(para)
4228
msgid "Develop it so that it can be reused by other distributions."
4229
msgstr ""
4230
4231
#: serverguide/C/virtualization.xml:475(para)
4232
msgid ""
4233
"Use a plugin mechanisms for all virtualization interactions so that others "
4234
"can easily add logic for other virtualization environments."
4235
msgstr ""
4236
4237
#: serverguide/C/virtualization.xml:480(para)
4238
msgid ""
4239
"Provide an easy to maintain web interface as an option to the command line "
4240
"interface."
4241
msgstr ""
4242
4243
#: serverguide/C/virtualization.xml:486(para)
4244
msgid "But the general principles and commands remain the same."
4245
msgstr ""
4246
4247
#: serverguide/C/virtualization.xml:493(title)
4248
msgid "Initial Setup"
4249
msgstr ""
4250
4251
#: serverguide/C/virtualization.xml:495(para)
4252
msgid ""
4253
"It is assumed that you have installed and configured "
4254
"<application>libvirt</application> and <application>KVM</application> "
4255
"locally on the machine you are using. For details on how to perform this, "
4256
"please refer to:"
4257
msgstr ""
4258
4259
#: serverguide/C/virtualization.xml:507(para)
4260
msgid ""
4261
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4262
"page."
4263
msgstr ""
4264
4265
#: serverguide/C/virtualization.xml:513(para)
4266
msgid ""
4267
"We also assume that you know how to use a text based text editor such as "
4268
"nano or vi. If you have not used any of them before, you can get an overview "
4269
"of the various text editors available by reading the <ulink "
4270
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4271
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4272
"principle should remain on other virtualization technologies."
4273
msgstr ""
4274
4275
#: serverguide/C/virtualization.xml:521(title)
4276
msgid "Install vmbuilder"
4277
msgstr ""
4278
4279
#: serverguide/C/virtualization.xml:523(para)
4280
msgid ""
4281
"The name of the package that we need to install is <application>python-vm-"
4282
"builder</application>. In a terminal prompt enter:"
4283
msgstr ""
4284
4285
#: serverguide/C/virtualization.xml:528(command)
4286
msgid "sudo apt-get install python-vm-builder"
4287
msgstr ""
4288
4289
#: serverguide/C/virtualization.xml:532(para)
4290
msgid ""
4291
"If you are running Hardy, you can still perform most of this using the older "
4292
"version of the package named <application>ubuntu-vm-builder</application>, "
4293
"there are only a few changes to the syntax of the tool."
4294
msgstr ""
4295
4296
#: serverguide/C/virtualization.xml:541(title)
4297
msgid "Defining Your Virtual Machine"
4298
msgstr ""
4299
4300
#: serverguide/C/virtualization.xml:543(para)
4301
msgid ""
4302
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4303
"are a few thing to consider:"
4304
msgstr ""
4305
4306
#: serverguide/C/virtualization.xml:549(para)
4307
msgid ""
4308
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4309
"will know how to extend disk size to fit their need, so either plan for a "
4310
"large virtual disk to allow for your appliance to grow, or explain fairly "
4311
"well in your documentation how to allocate more space. It might actually be "
4312
"a good idea to store data on some separate external storage."
4313
msgstr ""
4314
4315
#: serverguide/C/virtualization.xml:556(para)
4316
msgid ""
4317
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4318
"whatever you think is a safe minimum for your appliance."
4319
msgstr ""
4320
4321
#: serverguide/C/virtualization.xml:562(para)
4322
msgid ""
4323
"The <application>vmbuilder</application> command has 2 main parameters: the "
4324
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4325
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4326
"and can be found using the following command:"
4327
msgstr ""
4328
4329
#: serverguide/C/virtualization.xml:568(command)
4330
msgid "vmbuilder --help"
4331
msgstr ""
4332
4333
#: serverguide/C/virtualization.xml:572(title)
4334
msgid "Base Parameters"
4335
msgstr ""
4336
4337
#: serverguide/C/virtualization.xml:574(para)
4338
msgid ""
4339
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4340
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4341
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:580(command)
4345
msgid ""
4346
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4347
"-libvirt qemu:///system"
4348
msgstr ""
4349
4350
#: serverguide/C/virtualization.xml:583(para)
4351
msgid ""
4352
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4353
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4354
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4355
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4356
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4357
"libvirt</emphasis> tells to inform the local virtualization environment to "
4358
"add the resulting VM to the list of available machines."
4359
msgstr ""
4360
4361
#: serverguide/C/virtualization.xml:591(para)
4362
msgid "Notes:"
4363
msgstr ""
4364
4365
#: serverguide/C/virtualization.xml:597(para)
4366
msgid ""
4367
"Because of the nature of operations performed by vmbuilder, it needs to have "
4368
"root privilege, hence the use of sudo."
4369
msgstr ""
4370
4371
#: serverguide/C/virtualization.xml:602(para)
4372
msgid ""
4373
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4374
"a 64 bit machine (--arch amd64)."
4375
msgstr ""
4376
4377
#: serverguide/C/virtualization.xml:607(para)
4378
msgid ""
4379
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4380
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4381
"use <emphasis>--flavour</emphasis> server instead."
4382
msgstr ""
4383
4384
#: serverguide/C/virtualization.xml:615(title)
4385
msgid "JeOS Installation Parameters"
4386
msgstr ""
4387
4388
#: serverguide/C/virtualization.xml:618(title)
4389
msgid "JeOS Networking"
4390
msgstr ""
4391
4392
#: serverguide/C/virtualization.xml:621(title)
4393
msgid "Assigning a fixed IP address"
4394
msgstr ""
4395
4396
#: serverguide/C/virtualization.xml:623(para)
4397
msgid ""
4398
"As a virtual appliance that may be deployed on various very different "
4399
"networks, it is very difficult to know what the actual network will look "
4400
"like. In order to simplify configuration, it is a good idea to take an "
4401
"approach similar to what network hardware vendors usually do, namely "
4402
"assigning an initial fixed IP address to the appliance in a private class "
4403
"network that you will provide in your documentation. An address in the range "
4404
"192.168.0.0/255 is usually a good choice."
4405
msgstr ""
4406
4407
#: serverguide/C/virtualization.xml:630(para)
4408
msgid "To do this we'll use the following parameters:"
4409
msgstr ""
4410
4411
#: serverguide/C/virtualization.xml:636(para)
4412
msgid ""
4413
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4414
"dhcp if not specified)"
4415
msgstr ""
4416
4417
#: serverguide/C/virtualization.xml:641(para)
4418
msgid ""
4419
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4420
"255.255.255.0)"
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:646(para)
4424
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4425
msgstr ""
4426
4427
#: serverguide/C/virtualization.xml:651(para)
4428
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4429
msgstr ""
4430
4431
#: serverguide/C/virtualization.xml:656(para)
4432
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4433
msgstr ""
4434
4435
#: serverguide/C/virtualization.xml:661(para)
4436
msgid ""
4437
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4438
msgstr ""
4439
4440
#: serverguide/C/virtualization.xml:667(para)
4441
msgid ""
4442
"We assume for now that default values are good enough, so the resulting "
4443
"invocation becomes:"
4444
msgstr ""
4445
4446
#: serverguide/C/virtualization.xml:672(command)
4447
msgid ""
4448
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4449
"-libvirt qemu:///system --ip 192.168.0.100"
4450
msgstr ""
4451
4452
#: serverguide/C/virtualization.xml:677(title)
4453
msgid "Modifying the libvirt Template to use Bridging"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:679(para)
4457
msgid ""
4458
"Because our appliance will be likely to need to be accessed by remote hosts, "
4459
"we need to configure libvirt so that the appliance uses bridge networking. "
4460
"To do this we use vmbuilder template mechanism to modify the default one."
4461
msgstr ""
4462
4463
#: serverguide/C/virtualization.xml:684(para)
4464
msgid ""
4465
"In our working directory we create the template hierarchy and copy the "
4466
"default template:"
4467
msgstr ""
4468
4469
#: serverguide/C/virtualization.xml:689(command)
4470
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4471
msgstr ""
4472
4473
#: serverguide/C/virtualization.xml:690(command)
4474
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4475
msgstr ""
4476
4477
#: serverguide/C/virtualization.xml:693(para)
4478
msgid ""
4479
"We can then edit "
4480
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4481
"change:"
4482
msgstr ""
4483
4484
#: serverguide/C/virtualization.xml:697(programlisting)
4485
#, no-wrap
4486
msgid ""
4487
"\n"
4488
" <interface type='network'>\n"
4489
" <source network='default'/>\n"
4490
" </interface>\n"
4491
msgstr ""
4492
4493
#: serverguide/C/virtualization.xml:703(para)
4494
msgid "To:"
4495
msgstr ""
4496
4497
#: serverguide/C/virtualization.xml:707(programlisting)
4498
#, no-wrap
4499
msgid ""
4500
"\n"
4501
" <interface type='bridge'>\n"
4502
" <source bridge='br0'/>\n"
4503
" </interface>\n"
4504
msgstr ""
4505
4506
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4507
msgid "Partitioning"
4508
msgstr ""
4509
4510
#: serverguide/C/virtualization.xml:719(para)
4511
msgid ""
4512
"Partitioning of the virtual appliance will have to take into consideration "
4513
"what you are planning to do with is. Because most appliances want to have a "
4514
"separate storage for data, having a separate <filename>/var</filename> would "
4515
"make sense."
4516
msgstr ""
4517
4518
#: serverguide/C/virtualization.xml:724(para)
4519
msgid ""
4520
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4521
msgstr ""
4522
4523
#: serverguide/C/virtualization.xml:728(programlisting)
4524
#, no-wrap
4525
msgid ""
4526
"\n"
4527
"--part PATH\n"
4528
" Allows you to specify a partition table in a partition file, located at "
4529
"PATH. Each line of the partition file should specify\n"
4530
" (root first):\n"
4531
" mountpoint size\n"
4532
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4533
"disk starts on a\n"
4534
" line with ’---’. ie :\n"
4535
" root 1000\n"
4536
" /opt 1000\n"
4537
" swap 256\n"
4538
" ---\n"
4539
" /var 2000\n"
4540
" /log 1500\n"
4541
msgstr ""
4542
4543
#: serverguide/C/virtualization.xml:743(para)
4544
msgid ""
4545
"In our case we will define a text file name "
4546
"<filename>vmbuilder.partition</filename> which will contain the following:"
4547
msgstr ""
4548
4549
#: serverguide/C/virtualization.xml:747(programlisting)
4550
#, no-wrap
4551
msgid ""
4552
"\n"
4553
"root 8000\n"
4554
"swap 4000\n"
4555
"---\n"
4556
"/var 20000\n"
4557
msgstr ""
4558
4559
#: serverguide/C/virtualization.xml:755(para)
4560
msgid ""
4561
"Note that as we are using virtual disk images, the actual sizes that we put "
4562
"here are maximum sizes for these volumes."
4563
msgstr ""
4564
4565
#: serverguide/C/virtualization.xml:760(para)
4566
msgid "Our command line now looks like:"
4567
msgstr ""
4568
4569
#: serverguide/C/virtualization.xml:765(command)
4570
msgid ""
4571
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4572
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4573
msgstr ""
4574
4575
#: serverguide/C/virtualization.xml:770(para)
4576
msgid ""
4577
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4578
"next line."
4579
msgstr ""
4580
4581
#: serverguide/C/virtualization.xml:777(title)
4582
msgid "User and Password"
4583
msgstr ""
4584
4585
#: serverguide/C/virtualization.xml:779(para)
4586
msgid ""
4587
"Again setting up a virtual appliance, you will need to provide a default "
4588
"user and password that is generic so that you can include it in your "
4589
"documentation. We will see later on in this tutorial how we will provide "
4590
"some security by defining a script that will be run the first time a user "
4591
"actually logs in the appliance, that will, among other things, ask him to "
4592
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4593
"as my user name, and <emphasis>'default'</emphasis> as the password."
4594
msgstr ""
4595
4596
#: serverguide/C/virtualization.xml:787(para)
4597
msgid "To do this we use the following optional parameters:"
4598
msgstr ""
4599
4600
#: serverguide/C/virtualization.xml:793(para)
4601
msgid ""
4602
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4603
"Default: ubuntu."
4604
msgstr ""
4605
4606
#: serverguide/C/virtualization.xml:798(para)
4607
msgid ""
4608
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4609
"added. Default: Ubuntu."
4610
msgstr ""
4611
4612
#: serverguide/C/virtualization.xml:803(para)
4613
msgid ""
4614
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4615
"Default: ubuntu."
4616
msgstr ""
4617
4618
#: serverguide/C/virtualization.xml:809(para)
4619
msgid "Our resulting command line becomes:"
4620
msgstr ""
4621
4622
#: serverguide/C/virtualization.xml:814(command)
4623
msgid ""
4624
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4625
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4626
"-user user --name user --pass default"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:822(title)
4630
msgid "Installing Required Packages"
4631
msgstr ""
4632
4633
#: serverguide/C/virtualization.xml:824(para)
4634
msgid ""
4635
"In this example we will be installing a package "
4636
"<application>(Limesurvey)</application> that accesses a "
4637
"<application>MySQL</application> database and has a web interface. We will "
4638
"therefore require our OS to provide us with:"
4639
msgstr ""
4640
4641
#: serverguide/C/virtualization.xml:831(para)
4642
msgid "Apache"
4643
msgstr ""
4644
4645
#: serverguide/C/virtualization.xml:832(para)
4646
msgid "PHP"
4647
msgstr ""
4648
4649
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4650
msgid "MySQL"
4651
msgstr ""
4652
4653
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4654
msgid "OpenSSH Server"
4655
msgstr ""
4656
4657
#: serverguide/C/virtualization.xml:835(para)
4658
msgid "Limesurvey (as an example application that we have packaged)"
4659
msgstr ""
4660
4661
#: serverguide/C/virtualization.xml:838(para)
4662
msgid ""
4663
"This is done using vmbuilder by specifying the --addpkg option multiple "
4664
"times:"
4665
msgstr ""
4666
4667
#: serverguide/C/virtualization.xml:842(programlisting)
4668
#, no-wrap
4669
msgid ""
4670
"\n"
4671
"--addpkg PKG\n"
4672
" Install PKG into the guest (can be specfied multiple times)\n"
4673
msgstr ""
4674
4675
#: serverguide/C/virtualization.xml:847(para)
4676
msgid ""
4677
"However, due to the way vmbuilder operates, packages that have to ask "
4678
"questions to the user during the post install phase are not supported and "
4679
"should instead be installed while interactivity can occur. This is the case "
4680
"of Limesurvey, which we will have to install later, once the user logs in."
4681
msgstr ""
4682
4683
#: serverguide/C/virtualization.xml:853(para)
4684
msgid ""
4685
"Other packages that ask simple debconf question, such as <application>mysql-"
4686
"server</application> asking to set a password, the package can be installed "
4687
"immediately, but we will have to reconfigure it the first time the user logs "
4688
"in."
4689
msgstr ""
4690
4691
#: serverguide/C/virtualization.xml:859(para)
4692
msgid ""
4693
"If some packages that we need to install are not in main, we need to enable "
4694
"the additional repositories using --comp and --ppa:"
4695
msgstr ""
4696
4697
#: serverguide/C/virtualization.xml:863(programlisting)
4698
#, no-wrap
4699
msgid ""
4700
"\n"
4701
"--components COMP1,COMP2,...,COMPN\n"
4702
" A comma separated list of distro components to include (e.g. "
4703
"main,universe). This defaults\n"
4704
" to \"main\"\n"
4705
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4706
msgstr ""
4707
4708
#: serverguide/C/virtualization.xml:870(para)
4709
msgid ""
4710
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4711
"PPA (personal package archive) address so that it is added to the VM "
4712
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4713
"to the command line:"
4714
msgstr ""
4715
4716
#: serverguide/C/virtualization.xml:876(command)
4717
msgid ""
4718
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4719
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4720
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4721
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4722
"server --ppa nijaba"
4723
msgstr ""
4724
4725
#: serverguide/C/virtualization.xml:883(title)
4726
msgid "OpenSSH"
4727
msgstr ""
4728
4729
#: serverguide/C/virtualization.xml:885(para)
4730
msgid ""
4731
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4732
"it will allow our admins to access the appliance remotely. However, pushing "
4733
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4734
"security risk as all these server will share the same secret key, making it "
4735
"very easy for hackers to target our appliance with all the tools they need "
4736
"to crack it open in a breeze. As for the user password, we will instead rely "
4737
"on a script that will install OpenSSH the first time a user logs in so that "
4738
"the key generated will be different for each appliance. For this we'll use a "
4739
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4740
"interaction."
4741
msgstr ""
4742
4743
#: serverguide/C/virtualization.xml:897(title)
4744
msgid "Speed Considerations"
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:900(title)
4748
msgid "Package Caching"
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:902(para)
4752
msgid ""
4753
"When vmbuilder creates builds your system, it has to go fetch each one of "
4754
"the packages that composes it over the network to one of the official "
4755
"repositories, which, depending on your internet connection speed and the "
4756
"load of the mirror, can have a big impact on the actual build time. In order "
4757
"to reduce this, it is recommended to either have a local repository (which "
4758
"can be created using <application>apt-mirror</application>) or using a "
4759
"caching proxy such as <application>apt-proxy</application>. The later option "
4760
"being much simpler to implement and requiring less disk space, it is the one "
4761
"we will pick in this tutorial. To install it, simply type:"
4762
msgstr ""
4763
4764
#: serverguide/C/virtualization.xml:912(command)
4765
msgid "sudo apt-get install apt-proxy"
4766
msgstr ""
4767
4768
#: serverguide/C/virtualization.xml:915(para)
4769
msgid ""
4770
"Once this is complete, your (empty) proxy is ready for use on "
4771
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4772
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4773
"option:"
4774
msgstr ""
4775
4776
#: serverguide/C/virtualization.xml:920(programlisting)
4777
#, no-wrap
4778
msgid ""
4779
"\n"
4780
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4781
" is http://archive.ubuntu.com/ubuntu for official\n"
4782
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4783
" otherwise\n"
4784
msgstr ""
4785
4786
#: serverguide/C/virtualization.xml:927(para)
4787
msgid "So we add to the command line:"
4788
msgstr ""
4789
4790
#: serverguide/C/virtualization.xml:932(command)
4791
msgid "--mirror http://mirroraddress:9999/ubuntu"
4792
msgstr ""
4793
4794
#: serverguide/C/virtualization.xml:936(para)
4795
msgid ""
4796
"The mirror address specified here will also be used in the "
4797
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4798
"is useful to specify here an address that can be resolved by the guest or to "
4799
"plan on reseting this address later on, such as in a <emphasis>--"
4800
"firstboot</emphasis> script."
4801
msgstr ""
4802
4803
#: serverguide/C/virtualization.xml:945(title)
4804
msgid "Install a Local Mirror"
4805
msgstr ""
4806
4807
#: serverguide/C/virtualization.xml:947(para)
4808
msgid ""
4809
"If we are in a larger environment, it may make sense to setup a local mirror "
4810
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4811
"script that will handle the mirroring for you. You should plan on having "
4812
"about 20 gigabyte of free space per supported release and architecture."
4813
msgstr ""
4814
4815
#: serverguide/C/virtualization.xml:953(para)
4816
msgid ""
4817
"By default, <application>apt-mirror</application> uses the configuration "
4818
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4819
"replicate only the architecture of the local machine. If you would like to "
4820
"support other architectures on your mirror, simply duplicate the lines "
4821
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4822
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4823
"archives as well, you will have:"
4824
msgstr ""
4825
4826
#: serverguide/C/virtualization.xml:960(programlisting)
4827
#, no-wrap
4828
msgid ""
4829
"\n"
4830
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4831
"multiverse \n"
4832
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4833
"universe multiverse\n"
4834
"\n"
4835
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4836
"universe multiverse \n"
4837
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4838
"universe multiverse \n"
4839
"\n"
4840
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4841
"universe multiverse \n"
4842
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4843
"restricted universe multiverse \n"
4844
"\n"
4845
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4846
"universe multiverse \n"
4847
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4848
"restricted universe multiverse \n"
4849
"\n"
4850
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4851
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4852
"installer \n"
4853
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4854
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4855
"installer \n"
4856
msgstr ""
4857
4858
#: serverguide/C/virtualization.xml:977(para)
4859
msgid ""
4860
"Notice that the source packages are not mirrored as they are seldom used "
4861
"compared to the binaries and they do take a lot more space, but they can be "
4862
"easily added to the list."
4863
msgstr ""
4864
4865
#: serverguide/C/virtualization.xml:982(para)
4866
msgid ""
4867
"Once the mirror has finished replicating (and this can be quite long), you "
4868
"need to configure Apache so that your mirror files (in "
4869
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4870
"default), are published by your Apache server. For more information on "
4871
"Apache see <xref linkend=\"httpd\"/>."
4872
msgstr ""
4873
4874
#: serverguide/C/virtualization.xml:991(title)
4875
msgid "Installing in a RAM Disk"
4876
msgstr ""
4877
4878
#: serverguide/C/virtualization.xml:993(para)
4879
msgid ""
4880
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4881
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4882
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4883
"-tmpfs</emphasis> will help you do just that:"
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:999(programlisting)
4887
#, no-wrap
4888
msgid ""
4889
"\n"
4890
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4891
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4892
msgstr ""
4893
4894
#: serverguide/C/virtualization.xml:1004(para)
4895
msgid ""
4896
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4897
"have 1G of free ram."
4898
msgstr ""
4899
4900
#: serverguide/C/virtualization.xml:1011(title)
4901
msgid "Package the Application"
4902
msgstr ""
4903
4904
#: serverguide/C/virtualization.xml:1013(para)
4905
msgid "Two option are available to us:"
4906
msgstr ""
4907
4908
#: serverguide/C/virtualization.xml:1019(para)
4909
msgid ""
4910
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4911
"package. Since this is outside of the scope of this tutorial, we will not "
4912
"perform this here and invite the reader to read the documentation on how to "
4913
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4914
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4915
"repository for your package so that updates can be conveniently pulled from "
4916
"it. See the <ulink url=\"http://www.debian-"
4917
"administration.org/articles/286\">Debian Administration</ulink> article for "
4918
"a tutorial on this."
4919
msgstr ""
4920
4921
#: serverguide/C/virtualization.xml:1028(para)
4922
msgid ""
4923
"Manually install the application under <filename>/opt</filename> as "
4924
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4925
"guidelines</ulink>."
4926
msgstr ""
4927
4928
#: serverguide/C/virtualization.xml:1035(para)
4929
msgid ""
4930
"In our case we'll use <application>Limesurvey</application> as example web "
4931
"application for which we wish to provide a virtual appliance. As noted "
4932
"before, we've made a version of the package available in a PPA (Personal "
4933
"Package Archive)."
4934
msgstr ""
4935
4936
#: serverguide/C/virtualization.xml:1042(title)
4937
msgid "Finishing Install"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4941
msgid "First Boot"
4942
msgstr ""
4943
4944
#: serverguide/C/virtualization.xml:1047(para)
4945
msgid ""
4946
"As we mentioned earlier, the first time the machine boots we'll need to "
4947
"install <application>openssh-server</application> so that the key generated "
4948
"for it is unique for each machine. To do this, we'll write a script called "
4949
"<filename>boot.sh</filename> as follows:"
4950
msgstr ""
4951
4952
#: serverguide/C/virtualization.xml:1053(programlisting)
4953
#, no-wrap
4954
msgid ""
4955
"\n"
4956
"# This script will run the first time the virtual machine boots\n"
4957
"# It is ran as root.\n"
4958
"\n"
4959
"apt-get update\n"
4960
"apt-get install -qqy --force-yes openssh-server\n"
4961
msgstr ""
4962
4963
#: serverguide/C/virtualization.xml:1061(para)
4964
msgid ""
4965
"And we add the <command>--firstboot boot.sh</command> option to our command "
4966
"line."
4967
msgstr ""
4968
4969
#: serverguide/C/virtualization.xml:1067(title)
4970
msgid "First Login"
4971
msgstr ""
4972
4973
#: serverguide/C/virtualization.xml:1069(para)
4974
msgid ""
4975
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4976
"set them up the first time a user logs in using a script named login.sh. "
4977
"We'll also use this script to let the user specify:"
4978
msgstr ""
4979
4980
#: serverguide/C/virtualization.xml:1075(para)
4981
msgid "His own password"
4982
msgstr ""
4983
4984
#: serverguide/C/virtualization.xml:1076(para)
4985
msgid "Define the keyboard and other locale info he wants to use"
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:1079(para)
4989
msgid "So we'll define <filename>login.sh</filename> as follows:"
4990
msgstr ""
4991
4992
#: serverguide/C/virtualization.xml:1083(programlisting)
4993
#, no-wrap
4994
msgid ""
4995
"\n"
4996
"# This script is ran the first time a user logs in\n"
4997
"\n"
4998
"echo \"Your appliance is about to be finished to be set up.\"\n"
4999
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5000
"echo \"starting by changing your user password.\"\n"
5001
"\n"
5002
"passwd\n"
5003
"\n"
5004
"#give the opportunity to change the keyboard\n"
5005
"sudo dpkg-reconfigure console-setup\n"
5006
"\n"
5007
"#configure the mysql server root password\n"
5008
"sudo dpkg-reconfigure mysql-server-5.0\n"
5009
"\n"
5010
"#install limesurvey\n"
5011
"sudo apt-get install -qqy --force-yes limesurvey\n"
5012
"\n"
5013
"echo \"Your appliance is now configured. To use it point your\"\n"
5014
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5015
msgstr ""
5016
5017
#: serverguide/C/virtualization.xml:1105(para)
5018
msgid ""
5019
"And we add the <command>--firstlogin login.sh</command> option to our "
5020
"command line."
5021
msgstr ""
5022
5023
#: serverguide/C/virtualization.xml:1112(title)
5024
msgid "Useful Additions"
5025
msgstr ""
5026
5027
#: serverguide/C/virtualization.xml:1115(title)
5028
msgid "Configuring Automatic Updates"
5029
msgstr ""
5030
5031
#: serverguide/C/virtualization.xml:1117(para)
5032
msgid ""
5033
"To have your system be configured to update itself on a regular basis, we "
5034
"will just install <application>unattended-upgrades</application>, so we add "
5035
"the following option to our command line:"
5036
msgstr ""
5037
5038
#: serverguide/C/virtualization.xml:1123(command)
5039
msgid "--addpkg unattended-upgrades"
5040
msgstr ""
5041
5042
#: serverguide/C/virtualization.xml:1126(para)
5043
msgid ""
5044
"As we have put our application package in a PPA, the process will update not "
5045
"only the system, but also the application each time we update the version in "
5046
"the PPA."
5047
msgstr ""
5048
5049
#: serverguide/C/virtualization.xml:1133(title)
5050
msgid "ACPI Event Handling"
5051
msgstr ""
5052
5053
#: serverguide/C/virtualization.xml:1135(para)
5054
msgid ""
5055
"For your virtual machine to be able to handle restart and shutdown events it "
5056
"is being sent, it is a good idea to install the acpid package as well. To do "
5057
"this we just add the following option:"
5058
msgstr ""
5059
5060
#: serverguide/C/virtualization.xml:1141(command)
5061
msgid "--addpkg acpid"
5062
msgstr ""
5063
5064
#: serverguide/C/virtualization.xml:1147(title)
5065
msgid "Final Command"
5066
msgstr ""
5067
5068
#: serverguide/C/virtualization.xml:1149(para)
5069
msgid "Here is the command with all the options discussed above:"
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:1154(command)
5073
msgid ""
5074
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5075
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5076
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5077
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5078
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5079
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5080
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5081
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5082
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5083
"firstlogin login.sh"
5084
msgstr ""
5085
5086
#: serverguide/C/virtualization.xml:1169(para)
5087
msgid ""
5088
"If you are interested in learning more, have questions or suggestions, "
5089
"please contact the Ubuntu Server Team at:"
5090
msgstr ""
5091
5092
#: serverguide/C/virtualization.xml:1174(para)
5093
msgid "IRC: #ubuntu-server on freenode"
5094
msgstr ""
5095
5096
#: serverguide/C/virtualization.xml:1179(para)
5097
msgid ""
5098
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5099
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5100
msgstr ""
5101
5102
#: serverguide/C/virtualization.xml:1184(para)
5103
msgid ""
5104
"Also, see the <ulink "
5105
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5106
"Wiki</ulink> page."
5107
msgstr ""
5108
5109
#: serverguide/C/virtualization.xml:1192(title)
5110
msgid "UEC"
5111
msgstr ""
5112
5113
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5114
msgid "Overview"
5115
msgstr ""
5116
5117
#: serverguide/C/virtualization.xml:1197(para)
5118
msgid ""
5119
"This tutorial covers <application>UEC</application> installation from the "
5120
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5121
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5122
"and one or more nodes attached."
5123
msgstr ""
5124
5125
#: serverguide/C/virtualization.xml:1202(para)
5126
msgid ""
5127
"From this Tutorial you will learn how to install, configure, register and "
5128
"perform several operations on a basic <application>UEC</application> setup "
5129
"that results in a cloud with a one controller <emphasis>\"front-"
5130
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5131
"instances. You will also use examples to help get you started using your own "
5132
"private compute cloud."
5133
msgstr ""
5134
5135
#: serverguide/C/virtualization.xml:1210(title)
5136
msgid "Prerequisites"
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:1212(para)
5140
msgid ""
5141
"To deploy a minimal cloud infrastructure, you’ll need at least "
5142
"<emphasis>two</emphasis> dedicated systems:"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:1218(para)
5146
msgid "A front end."
5147
msgstr ""
5148
5149
#: serverguide/C/virtualization.xml:1223(para)
5150
msgid "One or more node(s)."
5151
msgstr ""
5152
5153
#: serverguide/C/virtualization.xml:1229(para)
5154
msgid ""
5155
"The following are recommendations, rather than fixed requirements. However, "
5156
"our experience in developing this documentation indicated the following "
5157
"suggestions."
5158
msgstr ""
5159
5160
#: serverguide/C/virtualization.xml:1234(title)
5161
msgid "Front End Requirements"
5162
msgstr ""
5163
5164
#: serverguide/C/virtualization.xml:1236(para)
5165
msgid "Use the following table for a system that will run one or more of:"
5166
msgstr ""
5167
5168
#: serverguide/C/virtualization.xml:1241(para)
5169
msgid "Cloud Controller (CLC)"
5170
msgstr ""
5171
5172
#: serverguide/C/virtualization.xml:1242(para)
5173
msgid "Cluster Controller (CC)"
5174
msgstr ""
5175
5176
#: serverguide/C/virtualization.xml:1243(para)
5177
msgid "Walrus (the S3-like storage service)"
5178
msgstr ""
5179
5180
#: serverguide/C/virtualization.xml:1244(para)
5181
msgid "Storage Controller (SC)"
5182
msgstr ""
5183
5184
#: serverguide/C/virtualization.xml:1248(title)
5185
msgid "UEC Front End Requirements"
5186
msgstr ""
5187
5188
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5189
msgid "Hardware"
5190
msgstr ""
5191
5192
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5193
msgid "Minimum"
5194
msgstr ""
5195
5196
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5197
msgid "Suggested"
5198
msgstr ""
5199
5200
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5201
msgid "Notes"
5202
msgstr ""
5203
5204
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5205
msgid "CPU"
5206
msgstr ""
5207
5208
#: serverguide/C/virtualization.xml:1265(para)
5209
msgid "1 GHz"
5210
msgstr ""
5211
5212
#: serverguide/C/virtualization.xml:1266(para)
5213
msgid "2 x 2 GHz"
5214
msgstr ""
5215
5216
#: serverguide/C/virtualization.xml:1267(para)
5217
msgid ""
5218
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5219
"a dual core processor."
5220
msgstr ""
5221
5222
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5223
msgid "Memory"
5224
msgstr ""
5225
5226
#: serverguide/C/virtualization.xml:1271(para)
5227
msgid "2 GB"
5228
msgstr ""
5229
5230
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5231
msgid "4 GB"
5232
msgstr ""
5233
5234
#: serverguide/C/virtualization.xml:1273(para)
5235
msgid "The Java web front end benefits from lots of available memory."
5236
msgstr ""
5237
5238
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5239
msgid "Disk"
5240
msgstr ""
5241
5242
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5243
msgid "5400 RPM IDE"
5244
msgstr ""
5245
5246
#: serverguide/C/virtualization.xml:1278(para)
5247
msgid "7200 RPM SATA"
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1279(para)
5251
msgid ""
5252
"Slower disks will work, but will yield much longer instance startup times."
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5256
msgid "Disk Space"
5257
msgstr ""
5258
5259
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5260
msgid "40 GB"
5261
msgstr ""
5262
5263
#: serverguide/C/virtualization.xml:1284(para)
5264
msgid "200 GB"
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:1285(para)
5268
msgid ""
5269
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5270
"does not like to run out of disk space."
5271
msgstr ""
5272
5273
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5274
msgid "Networking"
5275
msgstr ""
5276
5277
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5278
msgid "100 Mbps"
5279
msgstr ""
5280
5281
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5282
msgid "1000 Mbps"
5283
msgstr ""
5284
5285
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5286
msgid ""
5287
"Machine images are hundreds of MB, and need to be copied over the network to "
5288
"nodes."
5289
msgstr ""
5290
5291
#: serverguide/C/virtualization.xml:1299(title)
5292
msgid "Node Requirements"
5293
msgstr ""
5294
5295
#: serverguide/C/virtualization.xml:1301(para)
5296
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5297
msgstr ""
5298
5299
#: serverguide/C/virtualization.xml:1306(para)
5300
msgid "the Node Controller (NC)"
5301
msgstr ""
5302
5303
#: serverguide/C/virtualization.xml:1310(title)
5304
msgid "UEC Node Requirements"
5305
msgstr ""
5306
5307
#: serverguide/C/virtualization.xml:1327(para)
5308
msgid "VT Extensions"
5309
msgstr ""
5310
5311
#: serverguide/C/virtualization.xml:1328(para)
5312
msgid "VT, 64-bit, Multicore"
5313
msgstr ""
5314
5315
#: serverguide/C/virtualization.xml:1329(para)
5316
msgid ""
5317
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5318
"only run 1 VM per CPU core on a Node."
5319
msgstr ""
5320
5321
#: serverguide/C/virtualization.xml:1333(para)
5322
msgid "1 GB"
5323
msgstr ""
5324
5325
#: serverguide/C/virtualization.xml:1335(para)
5326
msgid "Additional memory means more, and larger guests."
5327
msgstr ""
5328
5329
#: serverguide/C/virtualization.xml:1340(para)
5330
msgid "7200 RPM SATA or SCSI"
5331
msgstr ""
5332
5333
#: serverguide/C/virtualization.xml:1341(para)
5334
msgid ""
5335
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5336
"bottleneck."
5337
msgstr ""
5338
5339
#: serverguide/C/virtualization.xml:1346(para)
5340
msgid "100 GB"
5341
msgstr ""
5342
5343
#: serverguide/C/virtualization.xml:1347(para)
5344
msgid ""
5345
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5346
"space."
5347
msgstr ""
5348
5349
#: serverguide/C/virtualization.xml:1363(title)
5350
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5351
msgstr ""
5352
5353
#: serverguide/C/virtualization.xml:1367(para)
5354
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5355
msgstr ""
5356
5357
#: serverguide/C/virtualization.xml:1372(para)
5358
msgid ""
5359
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5360
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5361
"components are present."
5362
msgstr ""
5363
5364
#: serverguide/C/virtualization.xml:1377(para)
5365
msgid ""
5366
"You can then choose which components to install, based on your chosen <ulink "
5367
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:1382(para)
5371
msgid ""
5372
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5373
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5374
msgstr ""
5375
5376
#: serverguide/C/virtualization.xml:1388(para)
5377
msgid ""
5378
"It will ask two other cloud-specific questions during the course of the "
5379
"install:"
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:1393(para)
5383
msgid "Name of your cluster."
5384
msgstr ""
5385
5386
#: serverguide/C/virtualization.xml:1396(para)
5387
msgid "e.g. <emphasis>cluster1</emphasis>."
5388
msgstr ""
5389
5390
#: serverguide/C/virtualization.xml:1399(para)
5391
msgid ""
5392
"A range of public IP addresses on the LAN that the cloud can allocate to "
5393
"instances."
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1402(para)
5397
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5398
msgstr ""
5399
5400
#: serverguide/C/virtualization.xml:1410(title)
5401
msgid "Installing the Node Controller(s)"
5402
msgstr ""
5403
5404
#: serverguide/C/virtualization.xml:1412(para)
5405
msgid ""
5406
"The node controller install is even simpler. Just make sure that you are "
5407
"connected to the network on which the cloud/cluster controller is already "
5408
"running."
5409
msgstr ""
5410
5411
#: serverguide/C/virtualization.xml:1418(para)
5412
msgid "Boot from the same ISO on the node(s)."
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:1423(para)
5416
msgid ""
5417
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5418
msgstr ""
5419
5420
#: serverguide/C/virtualization.xml:1428(para)
5421
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5422
msgstr ""
5423
5424
#: serverguide/C/virtualization.xml:1433(para)
5425
msgid ""
5426
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5427
"install for you."
5428
msgstr ""
5429
5430
#: serverguide/C/virtualization.xml:1438(para)
5431
msgid "Confirm the partitioning scheme."
5432
msgstr ""
5433
5434
#: serverguide/C/virtualization.xml:1443(para)
5435
msgid ""
5436
"The rest of the installation should proceed uninterrupted; complete the "
5437
"installation and reboot the node."
5438
msgstr ""
5439
5440
#: serverguide/C/virtualization.xml:1451(title)
5441
msgid "Register the Node(s)"
5442
msgstr ""
5443
5444
#: serverguide/C/virtualization.xml:1456(para)
5445
msgid ""
5446
"Nodes are the physical systems within <application>UEC</application> that "
5447
"actually run the virtual machine instances of the cloud."
5448
msgstr ""
5449
5450
#: serverguide/C/virtualization.xml:1460(para)
5451
msgid "All component registration should be automatic, assuming:"
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:1466(para)
5455
msgid "Public SSH keys have been exchanged properly."
5456
msgstr ""
5457
5458
#: serverguide/C/virtualization.xml:1471(para)
5459
msgid "The services are configured properly."
5460
msgstr ""
5461
5462
#: serverguide/C/virtualization.xml:1476(para)
5463
msgid ""
5464
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5465
msgstr ""
5466
5467
#: serverguide/C/virtualization.xml:1481(para)
5468
msgid "Verify Registration."
5469
msgstr ""
5470
5471
#: serverguide/C/virtualization.xml:1487(para)
5472
msgid ""
5473
"Steps a to e should only be required if you're using the <ulink "
5474
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5475
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5476
"should already be completed automatically for you, and therefore you can "
5477
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5478
msgstr ""
5479
5480
#: serverguide/C/virtualization.xml:1495(para)
5481
msgid "Exchange Public Keys"
5482
msgstr ""
5483
5484
#: serverguide/C/virtualization.xml:1497(para)
5485
msgid ""
5486
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5487
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5488
"Controller as the eucalyptus user."
5489
msgstr ""
5490
5491
#: serverguide/C/virtualization.xml:1502(para)
5492
msgid ""
5493
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5494
"ssh key by:"
5495
msgstr ""
5496
5497
#: serverguide/C/virtualization.xml:1508(para)
5498
msgid ""
5499
"On the target controller, temporarily set a password for the eucalyptus user:"
5500
msgstr ""
5501
5502
#: serverguide/C/virtualization.xml:1512(command)
5503
msgid "sudo passwd eucalyptus"
5504
msgstr ""
5505
5506
#: serverguide/C/virtualization.xml:1516(para)
5507
msgid "Then, on the Cloud Controller:"
5508
msgstr ""
5509
5510
#: serverguide/C/virtualization.xml:1520(command)
5511
msgid ""
5512
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5513
"eucalyptus@<IP_OF_NODE>"
5514
msgstr ""
5515
5516
#: serverguide/C/virtualization.xml:1524(para)
5517
msgid ""
5518
"You can now remove the password of the eucalyptus account on the target "
5519
"controller, if you wish:"
5520
msgstr ""
5521
5522
#: serverguide/C/virtualization.xml:1528(command)
5523
msgid "sudo passwd -d eucalyptus"
5524
msgstr ""
5525
5526
#: serverguide/C/virtualization.xml:1535(para)
5527
msgid "Configuring the Services"
5528
msgstr ""
5529
5530
#: serverguide/C/virtualization.xml:1537(para)
5531
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5532
msgstr ""
5533
5534
#: serverguide/C/virtualization.xml:1543(para)
5535
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5536
msgstr ""
5537
5538
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5539
msgid ""
5540
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5541
"cc.conf</filename>"
5542
msgstr ""
5543
5544
#: serverguide/C/virtualization.xml:1549(para)
5545
msgid ""
5546
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5547
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5548
"addresses."
5549
msgstr ""
5550
5551
#: serverguide/C/virtualization.xml:1556(para)
5552
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5553
msgstr ""
5554
5555
#: serverguide/C/virtualization.xml:1560(para)
5556
msgid ""
5557
"Define the shell variable WALRUS_IP_ADDR in "
5558
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5559
"address."
5560
msgstr ""
5561
5562
#: serverguide/C/virtualization.xml:1565(para)
5563
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5564
msgstr ""
5565
5566
#: serverguide/C/virtualization.xml:1571(para)
5567
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5568
msgstr ""
5569
5570
#: serverguide/C/virtualization.xml:1577(para)
5571
msgid ""
5572
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5573
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5574
"addresses."
5575
msgstr ""
5576
5577
#: serverguide/C/virtualization.xml:1587(para)
5578
msgid "Publish"
5579
msgstr ""
5580
5581
#: serverguide/C/virtualization.xml:1589(para)
5582
msgid "Now start the publication services."
5583
msgstr ""
5584
5585
#: serverguide/C/virtualization.xml:1595(emphasis)
5586
msgid "Walrus Controller:"
5587
msgstr ""
5588
5589
#: serverguide/C/virtualization.xml:1597(command)
5590
msgid "sudo start eucalyptus-walrus-publication"
5591
msgstr ""
5592
5593
#: serverguide/C/virtualization.xml:1601(emphasis)
5594
msgid "Cluster Controller:"
5595
msgstr ""
5596
5597
#: serverguide/C/virtualization.xml:1603(command)
5598
msgid "sudo start eucalyptus-cc-publication"
5599
msgstr ""
5600
5601
#: serverguide/C/virtualization.xml:1607(emphasis)
5602
msgid "Storage Controller:"
5603
msgstr ""
5604
5605
#: serverguide/C/virtualization.xml:1609(command)
5606
msgid "sudo start eucalyptus-sc-publication"
5607
msgstr ""
5608
5609
#: serverguide/C/virtualization.xml:1613(emphasis)
5610
msgid "Node Controller:"
5611
msgstr ""
5612
5613
#: serverguide/C/virtualization.xml:1615(command)
5614
msgid "sudo start eucalyptus-nc-publication"
5615
msgstr ""
5616
5617
#: serverguide/C/virtualization.xml:1622(para)
5618
msgid "Start the Listener"
5619
msgstr ""
5620
5621
#: serverguide/C/virtualization.xml:1624(para)
5622
msgid ""
5623
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5624
"Controller(s)</emphasis>, run:"
5625
msgstr ""
5626
5627
#: serverguide/C/virtualization.xml:1629(command)
5628
msgid "sudo start uec-component-listener"
5629
msgstr ""
5630
5631
#: serverguide/C/virtualization.xml:1634(para)
5632
msgid "Verify Registration"
5633
msgstr ""
5634
5635
#: serverguide/C/virtualization.xml:1637(command)
5636
msgid "cat /var/log/eucalyptus/registration.log"
5637
msgstr ""
5638
5639
#: serverguide/C/virtualization.xml:1638(computeroutput)
5640
#, no-wrap
5641
msgid ""
5642
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5643
"10.1.1.75\n"
5644
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5645
"0\n"
5646
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5647
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5648
"0\n"
5649
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5650
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5651
"returned 0\n"
5652
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5653
"10.1.1.71\n"
5654
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5655
msgstr ""
5656
5657
#: serverguide/C/virtualization.xml:1649(para)
5658
msgid "The output on your machine will vary from the example above."
5659
msgstr ""
5660
5661
#: serverguide/C/virtualization.xml:1659(title)
5662
msgid "Obtain Credentials"
5663
msgstr ""
5664
5665
#: serverguide/C/virtualization.xml:1661(para)
5666
msgid ""
5667
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5668
"users of the cloud will need to retrieve their credentials. This can be done "
5669
"either through a web browser, or at the command line."
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1667(title)
5673
msgid "From a Web Browser"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:1671(para)
5677
msgid ""
5678
"From your web browser (either remotely or on your Ubuntu server) access the "
5679
"following URL:"
5680
msgstr ""
5681
5682
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5683
#, no-wrap
5684
msgid ""
5685
"\n"
5686
"https://<cloud-controller-ip-address>:8443/\n"
5687
msgstr ""
5688
5689
#: serverguide/C/virtualization.xml:1679(para)
5690
msgid ""
5691
"You must use a secure connection, so make sure you use \"https\" not "
5692
"\"http\" in your URL. You will get a security certificate warning. You will "
5693
"have to add an exception to view the page. If you do not accept it you will "
5694
"not be able to view the Eucalyptus configuration page."
5695
msgstr ""
5696
5697
#: serverguide/C/virtualization.xml:1687(para)
5698
msgid ""
5699
"Use username <emphasis>'admin'</emphasis> and password "
5700
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5701
"to change your password)."
5702
msgstr ""
5703
5704
#: serverguide/C/virtualization.xml:1693(para)
5705
msgid ""
5706
"Then follow the on-screen instructions to update the admin password and "
5707
"email address."
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1698(para)
5711
msgid ""
5712
"Once the first time configuration process is completed, click the "
5713
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5714
"the screen."
5715
msgstr ""
5716
5717
#: serverguide/C/virtualization.xml:1704(para)
5718
msgid ""
5719
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5720
"certificates."
5721
msgstr ""
5722
5723
#: serverguide/C/virtualization.xml:1709(para)
5724
msgid "Save them to <filename>~/.euca</filename>."
5725
msgstr ""
5726
5727
#: serverguide/C/virtualization.xml:1714(para)
5728
msgid ""
5729
"Unzip the downloaded zip file into a safe location "
5730
"(<filename>~/.euca</filename>)."
5731
msgstr ""
5732
5733
#: serverguide/C/virtualization.xml:1718(command)
5734
msgid "unzip -d ~/.euca mycreds.zip"
5735
msgstr ""
5736
5737
#: serverguide/C/virtualization.xml:1725(title)
5738
msgid "From a Command Line"
5739
msgstr ""
5740
5741
#: serverguide/C/virtualization.xml:1729(para)
5742
msgid ""
5743
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5744
"Controller</emphasis>, you can run:"
5745
msgstr ""
5746
5747
#: serverguide/C/virtualization.xml:1733(command)
5748
msgid "mkdir -p ~/.euca"
5749
msgstr ""
5750
5751
#: serverguide/C/virtualization.xml:1734(command)
5752
msgid "chmod 700 ~/.euca"
5753
msgstr ""
5754
5755
#: serverguide/C/virtualization.xml:1735(command)
5756
msgid "cd ~/.euca"
5757
msgstr ""
5758
5759
#: serverguide/C/virtualization.xml:1736(command)
5760
msgid "sudo euca_conf --get-credentials mycreds.zip"
5761
msgstr ""
5762
5763
#: serverguide/C/virtualization.xml:1737(command)
5764
msgid "unzip mycreds.zip"
5765
msgstr ""
5766
5767
#: serverguide/C/virtualization.xml:1738(command)
5768
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5769
msgstr ""
5770
5771
#: serverguide/C/virtualization.xml:1739(command)
5772
msgid "cd -"
5773
msgstr ""
5774
5775
#: serverguide/C/virtualization.xml:1746(title)
5776
msgid "Extracting and Using Your Credentials"
5777
msgstr ""
5778
5779
#: serverguide/C/virtualization.xml:1748(para)
5780
msgid ""
5781
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5782
"certificates."
5783
msgstr ""
5784
5785
#: serverguide/C/virtualization.xml:1754(para)
5786
msgid "Install the required cloud user tools:"
5787
msgstr ""
5788
5789
#: serverguide/C/virtualization.xml:1758(command)
5790
msgid "sudo apt-get install euca2ools"
5791
msgstr ""
5792
5793
#: serverguide/C/virtualization.xml:1762(para)
5794
msgid ""
5795
"To validate that everything is working correctly, get the local cluster "
5796
"availability details:"
5797
msgstr ""
5798
5799
#: serverguide/C/virtualization.xml:1766(command)
5800
msgid ". ~/.euca/eucarc"
5801
msgstr ""
5802
5803
#: serverguide/C/virtualization.xml:1767(command)
5804
msgid "euca-describe-availability-zones verbose"
5805
msgstr ""
5806
5807
#: serverguide/C/virtualization.xml:1768(computeroutput)
5808
#, no-wrap
5809
msgid ""
5810
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5811
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5812
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5813
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5814
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5815
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5816
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5817
msgstr ""
5818
5819
#: serverguide/C/virtualization.xml:1778(para)
5820
msgid "Your output from the above command will vary."
5821
msgstr ""
5822
5823
#: serverguide/C/virtualization.xml:1788(title)
5824
msgid "Install an Image from the Store"
5825
msgstr ""
5826
5827
#: serverguide/C/virtualization.xml:1790(para)
5828
msgid ""
5829
"The following is by far the simplest way to install an image. However, "
5830
"advanced users may be interested in learning how to <ulink "
5831
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5832
"own image</ulink>."
5833
msgstr ""
5834
5835
#: serverguide/C/virtualization.xml:1795(para)
5836
msgid ""
5837
"The simplest way to add an image to <application>UEC</application> is to "
5838
"install it from the Image Store on the UEC web interface."
5839
msgstr ""
5840
5841
#: serverguide/C/virtualization.xml:1801(para)
5842
msgid ""
5843
"Access the web interface at the following URL (Make sure you specify https):"
5844
msgstr ""
5845
5846
#: serverguide/C/virtualization.xml:1809(para)
5847
msgid ""
5848
"Enter your login and password (if requested, as you may still be logged in "
5849
"from earlier)."
5850
msgstr ""
5851
5852
#: serverguide/C/virtualization.xml:1814(para)
5853
msgid "Click on the <emphasis>Store</emphasis> tab."
5854
msgstr ""
5855
5856
#: serverguide/C/virtualization.xml:1819(para)
5857
msgid "Browse available images."
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1824(para)
5861
msgid "Click on <emphasis>install</emphasis> for the image you want."
5862
msgstr ""
5863
5864
#: serverguide/C/virtualization.xml:1830(para)
5865
msgid ""
5866
"Once the image has been downloaded and installed, you can click on "
5867
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5868
"button to view the command to execute to instantiate (start) this image. The "
5869
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5870
"tab."
5871
msgstr ""
5872
5873
#: serverguide/C/virtualization.xml:1838(title)
5874
msgid "Run an Image"
5875
msgstr ""
5876
5877
#: serverguide/C/virtualization.xml:1840(para)
5878
msgid "There are multiple ways to instantiate an image in UEC:"
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1845(para)
5882
msgid "Use the command line."
5883
msgstr ""
5884
5885
#: serverguide/C/virtualization.xml:1846(para)
5886
msgid ""
5887
"Use one of the UEC compatible management tools such as "
5888
"<emphasis>Landscape</emphasis>."
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1848(para)
5892
msgid ""
5893
"Use the <ulink "
5894
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5895
"extension to Firefox."
5896
msgstr ""
5897
5898
#: serverguide/C/virtualization.xml:1854(para)
5899
msgid "Here we will describe the process from the command line:"
5900
msgstr ""
5901
5902
#: serverguide/C/virtualization.xml:1860(para)
5903
msgid ""
5904
"Before running an instance of your image, you should first create a "
5905
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5906
"instance as root, once it boots. The key is stored, so you will only have to "
5907
"do this once."
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:1864(para)
5911
msgid "Run the following command:"
5912
msgstr ""
5913
5914
#: serverguide/C/virtualization.xml:1867(programlisting)
5915
#, no-wrap
5916
msgid ""
5917
"\n"
5918
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5919
" mkdir -p -m 700 ~/.euca\n"
5920
" touch ~/.euca/mykey.priv\n"
5921
" chmod 0600 ~/.euca/mykey.priv\n"
5922
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5923
"fi\n"
5924
msgstr ""
5925
5926
#: serverguide/C/virtualization.xml:1876(para)
5927
msgid ""
5928
"You can call your key whatever you like (in this example, the key is called "
5929
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5930
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5931
"a list of created keys stored in the system."
5932
msgstr ""
5933
5934
#: serverguide/C/virtualization.xml:1883(para)
5935
msgid "You must also allow access to port 22 in your instances:"
5936
msgstr ""
5937
5938
#: serverguide/C/virtualization.xml:1887(command)
5939
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5940
msgstr ""
5941
5942
#: serverguide/C/virtualization.xml:1891(para)
5943
msgid "Next, you can create instances of your registered image:"
5944
msgstr ""
5945
5946
#: serverguide/C/virtualization.xml:1895(command)
5947
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5948
msgstr ""
5949
5950
#: serverguide/C/virtualization.xml:1898(para)
5951
msgid ""
5952
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5953
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5954
"on the <emphasis>Store</emphasis> page to see the sample command."
5955
msgstr ""
5956
5957
#: serverguide/C/virtualization.xml:1905(para)
5958
msgid ""
5959
"The first time you run an instance, the system will be setting up caches for "
5960
"the image from which it will be created. This can often take some time the "
5961
"first time an instance is run given that VM images are usually quite large."
5962
msgstr ""
5963
5964
#: serverguide/C/virtualization.xml:1909(para)
5965
msgid "To monitor the state of your instance, run:"
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:1913(command)
5969
msgid "watch -n5 euca-describe-instances"
5970
msgstr ""
5971
5972
#: serverguide/C/virtualization.xml:1915(para)
5973
msgid ""
5974
"In the output, you should see information about the instance, including its "
5975
"state. While first-time caching is being performed, the instance's state "
5976
"will be <emphasis>'pending'</emphasis>."
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:1921(para)
5980
msgid ""
5981
"When the instance is fully started, the above state will become "
5982
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5983
"instance in the output, then connect to it:"
5984
msgstr ""
5985
5986
#: serverguide/C/virtualization.xml:1926(command)
5987
msgid ""
5988
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5989
"'{print $4}')"
5990
msgstr ""
5991
5992
#: serverguide/C/virtualization.xml:1927(command)
5993
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1931(para)
5997
msgid ""
5998
"And when you are done with this instance, exit your SSH connection, then "
5999
"terminate your instance:"
6000
msgstr ""
6001
6002
#: serverguide/C/virtualization.xml:1935(command)
6003
msgid ""
6004
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6005
"awk '{print $2}')"
6006
msgstr ""
6007
6008
#: serverguide/C/virtualization.xml:1936(command)
6009
msgid "euca-terminate-instances $INSTANCEID"
6010
msgstr ""
6011
6012
#: serverguide/C/virtualization.xml:1944(para)
6013
msgid ""
6014
"The <application>cloud-init</application> package provides \"first boot\" "
6015
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6016
"generic filesystem image that is booting and customizing it for this "
6017
"particular instance. That includes things like:"
6018
msgstr ""
6019
6020
#: serverguide/C/virtualization.xml:1952(para)
6021
msgid "Setting the hostname."
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1957(para)
6025
msgid ""
6026
"Putting the provided ssh public keys into "
6027
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6028
msgstr ""
6029
6030
#: serverguide/C/virtualization.xml:1962(para)
6031
msgid "Running a user provided script, or otherwise modifying the image."
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1968(para)
6035
msgid ""
6036
"Setting hostname and configuring a system so the person who launched it can "
6037
"actually log into it are not terribly interesting. The interesting things "
6038
"that can be done with <application>cloud-init</application> are made "
6039
"possible by data provided at launch time called <ulink "
6040
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6041
"85\">user-data</ulink>."
6042
msgstr ""
6043
6044
#: serverguide/C/virtualization.xml:1974(para)
6045
msgid "First, install the <application>cloud-init</application> package:"
6046
msgstr ""
6047
6048
#: serverguide/C/virtualization.xml:1979(command)
6049
msgid "sudo apt-get install cloud-init"
6050
msgstr ""
6051
6052
#: serverguide/C/virtualization.xml:1982(para)
6053
msgid ""
6054
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6055
"stored and executed as root late in the boot process of the instance's first "
6056
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6057
"directed to the console."
6058
msgstr ""
6059
6060
#: serverguide/C/virtualization.xml:1987(para)
6061
msgid ""
6062
"For example, create a file named <filename>ud.txt</filename> containing:"
6063
msgstr ""
6064
6065
#: serverguide/C/virtualization.xml:1991(programlisting)
6066
#, no-wrap
6067
msgid ""
6068
"\n"
6069
"#!/bin/sh\n"
6070
"echo ========== Hello World: $(date) ==========\n"
6071
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6072
msgstr ""
6073
6074
#: serverguide/C/virtualization.xml:1997(para)
6075
msgid ""
6076
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6077
msgstr ""
6078
6079
#: serverguide/C/virtualization.xml:2002(command)
6080
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6081
msgstr ""
6082
6083
#: serverguide/C/virtualization.xml:2005(para)
6084
msgid ""
6085
"Wait now for the system to come up and console to be available. To see the "
6086
"result of the data file commands enter:"
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:2010(command)
6090
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6091
msgstr ""
6092
6093
#: serverguide/C/virtualization.xml:2011(computeroutput)
6094
#, no-wrap
6095
msgid ""
6096
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6097
"I have been up for 28.26 sec"
6098
msgstr ""
6099
6100
#: serverguide/C/virtualization.xml:2016(para)
6101
msgid "Your output may vary."
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:2021(para)
6105
msgid ""
6106
"The simple approach shown above gives a great deal of power. The user-data "
6107
"can contain a script in any language where an interpreter already exists in "
6108
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6109
")."
6110
msgstr ""
6111
6112
#: serverguide/C/virtualization.xml:2026(para)
6113
msgid ""
6114
"For many cases, the user may not be interested in writing a program. For "
6115
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6116
"configuration based approach towards customization. To utilize the cloud-"
6117
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6118
"config'</emphasis>."
6119
msgstr ""
6120
6121
#: serverguide/C/virtualization.xml:2031(para)
6122
msgid ""
6123
"For example, create a text file named <filename>clout-config.txt</filename> "
6124
"containing:"
6125
msgstr ""
6126
6127
#: serverguide/C/virtualization.xml:2035(programlisting)
6128
#, no-wrap
6129
msgid ""
6130
"\n"
6131
"#cloud-config\n"
6132
"apt_upgrade: true\n"
6133
"apt_sources:\n"
6134
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6135
"\n"
6136
"packages:\n"
6137
"- build-essential\n"
6138
"- pastebinit\n"
6139
"\n"
6140
"runcmd:\n"
6141
"- echo ======= Hello World =====\n"
6142
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6143
msgstr ""
6144
6145
#: serverguide/C/virtualization.xml:2050(para)
6146
msgid "Create a new instance:"
6147
msgstr ""
6148
6149
#: serverguide/C/virtualization.xml:2055(command)
6150
msgid ""
6151
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6152
"config.txt"
6153
msgstr ""
6154
6155
#: serverguide/C/virtualization.xml:2058(para)
6156
msgid "Now, when the above system is booted, it will have:"
6157
msgstr ""
6158
6159
#: serverguide/C/virtualization.xml:2063(para)
6160
msgid "Added the Apache Edgers PPA."
6161
msgstr ""
6162
6163
#: serverguide/C/virtualization.xml:2064(para)
6164
msgid "Run an upgrade to get all updates available"
6165
msgstr ""
6166
6167
#: serverguide/C/virtualization.xml:2065(para)
6168
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6169
msgstr ""
6170
6171
#: serverguide/C/virtualization.xml:2066(para)
6172
msgid "Printed a similar message to the script above"
6173
msgstr ""
6174
6175
#: serverguide/C/virtualization.xml:2070(para)
6176
msgid ""
6177
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6178
"the latest version of Apache from upstream source repositories. Package "
6179
"versions in the PPA are unsupported, and depending on your situation, this "
6180
"may or may not be desirable. See the <ulink "
6181
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6182
"Edgers</ulink> web page for more details."
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:2077(para)
6186
msgid ""
6187
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6188
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6189
"It is present to allow you to get the full power of a scripting language if "
6190
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:2082(para)
6194
msgid ""
6195
"For more information on what kinds of things can be done with "
6196
"<application>cloud-config</application>, see <ulink "
6197
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6198
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6199
msgstr ""
6200
6201
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6202
msgid "More Information"
6203
msgstr ""
6204
6205
#: serverguide/C/virtualization.xml:2093(para)
6206
msgid ""
6207
"How to use the <ulink "
6208
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6209
"Controller</ulink>"
6210
msgstr ""
6211
6212
#: serverguide/C/virtualization.xml:2097(para)
6213
msgid "Controlling eucalyptus services:"
6214
msgstr ""
6215
6216
#: serverguide/C/virtualization.xml:2102(para)
6217
msgid ""
6218
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6219
msgstr ""
6220
6221
#: serverguide/C/virtualization.xml:2103(para)
6222
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6223
msgstr ""
6224
6225
#: serverguide/C/virtualization.xml:2106(para)
6226
msgid "Locations of some important files:"
6227
msgstr ""
6228
6229
#: serverguide/C/virtualization.xml:2113(emphasis)
6230
msgid "Log files:"
6231
msgstr ""
6232
6233
#: serverguide/C/virtualization.xml:2116(para)
6234
msgid "/var/log/eucalyptus"
6235
msgstr ""
6236
6237
#: serverguide/C/virtualization.xml:2121(emphasis)
6238
msgid "Configuration files:"
6239
msgstr ""
6240
6241
#: serverguide/C/virtualization.xml:2124(para)
6242
msgid "/etc/eucalyptus"
6243
msgstr ""
6244
6245
#: serverguide/C/virtualization.xml:2129(emphasis)
6246
msgid "Database:"
6247
msgstr ""
6248
6249
#: serverguide/C/virtualization.xml:2132(para)
6250
msgid "/var/lib/eucalyptus/db"
6251
msgstr ""
6252
6253
#: serverguide/C/virtualization.xml:2137(emphasis)
6254
msgid "Keys:"
6255
msgstr ""
6256
6257
#: serverguide/C/virtualization.xml:2140(para)
6258
msgid "/var/lib/eucalyptus"
6259
msgstr ""
6260
6261
#: serverguide/C/virtualization.xml:2141(para)
6262
msgid "/var/lib/eucalyptus/.ssh"
6263
msgstr ""
6264
6265
#: serverguide/C/virtualization.xml:2147(para)
6266
msgid ""
6267
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6268
"running the client tools."
6269
msgstr ""
6270
6271
#: serverguide/C/virtualization.xml:2158(para)
6272
msgid ""
6273
"For information on loading instances see the <ulink "
6274
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6275
"page."
6276
msgstr ""
6277
6278
#: serverguide/C/virtualization.xml:2163(para)
6279
msgid ""
6280
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6281
"documentation, downloads)</ulink>."
6282
msgstr ""
6283
6284
#: serverguide/C/virtualization.xml:2168(para)
6285
msgid ""
6286
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6287
"(bugs, code)</ulink>."
6288
msgstr ""
6289
6290
#: serverguide/C/virtualization.xml:2173(para)
6291
msgid ""
6292
"<ulink "
6293
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6294
"ptus Troubleshooting (1.5)</ulink>."
6295
msgstr ""
6296
6297
#: serverguide/C/virtualization.xml:2178(para)
6298
msgid ""
6299
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6300
"Cloud_Infrastructures/Eucalyptus/03-"
6301
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6302
"RightScale</ulink>."
6303
msgstr ""
6304
6305
#: serverguide/C/virtualization.xml:2184(para)
6306
msgid ""
6307
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6308
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6309
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6310
msgstr ""
6311
6312
#: serverguide/C/virtualization.xml:2193(title)
6313
msgid "Glossary"
6314
msgstr ""
6315
6316
#: serverguide/C/virtualization.xml:2195(para)
6317
msgid ""
6318
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6319
"unfamiliar to some readers. This page is intended to provide a glossary of "
6320
"such terms and acronyms."
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:2202(para)
6324
msgid ""
6325
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6326
"computing resources through virtual machines, provisioned and recollected "
6327
"dynamically."
6328
msgstr ""
6329
6330
#: serverguide/C/virtualization.xml:2208(para)
6331
msgid ""
6332
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6333
"provides the web UI (an https server on port 8443), and implements the "
6334
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6335
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6336
"cloud</application> package."
6337
msgstr ""
6338
6339
#: serverguide/C/virtualization.xml:2215(para)
6340
msgid ""
6341
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6342
"Cluster Controller. There can be more than one Cluster in an installation of "
6343
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6344
"floor2, floor2)."
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:2221(para)
6348
msgid ""
6349
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6350
"manages collections of node resources. This service is provided by the "
6351
"Ubuntu <application>eucalyptus-cc</application> package."
6352
msgstr ""
6353
6354
#: serverguide/C/virtualization.xml:2227(para)
6355
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6356
msgstr ""
6357
6358
#: serverguide/C/virtualization.xml:2232(para)
6359
msgid ""
6360
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6361
"pay-by-the-gigabyte public cloud computing offering."
6362
msgstr ""
6363
6364
#: serverguide/C/virtualization.xml:2237(para)
6365
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6366
msgstr ""
6367
6368
#: serverguide/C/virtualization.xml:2242(para)
6369
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6370
msgstr ""
6371
6372
#: serverguide/C/virtualization.xml:2247(para)
6373
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6374
msgstr ""
6375
6376
#: serverguide/C/virtualization.xml:2252(para)
6377
msgid ""
6378
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6379
"Linking Your Programs To Useful Systems. An open source project originally "
6380
"from the University of California at Santa Barbara, now supported by "
6381
"Eucalyptus Systems, a Canonical Partner."
6382
msgstr ""
6383
6384
#: serverguide/C/virtualization.xml:2259(para)
6385
msgid ""
6386
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6387
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6388
"cluster controller)."
6389
msgstr ""
6390
6391
#: serverguide/C/virtualization.xml:2265(para)
6392
msgid ""
6393
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6394
"running virtual machines, running a node controller. Within Ubuntu, this "
6395
"generally means that the CPU has VT extensions, and can run the KVM "
6396
"hypervisor."
6397
msgstr ""
6398
6399
#: serverguide/C/virtualization.xml:2271(para)
6400
msgid ""
6401
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6402
"on nodes which host the virtual machines that comprise the cloud. This "
6403
"service is provided by the Ubuntu package <application>eucalyptus-"
6404
"nc</application>."
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:2277(para)
6408
msgid ""
6409
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6410
"gigabyte persistent storage solution for EC2."
6411
msgstr ""
6412
6413
#: serverguide/C/virtualization.xml:2282(para)
6414
msgid ""
6415
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6416
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6417
"installation can have its own Storage Controller. This component is provided "
6418
"by the <application>eucalyptus-sc</application> package."
6419
msgstr ""
6420
6421
#: serverguide/C/virtualization.xml:2289(para)
6422
msgid ""
6423
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6424
"solution, based on Eucalyptus."
6425
msgstr ""
6426
6427
#: serverguide/C/virtualization.xml:2294(para)
6428
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6429
msgstr ""
6430
6431
#: serverguide/C/virtualization.xml:2299(para)
6432
msgid ""
6433
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6434
"some modern CPUs, allowing for accelerated virtual machine hosting."
6435
msgstr ""
6436
6437
#: serverguide/C/virtualization.xml:2304(para)
6438
msgid ""
6439
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6440
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6441
"put/get abstractions."
6442
msgstr ""
6443
6444
#: serverguide/C/vcs.xml:13(title)
6445
msgid "Version Control System"
6446
msgstr ""
6447
6448
#: serverguide/C/vcs.xml:14(para)
6449
msgid ""
6450
"Version control is the art of managing changes to information. It has long "
6451
"been a critical tool for programmers, who typically spend their time making "
6452
"small changes to software and then undoing those changes the next day. But "
6453
"the usefulness of version control software extends far beyond the bounds of "
6454
"the software development world. Anywhere you can find people using computers "
6455
"to manage information that changes often, there is room for version control."
6456
msgstr ""
6457
6458
#: serverguide/C/vcs.xml:17(title)
6459
msgid "Bazaar"
6460
msgstr ""
6461
6462
#: serverguide/C/vcs.xml:18(para)
6463
msgid ""
6464
"Bazaar is a new version control system sponsored by Canonical, the "
6465
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6466
"support a central repository model, Bazaar also supports "
6467
"<emphasis>distributed version control</emphasis>, giving people the ability "
6468
"to collaborate more efficiently. In particular, Bazaar is designed to "
6469
"maximize the level of community participation in open source projects."
6470
msgstr ""
6471
6472
#: serverguide/C/vcs.xml:29(para)
6473
msgid ""
6474
"At a terminal prompt, enter the following command to install "
6475
"<application>bzr</application>: <screen>\n"
6476
"<command>sudo apt-get install bzr</command>\n"
6477
"</screen>"
6478
msgstr ""
6479
6480
#: serverguide/C/vcs.xml:40(para)
6481
msgid ""
6482
"To introduce yourself to <application>bzr</application>, use the "
6483
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6484
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6485
"</screen>"
6486
msgstr ""
6487
6488
#: serverguide/C/vcs.xml:49(title)
6489
msgid "Learning Bazaar"
6490
msgstr ""
6491
6492
#: serverguide/C/vcs.xml:50(para)
6493
msgid ""
6494
"Bazaar comes with bundled documentation installed into "
6495
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6496
"is a good place to start. The <application>bzr</application> command also "
6497
"comes with built-in help: <screen>\n"
6498
"<command>$ bzr help</command>\n"
6499
"</screen>"
6500
msgstr ""
6501
6502
#: serverguide/C/vcs.xml:60(para)
6503
msgid ""
6504
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6505
"<command>$ bzr help foo</command>\n"
6506
"</screen>"
6507
msgstr ""
6508
6509
#: serverguide/C/vcs.xml:68(title)
6510
msgid "Launchpad Integration"
6511
msgstr ""
6512
6513
#: serverguide/C/vcs.xml:69(para)
6514
msgid ""
6515
"While highly useful as a stand-alone system, Bazaar has good, optional "
6516
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6517
"the collaborative development system used by Canonical and the broader open "
6518
"source community to manage and extend Ubuntu itself. For information on how "
6519
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6520
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6521
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6522
msgstr ""
6523
6524
#: serverguide/C/vcs.xml:81(title)
6525
msgid "Subversion"
6526
msgstr ""
6527
6528
#: serverguide/C/vcs.xml:82(para)
6529
msgid ""
6530
"Subversion is an open source version control system. Using Subversion, you "
6531
"can record the history of source files and documents. It manages files and "
6532
"directories over time. A tree of files is placed into a central repository. "
6533
"The repository is much like an ordinary file server, except that it "
6534
"remembers every change ever made to files and directories."
6535
msgstr ""
6536
6537
#: serverguide/C/vcs.xml:87(para)
6538
msgid ""
6539
"To access Subversion repository using the HTTP protocol, you must install "
6540
"and configure a web server. Apache2 is proven to work with Subversion. "
6541
"Please refer to the HTTP subsection in the Apache2 section to install and "
6542
"configure Apache2. To access the Subversion repository using the HTTPS "
6543
"protocol, you must install and configure a digital certificate in your "
6544
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6545
"section to install and configure the digital certificate."
6546
msgstr ""
6547
6548
#: serverguide/C/vcs.xml:96(para)
6549
msgid ""
6550
"To install Subversion, run the following command from a terminal prompt:"
6551
msgstr ""
6552
6553
#: serverguide/C/vcs.xml:101(command)
6554
msgid "sudo apt-get install subversion libapache2-svn"
6555
msgstr ""
6556
6557
#: serverguide/C/vcs.xml:108(para)
6558
msgid ""
6559
"This step assumes you have installed above mentioned packages on your "
6560
"system. This section explains how to create a Subversion repository and "
6561
"access the project."
6562
msgstr ""
6563
6564
#: serverguide/C/vcs.xml:111(title)
6565
msgid "Create Subversion Repository"
6566
msgstr ""
6567
6568
#: serverguide/C/vcs.xml:112(para)
6569
msgid ""
6570
"The Subversion repository can be created using the following command from a "
6571
"terminal prompt:"
6572
msgstr ""
6573
6574
#: serverguide/C/vcs.xml:116(command)
6575
msgid "svnadmin create /path/to/repos/project"
6576
msgstr ""
6577
6578
#: serverguide/C/vcs.xml:121(title)
6579
msgid "Importing Files"
6580
msgstr ""
6581
6582
#: serverguide/C/vcs.xml:122(para)
6583
msgid ""
6584
"Once you create the repository you can <emphasis>import</emphasis> files "
6585
"into the repository. To import a directory, enter the following from a "
6586
"terminal prompt: <screen>\n"
6587
"<command>svn import /path/to/import/directory "
6588
"file:///path/to/repos/project</command>\n"
6589
"</screen>"
6590
msgstr ""
6591
6592
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6593
msgid "Access Methods"
6594
msgstr ""
6595
6596
#: serverguide/C/vcs.xml:135(para)
6597
msgid ""
6598
"Subversion repositories can be accessed (checked out) through many different "
6599
"methods --on local disk, or through various network protocols. A repository "
6600
"location, however, is always a URL. The table describes how different URL "
6601
"schemes map to the available access methods."
6602
msgstr ""
6603
6604
#: serverguide/C/vcs.xml:146(para)
6605
msgid "Schema"
6606
msgstr ""
6607
6608
#: serverguide/C/vcs.xml:147(para)
6609
msgid "Access Method"
6610
msgstr ""
6611
6612
#: serverguide/C/vcs.xml:152(para)
6613
msgid "file://"
6614
msgstr ""
6615
6616
#: serverguide/C/vcs.xml:153(para)
6617
msgid "direct repository access (on local disk)"
6618
msgstr ""
6619
6620
#: serverguide/C/vcs.xml:156(para)
6621
msgid "http://"
6622
msgstr ""
6623
6624
#: serverguide/C/vcs.xml:157(para)
6625
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6626
msgstr ""
6627
6628
#: serverguide/C/vcs.xml:160(para)
6629
msgid "https://"
6630
msgstr ""
6631
6632
#: serverguide/C/vcs.xml:161(para)
6633
msgid "Same as http://, but with SSL encryption"
6634
msgstr ""
6635
6636
#: serverguide/C/vcs.xml:164(para)
6637
msgid "svn://"
6638
msgstr ""
6639
6640
#: serverguide/C/vcs.xml:165(para)
6641
msgid "Access via custom protocol to an svnserve server"
6642
msgstr ""
6643
6644
#: serverguide/C/vcs.xml:168(para)
6645
msgid "svn+ssh://"
6646
msgstr ""
6647
6648
#: serverguide/C/vcs.xml:169(para)
6649
msgid "Same as svn://, but through an SSH tunnel"
6650
msgstr ""
6651
6652
#: serverguide/C/vcs.xml:175(para)
6653
msgid ""
6654
"In this section, we will see how to configure Subversion for all these "
6655
"access methods. Here, we cover the basics. For more advanced usage details, "
6656
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6657
msgstr ""
6658
6659
#: serverguide/C/vcs.xml:182(title)
6660
msgid "Direct repository access (file://)"
6661
msgstr ""
6662
6663
#: serverguide/C/vcs.xml:183(para)
6664
msgid ""
6665
"This is the simplest of all access methods. It does not require any "
6666
"Subversion server process to be running. This access method is used to "
6667
"access Subversion from the same machine. The syntax of the command, entered "
6668
"at a terminal prompt, is as follows:"
6669
msgstr ""
6670
6671
#: serverguide/C/vcs.xml:190(command)
6672
msgid "svn co file:///path/to/repos/project"
6673
msgstr ""
6674
6675
#: serverguide/C/vcs.xml:193(para)
6676
msgid "or"
6677
msgstr ""
6678
6679
#: serverguide/C/vcs.xml:196(command)
6680
msgid "svn co file://localhost/path/to/repos/project"
6681
msgstr ""
6682
6683
#: serverguide/C/vcs.xml:200(para)
6684
msgid ""
6685
"If you do not specify the hostname, there are three forward slashes (///) -- "
6686
"two for the protocol (file, in this case) plus the leading slash in the "
6687
"path. If you specify the hostname, you must use two forward slashes (//)."
6688
msgstr ""
6689
6690
#: serverguide/C/vcs.xml:202(para)
6691
msgid ""
6692
"The repository permissions depend on filesystem permissions. If the user has "
6693
"read/write permission, he can checkout from and commit to the repository."
6694
msgstr ""
6695
6696
#: serverguide/C/vcs.xml:205(title)
6697
msgid "Access via WebDAV protocol (http://)"
6698
msgstr ""
6699
6700
#: serverguide/C/vcs.xml:206(para)
6701
msgid ""
6702
"To access the Subversion repository via WebDAV protocol, you must configure "
6703
"your Apache 2 web server. Add the following snippet between the "
6704
"<emphasis><VirtualHost></emphasis> and "
6705
"<emphasis></VirtualHost></emphasis> elements in "
6706
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6707
"VirtualHost file:"
6708
msgstr ""
6709
6710
#: serverguide/C/vcs.xml:212(programlisting)
6711
#, no-wrap
6712
msgid ""
6713
"\n"
6714
" <Location /svn>\n"
6715
" DAV svn\n"
6716
" SVNPath /home/svn\n"
6717
" AuthType Basic\n"
6718
" AuthName \"Your repository name\"\n"
6719
" AuthUserFile /etc/subversion/passwd\n"
6720
" Require valid-user\n"
6721
" </Location> \n"
6722
msgstr ""
6723
6724
#: serverguide/C/vcs.xml:223(para)
6725
msgid ""
6726
"The above configuration snippet assumes that Subversion repositories are "
6727
"created under <filename>/home/svn/</filename> directory using "
6728
"<command>svnadmin</command> command. They can be accessible using "
6729
"<command>http://hostname/svn/repos_name</command> url."
6730
msgstr ""
6731
6732
#: serverguide/C/vcs.xml:229(para)
6733
msgid ""
6734
"To import or commit files to your Subversion repository over HTTP, the "
6735
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6736
"HTTP user is <command>www-data</command>. To change the ownership of the "
6737
"repository files enter the following command from terminal prompt:"
6738
msgstr ""
6739
6740
#: serverguide/C/vcs.xml:238(command)
6741
msgid "sudo chown -R www-data:www-data /path/to/repos"
6742
msgstr ""
6743
6744
#: serverguide/C/vcs.xml:241(para)
6745
msgid ""
6746
"By changing the ownership of repository as <command>www-data</command> you "
6747
"will not be able to import or commit files into the repository by running "
6748
"<command>svn import file:///</command> command as any user other than "
6749
"<command>www-data</command>."
6750
msgstr ""
6751
6752
#: serverguide/C/vcs.xml:250(para)
6753
msgid ""
6754
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6755
"that will contain user authentication details. To create a file issue the "
6756
"following command at a command prompt (which will create the file and add "
6757
"the first user):"
6758
msgstr ""
6759
6760
#: serverguide/C/vcs.xml:256(command)
6761
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6762
msgstr ""
6763
6764
#: serverguide/C/vcs.xml:259(para)
6765
msgid ""
6766
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6767
"option replaces the old file. Instead use this form:"
6768
msgstr ""
6769
6770
#: serverguide/C/vcs.xml:264(command)
6771
msgid "sudo htpasswd /etc/subversion/password user_name"
6772
msgstr ""
6773
6774
#: serverguide/C/vcs.xml:268(para)
6775
msgid ""
6776
"This command will prompt you to enter the password. Once you enter the "
6777
"password, the user is added. Now, to access the repository you can run the "
6778
"following command:"
6779
msgstr ""
6780
6781
#: serverguide/C/vcs.xml:269(command)
6782
msgid "svn co http://servername/svn"
6783
msgstr ""
6784
6785
#: serverguide/C/vcs.xml:271(para)
6786
msgid ""
6787
"The password is transmitted as plain text. If you are worried about password "
6788
"snooping, you are advised to use SSL encryption. For details, please refer "
6789
"next section."
6790
msgstr ""
6791
6792
#: serverguide/C/vcs.xml:277(title)
6793
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6794
msgstr ""
6795
6796
#: serverguide/C/vcs.xml:278(para)
6797
msgid ""
6798
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6799
"(https://) is similar to http:// except that you must install and configure "
6800
"the digital certificate in your Apache2 web server. To use SSL with "
6801
"Subversion add the above Apache2 configuration to "
6802
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6803
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6804
"configuration\"/>."
6805
msgstr ""
6806
6807
#: serverguide/C/vcs.xml:287(para)
6808
msgid ""
6809
"You can install a digital certificate issued by a signing authority. "
6810
"Alternatively, you can install your own self-signed certificate."
6811
msgstr ""
6812
6813
#: serverguide/C/vcs.xml:292(para)
6814
msgid ""
6815
"This step assumes you have installed and configured a digital certificate in "
6816
"your Apache 2 web server. Now, to access the Subversion repository, please "
6817
"refer to the above section! The access methods are exactly the same, except "
6818
"the protocol. You must use https:// to access the Subversion repository."
6819
msgstr ""
6820
6821
#: serverguide/C/vcs.xml:302(title)
6822
msgid "Access via custom protocol (svn://)"
6823
msgstr ""
6824
6825
#: serverguide/C/vcs.xml:303(para)
6826
msgid ""
6827
"Once the Subversion repository is created, you can configure the access "
6828
"control. You can edit the <filename> "
6829
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6830
"access control. For example, to set up authentication, you can uncomment the "
6831
"following lines in the configuration file:"
6832
msgstr ""
6833
6834
#: serverguide/C/vcs.xml:310(programlisting)
6835
#, no-wrap
6836
msgid ""
6837
"# [general]\n"
6838
"# password-db = passwd"
6839
msgstr ""
6840
6841
#: serverguide/C/vcs.xml:313(para)
6842
msgid ""
6843
"After uncommenting the above lines, you can maintain the user list in the "
6844
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6845
"directory and add the new user. The syntax is as follows:"
6846
msgstr ""
6847
6848
#: serverguide/C/vcs.xml:319(programlisting)
6849
#, no-wrap
6850
msgid "username = password"
6851
msgstr ""
6852
6853
#: serverguide/C/vcs.xml:320(para)
6854
msgid "For more details, please refer to the file."
6855
msgstr ""
6856
6857
#: serverguide/C/vcs.xml:324(para)
6858
msgid ""
6859
"Now, to access Subversion via the svn:// custom protocol, either from the "
6860
"same machine or a different machine, you can run svnserver using svnserve "
6861
"command. The syntax is as follows:"
6862
msgstr ""
6863
6864
#: serverguide/C/vcs.xml:329(programlisting)
6865
#, no-wrap
6866
msgid ""
6867
"$ svnserve -d --foreground -r /path/to/repos\n"
6868
"# -d -- daemon mode\n"
6869
"# --foreground -- run in foreground (useful for debugging)\n"
6870
"# -r -- root of directory to serve\n"
6871
"\n"
6872
"For more usage details, please refer to:\n"
6873
"$ svnserve --help"
6874
msgstr ""
6875
6876
#: serverguide/C/vcs.xml:337(para)
6877
msgid ""
6878
"Once you run this command, Subversion starts listening on default port "
6879
"(3690). To access the project repository, you must run the following command "
6880
"from a terminal prompt:"
6881
msgstr ""
6882
6883
#: serverguide/C/vcs.xml:340(command)
6884
msgid "svn co svn://hostname/project project --username user_name"
6885
msgstr ""
6886
6887
#: serverguide/C/vcs.xml:343(para)
6888
msgid ""
6889
"Based on server configuration, it prompts for password. Once you are "
6890
"authenticated, it checks out the code from Subversion repository. To "
6891
"synchronize the project repository with the local copy, you can run the "
6892
"<command>update</command> sub-command. The syntax of the command, entered at "
6893
"a terminal prompt, is as follows:"
6894
msgstr ""
6895
6896
#: serverguide/C/vcs.xml:351(command)
6897
msgid "cd project_dir ; svn update"
6898
msgstr ""
6899
6900
#: serverguide/C/vcs.xml:354(para)
6901
msgid ""
6902
"For more details about using each Subversion sub-command, you can refer to "
6903
"the manual. For example, to learn more about the co (checkout) command, "
6904
"please run the following command from a terminal prompt:"
6905
msgstr ""
6906
6907
#: serverguide/C/vcs.xml:358(command)
6908
msgid "svn co help"
6909
msgstr ""
6910
6911
#: serverguide/C/vcs.xml:362(title)
6912
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6913
msgstr ""
6914
6915
#: serverguide/C/vcs.xml:363(para)
6916
msgid ""
6917
"The configuration and server process is same as in the svn:// method. For "
6918
"details, please refer to the above section. This step assumes you have "
6919
"followed the above step and started the Subversion server using "
6920
"<application>svnserve</application> command."
6921
msgstr ""
6922
6923
#: serverguide/C/vcs.xml:369(para)
6924
msgid ""
6925
"It is also assumed that the ssh server is running on that machine and that "
6926
"it is allowing incoming connections. To confirm, please try to login to that "
6927
"machine using ssh. If you can login, everything is perfect. If you cannot "
6928
"login, please address it before continuing further."
6929
msgstr ""
6930
6931
#: serverguide/C/vcs.xml:375(para)
6932
msgid ""
6933
"The svn+ssh:// protocol is used to access the Subversion repository using "
6934
"SSL encryption. The data transfer is encrypted using this method. To access "
6935
"the project repository (for example with a checkout), you must use the "
6936
"following command syntax:"
6937
msgstr ""
6938
6939
#: serverguide/C/vcs.xml:382(command)
6940
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6941
msgstr ""
6942
6943
#: serverguide/C/vcs.xml:386(para)
6944
msgid ""
6945
"You must use the full path (/path/to/repos/project) to access the Subversion "
6946
"repository using this access method."
6947
msgstr ""
6948
6949
#: serverguide/C/vcs.xml:389(para)
6950
msgid ""
6951
"Based on server configuration, it prompts for password. You must enter the "
6952
"password you use to login via ssh. Once you are authenticated, it checks out "
6953
"the code from the Subversion repository."
6954
msgstr ""
6955
6956
#: serverguide/C/vcs.xml:399(title)
6957
msgid "CVS Server"
6958
msgstr ""
6959
6960
#: serverguide/C/vcs.xml:400(para)
6961
msgid ""
6962
"CVS is a version control system. You can use it to record the history of "
6963
"source files."
6964
msgstr ""
6965
6966
#: serverguide/C/vcs.xml:406(para)
6967
msgid ""
6968
"To install <application>CVS</application>, run the following command from a "
6969
"terminal prompt: <screen>\n"
6970
"<command>sudo apt-get install cvs</command>\n"
6971
"</screen> After you install <application>cvs</application>, you should "
6972
"install <application>xinetd</application> to start/stop the cvs server. At "
6973
"the prompt, enter the following command to install "
6974
"<application>xinetd</application>: <screen>\n"
6975
"<command>sudo apt-get install xinetd</command>\n"
6976
"</screen>"
6977
msgstr ""
6978
6979
#: serverguide/C/vcs.xml:439(programlisting)
6980
#, no-wrap
6981
msgid ""
6982
"\n"
6983
"service cvspserver\n"
6984
"{\n"
6985
" port = 2401\n"
6986
" socket_type = stream\n"
6987
" protocol = tcp\n"
6988
" user = root\n"
6989
" wait = no\n"
6990
" type = UNLISTED\n"
6991
" server = /usr/bin/cvs\n"
6992
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6993
" disable = no\n"
6994
"}\n"
6995
msgstr ""
6996
6997
#: serverguide/C/vcs.xml:455(para)
6998
msgid ""
6999
"Be sure to edit the repository if you have changed the default repository "
7000
"(<application>/var/lib/cvs</application>) directory."
7001
msgstr ""
7002
7003
#: serverguide/C/vcs.xml:424(para)
7004
msgid ""
7005
"Once you install cvs, the repository will be automatically initialized. By "
7006
"default, the repository resides under the "
7007
"<application>/var/lib/cvs</application> directory. You can change this path "
7008
"by running following command: <screen>\n"
7009
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7010
"</screen> Once the initial repository is set up, you can configure "
7011
"<application>xinetd</application> to start the CVS server. You can copy the "
7012
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7013
"<placeholder-1/><placeholder-2/> Once you have configured "
7014
"<application>xinetd</application> you can start the cvs server by running "
7015
"following command: <screen>\n"
7016
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7017
"</screen>"
7018
msgstr ""
7019
7020
#: serverguide/C/vcs.xml:468(para)
7021
msgid ""
7022
"You can confirm that the CVS server is running by issuing the following "
7023
"command:"
7024
msgstr ""
7025
7026
#: serverguide/C/vcs.xml:475(command)
7027
msgid "sudo netstat -tap | grep cvs"
7028
msgstr ""
7029
7030
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7031
msgid ""
7032
"When you run this command, you should see the following line or something "
7033
"similar:"
7034
msgstr ""
7035
7036
#: serverguide/C/vcs.xml:484(programlisting)
7037
#, no-wrap
7038
msgid ""
7039
"\n"
7040
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7041
msgstr ""
7042
7043
#: serverguide/C/vcs.xml:488(para)
7044
msgid ""
7045
"From here you can continue to add users, add new projects, and manage the "
7046
"CVS server."
7047
msgstr ""
7048
7049
#: serverguide/C/vcs.xml:493(para)
7050
msgid ""
7051
"CVS allows the user to add users independently of the underlying OS "
7052
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7053
"although it has potential security issues. Please refer to the CVS manual "
7054
"for details."
7055
msgstr ""
7056
7057
#: serverguide/C/vcs.xml:503(title)
7058
msgid "Add Projects"
7059
msgstr ""
7060
7061
#: serverguide/C/vcs.xml:515(para)
7062
msgid ""
7063
"You can use the CVSROOT environment variable to store the CVS root "
7064
"directory. Once you export the CVSROOT environment variable, you can avoid "
7065
"using -d option in the above cvs command."
7066
msgstr ""
7067
7068
#: serverguide/C/vcs.xml:527(para)
7069
msgid ""
7070
"When you add a new project, the CVS user you use must have write access to "
7071
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7072
"the <application>src</application> group has write access to the CVS "
7073
"repository. So, you can add the user to this group, and he can then add and "
7074
"manage projects in the CVS repository."
7075
msgstr ""
7076
7077
#: serverguide/C/vcs.xml:504(para)
7078
msgid ""
7079
"This section explains how to add new project to the CVS repository. Create "
7080
"the directory and add necessary document and source files to the directory. "
7081
"Now, run the following command to add this project to CVS repository: "
7082
"<screen>\n"
7083
"<command>cd your/project</command>\n"
7084
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7085
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7086
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7087
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7088
"purpose in this context, but since CVS requires them, they must be present. "
7089
"<placeholder-2/>"
7090
msgstr ""
7091
7092
#: serverguide/C/vcs.xml:540(ulink)
7093
msgid "Bazaar Home Page"
7094
msgstr ""
7095
7096
#: serverguide/C/vcs.xml:541(ulink)
7097
msgid "Launchpad"
7098
msgstr ""
7099
7100
#: serverguide/C/vcs.xml:542(ulink)
7101
msgid "Subversion Home Page"
7102
msgstr ""
7103
7104
#: serverguide/C/vcs.xml:543(ulink)
7105
msgid "Subversion Book"
7106
msgstr ""
7107
7108
#: serverguide/C/vcs.xml:545(ulink)
7109
msgid "CVS Manual"
7110
msgstr ""
7111
7112
#: serverguide/C/vcs.xml:546(ulink)
7113
msgid "Easy Bazaar Ubuntu Wiki page"
7114
msgstr ""
7115
7116
#: serverguide/C/vcs.xml:547(ulink)
7117
msgid "Ubuntu Wiki Subversion page"
7118
msgstr ""
7119
7120
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7121
msgid "Credits and License"
7122
msgstr ""
7123
7124
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7125
msgid ""
7126
"This document is maintained by the Ubuntu documentation team "
7127
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7128
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7129
msgstr ""
7130
7131
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7132
msgid ""
7133
"This document is made available under the Creative Commons ShareAlike 2.5 "
7134
"License (CC-BY-SA)."
7135
msgstr ""
7136
7137
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7138
msgid ""
7139
"You are free to modify, extend, and improve the Ubuntu documentation source "
7140
"code under the terms of this license. All derivative works must be released "
7141
"under this license."
7142
msgstr ""
7143
7144
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7145
msgid ""
7146
"This documentation is distributed in the hope that it will be useful, but "
7147
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7148
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7149
msgstr ""
7150
7151
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7152
msgid ""
7153
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7154
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7155
msgstr ""
7156
7157
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7158
msgid "2010"
7159
msgstr ""
7160
7161
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7162
msgid "Ubuntu Documentation Project"
7163
msgstr ""
7164
7165
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7166
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7167
msgstr ""
7168
7169
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7170
msgid "The Ubuntu Documentation Project"
7171
msgstr ""
7172
7173
#: serverguide/C/serverguide.xml:17(para)
7174
msgid ""
7175
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7176
"information on how to install and configure various server applications on "
7177
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7178
"guide for configuring and customizing your system."
7179
msgstr ""
7180
7181
#: serverguide/C/security.xml:13(title)
7182
msgid "Security"
7183
msgstr ""
7184
7185
#: serverguide/C/security.xml:14(para)
7186
msgid ""
7187
"Security should always be considered when installing, deploying, and using "
7188
"any type of computer system. Although a fresh installation of Ubuntu is "
7189
"relatively safe for immediate use on the Internet, it is important to have a "
7190
"balanced understanding of your systems security posture based on how it will "
7191
"be used after deployment."
7192
msgstr ""
7193
7194
#: serverguide/C/security.xml:17(para)
7195
msgid ""
7196
"This chapter provides an overview of security related topics as they pertain "
7197
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7198
"protect your server and network from any number of potential security "
7199
"threats."
7200
msgstr ""
7201
7202
#: serverguide/C/security.xml:21(title)
7203
msgid "User Management"
7204
msgstr ""
7205
7206
#: serverguide/C/security.xml:22(para)
7207
msgid ""
7208
"User management is a critical part of maintaining a secure system. "
7209
"Ineffective user and privilege management often lead many systems into being "
7210
"compromised. Therefore, it is important that you understand how you can "
7211
"protect your server through simple and effective user account management "
7212
"techniques."
7213
msgstr ""
7214
7215
#: serverguide/C/security.xml:26(title)
7216
msgid "Where is root?"
7217
msgstr ""
7218
7219
#: serverguide/C/security.xml:27(para)
7220
msgid ""
7221
"Ubuntu developers made a conscientious decision to disable the "
7222
"administrative root account by default in all Ubuntu installations. This "
7223
"does not mean that the root account has been deleted or that it may not be "
7224
"accessed. It merely has been given a password which matches no possible "
7225
"encrypted value, therefore may not log in directly by itself."
7226
msgstr ""
7227
7228
#: serverguide/C/security.xml:30(para)
7229
msgid ""
7230
"Instead, users are encouraged to make use of a tool by the name of "
7231
"<application>sudo</application> to carry out system administrative duties. "
7232
"<application>Sudo</application> allows an authorized user to temporarily "
7233
"elevate their privileges using their own password instead of having to know "
7234
"the password belonging to the root account. This simple yet effective "
7235
"methodology provides accountability for all user actions, and gives the "
7236
"administrator granular control over which actions a user can perform with "
7237
"said privileges."
7238
msgstr ""
7239
7240
#: serverguide/C/security.xml:35(para)
7241
msgid ""
7242
"If for some reason you wish to enable the root account, simply give it a "
7243
"password:"
7244
msgstr ""
7245
7246
#: serverguide/C/security.xml:39(command)
7247
msgid "sudo passwd"
7248
msgstr ""
7249
7250
#: serverguide/C/security.xml:41(para)
7251
msgid ""
7252
"Sudo will prompt you for your password, and then ask you to supply a new "
7253
"password for root as shown below:"
7254
msgstr ""
7255
7256
#: serverguide/C/security.xml:44(userinput)
7257
#, no-wrap
7258
msgid "(enter your own password)"
7259
msgstr ""
7260
7261
#: serverguide/C/security.xml:45(userinput)
7262
#, no-wrap
7263
msgid "(enter a new password for root)"
7264
msgstr ""
7265
7266
#: serverguide/C/security.xml:46(userinput)
7267
#, no-wrap
7268
msgid "(repeat new password for root)"
7269
msgstr ""
7270
7271
#: serverguide/C/security.xml:44(computeroutput)
7272
#, no-wrap
7273
msgid ""
7274
"[sudo] password for username: <placeholder-1/>\n"
7275
"Enter new UNIX password: <placeholder-2/>\n"
7276
"Retype new UNIX password: <placeholder-3/>\n"
7277
"passwd: password updated successfully"
7278
msgstr ""
7279
7280
#: serverguide/C/security.xml:51(para)
7281
msgid "To disable the root account, use the following passwd syntax:"
7282
msgstr ""
7283
7284
#: serverguide/C/security.xml:55(command)
7285
msgid "sudo passwd -l root"
7286
msgstr ""
7287
7288
#: serverguide/C/security.xml:59(para)
7289
msgid ""
7290
"You should read more on <application>Sudo</application> by checking out it's "
7291
"man page:"
7292
msgstr ""
7293
7294
#: serverguide/C/security.xml:63(command)
7295
msgid "man sudo"
7296
msgstr ""
7297
7298
#: serverguide/C/security.xml:67(para)
7299
msgid ""
7300
"By default, the initial user created by the Ubuntu installer is a member of "
7301
"the group \"admin\" which is added to the file "
7302
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7303
"give any other account full root access through "
7304
"<application>sudo</application>, simply add them to the admin group."
7305
msgstr ""
7306
7307
#: serverguide/C/security.xml:73(title)
7308
msgid "Adding and Deleting Users"
7309
msgstr ""
7310
7311
#: serverguide/C/security.xml:74(para)
7312
msgid ""
7313
"The process for managing local users and groups is straight forward and "
7314
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7315
"other Debian based distributions, encourage the use of the \"adduser\" "
7316
"package for account management."
7317
msgstr ""
7318
7319
#: serverguide/C/security.xml:79(para)
7320
msgid ""
7321
"To add a user account, use the following syntax, and follow the prompts to "
7322
"give the account a password and identifiable characteristics such as a full "
7323
"name, phone number, etc."
7324
msgstr ""
7325
7326
#: serverguide/C/security.xml:83(command)
7327
msgid "sudo adduser username"
7328
msgstr ""
7329
7330
#: serverguide/C/security.xml:87(para)
7331
msgid ""
7332
"To delete a user account and its primary group, use the following syntax:"
7333
msgstr ""
7334
7335
#: serverguide/C/security.xml:91(command)
7336
msgid "sudo deluser username"
7337
msgstr ""
7338
7339
#: serverguide/C/security.xml:93(para)
7340
msgid ""
7341
"Deleting an account does not remove their respective home folder. It is up "
7342
"to you whether or not you wish to delete the folder manually or keep it "
7343
"according to your desired retention policies."
7344
msgstr ""
7345
7346
#: serverguide/C/security.xml:96(para)
7347
msgid ""
7348
"Remember, any user added later on with the same UID/GID as the previous "
7349
"owner will now have access to this folder if you have not taken the "
7350
"necessary precautions."
7351
msgstr ""
7352
7353
#: serverguide/C/security.xml:99(para)
7354
msgid ""
7355
"You may want to change these UID/GID values to something more appropriate, "
7356
"such as the root account, and perhaps even relocate the folder to avoid "
7357
"future conflicts:"
7358
msgstr ""
7359
7360
#: serverguide/C/security.xml:103(command)
7361
msgid "sudo chown -R root:root /home/username/"
7362
msgstr ""
7363
7364
#: serverguide/C/security.xml:104(command)
7365
msgid "sudo mkdir /home/archived_users/"
7366
msgstr ""
7367
7368
#: serverguide/C/security.xml:105(command)
7369
msgid "sudo mv /home/username /home/archived_users/"
7370
msgstr ""
7371
7372
#: serverguide/C/security.xml:109(para)
7373
msgid ""
7374
"To temporarily lock or unlock a user account, use the following syntax, "
7375
"respectively:"
7376
msgstr ""
7377
7378
#: serverguide/C/security.xml:113(command)
7379
msgid "sudo passwd -l username"
7380
msgstr ""
7381
7382
#: serverguide/C/security.xml:114(command)
7383
msgid "sudo passwd -u username"
7384
msgstr ""
7385
7386
#: serverguide/C/security.xml:118(para)
7387
msgid ""
7388
"To add or delete a personalized group, use the following syntax, "
7389
"respectively:"
7390
msgstr ""
7391
7392
#: serverguide/C/security.xml:122(command)
7393
msgid "sudo addgroup groupname"
7394
msgstr ""
7395
7396
#: serverguide/C/security.xml:123(command)
7397
msgid "sudo delgroup groupname"
7398
msgstr ""
7399
7400
#: serverguide/C/security.xml:127(para)
7401
msgid "To add a user to a group, use the following syntax:"
7402
msgstr ""
7403
7404
#: serverguide/C/security.xml:131(command)
7405
msgid "sudo adduser username groupname"
7406
msgstr ""
7407
7408
#: serverguide/C/security.xml:138(title)
7409
msgid "User Profile Security"
7410
msgstr ""
7411
7412
#: serverguide/C/security.xml:139(para)
7413
msgid ""
7414
"When a new user is created, the adduser utility creates a brand new home "
7415
"directory named <filename class=\"directory\">/home/username</filename>, "
7416
"respectively. The default profile is modeled after the contents found in the "
7417
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7418
"includes all profile basics."
7419
msgstr ""
7420
7421
#: serverguide/C/security.xml:142(para)
7422
msgid ""
7423
"If your server will be home to multiple users, you should pay close "
7424
"attention to the user home directory permissions to ensure confidentiality. "
7425
"By default, user home directories in Ubuntu are created with world "
7426
"read/execute permissions. This means that all users can browse and access "
7427
"the contents of other users home directories. This may not be suitable for "
7428
"your environment."
7429
msgstr ""
7430
7431
#: serverguide/C/security.xml:147(para)
7432
msgid ""
7433
"To verify your current users home directory permissions, use the following "
7434
"syntax:"
7435
msgstr ""
7436
7437
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7438
msgid "ls -ld /home/username"
7439
msgstr ""
7440
7441
#: serverguide/C/security.xml:153(para)
7442
msgid ""
7443
"The following output shows that the directory <filename "
7444
"class=\"directory\">/home/username</filename> has world readable permissions:"
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:156(computeroutput)
7448
#, no-wrap
7449
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7450
msgstr ""
7451
7452
#: serverguide/C/security.xml:160(para)
7453
msgid ""
7454
"You can remove the world readable permissions using the following syntax:"
7455
msgstr ""
7456
7457
#: serverguide/C/security.xml:164(command)
7458
msgid "sudo chmod 0750 /home/username"
7459
msgstr ""
7460
7461
#: serverguide/C/security.xml:167(para)
7462
msgid ""
7463
"Some people tend to use the recursive option (-R) indiscriminately which "
7464
"modifies all child folders and files, but this is not necessary, and may "
7465
"yield other undesirable results. The parent directory alone is sufficient "
7466
"for preventing unauthorized access to anything below the parent."
7467
msgstr ""
7468
7469
#: serverguide/C/security.xml:171(para)
7470
msgid ""
7471
"A much more efficient approach to the matter would be to modify the "
7472
"<application>adduser</application> global default permissions when creating "
7473
"user home folders. Simply edit the file "
7474
"<filename>/etc/adduser.conf</filename> and modify the "
7475
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7476
"new home directories will receive the correct permissions."
7477
msgstr ""
7478
7479
#: serverguide/C/security.xml:174(programlisting)
7480
#, no-wrap
7481
msgid ""
7482
"\n"
7483
"DIR_MODE=0750\n"
7484
msgstr ""
7485
7486
#: serverguide/C/security.xml:179(para)
7487
msgid ""
7488
"After correcting the directory permissions using any of the previously "
7489
"mentioned techniques, verify the results using the following syntax:"
7490
msgstr ""
7491
7492
#: serverguide/C/security.xml:185(para)
7493
msgid ""
7494
"The results below show that world readable permissions have been removed:"
7495
msgstr ""
7496
7497
#: serverguide/C/security.xml:188(computeroutput)
7498
#, no-wrap
7499
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7500
msgstr ""
7501
7502
#: serverguide/C/security.xml:195(title)
7503
msgid "Password Policy"
7504
msgstr ""
7505
7506
#: serverguide/C/security.xml:196(para)
7507
msgid ""
7508
"A strong password policy is one of the most important aspects of your "
7509
"security posture. Many successful security breaches involve simple brute "
7510
"force and dictionary attacks against weak passwords. If you intend to offer "
7511
"any form of remote access involving your local password system, make sure "
7512
"you adequately address minimum password complexity requirements, maximum "
7513
"password lifetimes, and frequent audits of your authentication systems."
7514
msgstr ""
7515
7516
#: serverguide/C/security.xml:200(title)
7517
msgid "Minimum Password Length"
7518
msgstr ""
7519
7520
#: serverguide/C/security.xml:201(para)
7521
msgid ""
7522
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7523
"well as some basic entropy checks. These values are controlled in the file "
7524
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7525
msgstr ""
7526
7527
#: serverguide/C/security.xml:204(programlisting)
7528
#, no-wrap
7529
msgid ""
7530
"\n"
7531
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7532
msgstr ""
7533
7534
#: serverguide/C/security.xml:207(para)
7535
msgid ""
7536
"If you would like to adjust the minimum length to 8 characters, change the "
7537
"appropriate variable to min=8. The modification is outlined below."
7538
msgstr ""
7539
7540
#: serverguide/C/security.xml:210(programlisting)
7541
#, no-wrap
7542
msgid ""
7543
"\n"
7544
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7545
"min=8\n"
7546
msgstr ""
7547
7548
#: serverguide/C/security.xml:215(title)
7549
msgid "Password Expiration"
7550
msgstr ""
7551
7552
#: serverguide/C/security.xml:216(para)
7553
msgid ""
7554
"When creating user accounts, you should make it a policy to have a minimum "
7555
"and maximum password age forcing users to change their passwords when they "
7556
"expire."
7557
msgstr ""
7558
7559
#: serverguide/C/security.xml:221(para)
7560
msgid ""
7561
"To easily view the current status of a user account, use the following "
7562
"syntax:"
7563
msgstr ""
7564
7565
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7566
msgid "sudo chage -l username"
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:227(para)
7570
msgid ""
7571
"The output below shows interesting facts about the user account, namely that "
7572
"there are no policies applied:"
7573
msgstr ""
7574
7575
#: serverguide/C/security.xml:230(computeroutput)
7576
#, no-wrap
7577
msgid ""
7578
"Last password change : Jan 20, 2008\n"
7579
"Password expires : never\n"
7580
"Password inactive : never\n"
7581
"Account expires : never\n"
7582
"Minimum number of days between password change : 0\n"
7583
"Maximum number of days between password change : 99999\n"
7584
"Number of days of warning before password expires : 7"
7585
msgstr ""
7586
7587
#: serverguide/C/security.xml:240(para)
7588
msgid ""
7589
"To set any of these values, simply use the following syntax, and follow the "
7590
"interactive prompts:"
7591
msgstr ""
7592
7593
#: serverguide/C/security.xml:244(command)
7594
msgid "sudo chage username"
7595
msgstr ""
7596
7597
#: serverguide/C/security.xml:246(para)
7598
msgid ""
7599
"The following is also an example of how you can manually change the explicit "
7600
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7601
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7602
"password expiration, and a warning time period (-W) of 14 days before "
7603
"password expiration."
7604
msgstr ""
7605
7606
#: serverguide/C/security.xml:250(command)
7607
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7608
msgstr ""
7609
7610
#: serverguide/C/security.xml:254(para)
7611
msgid "To verify changes, use the same syntax as mentioned previously:"
7612
msgstr ""
7613
7614
#: serverguide/C/security.xml:260(para)
7615
msgid ""
7616
"The output below shows the new policies that have been established for the "
7617
"account:"
7618
msgstr ""
7619
7620
#: serverguide/C/security.xml:263(computeroutput)
7621
#, no-wrap
7622
msgid ""
7623
"Last password change : Jan 20, 2008\n"
7624
"Password expires : Apr 19, 2008\n"
7625
"Password inactive : May 19, 2008\n"
7626
"Account expires : Jan 31, 2008\n"
7627
"Minimum number of days between password change : 5\n"
7628
"Maximum number of days between password change : 90\n"
7629
"Number of days of warning before password expires : 14"
7630
msgstr ""
7631
7632
#: serverguide/C/security.xml:279(title)
7633
msgid "Other Security Considerations"
7634
msgstr ""
7635
7636
#: serverguide/C/security.xml:280(para)
7637
msgid ""
7638
"Many applications use alternate authentication mechanisms that can be easily "
7639
"overlooked by even experienced system administrators. Therefore, it is "
7640
"important to understand and control how users authenticate and gain access "
7641
"to services and applications on your server."
7642
msgstr ""
7643
7644
#: serverguide/C/security.xml:285(title)
7645
msgid "SSH Access by Disabled Users"
7646
msgstr ""
7647
7648
#: serverguide/C/security.xml:286(para)
7649
msgid ""
7650
"Simply disabling/locking a user account will not prevent a user from logging "
7651
"into your server remotely if they have previously set up RSA public key "
7652
"authentication. They will still be able to gain shell access to the server, "
7653
"without the need for any password. Remember to check the users home "
7654
"directory for files that will allow for this type of authenticated SSH "
7655
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7656
msgstr ""
7657
7658
#: serverguide/C/security.xml:289(para)
7659
msgid ""
7660
"Remove or rename the directory <filename "
7661
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7662
"further SSH authentication capabilities."
7663
msgstr ""
7664
7665
#: serverguide/C/security.xml:292(para)
7666
msgid ""
7667
"Be sure to check for any established SSH connections by the disabled user, "
7668
"as it is possible they may have existing inbound or outbound connections. "
7669
"Kill any that are found."
7670
msgstr ""
7671
7672
#: serverguide/C/security.xml:295(para)
7673
msgid ""
7674
"Restrict SSH access to only user accounts that should have it. For example, "
7675
"you may create a group called \"sshlogin\" and add the group name as the "
7676
"value associated with the <varname>AllowGroups</varname> variable located in "
7677
"the file <filename>/etc/ssh/sshd_config</filename>."
7678
msgstr ""
7679
7680
#: serverguide/C/security.xml:298(programlisting)
7681
#, no-wrap
7682
msgid ""
7683
"\n"
7684
"AllowGroups sshlogin\n"
7685
msgstr ""
7686
7687
#: serverguide/C/security.xml:301(para)
7688
msgid ""
7689
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7690
"SSH service."
7691
msgstr ""
7692
7693
#: serverguide/C/security.xml:305(command)
7694
msgid "sudo adduser username sshlogin"
7695
msgstr ""
7696
7697
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7698
msgid "sudo /etc/init.d/ssh restart"
7699
msgstr ""
7700
7701
#: serverguide/C/security.xml:310(title)
7702
msgid "External User Database Authentication"
7703
msgstr ""
7704
7705
#: serverguide/C/security.xml:311(para)
7706
msgid ""
7707
"Most enterprise networks require centralized authentication and access "
7708
"controls for all system resources. If you have configured your server to "
7709
"authenticate users against external databases, be sure to disable the user "
7710
"accounts both externally and locally, this way you ensure that local "
7711
"fallback authentication is not possible."
7712
msgstr ""
7713
7714
#: serverguide/C/security.xml:320(title)
7715
msgid "Console Security"
7716
msgstr ""
7717
7718
#: serverguide/C/security.xml:321(para)
7719
msgid ""
7720
"As with any other security barrier you put in place to protect your server, "
7721
"it is pretty tough to defend against untold damage caused by someone with "
7722
"physical access to your environment, for example, theft of hard drives, "
7723
"power or service disruption and so on. Therefore, console security should be "
7724
"addressed merely as one component of your overall physical security "
7725
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7726
"very least slow down a determined one, so it is still advisable to perform "
7727
"basic precautions with regard to console security."
7728
msgstr ""
7729
7730
#: serverguide/C/security.xml:324(para)
7731
msgid ""
7732
"The following instructions will help defend your server against issues that "
7733
"could otherwise yield very serious consequences."
7734
msgstr ""
7735
7736
#: serverguide/C/security.xml:329(title)
7737
msgid "Disable Ctrl+Alt+Delete"
7738
msgstr ""
7739
7740
#: serverguide/C/security.xml:330(para)
7741
msgid ""
7742
"First and foremost, anyone that has physical access to the keyboard can "
7743
"simply use the "
7744
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7745
"eycombo> key combination to reboot the server without having to log on. "
7746
"Sure, someone could simply unplug the power source, but you should still "
7747
"prevent the use of this key combination on a production server. This forces "
7748
"an attacker to take more drastic measures to reboot the server, and will "
7749
"prevent accidental reboots at the same time."
7750
msgstr ""
7751
7752
#: serverguide/C/security.xml:335(para)
7753
msgid ""
7754
"To disable the reboot action taken by pressing the "
7755
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7756
"eycombo> key combination, comment out the following line in the file "
7757
"<filename>/etc/init/control-alt-delete.conf</filename>."
7758
msgstr ""
7759
7760
#: serverguide/C/security.xml:338(programlisting)
7761
#, no-wrap
7762
msgid ""
7763
"\n"
7764
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7765
msgstr ""
7766
7767
#: serverguide/C/security.xml:347(title)
7768
msgid "Firewall"
7769
msgstr ""
7770
7771
#: serverguide/C/security.xml:350(para)
7772
msgid ""
7773
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7774
"which is used to manipulate or decide the fate of network traffic headed "
7775
"into or through your server. All modern Linux firewall solutions use this "
7776
"system for packet filtering."
7777
msgstr ""
7778
7779
#: serverguide/C/security.xml:355(para)
7780
msgid ""
7781
"The kernel's packet filtering system would be of little use to "
7782
"administrators without a userspace interface to manage it. This is the "
7783
"purpose of iptables. When a packet reaches your server, it will be handed "
7784
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7785
"based on the rules supplied to it from userspace via iptables. Thus, "
7786
"iptables is all you need to manage your firewall if you're familiar with it, "
7787
"but many frontends are available to simplify the task."
7788
msgstr ""
7789
7790
#: serverguide/C/security.xml:365(title)
7791
msgid "ufw - Uncomplicated Firewall"
7792
msgstr ""
7793
7794
#: serverguide/C/security.xml:366(para)
7795
msgid ""
7796
"The default firewall configuration tool for Ubuntu is "
7797
"<application>ufw</application>. Developed to ease iptables firewall "
7798
"configuration, <application>ufw</application> provides a user friendly way "
7799
"to create an IPv4 or IPv6 host-based firewall."
7800
msgstr ""
7801
7802
#: serverguide/C/security.xml:370(para)
7803
msgid ""
7804
"<application>ufw</application> by default is initially disabled. From the "
7805
"<application>ufw</application> man page:"
7806
msgstr ""
7807
7808
#: serverguide/C/security.xml:374(quote)
7809
msgid ""
7810
"ufw is not intended to provide complete firewall functionality via its "
7811
"command interface, but instead provides an easy way to add or remove simple "
7812
"rules. It is currently mainly used for host-based firewalls."
7813
msgstr ""
7814
7815
#: serverguide/C/security.xml:378(para)
7816
msgid ""
7817
"The following are some examples of how to use <application>ufw</application>:"
7818
msgstr ""
7819
7820
#: serverguide/C/security.xml:383(para)
7821
msgid ""
7822
"First, <application>ufw</application> needs to be enabled. From a terminal "
7823
"prompt enter:"
7824
msgstr ""
7825
7826
#: serverguide/C/security.xml:387(command)
7827
msgid "sudo ufw enable"
7828
msgstr ""
7829
7830
#: serverguide/C/security.xml:391(para)
7831
msgid "To open a port (ssh in this example):"
7832
msgstr ""
7833
7834
#: serverguide/C/security.xml:395(command)
7835
msgid "sudo ufw allow 22"
7836
msgstr ""
7837
7838
#: serverguide/C/security.xml:399(para)
7839
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7840
msgstr ""
7841
7842
#: serverguide/C/security.xml:403(command)
7843
msgid "sudo ufw insert 1 allow 80"
7844
msgstr ""
7845
7846
#: serverguide/C/security.xml:407(para)
7847
msgid "Similarly, to close an opened port:"
7848
msgstr ""
7849
7850
#: serverguide/C/security.xml:411(command)
7851
msgid "sudo ufw deny 22"
7852
msgstr ""
7853
7854
#: serverguide/C/security.xml:415(para)
7855
msgid "To remove a rule, use delete followed by the rule:"
7856
msgstr ""
7857
7858
#: serverguide/C/security.xml:419(command)
7859
msgid "sudo ufw delete deny 22"
7860
msgstr ""
7861
7862
#: serverguide/C/security.xml:423(para)
7863
msgid ""
7864
"It is also possible to allow access from specific hosts or networks to a "
7865
"port. The following example allows ssh access from host 192.168.0.2 to any "
7866
"ip address on this host:"
7867
msgstr ""
7868
7869
#: serverguide/C/security.xml:428(command)
7870
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7871
msgstr ""
7872
7873
#: serverguide/C/security.xml:430(para)
7874
msgid ""
7875
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7876
"subnet."
7877
msgstr ""
7878
7879
#: serverguide/C/security.xml:436(para)
7880
msgid ""
7881
"Adding the <emphasis>--dry-run</emphasis> option to a "
7882
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7883
"apply them. For example, the following is what would be applied if opening "
7884
"the HTTP port:"
7885
msgstr ""
7886
7887
#: serverguide/C/security.xml:442(command)
7888
msgid "sudo ufw --dry-run allow http"
7889
msgstr ""
7890
7891
#: serverguide/C/security.xml:446(computeroutput)
7892
#, no-wrap
7893
msgid ""
7894
"*filter\n"
7895
":ufw-user-input - [0:0]\n"
7896
":ufw-user-output - [0:0]\n"
7897
":ufw-user-forward - [0:0]\n"
7898
":ufw-user-limit - [0:0]\n"
7899
":ufw-user-limit-accept - [0:0]\n"
7900
"### RULES ###\n"
7901
"\n"
7902
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7903
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7904
"\n"
7905
"### END RULES ###\n"
7906
"-A ufw-user-input -j RETURN\n"
7907
"-A ufw-user-output -j RETURN\n"
7908
"-A ufw-user-forward -j RETURN\n"
7909
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7910
"LIMIT]: \"\n"
7911
"-A ufw-user-limit -j REJECT\n"
7912
"-A ufw-user-limit-accept -j ACCEPT\n"
7913
"COMMIT\n"
7914
"Rules updated"
7915
msgstr ""
7916
7917
#: serverguide/C/security.xml:470(para)
7918
msgid "<application>ufw</application> can be disabled by:"
7919
msgstr ""
7920
7921
#: serverguide/C/security.xml:474(command)
7922
msgid "sudo ufw disable"
7923
msgstr ""
7924
7925
#: serverguide/C/security.xml:478(para)
7926
msgid "To see the firewall status, enter:"
7927
msgstr ""
7928
7929
#: serverguide/C/security.xml:482(command)
7930
msgid "sudo ufw status"
7931
msgstr ""
7932
7933
#: serverguide/C/security.xml:486(para)
7934
msgid "And for more verbose status information use:"
7935
msgstr ""
7936
7937
#: serverguide/C/security.xml:490(command)
7938
msgid "sudo ufw status verbose"
7939
msgstr ""
7940
7941
#: serverguide/C/security.xml:494(para)
7942
msgid "To view the <emphasis>numbered</emphasis> format:"
7943
msgstr ""
7944
7945
#: serverguide/C/security.xml:498(command)
7946
msgid "sudo ufw status numbered"
7947
msgstr ""
7948
7949
#: serverguide/C/security.xml:503(para)
7950
msgid ""
7951
"If the port you want to open or close is defined in "
7952
"<filename>/etc/services</filename>, you can use the port name instead of the "
7953
"number. In the above examples, replace <emphasis>22</emphasis> with "
7954
"<emphasis>ssh</emphasis>."
7955
msgstr ""
7956
7957
#: serverguide/C/security.xml:509(para)
7958
msgid ""
7959
"This is a quick introduction to using <application>ufw</application>. Please "
7960
"refer to the <application>ufw</application> man page for more information."
7961
msgstr ""
7962
7963
#: serverguide/C/security.xml:515(title)
7964
msgid "ufw Application Integration"
7965
msgstr ""
7966
7967
#: serverguide/C/security.xml:517(para)
7968
msgid ""
7969
"Applications that open ports can include an <application>ufw</application> "
7970
"profile, which details the ports needed for the application to function "
7971
"properly. The profiles are kept in <filename "
7972
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7973
"the default ports have been changed."
7974
msgstr ""
7975
7976
#: serverguide/C/security.xml:526(para)
7977
msgid ""
7978
"To view which applications have installed a profile, enter the following in "
7979
"a terminal:"
7980
msgstr ""
7981
7982
#: serverguide/C/security.xml:531(command)
7983
msgid "sudo ufw app list"
7984
msgstr ""
7985
7986
#: serverguide/C/security.xml:537(para)
7987
msgid ""
7988
"Similar to allowing traffic to a port, using an application profile is "
7989
"accomplished by entering:"
7990
msgstr ""
7991
7992
#: serverguide/C/security.xml:542(command)
7993
msgid "sudo ufw allow Samba"
7994
msgstr ""
7995
7996
#: serverguide/C/security.xml:548(para)
7997
msgid "An extended syntax is available as well:"
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:553(command)
8001
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8002
msgstr ""
8003
8004
#: serverguide/C/security.xml:556(para)
8005
msgid ""
8006
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8007
"with the application profile you are using and the IP range for your network."
8008
msgstr ""
8009
8010
#: serverguide/C/security.xml:562(para)
8011
msgid ""
8012
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8013
"application, because that information is detailed in the profile. Also, note "
8014
"that the <emphasis>app</emphasis> name replaces the "
8015
"<emphasis>port</emphasis> number."
8016
msgstr ""
8017
8018
#: serverguide/C/security.xml:571(para)
8019
msgid ""
8020
"To view details about which ports, protocols, etc are defined for an "
8021
"application, enter:"
8022
msgstr ""
8023
8024
#: serverguide/C/security.xml:576(command)
8025
msgid "sudo ufw app info Samba"
8026
msgstr ""
8027
8028
#: serverguide/C/security.xml:582(para)
8029
msgid ""
8030
"Not all applications that require opening a network port come with "
8031
"<application>ufw</application> profiles, but if you have profiled an "
8032
"application and want the file to be included with the package, please file a "
8033
"bug against the package in <ulink "
8034
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8035
msgstr ""
8036
8037
#: serverguide/C/security.xml:591(title)
8038
msgid "IP Masquerading"
8039
msgstr ""
8040
8041
#: serverguide/C/security.xml:592(para)
8042
msgid ""
8043
"The purpose of IP Masquerading is to allow machines with private, non-"
8044
"routable IP addresses on your network to access the Internet through the "
8045
"machine doing the masquerading. Traffic from your private network destined "
8046
"for the Internet must be manipulated for replies to be routable back to the "
8047
"machine that made the request. To do this, the kernel must modify the "
8048
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8049
"be routed back to it, rather than to the private IP address that made the "
8050
"request, which is impossible over the Internet. Linux uses "
8051
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8052
"connections belong to which machines and reroute each return packet "
8053
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8054
"having originated from your Ubuntu gateway machine. This process is referred "
8055
"to in Microsoft documentation as Internet Connection Sharing."
8056
msgstr ""
8057
8058
#: serverguide/C/security.xml:608(title)
8059
msgid "ufw Masquerading"
8060
msgstr ""
8061
8062
#: serverguide/C/security.xml:609(para)
8063
msgid ""
8064
"IP Masquerading can be achieved using custom <application>ufw</application> "
8065
"rules. This is possible because the current back-end for "
8066
"<application>ufw</application> is <application>iptables-"
8067
"restore</application> with the rules files located in "
8068
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8069
"legacy iptables rules used without <application>ufw</application>, and rules "
8070
"that are more network gateway or bridge related."
8071
msgstr ""
8072
8073
#: serverguide/C/security.xml:615(para)
8074
msgid ""
8075
"The rules are split into two different files, rules that should be executed "
8076
"before <application>ufw</application> command line rules, and rules that are "
8077
"executed after <application>ufw</application> command line rules."
8078
msgstr ""
8079
8080
#: serverguide/C/security.xml:621(para)
8081
msgid ""
8082
"First, packet forwarding needs to be enabled in "
8083
"<application>ufw</application>. Two configuration files will need to be "
8084
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8085
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8086
msgstr ""
8087
8088
#: serverguide/C/security.xml:625(programlisting)
8089
#, no-wrap
8090
msgid ""
8091
"\n"
8092
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8093
msgstr ""
8094
8095
#: serverguide/C/security.xml:628(para)
8096
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8097
msgstr ""
8098
8099
#: serverguide/C/security.xml:631(programlisting)
8100
#, no-wrap
8101
msgid ""
8102
"\n"
8103
"net/ipv4/ip_forward=1\n"
8104
msgstr ""
8105
8106
#: serverguide/C/security.xml:634(para)
8107
msgid "Similarly, for IPv6 forwarding uncomment:"
8108
msgstr ""
8109
8110
#: serverguide/C/security.xml:637(programlisting)
8111
#, no-wrap
8112
msgid ""
8113
"\n"
8114
"net/ipv6/conf/default/forwarding=1\n"
8115
msgstr ""
8116
8117
#: serverguide/C/security.xml:642(para)
8118
msgid ""
8119
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8120
"file. The default rules only configure the <emphasis>filter</emphasis> "
8121
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8122
"need to be configured. Add the following to the top of the file just after "
8123
"the header comments:"
8124
msgstr ""
8125
8126
#: serverguide/C/security.xml:647(programlisting)
8127
#, no-wrap
8128
msgid ""
8129
"\n"
8130
"# nat Table rules\n"
8131
"*nat\n"
8132
":POSTROUTING ACCEPT [0:0]\n"
8133
"\n"
8134
"# Forward traffic from eth1 through eth0.\n"
8135
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8136
"\n"
8137
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8138
"processed\n"
8139
"COMMIT\n"
8140
msgstr ""
8141
8142
#: serverguide/C/security.xml:658(para)
8143
msgid ""
8144
"The comments are not strictly necessary, but it is considered good practice "
8145
"to document your configuration. Also, when modifying any of the "
8146
"<emphasis>rules</emphasis> files in <filename "
8147
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8148
"line for each table modified:"
8149
msgstr ""
8150
8151
#: serverguide/C/security.xml:664(programlisting)
8152
#, no-wrap
8153
msgid ""
8154
"\n"
8155
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8156
"COMMIT\n"
8157
msgstr ""
8158
8159
#: serverguide/C/security.xml:669(para)
8160
msgid ""
8161
"For each <emphasis>Table</emphasis> a corresponding "
8162
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8163
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8164
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8165
"<emphasis>mangle</emphasis> tables."
8166
msgstr ""
8167
8168
#: serverguide/C/security.xml:676(para)
8169
msgid ""
8170
"In the above example replace <emphasis>eth0</emphasis>, "
8171
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8172
"appropriate interfaces and IP range for your network."
8173
msgstr ""
8174
8175
#: serverguide/C/security.xml:684(para)
8176
msgid ""
8177
"Finally, disable and re-enable <application>ufw</application> to apply the "
8178
"changes:"
8179
msgstr ""
8180
8181
#: serverguide/C/security.xml:688(command)
8182
msgid "sudo ufw disable && sudo ufw enable"
8183
msgstr ""
8184
8185
#: serverguide/C/security.xml:692(para)
8186
msgid ""
8187
"IP Masquerading should now be enabled. You can also add any additional "
8188
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8189
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8190
"forward</emphasis> chain."
8191
msgstr ""
8192
8193
#: serverguide/C/security.xml:699(title)
8194
msgid "iptables Masquerading"
8195
msgstr ""
8196
8197
#: serverguide/C/security.xml:700(para)
8198
msgid ""
8199
"<application>iptables</application> can also be used to enable masquerading."
8200
msgstr ""
8201
8202
#: serverguide/C/security.xml:705(para)
8203
msgid ""
8204
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8205
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8206
"uncomment the following line"
8207
msgstr ""
8208
8209
#: serverguide/C/security.xml:709(programlisting)
8210
#, no-wrap
8211
msgid ""
8212
"\n"
8213
"net.ipv4.ip_forward=1\n"
8214
msgstr ""
8215
8216
#: serverguide/C/security.xml:712(para)
8217
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:715(programlisting)
8221
#, no-wrap
8222
msgid ""
8223
"\n"
8224
"net.ipv6.conf.default.forwarding=1\n"
8225
msgstr ""
8226
8227
#: serverguide/C/security.xml:720(para)
8228
msgid ""
8229
"Next, execute the <application>sysctl</application> command to enable the "
8230
"new settings in the configuration file:"
8231
msgstr ""
8232
8233
#: serverguide/C/security.xml:724(command)
8234
msgid "sudo sysctl -p"
8235
msgstr ""
8236
8237
#: serverguide/C/security.xml:728(para)
8238
msgid ""
8239
"IP Masquerading can now be accomplished with a single iptables rule, which "
8240
"may differ slightly based on your network configuration:"
8241
msgstr ""
8242
8243
#: serverguide/C/security.xml:731(screen)
8244
#, no-wrap
8245
msgid ""
8246
"\n"
8247
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8248
msgstr ""
8249
8250
#: serverguide/C/security.xml:734(para)
8251
msgid ""
8252
"The above command assumes that your private address space is 192.168.0.0/16 "
8253
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8254
"follows:"
8255
msgstr ""
8256
8257
#: serverguide/C/security.xml:739(para)
8258
msgid "-t nat -- the rule is to go into the nat table"
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:740(para)
8262
msgid ""
8263
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8264
msgstr ""
8265
8266
#: serverguide/C/security.xml:741(para)
8267
msgid ""
8268
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8269
"specified address space"
8270
msgstr ""
8271
8272
#: serverguide/C/security.xml:742(para)
8273
msgid ""
8274
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8275
"specified network device"
8276
msgstr ""
8277
8278
#: serverguide/C/security.xml:744(para)
8279
msgid ""
8280
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8281
"MASQUERADE target to be manipulated as described above"
8282
msgstr ""
8283
8284
#: serverguide/C/security.xml:752(para)
8285
msgid ""
8286
"Also, each chain in the filter table (the default table, and where most or "
8287
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8288
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8289
"you may have set the policies to DROP or REJECT, in which case your "
8290
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8291
"above rule to work:"
8292
msgstr ""
8293
8294
#: serverguide/C/security.xml:759(screen)
8295
#, no-wrap
8296
msgid ""
8297
"\n"
8298
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8299
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8300
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8301
msgstr ""
8302
8303
#: serverguide/C/security.xml:763(para)
8304
msgid ""
8305
"The above commands will allow all connections from your local network to the "
8306
"Internet and all traffic related to those connections to return to the "
8307
"machine that initiated them."
8308
msgstr ""
8309
8310
#: serverguide/C/security.xml:770(para)
8311
msgid ""
8312
"If you want masquerading to be enabled on reboot, which you probably do, "
8313
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8314
"example add the first command with no filtering:"
8315
msgstr ""
8316
8317
#: serverguide/C/security.xml:774(screen)
8318
#, no-wrap
8319
msgid ""
8320
"\n"
8321
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8322
msgstr ""
8323
8324
#: serverguide/C/security.xml:782(title)
8325
msgid "Logs"
8326
msgstr ""
8327
8328
#: serverguide/C/security.xml:783(para)
8329
msgid ""
8330
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8331
"firewall rules, and noticing unusual activity on your network. You must "
8332
"include logging rules in your firewall for them to be generated, though, and "
8333
"logging rules must come before any applicable terminating rule (a rule with "
8334
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8335
"REJECT)."
8336
msgstr ""
8337
8338
#: serverguide/C/security.xml:790(para)
8339
msgid ""
8340
"If you are using <application>ufw</application>, you can turn on logging by "
8341
"entering the following in a terminal:"
8342
msgstr ""
8343
8344
#: serverguide/C/security.xml:794(command)
8345
msgid "sudo ufw logging on"
8346
msgstr ""
8347
8348
#: serverguide/C/security.xml:796(para)
8349
msgid ""
8350
"To turn logging off in <application>ufw</application>, simply replace "
8351
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8352
"role=\"italic\">off</emphasis> in the above command."
8353
msgstr ""
8354
8355
#: serverguide/C/security.xml:799(para)
8356
msgid ""
8357
"If using <application>iptables</application> instead of "
8358
"<application>ufw</application>, enter:"
8359
msgstr ""
8360
8361
#: serverguide/C/security.xml:802(screen)
8362
#, no-wrap
8363
msgid ""
8364
"\n"
8365
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8366
"prefix \"NEW_HTTP_CONN: \"\n"
8367
msgstr ""
8368
8369
#: serverguide/C/security.xml:805(para)
8370
msgid ""
8371
"A request on port 80 from the local machine, then, would generate a log in "
8372
"dmesg that looks like this:"
8373
msgstr ""
8374
8375
#: serverguide/C/security.xml:810(programlisting)
8376
#, no-wrap
8377
msgid ""
8378
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8379
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8380
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8381
"WINDOW=32767 RES=0x00 SYN URGP=0"
8382
msgstr ""
8383
8384
#: serverguide/C/security.xml:812(para)
8385
msgid ""
8386
"The above log will also appear in <filename>/var/log/messages</filename>, "
8387
"<filename>/var/log/syslog</filename>, and "
8388
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8389
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8390
"and configuring <application>ulogd</application> and using the ULOG target "
8391
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8392
"server that listens for logging instructions from the kernel specifically "
8393
"for firewalls, and can log to any file you like, or even to a "
8394
"<application>PostgreSQL</application> or <application>MySQL</application> "
8395
"database. Making sense of your firewall logs can be simplified by using a "
8396
"log analyzing tool such as <application>fwanalog</application>, "
8397
"<application> fwlogwatch</application>, or <application>lire</application>."
8398
msgstr ""
8399
8400
#: serverguide/C/security.xml:827(title)
8401
msgid "Other Tools"
8402
msgstr ""
8403
8404
#: serverguide/C/security.xml:828(para)
8405
msgid ""
8406
"There are many tools available to help you construct a complete firewall "
8407
"without intimate knowledge of iptables. For the GUI-inclined:"
8408
msgstr ""
8409
8410
#: serverguide/C/security.xml:834(para)
8411
msgid ""
8412
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8413
"popular and easy to use."
8414
msgstr ""
8415
8416
#: serverguide/C/security.xml:839(para)
8417
msgid ""
8418
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8419
"and will look familiar to an administrator who has used a commercial "
8420
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8421
msgstr ""
8422
8423
#: serverguide/C/security.xml:845(para)
8424
msgid ""
8425
"If you prefer a command-line tool with plain-text configuration files:"
8426
msgstr ""
8427
8428
#: serverguide/C/security.xml:850(para)
8429
msgid ""
8430
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8431
"powerful solution to help you configure an advanced firewall for any network."
8432
msgstr ""
8433
8434
#: serverguide/C/security.xml:856(para)
8435
msgid ""
8436
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8437
"a working firewall \"out of the box\" with zero configuration, and will "
8438
"allow you to easily set up a more advanced firewall by editing simple, well-"
8439
"documented configuration files."
8440
msgstr ""
8441
8442
#: serverguide/C/security.xml:863(para)
8443
msgid ""
8444
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8445
"designed to be a desktop firewall application. It is made up of a server "
8446
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8447
"like many popular interactive firewall applications for Windows."
8448
msgstr ""
8449
8450
#: serverguide/C/security.xml:875(para)
8451
msgid ""
8452
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8453
"Firewall</ulink> wiki page contains information on the development of "
8454
"<application>ufw</application>."
8455
msgstr ""
8456
8457
#: serverguide/C/security.xml:881(para)
8458
msgid ""
8459
"Also, the <application>ufw</application> manual page contains some very "
8460
"useful information: <command>man ufw</command>."
8461
msgstr ""
8462
8463
#: serverguide/C/security.xml:886(para)
8464
msgid ""
8465
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8466
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8467
"on using <application>iptables</application>."
8468
msgstr ""
8469
8470
#: serverguide/C/security.xml:892(para)
8471
msgid ""
8472
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8473
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8474
msgstr ""
8475
8476
#: serverguide/C/security.xml:898(para)
8477
msgid ""
8478
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8479
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8480
msgstr ""
8481
8482
#: serverguide/C/security.xml:906(title)
8483
msgid "AppArmor"
8484
msgstr ""
8485
8486
#: serverguide/C/security.xml:907(para)
8487
msgid ""
8488
"<application>AppArmor</application> is a Linux Security Module "
8489
"implementation of name-based mandatory access controls. AppArmor confines "
8490
"individual programs to a set of listed files and posix 1003.1e draft "
8491
"capabilities."
8492
msgstr ""
8493
8494
#: serverguide/C/security.xml:911(para)
8495
msgid ""
8496
"<application>AppArmor</application> is installed and loaded by default. It "
8497
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8498
"and permissions the application requires. Some packages will install their "
8499
"own profiles, and additional profiles can be found in the "
8500
"<application>apparmor-profiles</application> package."
8501
msgstr ""
8502
8503
#: serverguide/C/security.xml:916(para)
8504
msgid ""
8505
"To install the <application>apparmor-profiles</application> package from a "
8506
"terminal prompt:"
8507
msgstr ""
8508
8509
#: serverguide/C/security.xml:922(para)
8510
msgid "AppArmor profiles have two modes of execution:"
8511
msgstr ""
8512
8513
#: serverguide/C/security.xml:927(para)
8514
msgid ""
8515
"Complaining/Learning: profile violations are permitted and logged. Useful "
8516
"for testing and developing new profiles."
8517
msgstr ""
8518
8519
#: serverguide/C/security.xml:932(para)
8520
msgid ""
8521
"Enforced/Confined: enforces profile policy as well as logging the violation."
8522
msgstr ""
8523
8524
#: serverguide/C/security.xml:938(title)
8525
msgid "Using AppArmor"
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:939(para)
8529
msgid ""
8530
"The <application>apparmor-utils</application> package contains command line "
8531
"utilities that you can use to change the <application>AppArmor</application> "
8532
"execution mode, find the status of a profile, create new profiles, etc."
8533
msgstr ""
8534
8535
#: serverguide/C/security.xml:945(para)
8536
msgid ""
8537
"<application>apparmor_status</application> is used to view the current "
8538
"status of AppArmor profiles."
8539
msgstr ""
8540
8541
#: serverguide/C/security.xml:949(command)
8542
msgid "sudo apparmor_status"
8543
msgstr ""
8544
8545
#: serverguide/C/security.xml:953(para)
8546
msgid ""
8547
"<application>aa-complain</application> places a profile into "
8548
"<emphasis>complain</emphasis> mode."
8549
msgstr ""
8550
8551
#: serverguide/C/security.xml:957(command)
8552
msgid "sudo aa-complain /path/to/bin"
8553
msgstr ""
8554
8555
#: serverguide/C/security.xml:961(para)
8556
msgid ""
8557
"<application>aa-enforce</application> places a profile into "
8558
"<emphasis>enforce</emphasis> mode."
8559
msgstr ""
8560
8561
#: serverguide/C/security.xml:965(command)
8562
msgid "sudo aa-enforce /path/to/bin"
8563
msgstr ""
8564
8565
#: serverguide/C/security.xml:969(para)
8566
msgid ""
8567
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8568
"profiles are located. It can be used to manipulate the "
8569
"<emphasis>mode</emphasis> of all profiles."
8570
msgstr ""
8571
8572
#: serverguide/C/security.xml:973(para)
8573
msgid "Enter the following to place all profiles into complain mode:"
8574
msgstr ""
8575
8576
#: serverguide/C/security.xml:977(command)
8577
msgid "sudo aa-complain /etc/apparmor.d/*"
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:979(para)
8581
msgid "To place all profiles in enforce mode:"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:983(command)
8585
msgid "sudo aa-enforce /etc/apparmor.d/*"
8586
msgstr ""
8587
8588
#: serverguide/C/security.xml:987(para)
8589
msgid ""
8590
"<application>apparmor_parser</application> is used to load a profile into "
8591
"the kernel. It can also be used to reload a currently loaded profile using "
8592
"the <emphasis>-r</emphasis> option. To load a profile:"
8593
msgstr ""
8594
8595
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8596
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8597
msgstr ""
8598
8599
#: serverguide/C/security.xml:994(para)
8600
msgid "To reload a profile:"
8601
msgstr ""
8602
8603
#: serverguide/C/security.xml:998(command)
8604
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8605
msgstr ""
8606
8607
#: serverguide/C/security.xml:1002(para)
8608
msgid ""
8609
"<filename>/etc/init.d/apparmor</filename> can be used to "
8610
"<emphasis>reload</emphasis> all profiles:"
8611
msgstr ""
8612
8613
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8614
msgid "sudo /etc/init.d/apparmor reload"
8615
msgstr ""
8616
8617
#: serverguide/C/security.xml:1010(para)
8618
msgid ""
8619
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8620
"with the <application>apparmor_parser -R</application> option to "
8621
"<emphasis>disable</emphasis> a profile."
8622
msgstr ""
8623
8624
#: serverguide/C/security.xml:1015(command)
8625
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8626
msgstr ""
8627
8628
#: serverguide/C/security.xml:1016(command)
8629
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8630
msgstr ""
8631
8632
#: serverguide/C/security.xml:1018(para)
8633
msgid ""
8634
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8635
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8636
"load the profile using the <emphasis>-a</emphasis> option."
8637
msgstr ""
8638
8639
#: serverguide/C/security.xml:1023(command)
8640
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8641
msgstr ""
8642
8643
#: serverguide/C/security.xml:1028(para)
8644
msgid ""
8645
"<application>AppArmor</application> can be disabled, and the kernel module "
8646
"unloaded by entering the following:"
8647
msgstr ""
8648
8649
#: serverguide/C/security.xml:1032(command)
8650
msgid "sudo /etc/init.d/apparmor stop"
8651
msgstr ""
8652
8653
#: serverguide/C/security.xml:1033(command)
8654
msgid "sudo update-rc.d -f apparmor remove"
8655
msgstr ""
8656
8657
#: serverguide/C/security.xml:1037(para)
8658
msgid "To re-enable <application>AppArmor</application> enter:"
8659
msgstr ""
8660
8661
#: serverguide/C/security.xml:1041(command)
8662
msgid "sudo /etc/init.d/apparmor start"
8663
msgstr ""
8664
8665
#: serverguide/C/security.xml:1042(command)
8666
msgid "sudo update-rc.d apparmor defaults"
8667
msgstr ""
8668
8669
#: serverguide/C/security.xml:1047(para)
8670
msgid ""
8671
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8672
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8673
"the actual executable file path. For example for the "
8674
"<application>ping</application> command use <filename>/bin/ping</filename>"
8675
msgstr ""
8676
8677
#: serverguide/C/security.xml:1055(title)
8678
msgid "Profiles"
8679
msgstr ""
8680
8681
#: serverguide/C/security.xml:1056(para)
8682
msgid ""
8683
"<application>AppArmor</application> profiles are simple text files located "
8684
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8685
"path to the executable they profile replacing the \"/\" with \".\". For "
8686
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8687
"profile for the <filename>/bin/ping</filename> command."
8688
msgstr ""
8689
8690
#: serverguide/C/security.xml:1062(para)
8691
msgid "There are two main type of rules used in profiles:"
8692
msgstr ""
8693
8694
#: serverguide/C/security.xml:1067(para)
8695
msgid ""
8696
"<emphasis>Path entries:</emphasis> which detail which files an application "
8697
"can access in the file system."
8698
msgstr ""
8699
8700
#: serverguide/C/security.xml:1072(para)
8701
msgid ""
8702
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8703
"confined process is allowed to use."
8704
msgstr ""
8705
8706
#: serverguide/C/security.xml:1077(para)
8707
msgid ""
8708
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8709
msgstr ""
8710
8711
#: serverguide/C/security.xml:1080(programlisting)
8712
#, no-wrap
8713
msgid ""
8714
"\n"
8715
"#include <tunables/global>\n"
8716
"/bin/ping flags=(complain) {\n"
8717
" #include <abstractions/base>\n"
8718
" #include <abstractions/consoles>\n"
8719
" #include <abstractions/nameservice>\n"
8720
"\n"
8721
" capability net_raw,\n"
8722
" capability setuid,\n"
8723
" network inet raw,\n"
8724
" \n"
8725
" /bin/ping mixr,\n"
8726
" /etc/modules.conf r,\n"
8727
"}\n"
8728
msgstr ""
8729
8730
#: serverguide/C/security.xml:1097(para)
8731
msgid ""
8732
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8733
"from other files. This allows statements pertaining to multiple applications "
8734
"to be placed in a common file."
8735
msgstr ""
8736
8737
#: serverguide/C/security.xml:1103(para)
8738
msgid ""
8739
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8740
"program, also setting the mode to <emphasis>complain</emphasis>."
8741
msgstr ""
8742
8743
#: serverguide/C/security.xml:1109(para)
8744
msgid ""
8745
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8746
"the CAP_NET_RAW Posix.1e capability."
8747
msgstr ""
8748
8749
#: serverguide/C/security.xml:1114(para)
8750
msgid ""
8751
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8752
"execute access to the file."
8753
msgstr ""
8754
8755
#: serverguide/C/security.xml:1120(para)
8756
msgid ""
8757
"After editing a profile file the profile must be reloaded. See <xref "
8758
"linkend=\"apparmor-usage\"/> for details."
8759
msgstr ""
8760
8761
#: serverguide/C/security.xml:1125(title)
8762
msgid "Creating a Profile"
8763
msgstr ""
8764
8765
#: serverguide/C/security.xml:1128(para)
8766
msgid ""
8767
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8768
"application should be exercised. The test plan should be divided into small "
8769
"test cases. Each test case should have a small description and list the "
8770
"steps to follow."
8771
msgstr ""
8772
8773
#: serverguide/C/security.xml:1132(para)
8774
msgid "Some standard test cases are:"
8775
msgstr ""
8776
8777
#: serverguide/C/security.xml:1137(para)
8778
msgid "Starting the program."
8779
msgstr ""
8780
8781
#: serverguide/C/security.xml:1142(para)
8782
msgid "Stopping the program."
8783
msgstr ""
8784
8785
#: serverguide/C/security.xml:1147(para)
8786
msgid "Reloading the program."
8787
msgstr ""
8788
8789
#: serverguide/C/security.xml:1152(para)
8790
msgid "Testing all the commands supported by the init script."
8791
msgstr ""
8792
8793
#: serverguide/C/security.xml:1159(para)
8794
msgid ""
8795
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8796
"genprof</application> to generate a new profile. From a terminal:"
8797
msgstr ""
8798
8799
#: serverguide/C/security.xml:1164(command)
8800
msgid "sudo aa-genprof executable"
8801
msgstr ""
8802
8803
#: serverguide/C/security.xml:1166(para)
8804
msgid "For example:"
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:1170(command)
8808
msgid "sudo aa-genprof slapd"
8809
msgstr ""
8810
8811
#: serverguide/C/security.xml:1174(para)
8812
msgid ""
8813
"To get your new profile included in the <application>apparmor-"
8814
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8815
"against the <ulink "
8816
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8817
"/ulink> package:"
8818
msgstr ""
8819
8820
#: serverguide/C/security.xml:1181(para)
8821
msgid "Include your test plan and test cases."
8822
msgstr ""
8823
8824
#: serverguide/C/security.xml:1186(para)
8825
msgid "Attach your new profile to the bug."
8826
msgstr ""
8827
8828
#: serverguide/C/security.xml:1195(title)
8829
msgid "Updating Profiles"
8830
msgstr ""
8831
8832
#: serverguide/C/security.xml:1196(para)
8833
msgid ""
8834
"When the program is misbehaving, audit messages are sent to the log files. "
8835
"The program <application>aa-logprof</application> can be used to scan log "
8836
"files for <application>AppArmor</application> audit messages, review them "
8837
"and update the profiles. From a terminal:"
8838
msgstr ""
8839
8840
#: serverguide/C/security.xml:1201(command)
8841
msgid "sudo aa-logprof"
8842
msgstr ""
8843
8844
#: serverguide/C/security.xml:1209(para)
8845
msgid ""
8846
"See the <ulink "
8847
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8848
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8849
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8850
"configuration options."
8851
msgstr ""
8852
8853
#: serverguide/C/security.xml:1216(para)
8854
msgid ""
8855
"For details using AppArmor with other Ubuntu releases see the <ulink "
8856
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8857
"Wiki</ulink> page."
8858
msgstr ""
8859
8860
#: serverguide/C/security.xml:1224(para)
8861
msgid ""
8862
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8863
"page is another introduction to AppArmor."
8864
msgstr ""
8865
8866
#: serverguide/C/security.xml:1231(para)
8867
msgid ""
8868
"A great place to ask for <application>AppArmor</application> assistance, and "
8869
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8870
"server</emphasis> IRC channel on <ulink "
8871
"url=\"http://freenode.net\">freenode</ulink>."
8872
msgstr ""
8873
8874
#: serverguide/C/security.xml:1241(title)
8875
msgid "Certificates"
8876
msgstr ""
8877
8878
#: serverguide/C/security.xml:1242(para)
8879
msgid ""
8880
"One of the most common forms of cryptography today is <emphasis>public-"
8881
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8882
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8883
"system works by <emphasis>encrypting</emphasis> information using the public "
8884
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8885
"the private key."
8886
msgstr ""
8887
8888
#: serverguide/C/security.xml:1248(para)
8889
msgid ""
8890
"A common use for public-key cryptography is encrypting application traffic "
8891
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8892
"connection. For example, configuring Apache to provide "
8893
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8894
"encrypt traffic using a protocol that does not itself provide encryption."
8895
msgstr ""
8896
8897
#: serverguide/C/security.xml:1253(para)
8898
msgid ""
8899
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8900
"<emphasis>public key</emphasis> and other information about a server and the "
8901
"organization who is responsible for it. Certificates can be digitally signed "
8902
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8903
"third party that has confirmed that the information contained in the "
8904
"certificate is accurate."
8905
msgstr ""
8906
8907
#: serverguide/C/security.xml:1260(title)
8908
msgid "Types of Certificates"
8909
msgstr ""
8910
8911
#: serverguide/C/security.xml:1261(para)
8912
msgid ""
8913
"To set up a secure server using public-key cryptography, in most cases, you "
8914
"send your certificate request (including your public key), proof of your "
8915
"company's identity, and payment to a CA. The CA verifies the certificate "
8916
"request and your identity, and then sends back a certificate for your secure "
8917
"server. Alternatively, you can create your own <emphasis>self-"
8918
"signed</emphasis> certificate."
8919
msgstr ""
8920
8921
#: serverguide/C/security.xml:1271(para)
8922
msgid ""
8923
"Note, that self-signed certificates should not be used in most production "
8924
"environments."
8925
msgstr ""
8926
8927
#: serverguide/C/security.xml:1275(para)
8928
msgid ""
8929
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8930
"capabilities that a self-signed certificate does not:"
8931
msgstr ""
8932
8933
#: serverguide/C/security.xml:1282(para)
8934
msgid ""
8935
"Browsers (usually) automatically recognize the certificate and allow a "
8936
"secure connection to be made without prompting the user."
8937
msgstr ""
8938
8939
#: serverguide/C/security.xml:1289(para)
8940
msgid ""
8941
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8942
"the organization that is providing the web pages to the browser."
8943
msgstr ""
8944
8945
#: serverguide/C/security.xml:1297(para)
8946
msgid ""
8947
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8948
"certificates they automatically accept. If a browser encounters a "
8949
"certificate whose authorizing CA is not in the list, the browser asks the "
8950
"user to either accept or decline the connection. Also, other applications "
8951
"may generate an error message when using a self-singed certificate."
8952
msgstr ""
8953
8954
#: serverguide/C/security.xml:1305(para)
8955
msgid ""
8956
"The process of getting a certificate from a CA is fairly easy. A quick "
8957
"overview is as follows:"
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:1312(para)
8961
msgid "Create a private and public encryption key pair."
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:1315(para)
8965
msgid ""
8966
"Create a certificate request based on the public key. The certificate "
8967
"request contains information about your server and the company hosting it."
8968
msgstr ""
8969
8970
#: serverguide/C/security.xml:1320(para)
8971
msgid ""
8972
"Send the certificate request, along with documents proving your identity, to "
8973
"a CA. We cannot tell you which certificate authority to choose. Your "
8974
"decision may be based on your past experiences, or on the experiences of "
8975
"your friends or colleagues, or purely on monetary factors."
8976
msgstr ""
8977
8978
#: serverguide/C/security.xml:1326(para)
8979
msgid ""
8980
"Once you have decided upon a CA, you need to follow the instructions they "
8981
"provide on how to obtain a certificate from them."
8982
msgstr ""
8983
8984
#: serverguide/C/security.xml:1331(para)
8985
msgid ""
8986
"When the CA is satisfied that you are indeed who you claim to be, they send "
8987
"you a digital certificate."
8988
msgstr ""
8989
8990
#: serverguide/C/security.xml:1335(para)
8991
msgid ""
8992
"Install this certificate on your secure server, and configure the "
8993
"appropriate applications to use the certificate."
8994
msgstr ""
8995
8996
#: serverguide/C/security.xml:1344(title)
8997
msgid "Generating a Certificate Signing Request (CSR)"
8998
msgstr ""
8999
9000
#: serverguide/C/security.xml:1346(para)
9001
msgid ""
9002
"Whether you are getting a certificate from a CA or generating your own self-"
9003
"signed certificate, the first step is to generate a key."
9004
msgstr ""
9005
9006
#: serverguide/C/security.xml:1351(para)
9007
msgid ""
9008
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9009
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9010
"passphrase allows the services to start without manual intervention, usually "
9011
"the preferred way to start a daemon."
9012
msgstr ""
9013
9014
#: serverguide/C/security.xml:1357(para)
9015
msgid ""
9016
"This section will cover generating a key with a passphrase, and one without. "
9017
"The non-passphrase key will then be used to generate a certificate that can "
9018
"be used with various service daemons."
9019
msgstr ""
9020
9021
#: serverguide/C/security.xml:1363(para)
9022
msgid ""
9023
"Running your secure service without a passphrase is convenient because you "
9024
"will not need to enter the passphrase every time you start your secure "
9025
"service. But it is insecure and a compromise of the key means a compromise "
9026
"of the server as well."
9027
msgstr ""
9028
9029
#: serverguide/C/security.xml:1370(para)
9030
msgid ""
9031
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9032
"Request (CSR) run the following command from a terminal prompt:"
9033
msgstr ""
9034
9035
#: serverguide/C/security.xml:1376(command)
9036
msgid "openssl genrsa -des3 -out server.key 1024"
9037
msgstr ""
9038
9039
#: serverguide/C/security.xml:1379(programlisting)
9040
#, no-wrap
9041
msgid ""
9042
"\n"
9043
"Generating RSA private key, 1024 bit long modulus\n"
9044
".....................++++++\n"
9045
".................++++++\n"
9046
"unable to write 'random state'\n"
9047
"e is 65537 (0x10001)\n"
9048
"Enter pass phrase for server.key:\n"
9049
msgstr ""
9050
9051
#: serverguide/C/security.xml:1388(para)
9052
msgid ""
9053
"You can now enter your passphrase. For best security, it should at least "
9054
"contain eight characters. The minimum length when specifying -des3 is four "
9055
"characters. It should include numbers and/or punctuation and not be a word "
9056
"in a dictionary. Also remember that your passphrase is case-sensitive."
9057
msgstr ""
9058
9059
#: serverguide/C/security.xml:1396(para)
9060
msgid ""
9061
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9062
"server key is generated and stored in the <filename>server.key</filename> "
9063
"file."
9064
msgstr ""
9065
9066
#: serverguide/C/security.xml:1402(para)
9067
msgid ""
9068
"Now create the insecure key, the one without a passphrase, and shuffle the "
9069
"key names:"
9070
msgstr ""
9071
9072
#: serverguide/C/security.xml:1408(command)
9073
msgid "openssl rsa -in server.key -out server.key.insecure"
9074
msgstr ""
9075
9076
#: serverguide/C/security.xml:1409(command)
9077
msgid "mv server.key server.key.secure"
9078
msgstr ""
9079
9080
#: serverguide/C/security.xml:1410(command)
9081
msgid "mv server.key.insecure server.key"
9082
msgstr ""
9083
9084
#: serverguide/C/security.xml:1413(para)
9085
msgid ""
9086
"The insecure key is now named <filename>server.key</filename>, and you can "
9087
"use this file to generate the CSR without passphrase."
9088
msgstr ""
9089
9090
#: serverguide/C/security.xml:1418(para)
9091
msgid "To create the CSR, run the following command at a terminal prompt:"
9092
msgstr ""
9093
9094
#: serverguide/C/security.xml:1423(command)
9095
msgid "openssl req -new -key server.key -out server.csr"
9096
msgstr ""
9097
9098
#: serverguide/C/security.xml:1426(para)
9099
msgid ""
9100
"It will prompt you enter the passphrase. If you enter the correct "
9101
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9102
"etc. Once you enter all these details, your CSR will be created and it will "
9103
"be stored in the <filename>server.csr</filename> file."
9104
msgstr ""
9105
9106
#: serverguide/C/security.xml:1434(para)
9107
msgid ""
9108
"You can now submit this CSR file to a CA for processing. The CA will use "
9109
"this CSR file and issue the certificate. On the other hand, you can create "
9110
"self-signed certificate using this CSR."
9111
msgstr ""
9112
9113
#: serverguide/C/security.xml:1442(title)
9114
msgid "Creating a Self-Signed Certificate"
9115
msgstr ""
9116
9117
#: serverguide/C/security.xml:1443(para)
9118
msgid ""
9119
"To create the self-signed certificate, run the following command at a "
9120
"terminal prompt:"
9121
msgstr ""
9122
9123
#: serverguide/C/security.xml:1448(command)
9124
msgid ""
9125
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9126
"server.crt"
9127
msgstr ""
9128
9129
#: serverguide/C/security.xml:1451(para)
9130
msgid ""
9131
"The above command will prompt you to enter the passphrase. Once you enter "
9132
"the correct passphrase, your certificate will be created and it will be "
9133
"stored in the <filename>server.crt</filename> file."
9134
msgstr ""
9135
9136
#: serverguide/C/security.xml:1456(para)
9137
msgid ""
9138
"If your secure server is to be used in a production environment, you "
9139
"probably need a CA-signed certificate. It is not recommended to use self-"
9140
"signed certificate."
9141
msgstr ""
9142
9143
#: serverguide/C/security.xml:1464(title)
9144
msgid "Installing the Certificate"
9145
msgstr ""
9146
9147
#: serverguide/C/security.xml:1466(para)
9148
msgid ""
9149
"You can install the key file <filename>server.key</filename> and certificate "
9150
"file <filename>server.crt</filename>, or the certificate file issued by your "
9151
"CA, by running following commands at a terminal prompt:"
9152
msgstr ""
9153
9154
#: serverguide/C/security.xml:1472(command)
9155
msgid "sudo cp server.crt /etc/ssl/certs"
9156
msgstr ""
9157
9158
#: serverguide/C/security.xml:1473(command)
9159
msgid "sudo cp server.key /etc/ssl/private"
9160
msgstr ""
9161
9162
#: serverguide/C/security.xml:1475(para)
9163
msgid ""
9164
"Now simply configure any applications, with the ability to use public-key "
9165
"cryptography, to use the <emphasis>certificate</emphasis> and "
9166
"<emphasis>key</emphasis> files. For example, "
9167
"<application>Apache</application> can provide HTTPS, "
9168
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9169
msgstr ""
9170
9171
#: serverguide/C/security.xml:1482(title)
9172
msgid "Certification Authority"
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:1484(para)
9176
msgid ""
9177
"If the services on your network require more than a few self-signed "
9178
"certificates it may be worth the additional effort to setup your own "
9179
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9180
"certificates signed by your own CA, allows the various services using the "
9181
"certificates to easily trust other services using certificates issued from "
9182
"the same CA."
9183
msgstr ""
9184
9185
#: serverguide/C/security.xml:1494(para)
9186
msgid ""
9187
"First, create the directories to hold the CA certificate and related files:"
9188
msgstr ""
9189
9190
#: serverguide/C/security.xml:1499(command)
9191
msgid "sudo mkdir /etc/ssl/CA"
9192
msgstr ""
9193
9194
#: serverguide/C/security.xml:1500(command)
9195
msgid "sudo mkdir /etc/ssl/newcerts"
9196
msgstr ""
9197
9198
#: serverguide/C/security.xml:1506(para)
9199
msgid ""
9200
"The CA needs a few additional files to operate, one to keep track of the "
9201
"last serial number used by the CA, each certificate must have a unique "
9202
"serial number, and another file to record which certificates have been "
9203
"issued:"
9204
msgstr ""
9205
9206
#: serverguide/C/security.xml:1513(command)
9207
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1514(command)
9211
msgid "sudo touch /etc/ssl/CA/index.txt"
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1520(para)
9215
msgid ""
9216
"The third file is a CA configuration file. Though not strictly necessary, it "
9217
"is very convenient when issuing multiple certificates. Edit "
9218
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9219
"]</emphasis> change:"
9220
msgstr ""
9221
9222
#: serverguide/C/security.xml:1526(programlisting)
9223
#, no-wrap
9224
msgid ""
9225
"\n"
9226
"dir = /etc/ssl/ # Where everything is kept\n"
9227
"database = $dir/CA/index.txt # database index file.\n"
9228
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9229
"serial = $dir/CA/serial # The current serial number\n"
9230
"private_key = $dir/private/cakey.pem# The private key\n"
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1537(para)
9234
msgid "Next, create the self-singed root certificate:"
9235
msgstr ""
9236
9237
#: serverguide/C/security.xml:1542(command)
9238
msgid ""
9239
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9240
"days 3650"
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:1545(para)
9244
msgid "You will then be asked to enter the details about the certificate."
9245
msgstr ""
9246
9247
#: serverguide/C/security.xml:1552(para)
9248
msgid "Now install the root certificate and key:"
9249
msgstr ""
9250
9251
#: serverguide/C/security.xml:1557(command)
9252
msgid "sudo mv cakey.pem /etc/ssl/private/"
9253
msgstr ""
9254
9255
#: serverguide/C/security.xml:1558(command)
9256
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9257
msgstr ""
9258
9259
#: serverguide/C/security.xml:1564(para)
9260
msgid ""
9261
"You are now ready to start signing certificates. The first item needed is a "
9262
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9263
"for details. Once you have a CSR, enter the following to generate a "
9264
"certificate signed by the CA:"
9265
msgstr ""
9266
9267
#: serverguide/C/security.xml:1571(command)
9268
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9269
msgstr ""
9270
9271
#: serverguide/C/security.xml:1574(para)
9272
msgid ""
9273
"After entering the password for the CA key, you will be prompted to sign the "
9274
"certificate, and again to commit the new certificate. You should then see a "
9275
"somewhat large amount of output related to the certificate creation."
9276
msgstr ""
9277
9278
#: serverguide/C/security.xml:1583(para)
9279
msgid ""
9280
"There should now be a new file, "
9281
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9282
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9283
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9284
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9285
"the server where the certificate will be installed. For example "
9286
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9287
msgstr ""
9288
9289
#: serverguide/C/security.xml:1591(para)
9290
msgid ""
9291
"Subsequent certificates will be named <filename>02.pem</filename>, "
9292
"<filename>03.pem</filename>, etc."
9293
msgstr ""
9294
9295
#: serverguide/C/security.xml:1596(para)
9296
msgid ""
9297
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9298
"name."
9299
msgstr ""
9300
9301
#: serverguide/C/security.xml:1604(para)
9302
msgid ""
9303
"Finally, copy the new certificate to the host that needs it, and configure "
9304
"the appropriate applications to use it. The default location to install "
9305
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9306
"enables multiple services to use the same certificate without overly "
9307
"complicated file permissions."
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:1610(para)
9311
msgid ""
9312
"For applications that can be configured to use a CA certificate, you should "
9313
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9314
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9315
"server."
9316
msgstr ""
9317
9318
#: serverguide/C/security.xml:1624(para)
9319
msgid ""
9320
"For more detailed instructions on using cryptography see the <ulink "
9321
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9322
"Certificates HOWTO</ulink> by tlpd.org"
9323
msgstr ""
9324
9325
#: serverguide/C/security.xml:1630(para)
9326
msgid ""
9327
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9328
"of Certificate Authorities."
9329
msgstr ""
9330
9331
#: serverguide/C/security.xml:1635(para)
9332
msgid ""
9333
"The Wikipedia <ulink "
9334
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9335
"information regarding HTTPS."
9336
msgstr ""
9337
9338
#: serverguide/C/security.xml:1640(para)
9339
msgid ""
9340
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9341
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9342
msgstr ""
9343
9344
#: serverguide/C/security.xml:1645(para)
9345
msgid ""
9346
"Also, O'Reilly's <ulink "
9347
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9348
"OpenSSL</ulink> is a good in depth reference."
9349
msgstr ""
9350
9351
#: serverguide/C/security.xml:1654(title)
9352
msgid "eCryptfs"
9353
msgstr ""
9354
9355
#: serverguide/C/security.xml:1656(para)
9356
msgid ""
9357
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9358
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9359
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9360
"filesystem, partition type, etc."
9361
msgstr ""
9362
9363
#: serverguide/C/security.xml:1662(para)
9364
msgid ""
9365
"During installation there is an option to encrypt the <filename "
9366
"role=\"directory\">/home</filename> partition. This will automatically "
9367
"configure everything needed to encrypt and mount the partition."
9368
msgstr ""
9369
9370
#: serverguide/C/security.xml:1667(para)
9371
msgid ""
9372
"As an example, this section will cover configuring <filename "
9373
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9374
msgstr ""
9375
9376
#: serverguide/C/security.xml:1672(title)
9377
msgid "Using eCryptfs"
9378
msgstr ""
9379
9380
#: serverguide/C/security.xml:1674(para)
9381
msgid "First, install the necessary packages. From a terminal prompt enter:"
9382
msgstr ""
9383
9384
#: serverguide/C/security.xml:1679(command)
9385
msgid "sudo apt-get install ecryptfs-utils"
9386
msgstr ""
9387
9388
#: serverguide/C/security.xml:1682(para)
9389
msgid "Now mount the partition to be encrypted:"
9390
msgstr ""
9391
9392
#: serverguide/C/security.xml:1687(command)
9393
msgid "sudo mount -t ecryptfs /srv /srv"
9394
msgstr ""
9395
9396
#: serverguide/C/security.xml:1690(para)
9397
msgid ""
9398
"You will then be prompted for some details on how "
9399
"<application>ecryptfs</application> should encrypt the data."
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:1694(para)
9403
msgid ""
9404
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9405
"copy the <filename>/etc/default</filename> folder to "
9406
"<filename>/srv</filename>:"
9407
msgstr ""
9408
9409
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9410
msgid "sudo cp -r /etc/default /srv"
9411
msgstr ""
9412
9413
#: serverguide/C/security.xml:1703(para)
9414
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9415
msgstr ""
9416
9417
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9418
msgid "sudo umount /srv"
9419
msgstr ""
9420
9421
#: serverguide/C/security.xml:1709(command)
9422
msgid "cat /srv/default/cron"
9423
msgstr ""
9424
9425
#: serverguide/C/security.xml:1712(para)
9426
msgid ""
9427
"Remounting <filename>/srv</filename> using "
9428
"<application>ecryptfs</application> will make the data viewable once again."
9429
msgstr ""
9430
9431
#: serverguide/C/security.xml:1718(title)
9432
msgid "Automatically Mounting Encrypted Partitions"
9433
msgstr ""
9434
9435
#: serverguide/C/security.xml:1720(para)
9436
msgid ""
9437
"There are a couple of ways to automatically mount an "
9438
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9439
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9440
"mount options, along with a passphrase file residing on a USB key."
9441
msgstr ""
9442
9443
#: serverguide/C/security.xml:1726(para)
9444
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9445
msgstr ""
9446
9447
#: serverguide/C/security.xml:1730(programlisting)
9448
#, no-wrap
9449
msgid ""
9450
"\n"
9451
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9452
"ecryptfs_sig=5826dd62cf81c615\n"
9453
"ecryptfs_cipher=aes\n"
9454
"ecryptfs_key_bytes=16\n"
9455
"ecryptfs_passthrough=n\n"
9456
"ecryptfs_enable_filename_crypto=n\n"
9457
msgstr ""
9458
9459
#: serverguide/C/security.xml:1740(para)
9460
msgid ""
9461
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9462
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9463
msgstr ""
9464
9465
#: serverguide/C/security.xml:1745(para)
9466
msgid ""
9467
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9468
"file:"
9469
msgstr ""
9470
9471
#: serverguide/C/security.xml:1749(programlisting)
9472
#, no-wrap
9473
msgid ""
9474
"\n"
9475
"passphrase_passwd=[secrets]\n"
9476
msgstr ""
9477
9478
#: serverguide/C/security.xml:1753(para)
9479
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9480
msgstr ""
9481
9482
#: serverguide/C/security.xml:1757(programlisting)
9483
#, no-wrap
9484
msgid ""
9485
"\n"
9486
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9487
"/srv /srv ecryptfs defaults 0 0\n"
9488
msgstr ""
9489
9490
#: serverguide/C/security.xml:1762(para)
9491
msgid "Make sure the USB drive is mounted before the encrypted partition."
9492
msgstr ""
9493
9494
#: serverguide/C/security.xml:1766(para)
9495
msgid ""
9496
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9497
"ecryptfs."
9498
msgstr ""
9499
9500
#: serverguide/C/security.xml:1774(para)
9501
msgid ""
9502
"The <application>ecryptfs-utils</application> package includes several other "
9503
"useful utilities:"
9504
msgstr ""
9505
9506
#: serverguide/C/security.xml:1780(para)
9507
msgid ""
9508
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9509
"<filename>~/Private</filename> directory to contain encrypted information. "
9510
"This utility can be run by unprivileged users to keep data private from "
9511
"other users on the system."
9512
msgstr ""
9513
9514
#: serverguide/C/security.xml:1787(para)
9515
msgid ""
9516
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9517
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9518
"directory."
9519
msgstr ""
9520
9521
#: serverguide/C/security.xml:1793(para)
9522
msgid ""
9523
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9524
"kernel keyring."
9525
msgstr ""
9526
9527
#: serverguide/C/security.xml:1798(para)
9528
msgid ""
9529
"<emphasis>ecryptfs-manager:</emphasis> manages "
9530
"<application>eCryptfs</application> objects such as keys."
9531
msgstr ""
9532
9533
#: serverguide/C/security.xml:1803(para)
9534
msgid ""
9535
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9536
"<application>ecryptfs</application> meta information for a file."
9537
msgstr ""
9538
9539
#: serverguide/C/security.xml:1816(para)
9540
msgid ""
9541
"For more information on eCryptfs see the <ulink "
9542
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9543
msgstr ""
9544
9545
#: serverguide/C/security.xml:1821(para)
9546
msgid ""
9547
"There is also a <ulink "
9548
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9549
"article covering eCryptfs."
9550
msgstr ""
9551
9552
#: serverguide/C/security.xml:1826(para)
9553
msgid ""
9554
"Also, for more <application>ecryptfs</application> options see the <ulink "
9555
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9556
"ecryptfs man page</ulink>."
9557
msgstr ""
9558
9559
#: serverguide/C/security.xml:1832(para)
9560
msgid ""
9561
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9562
"Ubuntu Wiki</ulink> page also has more details."
9563
msgstr ""
9564
9565
#: serverguide/C/reporting-bugs.xml:13(title)
9566
msgid "Appendix"
9567
msgstr ""
9568
9569
#: serverguide/C/reporting-bugs.xml:16(title)
9570
msgid "Reporting Bugs in Ubuntu Server Edition"
9571
msgstr ""
9572
9573
#: serverguide/C/reporting-bugs.xml:18(para)
9574
msgid ""
9575
"While the Ubuntu Project attempts to release software with as few bugs as "
9576
"possible, they do occur. You can help fix these bugs by reporting ones that "
9577
"you find to the project. The Ubuntu Project uses <ulink "
9578
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9579
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9580
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9581
"account</ulink>."
9582
msgstr ""
9583
9584
#: serverguide/C/reporting-bugs.xml:30(title)
9585
msgid "Reporting Bugs With ubuntu-bug"
9586
msgstr ""
9587
9588
#: serverguide/C/reporting-bugs.xml:32(para)
9589
msgid ""
9590
"The preferred way to report a bug is with the <application>ubuntu-"
9591
"bug</application> command. The ubuntu-bug tool gathers information about the "
9592
"system useful to developers in diagnosing the reported problem that will "
9593
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9594
"need to be filed against a specific software package, thus the name of the "
9595
"package that the bug occurs in needs to be given to ubuntu-bug:"
9596
msgstr ""
9597
9598
#: serverguide/C/reporting-bugs.xml:43(command)
9599
msgid "ubuntu-bug PACKAGENAME"
9600
msgstr ""
9601
9602
#: serverguide/C/reporting-bugs.xml:46(para)
9603
msgid ""
9604
"For example, to file a bug against the openssh-server package, you would do:"
9605
msgstr ""
9606
9607
#: serverguide/C/reporting-bugs.xml:51(command)
9608
msgid "ubuntu-bug openssh-server"
9609
msgstr ""
9610
9611
#: serverguide/C/reporting-bugs.xml:54(para)
9612
msgid ""
9613
"You can specify either a binary package or the source package for ubuntu-"
9614
"bug. Again using openssh-server as an example, you could also generate the "
9615
"report against the source package for openssh-server, openssh:"
9616
msgstr ""
9617
9618
#: serverguide/C/reporting-bugs.xml:62(command)
9619
msgid "ubuntu-bug openssh"
9620
msgstr ""
9621
9622
#: serverguide/C/reporting-bugs.xml:66(para)
9623
msgid ""
9624
"See <xref linkend=\"package-management\"/> for more information about "
9625
"packages in Ubuntu."
9626
msgstr ""
9627
9628
#: serverguide/C/reporting-bugs.xml:72(para)
9629
msgid ""
9630
"The ubuntu-bug command will gather information about the system in question, "
9631
"possibly including information specific to the specified package, and then "
9632
"ask you what you would like to do with collected information:"
9633
msgstr ""
9634
9635
#: serverguide/C/reporting-bugs.xml:80(command)
9636
msgid "ubuntu-bug postgresql"
9637
msgstr ""
9638
9639
#: serverguide/C/reporting-bugs.xml:79(screen)
9640
#, no-wrap
9641
msgid ""
9642
"\n"
9643
"<placeholder-1/>\n"
9644
"\n"
9645
"*** Collecting problem information\n"
9646
"\n"
9647
"The collected information can be sent to the developers to improve the\n"
9648
"application. This might take a few minutes.\n"
9649
"..........\n"
9650
"\n"
9651
"*** Send problem report to the developers?\n"
9652
"\n"
9653
"After the problem report has been sent, please fill out the form in the\n"
9654
"automatically opened web browser.\n"
9655
"\n"
9656
"What would you like to do? Your options are:\n"
9657
" S: Send report (1.7 KiB)\n"
9658
" V: View report\n"
9659
" K: Keep report file for sending later or copying to somewhere else\n"
9660
" C: Cancel\n"
9661
"Please choose (S/V/K/C):\n"
9662
msgstr ""
9663
9664
#: serverguide/C/reporting-bugs.xml:101(para)
9665
msgid "The options available are:"
9666
msgstr ""
9667
9668
#: serverguide/C/reporting-bugs.xml:108(para)
9669
msgid ""
9670
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9671
"the collected information to Launchpad as part of the the process of filing "
9672
"a bug report. You will be given the opportunity to describe the situation "
9673
"that led up to the occurrence of the bug."
9674
msgstr ""
9675
9676
#: serverguide/C/reporting-bugs.xml:115(screen)
9677
#, no-wrap
9678
msgid ""
9679
"\n"
9680
"*** Uploading problem information\n"
9681
"\n"
9682
"The collected information is being sent to the bug tracking system.\n"
9683
"This might take a few minutes.\n"
9684
"91%\n"
9685
"\n"
9686
"*** To continue, you must visit the following URL:\n"
9687
"\n"
9688
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9689
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9690
"\n"
9691
"You can launch a browser now, or copy this URL into a browser on another\n"
9692
"computer.\n"
9693
"\n"
9694
"Choices:\n"
9695
" 1: Launch a browser now\n"
9696
" C: Cancel\n"
9697
"Please choose (1/C):\n"
9698
msgstr ""
9699
9700
#: serverguide/C/reporting-bugs.xml:135(para)
9701
msgid ""
9702
"If you choose to start a browser, by default the text based web browser "
9703
"<application>w3m</application> will be used to finish filing the bug report. "
9704
"Alternately, you can copy the given URL to a currently running web browser."
9705
msgstr ""
9706
9707
#: serverguide/C/reporting-bugs.xml:144(para)
9708
msgid ""
9709
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9710
"the collected information to be displayed to the terminal for review."
9711
msgstr ""
9712
9713
#: serverguide/C/reporting-bugs.xml:150(screen)
9714
#, no-wrap
9715
msgid ""
9716
"\n"
9717
"Package: postgresql 8.4.2-2\n"
9718
"PackageArchitecture: all\n"
9719
"Tags: lucid\n"
9720
"ProblemType: Bug\n"
9721
"ProcEnviron:\n"
9722
" LANG=en_US.UTF-8\n"
9723
" SHELL=/bin/bash\n"
9724
"Uname: Linux 2.6.32-16-server x86_64\n"
9725
"Dependencies:\n"
9726
" adduser 3.112ubuntu1\n"
9727
" base-files 5.0.0ubuntu10\n"
9728
" base-passwd 3.5.22\n"
9729
" coreutils 7.4-2ubuntu2\n"
9730
"...\n"
9731
msgstr ""
9732
9733
#: serverguide/C/reporting-bugs.xml:167(para)
9734
msgid ""
9735
"After viewing the report, you will be brought back to the same menu asking "
9736
"what you would like to do with the report."
9737
msgstr ""
9738
9739
#: serverguide/C/reporting-bugs.xml:174(para)
9740
msgid ""
9741
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9742
"File causes the gathered information to be written to a file. This file can "
9743
"then be used to later file a bug report or transferred to a different Ubuntu "
9744
"system for reporting. To submit the report file, simply give it as an "
9745
"argument to the ubuntu-bug command:"
9746
msgstr ""
9747
9748
#: serverguide/C/reporting-bugs.xml:189(userinput)
9749
#, no-wrap
9750
msgid "k"
9751
msgstr ""
9752
9753
#: serverguide/C/reporting-bugs.xml:192(command)
9754
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9755
msgstr ""
9756
9757
#: serverguide/C/reporting-bugs.xml:183(screen)
9758
#, no-wrap
9759
msgid ""
9760
"\n"
9761
"What would you like to do? Your options are:\n"
9762
" S: Send report (1.7 KiB)\n"
9763
" V: View report\n"
9764
" K: Keep report file for sending later or copying to somewhere else\n"
9765
" C: Cancel\n"
9766
"Please choose (S/V/K/C): <placeholder-1/>\n"
9767
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9768
"\n"
9769
"<placeholder-2/>\n"
9770
"\n"
9771
"*** Send problem report to the developers?\n"
9772
"...\n"
9773
msgstr ""
9774
9775
#: serverguide/C/reporting-bugs.xml:200(para)
9776
msgid ""
9777
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9778
"collected information to be discarded."
9779
msgstr ""
9780
9781
#: serverguide/C/reporting-bugs.xml:210(title)
9782
msgid "Reporting Application Crashes"
9783
msgstr ""
9784
9785
#: serverguide/C/reporting-bugs.xml:212(para)
9786
msgid ""
9787
"The software package that provides the ubuntu-bug utility, "
9788
"<application>apport</application>, can be configured to trigger when "
9789
"applications crash. This is disabled by default, as capturing a crash can be "
9790
"resource intensive depending on how much memory the application that crashed "
9791
"was using as apport captures and processes the core dump."
9792
msgstr ""
9793
9794
#: serverguide/C/reporting-bugs.xml:221(para)
9795
msgid ""
9796
"Configuring apport to capture information about crashing applications "
9797
"requires a couple of steps. First, <application>gdb</application> needs to "
9798
"be installed; it is not installed by default in Ubuntu Server Edition."
9799
msgstr ""
9800
9801
#: serverguide/C/reporting-bugs.xml:229(command)
9802
msgid "sudo apt-get install gdb"
9803
msgstr ""
9804
9805
#: serverguide/C/reporting-bugs.xml:232(para)
9806
msgid ""
9807
"See <xref linkend=\"package-management\"/> for more information about "
9808
"managing packages in Ubuntu."
9809
msgstr ""
9810
9811
#: serverguide/C/reporting-bugs.xml:237(para)
9812
msgid ""
9813
"Once you have ensured that gdb is installed, open the file "
9814
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9815
"<emphasis>enabled</emphasis> setting to be <emphasis "
9816
"role=\"bold\">1</emphasis> like so:"
9817
msgstr ""
9818
9819
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9820
#, no-wrap
9821
msgid ""
9822
"\n"
9823
"# set this to 0 to disable apport, or to 1 to enable it\n"
9824
"# you can temporarily override this with\n"
9825
"# sudo service apport start force_start=1\n"
9826
"enabled=<userinput>1</userinput>\n"
9827
"\n"
9828
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9829
"maxsize=209715200\n"
9830
msgstr ""
9831
9832
#: serverguide/C/reporting-bugs.xml:254(para)
9833
msgid ""
9834
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9835
"start the apport service:"
9836
msgstr ""
9837
9838
#: serverguide/C/reporting-bugs.xml:261(command)
9839
msgid "sudo start apport"
9840
msgstr ""
9841
9842
#: serverguide/C/reporting-bugs.xml:264(para)
9843
msgid ""
9844
"After an application crashes, use the <application>apport-cli</application> "
9845
"command to search for the existing saved crash report information:"
9846
msgstr ""
9847
9848
#: serverguide/C/reporting-bugs.xml:271(command)
9849
msgid "apport-cli"
9850
msgstr ""
9851
9852
#: serverguide/C/reporting-bugs.xml:270(screen)
9853
#, no-wrap
9854
msgid ""
9855
"\n"
9856
"<placeholder-1/>\n"
9857
"\n"
9858
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9859
"\n"
9860
"If you were not doing anything confidential (entering passwords or other\n"
9861
"private information), you can help to improve the application by\n"
9862
"reporting\n"
9863
"the problem.\n"
9864
"\n"
9865
"What would you like to do? Your options are:\n"
9866
" R: Report Problem...\n"
9867
" I: Cancel and ignore future crashes of this program version\n"
9868
" C: Cancel\n"
9869
"Please choose (R/I/C):\n"
9870
msgstr ""
9871
9872
#: serverguide/C/reporting-bugs.xml:287(para)
9873
msgid ""
9874
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9875
"steps as when using ubuntu-bug. One important difference is that a crash "
9876
"report will be marked as private when filed on Launchpad, meaning that it "
9877
"will be visible to only a limited set of bug triagers. These triagers will "
9878
"review the gathered data for private information before making the bug "
9879
"report publicly visible."
9880
msgstr ""
9881
9882
#: serverguide/C/reporting-bugs.xml:307(para)
9883
msgid ""
9884
"See the <ulink "
9885
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9886
"Bugs</ulink> Ubuntu wiki page."
9887
msgstr ""
9888
9889
#: serverguide/C/reporting-bugs.xml:313(para)
9890
msgid ""
9891
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9892
"has some useful information. Though some of it pertains to using a GUI."
9893
msgstr ""
9894
9895
#: serverguide/C/remote-administration.xml:13(title)
9896
msgid "Remote Administration"
9897
msgstr ""
9898
9899
#: serverguide/C/remote-administration.xml:14(para)
9900
msgid ""
9901
"There are many ways to remotely administer a Linux server. This chapter will "
9902
"cover one of the most popular <application>OpenSSH</application>."
9903
msgstr ""
9904
9905
#: serverguide/C/remote-administration.xml:22(para)
9906
msgid ""
9907
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9908
"tools for the remote control of networked computers and transfer of data "
9909
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9910
"also learn about some of the configuration settings possible with the "
9911
"OpenSSH server application and how to change them on your Ubuntu system."
9912
msgstr ""
9913
9914
#: serverguide/C/remote-administration.xml:29(para)
9915
msgid ""
9916
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9917
"family of tools for remotely controlling a computer or transferring files "
9918
"between computers. Traditional tools used to accomplish these functions, "
9919
"such as <application>telnet</application> or <application>rcp</application>, "
9920
"are insecure and transmit the user's password in cleartext when used. "
9921
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9922
"encrypted remote control and file transfer operations, effectively replacing "
9923
"the legacy tools."
9924
msgstr ""
9925
9926
#: serverguide/C/remote-administration.xml:38(para)
9927
msgid ""
9928
"The OpenSSH server component, <application>sshd</application>, listens "
9929
"continuously for client connections from any of the client tools. When a "
9930
"connection request occurs, <application>sshd</application> sets up the "
9931
"correct connection depending on the type of client tool connecting. For "
9932
"example, if the remote computer is connecting with the "
9933
"<application>ssh</application> client application, the OpenSSH server sets "
9934
"up a remote control session after authentication. If a remote user connects "
9935
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9936
"daemon initiates a secure copy of files between the server and client after "
9937
"authentication. OpenSSH can use many authentication methods, including plain "
9938
"password, public key, and <application>Kerberos</application> tickets."
9939
msgstr ""
9940
9941
#: serverguide/C/remote-administration.xml:52(para)
9942
msgid ""
9943
"Installation of the OpenSSH client and server applications is simple. To "
9944
"install the OpenSSH client applications on your Ubuntu system, use this "
9945
"command at a terminal prompt:"
9946
msgstr ""
9947
9948
#: serverguide/C/remote-administration.xml:58(command)
9949
msgid "sudo apt-get install openssh-client"
9950
msgstr ""
9951
9952
#: serverguide/C/remote-administration.xml:60(para)
9953
msgid ""
9954
"To install the OpenSSH server application, and related support files, use "
9955
"this command at a terminal prompt:"
9956
msgstr ""
9957
9958
#: serverguide/C/remote-administration.xml:65(command)
9959
msgid "sudo apt-get install openssh-server"
9960
msgstr ""
9961
9962
#: serverguide/C/remote-administration.xml:67(para)
9963
msgid ""
9964
"The <application>openssh-server</application> package can also be selected "
9965
"to install during the Server Edition installation process."
9966
msgstr ""
9967
9968
#: serverguide/C/remote-administration.xml:74(para)
9969
msgid ""
9970
"You may configure the default behavior of the OpenSSH server application, "
9971
"<application>sshd</application>, by editing the file "
9972
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9973
"configuration directives used in this file, you may view the appropriate "
9974
"manual page with the following command, issued at a terminal prompt:"
9975
msgstr ""
9976
9977
#: serverguide/C/remote-administration.xml:82(command)
9978
msgid "man sshd_config"
9979
msgstr ""
9980
9981
#: serverguide/C/remote-administration.xml:84(para)
9982
msgid ""
9983
"There are many directives in the <application>sshd</application> "
9984
"configuration file controlling such things as communication settings and "
9985
"authentication modes. The following are examples of configuration directives "
9986
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9987
"file."
9988
msgstr ""
9989
9990
#: serverguide/C/remote-administration.xml:91(para)
9991
msgid ""
9992
"Prior to editing the configuration file, you should make a copy of the "
9993
"original file and protect it from writing so you will have the original "
9994
"settings as a reference and to reuse as necessary."
9995
msgstr ""
9996
9997
#: serverguide/C/remote-administration.xml:95(para)
9998
msgid ""
9999
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10000
"writing with the following commands, issued at a terminal prompt:"
10001
msgstr ""
10002
10003
#: serverguide/C/remote-administration.xml:100(command)
10004
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10005
msgstr ""
10006
10007
#: serverguide/C/remote-administration.xml:101(command)
10008
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10009
msgstr ""
10010
10011
#: serverguide/C/remote-administration.xml:103(para)
10012
msgid ""
10013
"The following are examples of configuration directives you may change:"
10014
msgstr ""
10015
10016
#: serverguide/C/remote-administration.xml:108(para)
10017
msgid ""
10018
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10019
"port 22, change the Port directive as such:"
10020
msgstr ""
10021
10022
#: serverguide/C/remote-administration.xml:112(para)
10023
msgid "Port 2222"
10024
msgstr ""
10025
10026
#: serverguide/C/remote-administration.xml:117(para)
10027
msgid ""
10028
"To have <application>sshd</application> allow public key-based login "
10029
"credentials, simply add or modify the line:"
10030
msgstr ""
10031
10032
#: serverguide/C/remote-administration.xml:121(para)
10033
msgid "PubkeyAuthentication yes"
10034
msgstr ""
10035
10036
#: serverguide/C/remote-administration.xml:124(para)
10037
msgid ""
10038
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10039
"present, ensure the line is not commented out."
10040
msgstr ""
10041
10042
#: serverguide/C/remote-administration.xml:130(para)
10043
msgid ""
10044
"To make your OpenSSH server display the contents of the "
10045
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10046
"or modify the line:"
10047
msgstr ""
10048
10049
#: serverguide/C/remote-administration.xml:135(para)
10050
msgid "Banner /etc/issue.net"
10051
msgstr ""
10052
10053
#: serverguide/C/remote-administration.xml:138(para)
10054
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10055
msgstr ""
10056
10057
#: serverguide/C/remote-administration.xml:143(para)
10058
msgid ""
10059
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10060
"save the file, and restart the <application>sshd</application> server "
10061
"application to effect the changes using the following command at a terminal "
10062
"prompt:"
10063
msgstr ""
10064
10065
#: serverguide/C/remote-administration.xml:152(para)
10066
msgid ""
10067
"Many other configuration directives for <application>sshd</application> are "
10068
"available for changing the server application's behavior to fit your needs. "
10069
"Be advised, however, if your only method of access to a server is "
10070
"<application>ssh</application>, and you make a mistake in configuring "
10071
"<application>sshd</application> via the "
10072
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10073
"out of the server upon restarting it, or that the "
10074
"<application>sshd</application> server refuses to start due to an incorrect "
10075
"configuration directive, so be extra careful when editing this file on a "
10076
"remote server."
10077
msgstr ""
10078
10079
#: serverguide/C/remote-administration.xml:167(title)
10080
msgid "SSH Keys"
10081
msgstr ""
10082
10083
#: serverguide/C/remote-administration.xml:168(para)
10084
msgid ""
10085
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10086
"the need of a password. SSH key authentication uses two keys a "
10087
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10088
msgstr ""
10089
10090
#: serverguide/C/remote-administration.xml:172(para)
10091
msgid "To generate the keys, from a terminal prompt enter:"
10092
msgstr ""
10093
10094
#: serverguide/C/remote-administration.xml:176(command)
10095
msgid "ssh-keygen -t dsa"
10096
msgstr ""
10097
10098
#: serverguide/C/remote-administration.xml:178(para)
10099
msgid ""
10100
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10101
"identity of the user. During the process you will be prompted for a "
10102
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10103
"key."
10104
msgstr ""
10105
10106
#: serverguide/C/remote-administration.xml:182(para)
10107
msgid ""
10108
"By default the <emphasis>public</emphasis> key is saved in the file "
10109
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10110
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10111
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10112
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10113
msgstr ""
10114
10115
#: serverguide/C/remote-administration.xml:188(command)
10116
msgid "ssh-copy-id username@remotehost"
10117
msgstr ""
10118
10119
#: serverguide/C/remote-administration.xml:190(para)
10120
msgid ""
10121
"Finally, double check the permissions on the "
10122
"<filename>authorized_keys</filename> file, only the authenticated user "
10123
"should have read and write permissions. If the permissions are not correct "
10124
"change them by:"
10125
msgstr ""
10126
10127
#: serverguide/C/remote-administration.xml:195(command)
10128
msgid "chmod 600 .ssh/authorized_keys"
10129
msgstr ""
10130
10131
#: serverguide/C/remote-administration.xml:197(para)
10132
msgid ""
10133
"You should now be able to SSH to the host without being prompted for a "
10134
"password."
10135
msgstr ""
10136
10137
#: serverguide/C/remote-administration.xml:206(para)
10138
msgid ""
10139
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10140
"page."
10141
msgstr ""
10142
10143
#: serverguide/C/remote-administration.xml:212(ulink)
10144
msgid "OpenSSH Website"
10145
msgstr ""
10146
10147
#: serverguide/C/remote-administration.xml:217(ulink)
10148
msgid "Advanced OpenSSH Wiki Page"
10149
msgstr ""
10150
10151
#: serverguide/C/package-management.xml:13(title)
10152
msgid "Package Management"
10153
msgstr ""
10154
10155
#: serverguide/C/package-management.xml:14(para)
10156
msgid ""
10157
"Ubuntu features a comprehensive package management system for the "
10158
"installation, upgrade, configuration, and removal of software. In addition "
10159
"to providing access to an organized base of over 24,000 software packages "
10160
"for your Ubuntu computer, the package management facilities also feature "
10161
"dependency resolution capabilities and software update checking."
10162
msgstr ""
10163
10164
#: serverguide/C/package-management.xml:16(para)
10165
msgid ""
10166
"Several tools are available for interacting with Ubuntu's package management "
10167
"system, from simple command-line utilities which may be easily automated by "
10168
"system administrators, to a simple graphical interface which is easy to use "
10169
"by those new to Ubuntu."
10170
msgstr ""
10171
10172
#: serverguide/C/package-management.xml:21(para)
10173
msgid ""
10174
"Ubuntu's package management system is derived from the same system used by "
10175
"the Debian GNU/Linux distribution. The package files contain all of the "
10176
"necessary files, meta-data, and instructions to implement a particular "
10177
"functionality or software application on your Ubuntu computer."
10178
msgstr ""
10179
10180
#: serverguide/C/package-management.xml:24(para)
10181
msgid ""
10182
"Debian package files typically have the extension '.deb', and typically "
10183
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10184
"collections of packages found on various media, such as CD-ROM discs, or "
10185
"online. Packages are normally of the pre-compiled binary format; thus "
10186
"installation is quick and requires no compiling of software."
10187
msgstr ""
10188
10189
#: serverguide/C/package-management.xml:27(para)
10190
msgid ""
10191
"Many complex packages use the concept of <emphasis "
10192
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10193
"packages required by the principal package in order to function properly. "
10194
"For example, the speech synthesis package "
10195
"<application>Festival</application> depends upon the package "
10196
"<application>libasound2</application>, which is a package supplying the "
10197
"<application>ALSA</application> sound library needed for audio playback. In "
10198
"order for <application>Festival</application> to function, it and all of its "
10199
"dependencies must be installed. The software management tools in Ubuntu will "
10200
"do this automatically."
10201
msgstr ""
10202
10203
#: serverguide/C/package-management.xml:32(title)
10204
msgid "dpkg"
10205
msgstr ""
10206
10207
#: serverguide/C/package-management.xml:34(para)
10208
msgid ""
10209
"<application>dpkg</application> is a package manager for "
10210
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10211
"packages, but unlike other package management system's it can not "
10212
"automatically download and install packages and their dependencies. This "
10213
"section covers using <application>dpkg</application> to manage locally "
10214
"installed packages:"
10215
msgstr ""
10216
10217
#: serverguide/C/package-management.xml:43(para)
10218
msgid ""
10219
"To list all packages installed on the system, from a terminal prompt enter:"
10220
msgstr ""
10221
10222
#: serverguide/C/package-management.xml:48(command)
10223
msgid "dpkg -l"
10224
msgstr ""
10225
10226
#: serverguide/C/package-management.xml:54(para)
10227
msgid ""
10228
"Depending on the amount of packages on your system, this can generate a "
10229
"large amount of output. Pipe the output through "
10230
"<application>grep</application> to see if a specific package is installed:"
10231
msgstr ""
10232
10233
#: serverguide/C/package-management.xml:60(command)
10234
msgid "dpkg -l | grep apache2"
10235
msgstr ""
10236
10237
#: serverguide/C/package-management.xml:63(para)
10238
msgid ""
10239
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10240
"package name, or other regular expression."
10241
msgstr ""
10242
10243
#: serverguide/C/package-management.xml:70(para)
10244
msgid ""
10245
"To list the files installed by a package, in this case the "
10246
"<application>ufw</application> package, enter:"
10247
msgstr ""
10248
10249
#: serverguide/C/package-management.xml:75(command)
10250
msgid "dpkg -L ufw"
10251
msgstr ""
10252
10253
#: serverguide/C/package-management.xml:81(para)
10254
msgid ""
10255
"If you are not sure which package installed a file, <application>dpkg -"
10256
"S</application> may be able to tell you. For example:"
10257
msgstr ""
10258
10259
#: serverguide/C/package-management.xml:87(command)
10260
msgid "dpkg -S /etc/host.conf"
10261
msgstr ""
10262
10263
#: serverguide/C/package-management.xml:88(computeroutput)
10264
#, no-wrap
10265
msgid "base-files: /etc/host.conf"
10266
msgstr ""
10267
10268
#: serverguide/C/package-management.xml:91(para)
10269
msgid ""
10270
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10271
"<application>base-files</application> package."
10272
msgstr ""
10273
10274
#: serverguide/C/package-management.xml:96(para)
10275
msgid ""
10276
"Many files are automatically generated during the package install process, "
10277
"and even though they are on the filesystem <command>dpkg -S</command> may "
10278
"not know which package they belong to."
10279
msgstr ""
10280
10281
#: serverguide/C/package-management.xml:105(para)
10282
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10283
msgstr ""
10284
10285
#: serverguide/C/package-management.xml:110(command)
10286
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10287
msgstr ""
10288
10289
#: serverguide/C/package-management.xml:113(para)
10290
msgid ""
10291
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10292
"the local .deb file."
10293
msgstr ""
10294
10295
#: serverguide/C/package-management.xml:120(para)
10296
msgid "Uninstalling a package can be accomplished by:"
10297
msgstr ""
10298
10299
#: serverguide/C/package-management.xml:125(command)
10300
msgid "sudo dpkg -r zip"
10301
msgstr ""
10302
10303
#: serverguide/C/package-management.xml:129(para)
10304
msgid ""
10305
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10306
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10307
"manager that handles dependencies, to ensure that the system is in a "
10308
"consistent state. For example using <command>dpkg -r</command> you can "
10309
"remove the <application>zip</application> package, but any packages that "
10310
"depend on it will still be installed and may no longer function correctly."
10311
msgstr ""
10312
10313
#: serverguide/C/package-management.xml:140(para)
10314
msgid ""
10315
"For more <application>dpkg</application> options see the man page: "
10316
"<command>man dpkg</command>."
10317
msgstr ""
10318
10319
#: serverguide/C/package-management.xml:146(title)
10320
msgid "Apt-Get"
10321
msgstr ""
10322
10323
#: serverguide/C/package-management.xml:147(para)
10324
msgid ""
10325
"The <application>apt-get</application> command is a powerful command-line "
10326
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10327
"(APT) performing such functions as installation of new software packages, "
10328
"upgrade of existing software packages, updating of the package list index, "
10329
"and even upgrading the entire Ubuntu system."
10330
msgstr ""
10331
10332
#: serverguide/C/package-management.xml:150(para)
10333
msgid ""
10334
"Being a simple command-line tool, <application>apt-get</application> has "
10335
"numerous advantages over other package management tools available in Ubuntu "
10336
"for server administrators. Some of these advantages include ease of use over "
10337
"simple terminal connections (SSH) and the ability to be used in system "
10338
"administration scripts, which can in turn be automated by the "
10339
"<application>cron</application> scheduling utility."
10340
msgstr ""
10341
10342
#: serverguide/C/package-management.xml:157(para)
10343
msgid ""
10344
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10345
"packages using the <application>apt-get</application> tool is quite simple. "
10346
"For example, to install the network scanner <emphasis "
10347
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10348
"<command>sudo apt-get install nmap</command>\n"
10349
"</screen>"
10350
msgstr ""
10351
10352
#: serverguide/C/package-management.xml:165(para)
10353
msgid ""
10354
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10355
"packages is also a straightforward and simple process. To remove the nmap "
10356
"package installed in the previous example, type the following: <screen>\n"
10357
"<command>sudo apt-get remove nmap</command>\n"
10358
"</screen>"
10359
msgstr ""
10360
10361
#: serverguide/C/package-management.xml:172(para)
10362
msgid ""
10363
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10364
"multiple packages to be installed or removed, separated by spaces."
10365
msgstr ""
10366
10367
#: serverguide/C/package-management.xml:175(para)
10368
msgid ""
10369
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10370
"remove</command> will remove the package configuration files as well. This "
10371
"may or may not be the desired effect so use with caution."
10372
msgstr ""
10373
10374
#: serverguide/C/package-management.xml:181(para)
10375
msgid ""
10376
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10377
"index is essentially a database of available packages from the repositories "
10378
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10379
"the local package index with the latest changes made in repositories, type "
10380
"the following: <screen>\n"
10381
"<command>sudo apt-get update</command>\n"
10382
"</screen>"
10383
msgstr ""
10384
10385
#: serverguide/C/package-management.xml:189(para)
10386
msgid ""
10387
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10388
"versions of packages currently installed on your computer may become "
10389
"available from the package repositories (for example security updates). To "
10390
"upgrade your system, first update your package index as outlined above, and "
10391
"then type: <screen>\n"
10392
"<command>sudo apt-get upgrade</command>\n"
10393
"</screen>"
10394
msgstr ""
10395
10396
#: serverguide/C/package-management.xml:195(para)
10397
msgid ""
10398
"For information on upgrading to a new Ubuntu release see <xref "
10399
"linkend=\"installing-upgrading\"/>."
10400
msgstr ""
10401
10402
#: serverguide/C/package-management.xml:153(para)
10403
msgid ""
10404
"Some examples of popular uses for the <application>apt-get</application> "
10405
"utility: <placeholder-1/>"
10406
msgstr ""
10407
10408
#: serverguide/C/package-management.xml:201(para)
10409
msgid ""
10410
"Actions of the <application>apt-get</application> command, such as "
10411
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10412
"log file."
10413
msgstr ""
10414
10415
#: serverguide/C/package-management.xml:204(para)
10416
msgid ""
10417
"For further information about the use of <application>APT</application>, "
10418
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10419
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10420
"help</screen>"
10421
msgstr ""
10422
10423
#: serverguide/C/package-management.xml:208(title)
10424
msgid "Aptitude"
10425
msgstr ""
10426
10427
#: serverguide/C/package-management.xml:209(para)
10428
msgid ""
10429
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10430
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10431
"the common package management functions, such as installation, removal, and "
10432
"upgrade, are performed in <application>Aptitude</application> with single-"
10433
"key commands, which are typically lowercase letters."
10434
msgstr ""
10435
10436
#: serverguide/C/package-management.xml:212(para)
10437
msgid ""
10438
"<application>Aptitude</application> is best suited for use in a non-"
10439
"graphical terminal environment to ensure proper functioning of the command "
10440
"keys. You may start <application>Aptitude</application> as a normal user "
10441
"with the following command at a terminal prompt: <screen>\n"
10442
"<command>sudo aptitude</command>\n"
10443
"</screen>"
10444
msgstr ""
10445
10446
#: serverguide/C/package-management.xml:219(para)
10447
msgid ""
10448
"When <application>Aptitude</application> starts, you will see a menu bar at "
10449
"the top of the screen and two panes below the menu bar. The top pane "
10450
"contains package categories, such as <emphasis role=\"italics\">New "
10451
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10452
"Packages</emphasis>. The bottom pane contains information related to the "
10453
"packages and package categories."
10454
msgstr ""
10455
10456
#: serverguide/C/package-management.xml:222(para)
10457
msgid ""
10458
"Using <application>Aptitude</application> for package management is "
10459
"relatively straightforward, and the user interface makes common tasks simple "
10460
"to perform. The following are examples of common package management "
10461
"functions as performed in <application>Aptitude</application>:"
10462
msgstr ""
10463
10464
#: serverguide/C/package-management.xml:226(para)
10465
msgid ""
10466
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10467
"locate the package via the Not Installed Packages package category, for "
10468
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10469
"key, and highlight the package you wish to install. After highlighting the "
10470
"package you wish to install, press the <keycap>+</keycap> key, and the "
10471
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10472
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10473
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10474
"again, and you will be prompted to become root to complete the installation. "
10475
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10476
"your user password to become root. Finally, press <keycap>g</keycap> once "
10477
"more and you'll be prompted to download the package. Press "
10478
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10479
"prompt, and downloading and installation of the package will commence."
10480
msgstr ""
10481
10482
#: serverguide/C/package-management.xml:230(para)
10483
msgid ""
10484
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10485
"locate the package via the Installed Packages package category, for example, "
10486
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10487
"highlight the package you wish to remove. After highlighting the package you "
10488
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10489
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10490
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10491
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10492
"prompted to become root to complete the installation. Press "
10493
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10494
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10495
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10496
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10497
"the package will commence."
10498
msgstr ""
10499
10500
#: serverguide/C/package-management.xml:234(para)
10501
msgid ""
10502
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10503
"package index, simply press the <keycap>u</keycap> key and you will be "
10504
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10505
"which will result in a Password: prompt. Enter your user password to become "
10506
"root. Updating of the package index will commence. Press "
10507
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10508
"presented to complete the process."
10509
msgstr ""
10510
10511
#: serverguide/C/package-management.xml:238(para)
10512
msgid ""
10513
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10514
"perform the update of the package index as detailed above, and then press "
10515
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10516
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10517
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10518
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10519
"result in a Password: prompt. Enter your user password to become root. "
10520
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10521
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10522
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10523
"will commence."
10524
msgstr ""
10525
10526
#: serverguide/C/package-management.xml:245(para)
10527
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10528
msgstr ""
10529
10530
#: serverguide/C/package-management.xml:250(para)
10531
msgid ""
10532
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10533
"configuration remains on system"
10534
msgstr ""
10535
10536
#: serverguide/C/package-management.xml:254(para)
10537
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10538
msgstr ""
10539
10540
#: serverguide/C/package-management.xml:258(para)
10541
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10542
msgstr ""
10543
10544
#: serverguide/C/package-management.xml:262(para)
10545
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10546
msgstr ""
10547
10548
#: serverguide/C/package-management.xml:266(para)
10549
msgid ""
10550
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10551
"configured"
10552
msgstr ""
10553
10554
#: serverguide/C/package-management.xml:270(para)
10555
msgid ""
10556
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10557
"and requires fix"
10558
msgstr ""
10559
10560
#: serverguide/C/package-management.xml:274(para)
10561
msgid ""
10562
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10563
"requires fix"
10564
msgstr ""
10565
10566
#: serverguide/C/package-management.xml:242(para)
10567
msgid ""
10568
"The first column of information displayed in the package list in the top "
10569
"pane, when actually viewing packages lists the current state of the package, "
10570
"and uses the following key to describe the state of the package: "
10571
"<placeholder-1/>"
10572
msgstr ""
10573
10574
#: serverguide/C/package-management.xml:280(para)
10575
msgid ""
10576
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10577
"wish to exit. Many other functions are available from the Aptitude menu by "
10578
"pressing the <keycap>F10</keycap> key."
10579
msgstr ""
10580
10581
#: serverguide/C/package-management.xml:285(title)
10582
msgid "Automatic Updates"
10583
msgstr ""
10584
10585
#: serverguide/C/package-management.xml:287(para)
10586
msgid ""
10587
"The <application>unattended-upgrades</application> package can be used to "
10588
"automatically install updated packages, and can be configured to update all "
10589
"packages or just install security updates. First, install the package by "
10590
"entering the following in a terminal:"
10591
msgstr ""
10592
10593
#: serverguide/C/package-management.xml:293(command)
10594
msgid "sudo apt-get install unattended-upgrades"
10595
msgstr ""
10596
10597
#: serverguide/C/package-management.xml:296(para)
10598
msgid ""
10599
"To configure <application>unattended-upgrades</application>, edit "
10600
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10601
"the following to fit your needs:"
10602
msgstr ""
10603
10604
#: serverguide/C/package-management.xml:301(programlisting)
10605
#, no-wrap
10606
msgid ""
10607
"\n"
10608
"Unattended-Upgrade::Allowed-Origins {\n"
10609
" \"Ubuntu maverick-security\";\n"
10610
"// \"Ubuntu maverick-updates\";\n"
10611
"};\n"
10612
msgstr ""
10613
10614
#: serverguide/C/package-management.xml:308(para)
10615
msgid ""
10616
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10617
"will not be automatically updated. To blacklist a package, add it to the "
10618
"list:"
10619
msgstr ""
10620
10621
#: serverguide/C/package-management.xml:313(programlisting)
10622
#, no-wrap
10623
msgid ""
10624
"\n"
10625
"Unattended-Upgrade::Package-Blacklist {\n"
10626
"// \"vim\";\n"
10627
"// \"libc6\";\n"
10628
"// \"libc6-dev\";\n"
10629
"// \"libc6-i686\";\n"
10630
"};\n"
10631
msgstr ""
10632
10633
#: serverguide/C/package-management.xml:323(para)
10634
msgid ""
10635
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10636
"whatever follows \"//\" will not be evaluated."
10637
msgstr ""
10638
10639
#: serverguide/C/package-management.xml:328(para)
10640
msgid ""
10641
"To enable automatic updates, edit "
10642
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10643
"<application>apt</application> configuration options:"
10644
msgstr ""
10645
10646
#: serverguide/C/package-management.xml:332(programlisting)
10647
#, no-wrap
10648
msgid ""
10649
"\n"
10650
"APT::Periodic::Update-Package-Lists \"1\";\n"
10651
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10652
"APT::Periodic::AutocleanInterval \"7\";\n"
10653
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10654
msgstr ""
10655
10656
#: serverguide/C/package-management.xml:339(para)
10657
msgid ""
10658
"The above configuration updates the package list, downloads, and installs "
10659
"available upgrades every day. The local download archive is cleaned every "
10660
"week."
10661
msgstr ""
10662
10663
#: serverguide/C/package-management.xml:345(para)
10664
msgid ""
10665
"You can read more about <application>apt</application> Periodic "
10666
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10667
"header."
10668
msgstr ""
10669
10670
#: serverguide/C/package-management.xml:350(para)
10671
msgid ""
10672
"The results of <application>unattended-upgrades</application> will be logged "
10673
"to <filename>/var/log/unattended-upgrades</filename>."
10674
msgstr ""
10675
10676
#: serverguide/C/package-management.xml:355(title)
10677
msgid "Notifications"
10678
msgstr ""
10679
10680
#: serverguide/C/package-management.xml:357(para)
10681
msgid ""
10682
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10683
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10684
"<application>unattended-upgrades</application> to email an administrator "
10685
"detailing any packages that need upgrading or have problems."
10686
msgstr ""
10687
10688
#: serverguide/C/package-management.xml:362(para)
10689
msgid ""
10690
"Another useful package is <application>apticron</application>. "
10691
"<application>apticron</application> will configure a "
10692
"<application>cron</application> job to email an administrator information "
10693
"about any packages on the system that have updates available, as well as a "
10694
"summary of changes in each package."
10695
msgstr ""
10696
10697
#: serverguide/C/package-management.xml:368(para)
10698
msgid ""
10699
"To install the <application>apticron</application> package, in a terminal "
10700
"enter:"
10701
msgstr ""
10702
10703
#: serverguide/C/package-management.xml:373(command)
10704
msgid "sudo apt-get install apticron"
10705
msgstr ""
10706
10707
#: serverguide/C/package-management.xml:376(para)
10708
msgid ""
10709
"Once the package is installed edit "
10710
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10711
"and other options:"
10712
msgstr ""
10713
10714
#: serverguide/C/package-management.xml:380(programlisting)
10715
#, no-wrap
10716
msgid ""
10717
"\n"
10718
"EMAIL=\"root@example.com\"\n"
10719
msgstr ""
10720
10721
#: serverguide/C/package-management.xml:389(para)
10722
msgid ""
10723
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10724
"system repositories is stored in the /etc/apt/sources.list configuration "
10725
"file. An example of this file is referenced here, along with information on "
10726
"adding or removing repository references from the file."
10727
msgstr ""
10728
10729
#: serverguide/C/package-management.xml:395(para)
10730
msgid ""
10731
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10732
"typical <filename>/etc/apt/sources.list</filename> file."
10733
msgstr ""
10734
10735
#: serverguide/C/package-management.xml:399(para)
10736
msgid ""
10737
"You may edit the file to enable repositories or disable them. For example, "
10738
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10739
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10740
"which appears at the top of the file:"
10741
msgstr ""
10742
10743
#: serverguide/C/package-management.xml:404(screen)
10744
#, no-wrap
10745
msgid ""
10746
"\n"
10747
"# no more prompting for CD-ROM please\n"
10748
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10749
"main restricted\n"
10750
msgstr ""
10751
10752
#: serverguide/C/package-management.xml:410(title)
10753
msgid "Extra Repositories"
10754
msgstr ""
10755
10756
#: serverguide/C/package-management.xml:411(para)
10757
msgid ""
10758
"In addition to the officially supported package repositories available for "
10759
"Ubuntu, there exist additional community-maintained repositories which add "
10760
"thousands more potential packages for installation. Two of the most popular "
10761
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10762
"repositories. These repositories are not officially supported by Ubuntu, but "
10763
"because they are maintained by the community they generally provide packages "
10764
"which are safe for use with your Ubuntu computer."
10765
msgstr ""
10766
10767
#: serverguide/C/package-management.xml:414(para)
10768
msgid ""
10769
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10770
"licensing issues that prevent them from being distributed with a free "
10771
"operating system, and they may be illegal in your locality."
10772
msgstr ""
10773
10774
#: serverguide/C/package-management.xml:416(para)
10775
msgid ""
10776
"Be advised that neither the <emphasis>Universe</emphasis> or "
10777
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10778
"packages. In particular, there may not be security updates for these "
10779
"packages."
10780
msgstr ""
10781
10782
#: serverguide/C/package-management.xml:420(para)
10783
msgid ""
10784
"Many other package sources are available, sometimes even offering only one "
10785
"package, as in the case of package sources provided by the developer of a "
10786
"single application. You should always be very careful and cautious when "
10787
"using non-standard package sources, however. Research the source and "
10788
"packages carefully before performing any installation, as some package "
10789
"sources and their packages could render your system unstable or non-"
10790
"functional in some respects."
10791
msgstr ""
10792
10793
#: serverguide/C/package-management.xml:423(para)
10794
msgid ""
10795
"By default, the <emphasis>Universe</emphasis> and "
10796
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10797
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10798
"comment the following lines:"
10799
msgstr ""
10800
10801
#: serverguide/C/package-management.xml:430(programlisting)
10802
#, no-wrap
10803
msgid ""
10804
"\n"
10805
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10806
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10807
"\n"
10808
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10809
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10810
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10811
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10812
"\n"
10813
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10814
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10815
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10816
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10817
"\n"
10818
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10819
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10820
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10821
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10822
msgstr ""
10823
10824
#: serverguide/C/package-management.xml:456(para)
10825
msgid ""
10826
"Most of the material covered in this chapter is available in "
10827
"<application>man</application> pages, many of which are available online."
10828
msgstr ""
10829
10830
#: serverguide/C/package-management.xml:463(para)
10831
msgid ""
10832
"The <ulink "
10833
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10834
"re</ulink> Ubuntu wiki page has more information."
10835
msgstr ""
10836
10837
#: serverguide/C/package-management.xml:468(para)
10838
msgid ""
10839
"For more <application>dpkg</application> details see the <ulink "
10840
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10841
" man page</ulink>."
10842
msgstr ""
10843
10844
#: serverguide/C/package-management.xml:474(para)
10845
msgid ""
10846
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10847
"HOWTO</ulink> and <ulink "
10848
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10849
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10850
"<application>apt-get</application> usage."
10851
msgstr ""
10852
10853
#: serverguide/C/package-management.xml:481(para)
10854
msgid ""
10855
"See the <ulink "
10856
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10857
"itude man page</ulink> for more <application>aptitude</application> options."
10858
msgstr ""
10859
10860
#: serverguide/C/package-management.xml:487(para)
10861
msgid ""
10862
"The <ulink "
10863
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10864
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10865
"adding repositories."
10866
msgstr ""
10867
10868
#: serverguide/C/other-apps.xml:13(title)
10869
msgid "Other Useful Applications"
10870
msgstr ""
10871
10872
#: serverguide/C/other-apps.xml:15(para)
10873
msgid ""
10874
"There are many very useful applications developed by the Ubuntu Server Team, "
10875
"and others that are well integrated with Ubuntu Server Edition, that might "
10876
"not be well known. This chapter will showcase some useful applications that "
10877
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10878
"easier."
10879
msgstr ""
10880
10881
#: serverguide/C/other-apps.xml:23(title)
10882
msgid "pam_motd"
10883
msgstr ""
10884
10885
#: serverguide/C/other-apps.xml:25(para)
10886
msgid ""
10887
"When logging into an Ubuntu server you may have noticed the informative "
10888
"Message Of The Day (MOTD). This information is obtained and displayed using "
10889
"a couple of packages:"
10890
msgstr ""
10891
10892
#: serverguide/C/other-apps.xml:32(para)
10893
msgid ""
10894
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10895
"<application>landscape-client</application>, which can be used to manage "
10896
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10897
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10898
"utility which is used to gather the information displayed in the MOTD."
10899
msgstr ""
10900
10901
#: serverguide/C/other-apps.xml:40(para)
10902
msgid ""
10903
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10904
"the MOTD via <application>pam_motd</application> module."
10905
msgstr ""
10906
10907
#: serverguide/C/other-apps.xml:46(para)
10908
msgid ""
10909
"<application>pam_motd</application> executes the scripts in "
10910
"<filename>/etc/update-motd.d</filename> in order based on the number "
10911
"prepended to the script. The output of the scripts is written to "
10912
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10913
"concatenated with <filename>/etc/motd.tail</filename>."
10914
msgstr ""
10915
10916
#: serverguide/C/other-apps.xml:52(para)
10917
msgid ""
10918
"You can add your own dynamic information to the MOTD. For example, to add "
10919
"local weather information:"
10920
msgstr ""
10921
10922
#: serverguide/C/other-apps.xml:58(para)
10923
msgid "First, install the <application>weather-util</application> package:"
10924
msgstr ""
10925
10926
#: serverguide/C/other-apps.xml:63(command)
10927
msgid "sudo apt-get install weather-util"
10928
msgstr ""
10929
10930
#: serverguide/C/other-apps.xml:68(para)
10931
msgid ""
10932
"The <application>weather</application> utility uses METAR data from the "
10933
"National Oceanic and Atmospheric Administration and forecasts from the "
10934
"National Weather Service. In order to find local information you will need "
10935
"the 4-character ICAO location indicator. This can be determined by browsing "
10936
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
10937
"Weather Service</ulink> site."
10938
msgstr ""
10939
10940
#: serverguide/C/other-apps.xml:75(para)
10941
msgid ""
10942
"Although the National Weather Service is a United States government agency "
10943
"there are weather stations available world wide. However, local weather "
10944
"information for all locations outside the U.S. may not be available."
10945
msgstr ""
10946
10947
#: serverguide/C/other-apps.xml:81(para)
10948
msgid ""
10949
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
10950
"script to use <application>weather</application> with your local ICAO "
10951
"indicator:"
10952
msgstr ""
10953
10954
#: serverguide/C/other-apps.xml:86(programlisting)
10955
#, no-wrap
10956
msgid ""
10957
"\n"
10958
"#!/bin/sh\n"
10959
"#\n"
10960
"#\n"
10961
"# Prints the local weather information for the MOTD.\n"
10962
"#\n"
10963
"#\n"
10964
"\n"
10965
"# Replace KINT with your local weather station.\n"
10966
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
10967
"\n"
10968
"echo\n"
10969
"weather -i KINT\n"
10970
"echo\n"
10971
"\n"
10972
msgstr ""
10973
10974
#: serverguide/C/other-apps.xml:104(para)
10975
msgid "Make the script executable:"
10976
msgstr ""
10977
10978
#: serverguide/C/other-apps.xml:109(command)
10979
msgid "sudo chmod 755 /usr/local/bin/local-weather"
10980
msgstr ""
10981
10982
#: serverguide/C/other-apps.xml:113(para)
10983
msgid ""
10984
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
10985
"weather</filename>:"
10986
msgstr ""
10987
10988
#: serverguide/C/other-apps.xml:118(command)
10989
msgid ""
10990
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
10991
msgstr ""
10992
10993
#: serverguide/C/other-apps.xml:122(para)
10994
msgid "Finally, exit the server and re-login to view the new MOTD."
10995
msgstr ""
10996
10997
#: serverguide/C/other-apps.xml:128(para)
10998
msgid ""
10999
"You should now be greeted with some useful information, and some information "
11000
"about the local weather that may not be quite so useful. Hopefully the "
11001
"<application>local-weather</application> example demonstrates the "
11002
"flexibility of <application>pam_motd</application>."
11003
msgstr ""
11004
11005
#: serverguide/C/other-apps.xml:136(title)
11006
msgid "etckeeper"
11007
msgstr ""
11008
11009
#: serverguide/C/other-apps.xml:138(para)
11010
msgid ""
11011
"<application>etckeeper</application> allows the contents of <filename "
11012
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11013
"System (VCS) repository. It hooks into <application>apt</application> to "
11014
"automatically commit changes to <filename>/etc</filename> when packages are "
11015
"installed or upgraded. Placing <filename>/etc</filename> under version "
11016
"control is considered an industry best practice, and the goal of "
11017
"<application>etckeeper</application> is to make this process as painless as "
11018
"possible."
11019
msgstr ""
11020
11021
#: serverguide/C/other-apps.xml:146(para)
11022
msgid ""
11023
"Install <application>etckeeper</application> by entering the following in a "
11024
"terminal:"
11025
msgstr ""
11026
11027
#: serverguide/C/other-apps.xml:151(command)
11028
msgid "sudo apt-get install etckeeper"
11029
msgstr ""
11030
11031
#: serverguide/C/other-apps.xml:154(para)
11032
msgid ""
11033
"The main configuration file, "
11034
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11035
"main option is which VCS to use. By default "
11036
"<application>etckeeper</application> is configured to use "
11037
"<application>bzr</application> for version control. The repository is "
11038
"automatically initialized (and committed for the first time) during package "
11039
"installation. It is possible to undo this by entering the following command:"
11040
msgstr ""
11041
11042
#: serverguide/C/other-apps.xml:164(command)
11043
msgid "sudo etckeeper uninit"
11044
msgstr ""
11045
11046
#: serverguide/C/other-apps.xml:167(para)
11047
msgid ""
11048
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11049
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11050
"It will also automatically commit changes before and after package "
11051
"installation. For a more precise tracking of changes, it is recommended to "
11052
"commit your changes manually, together with a commit message, using:"
11053
msgstr ""
11054
11055
#: serverguide/C/other-apps.xml:176(command)
11056
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11057
msgstr ""
11058
11059
#: serverguide/C/other-apps.xml:179(para)
11060
msgid ""
11061
"Using the VCS commands you can view log information about files in "
11062
"<filename>/etc</filename>:"
11063
msgstr ""
11064
11065
#: serverguide/C/other-apps.xml:184(command)
11066
msgid "sudo bzr log /etc/passwd"
11067
msgstr ""
11068
11069
#: serverguide/C/other-apps.xml:187(para)
11070
msgid ""
11071
"To demonstrate the integration with the package management system, install "
11072
"<application>postfix</application>:"
11073
msgstr ""
11074
11075
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11076
msgid "sudo apt-get install postfix"
11077
msgstr ""
11078
11079
#: serverguide/C/other-apps.xml:195(para)
11080
msgid ""
11081
"When the installation is finished, all the "
11082
"<application>postfix</application> configuration files should be committed "
11083
"to the repository:"
11084
msgstr ""
11085
11086
#: serverguide/C/other-apps.xml:201(computeroutput)
11087
#, no-wrap
11088
msgid ""
11089
"Committing to: /etc/\n"
11090
"added aliases.db\n"
11091
"modified group\n"
11092
"modified group-\n"
11093
"modified gshadow\n"
11094
"modified gshadow-\n"
11095
"modified passwd\n"
11096
"modified passwd-\n"
11097
"added postfix\n"
11098
"added resolvconf\n"
11099
"added rsyslog.d\n"
11100
"modified shadow\n"
11101
"modified shadow-\n"
11102
"added init.d/postfix\n"
11103
"added network/if-down.d/postfix\n"
11104
"added network/if-up.d/postfix\n"
11105
"added postfix/dynamicmaps.cf\n"
11106
"added postfix/main.cf\n"
11107
"added postfix/master.cf\n"
11108
"added postfix/post-install\n"
11109
"added postfix/postfix-files\n"
11110
"added postfix/postfix-script\n"
11111
"added postfix/sasl\n"
11112
"added ppp/ip-down.d\n"
11113
"added ppp/ip-down.d/postfix\n"
11114
"added ppp/ip-up.d/postfix\n"
11115
"added rc0.d/K20postfix\n"
11116
"added rc1.d/K20postfix\n"
11117
"added rc2.d/S20postfix\n"
11118
"added rc3.d/S20postfix\n"
11119
"added rc4.d/S20postfix\n"
11120
"added rc5.d/S20postfix\n"
11121
"added rc6.d/K20postfix\n"
11122
"added resolvconf/update-libc.d\n"
11123
"added resolvconf/update-libc.d/postfix\n"
11124
"added rsyslog.d/postfix.conf\n"
11125
"added ufw/applications.d/postfix\n"
11126
"Committed revision 2."
11127
msgstr ""
11128
11129
#: serverguide/C/other-apps.xml:241(para)
11130
msgid ""
11131
"For an example of how <application>etckeeper</application> tracks manual "
11132
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11133
"<application>bzr</application> you can see which files have been modified:"
11134
msgstr ""
11135
11136
#: serverguide/C/other-apps.xml:247(command)
11137
msgid "sudo bzr status /etc/"
11138
msgstr ""
11139
11140
#: serverguide/C/other-apps.xml:248(computeroutput)
11141
#, no-wrap
11142
msgid ""
11143
"modified:\n"
11144
" hosts"
11145
msgstr ""
11146
11147
#: serverguide/C/other-apps.xml:252(para)
11148
msgid "Now commit the changes:"
11149
msgstr ""
11150
11151
#: serverguide/C/other-apps.xml:257(command)
11152
msgid "sudo etckeeper commit \"new host\""
11153
msgstr ""
11154
11155
#: serverguide/C/other-apps.xml:260(para)
11156
msgid ""
11157
"For more information on <application>bzr</application> see <xref "
11158
"linkend=\"bazaar\"/>."
11159
msgstr ""
11160
11161
#: serverguide/C/other-apps.xml:266(title)
11162
msgid "Byobu"
11163
msgstr ""
11164
11165
#: serverguide/C/other-apps.xml:268(para)
11166
msgid ""
11167
"One of the most useful applications for any system administrator is "
11168
"<application>screen</application>. It allows the execution of multiple "
11169
"shells in one terminal. To make some of the advanced "
11170
"<application>screen</application> features more user friendly, and provide "
11171
"some useful information about the system, the "
11172
"<application>byobu</application> package was created."
11173
msgstr ""
11174
11175
#: serverguide/C/other-apps.xml:275(para)
11176
msgid ""
11177
"When executing <application>byobu</application> pressing the "
11178
"<emphasis>F9</emphasis> key will bring up the "
11179
"<application>Configuration</application> menu. This menu will allow you to:"
11180
msgstr ""
11181
11182
#: serverguide/C/other-apps.xml:281(para)
11183
msgid "View the Help menu"
11184
msgstr ""
11185
11186
#: serverguide/C/other-apps.xml:282(para)
11187
msgid "Change Byobu's background color"
11188
msgstr ""
11189
11190
#: serverguide/C/other-apps.xml:283(para)
11191
msgid "Change Byobu's foreground color"
11192
msgstr ""
11193
11194
#: serverguide/C/other-apps.xml:284(para)
11195
msgid "Toggle status notifications"
11196
msgstr ""
11197
11198
#: serverguide/C/other-apps.xml:285(para)
11199
msgid "Change the key binding set"
11200
msgstr ""
11201
11202
#: serverguide/C/other-apps.xml:286(para)
11203
msgid "Change the escape sequence"
11204
msgstr ""
11205
11206
#: serverguide/C/other-apps.xml:287(para)
11207
msgid "Create new windows"
11208
msgstr ""
11209
11210
#: serverguide/C/other-apps.xml:288(para)
11211
msgid "Manage the default windows"
11212
msgstr ""
11213
11214
#: serverguide/C/other-apps.xml:289(para)
11215
msgid "Byobu currently does not launch at login (toggle on)"
11216
msgstr ""
11217
11218
#: serverguide/C/other-apps.xml:292(para)
11219
msgid ""
11220
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11221
"sequence, new window, change window, etc. There are two key binding sets to "
11222
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11223
"keys</emphasis>. If you wish to use the original key bindings choose the "
11224
"<emphasis>none</emphasis> set."
11225
msgstr ""
11226
11227
#: serverguide/C/other-apps.xml:298(para)
11228
msgid ""
11229
"<application>byobu</application> provides a menu which displays the Ubuntu "
11230
"release, processor information, memory information, and the time and date. "
11231
"The effect is similar to a desktop menu."
11232
msgstr ""
11233
11234
#: serverguide/C/other-apps.xml:303(para)
11235
msgid ""
11236
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11237
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11238
"executed any time a terminal is opened. Changes made to "
11239
"<application>byobu</application> are on a per user basis, and will not "
11240
"affect other users on the system."
11241
msgstr ""
11242
11243
#: serverguide/C/other-apps.xml:309(para)
11244
msgid ""
11245
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11246
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11247
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11248
"commands. Here is a quick list of movement commands:"
11249
msgstr ""
11250
11251
#: serverguide/C/other-apps.xml:316(para)
11252
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11253
msgstr ""
11254
11255
#: serverguide/C/other-apps.xml:317(para)
11256
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11257
msgstr ""
11258
11259
#: serverguide/C/other-apps.xml:318(para)
11260
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11261
msgstr ""
11262
11263
#: serverguide/C/other-apps.xml:319(para)
11264
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11265
msgstr ""
11266
11267
#: serverguide/C/other-apps.xml:320(para)
11268
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11269
msgstr ""
11270
11271
#: serverguide/C/other-apps.xml:321(para)
11272
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11273
msgstr ""
11274
11275
#: serverguide/C/other-apps.xml:322(para)
11276
msgid ""
11277
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11278
"the buffer)"
11279
msgstr ""
11280
11281
#: serverguide/C/other-apps.xml:323(para)
11282
msgid "<emphasis>/</emphasis> - Search forward"
11283
msgstr ""
11284
11285
#: serverguide/C/other-apps.xml:324(para)
11286
msgid "<emphasis>?</emphasis> - Search backward"
11287
msgstr ""
11288
11289
#: serverguide/C/other-apps.xml:325(para)
11290
msgid ""
11291
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11292
msgstr ""
11293
11294
#: serverguide/C/other-apps.xml:334(para)
11295
msgid ""
11296
"See the <ulink "
11297
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11298
"motd.1.html\">update-motd man page</ulink> for more options available to "
11299
"<application>update-motd</application>."
11300
msgstr ""
11301
11302
#: serverguide/C/other-apps.xml:340(para)
11303
msgid ""
11304
"The Debian Package of the Day <ulink "
11305
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11306
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11307
"details about using the <application>weather</application>utility."
11308
msgstr ""
11309
11310
#: serverguide/C/other-apps.xml:347(para)
11311
msgid ""
11312
"See the <ulink "
11313
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11314
"more details on using <application>etckeeper</application>."
11315
msgstr ""
11316
11317
#: serverguide/C/other-apps.xml:353(para)
11318
msgid ""
11319
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11320
"Ubuntu Wiki</ulink> page."
11321
msgstr ""
11322
11323
#: serverguide/C/other-apps.xml:358(para)
11324
msgid ""
11325
"For the latest news and information about <application>bzr</application> see "
11326
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11327
msgstr ""
11328
11329
#: serverguide/C/other-apps.xml:363(para)
11330
msgid ""
11331
"For more information on <application>screen</application> see the <ulink "
11332
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11333
msgstr ""
11334
11335
#: serverguide/C/other-apps.xml:368(para)
11336
msgid ""
11337
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11338
"screen</ulink> page."
11339
msgstr ""
11340
11341
#: serverguide/C/other-apps.xml:373(para)
11342
msgid ""
11343
"Also, see the <application>byobu</application><ulink "
11344
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11345
"information."
11346
msgstr ""
11347
11348
#: serverguide/C/network-config.xml:14(para)
11349
msgid ""
11350
"Networks consist of two or more devices, such as computer systems, printers, "
11351
"and related equipment which are connected by either physical cabling or "
11352
"wireless links for the purpose of sharing and distributing information among "
11353
"the connected devices."
11354
msgstr ""
11355
11356
#: serverguide/C/network-config.xml:20(para)
11357
msgid ""
11358
"This section provides general and specific information pertaining to "
11359
"networking, including an overview of network concepts and detailed "
11360
"discussion of popular network protocols."
11361
msgstr ""
11362
11363
#: serverguide/C/network-config.xml:27(title)
11364
msgid "Network Configuration"
11365
msgstr ""
11366
11367
#: serverguide/C/network-config.xml:28(para)
11368
msgid ""
11369
"Ubuntu ships with a number of graphical utilities to configure your network "
11370
"devices. This document is geared toward server administrators and will focus "
11371
"on managing your network on the command line."
11372
msgstr ""
11373
11374
#: serverguide/C/network-config.xml:35(title)
11375
msgid "Ethernet Interfaces"
11376
msgstr ""
11377
11378
#: serverguide/C/network-config.xml:36(para)
11379
msgid ""
11380
"Ethernet interfaces are identified by the system using the naming convention "
11381
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11382
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11383
"interface is typically identified as <emphasis "
11384
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11385
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11386
"order."
11387
msgstr ""
11388
11389
#: serverguide/C/network-config.xml:46(title)
11390
msgid "Identify Ethernet Interfaces"
11391
msgstr ""
11392
11393
#: serverguide/C/network-config.xml:47(para)
11394
msgid ""
11395
"To quickly identify all available Ethernet interfaces, you can use the "
11396
"<application>ifconfig</application> command as shown below."
11397
msgstr ""
11398
11399
#: serverguide/C/network-config.xml:52(userinput)
11400
#, no-wrap
11401
msgid "ifconfig -a | grep eth"
11402
msgstr ""
11403
11404
#: serverguide/C/network-config.xml:51(screen)
11405
#, no-wrap
11406
msgid ""
11407
"\n"
11408
"<placeholder-1/>\n"
11409
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11410
msgstr ""
11411
11412
#: serverguide/C/network-config.xml:55(para)
11413
msgid ""
11414
"Another application that can help identify all network interfaces available "
11415
"to your system is the <application>lshw</application> command. In the "
11416
"example below, <application>lshw</application> shows a single Ethernet "
11417
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11418
"along with bus information, driver details and all supported capabilities."
11419
msgstr ""
11420
11421
#: serverguide/C/network-config.xml:62(userinput)
11422
#, no-wrap
11423
msgid "sudo lshw -class network"
11424
msgstr ""
11425
11426
#: serverguide/C/network-config.xml:61(screen)
11427
#, no-wrap
11428
msgid ""
11429
"\n"
11430
"<placeholder-1/>\n"
11431
" *-network\n"
11432
" description: Ethernet interface\n"
11433
" product: BCM4401-B0 100Base-TX\n"
11434
" vendor: Broadcom Corporation\n"
11435
" physical id: 0\n"
11436
" bus info: pci@0000:03:00.0\n"
11437
" logical name: eth0\n"
11438
" version: 02\n"
11439
" serial: 00:15:c5:4a:16:5a\n"
11440
" size: 10MB/s\n"
11441
" capacity: 100MB/s\n"
11442
" width: 32 bits\n"
11443
" clock: 33MHz\n"
11444
" capabilities: (snipped for brevity)\n"
11445
" configuration: (snipped for brevity)\n"
11446
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11447
msgstr ""
11448
11449
#: serverguide/C/network-config.xml:83(title)
11450
msgid "Ethernet Interface Logical Names"
11451
msgstr ""
11452
11453
#: serverguide/C/network-config.xml:84(para)
11454
msgid ""
11455
"Interface logical names are configured in the file "
11456
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11457
"like control which interface receives a particular logical name, find the "
11458
"line matching the interfaces physical MAC address and modify the value of "
11459
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11460
"Reboot the system to commit your changes."
11461
msgstr ""
11462
11463
#: serverguide/C/network-config.xml:92(programlisting)
11464
#, no-wrap
11465
msgid ""
11466
"\n"
11467
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11468
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11469
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11470
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11471
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11472
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11473
msgstr ""
11474
11475
#: serverguide/C/network-config.xml:99(title)
11476
msgid "Ethernet Interface Settings"
11477
msgstr ""
11478
11479
#: serverguide/C/network-config.xml:100(para)
11480
msgid ""
11481
"<application>ethtool</application> is a program that displays and changes "
11482
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11483
"and Wake-on-LAN. It is not installed by default, but is available for "
11484
"installation in the repositories."
11485
msgstr ""
11486
11487
#: serverguide/C/network-config.xml:106(userinput)
11488
#, no-wrap
11489
msgid "sudo apt-get install ethtool"
11490
msgstr ""
11491
11492
#: serverguide/C/network-config.xml:108(para)
11493
msgid ""
11494
"The following is an example of how to view supported features and configured "
11495
"settings of an Ethernet interface."
11496
msgstr ""
11497
11498
#: serverguide/C/network-config.xml:113(userinput)
11499
#, no-wrap
11500
msgid "sudo ethtool eth0"
11501
msgstr ""
11502
11503
#: serverguide/C/network-config.xml:112(screen)
11504
#, no-wrap
11505
msgid ""
11506
"\n"
11507
"<placeholder-1/>\n"
11508
"Settings for eth0:\n"
11509
" Supported ports: [ TP ]\n"
11510
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11511
" 100baseT/Half 100baseT/Full \n"
11512
" 1000baseT/Half 1000baseT/Full \n"
11513
" Supports auto-negotiation: Yes\n"
11514
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11515
" 100baseT/Half 100baseT/Full \n"
11516
" 1000baseT/Half 1000baseT/Full \n"
11517
" Advertised auto-negotiation: Yes\n"
11518
" Speed: 1000Mb/s\n"
11519
" Duplex: Full\n"
11520
" Port: Twisted Pair\n"
11521
" PHYAD: 1\n"
11522
" Transceiver: internal\n"
11523
" Auto-negotiation: on\n"
11524
" Supports Wake-on: g\n"
11525
" Wake-on: d\n"
11526
" Current message level: 0x000000ff (255)\n"
11527
" Link detected: yes\n"
11528
msgstr ""
11529
11530
#: serverguide/C/network-config.xml:135(para)
11531
msgid ""
11532
"Changes made with the <application>ethtool</application> command are "
11533
"temporary and will be lost after a reboot. If you would like to retain "
11534
"settings, simply add the desired <application>ethtool</application> command "
11535
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11536
"configuration file <filename>/etc/network/interfaces</filename>."
11537
msgstr ""
11538
11539
#: serverguide/C/network-config.xml:141(para)
11540
msgid ""
11541
"The following is an example of how the interface identified as <emphasis "
11542
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11543
"speed of 1000Mb/s running in full duplex mode."
11544
msgstr ""
11545
11546
#: serverguide/C/network-config.xml:145(programlisting)
11547
#, no-wrap
11548
msgid ""
11549
"\n"
11550
"auto eth0\n"
11551
"iface eth0 inet static\n"
11552
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11553
msgstr ""
11554
11555
#: serverguide/C/network-config.xml:151(para)
11556
msgid ""
11557
"Although the example above shows the interface configured to use the "
11558
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11559
"other methods as well, such as DHCP. The example is meant to demonstrate "
11560
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11561
"statement in relation to the rest of the interface configuration."
11562
msgstr ""
11563
11564
#: serverguide/C/network-config.xml:163(title)
11565
msgid "IP Addressing"
11566
msgstr ""
11567
11568
#: serverguide/C/network-config.xml:164(para)
11569
msgid ""
11570
"The following section describes the process of configuring your systems IP "
11571
"address and default gateway needed for communicating on a local area network "
11572
"and the Internet."
11573
msgstr ""
11574
11575
#: serverguide/C/network-config.xml:171(title)
11576
msgid "Temporary IP Address Assignment"
11577
msgstr ""
11578
11579
#: serverguide/C/network-config.xml:172(para)
11580
msgid ""
11581
"For temporary network configurations, you can use standard commands such as "
11582
"<application>ip</application>, <application>ifconfig</application> and "
11583
"<application>route</application>, which are also found on most other "
11584
"GNU/Linux operating systems. These commands allow you to configure settings "
11585
"which take effect immediately, however they are not persistent and will be "
11586
"lost after a reboot."
11587
msgstr ""
11588
11589
#: serverguide/C/network-config.xml:180(para)
11590
msgid ""
11591
"To temporarily configure an IP address, you can use the "
11592
"<application>ifconfig</application> command in the following manner. Just "
11593
"modify the IP address and subnet mask to match your network requirements."
11594
msgstr ""
11595
11596
#: serverguide/C/network-config.xml:186(userinput)
11597
#, no-wrap
11598
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11599
msgstr ""
11600
11601
#: serverguide/C/network-config.xml:188(para)
11602
msgid ""
11603
"To verify the IP address configuration of <application>eth0</application>, "
11604
"you can use the <application>ifconfig</application> command in the following "
11605
"manner."
11606
msgstr ""
11607
11608
#: serverguide/C/network-config.xml:193(userinput)
11609
#, no-wrap
11610
msgid "ifconfig eth0"
11611
msgstr ""
11612
11613
#: serverguide/C/network-config.xml:192(screen)
11614
#, no-wrap
11615
msgid ""
11616
"\n"
11617
"<placeholder-1/>\n"
11618
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11619
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11620
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11621
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11622
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11623
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11624
" collisions:0 txqueuelen:1000 \n"
11625
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11626
" Interrupt:16 \n"
11627
msgstr ""
11628
11629
#: serverguide/C/network-config.xml:204(para)
11630
msgid ""
11631
"To configure a default gateway, you can use the "
11632
"<application>route</application> command in the following manner. Modify the "
11633
"default gateway address to match your network requirements."
11634
msgstr ""
11635
11636
#: serverguide/C/network-config.xml:210(userinput)
11637
#, no-wrap
11638
msgid "sudo route add default gw 10.0.0.1 eth0"
11639
msgstr ""
11640
11641
#: serverguide/C/network-config.xml:212(para)
11642
msgid ""
11643
"To verify your default gateway configuration, you can use the "
11644
"<application>route</application> command in the following manner."
11645
msgstr ""
11646
11647
#: serverguide/C/network-config.xml:217(userinput)
11648
#, no-wrap
11649
msgid "route -n"
11650
msgstr ""
11651
11652
#: serverguide/C/network-config.xml:216(screen)
11653
#, no-wrap
11654
msgid ""
11655
"\n"
11656
"<placeholder-1/>\n"
11657
"Kernel IP routing table\n"
11658
"Destination Gateway Genmask Flags Metric Ref Use "
11659
"Iface\n"
11660
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11661
"eth0\n"
11662
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11663
"eth0\n"
11664
msgstr ""
11665
11666
#: serverguide/C/network-config.xml:223(para)
11667
msgid ""
11668
"If you require DNS for your temporary network configuration, you can add DNS "
11669
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11670
"example below shows how to enter two DNS servers to "
11671
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11672
"appropriate for your network. A more lengthy description of DNS client "
11673
"configuration is in a following section."
11674
msgstr ""
11675
11676
#: serverguide/C/network-config.xml:230(programlisting)
11677
#, no-wrap
11678
msgid ""
11679
"\n"
11680
"nameserver 8.8.8.8\n"
11681
"nameserver 8.8.4.4\n"
11682
msgstr ""
11683
11684
#: serverguide/C/network-config.xml:234(para)
11685
msgid ""
11686
"If you no longer need this configuration and wish to purge all IP "
11687
"configuration from an interface, you can use the "
11688
"<application>ip</application> command with the flush option as shown below."
11689
msgstr ""
11690
11691
#: serverguide/C/network-config.xml:240(userinput)
11692
#, no-wrap
11693
msgid "ip addr flush eth0"
11694
msgstr ""
11695
11696
#: serverguide/C/network-config.xml:243(para)
11697
msgid ""
11698
"Flushing the IP configuration using the <application>ip</application> "
11699
"command does not clear the contents of "
11700
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11701
"entries manually."
11702
msgstr ""
11703
11704
#: serverguide/C/network-config.xml:251(title)
11705
msgid "Dynamic IP Address Assignment (DHCP Client)"
11706
msgstr ""
11707
11708
#: serverguide/C/network-config.xml:252(para)
11709
msgid ""
11710
"To configure your server to use DHCP for dynamic address assignment, add the "
11711
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11712
"statement for the appropriate interface in the file "
11713
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11714
"are configuring your first Ethernet interface identified as <emphasis "
11715
"role=\"italic\">eth0</emphasis>."
11716
msgstr ""
11717
11718
#: serverguide/C/network-config.xml:259(programlisting)
11719
#, no-wrap
11720
msgid ""
11721
"\n"
11722
"auto eth0\n"
11723
"iface eth0 inet dhcp\n"
11724
msgstr ""
11725
11726
#: serverguide/C/network-config.xml:263(para)
11727
msgid ""
11728
"By adding an interface configuration as shown above, you can manually enable "
11729
"the interface through the <application>ifup</application> command which "
11730
"initiates the DHCP process via <application>dhclient</application>."
11731
msgstr ""
11732
11733
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11734
#, no-wrap
11735
msgid "sudo ifup eth0"
11736
msgstr ""
11737
11738
#: serverguide/C/network-config.xml:271(para)
11739
msgid ""
11740
"To manually disable the interface, you can use the "
11741
"<application>ifdown</application> command, which in turn will initiate the "
11742
"DHCP release process and shut down the interface."
11743
msgstr ""
11744
11745
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11746
#, no-wrap
11747
msgid "sudo ifdown eth0"
11748
msgstr ""
11749
11750
#: serverguide/C/network-config.xml:282(title)
11751
msgid "Static IP Address Assignment"
11752
msgstr ""
11753
11754
#: serverguide/C/network-config.xml:283(para)
11755
msgid ""
11756
"To configure your system to use a static IP address assignment, add the "
11757
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11758
"family statement for the appropriate interface in the file "
11759
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11760
"are configuring your first Ethernet interface identified as <emphasis "
11761
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11762
"role=\"italic\">address</emphasis>, <emphasis "
11763
"role=\"italic\">netmask</emphasis>, and <emphasis "
11764
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11765
"network."
11766
msgstr ""
11767
11768
#: serverguide/C/network-config.xml:292(programlisting)
11769
#, no-wrap
11770
msgid ""
11771
"\n"
11772
"auto eth0\n"
11773
"iface eth0 inet static\n"
11774
"address 10.0.0.100\n"
11775
"netmask 255.255.255.0\n"
11776
"gateway 10.0.0.1\n"
11777
msgstr ""
11778
11779
#: serverguide/C/network-config.xml:299(para)
11780
msgid ""
11781
"By adding an interface configuration as shown above, you can manually enable "
11782
"the interface through the <application>ifup</application> command."
11783
msgstr ""
11784
11785
#: serverguide/C/network-config.xml:306(para)
11786
msgid ""
11787
"To manually disable the interface, you can use the "
11788
"<application>ifdown</application> command."
11789
msgstr ""
11790
11791
#: serverguide/C/network-config.xml:316(title)
11792
msgid "Loopback Interface"
11793
msgstr ""
11794
11795
#: serverguide/C/network-config.xml:317(para)
11796
msgid ""
11797
"The loopback interface is identified by the system as <emphasis "
11798
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11799
"can be viewed using the ifconfig command."
11800
msgstr ""
11801
11802
#: serverguide/C/network-config.xml:322(userinput)
11803
#, no-wrap
11804
msgid "ifconfig lo"
11805
msgstr ""
11806
11807
#: serverguide/C/network-config.xml:321(screen)
11808
#, no-wrap
11809
msgid ""
11810
"\n"
11811
"<placeholder-1/>\n"
11812
"lo Link encap:Local Loopback \n"
11813
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11814
" inet6 addr: ::1/128 Scope:Host\n"
11815
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11816
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11817
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11818
" collisions:0 txqueuelen:0 \n"
11819
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11820
msgstr ""
11821
11822
#: serverguide/C/network-config.xml:332(para)
11823
msgid ""
11824
"By default, there should be two lines in "
11825
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11826
"configuring your loopback interface. It is recommended that you keep the "
11827
"default settings unless you have a specific purpose for changing them. An "
11828
"example of the two default lines are shown below."
11829
msgstr ""
11830
11831
#: serverguide/C/network-config.xml:338(programlisting)
11832
#, no-wrap
11833
msgid ""
11834
"\n"
11835
"auto lo\n"
11836
"iface lo inet loopback\n"
11837
msgstr ""
11838
11839
#: serverguide/C/network-config.xml:347(title)
11840
msgid "Name Resolution"
11841
msgstr ""
11842
11843
#: serverguide/C/network-config.xml:348(para)
11844
msgid ""
11845
"Name resolution as it relates to IP networking is the process of mapping IP "
11846
"addresses to hostnames, making it easier to identify resources on a network. "
11847
"The following section will explain how to properly configure your system for "
11848
"name resolution using DNS and static hostname records."
11849
msgstr ""
11850
11851
#: serverguide/C/network-config.xml:356(title)
11852
msgid "DNS Client Configuration"
11853
msgstr ""
11854
11855
#: serverguide/C/network-config.xml:357(para)
11856
msgid ""
11857
"To configure your system to use DNS for name resolution, add the IP "
11858
"addresses of the DNS servers that are appropriate for your network in the "
11859
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11860
"suffix search-lists to match your network domain names."
11861
msgstr ""
11862
11863
#: serverguide/C/network-config.xml:362(para)
11864
msgid ""
11865
"Below is an example of a typical configuration of "
11866
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11867
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11868
msgstr ""
11869
11870
#: serverguide/C/network-config.xml:367(programlisting)
11871
#, no-wrap
11872
msgid ""
11873
"\n"
11874
"search example.com\n"
11875
"nameserver 8.8.8.8\n"
11876
"nameserver 8.8.4.4\n"
11877
msgstr ""
11878
11879
#: serverguide/C/network-config.xml:372(para)
11880
msgid ""
11881
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11882
"multiple domain names so that DNS queries will be appended in the order in "
11883
"which they are entered. For example, your network may have multiple sub-"
11884
"domains to search; a parent domain of <emphasis "
11885
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11886
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11887
"role=\"italic\">dev.example.com</emphasis>."
11888
msgstr ""
11889
11890
#: serverguide/C/network-config.xml:380(para)
11891
msgid ""
11892
"If you have multiple domains you wish to search, your configuration might "
11893
"look like the following."
11894
msgstr ""
11895
11896
#: serverguide/C/network-config.xml:383(programlisting)
11897
#, no-wrap
11898
msgid ""
11899
"\n"
11900
"search example.com sales.example.com dev.example.com\n"
11901
"nameserver 8.8.8.8\n"
11902
"nameserver 8.8.4.4\n"
11903
msgstr ""
11904
11905
#: serverguide/C/network-config.xml:388(para)
11906
msgid ""
11907
"If you try to ping a host with the name of <emphasis "
11908
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11909
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11910
msgstr ""
11911
11912
#: serverguide/C/network-config.xml:394(para)
11913
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11914
msgstr ""
11915
11916
#: serverguide/C/network-config.xml:399(para)
11917
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11918
msgstr ""
11919
11920
#: serverguide/C/network-config.xml:404(para)
11921
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11922
msgstr ""
11923
11924
#: serverguide/C/network-config.xml:409(para)
11925
msgid ""
11926
"If no matches are found, the DNS server will provide a result of <emphasis "
11927
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11928
msgstr ""
11929
11930
#: serverguide/C/network-config.xml:416(title)
11931
msgid "Static Hostnames"
11932
msgstr ""
11933
11934
#: serverguide/C/network-config.xml:417(para)
11935
msgid ""
11936
"Static hostnames are locally defined hostname-to-IP mappings located in the "
11937
"file <filename>/etc/hosts</filename>. Entries in the "
11938
"<filename>hosts</filename> file will have precedence over DNS by default. "
11939
"This means that if your system tries to resolve a hostname and it matches an "
11940
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
11941
"some configurations, especially when Internet access is not required, "
11942
"servers that communicate with a limited number of resources can be "
11943
"conveniently set to use static hostnames instead of DNS."
11944
msgstr ""
11945
11946
#: serverguide/C/network-config.xml:424(para)
11947
msgid ""
11948
"The following is an example of a <filename>hosts</filename> file where a "
11949
"number of local servers have been identified by simple hostnames, aliases "
11950
"and their equivalent Fully Qualified Domain Names (FQDN's)."
11951
msgstr ""
11952
11953
#: serverguide/C/network-config.xml:428(programlisting)
11954
#, no-wrap
11955
msgid ""
11956
"\n"
11957
"127.0.0.1\tlocalhost\n"
11958
"127.0.1.1\tubuntu-server\n"
11959
"10.0.0.11\tserver1 vpn server1.example.com\n"
11960
"10.0.0.12\tserver2 mail server2.example.com\n"
11961
"10.0.0.13\tserver3 www server3.example.com\n"
11962
"10.0.0.14\tserver4 file server4.example.com\n"
11963
msgstr ""
11964
11965
#: serverguide/C/network-config.xml:437(para)
11966
msgid ""
11967
"In the above example, notice that each of the servers have been given "
11968
"aliases in addition to their proper names and FQDN's. <emphasis "
11969
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
11970
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
11971
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
11972
"role=\"italic\">server3</emphasis> as <emphasis "
11973
"role=\"italic\">www</emphasis>, and <emphasis "
11974
"role=\"italic\">server4</emphasis> as <emphasis "
11975
"role=\"italic\">file</emphasis>."
11976
msgstr ""
11977
11978
#: serverguide/C/network-config.xml:449(title)
11979
msgid "Name Service Switch Configuration"
11980
msgstr ""
11981
11982
#: serverguide/C/network-config.xml:450(para)
11983
msgid ""
11984
"The order in which your system selects a method of resolving hostnames to IP "
11985
"addresses is controlled by the Name Service Switch (NSS) configuration file "
11986
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
11987
"section, typically static hostnames defined in the systems "
11988
"<filename>/etc/hosts</filename> file have precedence over names resolved "
11989
"from DNS. The following is an example of the line responsible for this order "
11990
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
11991
msgstr ""
11992
11993
#: serverguide/C/network-config.xml:458(programlisting)
11994
#, no-wrap
11995
msgid ""
11996
"\n"
11997
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
11998
msgstr ""
11999
12000
#: serverguide/C/network-config.xml:464(para)
12001
msgid ""
12002
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12003
"hostnames located in <filename>/etc/hosts</filename>."
12004
msgstr ""
12005
12006
#: serverguide/C/network-config.xml:470(para)
12007
msgid ""
12008
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12009
"name using Multicast DNS."
12010
msgstr ""
12011
12012
#: serverguide/C/network-config.xml:475(para)
12013
msgid ""
12014
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12015
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12016
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12017
"authoritative and that the system should not try to continue hunting for an "
12018
"answer."
12019
msgstr ""
12020
12021
#: serverguide/C/network-config.xml:483(para)
12022
msgid ""
12023
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12024
msgstr ""
12025
12026
#: serverguide/C/network-config.xml:488(para)
12027
msgid ""
12028
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12029
msgstr ""
12030
12031
#: serverguide/C/network-config.xml:494(para)
12032
msgid ""
12033
"To modify the order of the above mentioned name resolution methods, you can "
12034
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12035
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12036
"versus Multicast DNS, you can change the string in "
12037
"<filename>/etc/nsswitch.conf</filename> as shown below."
12038
msgstr ""
12039
12040
#: serverguide/C/network-config.xml:501(programlisting)
12041
#, no-wrap
12042
msgid ""
12043
"\n"
12044
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12045
msgstr ""
12046
12047
#: serverguide/C/network-config.xml:508(title)
12048
msgid "Bridging"
12049
msgstr ""
12050
12051
#: serverguide/C/network-config.xml:510(para)
12052
msgid ""
12053
"Bridging multiple interfaces is a more advanced configuration, but is very "
12054
"useful in multiple scenarios. One scenario is setting up a bridge with "
12055
"multiple network interfaces, then using a firewall to filter traffic between "
12056
"two network segments. Another scenario is using bridge on a system with one "
12057
"interface to allow virtual machines direct access to the outside network. "
12058
"The following example covers the latter scenario."
12059
msgstr ""
12060
12061
#: serverguide/C/network-config.xml:517(para)
12062
msgid ""
12063
"Before configuring a bridge you will need to install the <application>bridge-"
12064
"utils</application> package. To install the package, in a terminal enter:"
12065
msgstr ""
12066
12067
#: serverguide/C/network-config.xml:523(command)
12068
msgid "sudo apt-get install bridge-utils"
12069
msgstr ""
12070
12071
#: serverguide/C/network-config.xml:526(para)
12072
msgid ""
12073
"Next, configure the bridge by editing "
12074
"<filename>/etc/network/interfaces</filename>:"
12075
msgstr ""
12076
12077
#: serverguide/C/network-config.xml:530(programlisting)
12078
#, no-wrap
12079
msgid ""
12080
"\n"
12081
"auto lo\n"
12082
"iface lo inet loopback\n"
12083
"\n"
12084
"auto br0\n"
12085
"iface br0 inet static\n"
12086
" address 192.168.0.10\n"
12087
" network 192.168.0.0\n"
12088
" netmask 255.255.255.0\n"
12089
" broadcast 192.168.0.255\n"
12090
" gateway 192.168.0.1\n"
12091
" bridge_ports eth0\n"
12092
" bridge_fd 9\n"
12093
" bridge_hello 2\n"
12094
" bridge_maxage 12\n"
12095
" bridge_stp off\n"
12096
msgstr ""
12097
12098
#: serverguide/C/network-config.xml:549(para)
12099
msgid "Enter the appropriate values for your physical interface and network."
12100
msgstr ""
12101
12102
#: serverguide/C/network-config.xml:554(para)
12103
msgid "Now restart networking to enable the bridge interface:"
12104
msgstr ""
12105
12106
#: serverguide/C/network-config.xml:561(para)
12107
msgid ""
12108
"The new bridge interface should now be up and running. The "
12109
"<application>brctl</application> provides useful information about the state "
12110
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12111
"<command>man brctl</command> for more information."
12112
msgstr ""
12113
12114
#: serverguide/C/network-config.xml:577(para)
12115
msgid ""
12116
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12117
"Network page</ulink> has links to articles covering more advanced network "
12118
"configuration."
12119
msgstr ""
12120
12121
#: serverguide/C/network-config.xml:583(para)
12122
msgid ""
12123
"The <ulink "
12124
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12125
"\">interfaces man page</ulink> has details on more options for "
12126
"<filename>/etc/network/interfaces</filename>."
12127
msgstr ""
12128
12129
#: serverguide/C/network-config.xml:589(para)
12130
msgid ""
12131
"The <ulink "
12132
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12133
"dhclient man page</ulink> has details on more options for configuring DHCP "
12134
"client settings."
12135
msgstr ""
12136
12137
#: serverguide/C/network-config.xml:595(para)
12138
msgid ""
12139
"For more information on DNS client configuration see the <ulink "
12140
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12141
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12142
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12143
"Administrator's Guide</ulink> is a good source of resolver and name service "
12144
"configuration information."
12145
msgstr ""
12146
12147
#: serverguide/C/network-config.xml:603(para)
12148
msgid ""
12149
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12150
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12151
"tl man page</ulink> and the Linux Foundation's <ulink "
12152
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12153
msgstr ""
12154
12155
#: serverguide/C/network-config.xml:614(title)
12156
msgid "TCP/IP"
12157
msgstr ""
12158
12159
#: serverguide/C/network-config.xml:615(para)
12160
msgid ""
12161
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12162
"standard set of protocols developed in the late 1970s by the Defense "
12163
"Advanced Research Projects Agency (DARPA) as a means of communication "
12164
"between different types of computers and computer networks. TCP/IP is the "
12165
"driving force of the Internet, and thus it is the most popular set of "
12166
"network protocols on Earth."
12167
msgstr ""
12168
12169
#: serverguide/C/network-config.xml:623(title)
12170
msgid "TCP/IP Introduction"
12171
msgstr ""
12172
12173
#: serverguide/C/network-config.xml:624(para)
12174
msgid ""
12175
"The two protocol components of TCP/IP deal with different aspects of "
12176
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12177
"TCP/IP is a connectionless protocol which deals only with network packet "
12178
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12179
"basic unit of networking information. The IP Datagram consists of a header "
12180
"followed by a message. The <emphasis> Transmission Control "
12181
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12182
"establish connections which may be used to exchange data streams. TCP also "
12183
"guarantees that the data between connections is delivered and that it "
12184
"arrives at one network host in the same order as sent from another network "
12185
"host."
12186
msgstr ""
12187
12188
#: serverguide/C/network-config.xml:637(title)
12189
msgid "TCP/IP Configuration"
12190
msgstr ""
12191
12192
#: serverguide/C/network-config.xml:638(para)
12193
msgid ""
12194
"The TCP/IP protocol configuration consists of several elements which must be "
12195
"set by editing the appropriate configuration files, or deploying solutions "
12196
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12197
"can be configured to provide the proper TCP/IP configuration settings to "
12198
"network clients automatically. These configuration values must be set "
12199
"correctly in order to facilitate the proper network operation of your Ubuntu "
12200
"system."
12201
msgstr ""
12202
12203
#: serverguide/C/network-config.xml:650(para)
12204
msgid ""
12205
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12206
"identifying string expressed as four decimal numbers ranging from zero (0) "
12207
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12208
"four numbers representing eight (8) bits of the address for a total length "
12209
"of thirty-two (32) bits for the whole address. This format is called "
12210
"<emphasis>dotted quad notation</emphasis>."
12211
msgstr ""
12212
12213
#: serverguide/C/network-config.xml:660(para)
12214
msgid ""
12215
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12216
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12217
"separate the portions of an IP address significant to the network from the "
12218
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12219
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12220
"three bytes of the IP address and allows the last byte of the IP address to "
12221
"remain available for specifying hosts on the subnetwork."
12222
msgstr ""
12223
12224
#: serverguide/C/network-config.xml:671(para)
12225
msgid ""
12226
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12227
"represents the bytes comprising the network portion of an IP address. For "
12228
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12229
"network address, where twelve (12) represents the first byte of the IP "
12230
"address, (the network part) and zeroes (0) in all of the remaining three "
12231
"bytes to represent the potential host values. A network host using the "
12232
"private IP address 192.168.1.100 would in turn use a Network Address of "
12233
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12234
"network and a zero (0) for all the possible hosts on the network."
12235
msgstr ""
12236
12237
#: serverguide/C/network-config.xml:684(para)
12238
msgid ""
12239
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12240
"is an IP address which allows network data to be sent simultaneously to all "
12241
"hosts on a given subnetwork rather than specifying a particular host. The "
12242
"standard general broadcast address for IP networks is 255.255.255.255, but "
12243
"this broadcast address cannot be used to send a broadcast message to every "
12244
"host on the Internet because routers block it. A more appropriate broadcast "
12245
"address is set to match a specific subnetwork. For example, on the private "
12246
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12247
"Broadcast messages are typically produced by network protocols such as the "
12248
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12249
msgstr ""
12250
12251
#: serverguide/C/network-config.xml:697(para)
12252
msgid ""
12253
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12254
"IP address through which a particular network, or host on a network, may be "
12255
"reached. If one network host wishes to communicate with another network "
12256
"host, and that host is not located on the same network, then a "
12257
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12258
"Address will be that of a router on the same network, which will in turn "
12259
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12260
"value of the Gateway Address setting must be correct, or your system will "
12261
"not be able to reach any hosts beyond those on the same network."
12262
msgstr ""
12263
12264
#: serverguide/C/network-config.xml:708(para)
12265
msgid ""
12266
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12267
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12268
"resolve network hostnames into IP addresses. There are three levels of "
12269
"Nameserver Addresses, which may be specified in order of precedence: The "
12270
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12271
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12272
"your system to be able to resolve network hostnames into their corresponding "
12273
"IP addresses, you must specify valid Nameserver Addresses which you are "
12274
"authorized to use in your system's TCP/IP configuration. In many cases these "
12275
"addresses can and will be provided by your network service provider, but "
12276
"many free and publicly accessible nameservers are available for use, such as "
12277
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12278
msgstr ""
12279
12280
#: serverguide/C/network-config.xml:722(para)
12281
msgid ""
12282
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12283
"Address are typically specified via the appropriate directives in the file "
12284
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12285
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12286
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12287
"system manual page for <filename>interfaces</filename> or "
12288
"<filename>resolv.conf</filename> respectively, with the following commands "
12289
"typed at a terminal prompt:"
12290
msgstr ""
12291
12292
#: serverguide/C/network-config.xml:729(para)
12293
msgid ""
12294
"Access the system manual page for <filename>interfaces</filename> with the "
12295
"following command:"
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:734(command)
12299
msgid "man interfaces"
12300
msgstr ""
12301
12302
#: serverguide/C/network-config.xml:737(para)
12303
msgid ""
12304
"Access the system manual page for <filename>resolv.conf</filename> with the "
12305
"following command:"
12306
msgstr ""
12307
12308
#: serverguide/C/network-config.xml:741(command)
12309
msgid "man resolv.conf"
12310
msgstr ""
12311
12312
#: serverguide/C/network-config.xml:646(para)
12313
msgid ""
12314
"The common configuration elements of TCP/IP and their purposes are as "
12315
"follows: <placeholder-1/>"
12316
msgstr ""
12317
12318
#: serverguide/C/network-config.xml:748(title)
12319
msgid "IP Routing"
12320
msgstr ""
12321
12322
#: serverguide/C/network-config.xml:749(para)
12323
msgid ""
12324
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12325
"network along which network data may be sent. Routing uses a set of "
12326
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12327
"packets from their source to the destination, often via many intermediary "
12328
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12329
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12330
"<emphasis>Dynamic Routing.</emphasis>"
12331
msgstr ""
12332
12333
#: serverguide/C/network-config.xml:758(para)
12334
msgid ""
12335
"Static routing involves manually adding IP routes to the system's routing "
12336
"table, and this is usually done by manipulating the routing table with the "
12337
"<application>route</application> command. Static routing enjoys many "
12338
"advantages over dynamic routing, such as simplicity of implementation on "
12339
"smaller networks, predictability (the routing table is always computed in "
12340
"advance, and thus the route is precisely the same each time it is used), and "
12341
"low overhead on other routers and network links due to the lack of a dynamic "
12342
"routing protocol. However, static routing does present some disadvantages as "
12343
"well. For example, static routing is limited to small networks and does not "
12344
"scale well. Static routing also fails completely to adapt to network outages "
12345
"and failures along the route due to the fixed nature of the route."
12346
msgstr ""
12347
12348
#: serverguide/C/network-config.xml:768(para)
12349
msgid ""
12350
"Dynamic routing depends on large networks with multiple possible IP routes "
12351
"from a source to a destination and makes use of special routing protocols, "
12352
"such as the Router Information Protocol (RIP), which handle the automatic "
12353
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12354
"routing has several advantages over static routing, such as superior "
12355
"scalability and the ability to adapt to failures and outages along network "
12356
"routes. Additionally, there is less manual configuration of the routing "
12357
"tables, since routers learn from one another about their existence and "
12358
"available routes. This trait also eliminates the possibility of introducing "
12359
"mistakes in the routing tables via human error. Dynamic routing is not "
12360
"perfect, however, and presents disadvantages such as heightened complexity "
12361
"and additional network overhead from router communications, which does not "
12362
"immediately benefit the end users, but still consumes network bandwidth."
12363
msgstr ""
12364
12365
#: serverguide/C/network-config.xml:782(title)
12366
msgid "TCP and UDP"
12367
msgstr ""
12368
12369
#: serverguide/C/network-config.xml:783(para)
12370
msgid ""
12371
"TCP is a connection-based protocol, offering error correction and guaranteed "
12372
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12373
"Flow control determines when the flow of a data stream needs to be stopped, "
12374
"and previously sent data packets should to be re-sent due to problems such "
12375
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12376
"accurate delivery of the data. TCP is typically used in the exchange of "
12377
"important information such as database transactions."
12378
msgstr ""
12379
12380
#: serverguide/C/network-config.xml:791(para)
12381
msgid ""
12382
"The User Datagram Protocol (UDP), on the other hand, is a "
12383
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12384
"transmission of important data because it lacks flow control or any other "
12385
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12386
"applications as audio and video streaming, where it is considerably faster "
12387
"than TCP due to the lack of error correction and flow control, and where the "
12388
"loss of a few packets is not generally catastrophic."
12389
msgstr ""
12390
12391
#: serverguide/C/network-config.xml:801(title)
12392
msgid "ICMP"
12393
msgstr ""
12394
12395
#: serverguide/C/network-config.xml:802(para)
12396
msgid ""
12397
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12398
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12399
"supports network packets containing control, error, and informational "
12400
"messages. ICMP is used by such network applications as the "
12401
"<application>ping</application> utility, which can determine the "
12402
"availability of a network host or device. Examples of some error messages "
12403
"returned by ICMP which are useful to both network hosts and devices such as "
12404
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12405
"<emphasis>Time Exceeded</emphasis>."
12406
msgstr ""
12407
12408
#: serverguide/C/network-config.xml:812(title)
12409
msgid "Daemons"
12410
msgstr ""
12411
12412
#: serverguide/C/network-config.xml:813(para)
12413
msgid ""
12414
"Daemons are special system applications which typically execute continuously "
12415
"in the background and await requests for the functions they provide from "
12416
"other applications. Many daemons are network-centric; that is, a large "
12417
"number of daemons executing in the background on an Ubuntu system may "
12418
"provide network-related functionality. Some examples of such network daemons "
12419
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12420
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12421
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12422
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12423
"Daemon</emphasis> (imapd), which provides E-Mail services."
12424
msgstr ""
12425
12426
#: serverguide/C/network-config.xml:828(para)
12427
msgid ""
12428
"There are man pages for <ulink "
12429
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12430
"ulink> and <ulink "
12431
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12432
"> that contain more useful information."
12433
msgstr ""
12434
12435
#: serverguide/C/network-config.xml:834(para)
12436
msgid ""
12437
"Also, see the <ulink "
12438
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12439
"and Technical Overview</ulink> IBM Redbook."
12440
msgstr ""
12441
12442
#: serverguide/C/network-config.xml:840(para)
12443
msgid ""
12444
"Another resource is O'Reilly's <ulink "
12445
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12446
"Administration</ulink>."
12447
msgstr ""
12448
12449
#: serverguide/C/network-config.xml:849(title)
12450
msgid "Dynamic Host Configuration Protocol (DHCP)"
12451
msgstr ""
12452
12453
#: serverguide/C/network-config.xml:850(para)
12454
msgid ""
12455
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12456
"enables host computers to be automatically assigned settings from a server "
12457
"as opposed to manually configuring each network host. Computers configured "
12458
"to be DHCP clients have no control over the settings they receive from the "
12459
"DHCP server, and the configuration is transparent to the computer's user."
12460
msgstr ""
12461
12462
#: serverguide/C/network-config.xml:857(para)
12463
msgid ""
12464
"The most common settings provided by a DHCP server to DHCP clients include:"
12465
msgstr ""
12466
12467
#: serverguide/C/network-config.xml:862(para)
12468
msgid "IP-Address and Netmask"
12469
msgstr ""
12470
12471
#: serverguide/C/network-config.xml:865(para)
12472
msgid "DNS"
12473
msgstr ""
12474
12475
#: serverguide/C/network-config.xml:868(para)
12476
msgid "WINS"
12477
msgstr ""
12478
12479
#: serverguide/C/network-config.xml:871(para)
12480
msgid ""
12481
"However, a DHCP server can also supply configuration properties such as:"
12482
msgstr ""
12483
12484
#: serverguide/C/network-config.xml:876(para)
12485
msgid "Host Name"
12486
msgstr ""
12487
12488
#: serverguide/C/network-config.xml:879(para)
12489
msgid "Domain Name"
12490
msgstr ""
12491
12492
#: serverguide/C/network-config.xml:882(para)
12493
msgid "Default Gateway"
12494
msgstr ""
12495
12496
#: serverguide/C/network-config.xml:885(para)
12497
msgid "Time Server"
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:888(para)
12501
msgid "Print Server"
12502
msgstr ""
12503
12504
#: serverguide/C/network-config.xml:891(para)
12505
msgid ""
12506
"The advantage of using DHCP is that changes to the network, for example a "
12507
"change in the address of the DNS server, need only be changed at the DHCP "
12508
"server, and all network hosts will be reconfigured the next time their DHCP "
12509
"clients poll the DHCP server. As an added advantage, it is also easier to "
12510
"integrate new computers into the network, as there is no need to check for "
12511
"the availability of an IP address. Conflicts in IP address allocation are "
12512
"also reduced."
12513
msgstr ""
12514
12515
#: serverguide/C/network-config.xml:899(para)
12516
msgid "A DHCP server can provide configuration settings using two methods:"
12517
msgstr ""
12518
12519
#: serverguide/C/network-config.xml:904(term)
12520
msgid "MAC Address"
12521
msgstr ""
12522
12523
#: serverguide/C/network-config.xml:906(para)
12524
msgid ""
12525
"This method entails using DHCP to identify the unique hardware address of "
12526
"each network card connected to the network and then continually supplying a "
12527
"constant configuration each time the DHCP client makes a request to the DHCP "
12528
"server using that network device."
12529
msgstr ""
12530
12531
#: serverguide/C/network-config.xml:915(term)
12532
msgid "Address Pool"
12533
msgstr ""
12534
12535
#: serverguide/C/network-config.xml:917(para)
12536
msgid ""
12537
"This method entails defining a pool (sometimes also called a range or scope) "
12538
"of IP addresses from which DHCP clients are supplied their configuration "
12539
"properties dynamically and on a \"first come, first served\" basis. When a "
12540
"DHCP client is no longer on the network for a specified period, the "
12541
"configuration is expired and released back to the address pool for use by "
12542
"other DHCP Clients."
12543
msgstr ""
12544
12545
#: serverguide/C/network-config.xml:928(para)
12546
msgid ""
12547
"Ubuntu is shipped with both DHCP server and client. The server is "
12548
"<application>dhcpd</application> (dynamic host configuration protocol "
12549
"daemon). The client provided with Ubuntu is "
12550
"<application>dhclient</application> and should be installed on all computers "
12551
"required to be automatically configured. Both programs are easy to install "
12552
"and configure and will be automatically started at system boot."
12553
msgstr ""
12554
12555
#: serverguide/C/network-config.xml:938(para)
12556
msgid ""
12557
"At a terminal prompt, enter the following command to install "
12558
"<application>dhcpd</application>:"
12559
msgstr ""
12560
12561
#: serverguide/C/network-config.xml:943(command)
12562
msgid "sudo apt-get install dhcp3-server"
12563
msgstr ""
12564
12565
#: serverguide/C/network-config.xml:945(para)
12566
msgid ""
12567
"You will probably need to change the default configuration by editing "
12568
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12569
msgstr ""
12570
12571
#: serverguide/C/network-config.xml:949(para)
12572
msgid ""
12573
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12574
"dhcpd should listen to. By default it listens to eth0."
12575
msgstr ""
12576
12577
#: serverguide/C/network-config.xml:953(para)
12578
msgid ""
12579
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12580
"messages."
12581
msgstr ""
12582
12583
#: serverguide/C/network-config.xml:960(para)
12584
msgid ""
12585
"The error message the installation ends with might be a little confusing, "
12586
"but the following steps will help you configure the service:"
12587
msgstr ""
12588
12589
#: serverguide/C/network-config.xml:964(para)
12590
msgid ""
12591
"Most commonly, what you want to do is assign an IP address randomly. This "
12592
"can be done with settings as follows:"
12593
msgstr ""
12594
12595
#: serverguide/C/network-config.xml:968(programlisting)
12596
#, no-wrap
12597
msgid ""
12598
"\n"
12599
"# Sample /etc/dhcpd.conf\n"
12600
"# (add your comments here) \n"
12601
"default-lease-time 600;\n"
12602
"max-lease-time 7200;\n"
12603
"option subnet-mask 255.255.255.0;\n"
12604
"option broadcast-address 192.168.1.255;\n"
12605
"option routers 192.168.1.254;\n"
12606
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12607
"option domain-name \"mydomain.example\";\n"
12608
"\n"
12609
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12610
"range 192.168.1.10 192.168.1.100;\n"
12611
"range 192.168.1.150 192.168.1.200;\n"
12612
"} \n"
12613
msgstr ""
12614
12615
#: serverguide/C/network-config.xml:984(para)
12616
msgid ""
12617
"This will result in the DHCP server giving a client an IP address from the "
12618
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12619
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12620
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12621
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12622
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12623
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12624
msgstr ""
12625
12626
#: serverguide/C/network-config.xml:993(para)
12627
msgid ""
12628
"If you need to specify a WINS server for your Windows clients, you will need "
12629
"to include the netbios-name-servers option, e.g."
12630
msgstr ""
12631
12632
#: serverguide/C/network-config.xml:997(programlisting)
12633
#, no-wrap
12634
msgid ""
12635
"\n"
12636
"option netbios-name-servers 192.168.1.1; \n"
12637
msgstr ""
12638
12639
#: serverguide/C/network-config.xml:1000(para)
12640
msgid ""
12641
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12642
"be found <ulink "
12643
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12644
msgstr ""
12645
12646
#: serverguide/C/network-config.xml:1010(para)
12647
msgid ""
12648
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12649
"server Ubuntu Wiki</ulink> page has more information."
12650
msgstr ""
12651
12652
#: serverguide/C/network-config.xml:1015(para)
12653
msgid ""
12654
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12655
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12656
"\">dhcpd.conf man page</ulink>."
12657
msgstr ""
12658
12659
#: serverguide/C/network-config.xml:1021(para)
12660
msgid ""
12661
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12662
"FAQ</ulink>"
12663
msgstr ""
12664
12665
#: serverguide/C/network-config.xml:1031(title)
12666
msgid "Time Synchronisation with NTP"
12667
msgstr ""
12668
12669
#: serverguide/C/network-config.xml:1032(para)
12670
msgid ""
12671
"This page describes methods for keeping your computer's time accurate. This "
12672
"is useful for servers, but is not necessary (or desirable) for desktop "
12673
"machines."
12674
msgstr ""
12675
12676
#: serverguide/C/network-config.xml:1035(para)
12677
msgid ""
12678
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12679
"client requests the current time from a server, and uses it to set its own "
12680
"clock."
12681
msgstr ""
12682
12683
#: serverguide/C/network-config.xml:1038(para)
12684
msgid ""
12685
"Behind this simple description, there is a lot of complexity - there are "
12686
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12687
"clocks (often via GPS), and tier two and three servers spreading the load of "
12688
"actually handling requests across the Internet. Also the client software is "
12689
"a lot more complex than you might think - it has to factor out communication "
12690
"delays, and adjust the time in a way that does not upset all the other "
12691
"processes that run on the server. But luckily all that complexity is hidden "
12692
"from you!"
12693
msgstr ""
12694
12695
#: serverguide/C/network-config.xml:1041(para)
12696
msgid ""
12697
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12698
msgstr ""
12699
12700
#: serverguide/C/network-config.xml:1046(title)
12701
msgid "ntpdate"
12702
msgstr ""
12703
12704
#: serverguide/C/network-config.xml:1047(para)
12705
msgid ""
12706
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12707
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12708
"is likely to drift considerably between reboots, so it makes sense to "
12709
"correct the time occasionally. The easiest way to do this is to get cron to "
12710
"run ntpdate every day. With your favorite editor, as root, create a file "
12711
"<code>/etc/cron.daily/ntpdate</code> containing:"
12712
msgstr ""
12713
12714
#: serverguide/C/network-config.xml:1052(screen)
12715
#, no-wrap
12716
msgid "ntpdate ntp.ubuntu.com\n"
12717
msgstr ""
12718
12719
#: serverguide/C/network-config.xml:1054(para)
12720
msgid ""
12721
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12722
msgstr ""
12723
12724
#: serverguide/C/network-config.xml:1057(screen)
12725
#, no-wrap
12726
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12727
msgstr ""
12728
12729
#: serverguide/C/network-config.xml:1061(title)
12730
msgid "ntpd"
12731
msgstr ""
12732
12733
#: serverguide/C/network-config.xml:1062(para)
12734
msgid ""
12735
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12736
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12737
"calculates the drift of your system clock and continuously adjusts it, so "
12738
"there are no large corrections that could lead to inconsistent logs for "
12739
"instance. The cost is a little processing power and memory, but for a modern "
12740
"server this is negligible."
12741
msgstr ""
12742
12743
#: serverguide/C/network-config.xml:1065(para)
12744
msgid "To set up ntpd:"
12745
msgstr ""
12746
12747
#: serverguide/C/network-config.xml:1066(screen)
12748
#, no-wrap
12749
msgid "sudo apt-get install ntp\n"
12750
msgstr ""
12751
12752
#: serverguide/C/network-config.xml:1071(title)
12753
msgid "Changing Time Servers"
12754
msgstr ""
12755
12756
#: serverguide/C/network-config.xml:1072(para)
12757
msgid ""
12758
"In both cases above, your system will use Ubuntu's NTP server at "
12759
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12760
"use several servers to increase accuracy and resilience, and you may want to "
12761
"use time servers that are geographically closer to you. to do this for "
12762
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12763
msgstr ""
12764
12765
#: serverguide/C/network-config.xml:1079(screen)
12766
#, no-wrap
12767
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12768
msgstr ""
12769
12770
#: serverguide/C/network-config.xml:1081(para)
12771
msgid ""
12772
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12773
"lines:"
12774
msgstr ""
12775
12776
#: serverguide/C/network-config.xml:1086(screen)
12777
#, no-wrap
12778
msgid ""
12779
"server ntp.ubuntu.com\n"
12780
"server pool.ntp.org\n"
12781
msgstr ""
12782
12783
#: serverguide/C/network-config.xml:1089(para)
12784
msgid ""
12785
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12786
"really good idea which uses round-robin DNS to return an NTP server from a "
12787
"pool, spreading the load between several different servers. Even better, "
12788
"they have pools for different regions - for instance, if you are in New "
12789
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12790
"<code>pool.ntp.org</code> . Look at <ulink "
12791
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12792
"details."
12793
msgstr ""
12794
12795
#: serverguide/C/network-config.xml:1100(para)
12796
msgid ""
12797
"You can also Google for NTP servers in your region, and add these to your "
12798
"configuration. To test that a server works, just type <code>sudo ntpdate "
12799
"ntp.server.name</code> and see what happens."
12800
msgstr ""
12801
12802
#: serverguide/C/network-config.xml:1111(para)
12803
msgid ""
12804
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12805
"Time</ulink> wiki page for more information."
12806
msgstr ""
12807
12808
#: serverguide/C/network-config.xml:1117(ulink)
12809
msgid "NTP Support"
12810
msgstr ""
12811
12812
#: serverguide/C/network-config.xml:1122(ulink)
12813
msgid "The NTP FAQ and HOWTO"
12814
msgstr ""
12815
12816
#: serverguide/C/network-auth.xml:13(title)
12817
msgid "Network Authentication"
12818
msgstr ""
12819
12820
#: serverguide/C/network-auth.xml:15(para)
12821
msgid "This section explains various Network Authentication protocols."
12822
msgstr ""
12823
12824
#: serverguide/C/network-auth.xml:19(title)
12825
msgid "OpenLDAP Server"
12826
msgstr ""
12827
12828
#: serverguide/C/network-auth.xml:20(para)
12829
msgid ""
12830
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12831
"simplified version of the X.500 protocol. The directory setup in this "
12832
"section will be used for authentication. Nevertheless, LDAP can be used in "
12833
"numerous ways: authentication, shared directory (for mail clients), address "
12834
"book, etc."
12835
msgstr ""
12836
12837
#: serverguide/C/network-auth.xml:28(para)
12838
msgid ""
12839
"To describe LDAP quickly, all information is stored in a tree structure. "
12840
"With <application>OpenLDAP</application> you have freedom to determine the "
12841
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12842
"We will begin with a basic tree containing two nodes below the root:"
12843
msgstr ""
12844
12845
#: serverguide/C/network-auth.xml:37(para)
12846
msgid "\"People\" node where your users will be stored"
12847
msgstr ""
12848
12849
#: serverguide/C/network-auth.xml:40(para)
12850
msgid "\"Groups\" node where your groups will be stored"
12851
msgstr ""
12852
12853
#: serverguide/C/network-auth.xml:44(para)
12854
msgid ""
12855
"Before beginning, you should determine what the root of your LDAP directory "
12856
"will be. By default, your tree will be determined by your Fully Qualified "
12857
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12858
"example), your root node will be dc=example,dc=com."
12859
msgstr ""
12860
12861
#: serverguide/C/network-auth.xml:54(para)
12862
msgid ""
12863
"First, install the <application>OpenLDAP</application> server daemon "
12864
"<application>slapd</application> and <application>ldap-utils</application>, "
12865
"a package containing LDAP management utilities:"
12866
msgstr ""
12867
12868
#: serverguide/C/network-auth.xml:60(command)
12869
msgid "sudo apt-get install slapd ldap-utils"
12870
msgstr ""
12871
12872
#: serverguide/C/network-auth.xml:63(para)
12873
msgid ""
12874
"By default <application>slapd</application> is configured with minimal "
12875
"options needed to run the <application>slapd</application> daemon."
12876
msgstr ""
12877
12878
#: serverguide/C/network-auth.xml:68(para)
12879
msgid ""
12880
"The configuration example in the following sections will match the domain "
12881
"name of the server. For example, if the machine's Fully Qualified Domain "
12882
"Name (FQDN) is ldap.example.com, the default suffix will be "
12883
"<emphasis>dc=example,dc=com</emphasis>."
12884
msgstr ""
12885
12886
#: serverguide/C/network-auth.xml:76(title)
12887
msgid "Populating LDAP"
12888
msgstr ""
12889
12890
#: serverguide/C/network-auth.xml:78(para)
12891
msgid ""
12892
"<application>OpenLDAP</application> uses a separate directory which contains "
12893
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12894
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12895
"<application>slapd</application> daemon, allowing the modification of schema "
12896
"definitions, indexes, ACLs, etc without stopping the service."
12897
msgstr ""
12898
12899
#: serverguide/C/network-auth.xml:86(para)
12900
msgid ""
12901
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12902
"configuration and will need additional configuration options in order to "
12903
"populate the frontend directory. The frontend will be populated with a "
12904
"\"classical\" scheme that will be compatible with address book applications "
12905
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12906
"various applications, such as web applications, email Mail Transfer Agent "
12907
"(MTA) applications, etc."
12908
msgstr ""
12909
12910
#: serverguide/C/network-auth.xml:95(para)
12911
msgid ""
12912
"For external applications to authenticate using LDAP they will each need to "
12913
"be specifically configured to do so. Refer to the individual application "
12914
"documentation for details."
12915
msgstr ""
12916
12917
#: serverguide/C/network-auth.xml:103(para)
12918
msgid ""
12919
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12920
"examples to match your LDAP configuration."
12921
msgstr ""
12922
12923
#: serverguide/C/network-auth.xml:108(para)
12924
msgid ""
12925
"First, some additional schema files need to be loaded. In a terminal enter:"
12926
msgstr ""
12927
12928
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12929
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12930
msgstr ""
12931
12932
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12933
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
12934
msgstr ""
12935
12936
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
12937
msgid ""
12938
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
12939
msgstr ""
12940
12941
#: serverguide/C/network-auth.xml:118(para)
12942
msgid ""
12943
"Next, copy the following example LDIF file, naming it "
12944
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
12945
msgstr ""
12946
12947
#: serverguide/C/network-auth.xml:123(programlisting)
12948
#, no-wrap
12949
msgid ""
12950
"\n"
12951
"# Load dynamic backend modules\n"
12952
"dn: cn=module,cn=config\n"
12953
"objectClass: olcModuleList\n"
12954
"cn: module\n"
12955
"olcModulepath: /usr/lib/ldap\n"
12956
"olcModuleload: back_hdb\n"
12957
"\n"
12958
"# Database settings\n"
12959
"dn: olcDatabase=hdb,cn=config\n"
12960
"objectClass: olcDatabaseConfig\n"
12961
"objectClass: olcHdbConfig\n"
12962
"olcDatabase: {1}hdb\n"
12963
"olcSuffix: dc=example,dc=com\n"
12964
"olcDbDirectory: /var/lib/ldap\n"
12965
"olcRootDN: cn=admin,dc=example,dc=com\n"
12966
"olcRootPW: secret\n"
12967
"olcDbConfig: set_cachesize 0 2097152 0\n"
12968
"olcDbConfig: set_lk_max_objects 1500\n"
12969
"olcDbConfig: set_lk_max_locks 1500\n"
12970
"olcDbConfig: set_lk_max_lockers 1500\n"
12971
"olcDbIndex: objectClass eq\n"
12972
"olcLastMod: TRUE\n"
12973
"olcDbCheckpoint: 512 30\n"
12974
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
12975
"by anonymous auth by self write by * none\n"
12976
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
12977
"olcAccess: to dn.base=\"\" by * read\n"
12978
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12979
"\n"
12980
msgstr ""
12981
12982
#: serverguide/C/network-auth.xml:155(para)
12983
msgid ""
12984
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
12985
msgstr ""
12986
12987
#: serverguide/C/network-auth.xml:160(para)
12988
msgid "Now add the LDIF to the directory:"
12989
msgstr ""
12990
12991
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
12992
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
12993
msgstr ""
12994
12995
#: serverguide/C/network-auth.xml:168(para)
12996
msgid ""
12997
"The frontend directory is now ready to be populated. Create a "
12998
"<filename>frontend.example.com.ldif</filename> with the following contents:"
12999
msgstr ""
13000
13001
#: serverguide/C/network-auth.xml:173(programlisting)
13002
#, no-wrap
13003
msgid ""
13004
"\n"
13005
"# Create top-level object in domain\n"
13006
"dn: dc=example,dc=com\n"
13007
"objectClass: top\n"
13008
"objectClass: dcObject\n"
13009
"objectclass: organization\n"
13010
"o: Example Organization\n"
13011
"dc: Example\n"
13012
"description: LDAP Example \n"
13013
"\n"
13014
"# Admin user.\n"
13015
"dn: cn=admin,dc=example,dc=com\n"
13016
"objectClass: simpleSecurityObject\n"
13017
"objectClass: organizationalRole\n"
13018
"cn: admin\n"
13019
"description: LDAP administrator\n"
13020
"userPassword: secret\n"
13021
"\n"
13022
"dn: ou=people,dc=example,dc=com\n"
13023
"objectClass: organizationalUnit\n"
13024
"ou: people\n"
13025
"\n"
13026
"dn: ou=groups,dc=example,dc=com\n"
13027
"objectClass: organizationalUnit\n"
13028
"ou: groups\n"
13029
"\n"
13030
"dn: uid=john,ou=people,dc=example,dc=com\n"
13031
"objectClass: inetOrgPerson\n"
13032
"objectClass: posixAccount\n"
13033
"objectClass: shadowAccount\n"
13034
"uid: john\n"
13035
"sn: Doe\n"
13036
"givenName: John\n"
13037
"cn: John Doe\n"
13038
"displayName: John Doe\n"
13039
"uidNumber: 1000\n"
13040
"gidNumber: 10000\n"
13041
"userPassword: password\n"
13042
"gecos: John Doe\n"
13043
"loginShell: /bin/bash\n"
13044
"homeDirectory: /home/john\n"
13045
"shadowExpire: -1\n"
13046
"shadowFlag: 0\n"
13047
"shadowWarning: 7\n"
13048
"shadowMin: 8\n"
13049
"shadowMax: 999999\n"
13050
"shadowLastChange: 10877\n"
13051
"mail: john.doe@example.com\n"
13052
"postalCode: 31000\n"
13053
"l: Toulouse\n"
13054
"o: Example\n"
13055
"mobile: +33 (0)6 xx xx xx xx\n"
13056
"homePhone: +33 (0)5 xx xx xx xx\n"
13057
"title: System Administrator\n"
13058
"postalAddress: \n"
13059
"initials: JD\n"
13060
"\n"
13061
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13062
"objectClass: posixGroup\n"
13063
"cn: example\n"
13064
"gidNumber: 10000\n"
13065
msgstr ""
13066
13067
#: serverguide/C/network-auth.xml:236(para)
13068
msgid ""
13069
"In this example the directory structure, a user, and a group have been "
13070
"setup. In other examples you might see the <emphasis>objectClass: "
13071
"top</emphasis> added in every entry, but that is the default behaviour so "
13072
"you do not have to add it explicitly."
13073
msgstr ""
13074
13075
#: serverguide/C/network-auth.xml:243(para)
13076
msgid "Add the entries to the LDAP directory:"
13077
msgstr ""
13078
13079
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13080
msgid ""
13081
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13082
msgstr ""
13083
13084
#: serverguide/C/network-auth.xml:252(para)
13085
msgid ""
13086
"We can check that the content has been correctly added with the "
13087
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13088
"directory:"
13089
msgstr ""
13090
13091
#: serverguide/C/network-auth.xml:258(command)
13092
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13093
msgstr ""
13094
13095
#: serverguide/C/network-auth.xml:259(computeroutput)
13096
#, no-wrap
13097
msgid ""
13098
"\n"
13099
"dn: uid=john,ou=people,dc=example,dc=com\n"
13100
"cn: John Doe\n"
13101
"sn: Doe\n"
13102
"givenName: John\n"
13103
msgstr ""
13104
13105
#: serverguide/C/network-auth.xml:267(para)
13106
msgid "Just a quick explanation:"
13107
msgstr ""
13108
13109
#: serverguide/C/network-auth.xml:273(para)
13110
msgid ""
13111
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13112
"the default."
13113
msgstr ""
13114
13115
#: serverguide/C/network-auth.xml:279(para)
13116
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13117
msgstr ""
13118
13119
#: serverguide/C/network-auth.xml:287(title)
13120
msgid "Further Configuration"
13121
msgstr ""
13122
13123
#: serverguide/C/network-auth.xml:290(para)
13124
msgid ""
13125
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13126
"utilities in the <application>ldap-utils</application> package. For example:"
13127
msgstr ""
13128
13129
#: serverguide/C/network-auth.xml:298(para)
13130
msgid ""
13131
"Use <application>ldapsearch</application> to view the tree, entering the "
13132
"admin password set during installation or reconfiguration:"
13133
msgstr ""
13134
13135
#: serverguide/C/network-auth.xml:304(command)
13136
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13137
msgstr ""
13138
13139
#: serverguide/C/network-auth.xml:308(computeroutput)
13140
#, no-wrap
13141
msgid ""
13142
"\n"
13143
"SASL/EXTERNAL authentication started\n"
13144
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13145
"SASL SSF: 0\n"
13146
"dn: cn=config\n"
13147
"\n"
13148
"dn: cn=module{0},cn=config\n"
13149
"\n"
13150
"dn: cn=schema,cn=config\n"
13151
"\n"
13152
"dn: cn={0}core,cn=schema,cn=config\n"
13153
"\n"
13154
"dn: cn={1}cosine,cn=schema,cn=config\n"
13155
"\n"
13156
"dn: cn={2}nis,cn=schema,cn=config\n"
13157
"\n"
13158
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13159
"\n"
13160
"dn: olcDatabase={-1}frontend,cn=config\n"
13161
"\n"
13162
"dn: olcDatabase={0}config,cn=config\n"
13163
"\n"
13164
"dn: olcDatabase={1}hdb,cn=config\n"
13165
msgstr ""
13166
13167
#: serverguide/C/network-auth.xml:334(para)
13168
msgid ""
13169
"The output above is the current configuration options for the "
13170
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13171
msgstr ""
13172
13173
#: serverguide/C/network-auth.xml:342(para)
13174
msgid ""
13175
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13176
"another attribute to the index list using "
13177
"<application>ldapmodify</application>:"
13178
msgstr ""
13179
13180
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13181
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13182
msgstr ""
13183
13184
#: serverguide/C/network-auth.xml:356(userinput)
13185
#, no-wrap
13186
msgid ""
13187
"dn: olcDatabase={1}hdb,cn=config\n"
13188
"add: olcDbIndex\n"
13189
"olcDbIndex: uidNumber eq"
13190
msgstr ""
13191
13192
#: serverguide/C/network-auth.xml:352(computeroutput)
13193
#, no-wrap
13194
msgid ""
13195
"\n"
13196
"SASL/EXTERNAL authentication started\n"
13197
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13198
"SASL SSF: 0\n"
13199
"<placeholder-1/>\n"
13200
"\n"
13201
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13202
msgstr ""
13203
13204
#: serverguide/C/network-auth.xml:364(para)
13205
msgid ""
13206
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13207
"exit the utility."
13208
msgstr ""
13209
13210
#: serverguide/C/network-auth.xml:371(para)
13211
msgid ""
13212
"<application>ldapmodify</application> can also read the changes from a file. "
13213
"Copy and paste the following into a file named "
13214
"<filename>uid_index.ldif</filename>:"
13215
msgstr ""
13216
13217
#: serverguide/C/network-auth.xml:376(programlisting)
13218
#, no-wrap
13219
msgid ""
13220
"\n"
13221
"dn: olcDatabase={1}hdb,cn=config\n"
13222
"add: olcDbIndex\n"
13223
"olcDbIndex: uid eq,pres,sub\n"
13224
msgstr ""
13225
13226
#: serverguide/C/network-auth.xml:382(para)
13227
msgid "Then execute <application>ldapmodify</application>:"
13228
msgstr ""
13229
13230
#: serverguide/C/network-auth.xml:387(command)
13231
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13232
msgstr ""
13233
13234
#: serverguide/C/network-auth.xml:391(computeroutput)
13235
#, no-wrap
13236
msgid ""
13237
"\n"
13238
"SASL/EXTERNAL authentication started\n"
13239
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13240
"SASL SSF: 0\n"
13241
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13242
msgstr ""
13243
13244
#: serverguide/C/network-auth.xml:399(para)
13245
msgid "The file method is very useful for large changes."
13246
msgstr ""
13247
13248
#: serverguide/C/network-auth.xml:406(para)
13249
msgid ""
13250
"Adding additional <emphasis>schemas</emphasis> to "
13251
"<application>slapd</application> requires the schema to be converted to LDIF "
13252
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13253
"directory contains some schema files already converted to LDIF format as "
13254
"demonstrated in the previous section. Fortunately, the "
13255
"<application>slapd</application> program can be used to automate the "
13256
"conversion. The following example will add the "
13257
"<emphasis>dyngroup.schema</emphasis>:"
13258
msgstr ""
13259
13260
#: serverguide/C/network-auth.xml:416(para)
13261
msgid ""
13262
"First, create a conversion <filename>schema_convert.conf</filename> file "
13263
"containing the following lines:"
13264
msgstr ""
13265
13266
#: serverguide/C/network-auth.xml:421(programlisting)
13267
#, no-wrap
13268
msgid ""
13269
"\n"
13270
"include /etc/ldap/schema/core.schema\n"
13271
"include /etc/ldap/schema/collective.schema\n"
13272
"include /etc/ldap/schema/corba.schema\n"
13273
"include /etc/ldap/schema/cosine.schema\n"
13274
"include /etc/ldap/schema/duaconf.schema\n"
13275
"include /etc/ldap/schema/dyngroup.schema\n"
13276
"include /etc/ldap/schema/inetorgperson.schema\n"
13277
"include /etc/ldap/schema/java.schema\n"
13278
"include /etc/ldap/schema/misc.schema\n"
13279
"include /etc/ldap/schema/nis.schema\n"
13280
"include /etc/ldap/schema/openldap.schema\n"
13281
"include /etc/ldap/schema/ppolicy.schema\n"
13282
msgstr ""
13283
13284
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13285
msgid "Next, create a temporary directory to hold the output:"
13286
msgstr ""
13287
13288
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13289
msgid "mkdir /tmp/ldif_output"
13290
msgstr ""
13291
13292
#: serverguide/C/network-auth.xml:450(para)
13293
msgid ""
13294
"Now using <application>slapcat</application> convert the schema files to "
13295
"LDIF:"
13296
msgstr ""
13297
13298
#: serverguide/C/network-auth.xml:455(command)
13299
msgid ""
13300
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13301
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13302
msgstr ""
13303
13304
#: serverguide/C/network-auth.xml:458(para)
13305
msgid ""
13306
"Adjust the configuration file name and temporary directory names if yours "
13307
"are different. Also, it may be worthwhile to keep the "
13308
"<filename>ldif_output</filename> directory around in case you want to add "
13309
"additional schemas in the future."
13310
msgstr ""
13311
13312
#: serverguide/C/network-auth.xml:467(para)
13313
msgid ""
13314
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13315
"following attributes:"
13316
msgstr ""
13317
13318
#: serverguide/C/network-auth.xml:471(programlisting)
13319
#, no-wrap
13320
msgid ""
13321
"\n"
13322
"dn: cn=dyngroup,cn=schema,cn=config\n"
13323
"...\n"
13324
"cn: dyngroup\n"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13328
msgid "And remove the following lines from the bottom of the file:"
13329
msgstr ""
13330
13331
#: serverguide/C/network-auth.xml:481(programlisting)
13332
#, no-wrap
13333
msgid ""
13334
"\n"
13335
"structuralObjectClass: olcSchemaConfig\n"
13336
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13337
"creatorsName: cn=config\n"
13338
"createTimestamp: 20080826021140Z\n"
13339
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13340
"modifiersName: cn=config\n"
13341
"modifyTimestamp: 20080826021140Z\n"
13342
msgstr ""
13343
13344
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13345
msgid ""
13346
"The attribute values will vary, just be sure the attributes are removed."
13347
msgstr ""
13348
13349
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13350
msgid ""
13351
"Finally, using the <application>ldapadd</application> utility, add the new "
13352
"schema to the directory:"
13353
msgstr ""
13354
13355
#: serverguide/C/network-auth.xml:506(command)
13356
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13357
msgstr ""
13358
13359
#: serverguide/C/network-auth.xml:512(para)
13360
msgid ""
13361
"There should now be a <emphasis>dn: "
13362
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:522(title)
13366
msgid "LDAP Replication"
13367
msgstr ""
13368
13369
#: serverguide/C/network-auth.xml:524(para)
13370
msgid ""
13371
"LDAP often quickly becomes a highly critical service to the network. "
13372
"Multiple systems will come to depend on LDAP for authentication, "
13373
"authorization, configuration, etc. It is a good idea to setup a redundant "
13374
"system through replication."
13375
msgstr ""
13376
13377
#: serverguide/C/network-auth.xml:530(para)
13378
msgid ""
13379
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13380
"Syncrepl allows the changes to be synced using a "
13381
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13382
"provider sends directory changes to consumers."
13383
msgstr ""
13384
13385
#: serverguide/C/network-auth.xml:537(title)
13386
msgid "Provider Configuration"
13387
msgstr ""
13388
13389
#: serverguide/C/network-auth.xml:539(para)
13390
msgid ""
13391
"The following is an example of a <emphasis>Single-Master</emphasis> "
13392
"configuration. In this configuration one OpenLDAP server is configured as a "
13393
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13394
msgstr ""
13395
13396
#: serverguide/C/network-auth.xml:547(para)
13397
msgid ""
13398
"First, configure the provider server. Copy the following to a file named "
13399
"<filename>provider_sync.ldif</filename>:"
13400
msgstr ""
13401
13402
#: serverguide/C/network-auth.xml:552(programlisting)
13403
#, no-wrap
13404
msgid ""
13405
"\n"
13406
"# Add indexes to the frontend db.\n"
13407
"dn: olcDatabase={1}hdb,cn=config\n"
13408
"changetype: modify\n"
13409
"add: olcDbIndex\n"
13410
"olcDbIndex: entryCSN eq\n"
13411
"-\n"
13412
"add: olcDbIndex\n"
13413
"olcDbIndex: entryUUID eq\n"
13414
"\n"
13415
"#Load the syncprov and accesslog modules.\n"
13416
"dn: cn=module{0},cn=config\n"
13417
"changetype: modify\n"
13418
"add: olcModuleLoad\n"
13419
"olcModuleLoad: syncprov\n"
13420
"-\n"
13421
"add: olcModuleLoad\n"
13422
"olcModuleLoad: accesslog\n"
13423
"\n"
13424
"# Accesslog database definitions\n"
13425
"dn: olcDatabase={2}hdb,cn=config\n"
13426
"objectClass: olcDatabaseConfig\n"
13427
"objectClass: olcHdbConfig\n"
13428
"olcDatabase: {2}hdb\n"
13429
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13430
"olcSuffix: cn=accesslog\n"
13431
"olcRootDN: cn=admin,dc=example,dc=com\n"
13432
"olcDbIndex: default eq\n"
13433
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13434
"\n"
13435
"# Accesslog db syncprov.\n"
13436
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13437
"changetype: add\n"
13438
"objectClass: olcOverlayConfig\n"
13439
"objectClass: olcSyncProvConfig\n"
13440
"olcOverlay: syncprov\n"
13441
"olcSpNoPresent: TRUE\n"
13442
"olcSpReloadHint: TRUE\n"
13443
"\n"
13444
"# syncrepl Provider for primary db\n"
13445
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13446
"changetype: add\n"
13447
"objectClass: olcOverlayConfig\n"
13448
"objectClass: olcSyncProvConfig\n"
13449
"olcOverlay: syncprov\n"
13450
"olcSpNoPresent: TRUE\n"
13451
"\n"
13452
"# accesslog overlay definitions for primary db\n"
13453
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13454
"objectClass: olcOverlayConfig\n"
13455
"objectClass: olcAccessLogConfig\n"
13456
"olcOverlay: accesslog\n"
13457
"olcAccessLogDB: cn=accesslog\n"
13458
"olcAccessLogOps: writes\n"
13459
"olcAccessLogSuccess: TRUE\n"
13460
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13461
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13462
msgstr ""
13463
13464
#: serverguide/C/network-auth.xml:614(para)
13465
msgid ""
13466
"The <application>AppArmor</application> profile for "
13467
"<application>slapd</application> will need to be adjusted for the accesslog "
13468
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13469
"adding:"
13470
msgstr ""
13471
13472
#: serverguide/C/network-auth.xml:619(programlisting)
13473
#, no-wrap
13474
msgid ""
13475
"\n"
13476
" /var/lib/ldap/accesslog/ r,\n"
13477
" /var/lib/ldap/accesslog/** rwk,\n"
13478
msgstr ""
13479
13480
#: serverguide/C/network-auth.xml:624(para)
13481
msgid ""
13482
"Then create the directory, reload the <application>apparmor</application> "
13483
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13484
msgstr ""
13485
13486
#: serverguide/C/network-auth.xml:630(command)
13487
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13488
msgstr ""
13489
13490
#: serverguide/C/network-auth.xml:631(command)
13491
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13492
msgstr ""
13493
13494
#: serverguide/C/network-auth.xml:636(para)
13495
msgid ""
13496
"Using the <emphasis>-u openldap</emphasis> option with the "
13497
"<application>sudo</application> commands above removes the need to adjust "
13498
"permissions for the new directory later."
13499
msgstr ""
13500
13501
#: serverguide/C/network-auth.xml:645(para)
13502
msgid ""
13503
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13504
"directory:"
13505
msgstr ""
13506
13507
#: serverguide/C/network-auth.xml:649(programlisting)
13508
#, no-wrap
13509
msgid ""
13510
"\n"
13511
"olcRootDN: cn=admin,dc=example,dc=com\n"
13512
msgstr ""
13513
13514
#: serverguide/C/network-auth.xml:657(para)
13515
msgid ""
13516
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13517
msgstr ""
13518
13519
#: serverguide/C/network-auth.xml:662(command)
13520
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13521
msgstr ""
13522
13523
#: serverguide/C/network-auth.xml:669(para)
13524
msgid "Restart <application>slapd</application>:"
13525
msgstr ""
13526
13527
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13528
msgid "sudo /etc/init.d/slapd restart"
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:680(para)
13532
msgid ""
13533
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13534
"to configure a <emphasis>Consumer</emphasis> server."
13535
msgstr ""
13536
13537
#: serverguide/C/network-auth.xml:687(title)
13538
msgid "Consumer Configuration"
13539
msgstr ""
13540
13541
#: serverguide/C/network-auth.xml:692(para)
13542
msgid ""
13543
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13544
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13545
"configuration steps."
13546
msgstr ""
13547
13548
#: serverguide/C/network-auth.xml:697(para)
13549
msgid "Add the additional schema files:"
13550
msgstr ""
13551
13552
#: serverguide/C/network-auth.xml:707(para)
13553
msgid ""
13554
"Also, create, or copy from the provider server, the "
13555
"<filename>backend.example.com.ldif</filename>"
13556
msgstr ""
13557
13558
#: serverguide/C/network-auth.xml:711(programlisting)
13559
#, no-wrap
13560
msgid ""
13561
"\n"
13562
"# Load dynamic backend modules\n"
13563
"dn: cn=module,cn=config\n"
13564
"objectClass: olcModuleList\n"
13565
"cn: module\n"
13566
"olcModulepath: /usr/lib/ldap\n"
13567
"olcModuleload: back_hdb\n"
13568
"\n"
13569
"# Database settings\n"
13570
"dn: olcDatabase=hdb,cn=config\n"
13571
"objectClass: olcDatabaseConfig\n"
13572
"objectClass: olcHdbConfig\n"
13573
"olcDatabase: {1}hdb\n"
13574
"olcSuffix: dc=example,dc=com\n"
13575
"olcDbDirectory: /var/lib/ldap\n"
13576
"olcRootDN: cn=admin,dc=example,dc=com\n"
13577
"olcRootPW: secret\n"
13578
"olcDbConfig: set_cachesize 0 2097152 0\n"
13579
"olcDbConfig: set_lk_max_objects 1500\n"
13580
"olcDbConfig: set_lk_max_locks 1500\n"
13581
"olcDbConfig: set_lk_max_lockers 1500\n"
13582
"olcDbIndex: objectClass eq\n"
13583
"olcLastMod: TRUE\n"
13584
"olcDbCheckpoint: 512 30\n"
13585
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13586
"by anonymous auth by self write by * none\n"
13587
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13588
"olcAccess: to dn.base=\"\" by * read\n"
13589
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13590
msgstr ""
13591
13592
#: serverguide/C/network-auth.xml:741(para)
13593
msgid "And add the LDIF by entering:"
13594
msgstr ""
13595
13596
#: serverguide/C/network-auth.xml:752(para)
13597
msgid ""
13598
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13599
"listed above, and add it:"
13600
msgstr ""
13601
13602
#: serverguide/C/network-auth.xml:760(para)
13603
msgid ""
13604
"The two severs should now have the same configuration except for the "
13605
"<emphasis>Syncrepl</emphasis> options."
13606
msgstr ""
13607
13608
#: serverguide/C/network-auth.xml:768(para)
13609
msgid ""
13610
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13611
msgstr ""
13612
13613
#: serverguide/C/network-auth.xml:772(programlisting)
13614
#, no-wrap
13615
msgid ""
13616
"\n"
13617
"#Load the syncprov module.\n"
13618
"dn: cn=module{0},cn=config\n"
13619
"changetype: modify\n"
13620
"add: olcModuleLoad\n"
13621
"olcModuleLoad: syncprov\n"
13622
"\n"
13623
"# syncrepl specific indices\n"
13624
"dn: olcDatabase={1}hdb,cn=config\n"
13625
"changetype: modify\n"
13626
"add: olcDbIndex\n"
13627
"olcDbIndex: entryUUID eq\n"
13628
"-\n"
13629
"add: olcSyncRepl\n"
13630
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13631
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13632
" credentials=secret searchbase=\"dc=example,dc=com\" "
13633
"logbase=\"cn=accesslog\" \n"
13634
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13635
"schemachecking=on \n"
13636
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13637
"-\n"
13638
"add: olcUpdateRef\n"
13639
"olcUpdateRef: ldap://ldap01.example.com\n"
13640
msgstr ""
13641
13642
#: serverguide/C/network-auth.xml:795(para)
13643
msgid "You will probably want to change the following attributes:"
13644
msgstr ""
13645
13646
#: serverguide/C/network-auth.xml:800(para)
13647
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13648
msgstr ""
13649
13650
#: serverguide/C/network-auth.xml:801(emphasis)
13651
msgid "binddn"
13652
msgstr ""
13653
13654
#: serverguide/C/network-auth.xml:802(emphasis)
13655
msgid "credentials"
13656
msgstr ""
13657
13658
#: serverguide/C/network-auth.xml:803(emphasis)
13659
msgid "searchbase"
13660
msgstr ""
13661
13662
#: serverguide/C/network-auth.xml:804(emphasis)
13663
msgid "olcUpdateRef:"
13664
msgstr ""
13665
13666
#: serverguide/C/network-auth.xml:810(para)
13667
msgid "Add the LDIF file to the configuration tree:"
13668
msgstr ""
13669
13670
#: serverguide/C/network-auth.xml:815(command)
13671
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13672
msgstr ""
13673
13674
#: serverguide/C/network-auth.xml:821(para)
13675
msgid ""
13676
"The frontend database should now sync between servers. You can add "
13677
"additional servers using the steps above as the need arises."
13678
msgstr ""
13679
13680
#: serverguide/C/network-auth.xml:831(programlisting)
13681
#, no-wrap
13682
msgid "127.0.0.1\tldap01.example.com ldap01"
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:827(para)
13686
msgid ""
13687
"The <application>slapd</application> daemon will send log information to "
13688
"<filename>/var/log/syslog</filename> by default. So if all does "
13689
"<emphasis>not</emphasis> go well check there for errors and other "
13690
"troubleshooting information. Also, be sure that each server knows it's Fully "
13691
"Qualified Domain Name (FQDN). This is configured in "
13692
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13693
msgstr ""
13694
13695
#: serverguide/C/network-auth.xml:839(title)
13696
msgid "Setting up ACL"
13697
msgstr ""
13698
13699
#: serverguide/C/network-auth.xml:841(para)
13700
msgid ""
13701
"Authentication requires access to the password field, that should be not "
13702
"accessible by default. Also, in order for users to change their own "
13703
"password, using <command>passwd</command> or other utilities, "
13704
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13705
"authenticated."
13706
msgstr ""
13707
13708
#: serverguide/C/network-auth.xml:848(para)
13709
msgid ""
13710
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13711
"tree, use the <application>ldapsearch</application> utility:"
13712
msgstr ""
13713
13714
#: serverguide/C/network-auth.xml:854(command)
13715
msgid ""
13716
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13717
"olcDatabase=config olcAccess"
13718
msgstr ""
13719
13720
#: serverguide/C/network-auth.xml:858(computeroutput)
13721
#, no-wrap
13722
msgid ""
13723
"SASL/EXTERNAL authentication started\n"
13724
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13725
"SASL SSF: 0\n"
13726
"dn: olcDatabase={0}config,cn=config\n"
13727
"olcAccess: {0}to * by "
13728
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13729
" ,cn=auth manage by * break\n"
13730
msgstr ""
13731
13732
#: serverguide/C/network-auth.xml:867(para)
13733
msgid "To see the ACL for the frontend tree enter:"
13734
msgstr ""
13735
13736
#: serverguide/C/network-auth.xml:872(command)
13737
msgid ""
13738
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13739
"olcDatabase={1}hdb olcAccess"
13740
msgstr ""
13741
13742
#: serverguide/C/network-auth.xml:878(title)
13743
msgid "TLS and SSL"
13744
msgstr ""
13745
13746
#: serverguide/C/network-auth.xml:880(para)
13747
msgid ""
13748
"When authenticating to an OpenLDAP server it is best to do so using an "
13749
"encrypted session. This can be accomplished using Transport Layer Security "
13750
"(TLS) and/or Secure Sockets Layer (SSL)."
13751
msgstr ""
13752
13753
#: serverguide/C/network-auth.xml:885(para)
13754
msgid ""
13755
"The first step in the process is to obtain or create a "
13756
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13757
"is compiled using the <application>gnutls</application> library, the "
13758
"<application>certtool</application> utility will be used to create "
13759
"certificates."
13760
msgstr ""
13761
13762
#: serverguide/C/network-auth.xml:894(para)
13763
msgid ""
13764
"First, install <application>gnutls-bin</application> by entering the "
13765
"following in a terminal:"
13766
msgstr ""
13767
13768
#: serverguide/C/network-auth.xml:899(command)
13769
msgid "sudo apt-get install gnutls-bin"
13770
msgstr ""
13771
13772
#: serverguide/C/network-auth.xml:905(para)
13773
msgid ""
13774
"Next, create a private key for the <emphasis>Certificate "
13775
"Authority</emphasis> (CA):"
13776
msgstr ""
13777
13778
#: serverguide/C/network-auth.xml:910(command)
13779
msgid ""
13780
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13781
msgstr ""
13782
13783
#: serverguide/C/network-auth.xml:916(para)
13784
msgid ""
13785
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13786
"CA certificate containing:"
13787
msgstr ""
13788
13789
#: serverguide/C/network-auth.xml:920(programlisting)
13790
#, no-wrap
13791
msgid ""
13792
"\n"
13793
"cn = Example Company\n"
13794
"ca\n"
13795
"cert_signing_key\n"
13796
msgstr ""
13797
13798
#: serverguide/C/network-auth.xml:929(para)
13799
msgid "Now create the self-signed CA certificate:"
13800
msgstr ""
13801
13802
#: serverguide/C/network-auth.xml:934(command)
13803
msgid ""
13804
"sudo certtool --generate-self-signed --load-privkey "
13805
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13806
"/etc/ssl/certs/cacert.pem"
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:941(para)
13810
msgid "Make a private key for the server:"
13811
msgstr ""
13812
13813
#: serverguide/C/network-auth.xml:946(command)
13814
msgid ""
13815
"sudo sh -c \"certtool --generate-privkey > "
13816
"/etc/ssl/private/ldap01_slapd_key.pem\""
13817
msgstr ""
13818
13819
#: serverguide/C/network-auth.xml:950(para)
13820
msgid ""
13821
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13822
"hostname. Naming the certificate and key for the host and service that will "
13823
"be using them will help keep filenames and paths straight."
13824
msgstr ""
13825
13826
#: serverguide/C/network-auth.xml:959(para)
13827
msgid ""
13828
"To sign the server's certificate with the CA, create the "
13829
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13830
msgstr ""
13831
13832
#: serverguide/C/network-auth.xml:963(programlisting)
13833
#, no-wrap
13834
msgid ""
13835
"\n"
13836
"organization = Example Company\n"
13837
"cn = ldap01.example.com\n"
13838
"tls_www_server\n"
13839
"encryption_key\n"
13840
"signing_key\n"
13841
msgstr ""
13842
13843
#: serverguide/C/network-auth.xml:974(para)
13844
msgid "Create the server's certificate:"
13845
msgstr ""
13846
13847
#: serverguide/C/network-auth.xml:979(command)
13848
msgid ""
13849
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13850
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13851
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13852
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13853
msgstr ""
13854
13855
#: serverguide/C/network-auth.xml:987(para)
13856
msgid ""
13857
"Once you have a certificate, key, and CA cert installed, use "
13858
"<application>ldapmodify</application> to add the new configuration options:"
13859
msgstr ""
13860
13861
#: serverguide/C/network-auth.xml:998(userinput)
13862
#, no-wrap
13863
msgid ""
13864
"dn: cn=config\n"
13865
"add: olcTLSCACertificateFile\n"
13866
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13867
"-\n"
13868
"add: olcTLSCertificateFile\n"
13869
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13870
"-\n"
13871
"add: olcTLSCertificateKeyFile\n"
13872
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13873
msgstr ""
13874
13875
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13876
#, no-wrap
13877
msgid ""
13878
"Enter LDAP Password:\n"
13879
"<placeholder-1/>\n"
13880
"\n"
13881
"modifying entry \"cn=config\"\n"
13882
msgstr ""
13883
13884
#: serverguide/C/network-auth.xml:1013(para)
13885
msgid ""
13886
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13887
"<filename>ldap01_slapd_key.pem</filename>, and "
13888
"<filename>cacert.pem</filename> names if yours are different."
13889
msgstr ""
13890
13891
#: serverguide/C/network-auth.xml:1019(para)
13892
msgid ""
13893
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13894
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13895
msgstr ""
13896
13897
#: serverguide/C/network-auth.xml:1023(programlisting)
13898
#, no-wrap
13899
msgid ""
13900
"\n"
13901
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13902
msgstr ""
13903
13904
#: serverguide/C/network-auth.xml:1027(para)
13905
msgid ""
13906
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13907
msgstr ""
13908
13909
#: serverguide/C/network-auth.xml:1032(command)
13910
msgid "sudo adduser openldap ssl-cert"
13911
msgstr ""
13912
13913
#: serverguide/C/network-auth.xml:1033(command)
13914
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13915
msgstr ""
13916
13917
#: serverguide/C/network-auth.xml:1034(command)
13918
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13919
msgstr ""
13920
13921
#: serverguide/C/network-auth.xml:1038(para)
13922
msgid ""
13923
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13924
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13925
"adjust the commands appropriately."
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:1044(para)
13929
msgid "Finally, restart <application>slapd</application>:"
13930
msgstr ""
13931
13932
#: serverguide/C/network-auth.xml:1052(para)
13933
msgid ""
13934
"The <application>slapd</application> daemon should now be listening for "
13935
"LDAPS connections and be able to use STARTTLS during authentication."
13936
msgstr ""
13937
13938
#: serverguide/C/network-auth.xml:1058(para)
13939
msgid ""
13940
"If you run into troubles with the server not starting, check the "
13941
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
13942
"it is likely there is a configuration problem. Check that the certificate is "
13943
"signed by the authority from in the files configured, and that the ssl-cert "
13944
"group has read permissions on the private key."
13945
msgstr ""
13946
13947
#: serverguide/C/network-auth.xml:1070(title)
13948
msgid "TLS Replication"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:1072(para)
13952
msgid ""
13953
"If you have setup <application>Syncrepl</application> between servers, it is "
13954
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
13955
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
13956
"linkend=\"openldap-server-replication\"/>."
13957
msgstr ""
13958
13959
#: serverguide/C/network-auth.xml:1078(para)
13960
msgid ""
13961
"Assuming you have followed the above instructions and created a CA "
13962
"certificate and server certificate on the <emphasis>Provider</emphasis> "
13963
"server. Follow the following instructions to create a certificate and key "
13964
"for the <emphasis>Consumer</emphasis> server."
13965
msgstr ""
13966
13967
#: serverguide/C/network-auth.xml:1087(para)
13968
msgid "Create a new key for the Consumer server:"
13969
msgstr ""
13970
13971
#: serverguide/C/network-auth.xml:1092(command)
13972
msgid "mkdir ldap02-ssl"
13973
msgstr ""
13974
13975
#: serverguide/C/network-auth.xml:1093(command)
13976
msgid "cd ldap02-ssl"
13977
msgstr ""
13978
13979
#: serverguide/C/network-auth.xml:1094(command)
13980
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
13981
msgstr ""
13982
13983
#: serverguide/C/network-auth.xml:1098(para)
13984
msgid ""
13985
"Creating a new directory is not strictly necessary, but it will help keep "
13986
"things organized and make it easier to copy the files to the Consumer server."
13987
msgstr ""
13988
13989
#: serverguide/C/network-auth.xml:1107(para)
13990
msgid ""
13991
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
13992
"server, changing the attributes to match your locality and server:"
13993
msgstr ""
13994
13995
#: serverguide/C/network-auth.xml:1112(programlisting)
13996
#, no-wrap
13997
msgid ""
13998
"\n"
13999
"country = US\n"
14000
"state = North Carolina\n"
14001
"locality = Winston-Salem\n"
14002
"organization = Example Company\n"
14003
"cn = ldap02.salem.edu\n"
14004
"tls_www_client\n"
14005
"encryption_key\n"
14006
"signing_key\n"
14007
msgstr ""
14008
14009
#: serverguide/C/network-auth.xml:1126(para)
14010
msgid "Create the certificate:"
14011
msgstr ""
14012
14013
#: serverguide/C/network-auth.xml:1131(command)
14014
msgid ""
14015
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14016
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14017
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14018
"ldap02_slapd_cert.pem"
14019
msgstr ""
14020
14021
#: serverguide/C/network-auth.xml:1139(para)
14022
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14023
msgstr ""
14024
14025
#: serverguide/C/network-auth.xml:1144(command)
14026
msgid "cp /etc/ssl/certs/cacert.pem ."
14027
msgstr ""
14028
14029
#: serverguide/C/network-auth.xml:1150(para)
14030
msgid ""
14031
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14032
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14033
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14034
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14035
"<filename>/etc/ssl/private</filename>."
14036
msgstr ""
14037
14038
#: serverguide/C/network-auth.xml:1159(para)
14039
msgid ""
14040
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14041
"by entering:"
14042
msgstr ""
14043
14044
#: serverguide/C/network-auth.xml:1169(userinput)
14045
#, no-wrap
14046
msgid ""
14047
"dn: cn=config\n"
14048
"add: olcTLSCACertificateFile\n"
14049
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14050
"-\n"
14051
"add: olcTLSCertificateFile\n"
14052
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14053
"-\n"
14054
"add: olcTLSCertificateKeyFile\n"
14055
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14056
msgstr ""
14057
14058
#: serverguide/C/network-auth.xml:1186(para)
14059
msgid ""
14060
"As with the Provider you can now edit "
14061
"<filename>/etc/default/slapd</filename> and add the "
14062
"<emphasis>ldaps:///</emphasis> parameter to the "
14063
"<emphasis>SLAPD_SERVICES</emphasis> option."
14064
msgstr ""
14065
14066
#: serverguide/C/network-auth.xml:1194(para)
14067
msgid ""
14068
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14069
"modify the <emphasis>Consumer</emphasis> server's "
14070
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14071
msgstr ""
14072
14073
#: serverguide/C/network-auth.xml:1207(userinput)
14074
#, no-wrap
14075
msgid ""
14076
"\n"
14077
"dn: olcDatabase={1}hdb,cn=config\n"
14078
"replace: olcSyncrepl\n"
14079
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14080
"binddn=\"cn=ad\n"
14081
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14082
"logbas\n"
14083
" e=\"cn=accesslog\" "
14084
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14085
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14086
"starttls=yes"
14087
msgstr ""
14088
14089
#: serverguide/C/network-auth.xml:1204(computeroutput)
14090
#, no-wrap
14091
msgid ""
14092
"SASL/EXTERNAL authentication started\n"
14093
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14094
"SASL SSF: 0\n"
14095
"<placeholder-1/>\n"
14096
"\n"
14097
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14098
msgstr ""
14099
14100
#: serverguide/C/network-auth.xml:1219(para)
14101
msgid ""
14102
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14103
"(FQDN) in the certificate, you may have to edit "
14104
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14105
msgstr ""
14106
14107
#: serverguide/C/network-auth.xml:1224(programlisting)
14108
#, no-wrap
14109
msgid ""
14110
"\n"
14111
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14112
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14113
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14114
msgstr ""
14115
14116
#: serverguide/C/network-auth.xml:1231(para)
14117
msgid ""
14118
"Finally, restart <application>slapd</application> on each of the servers:"
14119
msgstr ""
14120
14121
#: serverguide/C/network-auth.xml:1244(title)
14122
msgid "LDAP Authentication"
14123
msgstr ""
14124
14125
#: serverguide/C/network-auth.xml:1246(para)
14126
msgid ""
14127
"Once you have a working LDAP server, the <application>auth-client-"
14128
"config</application> and <application>libnss-ldap</application> packages "
14129
"take the pain out of configuring an Ubuntu client to authenticate using "
14130
"LDAP. To install the packages from, a terminal prompt enter:"
14131
msgstr ""
14132
14133
#: serverguide/C/network-auth.xml:1253(command)
14134
msgid "sudo apt-get install libnss-ldap"
14135
msgstr ""
14136
14137
#: serverguide/C/network-auth.xml:1256(para)
14138
msgid ""
14139
"During the install a menu dialog will ask you connection details about your "
14140
"LDAP server."
14141
msgstr ""
14142
14143
#: serverguide/C/network-auth.xml:1260(para)
14144
msgid ""
14145
"If you make a mistake when entering your information you can execute the "
14146
"dialog again using:"
14147
msgstr ""
14148
14149
#: serverguide/C/network-auth.xml:1265(command)
14150
msgid "sudo dpkg-reconfigure ldap-auth-config"
14151
msgstr ""
14152
14153
#: serverguide/C/network-auth.xml:1268(para)
14154
msgid ""
14155
"The results of the dialog can be seen in "
14156
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14157
"covered in the menu edit this file accordingly."
14158
msgstr ""
14159
14160
#: serverguide/C/network-auth.xml:1273(para)
14161
msgid ""
14162
"Now that <application>libnss-ldap</application> is configured enable the "
14163
"<application>auth-client-config</application> LDAP profile by entering:"
14164
msgstr ""
14165
14166
#: serverguide/C/network-auth.xml:1279(command)
14167
msgid "sudo auth-client-config -t nss -p lac_ldap"
14168
msgstr ""
14169
14170
#: serverguide/C/network-auth.xml:1284(para)
14171
msgid ""
14172
"<emphasis>-t:</emphasis> only modifies "
14173
"<filename>/etc/nsswitch.conf</filename>."
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:1289(para)
14177
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14178
msgstr ""
14179
14180
#: serverguide/C/network-auth.xml:1294(para)
14181
msgid ""
14182
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14183
"config</application> profile that is part of the <application>ldap-auth-"
14184
"config</application> package."
14185
msgstr ""
14186
14187
#: serverguide/C/network-auth.xml:1301(para)
14188
msgid ""
14189
"Using the <application>pam-auth-update</application> utility, configure the "
14190
"system to use LDAP for authentication:"
14191
msgstr ""
14192
14193
#: serverguide/C/network-auth.xml:1306(command)
14194
msgid "sudo pam-auth-update"
14195
msgstr ""
14196
14197
#: serverguide/C/network-auth.xml:1309(para)
14198
msgid ""
14199
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14200
"any other authentication mechanisms you need."
14201
msgstr ""
14202
14203
#: serverguide/C/network-auth.xml:1313(para)
14204
msgid ""
14205
"You should now be able to login using user credentials stored in the LDAP "
14206
"directory."
14207
msgstr ""
14208
14209
#: serverguide/C/network-auth.xml:1318(para)
14210
msgid ""
14211
"If you are going to use LDAP to store Samba users you will need to configure "
14212
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14213
"for details."
14214
msgstr ""
14215
14216
#: serverguide/C/network-auth.xml:1326(title)
14217
msgid "User and Group Management"
14218
msgstr ""
14219
14220
#: serverguide/C/network-auth.xml:1328(para)
14221
msgid ""
14222
"The <application>ldap-utils</application> package comes with multiple "
14223
"utilities to manage the directory, but the long string of options needed, "
14224
"can make them a burden to use. The <application>ldapscripts</application> "
14225
"package contains configurable scripts to easily manage LDAP users and groups."
14226
msgstr ""
14227
14228
#: serverguide/C/network-auth.xml:1334(para)
14229
msgid "To install the package, from a terminal enter:"
14230
msgstr ""
14231
14232
#: serverguide/C/network-auth.xml:1339(command)
14233
msgid "sudo apt-get install ldapscripts"
14234
msgstr ""
14235
14236
#: serverguide/C/network-auth.xml:1342(para)
14237
msgid ""
14238
"Next, edit the config file "
14239
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14240
"changing the following to match your environment:"
14241
msgstr ""
14242
14243
#: serverguide/C/network-auth.xml:1347(programlisting)
14244
#, no-wrap
14245
msgid ""
14246
"\n"
14247
"SERVER=localhost\n"
14248
"BINDDN='cn=admin,dc=example,dc=com'\n"
14249
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14250
"SUFFIX='dc=example,dc=com'\n"
14251
"GSUFFIX='ou=Groups'\n"
14252
"USUFFIX='ou=People'\n"
14253
"MSUFFIX='ou=Computers'\n"
14254
"GIDSTART=10000\n"
14255
"UIDSTART=10000\n"
14256
"MIDSTART=10000\n"
14257
msgstr ""
14258
14259
#: serverguide/C/network-auth.xml:1360(para)
14260
msgid ""
14261
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14262
"authenticated access to the directory:"
14263
msgstr ""
14264
14265
#: serverguide/C/network-auth.xml:1365(command)
14266
msgid ""
14267
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14268
msgstr ""
14269
14270
#: serverguide/C/network-auth.xml:1366(command)
14271
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14272
msgstr ""
14273
14274
#: serverguide/C/network-auth.xml:1370(para)
14275
msgid ""
14276
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14277
"user."
14278
msgstr ""
14279
14280
#: serverguide/C/network-auth.xml:1375(para)
14281
msgid ""
14282
"The <application>ldapscripts</application> are now ready to help manage your "
14283
"directory. The following are some examples of how to use the scripts:"
14284
msgstr ""
14285
14286
#: serverguide/C/network-auth.xml:1382(para)
14287
msgid "Create a new user:"
14288
msgstr ""
14289
14290
#: serverguide/C/network-auth.xml:1386(command)
14291
msgid "sudo ldapadduser george example"
14292
msgstr ""
14293
14294
#: serverguide/C/network-auth.xml:1388(para)
14295
msgid ""
14296
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14297
"and set the user's primary group (gid) to <emphasis "
14298
"role=\"italic\">example</emphasis>"
14299
msgstr ""
14300
14301
#: serverguide/C/network-auth.xml:1394(para)
14302
msgid "Change a user's password:"
14303
msgstr ""
14304
14305
#: serverguide/C/network-auth.xml:1398(command)
14306
msgid "sudo ldapsetpasswd george"
14307
msgstr ""
14308
14309
#: serverguide/C/network-auth.xml:1399(computeroutput)
14310
#, no-wrap
14311
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14312
msgstr ""
14313
14314
#: serverguide/C/network-auth.xml:1400(userinput)
14315
#, no-wrap
14316
msgid "New Password: "
14317
msgstr ""
14318
14319
#: serverguide/C/network-auth.xml:1401(userinput)
14320
#, no-wrap
14321
msgid "New Password (verify): "
14322
msgstr ""
14323
14324
#: serverguide/C/network-auth.xml:1405(para)
14325
msgid "Delete a user:"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:1409(command)
14329
msgid "sudo ldapdeleteuser george"
14330
msgstr ""
14331
14332
#: serverguide/C/network-auth.xml:1414(para)
14333
msgid "Add a group:"
14334
msgstr ""
14335
14336
#: serverguide/C/network-auth.xml:1418(command)
14337
msgid "sudo ldapaddgroup qa"
14338
msgstr ""
14339
14340
#: serverguide/C/network-auth.xml:1422(para)
14341
msgid "Delete a group:"
14342
msgstr ""
14343
14344
#: serverguide/C/network-auth.xml:1426(command)
14345
msgid "sudo ldapdeletegroup qa"
14346
msgstr ""
14347
14348
#: serverguide/C/network-auth.xml:1430(para)
14349
msgid "Add a user to a group:"
14350
msgstr ""
14351
14352
#: serverguide/C/network-auth.xml:1434(command)
14353
msgid "sudo ldapaddusertogroup george qa"
14354
msgstr ""
14355
14356
#: serverguide/C/network-auth.xml:1436(para)
14357
msgid ""
14358
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14359
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14360
"role=\"italic\">george</emphasis>."
14361
msgstr ""
14362
14363
#: serverguide/C/network-auth.xml:1442(para)
14364
msgid "Remove a user from a group:"
14365
msgstr ""
14366
14367
#: serverguide/C/network-auth.xml:1446(command)
14368
msgid "sudo ldapdeleteuserfromgroup george qa"
14369
msgstr ""
14370
14371
#: serverguide/C/network-auth.xml:1448(para)
14372
msgid ""
14373
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14374
"<emphasis role=\"italic\">qa</emphasis> group."
14375
msgstr ""
14376
14377
#: serverguide/C/network-auth.xml:1454(para)
14378
msgid ""
14379
"The <application>ldapmodifyuser</application> script allows you to add, "
14380
"remove, or replace a user's attributes. The script uses the same syntax as "
14381
"the <application>ldapmodify</application> utility. For example:"
14382
msgstr ""
14383
14384
#: serverguide/C/network-auth.xml:1459(command)
14385
msgid "sudo ldapmodifyuser george"
14386
msgstr ""
14387
14388
#: serverguide/C/network-auth.xml:1460(computeroutput)
14389
#, no-wrap
14390
msgid ""
14391
"# About to modify the following entry :\n"
14392
"dn: uid=george,ou=People,dc=example,dc=com\n"
14393
"objectClass: account\n"
14394
"objectClass: posixAccount\n"
14395
"cn: george\n"
14396
"uid: george\n"
14397
"uidNumber: 1001\n"
14398
"gidNumber: 1001\n"
14399
"homeDirectory: /home/george\n"
14400
"loginShell: /bin/bash\n"
14401
"gecos: george\n"
14402
"description: User account\n"
14403
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14404
"\n"
14405
"# Enter your modifications here, end with CTRL-D.\n"
14406
"dn: uid=george,ou=People,dc=example,dc=com"
14407
msgstr ""
14408
14409
#: serverguide/C/network-auth.xml:1476(userinput)
14410
#, no-wrap
14411
msgid ""
14412
"replace: gecos\n"
14413
"gecos: George Carlin"
14414
msgstr ""
14415
14416
#: serverguide/C/network-auth.xml:1479(para)
14417
msgid ""
14418
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14419
"Carlin</quote>."
14420
msgstr ""
14421
14422
#: serverguide/C/network-auth.xml:1484(para)
14423
msgid ""
14424
"Another great feature of <application>ldapscripts</application>, is the "
14425
"template system. Templates allow you to customize the attributes of user, "
14426
"group, and machine objectes. For example, to enable the "
14427
"<emphasis>user</emphasis> template edit "
14428
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14429
msgstr ""
14430
14431
#: serverguide/C/network-auth.xml:1491(programlisting)
14432
#, no-wrap
14433
msgid ""
14434
"\n"
14435
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14436
msgstr ""
14437
14438
#: serverguide/C/network-auth.xml:1495(para)
14439
msgid ""
14440
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14441
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14442
"<filename>ldapadduser.template.sample</filename> file to "
14443
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14444
msgstr ""
14445
14446
#: serverguide/C/network-auth.xml:1502(command)
14447
msgid ""
14448
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14449
"/etc/ldapscripts/ldapadduser.template"
14450
msgstr ""
14451
14452
#: serverguide/C/network-auth.xml:1505(para)
14453
msgid ""
14454
"Edit the new template to add the desired attributes. The following will "
14455
"create new user's as with an <emphasis>objectClass</emphasis> of "
14456
"<emphasis>inetOrgPerson</emphasis>:"
14457
msgstr ""
14458
14459
#: serverguide/C/network-auth.xml:1510(programlisting)
14460
#, no-wrap
14461
msgid ""
14462
"\n"
14463
"dn: uid=<user>,<usuffix>,<suffix>\n"
14464
"objectClass: inetOrgPerson\n"
14465
"objectClass: posixAccount\n"
14466
"cn: <user>\n"
14467
"sn: <ask>\n"
14468
"uid: <user>\n"
14469
"uidNumber: <uid>\n"
14470
"gidNumber: <gid>\n"
14471
"homeDirectory: <home>\n"
14472
"loginShell: <shell>\n"
14473
"gecos: <user>\n"
14474
"description: User account\n"
14475
"title: Employee\n"
14476
msgstr ""
14477
14478
#: serverguide/C/network-auth.xml:1526(para)
14479
msgid ""
14480
"Notice the <emphasis><ask></emphasis> option used for the "
14481
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14482
"<application>ldapadduser</application> to prompt you for the attribute value "
14483
"during user creation."
14484
msgstr ""
14485
14486
#: serverguide/C/network-auth.xml:1534(para)
14487
msgid ""
14488
"There are more useful scripts in the package, to see a full list enter: "
14489
"<command>dpkg -L ldapscripts | grep bin</command>"
14490
msgstr ""
14491
14492
#: serverguide/C/network-auth.xml:1543(para)
14493
msgid ""
14494
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14495
"Ubuntu Wiki</ulink> page has more details."
14496
msgstr ""
14497
14498
#: serverguide/C/network-auth.xml:1548(para)
14499
msgid ""
14500
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14501
"Home Page</ulink>"
14502
msgstr ""
14503
14504
#: serverguide/C/network-auth.xml:1553(para)
14505
msgid ""
14506
"Though starting to show it's age, a great source for in depth LDAP "
14507
"information is O'Reilly's <ulink "
14508
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14509
"Administration</ulink>"
14510
msgstr ""
14511
14512
#: serverguide/C/network-auth.xml:1559(para)
14513
msgid ""
14514
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14515
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14516
"newer versions of OpenLDAP."
14517
msgstr ""
14518
14519
#: serverguide/C/network-auth.xml:1565(para)
14520
msgid ""
14521
"For more information on <application>auth-client-config</application> see "
14522
"the man page: <command>man auth-client-config</command>."
14523
msgstr ""
14524
14525
#: serverguide/C/network-auth.xml:1570(para)
14526
msgid ""
14527
"For more details regarding the <application>ldapscripts</application> "
14528
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14529
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14530
msgstr ""
14531
14532
#: serverguide/C/network-auth.xml:1580(title)
14533
msgid "Samba and LDAP"
14534
msgstr ""
14535
14536
#: serverguide/C/network-auth.xml:1582(para)
14537
msgid ""
14538
"This section covers configuring Samba to use LDAP for user, group, and "
14539
"machine account information and authentication. The assumption is, you "
14540
"already have a working OpenLDAP directory installed and the server is "
14541
"configured to use it for authentication. See <xref linkend=\"openldap-"
14542
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14543
"setting up OpenLDAP. For more information on installing and configuring "
14544
"Samba see <xref linkend=\"windows-networking\"/>."
14545
msgstr ""
14546
14547
#: serverguide/C/network-auth.xml:1592(para)
14548
msgid ""
14549
"There are three packages needed when integrating Samba with LDAP. "
14550
"<application>samba</application>, <application>samba-doc</application>, and "
14551
"<application>smbldap-tools</application> packages . To install the packages, "
14552
"from a terminal enter:"
14553
msgstr ""
14554
14555
#: serverguide/C/network-auth.xml:1598(command)
14556
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14557
msgstr ""
14558
14559
#: serverguide/C/network-auth.xml:1601(para)
14560
msgid ""
14561
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14562
"needed, but unless you have another package or custom scripts, a method of "
14563
"managing users, groups, and computer accounts is needed."
14564
msgstr ""
14565
14566
#: serverguide/C/network-auth.xml:1608(title)
14567
msgid "OpenLDAP Configuration"
14568
msgstr ""
14569
14570
#: serverguide/C/network-auth.xml:1610(para)
14571
msgid ""
14572
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14573
"the user objects in the directory will need additional attributes. This "
14574
"section assumes you want Samba to be configured as a Windows NT domain "
14575
"controller, and will add the necessary LDAP objects and attributes."
14576
msgstr ""
14577
14578
#: serverguide/C/network-auth.xml:1618(para)
14579
msgid ""
14580
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14581
"file which is part of the <application>samba-doc</application> package. The "
14582
"schema file needs to be unzipped and copied to "
14583
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14584
msgstr ""
14585
14586
#: serverguide/C/network-auth.xml:1625(command)
14587
msgid ""
14588
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14589
"/etc/ldap/schema/"
14590
msgstr ""
14591
14592
#: serverguide/C/network-auth.xml:1626(command)
14593
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14594
msgstr ""
14595
14596
#: serverguide/C/network-auth.xml:1632(para)
14597
msgid ""
14598
"The <emphasis>samba</emphasis> schema needs to be added to the "
14599
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14600
"<application>slapd</application> is also detailed in <xref "
14601
"linkend=\"openldap-configuration\"/>."
14602
msgstr ""
14603
14604
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14605
msgid ""
14606
"First, create a configuration file named "
14607
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14608
"containing the following lines:"
14609
msgstr ""
14610
14611
#: serverguide/C/network-auth.xml:1645(programlisting)
14612
#, no-wrap
14613
msgid ""
14614
"\n"
14615
"include /etc/ldap/schema/core.schema\n"
14616
"include /etc/ldap/schema/collective.schema\n"
14617
"include /etc/ldap/schema/corba.schema\n"
14618
"include /etc/ldap/schema/cosine.schema\n"
14619
"include /etc/ldap/schema/duaconf.schema\n"
14620
"include /etc/ldap/schema/dyngroup.schema\n"
14621
"include /etc/ldap/schema/inetorgperson.schema\n"
14622
"include /etc/ldap/schema/java.schema\n"
14623
"include /etc/ldap/schema/misc.schema\n"
14624
"include /etc/ldap/schema/nis.schema\n"
14625
"include /etc/ldap/schema/openldap.schema\n"
14626
"include /etc/ldap/schema/ppolicy.schema\n"
14627
"include /etc/ldap/schema/samba.schema\n"
14628
msgstr ""
14629
14630
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14631
msgid ""
14632
"Now use <application>slapcat</application> to convert the schema files:"
14633
msgstr ""
14634
14635
#: serverguide/C/network-auth.xml:1680(command)
14636
msgid ""
14637
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14638
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14639
msgstr ""
14640
14641
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14642
msgid ""
14643
"Change the above file and path names to match your own if they are different."
14644
msgstr ""
14645
14646
#: serverguide/C/network-auth.xml:1690(para)
14647
msgid ""
14648
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14649
"the following attributes:"
14650
msgstr ""
14651
14652
#: serverguide/C/network-auth.xml:1694(programlisting)
14653
#, no-wrap
14654
msgid ""
14655
"\n"
14656
"dn: cn=samba,cn=schema,cn=config\n"
14657
"...\n"
14658
"cn: samba\n"
14659
msgstr ""
14660
14661
#: serverguide/C/network-auth.xml:1704(programlisting)
14662
#, no-wrap
14663
msgid ""
14664
"\n"
14665
"structuralObjectClass: olcSchemaConfig\n"
14666
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14667
"creatorsName: cn=config\n"
14668
"createTimestamp: 20080827045234Z\n"
14669
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14670
"modifiersName: cn=config\n"
14671
"modifyTimestamp: 20080827045234Z\n"
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:1729(command)
14675
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14676
msgstr ""
14677
14678
#: serverguide/C/network-auth.xml:1735(para)
14679
msgid ""
14680
"There should now be a <emphasis>dn: "
14681
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14682
"sequential schema, entry in the cn=config tree."
14683
msgstr ""
14684
14685
#: serverguide/C/network-auth.xml:1743(para)
14686
msgid ""
14687
"Copy and paste the following into a file named "
14688
"<filename>samba_indexes.ldif</filename>:"
14689
msgstr ""
14690
14691
#: serverguide/C/network-auth.xml:1747(programlisting)
14692
#, no-wrap
14693
msgid ""
14694
"\n"
14695
"dn: olcDatabase={1}hdb,cn=config\n"
14696
"changetype: modify\n"
14697
"add: olcDbIndex\n"
14698
"olcDbIndex: uidNumber eq\n"
14699
"olcDbIndex: gidNumber eq\n"
14700
"olcDbIndex: loginShell eq\n"
14701
"olcDbIndex: uid eq,pres,sub\n"
14702
"olcDbIndex: memberUid eq,pres,sub\n"
14703
"olcDbIndex: uniqueMember eq,pres\n"
14704
"olcDbIndex: sambaSID eq\n"
14705
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14706
"olcDbIndex: sambaGroupType eq\n"
14707
"olcDbIndex: sambaSIDList eq\n"
14708
"olcDbIndex: sambaDomainName eq\n"
14709
"olcDbIndex: default sub\n"
14710
msgstr ""
14711
14712
#: serverguide/C/network-auth.xml:1765(para)
14713
msgid ""
14714
"Using the <application>ldapmodify</application> utility load the new indexes:"
14715
msgstr ""
14716
14717
#: serverguide/C/network-auth.xml:1770(command)
14718
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14719
msgstr ""
14720
14721
#: serverguide/C/network-auth.xml:1772(para)
14722
msgid ""
14723
"If all went well you should see the new indexes using "
14724
"<application>ldapsearch</application>:"
14725
msgstr ""
14726
14727
#: serverguide/C/network-auth.xml:1777(command)
14728
msgid ""
14729
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14730
msgstr ""
14731
14732
#: serverguide/C/network-auth.xml:1783(para)
14733
msgid ""
14734
"Next, configure the <application>smbldap-tools</application> package to "
14735
"match your environment. The package comes with a configuration script that "
14736
"will ask questions about the needed options. To run the script enter:"
14737
msgstr ""
14738
14739
#: serverguide/C/network-auth.xml:1789(command)
14740
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14741
msgstr ""
14742
14743
#: serverguide/C/network-auth.xml:1790(command)
14744
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14745
msgstr ""
14746
14747
#: serverguide/C/network-auth.xml:1793(para)
14748
msgid ""
14749
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14750
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14751
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14752
"configure script, so if you made any mistakes while executing the script it "
14753
"may be simpler to edit the file appropriately."
14754
msgstr ""
14755
14756
#: serverguide/C/network-auth.xml:1803(para)
14757
msgid ""
14758
"The <application>smbldap-populate</application> script will add the "
14759
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14760
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14761
"<application>slapcat</application> before executing the command:"
14762
msgstr ""
14763
14764
#: serverguide/C/network-auth.xml:1810(command)
14765
msgid "sudo slapcat -l backup.ldif"
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:1816(para)
14769
msgid ""
14770
"Once you have a current backup execute <application>smbldap-"
14771
"populate</application> by entering:"
14772
msgstr ""
14773
14774
#: serverguide/C/network-auth.xml:1821(command)
14775
msgid "sudo smbldap-populate"
14776
msgstr ""
14777
14778
#: serverguide/C/network-auth.xml:1825(para)
14779
msgid ""
14780
"You can create an LDIF file containing the new Samba objects by executing "
14781
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14782
"look over the changes making sure everything is correct."
14783
msgstr ""
14784
14785
#: serverguide/C/network-auth.xml:1833(para)
14786
msgid ""
14787
"Your LDAP directory now has the necessary domain information to authenticate "
14788
"Samba users."
14789
msgstr ""
14790
14791
#: serverguide/C/network-auth.xml:1839(title)
14792
msgid "Samba Configuration"
14793
msgstr ""
14794
14795
#: serverguide/C/network-auth.xml:1841(para)
14796
msgid ""
14797
"There a multiple ways to configure Samba for details on some common "
14798
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14799
"Samba to use LDAP, edit the main Samba configuration file "
14800
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14801
"backend</emphasis> option and adding the following:"
14802
msgstr ""
14803
14804
#: serverguide/C/network-auth.xml:1847(programlisting)
14805
#, no-wrap
14806
msgid ""
14807
"\n"
14808
"# passdb backend = tdbsam\n"
14809
"\n"
14810
"# LDAP Settings\n"
14811
" passdb backend = ldapsam:ldap://hostname\n"
14812
" ldap suffix = dc=example,dc=com\n"
14813
" ldap user suffix = ou=People\n"
14814
" ldap group suffix = ou=Groups\n"
14815
" ldap machine suffix = ou=Computers\n"
14816
" ldap idmap suffix = ou=Idmap\n"
14817
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14818
" ldap ssl = start tls\n"
14819
" ldap passwd sync = yes\n"
14820
"...\n"
14821
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14822
msgstr ""
14823
14824
#: serverguide/C/network-auth.xml:1864(para)
14825
msgid "Restart <application>samba</application> to enable the new settings:"
14826
msgstr ""
14827
14828
#: serverguide/C/network-auth.xml:1873(para)
14829
msgid ""
14830
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14831
"enter:"
14832
msgstr ""
14833
14834
#: serverguide/C/network-auth.xml:1878(command)
14835
msgid "sudo smbpasswd -w secret"
14836
msgstr ""
14837
14838
#: serverguide/C/network-auth.xml:1882(para)
14839
msgid ""
14840
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14841
"password."
14842
msgstr ""
14843
14844
#: serverguide/C/network-auth.xml:1887(para)
14845
msgid ""
14846
"If you currently have users in LDAP, and you want them to authenticate using "
14847
"Samba, they will need some Samba attributes defined in the "
14848
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14849
"users using the <application>smbpasswd</application> utility, replacing "
14850
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14851
msgstr ""
14852
14853
#: serverguide/C/network-auth.xml:1895(command)
14854
msgid "sudo smbpasswd -a username"
14855
msgstr ""
14856
14857
#: serverguide/C/network-auth.xml:1898(para)
14858
msgid "You will then be asked to enter the user's password."
14859
msgstr ""
14860
14861
#: serverguide/C/network-auth.xml:1902(para)
14862
msgid ""
14863
"To add new user, group, and machine accounts use the utilities from the "
14864
"<application>smbldap-tools</application> package. Here are some examples:"
14865
msgstr ""
14866
14867
#: serverguide/C/network-auth.xml:1909(para)
14868
msgid ""
14869
"To add a new user to LDAP with Samba attributes enter the following, "
14870
"replacing username with an actual username:"
14871
msgstr ""
14872
14873
#: serverguide/C/network-auth.xml:1913(command)
14874
msgid "sudo smbldap-useradd -a -P username"
14875
msgstr ""
14876
14877
#: serverguide/C/network-auth.xml:1915(para)
14878
msgid ""
14879
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14880
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14881
"passwd</application> utility after the user is created allowing you to enter "
14882
"a password for the user."
14883
msgstr ""
14884
14885
#: serverguide/C/network-auth.xml:1921(para)
14886
msgid "To remove a user from the directory enter:"
14887
msgstr ""
14888
14889
#: serverguide/C/network-auth.xml:1925(command)
14890
msgid "sudo smbldap-userdel username"
14891
msgstr ""
14892
14893
#: serverguide/C/network-auth.xml:1927(para)
14894
msgid ""
14895
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14896
"r</emphasis> option to remove the user's home directory."
14897
msgstr ""
14898
14899
#: serverguide/C/network-auth.xml:1932(para)
14900
msgid ""
14901
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14902
"groupname with an appropriate group:"
14903
msgstr ""
14904
14905
#: serverguide/C/network-auth.xml:1936(command)
14906
msgid "sudo smbldap-groupadd -a groupname"
14907
msgstr ""
14908
14909
#: serverguide/C/network-auth.xml:1938(para)
14910
msgid ""
14911
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14912
"a</emphasis> adds the Samba attributes."
14913
msgstr ""
14914
14915
#: serverguide/C/network-auth.xml:1943(para)
14916
msgid ""
14917
"To add a user to a group use <application>smbldap-groupmod</application>:"
14918
msgstr ""
14919
14920
#: serverguide/C/network-auth.xml:1947(command)
14921
msgid "sudo smbldap-groupmod -m username groupname"
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1949(para)
14925
msgid ""
14926
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14927
"<emphasis>-m</emphasis> option can add more than one user at a time by "
14928
"listing them in <emphasis>comma separated</emphasis> format."
14929
msgstr ""
14930
14931
#: serverguide/C/network-auth.xml:1955(para)
14932
msgid ""
14933
"<application>smbldap-groupmod</application> can also be used to remove a "
14934
"user from a group:"
14935
msgstr ""
14936
14937
#: serverguide/C/network-auth.xml:1959(command)
14938
msgid "sudo smbldap-groupmod -x username groupname"
14939
msgstr ""
14940
14941
#: serverguide/C/network-auth.xml:1963(para)
14942
msgid ""
14943
"Additionally, the <application>smbldap-useradd</application> utility can add "
14944
"Samba machine accounts:"
14945
msgstr ""
14946
14947
#: serverguide/C/network-auth.xml:1967(command)
14948
msgid "sudo smbldap-useradd -t 0 -w username"
14949
msgstr ""
14950
14951
#: serverguide/C/network-auth.xml:1969(para)
14952
msgid ""
14953
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
14954
"<emphasis>-t 0</emphasis> option creates the machine account without a "
14955
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
14956
"machine account. Also, note the <emphasis>add machine script</emphasis> "
14957
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
14958
"<application>smbldap-useradd</application>."
14959
msgstr ""
14960
14961
#: serverguide/C/network-auth.xml:1978(para)
14962
msgid ""
14963
"There are more useful utilities and options in the <application>smbldap-"
14964
"tools</application> package. The man page for each utility provides more "
14965
"details."
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1989(para)
14969
msgid ""
14970
"There are multiple places where LDAP and Samba is documented in the <ulink "
14971
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
14972
"Collection</ulink>."
14973
msgstr ""
14974
14975
#: serverguide/C/network-auth.xml:1995(para)
14976
msgid ""
14977
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
14978
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
14979
msgstr ""
14980
14981
#: serverguide/C/network-auth.xml:2001(para)
14982
msgid ""
14983
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
14984
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
14985
msgstr ""
14986
14987
#: serverguide/C/network-auth.xml:2007(para)
14988
msgid ""
14989
"Again, for more information on <application>smbldap-tools</application> see "
14990
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
14991
"groupadd</command>, <command>man smbldap-populate</command>, etc."
14992
msgstr ""
14993
14994
#: serverguide/C/network-auth.xml:2014(para)
14995
msgid ""
14996
"Also, there is a list of <ulink "
14997
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
14998
"wiki</ulink> articles with more information."
14999
msgstr ""
15000
15001
#: serverguide/C/network-auth.xml:2023(title)
15002
msgid "Kerberos"
15003
msgstr ""
15004
15005
#: serverguide/C/network-auth.xml:2025(para)
15006
msgid ""
15007
"<application>Kerberos</application> is a network authentication system based "
15008
"on the principal of a trusted third party. The other two parties being the "
15009
"user and the service the user wishes to authenticate to. Not all services "
15010
"and applications can use Kerberos, but for those that can, it brings the "
15011
"network environment one step closer to being Single Sign On (SSO)."
15012
msgstr ""
15013
15014
#: serverguide/C/network-auth.xml:2031(para)
15015
msgid ""
15016
"This section covers installation and configuration of a Kerberos server, and "
15017
"some example client configurations."
15018
msgstr ""
15019
15020
#: serverguide/C/network-auth.xml:2038(para)
15021
msgid ""
15022
"If you are new to Kerberos there are a few terms that are good to understand "
15023
"before setting up a Kerberos server. Most of the terms will relate to things "
15024
"you may be familiar with in other environments:"
15025
msgstr ""
15026
15027
#: serverguide/C/network-auth.xml:2045(para)
15028
msgid ""
15029
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15030
"by servers need to be defined as Kerberos Principals."
15031
msgstr ""
15032
15033
#: serverguide/C/network-auth.xml:2050(para)
15034
msgid ""
15035
"<emphasis>Instances:</emphasis> are used for service principals and special "
15036
"administrative principals."
15037
msgstr ""
15038
15039
#: serverguide/C/network-auth.xml:2055(para)
15040
msgid ""
15041
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15042
"Kerberos installation. Usually the DNS domain converted to uppercase "
15043
"(EXAMPLE.COM)."
15044
msgstr ""
15045
15046
#: serverguide/C/network-auth.xml:2061(para)
15047
msgid ""
15048
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15049
"a database of all principals, the authentication server, and the ticket "
15050
"granting server. For each realm there must be at least one KDC."
15051
msgstr ""
15052
15053
#: serverguide/C/network-auth.xml:2067(para)
15054
msgid ""
15055
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15056
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15057
"password which is known only to the user and the KDC."
15058
msgstr ""
15059
15060
#: serverguide/C/network-auth.xml:2073(para)
15061
msgid ""
15062
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15063
"clients upon request."
15064
msgstr ""
15065
15066
#: serverguide/C/network-auth.xml:2078(para)
15067
msgid ""
15068
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15069
"One principal being a user and the other a service requested by the user. "
15070
"Tickets establish an encryption key used for secure communication during the "
15071
"authenticated session."
15072
msgstr ""
15073
15074
#: serverguide/C/network-auth.xml:2084(para)
15075
msgid ""
15076
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15077
"principal database and contain the encryption key for a service or host."
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:2091(para)
15081
msgid ""
15082
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15083
"redundancy, which contains a database of Principals. When a user principal "
15084
"logs into a workstation, configured for Kerberos authentication, the KDC "
15085
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15086
"match, the user is authenticated and can then request tickets for Kerberized "
15087
"services from the Ticket Granting Server (TGS). The service tickets allow "
15088
"the user to authenticate to the service without entering another username "
15089
"and password."
15090
msgstr ""
15091
15092
#: serverguide/C/network-auth.xml:2100(title)
15093
msgid "Kerberos Server"
15094
msgstr ""
15095
15096
#: serverguide/C/network-auth.xml:2104(para)
15097
msgid ""
15098
"Before installing the Kerberos server a properly configured DNS server is "
15099
"needed for your domain. Since the Kerberos Realm by convention matches the "
15100
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15101
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15102
msgstr ""
15103
15104
#: serverguide/C/network-auth.xml:2110(para)
15105
msgid ""
15106
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15107
"between a client machine and the server differs by more than five minutes "
15108
"(by default), the workstation will not be able to authenticate. To correct "
15109
"the problem all hosts should have their time synchronized using the "
15110
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15111
"NTP see <xref linkend=\"NTP\"/>."
15112
msgstr ""
15113
15114
#: serverguide/C/network-auth.xml:2117(para)
15115
msgid ""
15116
"The first step in installing a Kerberos Realm is to install the "
15117
"<application>krb5-kdc</application> and <application>krb5-admin-"
15118
"server</application> packages. From a terminal enter:"
15119
msgstr ""
15120
15121
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15122
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15123
msgstr ""
15124
15125
#: serverguide/C/network-auth.xml:2126(para)
15126
msgid ""
15127
"You will be asked at the end of the install to supply a name for the "
15128
"Kerberos and Admin servers, which may or may not be the same server, for the "
15129
"realm."
15130
msgstr ""
15131
15132
#: serverguide/C/network-auth.xml:2131(para)
15133
msgid ""
15134
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15135
"utility:"
15136
msgstr ""
15137
15138
#: serverguide/C/network-auth.xml:2136(command)
15139
msgid "sudo krb5_newrealm"
15140
msgstr ""
15141
15142
#: serverguide/C/network-auth.xml:2143(para)
15143
msgid ""
15144
"The questions asked during installation are used to configure the "
15145
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15146
"Distribution Center (KDC) settings simply edit the file and restart the "
15147
"<application>krb5-kdc</application> daemon."
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:2151(para)
15151
msgid ""
15152
"Now that the KDC running an admin user is needed. It is recommended to use a "
15153
"different username from your everyday username. Using the "
15154
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15155
msgstr ""
15156
15157
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15158
msgid "sudo kadmin.local"
15159
msgstr ""
15160
15161
#: serverguide/C/network-auth.xml:2158(computeroutput)
15162
#, no-wrap
15163
msgid ""
15164
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15165
"kadmin.local:"
15166
msgstr ""
15167
15168
#: serverguide/C/network-auth.xml:2159(userinput)
15169
#, no-wrap
15170
msgid " addprinc steve/admin"
15171
msgstr ""
15172
15173
#: serverguide/C/network-auth.xml:2160(computeroutput)
15174
#, no-wrap
15175
msgid ""
15176
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15177
"policy\n"
15178
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15179
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15180
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15181
"kadmin.local:"
15182
msgstr ""
15183
15184
#: serverguide/C/network-auth.xml:2164(userinput)
15185
#, no-wrap
15186
msgid " quit"
15187
msgstr ""
15188
15189
#: serverguide/C/network-auth.xml:2167(para)
15190
msgid ""
15191
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15192
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15193
"is an <emphasis>Instance</emphasis>, and <emphasis "
15194
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15195
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15196
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15197
"rights."
15198
msgstr ""
15199
15200
#: serverguide/C/network-auth.xml:2175(para)
15201
msgid ""
15202
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15203
"your Realm and admin username."
15204
msgstr ""
15205
15206
#: serverguide/C/network-auth.xml:2183(para)
15207
msgid ""
15208
"Next, the new admin user needs to have the appropriate Access Control List "
15209
"(ACL) permissions. The permissions are configured in the "
15210
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15211
msgstr ""
15212
15213
#: serverguide/C/network-auth.xml:2188(programlisting)
15214
#, no-wrap
15215
msgid ""
15216
"\n"
15217
"steve/admin@EXAMPLE.COM *\n"
15218
msgstr ""
15219
15220
#: serverguide/C/network-auth.xml:2192(para)
15221
msgid ""
15222
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15223
"any operation on all principals in the realm."
15224
msgstr ""
15225
15226
#: serverguide/C/network-auth.xml:2199(para)
15227
msgid ""
15228
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15229
"to take affect:"
15230
msgstr ""
15231
15232
#: serverguide/C/network-auth.xml:2204(command)
15233
msgid "sudo /etc/init.d/krb5-admin-server restart"
15234
msgstr ""
15235
15236
#: serverguide/C/network-auth.xml:2210(para)
15237
msgid ""
15238
"The new user principal can be tested using the <application>kinit "
15239
"utility</application>:"
15240
msgstr ""
15241
15242
#: serverguide/C/network-auth.xml:2215(command)
15243
msgid "kinit steve/admin"
15244
msgstr ""
15245
15246
#: serverguide/C/network-auth.xml:2216(computeroutput)
15247
#, no-wrap
15248
msgid "steve/admin@EXAMPLE.COM's Password:"
15249
msgstr ""
15250
15251
#: serverguide/C/network-auth.xml:2219(para)
15252
msgid ""
15253
"After entering the password, use the <application>klist</application> "
15254
"utility to view information about the Ticket Granting Ticket (TGT):"
15255
msgstr ""
15256
15257
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15258
msgid "klist"
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:2226(computeroutput)
15262
#, no-wrap
15263
msgid ""
15264
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15265
" Principal: steve/admin@EXAMPLE.COM\n"
15266
"\n"
15267
" Issued Expires Principal\n"
15268
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15269
msgstr ""
15270
15271
#: serverguide/C/network-auth.xml:2233(para)
15272
msgid ""
15273
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15274
"the KDC. For example:"
15275
msgstr ""
15276
15277
#: serverguide/C/network-auth.xml:2237(programlisting)
15278
#, no-wrap
15279
msgid ""
15280
"\n"
15281
"192.168.0.1 kdc01.example.com kdc01\n"
15282
msgstr ""
15283
15284
#: serverguide/C/network-auth.xml:2241(para)
15285
msgid ""
15286
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15287
msgstr ""
15288
15289
#: serverguide/C/network-auth.xml:2248(para)
15290
msgid ""
15291
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15292
"are needed. Add the following to "
15293
"<filename>/etc/named/db.example.com</filename>:"
15294
msgstr ""
15295
15296
#: serverguide/C/network-auth.xml:2253(programlisting)
15297
#, no-wrap
15298
msgid ""
15299
"\n"
15300
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15301
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15302
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15303
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15304
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15305
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15306
msgstr ""
15307
15308
#: serverguide/C/network-auth.xml:2263(para)
15309
msgid ""
15310
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15311
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15312
"KDC."
15313
msgstr ""
15314
15315
#: serverguide/C/network-auth.xml:2269(para)
15316
msgid ""
15317
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15318
msgstr ""
15319
15320
#: serverguide/C/network-auth.xml:2276(para)
15321
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15322
msgstr ""
15323
15324
#: serverguide/C/network-auth.xml:2283(title)
15325
msgid "Secondary KDC"
15326
msgstr ""
15327
15328
#: serverguide/C/network-auth.xml:2285(para)
15329
msgid ""
15330
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15331
"practice to have a Secondary KDC in case the primary becomes unavailable."
15332
msgstr ""
15333
15334
#: serverguide/C/network-auth.xml:2293(para)
15335
msgid ""
15336
"First, install the packages, and when asked for the Kerberos and Admin "
15337
"server names enter the name of the Primary KDC:"
15338
msgstr ""
15339
15340
#: serverguide/C/network-auth.xml:2304(para)
15341
msgid ""
15342
"Once you have the packages installed, create the Secondary KDC's host "
15343
"principal. From a terminal prompt, enter:"
15344
msgstr ""
15345
15346
#: serverguide/C/network-auth.xml:2309(command)
15347
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15348
msgstr ""
15349
15350
#: serverguide/C/network-auth.xml:2313(para)
15351
msgid ""
15352
"After, issuing any <application>kadmin</application> commands you will be "
15353
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15354
"password."
15355
msgstr ""
15356
15357
#: serverguide/C/network-auth.xml:2322(para)
15358
msgid "Extract the <emphasis>keytab</emphasis> file:"
15359
msgstr ""
15360
15361
#: serverguide/C/network-auth.xml:2327(command)
15362
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15363
msgstr ""
15364
15365
#: serverguide/C/network-auth.xml:2333(para)
15366
msgid ""
15367
"There should now be a <filename>keytab.kdc02</filename> in the current "
15368
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15369
msgstr ""
15370
15371
#: serverguide/C/network-auth.xml:2339(command)
15372
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15373
msgstr ""
15374
15375
#: serverguide/C/network-auth.xml:2343(para)
15376
msgid ""
15377
"If the path to the <filename>keytab.kdc02</filename> file is different "
15378
"adjust accordingly."
15379
msgstr ""
15380
15381
#: serverguide/C/network-auth.xml:2348(para)
15382
msgid ""
15383
"Also, you can list the principals in a Keytab file, which can be useful when "
15384
"troubleshooting, using the <application>klist</application> utility:"
15385
msgstr ""
15386
15387
#: serverguide/C/network-auth.xml:2354(command)
15388
msgid "sudo klist -k /etc/krb5.keytab"
15389
msgstr ""
15390
15391
#: serverguide/C/network-auth.xml:2360(para)
15392
msgid ""
15393
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15394
"that lists all KDCs for the Realm. For example, on both primary and "
15395
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15396
msgstr ""
15397
15398
#: serverguide/C/network-auth.xml:2365(programlisting)
15399
#, no-wrap
15400
msgid ""
15401
"\n"
15402
"host/kdc01.example.com@EXAMPLE.COM\n"
15403
"host/kdc02.example.com@EXAMPLE.COM\n"
15404
msgstr ""
15405
15406
#: serverguide/C/network-auth.xml:2373(para)
15407
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15408
msgstr ""
15409
15410
#: serverguide/C/network-auth.xml:2378(command)
15411
msgid "sudo kdb5_util -s create"
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:2384(para)
15415
msgid ""
15416
"Now start the <application>kpropd</application> daemon, which listens for "
15417
"connections from the <application>kprop</application> utility. "
15418
"<application>kprop</application> is used to transfer dump files:"
15419
msgstr ""
15420
15421
#: serverguide/C/network-auth.xml:2391(command)
15422
msgid "sudo kpropd -S"
15423
msgstr ""
15424
15425
#: serverguide/C/network-auth.xml:2397(para)
15426
msgid ""
15427
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15428
"of the principal database:"
15429
msgstr ""
15430
15431
#: serverguide/C/network-auth.xml:2402(command)
15432
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15433
msgstr ""
15434
15435
#: serverguide/C/network-auth.xml:2408(para)
15436
msgid ""
15437
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15438
"<filename>/etc/krb5.keytab</filename>:"
15439
msgstr ""
15440
15441
#: serverguide/C/network-auth.xml:2413(command)
15442
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15443
msgstr ""
15444
15445
#: serverguide/C/network-auth.xml:2414(command)
15446
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15447
msgstr ""
15448
15449
#: serverguide/C/network-auth.xml:2418(para)
15450
msgid ""
15451
"Make sure there is a <emphasis>host</emphasis> for "
15452
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15453
msgstr ""
15454
15455
#: serverguide/C/network-auth.xml:2426(para)
15456
msgid ""
15457
"Using the <application>kprop</application> utility push the database to the "
15458
"Secondary KDC:"
15459
msgstr ""
15460
15461
#: serverguide/C/network-auth.xml:2431(command)
15462
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15463
msgstr ""
15464
15465
#: serverguide/C/network-auth.xml:2435(para)
15466
msgid ""
15467
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15468
"worked. If there is an error message check "
15469
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15470
"information."
15471
msgstr ""
15472
15473
#: serverguide/C/network-auth.xml:2441(para)
15474
msgid ""
15475
"You may also want to create a <application>cron</application> job to "
15476
"periodically update the database on the Secondary KDC. For example, the "
15477
"following will push the database every hour:"
15478
msgstr ""
15479
15480
#: serverguide/C/network-auth.xml:2446(programlisting)
15481
#, no-wrap
15482
msgid ""
15483
"\n"
15484
"# m h dom mon dow command\n"
15485
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15486
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15487
msgstr ""
15488
15489
#: serverguide/C/network-auth.xml:2454(para)
15490
msgid ""
15491
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15492
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15493
msgstr ""
15494
15495
#: serverguide/C/network-auth.xml:2460(command)
15496
msgid "sudo kdb5_util stash"
15497
msgstr ""
15498
15499
#: serverguide/C/network-auth.xml:2466(para)
15500
msgid ""
15501
"Finally, start the <application>krb5-kdc</application> daemon on the "
15502
"Secondary KDC:"
15503
msgstr ""
15504
15505
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15506
msgid "sudo /etc/init.d/krb5-kdc start"
15507
msgstr ""
15508
15509
#: serverguide/C/network-auth.xml:2477(para)
15510
msgid ""
15511
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15512
"for the Realm. You can test this by stopping the <application>krb5-"
15513
"kdc</application> daemon on the Primary KDC, then use "
15514
"<application>kinit</application> to request a ticket. If all goes well you "
15515
"should receive a ticket from the Secondary KDC."
15516
msgstr ""
15517
15518
#: serverguide/C/network-auth.xml:2485(title)
15519
msgid "Kerberos Linux Client"
15520
msgstr ""
15521
15522
#: serverguide/C/network-auth.xml:2487(para)
15523
msgid ""
15524
"This section covers configuring a Linux system as a "
15525
"<application>Kerberos</application> client. This will allow access to any "
15526
"kerberized services once a user has successfully logged into the system."
15527
msgstr ""
15528
15529
#: serverguide/C/network-auth.xml:2495(para)
15530
msgid ""
15531
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15532
"user</application> and <application>libpam-krb5</application> packages are "
15533
"needed, along with a few others that are not strictly necessary but make "
15534
"life easier. To install the packages enter the following in a terminal "
15535
"prompt:"
15536
msgstr ""
15537
15538
#: serverguide/C/network-auth.xml:2502(command)
15539
msgid ""
15540
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15541
msgstr ""
15542
15543
#: serverguide/C/network-auth.xml:2505(para)
15544
msgid ""
15545
"The <application>auth-client-config</application> package allows simple "
15546
"configuration of PAM for authentication from multiple sources, and the "
15547
"<application>libpam-ccreds</application> will cache authentication "
15548
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15549
"is unavailable. This package is also useful for laptops that may "
15550
"authenticate using Kerberos while on the corporate network, but will need to "
15551
"be accessed off the network as well."
15552
msgstr ""
15553
15554
#: serverguide/C/network-auth.xml:2516(para)
15555
msgid "To configure the client in a terminal enter:"
15556
msgstr ""
15557
15558
#: serverguide/C/network-auth.xml:2521(command)
15559
msgid "sudo dpkg-reconfigure krb5-config"
15560
msgstr ""
15561
15562
#: serverguide/C/network-auth.xml:2524(para)
15563
msgid ""
15564
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15565
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15566
"records, the menu will prompt you for the hostname of the Key Distribution "
15567
"Center (KDC) and Realm Administration server."
15568
msgstr ""
15569
15570
#: serverguide/C/network-auth.xml:2530(para)
15571
msgid ""
15572
"The <application>dpkg-reconfigure</application> adds entries to the "
15573
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15574
"entries similar to the following:"
15575
msgstr ""
15576
15577
#: serverguide/C/network-auth.xml:2535(programlisting)
15578
#, no-wrap
15579
msgid ""
15580
"\n"
15581
"[libdefaults]\n"
15582
" default_realm = EXAMPLE.COM\n"
15583
"...\n"
15584
"[realms]\n"
15585
" EXAMPLE.COM = } \n"
15586
" kdc = 192.168.0.1 \n"
15587
" admin_server = 192.168.0.1\n"
15588
" }\n"
15589
msgstr ""
15590
15591
#: serverguide/C/network-auth.xml:2546(para)
15592
msgid ""
15593
"You can test the configuration by requesting a ticket using the "
15594
"<application>kinit</application> utility. For example:"
15595
msgstr ""
15596
15597
#: serverguide/C/network-auth.xml:2551(command)
15598
msgid "kinit steve@EXAMPLE.COM"
15599
msgstr ""
15600
15601
#: serverguide/C/network-auth.xml:2552(computeroutput)
15602
#, no-wrap
15603
msgid "Password for steve@EXAMPLE.COM:"
15604
msgstr ""
15605
15606
#: serverguide/C/network-auth.xml:2555(para)
15607
msgid ""
15608
"When a ticket has been granted, the details can be viewed using "
15609
"<application>klist</application>:"
15610
msgstr ""
15611
15612
#: serverguide/C/network-auth.xml:2561(computeroutput)
15613
#, no-wrap
15614
msgid ""
15615
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15616
"Default principal: steve@EXAMPLE.COM\n"
15617
"\n"
15618
"Valid starting Expires Service principal\n"
15619
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15620
" renew until 07/25/08 05:18:57\n"
15621
"\n"
15622
"\n"
15623
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15624
"klist: You have no tickets cached"
15625
msgstr ""
15626
15627
#: serverguide/C/network-auth.xml:2573(para)
15628
msgid ""
15629
"Next, use the <application>auth-client-config</application> to configure the "
15630
"<application>libpam-krb5</application> module to request a ticket during "
15631
"login:"
15632
msgstr ""
15633
15634
#: serverguide/C/network-auth.xml:2579(command)
15635
msgid "sudo auth-client-config -a -p kerberos_example"
15636
msgstr ""
15637
15638
#: serverguide/C/network-auth.xml:2582(para)
15639
msgid ""
15640
"You will should now receive a ticket upon successful login authentication."
15641
msgstr ""
15642
15643
#: serverguide/C/network-auth.xml:2593(para)
15644
msgid ""
15645
"For more information on Kerberos see the <ulink "
15646
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15647
msgstr ""
15648
15649
#: serverguide/C/network-auth.xml:2598(para)
15650
msgid ""
15651
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15652
"Kerberos</ulink> page has more details."
15653
msgstr ""
15654
15655
#: serverguide/C/network-auth.xml:2603(para)
15656
msgid ""
15657
"O'Reilly's <ulink "
15658
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15659
"Guide</ulink> is a great reference when setting up Kerberos."
15660
msgstr ""
15661
15662
#: serverguide/C/network-auth.xml:2609(para)
15663
msgid ""
15664
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15665
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15666
"Kerberos questions."
15667
msgstr ""
15668
15669
#: serverguide/C/network-auth.xml:2619(title)
15670
msgid "Kerberos and LDAP"
15671
msgstr ""
15672
15673
#: serverguide/C/network-auth.xml:2621(para)
15674
msgid ""
15675
"Replicating a Kerberos principal database between two servers can be "
15676
"complicated, and adds an additional user database to your network. "
15677
"Fortunately, MIT Kerberos can be configured to use an "
15678
"<application>LDAP</application> directory as a principal database. This "
15679
"section covers configuring a primary and secondary kerberos server to use "
15680
"<application>OpenLDAP</application> for the principal database."
15681
msgstr ""
15682
15683
#: serverguide/C/network-auth.xml:2629(title)
15684
msgid "Configuring OpenLDAP"
15685
msgstr ""
15686
15687
#: serverguide/C/network-auth.xml:2631(para)
15688
msgid ""
15689
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15690
"<application>OpenLDAP</application> server that has network connectivity to "
15691
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15692
"also have LDAP replication configured between at least two servers. For "
15693
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15694
msgstr ""
15695
15696
#: serverguide/C/network-auth.xml:2638(para)
15697
msgid ""
15698
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15699
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15700
"linkend=\"openldap-tls\"/> for details."
15701
msgstr ""
15702
15703
#: serverguide/C/network-auth.xml:2645(para)
15704
msgid ""
15705
"To load the schema into LDAP, on the LDAP server install the "
15706
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15707
msgstr ""
15708
15709
#: serverguide/C/network-auth.xml:2651(command)
15710
msgid "sudo apt-get install krb5-kdc-ldap"
15711
msgstr ""
15712
15713
#: serverguide/C/network-auth.xml:2656(para)
15714
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15715
msgstr ""
15716
15717
#: serverguide/C/network-auth.xml:2661(command)
15718
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15719
msgstr ""
15720
15721
#: serverguide/C/network-auth.xml:2662(command)
15722
msgid ""
15723
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15724
msgstr ""
15725
15726
#: serverguide/C/network-auth.xml:2668(para)
15727
msgid ""
15728
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15729
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15730
"<application>slapd</application> is also detailed in <xref "
15731
"linkend=\"openldap-configuration\"/>."
15732
msgstr ""
15733
15734
#: serverguide/C/network-auth.xml:2681(programlisting)
15735
#, no-wrap
15736
msgid ""
15737
"\n"
15738
"include /etc/ldap/schema/core.schema\n"
15739
"include /etc/ldap/schema/collective.schema\n"
15740
"include /etc/ldap/schema/corba.schema\n"
15741
"include /etc/ldap/schema/cosine.schema\n"
15742
"include /etc/ldap/schema/duaconf.schema\n"
15743
"include /etc/ldap/schema/dyngroup.schema\n"
15744
"include /etc/ldap/schema/inetorgperson.schema\n"
15745
"include /etc/ldap/schema/java.schema\n"
15746
"include /etc/ldap/schema/misc.schema\n"
15747
"include /etc/ldap/schema/nis.schema\n"
15748
"include /etc/ldap/schema/openldap.schema\n"
15749
"include /etc/ldap/schema/ppolicy.schema\n"
15750
"include /etc/ldap/schema/kerberos.schema\n"
15751
msgstr ""
15752
15753
#: serverguide/C/network-auth.xml:2701(para)
15754
msgid "Create a temporary directory to hold the LDIF files:"
15755
msgstr ""
15756
15757
#: serverguide/C/network-auth.xml:2716(command)
15758
msgid ""
15759
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15760
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15761
msgstr ""
15762
15763
#: serverguide/C/network-auth.xml:2726(para)
15764
msgid ""
15765
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15766
"changing the following attributes:"
15767
msgstr ""
15768
15769
#: serverguide/C/network-auth.xml:2730(programlisting)
15770
#, no-wrap
15771
msgid ""
15772
"\n"
15773
"dn: cn=kerberos,cn=schema,cn=config\n"
15774
"...\n"
15775
"cn: kerberos\n"
15776
msgstr ""
15777
15778
#: serverguide/C/network-auth.xml:2736(para)
15779
msgid "And remove the following lines from the end of the file:"
15780
msgstr ""
15781
15782
#: serverguide/C/network-auth.xml:2740(programlisting)
15783
#, no-wrap
15784
msgid ""
15785
"\n"
15786
"structuralObjectClass: olcSchemaConfig\n"
15787
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15788
"creatorsName: cn=config\n"
15789
"createTimestamp: 20090111203515Z\n"
15790
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15791
"modifiersName: cn=config\n"
15792
"modifyTimestamp: 20090111203515Z\n"
15793
msgstr ""
15794
15795
#: serverguide/C/network-auth.xml:2759(para)
15796
msgid "Load the new schema with <application>ldapadd</application>:"
15797
msgstr ""
15798
15799
#: serverguide/C/network-auth.xml:2764(command)
15800
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15801
msgstr ""
15802
15803
#: serverguide/C/network-auth.xml:2770(para)
15804
msgid ""
15805
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15809
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15810
msgstr ""
15811
15812
#: serverguide/C/network-auth.xml:2777(userinput)
15813
#, no-wrap
15814
msgid ""
15815
"dn: olcDatabase={1}hdb,cn=config\n"
15816
"add: olcDbIndex\n"
15817
"olcDbIndex: krbPrincipalName eq,pres,sub"
15818
msgstr ""
15819
15820
#: serverguide/C/network-auth.xml:2776(computeroutput)
15821
#, no-wrap
15822
msgid ""
15823
"Enter LDAP Password:\n"
15824
"<placeholder-1/>\n"
15825
"\n"
15826
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15827
msgstr ""
15828
15829
#: serverguide/C/network-auth.xml:2787(para)
15830
msgid "Finally, update the Access Control Lists (ACL):"
15831
msgstr ""
15832
15833
#: serverguide/C/network-auth.xml:2794(userinput)
15834
#, no-wrap
15835
msgid ""
15836
"dn: olcDatabase={1}hdb,cn=config\n"
15837
"replace: olcAccess\n"
15838
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15839
"dn=\"cn=admin,dc=exampl\n"
15840
" e,dc=com\" write by anonymous auth by self write by * none\n"
15841
"-\n"
15842
"add: olcAccess\n"
15843
"olcAccess: to dn.base=\"\" by * read\n"
15844
"-\n"
15845
"add: olcAccess\n"
15846
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15847
msgstr ""
15848
15849
#: serverguide/C/network-auth.xml:2793(computeroutput)
15850
#, no-wrap
15851
msgid ""
15852
"Enter LDAP Password: \n"
15853
"<placeholder-1/>\n"
15854
"\n"
15855
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15856
msgstr ""
15857
15858
#: serverguide/C/network-auth.xml:2814(para)
15859
msgid ""
15860
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15861
"database."
15862
msgstr ""
15863
15864
#: serverguide/C/network-auth.xml:2820(title)
15865
msgid "Primary KDC Configuration"
15866
msgstr ""
15867
15868
#: serverguide/C/network-auth.xml:2822(para)
15869
msgid ""
15870
"With <application>OpenLDAP</application> configured it is time to configure "
15871
"the KDC."
15872
msgstr ""
15873
15874
#: serverguide/C/network-auth.xml:2828(para)
15875
msgid "First, install the necessary packages, from a terminal enter:"
15876
msgstr ""
15877
15878
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15879
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15880
msgstr ""
15881
15882
#: serverguide/C/network-auth.xml:2839(para)
15883
msgid ""
15884
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15885
"under the appropriate sections:"
15886
msgstr ""
15887
15888
#: serverguide/C/network-auth.xml:2843(programlisting)
15889
#, no-wrap
15890
msgid ""
15891
"\n"
15892
"[libdefaults]\n"
15893
" default_realm = EXAMPLE.COM\n"
15894
"\n"
15895
"...\n"
15896
"\n"
15897
"[realms]\n"
15898
" EXAMPLE.COM = {\n"
15899
" kdc = kdc01.example.com\n"
15900
" kdc = kdc02.example.com\n"
15901
" admin_server = kdc01.example.com\n"
15902
" admin_server = kdc02.example.com\n"
15903
" default_domain = example.com\n"
15904
" database_module = openldap_ldapconf\n"
15905
" }\n"
15906
"\n"
15907
"...\n"
15908
"\n"
15909
"[domain_realm]\n"
15910
" .example.com = EXAMPLE.COM\n"
15911
"\n"
15912
"\n"
15913
"...\n"
15914
"\n"
15915
"[dbdefaults]\n"
15916
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15917
"\n"
15918
"[dbmodules]\n"
15919
" openldap_ldapconf = {\n"
15920
" db_library = kldap\n"
15921
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15922
"\n"
15923
" # this object needs to have read rights on\n"
15924
" # the realm container, principal container and realm sub-"
15925
"trees\n"
15926
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
15927
"\n"
15928
" # this object needs to have read and write rights on\n"
15929
" # the realm container, principal container and realm sub-"
15930
"trees\n"
15931
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
15932
" ldap_servers = ldaps://ldap01.example.com "
15933
"ldaps://ldap02.example.com\n"
15934
" ldap_conns_per_server = 5\n"
15935
" }\n"
15936
msgstr ""
15937
15938
#: serverguide/C/network-auth.xml:2888(para)
15939
msgid ""
15940
"Change <emphasis>example.com</emphasis>, "
15941
"<emphasis>dc=example,dc=com</emphasis>, "
15942
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
15943
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
15944
"object, and LDAP server for your network."
15945
msgstr ""
15946
15947
#: serverguide/C/network-auth.xml:2897(para)
15948
msgid ""
15949
"Next, use the <application>kdb5_ldap_util</application> utility to create "
15950
"the realm:"
15951
msgstr ""
15952
15953
#: serverguide/C/network-auth.xml:2902(command)
15954
msgid ""
15955
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
15956
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
15957
msgstr ""
15958
15959
#: serverguide/C/network-auth.xml:2908(para)
15960
msgid ""
15961
"Create a stash of the password used to bind to the LDAP server. This "
15962
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
15963
"<emphasis>ldap_kadmin_dn</emphasis> options in "
15964
"<filename>/etc/krb5.conf</filename>:"
15965
msgstr ""
15966
15967
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
15968
msgid ""
15969
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
15970
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
15971
msgstr ""
15972
15973
#: serverguide/C/network-auth.xml:2920(para)
15974
msgid "Copy the CA certificate from the LDAP server:"
15975
msgstr ""
15976
15977
#: serverguide/C/network-auth.xml:2925(command)
15978
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
15979
msgstr ""
15980
15981
#: serverguide/C/network-auth.xml:2926(command)
15982
msgid "sudo cp cacert.pem /etc/ssl/certs"
15983
msgstr ""
15984
15985
#: serverguide/C/network-auth.xml:2929(para)
15986
msgid ""
15987
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
15988
msgstr ""
15989
15990
#: serverguide/C/network-auth.xml:2933(programlisting)
15991
#, no-wrap
15992
msgid ""
15993
"\n"
15994
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15995
msgstr ""
15996
15997
#: serverguide/C/network-auth.xml:2938(para)
15998
msgid ""
15999
"The certificate will also need to be copied to the Secondary KDC, to allow "
16000
"the connection to the LDAP servers using LDAPS."
16001
msgstr ""
16002
16003
#: serverguide/C/network-auth.xml:2947(para)
16004
msgid ""
16005
"You can now add Kerberos principals to the LDAP database, and they will be "
16006
"copied to any other LDAP servers configured for replication. To add a "
16007
"principal using the <application>kadmin.local</application> utility enter:"
16008
msgstr ""
16009
16010
#: serverguide/C/network-auth.xml:2955(userinput)
16011
#, no-wrap
16012
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16013
msgstr ""
16014
16015
#: serverguide/C/network-auth.xml:2954(computeroutput)
16016
#, no-wrap
16017
msgid ""
16018
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16019
"kadmin.local: <placeholder-1/>\n"
16020
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16021
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16022
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16023
"Principal \"steve@EXAMPLE.COM\" created."
16024
msgstr ""
16025
16026
#: serverguide/C/network-auth.xml:2962(para)
16027
msgid ""
16028
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16029
"krbExtraData attributes added to the "
16030
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16031
"the <application>kinit</application> and <application>klist</application> "
16032
"utilities to test that the user is indeed issued a ticket."
16033
msgstr ""
16034
16035
#: serverguide/C/network-auth.xml:2969(para)
16036
msgid ""
16037
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16038
"option is needed to add the Kerberos attributes. Otherwise a new "
16039
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16040
msgstr ""
16041
16042
#: serverguide/C/network-auth.xml:2977(title)
16043
msgid "Secondary KDC Configuration"
16044
msgstr ""
16045
16046
#: serverguide/C/network-auth.xml:2979(para)
16047
msgid ""
16048
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16049
"one using the normal Kerberos database."
16050
msgstr ""
16051
16052
#: serverguide/C/network-auth.xml:2985(para)
16053
msgid "First, install the necessary packages. In a terminal enter:"
16054
msgstr ""
16055
16056
#: serverguide/C/network-auth.xml:2996(para)
16057
msgid ""
16058
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16059
msgstr ""
16060
16061
#: serverguide/C/network-auth.xml:3000(programlisting)
16062
#, no-wrap
16063
msgid ""
16064
"\n"
16065
"[libdefaults]\n"
16066
" default_realm = EXAMPLE.COM\n"
16067
"\n"
16068
"...\n"
16069
"\n"
16070
"[realms]\n"
16071
" EXAMPLE.COM = {\n"
16072
" kdc = kdc01.example.com\n"
16073
" kdc = kdc02.example.com\n"
16074
" admin_server = kdc01.example.com\n"
16075
" admin_server = kdc02.example.com\n"
16076
" default_domain = example.com\n"
16077
" database_module = openldap_ldapconf\n"
16078
" }\n"
16079
"\n"
16080
"...\n"
16081
"\n"
16082
"[domain_realm]\n"
16083
" .example.com = EXAMPLE.COM\n"
16084
"\n"
16085
"...\n"
16086
"\n"
16087
"[dbdefaults]\n"
16088
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16089
"\n"
16090
"[dbmodules]\n"
16091
" openldap_ldapconf = {\n"
16092
" db_library = kldap\n"
16093
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16094
"\n"
16095
" # this object needs to have read rights on\n"
16096
" # the realm container, principal container and realm sub-"
16097
"trees\n"
16098
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16099
"\n"
16100
" # this object needs to have read and write rights on\n"
16101
" # the realm container, principal container and realm sub-"
16102
"trees\n"
16103
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16104
" ldap_servers = ldaps://ldap01.example.com "
16105
"ldaps://ldap02.example.com\n"
16106
" ldap_conns_per_server = 5\n"
16107
" }\n"
16108
msgstr ""
16109
16110
#: serverguide/C/network-auth.xml:3047(para)
16111
msgid "Create the stash for the LDAP bind password:"
16112
msgstr ""
16113
16114
#: serverguide/C/network-auth.xml:3058(para)
16115
msgid ""
16116
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16117
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16118
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16119
"encrypted connection such as <application>scp</application>, or on physical "
16120
"media."
16121
msgstr ""
16122
16123
#: serverguide/C/network-auth.xml:3065(command)
16124
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16125
msgstr ""
16126
16127
#: serverguide/C/network-auth.xml:3066(command)
16128
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16129
msgstr ""
16130
16131
#: serverguide/C/network-auth.xml:3070(para)
16132
msgid ""
16133
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16134
msgstr ""
16135
16136
#: serverguide/C/network-auth.xml:3078(para)
16137
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16138
msgstr ""
16139
16140
#: serverguide/C/network-auth.xml:3089(para)
16141
msgid ""
16142
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16143
"you should be able to continue to authenticate users if one LDAP server, one "
16144
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16145
msgstr ""
16146
16147
#: serverguide/C/network-auth.xml:3101(para)
16148
msgid ""
16149
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16150
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16151
"Guide</ulink> has some additional details."
16152
msgstr ""
16153
16154
#: serverguide/C/network-auth.xml:3107(para)
16155
msgid ""
16156
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16157
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16158
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16159
"5.6</ulink> and the <ulink "
16160
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16161
"tml\">kdb5_ldap_util man page</ulink>."
16162
msgstr ""
16163
16164
#: serverguide/C/network-auth.xml:3115(para)
16165
msgid ""
16166
"Another useful link is the <ulink "
16167
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16168
">krb5.conf man page</ulink>."
16169
msgstr ""
16170
16171
#: serverguide/C/network-auth.xml:3120(para)
16172
msgid ""
16173
"Also, see the <ulink "
16174
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16175
"and LDAP</ulink> Ubuntu wiki page."
16176
msgstr ""
16177
16178
#: serverguide/C/monitoring.xml:13(title)
16179
msgid "Monitoring"
16180
msgstr ""
16181
16182
#: serverguide/C/monitoring.xml:17(para)
16183
msgid ""
16184
"The monitoring of essential servers and services is an important part of "
16185
"system administration. Most network services are monitored for performance, "
16186
"availability, or both. This section will cover installation and "
16187
"configuration of <application>Nagios</application> for availability "
16188
"monitoring, and <application>Munin</application> for performance monitoring."
16189
msgstr ""
16190
16191
#: serverguide/C/monitoring.xml:24(para)
16192
msgid ""
16193
"The examples in this section will use two servers with hostnames "
16194
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16195
"<emphasis>Server01</emphasis> will be configured with "
16196
"<application>Nagios</application> to monitor services on itself and "
16197
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16198
"<application>munin</application> package to gather information from the "
16199
"network. Using the <application>munin-node</application> package, "
16200
"<emphasis>server02</emphasis> will be configured to send information to "
16201
"<emphasis>server01</emphasis>."
16202
msgstr ""
16203
16204
#: serverguide/C/monitoring.xml:33(para)
16205
msgid ""
16206
"Hopefully these simple examples will allow you to monitor additional servers "
16207
"and services on your network."
16208
msgstr ""
16209
16210
#: serverguide/C/monitoring.xml:39(title)
16211
msgid "Nagios"
16212
msgstr ""
16213
16214
#: serverguide/C/monitoring.xml:44(para)
16215
msgid ""
16216
"First, on <emphasis>server01</emphasis> install the "
16217
"<application>nagios</application> package. In a terminal enter:"
16218
msgstr ""
16219
16220
#: serverguide/C/monitoring.xml:50(command)
16221
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16222
msgstr ""
16223
16224
#: serverguide/C/monitoring.xml:53(para)
16225
msgid ""
16226
"You will be asked to enter a password for the "
16227
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16228
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16229
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16230
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16231
"of the <application>apache2-utils</application> package."
16232
msgstr ""
16233
16234
#: serverguide/C/monitoring.xml:60(para)
16235
msgid ""
16236
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16237
"user enter:"
16238
msgstr ""
16239
16240
#: serverguide/C/monitoring.xml:65(command)
16241
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16242
msgstr ""
16243
16244
#: serverguide/C/monitoring.xml:68(para)
16245
msgid "To add a user:"
16246
msgstr ""
16247
16248
#: serverguide/C/monitoring.xml:73(command)
16249
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16250
msgstr ""
16251
16252
#: serverguide/C/monitoring.xml:76(para)
16253
msgid ""
16254
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16255
"server</application> package. From a terminal on server02 enter:"
16256
msgstr ""
16257
16258
#: serverguide/C/monitoring.xml:82(command)
16259
msgid "sudo apt-get install nagios-nrpe-server"
16260
msgstr ""
16261
16262
#: serverguide/C/monitoring.xml:86(para)
16263
msgid ""
16264
"<application>NRPE</application> allows you to execute local checks on remote "
16265
"hosts. There are other ways of accomplishing this through other Nagios "
16266
"plugins as well as other checks."
16267
msgstr ""
16268
16269
#: serverguide/C/monitoring.xml:94(title)
16270
msgid "Configuration Overview"
16271
msgstr ""
16272
16273
#: serverguide/C/monitoring.xml:96(para)
16274
msgid ""
16275
"There are a couple of directories containing "
16276
"<application>Nagios</application> configuration and check files."
16277
msgstr ""
16278
16279
#: serverguide/C/monitoring.xml:102(para)
16280
msgid ""
16281
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16282
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16283
"etc."
16284
msgstr ""
16285
16286
#: serverguide/C/monitoring.xml:108(para)
16287
msgid ""
16288
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16289
"service checks."
16290
msgstr ""
16291
16292
#: serverguide/C/monitoring.xml:113(para)
16293
msgid ""
16294
"<filename>/etc/nagios</filename>: on the remote host contains the "
16295
"<application>nagios-nrpe-server</application> configuration files."
16296
msgstr ""
16297
16298
#: serverguide/C/monitoring.xml:118(para)
16299
msgid ""
16300
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16301
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16302
msgstr ""
16303
16304
#: serverguide/C/monitoring.xml:123(para)
16305
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16306
msgstr ""
16307
16308
#: serverguide/C/monitoring.xml:129(para)
16309
msgid ""
16310
"There are a plethora of checks <application>Nagios</application> can be "
16311
"configured to execute for any given host. For this example Nagios will be "
16312
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16313
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16314
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16315
msgstr ""
16316
16317
#: serverguide/C/monitoring.xml:136(para)
16318
msgid ""
16319
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16320
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16321
msgstr ""
16322
16323
#: serverguide/C/monitoring.xml:141(para)
16324
msgid ""
16325
"Additionally, there are some terms that once explained will hopefully make "
16326
"understanding Nagios configuration easier:"
16327
msgstr ""
16328
16329
#: serverguide/C/monitoring.xml:147(para)
16330
msgid ""
16331
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16332
"is being monitored."
16333
msgstr ""
16334
16335
#: serverguide/C/monitoring.xml:152(para)
16336
msgid ""
16337
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16338
"could group all web servers, file server, etc."
16339
msgstr ""
16340
16341
#: serverguide/C/monitoring.xml:157(para)
16342
msgid ""
16343
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16344
"as HTTP, DNS, NFS, etc."
16345
msgstr ""
16346
16347
#: serverguide/C/monitoring.xml:162(para)
16348
msgid ""
16349
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16350
"together. This is useful for grouping multiple HTTP for example."
16351
msgstr ""
16352
16353
#: serverguide/C/monitoring.xml:168(para)
16354
msgid ""
16355
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16356
"place. Nagios can be configured to send emails, SMS messages, etc."
16357
msgstr ""
16358
16359
#: serverguide/C/monitoring.xml:174(para)
16360
msgid ""
16361
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16362
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16363
"will also <application>ping</application> check the "
16364
"<emphasis>gateway</emphasis>."
16365
msgstr ""
16366
16367
#: serverguide/C/monitoring.xml:179(para)
16368
msgid ""
16369
"Large Nagios installations can be quite complex to configure. It is usually "
16370
"best to start small, one or two hosts, get things configured the way you "
16371
"like then expand."
16372
msgstr ""
16373
16374
#: serverguide/C/monitoring.xml:194(para)
16375
msgid ""
16376
"First, create a <emphasis>host</emphasis> configuration file for "
16377
"<emphasis>server02</emphasis>. In a terminal enter:"
16378
msgstr ""
16379
16380
#: serverguide/C/monitoring.xml:199(command)
16381
msgid ""
16382
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16383
"/etc/nagios3/conf.d/server02.cfg"
16384
msgstr ""
16385
16386
#: serverguide/C/monitoring.xml:203(para)
16387
msgid ""
16388
"In the above and following command examples, replace "
16389
"<emphasis>\"server01\"</emphasis>, "
16390
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16391
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16392
"your servers."
16393
msgstr ""
16394
16395
#: serverguide/C/monitoring.xml:212(para)
16396
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16397
msgstr ""
16398
16399
#: serverguide/C/monitoring.xml:216(programlisting)
16400
#, no-wrap
16401
msgid ""
16402
"\n"
16403
"define host{\n"
16404
" use generic-host ; Name of host "
16405
"template to use\n"
16406
" host_name server02\n"
16407
" alias Server 02\n"
16408
" address 172.18.100.101\n"
16409
"}\n"
16410
"\n"
16411
"# check DNS service.\n"
16412
"define service {\n"
16413
" use generic-service\n"
16414
" host_name server02\n"
16415
" service_description DNS\n"
16416
" check_command check_dns!172.18.100.101\n"
16417
"}\n"
16418
msgstr ""
16419
16420
#: serverguide/C/monitoring.xml:236(para)
16421
msgid ""
16422
"Restart the <application>nagios</application> daemon to enable the new "
16423
"configuration:"
16424
msgstr ""
16425
16426
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16427
msgid "sudo /etc/init.d/nagios3 restart"
16428
msgstr ""
16429
16430
#: serverguide/C/monitoring.xml:251(para)
16431
msgid ""
16432
"Now add a service definition for the MySQL check by adding the following to "
16433
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16434
msgstr ""
16435
16436
#: serverguide/C/monitoring.xml:255(programlisting)
16437
#, no-wrap
16438
msgid ""
16439
"\n"
16440
"# check MySQL servers.\n"
16441
"define service {\n"
16442
" hostgroup_name mysql-servers\n"
16443
" service_description MySQL\n"
16444
" check_command "
16445
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16446
" use generic-service\n"
16447
" notification_interval 0 ; set > 0 if you want to be "
16448
"renotified\n"
16449
"}\n"
16450
msgstr ""
16451
16452
#: serverguide/C/monitoring.xml:269(para)
16453
msgid ""
16454
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16455
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16456
msgstr ""
16457
16458
#: serverguide/C/monitoring.xml:274(programlisting)
16459
#, no-wrap
16460
msgid ""
16461
"\n"
16462
"# MySQL hostgroup.\n"
16463
"define hostgroup {\n"
16464
" hostgroup_name mysql-servers\n"
16465
" alias MySQL servers\n"
16466
" members localhost, server02\n"
16467
" }\n"
16468
msgstr ""
16469
16470
#: serverguide/C/monitoring.xml:286(para)
16471
msgid ""
16472
"The Nagios check needs to authenticate to MySQL. To add a "
16473
"<emphasis>nagios</emphasis> user to MySQL enter:"
16474
msgstr ""
16475
16476
#: serverguide/C/monitoring.xml:291(command)
16477
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16478
msgstr ""
16479
16480
#: serverguide/C/monitoring.xml:295(para)
16481
msgid ""
16482
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16483
"<emphasis>mysql-servers</emphasis> hostgroup."
16484
msgstr ""
16485
16486
#: serverguide/C/monitoring.xml:303(para)
16487
msgid ""
16488
"Restart <application>nagios</application> to start checking the MySQL "
16489
"servers."
16490
msgstr ""
16491
16492
#: serverguide/C/monitoring.xml:318(para)
16493
msgid ""
16494
"Lastly configure NRPE to check the disk space on "
16495
"<emphasis>server02</emphasis>."
16496
msgstr ""
16497
16498
#: serverguide/C/monitoring.xml:322(para)
16499
msgid ""
16500
"On <emphasis>server01</emphasis> add the service check to "
16501
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16502
msgstr ""
16503
16504
#: serverguide/C/monitoring.xml:327(programlisting)
16505
#, no-wrap
16506
msgid ""
16507
"\n"
16508
"# NRPE disk check.\n"
16509
"define service {\n"
16510
" use generic-service\n"
16511
" host_name server02\n"
16512
" service_description nrpe-disk\n"
16513
" check_command "
16514
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16515
"}\n"
16516
msgstr ""
16517
16518
#: serverguide/C/monitoring.xml:340(para)
16519
msgid ""
16520
"Now on <emphasis>server02</emphasis> edit "
16521
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16522
msgstr ""
16523
16524
#: serverguide/C/monitoring.xml:344(programlisting)
16525
#, no-wrap
16526
msgid ""
16527
"\n"
16528
"allowed_hosts=172.18.100.100\n"
16529
msgstr ""
16530
16531
#: serverguide/C/monitoring.xml:348(para)
16532
msgid "And below in the command definition area add:"
16533
msgstr ""
16534
16535
#: serverguide/C/monitoring.xml:352(programlisting)
16536
#, no-wrap
16537
msgid ""
16538
"\n"
16539
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16540
"e\n"
16541
msgstr ""
16542
16543
#: serverguide/C/monitoring.xml:359(para)
16544
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16545
msgstr ""
16546
16547
#: serverguide/C/monitoring.xml:364(command)
16548
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16549
msgstr ""
16550
16551
#: serverguide/C/monitoring.xml:370(para)
16552
msgid ""
16553
"Also, on <emphasis>server01</emphasis> restart "
16554
"<application>nagios</application>:"
16555
msgstr ""
16556
16557
#: serverguide/C/monitoring.xml:383(para)
16558
msgid ""
16559
"You should now be able to see the host and service checks in the Nagios CGI "
16560
"files. To access them point a browser to http://server01/nagios3. You will "
16561
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16562
"password."
16563
msgstr ""
16564
16565
#: serverguide/C/monitoring.xml:393(para)
16566
msgid ""
16567
"This section has just scratched the surface of Nagios' features. The "
16568
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16569
"plugins</application> contain many more service checks."
16570
msgstr ""
16571
16572
#: serverguide/C/monitoring.xml:400(para)
16573
msgid ""
16574
"For more information see <ulink "
16575
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16576
msgstr ""
16577
16578
#: serverguide/C/monitoring.xml:405(para)
16579
msgid ""
16580
"Specifically the <ulink "
16581
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16582
"site."
16583
msgstr ""
16584
16585
#: serverguide/C/monitoring.xml:410(para)
16586
msgid ""
16587
"There is also a list of <ulink "
16588
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16589
"Nagios and network monitoring:"
16590
msgstr ""
16591
16592
#: serverguide/C/monitoring.xml:416(para)
16593
msgid ""
16594
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16595
"Wiki</ulink> page also has more details."
16596
msgstr ""
16597
16598
#: serverguide/C/monitoring.xml:425(title)
16599
msgid "Munin"
16600
msgstr ""
16601
16602
#: serverguide/C/monitoring.xml:430(para)
16603
msgid ""
16604
"Before installing <application>Munin</application> on "
16605
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16606
"be installed. The default configuration is fine for running a "
16607
"<application>munin</application> server. For more information see <xref "
16608
"linkend=\"httpd\"/>."
16609
msgstr ""
16610
16611
#: serverguide/C/monitoring.xml:436(para)
16612
msgid ""
16613
"First, on <emphasis>server01</emphasis> install "
16614
"<application>munin</application>. In a terminal enter:"
16615
msgstr ""
16616
16617
#: serverguide/C/monitoring.xml:441(command)
16618
msgid "sudo apt-get install munin"
16619
msgstr ""
16620
16621
#: serverguide/C/monitoring.xml:444(para)
16622
msgid ""
16623
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16624
"node</application> package:"
16625
msgstr ""
16626
16627
#: serverguide/C/monitoring.xml:449(command)
16628
msgid "sudo apt-get install munin-node"
16629
msgstr ""
16630
16631
#: serverguide/C/monitoring.xml:456(para)
16632
msgid ""
16633
"On <emphasis>server01</emphasis> edit the "
16634
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16635
"<emphasis>server02</emphasis>:"
16636
msgstr ""
16637
16638
#: serverguide/C/monitoring.xml:461(programlisting)
16639
#, no-wrap
16640
msgid ""
16641
"\n"
16642
"## First our \"normal\" host.\n"
16643
"[server02]\n"
16644
" address 172.18.100.101\n"
16645
msgstr ""
16646
16647
#: serverguide/C/monitoring.xml:468(para)
16648
msgid ""
16649
"Replace <emphasis>server02</emphasis> and "
16650
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16651
"for your server."
16652
msgstr ""
16653
16654
#: serverguide/C/monitoring.xml:474(para)
16655
msgid ""
16656
"Next, configure <application>munin-node</application> on "
16657
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16658
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16659
msgstr ""
16660
16661
#: serverguide/C/monitoring.xml:479(programlisting)
16662
#, no-wrap
16663
msgid ""
16664
"\n"
16665
"allow ^172\\.18\\.100\\.100$\n"
16666
msgstr ""
16667
16668
#: serverguide/C/monitoring.xml:484(para)
16669
msgid ""
16670
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16671
"<application>munin</application> server."
16672
msgstr ""
16673
16674
#: serverguide/C/monitoring.xml:489(para)
16675
msgid ""
16676
"Now restart <application>munin-node</application> on "
16677
"<emphasis>server02</emphasis> for the changes to take effect:"
16678
msgstr ""
16679
16680
#: serverguide/C/monitoring.xml:494(command)
16681
msgid "sudo /etc/init.d/munin-node restart"
16682
msgstr ""
16683
16684
#: serverguide/C/monitoring.xml:497(para)
16685
msgid ""
16686
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16687
"you should see links to nice graphs displaying information from the standard "
16688
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16689
msgstr ""
16690
16691
#: serverguide/C/monitoring.xml:503(para)
16692
msgid ""
16693
"Since this is a new install it may take some time for the graphs to display "
16694
"anything useful."
16695
msgstr ""
16696
16697
#: serverguide/C/monitoring.xml:510(title)
16698
msgid "Additional Plugins"
16699
msgstr ""
16700
16701
#: serverguide/C/monitoring.xml:512(para)
16702
msgid ""
16703
"The <application>munin-plugins-extra</application> package contains "
16704
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16705
"install the package, from a terminal enter:"
16706
msgstr ""
16707
16708
#: serverguide/C/monitoring.xml:518(command)
16709
msgid "sudo apt-get install munin-plugins-extra"
16710
msgstr ""
16711
16712
#: serverguide/C/monitoring.xml:521(para)
16713
msgid "Be sure to install the package on both the server and node machines."
16714
msgstr ""
16715
16716
#: serverguide/C/monitoring.xml:531(para)
16717
msgid ""
16718
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16719
"website for more details."
16720
msgstr ""
16721
16722
#: serverguide/C/monitoring.xml:536(para)
16723
msgid ""
16724
"Specifically the <ulink "
16725
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16726
"Documentation</ulink> page includes information on additional plugins, "
16727
"writing plugins, etc."
16728
msgstr ""
16729
16730
#: serverguide/C/monitoring.xml:542(para)
16731
msgid ""
16732
"Also, there is a book in German by Open Source Press: <ulink "
16733
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16734
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16735
msgstr ""
16736
16737
#: serverguide/C/monitoring.xml:548(para)
16738
msgid ""
16739
"Another resource is the <ulink "
16740
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16741
"page."
16742
msgstr ""
16743
16744
#: serverguide/C/mail.xml:13(title)
16745
msgid "Email Services"
16746
msgstr ""
16747
16748
#: serverguide/C/mail.xml:14(para)
16749
msgid ""
16750
"The process of getting an email from one person to another over a network or "
16751
"the Internet involves many systems working together. Each of these systems "
16752
"must be correctly configured for the process to work. The sender uses a "
16753
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16754
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16755
"the last of which will hand it off to a <emphasis>Mail Delivery "
16756
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16757
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16758
"IMAP server."
16759
msgstr ""
16760
16761
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16762
msgid "Postfix"
16763
msgstr ""
16764
16765
#: serverguide/C/mail.xml:25(para)
16766
msgid ""
16767
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16768
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16769
"compatible with the MTA <application>sendmail</application>. This section "
16770
"explains how to install and configure <application>postfix</application>. It "
16771
"also explains how to set it up as an SMTP server using a secure connection "
16772
"(for sending emails securely)."
16773
msgstr ""
16774
16775
#: serverguide/C/mail.xml:34(para)
16776
msgid ""
16777
"This guide does not cover setting up Postfix <emphasis>Virtual "
16778
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16779
"configurations see <xref linkend=\"postfix-references\"/>."
16780
msgstr ""
16781
16782
#: serverguide/C/mail.xml:41(para)
16783
msgid ""
16784
"To install <application>postfix</application> run the following command:"
16785
msgstr ""
16786
16787
#: serverguide/C/mail.xml:47(para)
16788
msgid ""
16789
"Simply press return when the installation process asks questions, the "
16790
"configuration will be done in greater detail in the next stage."
16791
msgstr ""
16792
16793
#: serverguide/C/mail.xml:52(title)
16794
msgid "Basic Configuration"
16795
msgstr ""
16796
16797
#: serverguide/C/mail.xml:53(para)
16798
msgid ""
16799
"To configure <application>postfix</application>, run the following command:"
16800
msgstr ""
16801
16802
#: serverguide/C/mail.xml:57(command)
16803
msgid "sudo dpkg-reconfigure postfix"
16804
msgstr ""
16805
16806
#: serverguide/C/mail.xml:63(para)
16807
msgid "Internet Site"
16808
msgstr ""
16809
16810
#: serverguide/C/mail.xml:64(para)
16811
msgid "mail.example.com"
16812
msgstr ""
16813
16814
#: serverguide/C/mail.xml:65(para)
16815
msgid "steve"
16816
msgstr ""
16817
16818
#: serverguide/C/mail.xml:66(para)
16819
msgid "mail.example.com, localhost.localdomain, localhost"
16820
msgstr ""
16821
16822
#: serverguide/C/mail.xml:67(para)
16823
msgid "No"
16824
msgstr ""
16825
16826
#: serverguide/C/mail.xml:68(para)
16827
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16828
msgstr ""
16829
16830
#: serverguide/C/mail.xml:69(para)
16831
msgid "0"
16832
msgstr ""
16833
16834
#: serverguide/C/mail.xml:70(para)
16835
msgid "+"
16836
msgstr ""
16837
16838
#: serverguide/C/mail.xml:71(para)
16839
msgid "all"
16840
msgstr ""
16841
16842
#: serverguide/C/mail.xml:59(para)
16843
msgid ""
16844
"The user interface will be displayed. On each screen, select the following "
16845
"values: <placeholder-1/>"
16846
msgstr ""
16847
16848
#: serverguide/C/mail.xml:75(para)
16849
msgid ""
16850
"Replace mail.example.com with the domain for which you'll accept email, "
16851
"192.168.0.0/24 with the actual network and class range of your mail server, "
16852
"and steve with the appropriate username."
16853
msgstr ""
16854
16855
#: serverguide/C/mail.xml:81(para)
16856
msgid ""
16857
"Now is a good time to decide which mailbox format you want to use. By "
16858
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16859
"mailbox format. Rather than editing the configuration file directly, you can "
16860
"use the <command>postconf</command> command to configure all "
16861
"<application>postfix</application> parameters. The configuration parameters "
16862
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16863
"you wish to re-configure a particular parameter, you can either run the "
16864
"command or change it manually in the file."
16865
msgstr ""
16866
16867
#: serverguide/C/mail.xml:92(para)
16868
msgid ""
16869
"To configure the mailbox format for <emphasis "
16870
"role=\"strong\">Maildir:</emphasis>"
16871
msgstr ""
16872
16873
#: serverguide/C/mail.xml:97(command)
16874
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16875
msgstr ""
16876
16877
#: serverguide/C/mail.xml:100(para)
16878
msgid ""
16879
"This will place new mail in /home/<emphasis "
16880
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16881
"your Mail Delivery Agent (MDA) to use the same path."
16882
msgstr ""
16883
16884
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16885
msgid "SMTP Authentication"
16886
msgstr ""
16887
16888
#: serverguide/C/mail.xml:110(para)
16889
msgid ""
16890
"SMTP-AUTH allows a client to identify itself through an authentication "
16891
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16892
"the authentication process. Once authenticated the SMTP server will allow "
16893
"the client to relay mail."
16894
msgstr ""
16895
16896
#: serverguide/C/mail.xml:117(para)
16897
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16898
msgstr ""
16899
16900
#: serverguide/C/mail.xml:120(screen)
16901
#, no-wrap
16902
msgid ""
16903
"\n"
16904
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16905
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16906
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16907
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16908
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16909
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16910
"sudo postconf -e 'smtpd_recipient_restrictions = "
16911
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16912
"sudo postconf -e 'inet_interfaces = all'\n"
16913
msgstr ""
16914
16915
#: serverguide/C/mail.xml:131(para)
16916
msgid ""
16917
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
16918
"the Postfix queue directory."
16919
msgstr ""
16920
16921
#: serverguide/C/mail.xml:137(para)
16922
msgid ""
16923
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
16924
"and-security\"/> for details. This example also uses a Certificate Authority "
16925
"(CA). For information on generating a CA certificate see <xref "
16926
"linkend=\"certificate-authority\"/>."
16927
msgstr ""
16928
16929
#: serverguide/C/mail.xml:143(para)
16930
msgid ""
16931
"You can get the digital certificate from a certificate authority. But unlike "
16932
"web clients, SMTP clients rarely complain about \"self-signed "
16933
"certificates\", so alternatively, you can create the certificate yourself. "
16934
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
16935
"details."
16936
msgstr ""
16937
16938
#: serverguide/C/mail.xml:155(para)
16939
msgid ""
16940
"Once you have a certificate, configure Postfix to provide TLS encryption for "
16941
"both incoming and outgoing mail:"
16942
msgstr ""
16943
16944
#: serverguide/C/mail.xml:158(screen)
16945
#, no-wrap
16946
msgid ""
16947
"\n"
16948
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
16949
"sudo postconf -e 'smtp_use_tls = yes'\n"
16950
"sudo postconf -e 'smtpd_use_tls = yes'\n"
16951
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
16952
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
16953
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
16954
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
16955
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
16956
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
16957
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
16958
"sudo postconf -e 'myhostname = mail.example.com'\n"
16959
msgstr ""
16960
16961
#: serverguide/C/mail.xml:173(para)
16962
msgid ""
16963
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
16964
"the certificate enter:"
16965
msgstr ""
16966
16967
#: serverguide/C/mail.xml:177(command)
16968
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
16969
msgstr ""
16970
16971
#: serverguide/C/mail.xml:180(para)
16972
msgid ""
16973
"Again, for more details about certificates see <xref linkend=\"certificates-"
16974
"and-security\"/>."
16975
msgstr ""
16976
16977
#: serverguide/C/mail.xml:186(para)
16978
msgid ""
16979
"After running all the commands, <application>Postfix</application> is "
16980
"configured for SMTP-AUTH and a self-signed certificate has been created for "
16981
"TLS encryption."
16982
msgstr ""
16983
16984
#: serverguide/C/mail.xml:191(para)
16985
msgid ""
16986
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
16987
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
16988
msgstr ""
16989
16990
#: serverguide/C/mail.xml:195(para)
16991
msgid ""
16992
"The postfix initial configuration is complete. Run the following command to "
16993
"restart the postfix daemon:"
16994
msgstr ""
16995
16996
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
16997
msgid "sudo /etc/init.d/postfix restart"
16998
msgstr ""
16999
17000
#: serverguide/C/mail.xml:204(para)
17001
msgid ""
17002
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17003
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17004
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17005
"However it is still necessary to set up SASL authentication before you can "
17006
"use SMTP-AUTH."
17007
msgstr ""
17008
17009
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17010
msgid "Configuring SASL"
17011
msgstr ""
17012
17013
#: serverguide/C/mail.xml:215(para)
17014
msgid ""
17015
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17016
"enable Dovecot SASL the <application>dovecot-common</application> package "
17017
"will need to be installed. From a terminal prompt enter the following:"
17018
msgstr ""
17019
17020
#: serverguide/C/mail.xml:221(command)
17021
msgid "sudo apt-get install dovecot-common"
17022
msgstr ""
17023
17024
#: serverguide/C/mail.xml:223(para)
17025
msgid ""
17026
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17027
"In the <emphasis>auth default</emphasis> section uncomment the "
17028
"<emphasis>socket listen</emphasis> option and change the following:"
17029
msgstr ""
17030
17031
#: serverguide/C/mail.xml:227(programlisting)
17032
#, no-wrap
17033
msgid ""
17034
"\n"
17035
" socket listen {\n"
17036
" #master {\n"
17037
" # Master socket provides access to userdb information. It's typically\n"
17038
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17039
" # can find mailbox locations.\n"
17040
" #path = /var/run/dovecot/auth-master\n"
17041
" #mode = 0600\n"
17042
" # Default user/group is the one who started dovecot-auth (root)\n"
17043
" #user = \n"
17044
" #group = \n"
17045
" #}\n"
17046
" client {\n"
17047
" # The client socket is generally safe to export to everyone. Typical "
17048
"use\n"
17049
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17050
" # using it.\n"
17051
" path = /var/spool/postfix/private/auth-client\n"
17052
" mode = 0660\n"
17053
" user = postfix\n"
17054
" group = postfix\n"
17055
" }\n"
17056
" }\n"
17057
msgstr ""
17058
17059
#: serverguide/C/mail.xml:251(para)
17060
msgid ""
17061
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17062
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17063
"add <emphasis>\"login\"</emphasis>:"
17064
msgstr ""
17065
17066
#: serverguide/C/mail.xml:256(programlisting)
17067
#, no-wrap
17068
msgid ""
17069
"\n"
17070
" mechanisms = plain login\n"
17071
msgstr ""
17072
17073
#: serverguide/C/mail.xml:260(para)
17074
msgid ""
17075
"Once you have <application>Dovecot</application> configured restart it with:"
17076
msgstr ""
17077
17078
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17079
msgid "sudo /etc/init.d/dovecot restart"
17080
msgstr ""
17081
17082
#: serverguide/C/mail.xml:269(title)
17083
msgid "Postfix-Dovecot"
17084
msgstr ""
17085
17086
#: serverguide/C/mail.xml:271(para)
17087
msgid ""
17088
"Another option for configuring <application>Postfix</application> for SMTP-"
17089
"AUTH is using the <application>dovecot-postfix</application> package. This "
17090
"package will install <application>Dovecot</application> and configure "
17091
"<application>Postfix</application> to use it for both SASL authentication "
17092
"and as a Mail Delivery Agent (MDA). The package also configures "
17093
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17094
msgstr ""
17095
17096
#: serverguide/C/mail.xml:280(para)
17097
msgid ""
17098
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17099
"server. For example, if you are configuring your server to be a mail "
17100
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17101
"the above commands to configure Postfix for SMTPAUTH."
17102
msgstr ""
17103
17104
#: serverguide/C/mail.xml:287(para)
17105
msgid "To install the package, from a terminal prompt enter:"
17106
msgstr ""
17107
17108
#: serverguide/C/mail.xml:292(command)
17109
msgid "sudo apt-get install dovecot-postfix"
17110
msgstr ""
17111
17112
#: serverguide/C/mail.xml:295(para)
17113
msgid ""
17114
"You should now have a working mail server, but there are a few options that "
17115
"you may wish to further customize. For example, the package uses the "
17116
"certificate and key from the <application>ssl-cert</application> package, "
17117
"and in a production environment you should use a certificate and key "
17118
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17119
"for more details."
17120
msgstr ""
17121
17122
#: serverguide/C/mail.xml:301(para)
17123
msgid ""
17124
"Once you have a customized certificate and key for the host, change the "
17125
"following options in <filename>/etc/postfix/main.cf</filename>:"
17126
msgstr ""
17127
17128
#: serverguide/C/mail.xml:305(programlisting)
17129
#, no-wrap
17130
msgid ""
17131
"\n"
17132
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17133
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17134
msgstr ""
17135
17136
#: serverguide/C/mail.xml:310(para)
17137
msgid "Then restart Postfix:"
17138
msgstr ""
17139
17140
#: serverguide/C/mail.xml:321(para)
17141
msgid ""
17142
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17143
msgstr ""
17144
17145
#: serverguide/C/mail.xml:324(para)
17146
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17147
msgstr ""
17148
17149
#: serverguide/C/mail.xml:329(command)
17150
msgid "telnet mail.example.com 25"
17151
msgstr ""
17152
17153
#: serverguide/C/mail.xml:331(para)
17154
msgid ""
17155
"After you have established the connection to the postfix mail server, type:"
17156
msgstr ""
17157
17158
#: serverguide/C/mail.xml:335(screen)
17159
#, no-wrap
17160
msgid ""
17161
"\n"
17162
"ehlo mail.example.com\n"
17163
msgstr ""
17164
17165
#: serverguide/C/mail.xml:338(para)
17166
msgid ""
17167
"If you see the following lines among others, then everything is working "
17168
"perfectly. Type <command>quit</command> to exit."
17169
msgstr ""
17170
17171
#: serverguide/C/mail.xml:342(programlisting)
17172
#, no-wrap
17173
msgid ""
17174
"\n"
17175
"250-STARTTLS\n"
17176
"250-AUTH LOGIN PLAIN\n"
17177
"250-AUTH=LOGIN PLAIN\n"
17178
"250 8BITMIME\n"
17179
msgstr ""
17180
17181
#: serverguide/C/mail.xml:352(para)
17182
msgid ""
17183
"This section introduces some common ways to determine the cause if problems "
17184
"arise."
17185
msgstr ""
17186
17187
#: serverguide/C/mail.xml:356(title)
17188
msgid "Escaping chroot"
17189
msgstr ""
17190
17191
#: serverguide/C/mail.xml:357(para)
17192
msgid ""
17193
"The Ubuntu <application>postfix</application> package will by default "
17194
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17195
"This can add greater complexity when troubleshooting problems."
17196
msgstr ""
17197
17198
#: serverguide/C/mail.xml:361(para)
17199
msgid ""
17200
"To turn off the chroot operation locate for the following line in the "
17201
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17202
msgstr ""
17203
17204
#: serverguide/C/mail.xml:365(screen)
17205
#, no-wrap
17206
msgid ""
17207
"\n"
17208
"smtp inet n - - - - smtpd\n"
17209
msgstr ""
17210
17211
#: serverguide/C/mail.xml:368(para)
17212
msgid "and modify it as follows:"
17213
msgstr ""
17214
17215
#: serverguide/C/mail.xml:371(screen)
17216
#, no-wrap
17217
msgid ""
17218
"\n"
17219
"smtp inet n - n - - smtpd\n"
17220
msgstr ""
17221
17222
#: serverguide/C/mail.xml:374(para)
17223
msgid ""
17224
"You will then need to restart Postfix to use the new configuration. From a "
17225
"terminal prompt enter:"
17226
msgstr ""
17227
17228
#: serverguide/C/mail.xml:382(title)
17229
msgid "Log Files"
17230
msgstr ""
17231
17232
#: serverguide/C/mail.xml:383(para)
17233
msgid ""
17234
"<application>Postfix</application> sends all log messages to "
17235
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17236
"can sometimes get lost in the normal log output so they are also logged to "
17237
"<filename>/var/log/mail.err</filename> and "
17238
"<filename>/var/log/mail.warn</filename> respectively."
17239
msgstr ""
17240
17241
#: serverguide/C/mail.xml:388(para)
17242
msgid ""
17243
"To see messages entered into the logs in real time you can use the "
17244
"<application>tail -f</application> command:"
17245
msgstr ""
17246
17247
#: serverguide/C/mail.xml:393(command)
17248
msgid "tail -f /var/log/mail.err"
17249
msgstr ""
17250
17251
#: serverguide/C/mail.xml:395(para)
17252
msgid ""
17253
"The amount of detail that is recorded in the logs can be increased. Below "
17254
"are some configuration options for increasing the log level for some of the "
17255
"areas covered above."
17256
msgstr ""
17257
17258
#: serverguide/C/mail.xml:401(para)
17259
msgid ""
17260
"To increase <emphasis>TLS</emphasis> activity logging set the "
17261
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17262
msgstr ""
17263
17264
#: serverguide/C/mail.xml:405(command)
17265
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17266
msgstr ""
17267
17268
#: serverguide/C/mail.xml:409(para)
17269
msgid ""
17270
"If you are having trouble sending or receiving mail from a specific domain "
17271
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17272
msgstr ""
17273
17274
#: serverguide/C/mail.xml:414(command)
17275
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17276
msgstr ""
17277
17278
#: serverguide/C/mail.xml:418(para)
17279
msgid ""
17280
"You can increase the verbosity of any <application>Postfix</application> "
17281
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17282
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17283
"<emphasis>smtp</emphasis> entry:"
17284
msgstr ""
17285
17286
#: serverguide/C/mail.xml:422(programlisting)
17287
#, no-wrap
17288
msgid ""
17289
"\n"
17290
"smtp unix - - - - - smtp -v\n"
17291
msgstr ""
17292
17293
#: serverguide/C/mail.xml:428(para)
17294
msgid ""
17295
"It is important to note that after making one of the logging changes above "
17296
"the <application>Postfix</application> process will need to be reloaded in "
17297
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17298
"reload</command>"
17299
msgstr ""
17300
17301
#: serverguide/C/mail.xml:435(para)
17302
msgid ""
17303
"To increase the amount of information logged when troubleshooting "
17304
"<emphasis>SASL</emphasis> issues you can set the following options in "
17305
"<filename>/etc/dovecot/dovecot.conf</filename>"
17306
msgstr ""
17307
17308
#: serverguide/C/mail.xml:439(programlisting)
17309
#, no-wrap
17310
msgid ""
17311
"\n"
17312
"auth_debug=yes\n"
17313
"auth_debug_passwords=yes\n"
17314
msgstr ""
17315
17316
#: serverguide/C/mail.xml:446(para)
17317
msgid ""
17318
"Just like <application>Postfix</application> if you change a "
17319
"<application>Dovecot</application> configuration the process will need to be "
17320
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17321
msgstr ""
17322
17323
#: serverguide/C/mail.xml:452(para)
17324
msgid ""
17325
"Some of the options above can drastically increase the amount of information "
17326
"sent to the log files. Remember to return the log level back to normal after "
17327
"you have corrected the problem. Then reload the appropriate daemon for the "
17328
"new configuration to take affect."
17329
msgstr ""
17330
17331
#: serverguide/C/mail.xml:460(para)
17332
msgid ""
17333
"Administering a <application>Postfix</application> server can be a very "
17334
"complicated task. At some point you may need to turn to the Ubuntu community "
17335
"for more experienced help."
17336
msgstr ""
17337
17338
#: serverguide/C/mail.xml:464(para)
17339
msgid ""
17340
"A great place to ask for <application>Postfix</application> assistance, and "
17341
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17342
"server</emphasis> IRC channel on <ulink "
17343
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17344
"one of the <ulink "
17345
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17346
msgstr ""
17347
17348
#: serverguide/C/mail.xml:469(para)
17349
msgid ""
17350
"For in depth <application>Postfix</application> information Ubuntu "
17351
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17352
"Book of Postfix</ulink>."
17353
msgstr ""
17354
17355
#: serverguide/C/mail.xml:473(para)
17356
msgid ""
17357
"Finally, the <ulink "
17358
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17359
"also has great documentation on all the different configuration options "
17360
"available."
17361
msgstr ""
17362
17363
#: serverguide/C/mail.xml:477(para)
17364
msgid ""
17365
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17366
"Wiki Postifx</ulink> page has more information."
17367
msgstr ""
17368
17369
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17370
msgid "Exim4"
17371
msgstr ""
17372
17373
#: serverguide/C/mail.xml:486(para)
17374
msgid ""
17375
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17376
"developed at the University of Cambridge for use on Unix systems connected "
17377
"to the Internet. Exim can be installed in place of "
17378
"<application>sendmail</application>, although the configuration of "
17379
"<application>exim</application> is quite different to that of "
17380
"<application>sendmail</application>."
17381
msgstr ""
17382
17383
#: serverguide/C/mail.xml:497(para)
17384
msgid ""
17385
"To install <application>exim4</application>, run the following command: "
17386
"<screen>\n"
17387
"<command>sudo apt-get install exim4</command>\n"
17388
"</screen>"
17389
msgstr ""
17390
17391
#: serverguide/C/mail.xml:506(para)
17392
msgid ""
17393
"To configure <application>Exim4</application>, run the following command:"
17394
msgstr ""
17395
17396
#: serverguide/C/mail.xml:510(command)
17397
msgid "sudo dpkg-reconfigure exim4-config"
17398
msgstr ""
17399
17400
#: serverguide/C/mail.xml:512(para)
17401
msgid ""
17402
"The user interface will be displayed. The user interface lets you configure "
17403
"many parameters. For example, In <application>Exim4</application> the "
17404
"configuration files are split among multiple files. If you wish to have them "
17405
"in one file you can configure accordingly in this user interface."
17406
msgstr ""
17407
17408
#: serverguide/C/mail.xml:520(para)
17409
msgid ""
17410
"All the parameters you configure in the user interface are stored in "
17411
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17412
"re-configure, either you re-run the configuration wizard or manually edit "
17413
"this file using your favorite editor. Once you configure, you can run the "
17414
"following command to generate the master configuration file:"
17415
msgstr ""
17416
17417
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17418
msgid "sudo update-exim4.conf"
17419
msgstr ""
17420
17421
#: serverguide/C/mail.xml:533(para)
17422
msgid ""
17423
"The master configuration file, is generated and it is stored in "
17424
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17425
msgstr ""
17426
17427
#: serverguide/C/mail.xml:539(para)
17428
msgid ""
17429
"At any time, you should not edit the master configuration file, "
17430
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17431
"updated automatically every time you run <command>update-exim4.conf</command>"
17432
msgstr ""
17433
17434
#: serverguide/C/mail.xml:547(para)
17435
msgid ""
17436
"You can run the following command to start <application>Exim4</application> "
17437
"daemon."
17438
msgstr ""
17439
17440
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17441
msgid "sudo /etc/init.d/exim4 start"
17442
msgstr ""
17443
17444
#: serverguide/C/mail.xml:557(para)
17445
msgid ""
17446
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17447
msgstr ""
17448
17449
#: serverguide/C/mail.xml:560(para)
17450
msgid ""
17451
"The first step is to create a certificate for use with TLS. Enter the "
17452
"following into a terminal prompt:"
17453
msgstr ""
17454
17455
#: serverguide/C/mail.xml:564(command)
17456
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17457
msgstr ""
17458
17459
#: serverguide/C/mail.xml:566(para)
17460
msgid ""
17461
"Now Exim4 needs to be configured for TLS by editing "
17462
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17463
"the following:"
17464
msgstr ""
17465
17466
#: serverguide/C/mail.xml:570(programlisting)
17467
#, no-wrap
17468
msgid ""
17469
"\n"
17470
"MAIN_TLS_ENABLE = yes\n"
17471
msgstr ""
17472
17473
#: serverguide/C/mail.xml:573(para)
17474
msgid ""
17475
"Next you need to configure <application>Exim4</application> to use the "
17476
"<application>saslauthd</application> for authentication. Edit "
17477
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17478
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17479
"<emphasis>login_saslauthd_server</emphasis> sections:"
17480
msgstr ""
17481
17482
#: serverguide/C/mail.xml:578(programlisting)
17483
#, no-wrap
17484
msgid ""
17485
"\n"
17486
" plain_saslauthd_server:\n"
17487
" driver = plaintext\n"
17488
" public_name = PLAIN\n"
17489
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17490
" server_set_id = $auth2\n"
17491
" server_prompts = :\n"
17492
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17493
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17494
" .endif\n"
17495
"#\n"
17496
" login_saslauthd_server:\n"
17497
" driver = plaintext\n"
17498
" public_name = LOGIN\n"
17499
" server_prompts = \"Username:: : Password::\"\n"
17500
" # don't send system passwords over unencrypted connections\n"
17501
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17502
" server_set_id = $auth1\n"
17503
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17504
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17505
" .endif\n"
17506
msgstr ""
17507
17508
#: serverguide/C/mail.xml:600(para)
17509
msgid "Finally, update the Exim4 configuration and restart the service:"
17510
msgstr ""
17511
17512
#: serverguide/C/mail.xml:605(command)
17513
msgid "sudo /etc/init.d/exim4 restart"
17514
msgstr ""
17515
17516
#: serverguide/C/mail.xml:610(para)
17517
msgid ""
17518
"This section provides details on configuring the saslauthd to provide "
17519
"authentication for <application>Exim4</application>."
17520
msgstr ""
17521
17522
#: serverguide/C/mail.xml:613(para)
17523
msgid ""
17524
"The first step is to install the sasl2-bin package. From a terminal prompt "
17525
"enter the following:"
17526
msgstr ""
17527
17528
#: serverguide/C/mail.xml:617(command)
17529
msgid "sudo apt-get install sasl2-bin"
17530
msgstr ""
17531
17532
#: serverguide/C/mail.xml:619(para)
17533
msgid ""
17534
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17535
"and set START=no to:"
17536
msgstr ""
17537
17538
#: serverguide/C/mail.xml:622(programlisting)
17539
#, no-wrap
17540
msgid ""
17541
"\n"
17542
"START=yes\n"
17543
msgstr ""
17544
17545
#: serverguide/C/mail.xml:625(para)
17546
msgid ""
17547
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17548
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17549
"service:"
17550
msgstr ""
17551
17552
#: serverguide/C/mail.xml:630(command)
17553
msgid "sudo adduser Debian-exim sasl"
17554
msgstr ""
17555
17556
#: serverguide/C/mail.xml:632(para)
17557
msgid "Now start the <application>saslauthd</application> service:"
17558
msgstr ""
17559
17560
#: serverguide/C/mail.xml:636(command)
17561
msgid "sudo /etc/init.d/saslauthd start"
17562
msgstr ""
17563
17564
#: serverguide/C/mail.xml:638(para)
17565
msgid ""
17566
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17567
"and SASL authentication."
17568
msgstr ""
17569
17570
#: serverguide/C/mail.xml:647(para)
17571
msgid ""
17572
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17573
"information."
17574
msgstr ""
17575
17576
#: serverguide/C/mail.xml:652(para)
17577
msgid ""
17578
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17579
"server\">Exim4 Book</ulink> available."
17580
msgstr ""
17581
17582
#: serverguide/C/mail.xml:657(para)
17583
msgid ""
17584
"Another resource is the <ulink "
17585
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17586
"page."
17587
msgstr ""
17588
17589
#: serverguide/C/mail.xml:666(title)
17590
msgid "Dovecot Server"
17591
msgstr ""
17592
17593
#: serverguide/C/mail.xml:667(para)
17594
msgid ""
17595
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17596
"security primarily in mind. It supports the major mailbox formats: mbox or "
17597
"Maildir. This section explain how to set it up as an imap or pop3 server."
17598
msgstr ""
17599
17600
#: serverguide/C/mail.xml:675(para)
17601
msgid ""
17602
"To install <application>dovecot</application>, run the following command in "
17603
"the command prompt:"
17604
msgstr ""
17605
17606
#: serverguide/C/mail.xml:680(command)
17607
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17608
msgstr ""
17609
17610
#: serverguide/C/mail.xml:685(para)
17611
msgid ""
17612
"To configure <application>dovecot</application>, you can edit the file "
17613
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17614
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17615
"secure). A description of these protocols is beyond the scope of this guide. "
17616
"For further information, refer to the Wikipedia articles on <ulink "
17617
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17618
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17619
"link>."
17620
msgstr ""
17621
17622
#: serverguide/C/mail.xml:695(para)
17623
msgid ""
17624
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17625
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17626
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17627
msgstr ""
17628
17629
#: serverguide/C/mail.xml:701(programlisting)
17630
#, no-wrap
17631
msgid ""
17632
"\n"
17633
"protocols = pop3 pop3s imap imaps\n"
17634
msgstr ""
17635
17636
#: serverguide/C/mail.xml:704(para)
17637
msgid ""
17638
"Next, choose the mailbox you would like to use. "
17639
"<application>Dovecot</application> supports <emphasis "
17640
"role=\"strong\">maildir</emphasis> and <emphasis "
17641
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17642
"mailbox formats. They both have their own benefits and are discussed on "
17643
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17644
"site</ulink>."
17645
msgstr ""
17646
17647
#: serverguide/C/mail.xml:712(para)
17648
msgid ""
17649
"Once you have chosen your mailbox type, edit the file "
17650
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17651
msgstr ""
17652
17653
#: serverguide/C/mail.xml:717(programlisting)
17654
#, no-wrap
17655
msgid ""
17656
"\n"
17657
"mail_location = maildir:~/Maildir # (for maildir)\n"
17658
"or\n"
17659
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17660
msgstr ""
17661
17662
#: serverguide/C/mail.xml:723(para)
17663
msgid ""
17664
"You should configure your Mail Transport Agent (MTA) to transfer the "
17665
"incoming mail to this type of mailbox if it is different from the one you "
17666
"have configured."
17667
msgstr ""
17668
17669
#: serverguide/C/mail.xml:729(para)
17670
msgid ""
17671
"Once you have configured dovecot, restart the "
17672
"<application>dovecot</application> daemon in order to test your setup:"
17673
msgstr ""
17674
17675
#: serverguide/C/mail.xml:738(para)
17676
msgid ""
17677
"If you have enabled imap, or pop3, you can also try to log in with the "
17678
"commands <command>telnet localhost pop3</command> or <command>telnet "
17679
"localhost imap2</command>. If you see something like the following, the "
17680
"installation has been successful:"
17681
msgstr ""
17682
17683
#: serverguide/C/mail.xml:745(programlisting)
17684
#, no-wrap
17685
msgid ""
17686
"\n"
17687
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17688
"Trying 127.0.0.1...\n"
17689
"Connected to localhost.localdomain.\n"
17690
"Escape character is '^]'.\n"
17691
"+OK Dovecot ready.\n"
17692
msgstr ""
17693
17694
#: serverguide/C/mail.xml:754(title)
17695
msgid "Dovecot SSL Configuration"
17696
msgstr ""
17697
17698
#: serverguide/C/mail.xml:755(para)
17699
msgid ""
17700
"To configure <application>dovecot</application> to use SSL, you can edit the "
17701
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17702
"lines:"
17703
msgstr ""
17704
17705
#: serverguide/C/mail.xml:760(programlisting)
17706
#, no-wrap
17707
msgid ""
17708
"\n"
17709
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17710
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17711
"ssl_disable = no\n"
17712
"disable_plaintext_auth = no\n"
17713
msgstr ""
17714
17715
#: serverguide/C/mail.xml:766(para)
17716
msgid ""
17717
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17718
"can create self signed SSL certificate. The latter is a good option for "
17719
"email, because SMTP clients rarely complain about \"self-signed "
17720
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17721
"security\"/> for details about how to create self signed SSL certificate. "
17722
"Once you create the certificate, you will have a key file and a certificate "
17723
"file. Please copy them to the location pointed in the "
17724
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17725
msgstr ""
17726
17727
#: serverguide/C/mail.xml:781(title)
17728
msgid "Firewall Configuration for an Email Server"
17729
msgstr ""
17730
17731
#: serverguide/C/mail.xml:787(para)
17732
msgid "IMAP - 143"
17733
msgstr ""
17734
17735
#: serverguide/C/mail.xml:788(para)
17736
msgid "IMAPS - 993"
17737
msgstr ""
17738
17739
#: serverguide/C/mail.xml:789(para)
17740
msgid "POP3 - 110"
17741
msgstr ""
17742
17743
#: serverguide/C/mail.xml:790(para)
17744
msgid "POP3S - 995"
17745
msgstr ""
17746
17747
#: serverguide/C/mail.xml:782(para)
17748
msgid ""
17749
"To access your mail server from another computer, you must configure your "
17750
"firewall to allow connections to the server on the necessary ports. "
17751
"<placeholder-1/>"
17752
msgstr ""
17753
17754
#: serverguide/C/mail.xml:799(para)
17755
msgid ""
17756
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17757
"more information."
17758
msgstr ""
17759
17760
#: serverguide/C/mail.xml:804(para)
17761
msgid ""
17762
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17763
"Ubuntu Wiki</ulink> page has more details."
17764
msgstr ""
17765
17766
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17767
msgid "Mailman"
17768
msgstr ""
17769
17770
#: serverguide/C/mail.xml:814(para)
17771
msgid ""
17772
"Mailman is an open source program for managing electronic mail discussions "
17773
"and e-newsletter lists. Many open source mailing lists (including all the "
17774
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17775
"Mailman as their mailing list software. It is powerful and easy to install "
17776
"and maintain."
17777
msgstr ""
17778
17779
#: serverguide/C/mail.xml:824(para)
17780
msgid ""
17781
"Mailman provides a web interface for the administrators and users, using an "
17782
"external mail server to send and receive emails. It works perfectly with the "
17783
"following mail servers:"
17784
msgstr ""
17785
17786
#: serverguide/C/mail.xml:835(application)
17787
msgid "Exim"
17788
msgstr ""
17789
17790
#: serverguide/C/mail.xml:838(application)
17791
msgid "Sendmail"
17792
msgstr ""
17793
17794
#: serverguide/C/mail.xml:841(application)
17795
msgid "Qmail"
17796
msgstr ""
17797
17798
#: serverguide/C/mail.xml:846(para)
17799
msgid ""
17800
"We will see how to install and configure Mailman with, the Apache web "
17801
"server, and either the Postfix or Exim mail server. If you wish to install "
17802
"Mailman with a different mail server, please refer to the references section."
17803
msgstr ""
17804
17805
#: serverguide/C/mail.xml:853(para)
17806
msgid ""
17807
"You only need to install one mail server and "
17808
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17809
msgstr ""
17810
17811
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17812
msgid "Apache2"
17813
msgstr ""
17814
17815
#: serverguide/C/mail.xml:859(para)
17816
msgid ""
17817
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17818
"installation\">HTTPD Installation</ulink> section for details."
17819
msgstr ""
17820
17821
#: serverguide/C/mail.xml:867(para)
17822
msgid ""
17823
"For instructions on installing and configuring Postfix refer to <xref "
17824
"linkend=\"postfix\"/>"
17825
msgstr ""
17826
17827
#: serverguide/C/mail.xml:873(para)
17828
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17829
msgstr ""
17830
17831
#: serverguide/C/mail.xml:884(application)
17832
msgid "dc_use_split_config='true'"
17833
msgstr ""
17834
17835
#: serverguide/C/mail.xml:876(para)
17836
msgid ""
17837
"Once exim4 is installed, the configuration files are stored in the "
17838
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17839
"configuration files are split across different files. You can change this "
17840
"behavior by changing the following variable in the "
17841
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17842
msgstr ""
17843
17844
#: serverguide/C/mail.xml:891(para)
17845
msgid ""
17846
"To install <application>Mailman</application>, run following command at a "
17847
"terminal prompt:"
17848
msgstr ""
17849
17850
#: serverguide/C/mail.xml:895(command)
17851
msgid "sudo apt-get install mailman"
17852
msgstr ""
17853
17854
#: serverguide/C/mail.xml:897(para)
17855
msgid ""
17856
"It copies the installation files in "
17857
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17858
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17859
"creates <emphasis>list</emphasis> linux user. It creates the "
17860
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17861
"this user."
17862
msgstr ""
17863
17864
#: serverguide/C/mail.xml:909(para)
17865
msgid ""
17866
"This section assumes you have successfully installed "
17867
"<application>mailman</application>, <application>apache2</application>, and "
17868
"<application>postfix</application> or <application>exim4</application>. Now "
17869
"you just need to configure them."
17870
msgstr ""
17871
17872
#: serverguide/C/mail.xml:918(para)
17873
msgid ""
17874
"An example Apache configuration file comes with "
17875
"<application>Mailman</application> and is placed in "
17876
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17877
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17878
"available</filename>:"
17879
msgstr ""
17880
17881
#: serverguide/C/mail.xml:924(command)
17882
msgid ""
17883
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17884
msgstr ""
17885
17886
#: serverguide/C/mail.xml:926(para)
17887
msgid ""
17888
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17889
"Mailman administration site. Now enable the new configuration and restart "
17890
"Apache:"
17891
msgstr ""
17892
17893
#: serverguide/C/mail.xml:931(command)
17894
msgid "sudo a2ensite mailman.conf"
17895
msgstr ""
17896
17897
#: serverguide/C/mail.xml:934(para)
17898
msgid ""
17899
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17900
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17901
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17902
"can make changes to the <filename>/etc/apache2/sites-"
17903
"available/mailman.conf</filename> file if you wish to change this behavior."
17904
msgstr ""
17905
17906
#: serverguide/C/mail.xml:945(para)
17907
msgid ""
17908
"For <application>Postfix</application> integration, we will associate the "
17909
"domain lists.example.com with the mailing lists. Please replace "
17910
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
17911
msgstr ""
17912
17913
#: serverguide/C/mail.xml:949(para)
17914
msgid ""
17915
"You can use the postconf command to add the necessary configuration to "
17916
"<filename>/etc/postfix/main.cf</filename>:"
17917
msgstr ""
17918
17919
#: serverguide/C/mail.xml:953(command)
17920
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
17921
msgstr ""
17922
17923
#: serverguide/C/mail.xml:954(command)
17924
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
17925
msgstr ""
17926
17927
#: serverguide/C/mail.xml:955(command)
17928
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
17929
msgstr ""
17930
17931
#: serverguide/C/mail.xml:957(para)
17932
msgid ""
17933
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
17934
"the following transport:"
17935
msgstr ""
17936
17937
#: serverguide/C/mail.xml:960(programlisting)
17938
#, no-wrap
17939
msgid ""
17940
"\n"
17941
"mailman unix - n n - - pipe\n"
17942
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
17943
" ${nexthop} ${user}\n"
17944
msgstr ""
17945
17946
#: serverguide/C/mail.xml:965(para)
17947
msgid ""
17948
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
17949
"is delivered to a list."
17950
msgstr ""
17951
17952
#: serverguide/C/mail.xml:968(para)
17953
msgid ""
17954
"Associate the domain lists.example.com to the Mailman transport with the "
17955
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
17956
msgstr ""
17957
17958
#: serverguide/C/mail.xml:971(programlisting)
17959
#, no-wrap
17960
msgid ""
17961
"\n"
17962
"lists.example.com mailman:\n"
17963
msgstr ""
17964
17965
#: serverguide/C/mail.xml:974(para)
17966
msgid ""
17967
"Now have <application>Postfix</application> build the transport map by "
17968
"entering the following from a terminal prompt:"
17969
msgstr ""
17970
17971
#: serverguide/C/mail.xml:978(command)
17972
msgid "sudo postmap -v /etc/postfix/transport"
17973
msgstr ""
17974
17975
#: serverguide/C/mail.xml:980(para)
17976
msgid "Then restart Postfix to enable the new configurations:"
17977
msgstr ""
17978
17979
#: serverguide/C/mail.xml:989(para)
17980
msgid ""
17981
"Once Exim4 is installed, you can start the Exim server using the following "
17982
"command from a terminal prompt:"
17983
msgstr ""
17984
17985
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
17986
msgid "Main"
17987
msgstr ""
17988
17989
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
17990
msgid "Transport"
17991
msgstr ""
17992
17993
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
17994
msgid "Router"
17995
msgstr ""
17996
17997
#: serverguide/C/mail.xml:996(para)
17998
msgid ""
17999
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18000
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18001
"different types. For details, please refer to the <ulink "
18002
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18003
"add new a configuration file to the following configuration types: "
18004
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18005
"these mini configuration files. So, the order of these configuration files "
18006
"is very important."
18007
msgstr ""
18008
18009
#: serverguide/C/mail.xml:1027(programlisting)
18010
#, no-wrap
18011
msgid ""
18012
"\n"
18013
"# start\n"
18014
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18015
"# directory.\n"
18016
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18017
"# This is normally the same as ~mailman\n"
18018
"MM_HOME=/var/lib/mailman\n"
18019
"#\n"
18020
"# User and group for Mailman, should match your --with-mail-gid\n"
18021
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18022
"MM_UID=list\n"
18023
"MM_GID=list\n"
18024
"#\n"
18025
"# Domains that your lists are in - colon separated list\n"
18026
"# you may wish to add these into local_domains as well\n"
18027
"domainlist mm_domains=hostname.com\n"
18028
"#\n"
18029
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18030
"#\n"
18031
"# These values are derived from the ones above and should not need\n"
18032
"# editing unless you have munged your mailman installation\n"
18033
"#\n"
18034
"# The path of the Mailman mail wrapper script\n"
18035
"MM_WRAP=MM_HOME/mail/mailman\n"
18036
"#\n"
18037
"# The path of the list config file (used as a required file when\n"
18038
"# verifying list addresses)\n"
18039
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18040
"# end\n"
18041
msgstr ""
18042
18043
#: serverguide/C/mail.xml:1021(para)
18044
msgid ""
18045
"All the configuration files belonging to the main type are stored in the "
18046
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18047
"following content to a new file, named <filename>04_exim4-"
18048
"config_mailman</filename>: <placeholder-1/>"
18049
msgstr ""
18050
18051
#: serverguide/C/mail.xml:1067(programlisting)
18052
#, no-wrap
18053
msgid ""
18054
"\n"
18055
" mailman_transport:\n"
18056
" driver = pipe\n"
18057
" command = MM_WRAP \\\n"
18058
" '${if def:local_part_suffix \\\n"
18059
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18060
"\\\n"
18061
" {post}}' \\\n"
18062
" $local_part\n"
18063
" current_directory = MM_HOME\n"
18064
" home_directory = MM_HOME\n"
18065
" user = MM_UID\n"
18066
" group = MM_GID\n"
18067
msgstr ""
18068
18069
#: serverguide/C/mail.xml:1061(para)
18070
msgid ""
18071
"All the configuration files belonging to transport type are stored in the "
18072
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18073
"following content to a new file named <filename> 40_exim4-"
18074
"config_mailman</filename>: <placeholder-1/>"
18075
msgstr ""
18076
18077
#: serverguide/C/mail.xml:1088(programlisting)
18078
#, no-wrap
18079
msgid ""
18080
"\n"
18081
" mailman_router:\n"
18082
" driver = accept\n"
18083
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18084
" local_part_suffix_optional\n"
18085
" local_part_suffix = -bounces : -bounces+* : \\\n"
18086
" -confirm+* : -join : -leave : \\\n"
18087
" -owner : -request : -admin\n"
18088
" transport = mailman_transport\n"
18089
msgstr ""
18090
18091
#: serverguide/C/mail.xml:1084(para)
18092
msgid ""
18093
"All the configuration files belonging to router type are stored in the "
18094
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18095
"following content in to a new file named <filename>101_exim4-"
18096
"config_mailman</filename>: <placeholder-1/>"
18097
msgstr ""
18098
18099
#: serverguide/C/mail.xml:1101(para)
18100
msgid ""
18101
"The order of main and transport configuration files can be in any order. "
18102
"But, the order of router configuration files must be the same. This "
18103
"particular file must appear before the <application>200_exim4-"
18104
"config_primary</application> file. These two configuration files contain "
18105
"same type of information. The first file takes the precedence. For more "
18106
"details, please refer to the references section."
18107
msgstr ""
18108
18109
#: serverguide/C/mail.xml:1114(para)
18110
msgid ""
18111
"Once mailman is installed, you can run it using the following command:"
18112
msgstr ""
18113
18114
#: serverguide/C/mail.xml:1118(command)
18115
msgid "sudo /etc/init.d/mailman start"
18116
msgstr ""
18117
18118
#: serverguide/C/mail.xml:1120(para)
18119
msgid ""
18120
"Once mailman is installed, you should create the default mailing list. Run "
18121
"the following command to create the mailing list:"
18122
msgstr ""
18123
18124
#: serverguide/C/mail.xml:1126(command)
18125
msgid "sudo /usr/sbin/newlist mailman"
18126
msgstr ""
18127
18128
#: serverguide/C/mail.xml:1129(programlisting)
18129
#, no-wrap
18130
msgid ""
18131
"\n"
18132
" Enter the email address of the person running the list: bhuvan at "
18133
"ubuntu.com\n"
18134
" Initial mailman password:\n"
18135
" To finish creating your mailing list, you must edit your "
18136
"<filename>/etc/aliases</filename> (or\n"
18137
" equivalent) file by adding the following lines, and possibly running the\n"
18138
" `newaliases' program:\n"
18139
"\n"
18140
" ## mailman mailing list\n"
18141
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18142
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18143
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18144
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18145
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18146
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18147
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18148
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18149
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18150
"mailman\"\n"
18151
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18152
"mailman\"\n"
18153
"\n"
18154
" Hit enter to notify mailman owner...\n"
18155
"\n"
18156
" # \n"
18157
msgstr ""
18158
18159
#: serverguide/C/mail.xml:1152(para)
18160
msgid ""
18161
"We have configured either Postfix or Exim4 to recognize all emails from "
18162
"mailman. So, it is not mandatory to make any new entries in "
18163
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18164
"configuration files, please ensure that you restart those services before "
18165
"continuing to next section."
18166
msgstr ""
18167
18168
#: serverguide/C/mail.xml:1160(para)
18169
msgid ""
18170
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18171
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18172
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18173
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18174
msgstr ""
18175
18176
#: serverguide/C/mail.xml:1171(title)
18177
msgid "Administration"
18178
msgstr ""
18179
18180
#: serverguide/C/mail.xml:1172(para)
18181
msgid ""
18182
"We assume you have a default installation. The mailman cgi scripts are still "
18183
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18184
"Mailman provides a web based administration facility. To access this page, "
18185
"point your browser to the following url:"
18186
msgstr ""
18187
18188
#: serverguide/C/mail.xml:1180(para)
18189
msgid "http://hostname/cgi-bin/mailman/admin"
18190
msgstr ""
18191
18192
#: serverguide/C/mail.xml:1184(para)
18193
msgid ""
18194
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18195
"screen. If you click the mailing list name, it will ask for your "
18196
"authentication password. If you enter the correct password, you will be able "
18197
"to change administrative settings of this mailing list. You can create a new "
18198
"mailing list using the command line utility "
18199
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18200
"mailing list using the web interface."
18201
msgstr ""
18202
18203
#: serverguide/C/mail.xml:1197(title)
18204
msgid "Users"
18205
msgstr ""
18206
18207
#: serverguide/C/mail.xml:1198(para)
18208
msgid ""
18209
"Mailman provides a web based interface for users. To access this page, point "
18210
"your browser to the following url:"
18211
msgstr ""
18212
18213
#: serverguide/C/mail.xml:1203(para)
18214
msgid "http://hostname/cgi-bin/mailman/listinfo"
18215
msgstr ""
18216
18217
#: serverguide/C/mail.xml:1207(para)
18218
msgid ""
18219
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18220
"screen. If you click the mailing list name, it will display the subscription "
18221
"form. You can enter your email address, name (optional), and password to "
18222
"subscribe. An email invitation will be sent to you. You can follow the "
18223
"instructions in the email to subscribe."
18224
msgstr ""
18225
18226
#: serverguide/C/mail.xml:1219(ulink)
18227
msgid "GNU Mailman - Installation Manual"
18228
msgstr ""
18229
18230
#: serverguide/C/mail.xml:1223(ulink)
18231
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18232
msgstr ""
18233
18234
#: serverguide/C/mail.xml:1226(para)
18235
msgid ""
18236
"Also, see the <ulink "
18237
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18238
"Wiki</ulink> page."
18239
msgstr ""
18240
18241
#: serverguide/C/mail.xml:1232(title)
18242
msgid "Mail Filtering"
18243
msgstr ""
18244
18245
#: serverguide/C/mail.xml:1233(para)
18246
msgid ""
18247
"One of the largest issues with email today is the problem of Unsolicited "
18248
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18249
"and other forms of malware. According to some reports these messages make up "
18250
"the bulk of all email traffic on the Internet."
18251
msgstr ""
18252
18253
#: serverguide/C/mail.xml:1238(para)
18254
msgid ""
18255
"This section will cover integrating <application>Amavisd-new</application>, "
18256
"<application>Spamassassin</application>, and "
18257
"<application>ClamAV</application> with the "
18258
"<application>Postfix</application> Mail Transport Agent (MTA). "
18259
"<application>Postfix</application> can also check email validity by passing "
18260
"it through external content filters. These filters can sometimes determine "
18261
"if a message is spam without needing to process it with more resource "
18262
"intensive applications. Two common filters are "
18263
"<application>opendkim</application> and <application>python-policyd-"
18264
"spf</application>."
18265
msgstr ""
18266
18267
#: serverguide/C/mail.xml:1248(para)
18268
msgid ""
18269
"<application>Amavisd-new</application> is a wrapper program that can call "
18270
"any number of content filtering programs for spam detection, antivirus, etc."
18271
msgstr ""
18272
18273
#: serverguide/C/mail.xml:1254(para)
18274
msgid ""
18275
"<application>Spamassassin</application> uses a variety of mechanisms to "
18276
"filter email based on the message content."
18277
msgstr ""
18278
18279
#: serverguide/C/mail.xml:1259(para)
18280
msgid ""
18281
"<application>ClamAV</application> is an open source antivirus application."
18282
msgstr ""
18283
18284
#: serverguide/C/mail.xml:1264(para)
18285
msgid ""
18286
"<application>opendkim</application> implements a Sendmail Mail Filter "
18287
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18288
msgstr ""
18289
18290
#: serverguide/C/mail.xml:1270(para)
18291
msgid ""
18292
"<application>python-policyd-spf</application> enables Sender Policy "
18293
"Framework (SPF) checking with <application>Postfix</application>."
18294
msgstr ""
18295
18296
#: serverguide/C/mail.xml:1275(para)
18297
msgid "This is how the pieces fit together:"
18298
msgstr ""
18299
18300
#: serverguide/C/mail.xml:1280(para)
18301
msgid "An email message is accepted by <application>Postfix</application>."
18302
msgstr ""
18303
18304
#: serverguide/C/mail.xml:1285(para)
18305
msgid ""
18306
"The message is passed through any external filters "
18307
"<application>opendkim</application> and <application>python-policyd-"
18308
"spf</application> in this case."
18309
msgstr ""
18310
18311
#: serverguide/C/mail.xml:1291(para)
18312
msgid "<application>Amavisd-new</application> then processes the message."
18313
msgstr ""
18314
18315
#: serverguide/C/mail.xml:1296(para)
18316
msgid ""
18317
"<application>ClamAV</application> is used to scan the message. If the "
18318
"message contains a virus <application>Postfix</application> will reject the "
18319
"message."
18320
msgstr ""
18321
18322
#: serverguide/C/mail.xml:1302(para)
18323
msgid ""
18324
"Clean messages will then be analyzed by "
18325
"<application>Spamassassin</application> to find out if the message is spam. "
18326
"<application>Spamassassin</application> will then add X-Header lines "
18327
"allowing <application>Amavisd-new</application> to further manipulate the "
18328
"message."
18329
msgstr ""
18330
18331
#: serverguide/C/mail.xml:1309(para)
18332
msgid ""
18333
"For example, if a message has a Spam score of over fifty the message could "
18334
"be automatically dropped from the queue without the recipient ever having to "
18335
"be bothered. Another, way to handle flagged messages is to deliver them to "
18336
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18337
"see fit."
18338
msgstr ""
18339
18340
#: serverguide/C/mail.xml:1316(para)
18341
msgid ""
18342
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18343
"configuring Postfix."
18344
msgstr ""
18345
18346
#: serverguide/C/mail.xml:1319(para)
18347
msgid ""
18348
"To install the rest of the applications enter the following from a terminal "
18349
"prompt:"
18350
msgstr ""
18351
18352
#: serverguide/C/mail.xml:1323(command)
18353
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18354
msgstr ""
18355
18356
#: serverguide/C/mail.xml:1324(command)
18357
msgid "sudo apt-get install opendkim python-policyd-spf"
18358
msgstr ""
18359
18360
#: serverguide/C/mail.xml:1326(para)
18361
msgid ""
18362
"There are some optional packages that integrate with "
18363
"<application>Spamassassin</application> for better spam detection:"
18364
msgstr ""
18365
18366
#: serverguide/C/mail.xml:1330(command)
18367
msgid "sudo apt-get install pyzor razor"
18368
msgstr ""
18369
18370
#: serverguide/C/mail.xml:1332(para)
18371
msgid ""
18372
"Along with the main filtering applications compression utilities are needed "
18373
"to process some email attachments:"
18374
msgstr ""
18375
18376
#: serverguide/C/mail.xml:1336(command)
18377
msgid ""
18378
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18379
msgstr ""
18380
18381
#: serverguide/C/mail.xml:1339(para)
18382
msgid ""
18383
"If some packages are not found, check that the "
18384
"<emphasis>multiverse</emphasis> repository is enabled in "
18385
"<filename>/etc/apt/sources.list</filename>"
18386
msgstr ""
18387
18388
#: serverguide/C/mail.xml:1340(para)
18389
msgid ""
18390
"If you make changes to the file, be sure to run <command>sudo apt-get "
18391
"update</command> before trying to install again."
18392
msgstr ""
18393
18394
#: serverguide/C/mail.xml:1345(para)
18395
msgid "Now configure everything to work together and filter email."
18396
msgstr ""
18397
18398
#: serverguide/C/mail.xml:1349(title)
18399
msgid "ClamAV"
18400
msgstr ""
18401
18402
#: serverguide/C/mail.xml:1350(para)
18403
msgid ""
18404
"The default behaviour of <application>ClamAV</application> will fit our "
18405
"needs. For more ClamAV configuration options, check the configuration files "
18406
"in <filename>/etc/clamav</filename>."
18407
msgstr ""
18408
18409
#: serverguide/C/mail.xml:1355(para)
18410
msgid ""
18411
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18412
"group in order for <application>Amavisd-new</application> to have the "
18413
"appropriate access to scan files:"
18414
msgstr ""
18415
18416
#: serverguide/C/mail.xml:1360(command)
18417
msgid "sudo adduser clamav amavis"
18418
msgstr ""
18419
18420
#: serverguide/C/mail.xml:1364(title)
18421
msgid "Spamassassin"
18422
msgstr ""
18423
18424
#: serverguide/C/mail.xml:1365(para)
18425
msgid ""
18426
"Spamassassin automatically detects optional components and will use them if "
18427
"they are present. This means that there is no need to configure "
18428
"<application>pyzor</application> and <application>razor</application>."
18429
msgstr ""
18430
18431
#: serverguide/C/mail.xml:1369(para)
18432
msgid ""
18433
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18434
"<application>Spamassassin</application> daemon. Change "
18435
"<emphasis>ENABLED=0</emphasis> to:"
18436
msgstr ""
18437
18438
#: serverguide/C/mail.xml:1373(programlisting)
18439
#, no-wrap
18440
msgid ""
18441
"\n"
18442
"ENABLED=1\n"
18443
msgstr ""
18444
18445
#: serverguide/C/mail.xml:1376(para)
18446
msgid "Now start the daemon:"
18447
msgstr ""
18448
18449
#: serverguide/C/mail.xml:1380(command)
18450
msgid "sudo /etc/init.d/spamassassin start"
18451
msgstr ""
18452
18453
#: serverguide/C/mail.xml:1384(title)
18454
msgid "Amavisd-new"
18455
msgstr ""
18456
18457
#: serverguide/C/mail.xml:1385(para)
18458
msgid ""
18459
"First activate spam and antivirus detection in <application>Amavisd-"
18460
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18461
"content_filter_mode</filename>:"
18462
msgstr ""
18463
18464
#: serverguide/C/mail.xml:1389(programlisting)
18465
#, no-wrap
18466
msgid ""
18467
"\n"
18468
"use strict;\n"
18469
"\n"
18470
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18471
"# and to re-enable antivirus checking.\n"
18472
"\n"
18473
"#\n"
18474
"# Default antivirus checking mode\n"
18475
"# Uncomment the two lines below to enable it\n"
18476
"#\n"
18477
"\n"
18478
"@bypass_virus_checks_maps = (\n"
18479
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18480
"$bypass_virus_checks_re);\n"
18481
"\n"
18482
"\n"
18483
"#\n"
18484
"# Default SPAM checking mode\n"
18485
"# Uncomment the two lines below to enable it\n"
18486
"#\n"
18487
"\n"
18488
"@bypass_spam_checks_maps = (\n"
18489
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18490
"$bypass_spam_checks_re);\n"
18491
"\n"
18492
"1; # insure a defined return\n"
18493
msgstr ""
18494
18495
#: serverguide/C/mail.xml:1414(para)
18496
msgid ""
18497
"Bouncing spam can be a bad idea as the return address is often faked. "
18498
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18499
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18500
"D_BOUNCE, as follows:"
18501
msgstr ""
18502
18503
#: serverguide/C/mail.xml:1420(programlisting)
18504
#, no-wrap
18505
msgid ""
18506
"\n"
18507
"$final_spam_destiny = D_DISCARD;\n"
18508
msgstr ""
18509
18510
#: serverguide/C/mail.xml:1424(para)
18511
msgid ""
18512
"Additionally, you may want to adjust the following options to flag more "
18513
"messages as spam:"
18514
msgstr ""
18515
18516
#: serverguide/C/mail.xml:1428(programlisting)
18517
#, no-wrap
18518
msgid ""
18519
"\n"
18520
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18521
"level\n"
18522
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18523
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18524
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18525
msgstr ""
18526
18527
#: serverguide/C/mail.xml:1435(para)
18528
msgid ""
18529
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18530
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18531
"option. Also, if the server receives mail for multiple domains the "
18532
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18533
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18534
msgstr ""
18535
18536
#: serverguide/C/mail.xml:1442(programlisting)
18537
#, no-wrap
18538
msgid ""
18539
"\n"
18540
"$myhostname = 'mail.example.com';\n"
18541
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18542
msgstr ""
18543
18544
#: serverguide/C/mail.xml:1447(para)
18545
msgid ""
18546
"After configuration <application>Amavisd-new</application> needs to be "
18547
"restarted:"
18548
msgstr ""
18549
18550
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18551
msgid "sudo /etc/init.d/amavis restart"
18552
msgstr ""
18553
18554
#: serverguide/C/mail.xml:1454(title)
18555
msgid "DKIM Whitelist"
18556
msgstr ""
18557
18558
#: serverguide/C/mail.xml:1456(para)
18559
msgid ""
18560
"<application>Amavisd-new</application> can be configured to automatically "
18561
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18562
"Keys. There are some pre-configured domains in the "
18563
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18564
msgstr ""
18565
18566
#: serverguide/C/mail.xml:1462(para)
18567
msgid "There are multiple ways to configure the Whitelist for a domain:"
18568
msgstr ""
18569
18570
#: serverguide/C/mail.xml:1468(para)
18571
msgid ""
18572
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18573
"address from the \"example.com\" domain."
18574
msgstr ""
18575
18576
#: serverguide/C/mail.xml:1473(para)
18577
msgid ""
18578
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18579
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18580
"have a valid signature."
18581
msgstr ""
18582
18583
#: serverguide/C/mail.xml:1479(para)
18584
msgid ""
18585
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18586
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18587
"role=\"italic\">example.com</emphasis> the parent domain."
18588
msgstr ""
18589
18590
#: serverguide/C/mail.xml:1485(para)
18591
msgid ""
18592
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18593
"that have a valid signature from \"example.com\". This is usually used for "
18594
"discussion groups that sign their messages."
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:1492(para)
18598
msgid ""
18599
"A domain can also have multiple Whitelist configurations. After, editing the "
18600
"file restart <application>amaisd-new</application>:"
18601
msgstr ""
18602
18603
#: serverguide/C/mail.xml:1501(para)
18604
msgid ""
18605
"In this context, once a domain has been added to the Whitelist the message "
18606
"will not receive any anti-virus or spam filtering. This may or may not be "
18607
"the intended behavior you wish for a domain."
18608
msgstr ""
18609
18610
#: serverguide/C/mail.xml:1511(para)
18611
msgid ""
18612
"For <application>Postfix</application> integration, enter the following from "
18613
"a terminal prompt:"
18614
msgstr ""
18615
18616
#: serverguide/C/mail.xml:1515(command)
18617
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18618
msgstr ""
18619
18620
#: serverguide/C/mail.xml:1517(para)
18621
msgid ""
18622
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18623
"to the end of the file:"
18624
msgstr ""
18625
18626
#: serverguide/C/mail.xml:1520(programlisting)
18627
#, no-wrap
18628
msgid ""
18629
"\n"
18630
"smtp-amavis unix - - - - 2 smtp\n"
18631
" -o smtp_data_done_timeout=1200\n"
18632
" -o smtp_send_xforward_command=yes\n"
18633
" -o disable_dns_lookups=yes\n"
18634
" -o max_use=20\n"
18635
"\n"
18636
"127.0.0.1:10025 inet n - - - - smtpd\n"
18637
" -o content_filter=\n"
18638
" -o local_recipient_maps=\n"
18639
" -o relay_recipient_maps=\n"
18640
" -o smtpd_restriction_classes=\n"
18641
" -o smtpd_delay_reject=no\n"
18642
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18643
" -o smtpd_helo_restrictions=\n"
18644
" -o smtpd_sender_restrictions=\n"
18645
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18646
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18647
" -o smtpd_end_of_data_restrictions=\n"
18648
" -o mynetworks=127.0.0.0/8\n"
18649
" -o smtpd_error_sleep_time=0\n"
18650
" -o smtpd_soft_error_limit=1001\n"
18651
" -o smtpd_hard_error_limit=1000\n"
18652
" -o smtpd_client_connection_count_limit=0\n"
18653
" -o smtpd_client_connection_rate_limit=0\n"
18654
" -o "
18655
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18656
msgstr ""
18657
18658
#: serverguide/C/mail.xml:1547(para)
18659
msgid ""
18660
"Also add the following two lines immediately below the "
18661
"<emphasis>\"pickup\"</emphasis> transport service:"
18662
msgstr ""
18663
18664
#: serverguide/C/mail.xml:1550(programlisting)
18665
#, no-wrap
18666
msgid ""
18667
"\n"
18668
" -o content_filter=\n"
18669
" -o receive_override_options=no_header_body_checks\n"
18670
msgstr ""
18671
18672
#: serverguide/C/mail.xml:1554(para)
18673
msgid ""
18674
"This will prevent messages that are generated to report on spam from being "
18675
"classified as spam."
18676
msgstr ""
18677
18678
#: serverguide/C/mail.xml:1557(para)
18679
msgid "Now restart <application>Postfix</application>:"
18680
msgstr ""
18681
18682
#: serverguide/C/mail.xml:1563(para)
18683
msgid "Content filtering with spam and virus detection is now enabled."
18684
msgstr ""
18685
18686
#: serverguide/C/mail.xml:1569(title)
18687
msgid "Amavisd-new and Spamassassin"
18688
msgstr ""
18689
18690
#: serverguide/C/mail.xml:1571(para)
18691
msgid ""
18692
"When integrating <application>Amavisd-new</application> with "
18693
"<application>Spamassassin</application>, if you choose to disable the bayes "
18694
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18695
"<application>cron</application> to update the nightly rules, the result can "
18696
"cause a situation where a large amount of error messages are sent to the "
18697
"<emphasis>amavis</emphasis> user via the amavisd-new "
18698
"<application>cron</application> job."
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:1578(para)
18702
msgid "There are several ways to handle this situation:"
18703
msgstr ""
18704
18705
#: serverguide/C/mail.xml:1584(para)
18706
msgid "Configure your MDA to filter messages you do not wish to see."
18707
msgstr ""
18708
18709
#: serverguide/C/mail.xml:1589(para)
18710
msgid ""
18711
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18712
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18713
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18714
"the top before the <emphasis>test</emphasis> statements:"
18715
msgstr ""
18716
18717
#: serverguide/C/mail.xml:1593(programlisting)
18718
#, no-wrap
18719
msgid ""
18720
"\n"
18721
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18722
"exit 0\n"
18723
msgstr ""
18724
18725
#: serverguide/C/mail.xml:1603(para)
18726
msgid ""
18727
"First, test that the <application>Amavisd-new</application> SMTP is "
18728
"listening:"
18729
msgstr ""
18730
18731
#: serverguide/C/mail.xml:1606(programlisting)
18732
#, no-wrap
18733
msgid ""
18734
"\n"
18735
"telnet localhost 10024\n"
18736
"Trying 127.0.0.1...\n"
18737
"Connected to localhost.\n"
18738
"Escape character is '^]'.\n"
18739
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18740
"^]\n"
18741
msgstr ""
18742
18743
#: serverguide/C/mail.xml:1614(para)
18744
msgid ""
18745
"In the Header of messages that go through the content filter you should see:"
18746
msgstr ""
18747
18748
#: serverguide/C/mail.xml:1617(programlisting)
18749
#, no-wrap
18750
msgid ""
18751
"\n"
18752
"X-Spam-Level: \n"
18753
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18754
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18755
"BAYES_00\n"
18756
"X-Spam-Level: \n"
18757
msgstr ""
18758
18759
#: serverguide/C/mail.xml:1624(para)
18760
msgid ""
18761
"Your output will vary, but the important thing is that there are <emphasis>X-"
18762
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18763
msgstr ""
18764
18765
#: serverguide/C/mail.xml:1632(para)
18766
msgid ""
18767
"The best way to figure out why something is going wrong is to check the log "
18768
"files."
18769
msgstr ""
18770
18771
#: serverguide/C/mail.xml:1637(para)
18772
msgid ""
18773
"For instructions on <application>Postfix</application> logging see the <xref "
18774
"linkend=\"postfix-troubleshooting\"/> section."
18775
msgstr ""
18776
18777
#: serverguide/C/mail.xml:1643(para)
18778
msgid ""
18779
"<application>Amavisd-new</application> uses "
18780
"<application>Syslog</application> to send messages to "
18781
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18782
"increased by adding the <emphasis>$log_level</emphasis> option to "
18783
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18784
"1 to 5."
18785
msgstr ""
18786
18787
#: serverguide/C/mail.xml:1648(programlisting)
18788
#, no-wrap
18789
msgid ""
18790
"\n"
18791
"$log_level = 2;\n"
18792
msgstr ""
18793
18794
#: serverguide/C/mail.xml:1652(para)
18795
msgid ""
18796
"When the <application>Amavisd-new</application> log output is increased "
18797
"<application>Spamassassin</application> log output is also increased."
18798
msgstr ""
18799
18800
#: serverguide/C/mail.xml:1659(para)
18801
msgid ""
18802
"The <application>ClamAV</application> log level can be increased by editing "
18803
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18804
msgstr ""
18805
18806
#: serverguide/C/mail.xml:1663(programlisting)
18807
#, no-wrap
18808
msgid ""
18809
"\n"
18810
"LogVerbose true\n"
18811
msgstr ""
18812
18813
#: serverguide/C/mail.xml:1666(para)
18814
msgid ""
18815
"By default <application>ClamAV</application> will send log messages to "
18816
"<filename>/var/log/clamav/clamav.log</filename>."
18817
msgstr ""
18818
18819
#: serverguide/C/mail.xml:1672(para)
18820
msgid ""
18821
"After changing an applications log settings remember to restart the service "
18822
"for the new settings to take affect. Also, once the issue you are "
18823
"troubleshooting is resolved it is a good idea to change the log settings "
18824
"back to normal."
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:1680(para)
18828
msgid "For more information on filtering mail see the following links:"
18829
msgstr ""
18830
18831
#: serverguide/C/mail.xml:1686(ulink)
18832
msgid "Amavisd-new Documentation"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:1690(para)
18836
msgid ""
18837
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18838
"Documentation</ulink> and <ulink "
18839
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18840
msgstr ""
18841
18842
#: serverguide/C/mail.xml:1697(ulink)
18843
msgid "Spamassassin Wiki"
18844
msgstr ""
18845
18846
#: serverguide/C/mail.xml:1702(ulink)
18847
msgid "Pyzor Homepage"
18848
msgstr ""
18849
18850
#: serverguide/C/mail.xml:1707(ulink)
18851
msgid "Razor Homepage"
18852
msgstr ""
18853
18854
#: serverguide/C/mail.xml:1712(ulink)
18855
msgid "DKIM.org"
18856
msgstr ""
18857
18858
#: serverguide/C/mail.xml:1717(ulink)
18859
msgid "Postfix Amavis New"
18860
msgstr ""
18861
18862
#: serverguide/C/mail.xml:1721(para)
18863
msgid ""
18864
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18865
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18866
msgstr ""
18867
18868
#: serverguide/C/lamp-applications.xml:13(title)
18869
msgid "LAMP Applications"
18870
msgstr ""
18871
18872
#: serverguide/C/lamp-applications.xml:19(para)
18873
msgid ""
18874
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18875
"Ubuntu servers. There is a plethora of Open Source applications written "
18876
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18877
"Content Management Systems, and Management Software such as phpMyAdmin."
18878
msgstr ""
18879
18880
#: serverguide/C/lamp-applications.xml:26(para)
18881
msgid ""
18882
"One advantage of LAMP is the substantial flexibility for different database, "
18883
"web server, and scripting languages. Popular substitutes for MySQL include "
18884
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18885
"instead of PHP."
18886
msgstr ""
18887
18888
#: serverguide/C/lamp-applications.xml:32(para)
18889
msgid ""
18890
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18891
"is:"
18892
msgstr ""
18893
18894
#: serverguide/C/lamp-applications.xml:38(para)
18895
msgid "Download an archive containing the application source files."
18896
msgstr ""
18897
18898
#: serverguide/C/lamp-applications.xml:43(para)
18899
msgid ""
18900
"Unpack the archive, usually in a directory accessible to a web server."
18901
msgstr ""
18902
18903
#: serverguide/C/lamp-applications.xml:48(para)
18904
msgid ""
18905
"Depending on where the source was extracted, configure a web server to serve "
18906
"the files."
18907
msgstr ""
18908
18909
#: serverguide/C/lamp-applications.xml:53(para)
18910
msgid "Configure the application to connect to the database."
18911
msgstr ""
18912
18913
#: serverguide/C/lamp-applications.xml:58(para)
18914
msgid ""
18915
"Run a script, or browse to a page of the application, to install the "
18916
"database needed by the application."
18917
msgstr ""
18918
18919
#: serverguide/C/lamp-applications.xml:63(para)
18920
msgid ""
18921
"Once the steps above, or similar steps, are completed you are ready to begin "
18922
"using the application."
18923
msgstr ""
18924
18925
#: serverguide/C/lamp-applications.xml:69(para)
18926
msgid ""
18927
"A disadvantage of using this approach is that the application files are not "
18928
"placed in the file system in a standard way, which can cause confusion as to "
18929
"where the application is installed. Another larger disadvantage is updating "
18930
"the application. When a new version is released, the same process used to "
18931
"install the application is needed to apply updates."
18932
msgstr ""
18933
18934
#: serverguide/C/lamp-applications.xml:76(para)
18935
msgid ""
18936
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
18937
"packaged for Ubuntu, and are available for installation in the same way as "
18938
"non-LAMP applications. Depending on the application some extra configuration "
18939
"and setup steps may be needed, however."
18940
msgstr ""
18941
18942
#: serverguide/C/lamp-applications.xml:82(para)
18943
msgid ""
18944
"This section covers howto install and configure the Wiki applications "
18945
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
18946
"and the MySQL management application <application>phpMyAdmin</application>."
18947
msgstr ""
18948
18949
#: serverguide/C/lamp-applications.xml:88(para)
18950
msgid ""
18951
"A Wiki is a website that allows the visitors to easily add, remove and "
18952
"modify available content easily. The ease of interaction and operation makes "
18953
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
18954
"also referred to the collaborative software."
18955
msgstr ""
18956
18957
#: serverguide/C/lamp-applications.xml:100(title)
18958
msgid "Moin Moin"
18959
msgstr ""
18960
18961
#: serverguide/C/lamp-applications.xml:102(para)
18962
msgid ""
18963
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
18964
"engine, and licensed under the GNU GPL."
18965
msgstr ""
18966
18967
#: serverguide/C/lamp-applications.xml:110(para)
18968
msgid ""
18969
"To install <application>MoinMoin</application>, run the following command in "
18970
"the command prompt:"
18971
msgstr ""
18972
18973
#: serverguide/C/lamp-applications.xml:116(command)
18974
msgid "sudo apt-get install python-moinmoin"
18975
msgstr ""
18976
18977
#: serverguide/C/lamp-applications.xml:119(para)
18978
msgid ""
18979
"You should also install <application>apache2</application> web server. For "
18980
"installing <application>apache2</application> web server, please refer to "
18981
"<xref linkend=\"http-installation\"/> sub-section in <xref "
18982
"linkend=\"httpd\"/> section."
18983
msgstr ""
18984
18985
#: serverguide/C/lamp-applications.xml:130(para)
18986
msgid ""
18987
"For configuring your first Wiki application, please run the following set of "
18988
"commands. Let us assume that you are creating a Wiki named "
18989
"<emphasis>mywiki</emphasis>:"
18990
msgstr ""
18991
18992
#: serverguide/C/lamp-applications.xml:137(command)
18993
msgid "cd /usr/share/moin"
18994
msgstr ""
18995
18996
#: serverguide/C/lamp-applications.xml:138(command)
18997
msgid "sudo mkdir mywiki"
18998
msgstr ""
18999
19000
#: serverguide/C/lamp-applications.xml:139(command)
19001
msgid "sudo cp -R data mywiki"
19002
msgstr ""
19003
19004
#: serverguide/C/lamp-applications.xml:140(command)
19005
msgid "sudo cp -R underlay mywiki"
19006
msgstr ""
19007
19008
#: serverguide/C/lamp-applications.xml:141(command)
19009
msgid "sudo cp server/moin.cgi mywiki"
19010
msgstr ""
19011
19012
#: serverguide/C/lamp-applications.xml:142(command)
19013
msgid "sudo chown -R www-data.www-data mywiki"
19014
msgstr ""
19015
19016
#: serverguide/C/lamp-applications.xml:143(command)
19017
msgid "sudo chmod -R ug+rwX mywiki"
19018
msgstr ""
19019
19020
#: serverguide/C/lamp-applications.xml:144(command)
19021
msgid "sudo chmod -R o-rwx mywiki"
19022
msgstr ""
19023
19024
#: serverguide/C/lamp-applications.xml:147(para)
19025
msgid ""
19026
"Now you should configure <application>MoinMoin</application> to find your "
19027
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19028
"<application>MoinMoin</application>, open "
19029
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19030
msgstr ""
19031
19032
#: serverguide/C/lamp-applications.xml:155(programlisting)
19033
#, no-wrap
19034
msgid "data_dir = '/org/mywiki/data'"
19035
msgstr ""
19036
19037
#: serverguide/C/lamp-applications.xml:157(para)
19038
msgid "to"
19039
msgstr ""
19040
19041
#: serverguide/C/lamp-applications.xml:161(programlisting)
19042
#, no-wrap
19043
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19044
msgstr ""
19045
19046
#: serverguide/C/lamp-applications.xml:163(para)
19047
msgid ""
19048
"Also, below the <emphasis>data_dir</emphasis> option add the "
19049
"<emphasis>data_underlay_dir</emphasis>:"
19050
msgstr ""
19051
19052
#: serverguide/C/lamp-applications.xml:167(programlisting)
19053
#, no-wrap
19054
msgid ""
19055
"\n"
19056
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19057
msgstr ""
19058
19059
#: serverguide/C/lamp-applications.xml:172(para)
19060
msgid ""
19061
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19062
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19063
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19064
"change."
19065
msgstr ""
19066
19067
#: serverguide/C/lamp-applications.xml:181(para)
19068
msgid ""
19069
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19070
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19071
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19072
"<quote>(\"mywiki\", r\".*\")</quote>."
19073
msgstr ""
19074
19075
#: serverguide/C/lamp-applications.xml:189(para)
19076
msgid ""
19077
"Once you have configured <application>MoinMoin</application> to find your "
19078
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19079
"<application>apache2</application> and make it ready for your Wiki "
19080
"application."
19081
msgstr ""
19082
19083
#: serverguide/C/lamp-applications.xml:196(para)
19084
msgid ""
19085
"You should add the following lines in <filename>/etc/apache2/sites-"
19086
"available/default</filename> file inside the <quote><VirtualHost "
19087
"*></quote> tag:"
19088
msgstr ""
19089
19090
#: serverguide/C/lamp-applications.xml:202(programlisting)
19091
#, no-wrap
19092
msgid ""
19093
"\n"
19094
"### moin\n"
19095
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19096
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19097
" <Directory /usr/share/moin/htdocs>\n"
19098
" Order allow,deny\n"
19099
" allow from all\n"
19100
" </Directory>\n"
19101
"### end moin\n"
19102
msgstr ""
19103
19104
#: serverguide/C/lamp-applications.xml:214(para)
19105
msgid ""
19106
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19107
"<emphasis>alias</emphasis> line above, to the "
19108
"<application>moinmoin</application> version installed."
19109
msgstr ""
19110
19111
#: serverguide/C/lamp-applications.xml:220(para)
19112
msgid ""
19113
"Once you configure the <application>apache2</application> web server and "
19114
"make it ready for your Wiki application, you should restart it. You can run "
19115
"the following command to restart the <application>apache2</application> web "
19116
"server:"
19117
msgstr ""
19118
19119
#: serverguide/C/lamp-applications.xml:233(title)
19120
msgid "Verification"
19121
msgstr ""
19122
19123
#: serverguide/C/lamp-applications.xml:235(para)
19124
msgid ""
19125
"You can verify the Wiki application and see if it works by pointing your web "
19126
"browser to the following URL:"
19127
msgstr ""
19128
19129
#: serverguide/C/lamp-applications.xml:239(programlisting)
19130
#, no-wrap
19131
msgid ""
19132
"\n"
19133
"http://localhost/mywiki\n"
19134
msgstr ""
19135
19136
#: serverguide/C/lamp-applications.xml:243(para)
19137
msgid ""
19138
"You can also run the test command by pointing your web browser to the "
19139
"following URL:"
19140
msgstr ""
19141
19142
#: serverguide/C/lamp-applications.xml:248(programlisting)
19143
#, no-wrap
19144
msgid ""
19145
"\n"
19146
"http://localhost/mywiki?action=test\n"
19147
msgstr ""
19148
19149
#: serverguide/C/lamp-applications.xml:252(para)
19150
msgid ""
19151
"For more details, please refer to the <ulink "
19152
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19153
msgstr ""
19154
19155
#: serverguide/C/lamp-applications.xml:263(para)
19156
msgid ""
19157
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19158
"Wiki</ulink>."
19159
msgstr ""
19160
19161
#: serverguide/C/lamp-applications.xml:268(para)
19162
msgid ""
19163
"Also, see the <ulink "
19164
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19165
"MoinMoin</ulink> page."
19166
msgstr ""
19167
19168
#: serverguide/C/lamp-applications.xml:277(title)
19169
msgid "MediaWiki"
19170
msgstr ""
19171
19172
#: serverguide/C/lamp-applications.xml:279(para)
19173
msgid ""
19174
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19175
"either use <application>MySQL</application> or "
19176
"<application>PostgreSQL</application> Database Management System."
19177
msgstr ""
19178
19179
#: serverguide/C/lamp-applications.xml:289(para)
19180
msgid ""
19181
"Before installing <application>MediaWiki</application> you should also "
19182
"install <application>Apache2</application>, the "
19183
"<application>PHP5</application> scripting language and Database a Management "
19184
"System. <application>MySQL</application> or "
19185
"<application>PostgreSQL</application> are the most common, choose one "
19186
"depending on your need. Please refer to those sections in this manual for "
19187
"installation instructions."
19188
msgstr ""
19189
19190
#: serverguide/C/lamp-applications.xml:297(para)
19191
msgid ""
19192
"To install <application>MediaWiki</application>, run the following command "
19193
"in the command prompt:"
19194
msgstr ""
19195
19196
#: serverguide/C/lamp-applications.xml:303(command)
19197
msgid "sudo apt-get install mediawiki php5-gd"
19198
msgstr ""
19199
19200
#: serverguide/C/lamp-applications.xml:306(para)
19201
msgid ""
19202
"For additional <application>MediaWiki</application> functionality see the "
19203
"<application>mediawiki-extensions</application> package."
19204
msgstr ""
19205
19206
#: serverguide/C/lamp-applications.xml:316(para)
19207
msgid ""
19208
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19209
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19210
"directory. You should uncomment the following line in this file to access "
19211
"MediaWiki application."
19212
msgstr ""
19213
19214
#: serverguide/C/lamp-applications.xml:324(screen)
19215
#, no-wrap
19216
msgid ""
19217
"\n"
19218
"# Alias /mediawiki /var/lib/mediawiki\n"
19219
msgstr ""
19220
19221
#: serverguide/C/lamp-applications.xml:328(para)
19222
msgid ""
19223
"After you uncomment the above line, restart Apache server and access "
19224
"MediaWiki using the following url:"
19225
msgstr ""
19226
19227
#: serverguide/C/lamp-applications.xml:333(programlisting)
19228
#, no-wrap
19229
msgid ""
19230
"\n"
19231
"http://localhost/mediawiki/config/index.php\n"
19232
msgstr ""
19233
19234
#: serverguide/C/lamp-applications.xml:338(para)
19235
msgid ""
19236
"Please read the <quote>Checking environment...</quote> section in this page. "
19237
"You should be able to fix many issues by carefully reading this section."
19238
msgstr ""
19239
19240
#: serverguide/C/lamp-applications.xml:345(para)
19241
msgid ""
19242
"Once the configuration is complete, you should copy the "
19243
"<filename>LocalSettings.php</filename> file to "
19244
"<filename>/etc/mediawiki</filename> directory:"
19245
msgstr ""
19246
19247
#: serverguide/C/lamp-applications.xml:352(command)
19248
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19249
msgstr ""
19250
19251
#: serverguide/C/lamp-applications.xml:355(para)
19252
msgid ""
19253
"You may also want to edit "
19254
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19255
msgstr ""
19256
19257
#: serverguide/C/lamp-applications.xml:360(programlisting)
19258
#, no-wrap
19259
msgid ""
19260
"\n"
19261
"ini_set( 'memory_limit', '64M' );\n"
19262
msgstr ""
19263
19264
#: serverguide/C/lamp-applications.xml:367(title)
19265
msgid "Extensions"
19266
msgstr ""
19267
19268
#: serverguide/C/lamp-applications.xml:368(para)
19269
msgid ""
19270
"The extensions add new features and enhancements for the MediaWiki "
19271
"application. The extensions give wiki administrators and end users the "
19272
"ability to customize MediaWiki to their requirements."
19273
msgstr ""
19274
19275
#: serverguide/C/lamp-applications.xml:374(para)
19276
msgid ""
19277
"You can download MediaWiki extensions as an archive file or checkout from "
19278
"the Subversion repository. You should copy it to "
19279
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19280
"also add the following line at the end of file: "
19281
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19282
msgstr ""
19283
19284
#: serverguide/C/lamp-applications.xml:382(programlisting)
19285
#, no-wrap
19286
msgid ""
19287
"\n"
19288
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19289
msgstr ""
19290
19291
#: serverguide/C/lamp-applications.xml:392(para)
19292
msgid ""
19293
"For more details, please refer to the <ulink "
19294
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19295
msgstr ""
19296
19297
#: serverguide/C/lamp-applications.xml:398(para)
19298
msgid ""
19299
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19300
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19301
"new MediaWiki administrators."
19302
msgstr ""
19303
19304
#: serverguide/C/lamp-applications.xml:404(para)
19305
msgid ""
19306
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19307
"Wiki MediaWiki</ulink> page is a good resource."
19308
msgstr ""
19309
19310
#: serverguide/C/lamp-applications.xml:414(title)
19311
msgid "phpMyAdmin"
19312
msgstr ""
19313
19314
#: serverguide/C/lamp-applications.xml:416(para)
19315
msgid ""
19316
"<application>phpMyAdmin</application> is a LAMP application specifically "
19317
"written for administering <application>MySQL</application> servers. Written "
19318
"in <application>PHP</application>, and accessed through a web browser, "
19319
"phpMyAdmin provides a graphical interface for database administration tasks."
19320
msgstr ""
19321
19322
#: serverguide/C/lamp-applications.xml:425(para)
19323
msgid ""
19324
"Before installing <application>phpMyAdmin</application> you will need access "
19325
"to a <application>MySQL</application> database either on the same host as "
19326
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19327
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19328
"enter:"
19329
msgstr ""
19330
19331
#: serverguide/C/lamp-applications.xml:432(command)
19332
msgid "sudo apt-get install phpmyadmin"
19333
msgstr ""
19334
19335
#: serverguide/C/lamp-applications.xml:435(para)
19336
msgid ""
19337
"At the prompt choose which web server to be configured for "
19338
"<application>phpMyAdmin</application>. The rest of this section will use "
19339
"<application>Apache2</application> for the web server."
19340
msgstr ""
19341
19342
#: serverguide/C/lamp-applications.xml:440(para)
19343
msgid ""
19344
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19345
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19346
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19347
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19348
"user if you any setup, and enter the <application>MySQL</application> user's "
19349
"password."
19350
msgstr ""
19351
19352
#: serverguide/C/lamp-applications.xml:447(para)
19353
msgid ""
19354
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19355
"needed, create users, create/destroy databases and tables, etc."
19356
msgstr ""
19357
19358
#: serverguide/C/lamp-applications.xml:455(para)
19359
msgid ""
19360
"The configuration files for <application>phpMyAdmin</application> are "
19361
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19362
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19363
"configuration options that apply globally to "
19364
"<application>phpMyAdmin</application>."
19365
msgstr ""
19366
19367
#: serverguide/C/lamp-applications.xml:461(para)
19368
msgid ""
19369
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19370
"hosted on another server, adjust the following in "
19371
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19372
msgstr ""
19373
19374
#: serverguide/C/lamp-applications.xml:466(programlisting)
19375
#, no-wrap
19376
msgid ""
19377
"\n"
19378
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19379
msgstr ""
19380
19381
#: serverguide/C/lamp-applications.xml:471(para)
19382
msgid ""
19383
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19384
"remote database server name or IP address. Also, be sure that the "
19385
"<application>phpMyAdmin</application> host has permissions to access the "
19386
"remote database."
19387
msgstr ""
19388
19389
#: serverguide/C/lamp-applications.xml:477(para)
19390
msgid ""
19391
"Once configured, log out of <application>phpMyAdmin</application> and back "
19392
"in, and you should be accessing the new server."
19393
msgstr ""
19394
19395
#: serverguide/C/lamp-applications.xml:481(para)
19396
msgid ""
19397
"The <filename>config.header.inc.php</filename> and "
19398
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19399
"header and footer to <application>phpMyAdmin</application>."
19400
msgstr ""
19401
19402
#: serverguide/C/lamp-applications.xml:486(para)
19403
msgid ""
19404
"Another important configuration file is "
19405
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19406
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19407
"configure <application>Apache2</application> to serve the "
19408
"<application>phpMyAdmin</application> site. The file contains directives for "
19409
"loading <application>PHP</application>, directory permissions, etc. For more "
19410
"information on configuring <application>Apache2</application> see <xref "
19411
"linkend=\"httpd\"/>."
19412
msgstr ""
19413
19414
#: serverguide/C/lamp-applications.xml:500(para)
19415
msgid ""
19416
"The <application>phpMyAdmin</application> documentation comes installed with "
19417
"the package and can be accessed from the <emphasis>phpMyAdmin "
19418
"Documentation</emphasis> link (a question mark with a box around it) under "
19419
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19420
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19421
msgstr ""
19422
19423
#: serverguide/C/lamp-applications.xml:507(para)
19424
msgid ""
19425
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19426
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19427
msgstr ""
19428
19429
#: serverguide/C/lamp-applications.xml:512(para)
19430
msgid ""
19431
"A third resource is the <ulink "
19432
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19433
"Wiki</ulink> page."
19434
msgstr ""
19435
19436
#: serverguide/C/introduction.xml:14(para)
19437
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19438
msgstr ""
19439
19440
#: serverguide/C/introduction.xml:15(para)
19441
msgid ""
19442
"Here you can find information on how to install and configure various server "
19443
"applications. It is a step-by-step, task-oriented guide for configuring and "
19444
"customizing your system."
19445
msgstr ""
19446
19447
#: serverguide/C/introduction.xml:19(para)
19448
msgid ""
19449
"This guide assumes you have a basic understanding of your Ubuntu system. "
19450
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19451
"but if you need detailed instructions installing Ubuntu please refer to the "
19452
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19453
"Installation Guide</ulink>."
19454
msgstr ""
19455
19456
#: serverguide/C/introduction.xml:25(para)
19457
msgid ""
19458
"A HTML version of the manual is available online at <ulink "
19459
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19460
"HTML files are also available in the <application>ubuntu-"
19461
"serverguide</application> package. See <xref linkend=\"package-"
19462
"management\"/> for details on installing packages."
19463
msgstr ""
19464
19465
#: serverguide/C/introduction.xml:32(para)
19466
msgid ""
19467
"If you choose to install the <application>ubuntu-serverguide</application> "
19468
"you can view this document from a console by:"
19469
msgstr ""
19470
19471
#: serverguide/C/introduction.xml:36(command)
19472
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19473
msgstr ""
19474
19475
#: serverguide/C/introduction.xml:39(para)
19476
msgid ""
19477
"If you are using a localized version of Ubuntu, replace "
19478
"<emphasis>C</emphasis> with your language localization (e.g. "
19479
"<emphasis>en_GB</emphasis>)."
19480
msgstr ""
19481
19482
#: serverguide/C/introduction.xml:53(title)
19483
msgid "Support"
19484
msgstr ""
19485
19486
#: serverguide/C/introduction.xml:55(para)
19487
msgid ""
19488
"There are a couple of different ways that Ubuntu Server Edition is "
19489
"supported, commercial support and community support. The main commercial "
19490
"support (and development funding) is available from Canonical Ltd. They "
19491
"supply reasonably priced support contracts on a per desktop or per server "
19492
"basis. For more information see the <ulink "
19493
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19494
"page."
19495
msgstr ""
19496
19497
#: serverguide/C/introduction.xml:62(para)
19498
msgid ""
19499
"Community support is also provided by dedicated individuals, and companies, "
19500
"that wish to make Ubuntu the best distribution possible. Support is provided "
19501
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19502
"large amount of information available can be overwhelming, but a good search "
19503
"engine query can usually provide an answer to your questions. See the <ulink "
19504
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19505
"information."
19506
msgstr ""
19507
19508
#: serverguide/C/installation.xml:14(para)
19509
msgid ""
19510
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19511
"Edition. For more detailed instructions, please refer to the <ulink "
19512
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19513
"Installation Guide</ulink>."
19514
msgstr ""
19515
19516
#: serverguide/C/installation.xml:19(title)
19517
msgid "Preparing to Install"
19518
msgstr ""
19519
19520
#: serverguide/C/installation.xml:20(para)
19521
msgid ""
19522
"This section explains various aspects to consider before starting the "
19523
"installation."
19524
msgstr ""
19525
19526
#: serverguide/C/installation.xml:24(title)
19527
msgid "System Requirements"
19528
msgstr ""
19529
19530
#: serverguide/C/installation.xml:25(para)
19531
msgid ""
19532
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19533
"and AMD64. The table below lists recommended hardware specifications. "
19534
"Depending on your needs, you might manage with less than this. However, most "
19535
"users risk being frustrated if they ignore these suggestions."
19536
msgstr ""
19537
19538
#: serverguide/C/installation.xml:27(title)
19539
msgid "Recommended Minimum Requirements"
19540
msgstr ""
19541
19542
#: serverguide/C/installation.xml:35(para)
19543
msgid "Install Type"
19544
msgstr ""
19545
19546
#: serverguide/C/installation.xml:36(para)
19547
msgid "RAM"
19548
msgstr ""
19549
19550
#: serverguide/C/installation.xml:37(para)
19551
msgid "Hard Drive Space"
19552
msgstr ""
19553
19554
#: serverguide/C/installation.xml:40(para)
19555
msgid "Base System"
19556
msgstr ""
19557
19558
#: serverguide/C/installation.xml:41(para)
19559
msgid "All Tasks Installed"
19560
msgstr ""
19561
19562
#: serverguide/C/installation.xml:46(para)
19563
msgid "Server"
19564
msgstr ""
19565
19566
#: serverguide/C/installation.xml:47(para)
19567
msgid "128 megabytes"
19568
msgstr ""
19569
19570
#: serverguide/C/installation.xml:48(para)
19571
msgid "500 megabytes"
19572
msgstr ""
19573
19574
#: serverguide/C/installation.xml:49(para)
19575
msgid "1 gigabyte"
19576
msgstr ""
19577
19578
#: serverguide/C/installation.xml:54(para)
19579
msgid ""
19580
"The Server Edition provides a common base for all sorts of server "
19581
"applications. It is a minimalist design providing a platform for the desired "
19582
"services, such as file/print services, web hosting, email hosting, etc."
19583
msgstr ""
19584
19585
#: serverguide/C/installation.xml:60(para)
19586
msgid ""
19587
"The requirements for UEC are slightly different for Front End requirements "
19588
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19589
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19590
msgstr ""
19591
19592
#: serverguide/C/installation.xml:68(title)
19593
msgid "Server and Desktop Differences"
19594
msgstr ""
19595
19596
#: serverguide/C/installation.xml:69(para)
19597
msgid ""
19598
"There are a few differences between the <emphasis>Ubuntu Server "
19599
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19600
"should be noted that both editions use the same "
19601
"<application>apt</application> repositories. Making it just as easy to "
19602
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19603
"Desktop Edition as it is on the Server Edition."
19604
msgstr ""
19605
19606
#: serverguide/C/installation.xml:75(para)
19607
msgid ""
19608
"The differences between the two editions are the lack of an X window "
19609
"environment in the Server Edition, the installation process, and different "
19610
"Kernel options."
19611
msgstr ""
19612
19613
#: serverguide/C/installation.xml:82(title)
19614
msgid "Kernel Differences:"
19615
msgstr ""
19616
19617
#: serverguide/C/installation.xml:85(para)
19618
msgid ""
19619
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19620
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19621
"Edition."
19622
msgstr ""
19623
19624
#: serverguide/C/installation.xml:91(para)
19625
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19626
msgstr ""
19627
19628
#: serverguide/C/installation.xml:96(para)
19629
msgid ""
19630
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19631
"Desktop Edition."
19632
msgstr ""
19633
19634
#: serverguide/C/installation.xml:102(para)
19635
msgid ""
19636
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19637
"limited by memory addressing space."
19638
msgstr ""
19639
19640
#: serverguide/C/installation.xml:107(para)
19641
msgid ""
19642
"To see all kernel configuration options you can look through "
19643
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19644
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19645
"is a great resource on the options available."
19646
msgstr ""
19647
19648
#: serverguide/C/installation.xml:116(title)
19649
msgid "Backing Up"
19650
msgstr ""
19651
19652
#: serverguide/C/installation.xml:119(para)
19653
msgid ""
19654
"Before installing <application>Ubuntu Server Edition</application> you "
19655
"should make sure all data on the system is backed up. See <xref "
19656
"linkend=\"backups\"/> for backup options."
19657
msgstr ""
19658
19659
#: serverguide/C/installation.xml:123(para)
19660
msgid ""
19661
"If this is not the first time an operating system has been installed on your "
19662
"computer, it is likely you will need to re-partition your disk to make room "
19663
"for Ubuntu."
19664
msgstr ""
19665
19666
#: serverguide/C/installation.xml:127(para)
19667
msgid ""
19668
"Any time you partition your disk, you should be prepared to lose everything "
19669
"on the disk should you make a mistake or something goes wrong during "
19670
"partitioning. The programs used in installation are quite reliable, most "
19671
"have seen years of use, but they also perform destructive actions."
19672
msgstr ""
19673
19674
#: serverguide/C/installation.xml:139(title)
19675
msgid "Installing from CD"
19676
msgstr ""
19677
19678
#: serverguide/C/installation.xml:140(para)
19679
msgid ""
19680
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19681
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19682
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19683
"a graphical installation program. Instead the Server Edition uses a console "
19684
"menu based process."
19685
msgstr ""
19686
19687
#: serverguide/C/installation.xml:147(para)
19688
msgid ""
19689
"First, download and burn the appropriate ISO file from the <ulink "
19690
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19691
msgstr ""
19692
19693
#: serverguide/C/installation.xml:153(para)
19694
msgid "Boot the system from the CD-ROM drive."
19695
msgstr ""
19696
19697
#: serverguide/C/installation.xml:158(para)
19698
msgid ""
19699
"At the boot prompt you will be asked to select the language. Afterwards the "
19700
"installation process begins by asking for your keyboard layout."
19701
msgstr ""
19702
19703
#: serverguide/C/installation.xml:164(para)
19704
msgid ""
19705
"From the main boot menu there are some additional options to install Ubuntu "
19706
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19707
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19708
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19709
"will cover the basic Ubuntu Server install."
19710
msgstr ""
19711
19712
#: serverguide/C/installation.xml:172(para)
19713
msgid ""
19714
"The installer then discovers your hardware configuration, and configures the "
19715
"network settings using DHCP. If you do not wish to use DHCP at the next "
19716
"screen choose \"Go Back\", and you have the option to \"Configure the "
19717
"network manually\"."
19718
msgstr ""
19719
19720
#: serverguide/C/installation.xml:179(para)
19721
msgid "Next, the installer asks for the system's hostname and Time Zone."
19722
msgstr ""
19723
19724
#: serverguide/C/installation.xml:184(para)
19725
msgid ""
19726
"You can then choose from several options to configure the hard drive layout. "
19727
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19728
msgstr ""
19729
19730
#: serverguide/C/installation.xml:190(para)
19731
msgid "The Ubuntu base system is then installed."
19732
msgstr ""
19733
19734
#: serverguide/C/installation.xml:195(para)
19735
msgid ""
19736
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19737
"through the <application>sudo</application> utility."
19738
msgstr ""
19739
19740
#: serverguide/C/installation.xml:201(para)
19741
msgid ""
19742
"After the user is setup, you will be asked to encrypt your <filename "
19743
"role=\"directory\">home</filename> directory."
19744
msgstr ""
19745
19746
#: serverguide/C/installation.xml:207(para)
19747
msgid ""
19748
"The next step in the installation process is to decide how you want to "
19749
"update the system. There are three options:"
19750
msgstr ""
19751
19752
#: serverguide/C/installation.xml:213(para)
19753
msgid ""
19754
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19755
"log into the machine and manually install updates."
19756
msgstr ""
19757
19758
#: serverguide/C/installation.xml:219(para)
19759
msgid ""
19760
"<emphasis>Install security updates Automatically</emphasis>: will install "
19761
"the <application>unattended-upgrades</application> package, which will "
19762
"install security updates without the intervention of an administrator. For "
19763
"more details see <xref linkend=\"automatic-updates\"/>."
19764
msgstr ""
19765
19766
#: serverguide/C/installation.xml:226(para)
19767
msgid ""
19768
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19769
"service provided by Canonical to help manage your Ubuntu machines. See the "
19770
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19771
"site for details."
19772
msgstr ""
19773
19774
#: serverguide/C/installation.xml:235(para)
19775
msgid ""
19776
"You now have the option to install, or not install, several package tasks. "
19777
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19778
"to launch <application>aptitude</application> to choose specific packages to "
19779
"install. For more information see <xref linkend=\"aptitude\"/>."
19780
msgstr ""
19781
19782
#: serverguide/C/installation.xml:243(para)
19783
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19784
msgstr ""
19785
19786
#: serverguide/C/installation.xml:249(para)
19787
msgid ""
19788
"If at any point during installation you are not satisfied by the default "
19789
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19790
"detailed installation menu that will allow you to modify the default "
19791
"settings."
19792
msgstr ""
19793
19794
#: serverguide/C/installation.xml:254(para)
19795
msgid ""
19796
"At some point during the installation process you may want to read the help "
19797
"screen provided by the installation system. To do this, press F1."
19798
msgstr ""
19799
19800
#: serverguide/C/installation.xml:259(para)
19801
msgid ""
19802
"Once again, for detailed instructions see the <ulink "
19803
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19804
"Installation Guide</ulink>."
19805
msgstr ""
19806
19807
#: serverguide/C/installation.xml:265(title)
19808
msgid "Package Tasks"
19809
msgstr ""
19810
19811
#: serverguide/C/installation.xml:266(para)
19812
msgid ""
19813
"During the Server Edition installation you have the option of installing "
19814
"additional packages from the CD. The packages are grouped by the type of "
19815
"service they provide."
19816
msgstr ""
19817
19818
#: serverguide/C/installation.xml:272(para)
19819
msgid "Cloud computing: Walrus storage service"
19820
msgstr ""
19821
19822
#: serverguide/C/installation.xml:277(para)
19823
msgid "Cloud computing: all-in-one cluster"
19824
msgstr ""
19825
19826
#: serverguide/C/installation.xml:282(para)
19827
msgid "Cloud computing: Cluster controller"
19828
msgstr ""
19829
19830
#: serverguide/C/installation.xml:287(para)
19831
msgid "Cloud computing: Node controller"
19832
msgstr ""
19833
19834
#: serverguide/C/installation.xml:292(para)
19835
msgid "Cloud computing: Storage controller"
19836
msgstr ""
19837
19838
#: serverguide/C/installation.xml:297(para)
19839
msgid "Cloud computing: top-level cloud controller"
19840
msgstr ""
19841
19842
#: serverguide/C/installation.xml:302(para)
19843
msgid "DNS server: Selects the BIND DNS server and its documentation."
19844
msgstr ""
19845
19846
#: serverguide/C/installation.xml:307(para)
19847
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19848
msgstr ""
19849
19850
#: serverguide/C/installation.xml:312(para)
19851
msgid ""
19852
"Mail server: This task selects a variety of package useful for a general "
19853
"purpose mail server system."
19854
msgstr ""
19855
19856
#: serverguide/C/installation.xml:317(para)
19857
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19858
msgstr ""
19859
19860
#: serverguide/C/installation.xml:322(para)
19861
msgid ""
19862
"PostgreSQL database: This task selects client and server packages for the "
19863
"PostgreSQL database."
19864
msgstr ""
19865
19866
#: serverguide/C/installation.xml:327(para)
19867
msgid "Print server: This task sets up your system to be a print server."
19868
msgstr ""
19869
19870
#: serverguide/C/installation.xml:332(para)
19871
msgid ""
19872
"Samba File server: This task sets up your system to be a Samba file server, "
19873
"which is especially suitable in networks with both Windows and Linux systems."
19874
msgstr ""
19875
19876
#: serverguide/C/installation.xml:338(para)
19877
msgid ""
19878
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19879
"etc."
19880
msgstr ""
19881
19882
#: serverguide/C/installation.xml:343(para)
19883
msgid ""
19884
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19885
msgstr ""
19886
19887
#: serverguide/C/installation.xml:348(para)
19888
msgid ""
19889
"Manually select packages: Executes <application>apptitude</application> "
19890
"allowing you to individually select packages."
19891
msgstr ""
19892
19893
#: serverguide/C/installation.xml:353(para)
19894
msgid ""
19895
"Installing the package groups is accomplished using the "
19896
"<application>tasksel</application> utility. One of the important difference "
19897
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19898
"installed, a package is also configured to reasonable defaults, eventually "
19899
"prompting you for additional required information. Likewise, when installing "
19900
"a task, the packages are not only installed, but also configured to provided "
19901
"a fully integrated service."
19902
msgstr ""
19903
19904
#: serverguide/C/installation.xml:360(para)
19905
msgid ""
19906
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19907
"<xref linkend=\"uec\"/>."
19908
msgstr ""
19909
19910
#: serverguide/C/installation.xml:363(para)
19911
msgid ""
19912
"Once the installation process has finished you can view a list of available "
19913
"tasks by entering the following from a terminal prompt:"
19914
msgstr ""
19915
19916
#: serverguide/C/installation.xml:368(command)
19917
msgid "tasksel --list-tasks"
19918
msgstr ""
19919
19920
#: serverguide/C/installation.xml:371(para)
19921
msgid ""
19922
"The output will list tasks from other Ubuntu based distributions such as "
19923
"Kubuntu and Edubuntu. Note that you can also invoke the "
19924
"<command>tasksel</command> command by itself, which will bring up a menu of "
19925
"the different tasks available."
19926
msgstr ""
19927
19928
#: serverguide/C/installation.xml:377(para)
19929
msgid ""
19930
"You can view a list of which packages are installed with each task using the "
19931
"<emphasis>--task-packages</emphasis> option. For example, to list the "
19932
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
19933
"following:"
19934
msgstr ""
19935
19936
#: serverguide/C/installation.xml:382(command)
19937
msgid "tasksel --task-packages dns-server"
19938
msgstr ""
19939
19940
#: serverguide/C/installation.xml:384(para)
19941
msgid "The output of the command should list:"
19942
msgstr ""
19943
19944
#: serverguide/C/installation.xml:387(programlisting)
19945
#, no-wrap
19946
msgid ""
19947
"\n"
19948
"bind9-doc \n"
19949
"bind9utils \n"
19950
"bind9\n"
19951
msgstr ""
19952
19953
#: serverguide/C/installation.xml:392(para)
19954
msgid ""
19955
"Also, if you did not install one of the tasks during the installation "
19956
"process, but for example you decide to make your new LAMP server a DNS "
19957
"server as well. Simply insert the installation CD and from a terminal:"
19958
msgstr ""
19959
19960
#: serverguide/C/installation.xml:397(command)
19961
msgid "sudo tasksel install dns-server"
19962
msgstr ""
19963
19964
#: serverguide/C/installation.xml:402(title)
19965
msgid "Upgrading"
19966
msgstr ""
19967
19968
#: serverguide/C/installation.xml:403(para)
19969
msgid ""
19970
"There are several ways to upgrade from one Ubuntu release to another. This "
19971
"section gives an overview of the recommended upgrade method."
19972
msgstr ""
19973
19974
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
19975
msgid "do-release-upgrade"
19976
msgstr ""
19977
19978
#: serverguide/C/installation.xml:408(para)
19979
msgid ""
19980
"The recommended way to upgrade a Server Edition installation is to use the "
19981
"<application>do-release-upgrade</application> utility. Part of the "
19982
"<emphasis>update-manager-core</emphasis> package, it does not have any "
19983
"graphical dependencies and is installed by default."
19984
msgstr ""
19985
19986
#: serverguide/C/installation.xml:413(para)
19987
msgid ""
19988
"Debian based systems can also be upgraded by using <command>apt-get dist-"
19989
"upgrade</command>. However, using <application>do-release-"
19990
"upgrade</application> is recommended because it has the ability to handle "
19991
"system configuration changes sometimes needed between releases."
19992
msgstr ""
19993
19994
#: serverguide/C/installation.xml:418(para)
19995
msgid "To upgrade to a newer release, from a terminal prompt enter:"
19996
msgstr ""
19997
19998
#: serverguide/C/installation.xml:424(para)
19999
msgid ""
20000
"It is also possible to use <application>do-release-upgrade</application> to "
20001
"upgrade to a development version of Ubuntu. To accomplish this use the "
20002
"<emphasis>-d</emphasis> switch:"
20003
msgstr ""
20004
20005
#: serverguide/C/installation.xml:429(command)
20006
msgid "do-release-upgrade -d"
20007
msgstr ""
20008
20009
#: serverguide/C/installation.xml:432(para)
20010
msgid ""
20011
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20012
"for production environments."
20013
msgstr ""
20014
20015
#: serverguide/C/installation.xml:439(title)
20016
msgid "Advanced Installation"
20017
msgstr ""
20018
20019
#: serverguide/C/installation.xml:442(title)
20020
msgid "Software RAID"
20021
msgstr ""
20022
20023
#: serverguide/C/installation.xml:444(para)
20024
msgid ""
20025
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20026
"the probability of catastrophic data loss in case of drive failure. RAID is "
20027
"implemented in either software (where the operating system knows about both "
20028
"drives and actively maintains both of them) or hardware (where a special "
20029
"controller makes the OS think there's only one drive and maintains the "
20030
"drives 'invisibly')."
20031
msgstr ""
20032
20033
#: serverguide/C/installation.xml:451(para)
20034
msgid ""
20035
"The RAID software included with current versions of Linux (and Ubuntu) is "
20036
"based on the <application>'mdadm'</application> driver and works very well, "
20037
"better even than many so-called 'hardware' RAID controllers. This section "
20038
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20039
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20040
"another for <emphasis>swap</emphasis>."
20041
msgstr ""
20042
20043
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20044
msgid ""
20045
"Follow the installation steps until you get to the <emphasis>Partition "
20046
"disks</emphasis> step, then:"
20047
msgstr ""
20048
20049
#: serverguide/C/installation.xml:468(para)
20050
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20051
msgstr ""
20052
20053
#: serverguide/C/installation.xml:475(para)
20054
msgid ""
20055
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20056
"partition table on this device?\"</emphasis>."
20057
msgstr ""
20058
20059
#: serverguide/C/installation.xml:479(para)
20060
msgid ""
20061
"Repeat this step for each drive you wish to be part of the RAID array."
20062
msgstr ""
20063
20064
#: serverguide/C/installation.xml:486(para)
20065
msgid ""
20066
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20067
"select <emphasis>\"Create a new partition\"</emphasis>."
20068
msgstr ""
20069
20070
#: serverguide/C/installation.xml:493(para)
20071
msgid ""
20072
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20073
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20074
"size is twice that of RAM. Enter the partition size, then choose "
20075
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20076
msgstr ""
20077
20078
#: serverguide/C/installation.xml:502(para)
20079
msgid ""
20080
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20081
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20082
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20083
"<emphasis>\"Done setting up partition\"</emphasis>."
20084
msgstr ""
20085
20086
#: serverguide/C/installation.xml:511(para)
20087
msgid ""
20088
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20089
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20090
"partition\"</emphasis>."
20091
msgstr ""
20092
20093
#: serverguide/C/installation.xml:519(para)
20094
msgid ""
20095
"Use the rest of the free space on the drive and choose "
20096
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20097
msgstr ""
20098
20099
#: serverguide/C/installation.xml:526(para)
20100
msgid ""
20101
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20102
"at the top, changing it to <emphasis>\"physical volume for "
20103
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20104
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20105
"<emphasis>\"Done setting up partition\"</emphasis>."
20106
msgstr ""
20107
20108
#: serverguide/C/installation.xml:536(para)
20109
msgid "Repeat steps three through eight for the other disk and partitions."
20110
msgstr ""
20111
20112
#: serverguide/C/installation.xml:545(title)
20113
msgid "RAID Configuration"
20114
msgstr ""
20115
20116
#: serverguide/C/installation.xml:547(para)
20117
msgid "With the partitions setup the arrays are ready to be configured:"
20118
msgstr ""
20119
20120
#: serverguide/C/installation.xml:554(para)
20121
msgid ""
20122
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20123
"Software RAID\"</emphasis> at the top."
20124
msgstr ""
20125
20126
#: serverguide/C/installation.xml:561(para)
20127
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:568(para)
20131
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20132
msgstr ""
20133
20134
#: serverguide/C/installation.xml:575(para)
20135
msgid ""
20136
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20137
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20138
msgstr ""
20139
20140
#: serverguide/C/installation.xml:581(para)
20141
msgid ""
20142
"In order to use <emphasis>RAID5</emphasis> you need at least "
20143
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20144
"<emphasis>two</emphasis> drives are required."
20145
msgstr ""
20146
20147
#: serverguide/C/installation.xml:590(para)
20148
msgid ""
20149
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20150
"of hard drives you have, for the array. Then select "
20151
"<emphasis>\"Continue\"</emphasis>."
20152
msgstr ""
20153
20154
#: serverguide/C/installation.xml:598(para)
20155
msgid ""
20156
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20157
"default, then choose <emphasis>\"Continue\"</emphasis>."
20158
msgstr ""
20159
20160
#: serverguide/C/installation.xml:605(para)
20161
msgid ""
20162
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20163
"etc. The numbers will usually match and the different letters correspond to "
20164
"different hard drives."
20165
msgstr ""
20166
20167
#: serverguide/C/installation.xml:610(para)
20168
msgid ""
20169
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20170
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20171
"go to the next step."
20172
msgstr ""
20173
20174
#: serverguide/C/installation.xml:618(para)
20175
msgid ""
20176
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20177
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20178
"and <emphasis>sdb2</emphasis>."
20179
msgstr ""
20180
20181
#: serverguide/C/installation.xml:626(para)
20182
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20183
msgstr ""
20184
20185
#: serverguide/C/installation.xml:636(title)
20186
msgid "Formatting"
20187
msgstr ""
20188
20189
#: serverguide/C/installation.xml:638(para)
20190
msgid ""
20191
"There should now be a list of hard drives and RAID devices. The next step is "
20192
"to format and set the mount point for the RAID devices. Treat the RAID "
20193
"device as a local hard drive, format and mount accordingly."
20194
msgstr ""
20195
20196
#: serverguide/C/installation.xml:646(para)
20197
msgid ""
20198
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20199
"#0\"</emphasis> partition."
20200
msgstr ""
20201
20202
#: serverguide/C/installation.xml:653(para)
20203
msgid ""
20204
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20205
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20206
msgstr ""
20207
20208
#: serverguide/C/installation.xml:661(para)
20209
msgid ""
20210
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20211
"#1\"</emphasis> partition."
20212
msgstr ""
20213
20214
#: serverguide/C/installation.xml:668(para)
20215
msgid ""
20216
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20217
"journaling file system\"</emphasis>."
20218
msgstr ""
20219
20220
#: serverguide/C/installation.xml:675(para)
20221
msgid ""
20222
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20223
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20224
"options as appropriate, then select <emphasis>\"Done setting up "
20225
"partition\"</emphasis>."
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:683(para)
20229
msgid ""
20230
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20231
"disk\"</emphasis>."
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:690(para)
20235
msgid ""
20236
"If you choose to place the root partition on a RAID array, the installer "
20237
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20238
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20239
msgstr ""
20240
20241
#: serverguide/C/installation.xml:695(para)
20242
msgid "The installation process will then continue normally."
20243
msgstr ""
20244
20245
#: serverguide/C/installation.xml:701(title)
20246
msgid "Degraded RAID"
20247
msgstr ""
20248
20249
#: serverguide/C/installation.xml:703(para)
20250
msgid ""
20251
"At some point in the life of the computer a disk failure event may occur. "
20252
"When this happens, using Software RAID, the operating system will place the "
20253
"array into what is known as a <emphasis>degraded</emphasis> state."
20254
msgstr ""
20255
20256
#: serverguide/C/installation.xml:708(para)
20257
msgid ""
20258
"If the array has become degraded, due to the chance of data corruption, by "
20259
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20260
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20261
"second prompt giving you the option to go ahead and boot the system, or "
20262
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20263
"the desired behavior, especially if the machine is in a remote location. "
20264
"Booting to a degraded array can be configured several ways:"
20265
msgstr ""
20266
20267
#: serverguide/C/installation.xml:719(para)
20268
msgid ""
20269
"The <application>dpkg-reconfigure</application> utility can be used to "
20270
"configure the default behavior, and during the process you will be queried "
20271
"about additional settings related to the array. Such as monitoring, email "
20272
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20273
"following:"
20274
msgstr ""
20275
20276
#: serverguide/C/installation.xml:726(command)
20277
msgid "sudo dpkg-reconfigure mdadm"
20278
msgstr ""
20279
20280
#: serverguide/C/installation.xml:732(para)
20281
msgid ""
20282
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20283
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20284
"The file has the advantage of being able to pre-configure the system's "
20285
"behavior, and can also be manually edited:"
20286
msgstr ""
20287
20288
#: serverguide/C/installation.xml:738(programlisting)
20289
#, no-wrap
20290
msgid ""
20291
"\n"
20292
"BOOT_DEGRADED=true\n"
20293
msgstr ""
20294
20295
#: serverguide/C/installation.xml:743(para)
20296
msgid "The configuration file can be overridden by using a Kernel argument."
20297
msgstr ""
20298
20299
#: serverguide/C/installation.xml:751(para)
20300
msgid ""
20301
"Using a Kernel argument will allow the system to boot to a degraded array as "
20302
"well:"
20303
msgstr ""
20304
20305
#: serverguide/C/installation.xml:757(para)
20306
msgid ""
20307
"When the server is booting press <keycap>Shift</keycap> to open the "
20308
"<application>Grub</application> menu."
20309
msgstr ""
20310
20311
#: serverguide/C/installation.xml:762(para)
20312
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20313
msgstr ""
20314
20315
#: serverguide/C/installation.xml:767(para)
20316
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20317
msgstr ""
20318
20319
#: serverguide/C/installation.xml:772(para)
20320
msgid ""
20321
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20322
"end of the line."
20323
msgstr ""
20324
20325
#: serverguide/C/installation.xml:777(para)
20326
msgid ""
20327
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20328
"the system."
20329
msgstr ""
20330
20331
#: serverguide/C/installation.xml:786(para)
20332
msgid ""
20333
"Once the system has booted you can either repair the array see <xref "
20334
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20335
"another machine due to major hardware failure."
20336
msgstr ""
20337
20338
#: serverguide/C/installation.xml:793(title)
20339
msgid "RAID Maintenance"
20340
msgstr ""
20341
20342
#: serverguide/C/installation.xml:795(para)
20343
msgid ""
20344
"The <application>mdadm</application> utility can be used to view the status "
20345
"of an array, add disks to an array, remove disks, etc:"
20346
msgstr ""
20347
20348
#: serverguide/C/installation.xml:802(para)
20349
msgid "To view the status of an array, from a terminal prompt enter:"
20350
msgstr ""
20351
20352
#: serverguide/C/installation.xml:806(command)
20353
msgid "sudo mdadm -D /dev/md0"
20354
msgstr ""
20355
20356
#: serverguide/C/installation.xml:809(para)
20357
msgid ""
20358
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20359
"display <emphasis>detailed</emphasis> information about the "
20360
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20361
"with the appropriate RAID device."
20362
msgstr ""
20363
20364
#: serverguide/C/installation.xml:815(para)
20365
msgid "To view the status of a disk in an array:"
20366
msgstr ""
20367
20368
#: serverguide/C/installation.xml:819(command)
20369
msgid "sudo mdadm -E /dev/sda1"
20370
msgstr ""
20371
20372
#: serverguide/C/installation.xml:821(para)
20373
msgid ""
20374
"The output if very similar to the <command>mdadm -D</command> command, "
20375
"adjust <filename>/dev/sda1</filename> for each disk."
20376
msgstr ""
20377
20378
#: serverguide/C/installation.xml:826(para)
20379
msgid "If a disk fails and needs to be removed from an array enter:"
20380
msgstr ""
20381
20382
#: serverguide/C/installation.xml:830(command)
20383
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20384
msgstr ""
20385
20386
#: serverguide/C/installation.xml:832(para)
20387
msgid ""
20388
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20389
"the appropriate RAID device and disk."
20390
msgstr ""
20391
20392
#: serverguide/C/installation.xml:837(para)
20393
msgid "Similarly, to add a new disk:"
20394
msgstr ""
20395
20396
#: serverguide/C/installation.xml:841(command)
20397
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20398
msgstr ""
20399
20400
#: serverguide/C/installation.xml:846(para)
20401
msgid ""
20402
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20403
"though there is nothing physically wrong with the drive. It is usually "
20404
"worthwhile to remove the drive from the array then re-add it. This will "
20405
"cause the drive to re-sync with the array. If the drive will not sync with "
20406
"the array, it is a good indication of hardware failure."
20407
msgstr ""
20408
20409
#: serverguide/C/installation.xml:852(para)
20410
msgid ""
20411
"The <filename>/proc/mdstat</filename> file also contains useful information "
20412
"about the system's RAID devices:"
20413
msgstr ""
20414
20415
#: serverguide/C/installation.xml:857(command)
20416
msgid "cat /proc/mdstat"
20417
msgstr ""
20418
20419
#: serverguide/C/installation.xml:858(computeroutput)
20420
#, no-wrap
20421
msgid ""
20422
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20423
"[raid10] \n"
20424
"md0 : active raid1 sda1[0] sdb1[1]\n"
20425
" 10016384 blocks [2/2] [UU]\n"
20426
" \n"
20427
"unused devices: <none>"
20428
msgstr ""
20429
20430
#: serverguide/C/installation.xml:865(para)
20431
msgid ""
20432
"The following command is great for watching the status of a syncing drive:"
20433
msgstr ""
20434
20435
#: serverguide/C/installation.xml:870(command)
20436
msgid "watch -n1 cat /proc/mdstat"
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:873(para)
20440
msgid ""
20441
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20442
"<application>watch</application> command."
20443
msgstr ""
20444
20445
#: serverguide/C/installation.xml:877(para)
20446
msgid ""
20447
"If you do need to replace a faulty drive, after the drive has been replaced "
20448
"and synced, <application>grub</application> will need to be installed. To "
20449
"install <application>grub</application> on the new drive, enter the "
20450
"following:"
20451
msgstr ""
20452
20453
#: serverguide/C/installation.xml:883(command)
20454
msgid "sudo grub-install /dev/md0"
20455
msgstr ""
20456
20457
#: serverguide/C/installation.xml:886(para)
20458
msgid ""
20459
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20460
msgstr ""
20461
20462
#: serverguide/C/installation.xml:894(para)
20463
msgid ""
20464
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20465
"can be configured. Please see the following links for more information:"
20466
msgstr ""
20467
20468
#: serverguide/C/installation.xml:901(para)
20469
msgid ""
20470
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20471
"Wiki Articles on RAID</ulink>."
20472
msgstr ""
20473
20474
#: serverguide/C/installation.xml:907(ulink)
20475
msgid "Software RAID HOWTO"
20476
msgstr ""
20477
20478
#: serverguide/C/installation.xml:912(ulink)
20479
msgid "Managing RAID on Linux"
20480
msgstr ""
20481
20482
#: serverguide/C/installation.xml:919(title)
20483
msgid "Logical Volume Manager (LVM)"
20484
msgstr ""
20485
20486
#: serverguide/C/installation.xml:921(para)
20487
msgid ""
20488
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20489
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20490
"hard disks. LVM volumes can be created on both software RAID partitions and "
20491
"standard partitions residing on a single disk. Volumes can also be extended, "
20492
"giving greater flexibility to systems as requirements change."
20493
msgstr ""
20494
20495
#: serverguide/C/installation.xml:930(para)
20496
msgid ""
20497
"A side effect of LVM's power and flexibility is a greater degree of "
20498
"complication. Before diving into the LVM installation process, it is best to "
20499
"get familiar with some terms."
20500
msgstr ""
20501
20502
#: serverguide/C/installation.xml:937(para)
20503
msgid ""
20504
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20505
"Volumes (LV)."
20506
msgstr ""
20507
20508
#: serverguide/C/installation.xml:942(para)
20509
msgid ""
20510
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20511
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20512
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20513
msgstr ""
20514
20515
#: serverguide/C/installation.xml:948(para)
20516
msgid ""
20517
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20518
"RAID partition. The Volume Group can be extended by adding more PVs."
20519
msgstr ""
20520
20521
#: serverguide/C/installation.xml:959(para)
20522
msgid ""
20523
"As an example this section covers installing Ubuntu Server Edition with "
20524
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20525
"the initial install only one Physical Volume (PV) will be part of the Volume "
20526
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20527
"can be extended."
20528
msgstr ""
20529
20530
#: serverguide/C/installation.xml:965(para)
20531
msgid ""
20532
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20533
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20534
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20535
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20536
"partitions and configure LVM. At this time the only way to configure a "
20537
"system with both LVM and standard partitions, during installation, is to use "
20538
"the Manual approach."
20539
msgstr ""
20540
20541
#: serverguide/C/installation.xml:982(para)
20542
msgid ""
20543
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20544
"<emphasis>\"Manual\"</emphasis>."
20545
msgstr ""
20546
20547
#: serverguide/C/installation.xml:989(para)
20548
msgid ""
20549
"Select the hard disk and on the next screen choose \"yes\" to "
20550
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20551
msgstr ""
20552
20553
#: serverguide/C/installation.xml:996(para)
20554
msgid ""
20555
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20556
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20557
msgstr ""
20558
20559
#: serverguide/C/installation.xml:1004(para)
20560
msgid ""
20561
"For the LVM <emphasis>/srv</emphasis>, create a new "
20562
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20563
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20564
"<emphasis>\"Done setting up the partition\"</emphasis>."
20565
msgstr ""
20566
20567
#: serverguide/C/installation.xml:1012(para)
20568
msgid ""
20569
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20570
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20571
"disk."
20572
msgstr ""
20573
20574
#: serverguide/C/installation.xml:1020(para)
20575
msgid ""
20576
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20577
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20578
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20579
"After entering a name, select the partition configured for LVM, and choose "
20580
"<emphasis>\"Continue\"</emphasis>."
20581
msgstr ""
20582
20583
#: serverguide/C/installation.xml:1029(para)
20584
msgid ""
20585
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20586
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20587
"volume group, and enter a name for the new LV, for example "
20588
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20589
"a size, which may be the full partition because it can always be extended "
20590
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20591
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20592
msgstr ""
20593
20594
#: serverguide/C/installation.xml:1039(para)
20595
msgid ""
20596
"Now add a filesystem to the new LVM. Select the partition under "
20597
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20598
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20599
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20600
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20601
msgstr ""
20602
20603
#: serverguide/C/installation.xml:1048(para)
20604
msgid ""
20605
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20606
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20607
"the installation."
20608
msgstr ""
20609
20610
#: serverguide/C/installation.xml:1056(para)
20611
msgid "There are some useful utilities to view information about LVM:"
20612
msgstr ""
20613
20614
#: serverguide/C/installation.xml:1061(para)
20615
msgid ""
20616
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20617
msgstr ""
20618
20619
#: serverguide/C/installation.xml:1062(para)
20620
msgid ""
20621
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20622
msgstr ""
20623
20624
#: serverguide/C/installation.xml:1063(para)
20625
msgid ""
20626
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20627
"Physical Volumes."
20628
msgstr ""
20629
20630
#: serverguide/C/installation.xml:1068(title)
20631
msgid "Extending Volume Groups"
20632
msgstr ""
20633
20634
#: serverguide/C/installation.xml:1070(para)
20635
msgid ""
20636
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20637
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20638
"adding it to the volume group (VG), extending the logical volume <filename "
20639
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20640
"example assumes a second hard disk has been added to the system. This hard "
20641
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20642
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20643
"before issuing the commands below. You could lose some data if you issue "
20644
"those commands on a non-empty disk. In our example we will use the entire "
20645
"disk as a physical volume (you could choose to create partitions and use "
20646
"them as different physical volumes)"
20647
msgstr ""
20648
20649
#: serverguide/C/installation.xml:1082(para)
20650
msgid "First, create the physical volume, in a terminal execute:"
20651
msgstr ""
20652
20653
#: serverguide/C/installation.xml:1087(command)
20654
msgid "sudo pvcreate /dev/sdb"
20655
msgstr ""
20656
20657
#: serverguide/C/installation.xml:1093(para)
20658
msgid "Now extend the Volume Group (VG):"
20659
msgstr ""
20660
20661
#: serverguide/C/installation.xml:1098(command)
20662
msgid "sudo vgextend vg01 /dev/sdb"
20663
msgstr ""
20664
20665
#: serverguide/C/installation.xml:1104(para)
20666
msgid ""
20667
"Use <application>vgdisplay</application> to find out the free physical "
20668
"extents - Free PE / size (the size you can allocate). We will assume a free "
20669
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20670
"whole free space available. Use your own PE and/or free space."
20671
msgstr ""
20672
20673
#: serverguide/C/installation.xml:1110(para)
20674
msgid ""
20675
"The Logical Volume (LV) can now be extended by different methods, we will "
20676
"only see how to use the PE to extend the LV:"
20677
msgstr ""
20678
20679
#: serverguide/C/installation.xml:1115(command)
20680
msgid "sudo lvextend /dev/vg01/srv -l +511"
20681
msgstr ""
20682
20683
#: serverguide/C/installation.xml:1118(para)
20684
msgid ""
20685
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20686
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20687
"Gig, Tera, etc bytes."
20688
msgstr ""
20689
20690
#: serverguide/C/installation.xml:1126(para)
20691
msgid ""
20692
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20693
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20694
"practice to unmount it anyway and check the filesystem, so that you don't "
20695
"mess up the day you want to reduce a logical volume (in that case unmounting "
20696
"first is compulsory)."
20697
msgstr ""
20698
20699
#: serverguide/C/installation.xml:1132(para)
20700
msgid ""
20701
"The following commands are for an <emphasis>EXT3</emphasis> or "
20702
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20703
"there may be other utilities available."
20704
msgstr ""
20705
20706
#: serverguide/C/installation.xml:1139(command)
20707
msgid "sudo e2fsck -f /dev/vg01/srv"
20708
msgstr ""
20709
20710
#: serverguide/C/installation.xml:1142(para)
20711
msgid ""
20712
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20713
"forces checking even if the system seems clean."
20714
msgstr ""
20715
20716
#: serverguide/C/installation.xml:1149(para)
20717
msgid "Finally, resize the filesystem:"
20718
msgstr ""
20719
20720
#: serverguide/C/installation.xml:1154(command)
20721
msgid "sudo resize2fs /dev/vg01/srv"
20722
msgstr ""
20723
20724
#: serverguide/C/installation.xml:1160(para)
20725
msgid "Now mount the partition and check its size."
20726
msgstr ""
20727
20728
#: serverguide/C/installation.xml:1165(command)
20729
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20730
msgstr ""
20731
20732
#: serverguide/C/installation.xml:1177(para)
20733
msgid ""
20734
"See the <ulink "
20735
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20736
"Articles</ulink>."
20737
msgstr ""
20738
20739
#: serverguide/C/installation.xml:1182(para)
20740
msgid ""
20741
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20742
"HOWTO</ulink> for more information."
20743
msgstr ""
20744
20745
#: serverguide/C/installation.xml:1187(para)
20746
msgid ""
20747
"Another good article is <ulink "
20748
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20749
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20750
"linuxdevcenter.com site."
20751
msgstr ""
20752
20753
#: serverguide/C/installation.xml:1194(para)
20754
msgid ""
20755
"For more information on <application>fdisk</application> see the <ulink "
20756
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20757
"sk man page</ulink>."
20758
msgstr ""
20759
20760
#: serverguide/C/file-server.xml:13(title)
20761
msgid "File Servers"
20762
msgstr ""
20763
20764
#: serverguide/C/file-server.xml:15(para)
20765
msgid ""
20766
"If you have more than one computer on a single network. At some point you "
20767
"will probably need to share files between them. In this section we cover "
20768
"installing and configuring FTP, NFS, and CUPS."
20769
msgstr ""
20770
20771
#: serverguide/C/file-server.xml:22(title)
20772
msgid "FTP Server"
20773
msgstr ""
20774
20775
#: serverguide/C/file-server.xml:24(para)
20776
msgid ""
20777
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20778
"files between computers. FTP works on a client/server model. The server "
20779
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20780
"listens for FTP requests from remote clients. When a request is received, it "
20781
"manages the login and sets up the connection. For the duration of the "
20782
"session it executes any of commands sent by the FTP client."
20783
msgstr ""
20784
20785
#: serverguide/C/file-server.xml:33(para)
20786
msgid "Access to an FTP server can be managed in two ways:"
20787
msgstr ""
20788
20789
#: serverguide/C/file-server.xml:37(para)
20790
msgid "Anonymous"
20791
msgstr ""
20792
20793
#: serverguide/C/file-server.xml:40(para)
20794
msgid "Authenticated"
20795
msgstr ""
20796
20797
#: serverguide/C/file-server.xml:43(para)
20798
msgid ""
20799
"In the Anonymous mode, remote clients can access the FTP server by using the "
20800
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20801
"address as the password. In the Authenticated mode a user must have an "
20802
"account and a password. User access to the FTP server directories and files "
20803
"is dependent on the permissions defined for the account used at login. As a "
20804
"general rule, the FTP daemon will hide the root directory of the FTP server "
20805
"and change it to the FTP Home directory. This hides the rest of the file "
20806
"system from remote sessions."
20807
msgstr ""
20808
20809
#: serverguide/C/file-server.xml:55(title)
20810
msgid "vsftpd - FTP Server Installation"
20811
msgstr ""
20812
20813
#: serverguide/C/file-server.xml:57(para)
20814
msgid ""
20815
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20816
"and maintain. To install <application>vsftpd</application> you can run the "
20817
"following command:"
20818
msgstr ""
20819
20820
#: serverguide/C/file-server.xml:65(command)
20821
msgid "sudo apt-get install vsftpd"
20822
msgstr ""
20823
20824
#: serverguide/C/file-server.xml:71(title)
20825
msgid "Anonymous FTP Configuration"
20826
msgstr ""
20827
20828
#: serverguide/C/file-server.xml:73(para)
20829
msgid ""
20830
"By default <application>vsftpd</application> is configured to only allow "
20831
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20832
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20833
"default FTP directory."
20834
msgstr ""
20835
20836
#: serverguide/C/file-server.xml:80(para)
20837
msgid ""
20838
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20839
"example, simply create a directory in another location and change the "
20840
"<emphasis>ftp</emphasis> user's home directory:"
20841
msgstr ""
20842
20843
#: serverguide/C/file-server.xml:87(command)
20844
msgid "sudo mkdir /srv/ftp"
20845
msgstr ""
20846
20847
#: serverguide/C/file-server.xml:88(command)
20848
msgid "sudo usermod -d /srv/ftp ftp"
20849
msgstr ""
20850
20851
#: serverguide/C/file-server.xml:91(para)
20852
msgid "After making the change restart <application>vsftpd</application>:"
20853
msgstr ""
20854
20855
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20856
msgid "sudo /etc/init.d/vsftpd restart"
20857
msgstr ""
20858
20859
#: serverguide/C/file-server.xml:99(para)
20860
msgid ""
20861
"Finally, copy any files and directories you would like to make available "
20862
"through anonymous FTP to <filename>/srv/ftp</filename>."
20863
msgstr ""
20864
20865
#: serverguide/C/file-server.xml:106(title)
20866
msgid "User Authenticated FTP Configuration"
20867
msgstr ""
20868
20869
#: serverguide/C/file-server.xml:108(para)
20870
msgid ""
20871
"To configure <application>vsftpd</application> to authenticate system users "
20872
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20873
msgstr ""
20874
20875
#: serverguide/C/file-server.xml:114(programlisting)
20876
#, no-wrap
20877
msgid ""
20878
"\n"
20879
"local_enable=YES\n"
20880
"write_enable=YES\n"
20881
msgstr ""
20882
20883
#: serverguide/C/file-server.xml:119(para)
20884
msgid "Now restart <application>vsftpd</application>:"
20885
msgstr ""
20886
20887
#: serverguide/C/file-server.xml:127(para)
20888
msgid ""
20889
"Now when system users login to FTP they will start in their "
20890
"<emphasis>home</emphasis> directories where they can download, upload, "
20891
"create directories, etc."
20892
msgstr ""
20893
20894
#: serverguide/C/file-server.xml:133(para)
20895
msgid ""
20896
"Similarly, by default, the anonymous users are not allowed to upload files "
20897
"to FTP server. To change this setting, you should uncomment the following "
20898
"line, and restart <application>vsftpd</application>:"
20899
msgstr ""
20900
20901
#: serverguide/C/file-server.xml:140(programlisting)
20902
#, no-wrap
20903
msgid ""
20904
"\n"
20905
"anon_upload_enable=YES\n"
20906
msgstr ""
20907
20908
#: serverguide/C/file-server.xml:145(para)
20909
msgid ""
20910
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20911
"not enable anonymous upload on servers accessed directly from the Internet."
20912
msgstr ""
20913
20914
#: serverguide/C/file-server.xml:151(para)
20915
msgid ""
20916
"The configuration file consists of many configuration parameters. The "
20917
"information about each parameter is available in the configuration file. "
20918
"Alternatively, you can refer to the man page, <command>man 5 "
20919
"vsftpd.conf</command> for details of each parameter."
20920
msgstr ""
20921
20922
#: serverguide/C/file-server.xml:162(title)
20923
msgid "Securing FTP"
20924
msgstr ""
20925
20926
#: serverguide/C/file-server.xml:164(para)
20927
msgid ""
20928
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
20929
"<application>vsftpd</application> more secure. For example users can be "
20930
"limited to their home directories by uncommenting:"
20931
msgstr ""
20932
20933
#: serverguide/C/file-server.xml:170(programlisting)
20934
#, no-wrap
20935
msgid ""
20936
"\n"
20937
"chroot_local_user=YES\n"
20938
msgstr ""
20939
20940
#: serverguide/C/file-server.xml:174(para)
20941
msgid ""
20942
"You can also limit a specific list of users to just their home directories:"
20943
msgstr ""
20944
20945
#: serverguide/C/file-server.xml:178(programlisting)
20946
#, no-wrap
20947
msgid ""
20948
"\n"
20949
"chroot_list_enable=YES\n"
20950
"chroot_list_file=/etc/vsftpd.chroot_list\n"
20951
msgstr ""
20952
20953
#: serverguide/C/file-server.xml:183(para)
20954
msgid ""
20955
"After uncommenting the above options, create a "
20956
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
20957
"per line. Then restart <application>vsftpd</application>:"
20958
msgstr ""
20959
20960
#: serverguide/C/file-server.xml:192(para)
20961
msgid ""
20962
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
20963
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
20964
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
20965
"add them to the list."
20966
msgstr ""
20967
20968
#: serverguide/C/file-server.xml:199(para)
20969
msgid ""
20970
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
20971
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
20972
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
20973
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
20974
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
20975
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
20976
"with a shell may not be ideal for some environments, such as a shared web "
20977
"host."
20978
msgstr ""
20979
20980
#: serverguide/C/file-server.xml:208(para)
20981
msgid ""
20982
"To configure <emphasis>FTPS</emphasis>, edit "
20983
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
20984
msgstr ""
20985
20986
#: serverguide/C/file-server.xml:212(programlisting)
20987
#, no-wrap
20988
msgid ""
20989
"\n"
20990
"ssl_enable=Yes\n"
20991
msgstr ""
20992
20993
#: serverguide/C/file-server.xml:216(para)
20994
msgid "Also, notice the certificate and key related options:"
20995
msgstr ""
20996
20997
#: serverguide/C/file-server.xml:220(programlisting)
20998
#, no-wrap
20999
msgid ""
21000
"\n"
21001
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21002
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21003
msgstr ""
21004
21005
#: serverguide/C/file-server.xml:225(para)
21006
msgid ""
21007
"By default these options are set the certificate and key provided by the "
21008
"<application>ssl-cert</application> package. In a production environment "
21009
"these should be replaced with a certificate and key generated for the "
21010
"specific host. For more information on certificates see <xref "
21011
"linkend=\"certificates-and-security\"/>."
21012
msgstr ""
21013
21014
#: serverguide/C/file-server.xml:231(para)
21015
msgid ""
21016
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21017
"be forced to use <emphasis>FTPS</emphasis>:"
21018
msgstr ""
21019
21020
#: serverguide/C/file-server.xml:240(para)
21021
msgid ""
21022
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21023
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21024
"adding the <emphasis>nologin</emphasis> shell:"
21025
msgstr ""
21026
21027
#: serverguide/C/file-server.xml:245(programlisting)
21028
#, no-wrap
21029
msgid ""
21030
"\n"
21031
"# /etc/shells: valid login shells\n"
21032
"/bin/csh\n"
21033
"/bin/sh\n"
21034
"/usr/bin/es\n"
21035
"/usr/bin/ksh\n"
21036
"/bin/ksh\n"
21037
"/usr/bin/rc\n"
21038
"/usr/bin/tcsh\n"
21039
"/bin/tcsh\n"
21040
"/usr/bin/esh\n"
21041
"/bin/dash\n"
21042
"/bin/bash\n"
21043
"/bin/rbash\n"
21044
"/usr/bin/screen\n"
21045
"/usr/sbin/nologin\n"
21046
msgstr ""
21047
21048
#: serverguide/C/file-server.xml:263(para)
21049
msgid ""
21050
"This is necessary because, by default <application>vsftpd</application> uses "
21051
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21052
"configuration file contains:"
21053
msgstr ""
21054
21055
#: serverguide/C/file-server.xml:268(programlisting)
21056
#, no-wrap
21057
msgid ""
21058
"\n"
21059
"auth required pam_shells.so\n"
21060
msgstr ""
21061
21062
#: serverguide/C/file-server.xml:272(para)
21063
msgid ""
21064
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21065
"in the <filename>/etc/shells</filename> file."
21066
msgstr ""
21067
21068
#: serverguide/C/file-server.xml:277(para)
21069
msgid ""
21070
"Most popular FTP clients can be configured connect using FTPS. The "
21071
"<application>lftp</application> command line FTP client has the ability to "
21072
"use FTPS as well."
21073
msgstr ""
21074
21075
#: serverguide/C/file-server.xml:288(para)
21076
msgid ""
21077
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21078
"website</ulink> for more information."
21079
msgstr ""
21080
21081
#: serverguide/C/file-server.xml:293(para)
21082
msgid ""
21083
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21084
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21085
"\">vsftpd.conf man page</ulink>."
21086
msgstr ""
21087
21088
#: serverguide/C/file-server.xml:299(para)
21089
msgid ""
21090
"The CodeGurus article <ulink "
21091
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21092
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21093
"contrasting FTPS and SFTP."
21094
msgstr ""
21095
21096
#: serverguide/C/file-server.xml:305(para)
21097
msgid ""
21098
"Also, for more information see the <ulink "
21099
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21100
"page."
21101
msgstr ""
21102
21103
#: serverguide/C/file-server.xml:315(title)
21104
msgid "Network File System (NFS)"
21105
msgstr ""
21106
21107
#: serverguide/C/file-server.xml:316(para)
21108
msgid ""
21109
"NFS allows a system to share directories and files with others over a "
21110
"network. By using NFS, users and programs can access files on remote systems "
21111
"almost as if they were local files."
21112
msgstr ""
21113
21114
#: serverguide/C/file-server.xml:322(para)
21115
msgid "Some of the most notable benefits that NFS can provide are:"
21116
msgstr ""
21117
21118
#: serverguide/C/file-server.xml:328(para)
21119
msgid ""
21120
"Local workstations use less disk space because commonly used data can be "
21121
"stored on a single machine and still remain accessible to others over the "
21122
"network."
21123
msgstr ""
21124
21125
#: serverguide/C/file-server.xml:333(para)
21126
msgid ""
21127
"There is no need for users to have separate home directories on every "
21128
"network machine. Home directories could be set up on the NFS server and made "
21129
"available throughout the network."
21130
msgstr ""
21131
21132
#: serverguide/C/file-server.xml:339(para)
21133
msgid ""
21134
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21135
"be used by other machines on the network. This may reduce the number of "
21136
"removable media drives throughout the network."
21137
msgstr ""
21138
21139
#: serverguide/C/file-server.xml:349(para)
21140
msgid ""
21141
"At a terminal prompt enter the following command to install the NFS Server:"
21142
msgstr ""
21143
21144
#: serverguide/C/file-server.xml:355(command)
21145
msgid "sudo apt-get install nfs-kernel-server"
21146
msgstr ""
21147
21148
#: serverguide/C/file-server.xml:361(para)
21149
msgid ""
21150
"You can configure the directories to be exported by adding them to the "
21151
"<filename>/etc/exports</filename> file. For example:"
21152
msgstr ""
21153
21154
#: serverguide/C/file-server.xml:366(screen)
21155
#, no-wrap
21156
msgid ""
21157
"\n"
21158
"/ubuntu *(ro,sync,no_root_squash)\n"
21159
"/home *(rw,sync,no_root_squash)\n"
21160
msgstr ""
21161
21162
#: serverguide/C/file-server.xml:372(para)
21163
msgid ""
21164
"You can replace * with one of the hostname formats. Make the hostname "
21165
"declaration as specific as possible so unwanted systems cannot access the "
21166
"NFS mount."
21167
msgstr ""
21168
21169
#: serverguide/C/file-server.xml:378(para)
21170
msgid ""
21171
"To start the NFS server, you can run the following command at a terminal "
21172
"prompt:"
21173
msgstr ""
21174
21175
#: serverguide/C/file-server.xml:383(command)
21176
msgid "sudo /etc/init.d/nfs-kernel-server start"
21177
msgstr ""
21178
21179
#: serverguide/C/file-server.xml:388(title)
21180
msgid "NFS Client Configuration"
21181
msgstr ""
21182
21183
#: serverguide/C/file-server.xml:389(para)
21184
msgid ""
21185
"Use the <application>mount</application> command to mount a shared NFS "
21186
"directory from another machine, by typing a command line similar to the "
21187
"following at a terminal prompt:"
21188
msgstr ""
21189
21190
#: serverguide/C/file-server.xml:395(command)
21191
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21192
msgstr ""
21193
21194
#: serverguide/C/file-server.xml:399(para)
21195
msgid ""
21196
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21197
"There should be no files or subdirectories in the "
21198
"<filename>/local/ubuntu</filename> directory."
21199
msgstr ""
21200
21201
#: serverguide/C/file-server.xml:406(para)
21202
msgid ""
21203
"An alternate way to mount an NFS share from another machine is to add a line "
21204
"to the <filename>/etc/fstab</filename> file. The line must state the "
21205
"hostname of the NFS server, the directory on the server being exported, and "
21206
"the directory on the local machine where the NFS share is to be mounted."
21207
msgstr ""
21208
21209
#: serverguide/C/file-server.xml:414(para)
21210
msgid ""
21211
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21212
"as follows:"
21213
msgstr ""
21214
21215
#: serverguide/C/file-server.xml:420(programlisting)
21216
#, no-wrap
21217
msgid ""
21218
"\n"
21219
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21220
"rsize=8192,wsize=8192,timeo=14,intr\n"
21221
msgstr ""
21222
21223
#: serverguide/C/file-server.xml:424(para)
21224
msgid ""
21225
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21226
"common</application> package is installed on your client. To install "
21227
"<application>nfs-common</application> enter the following command at the "
21228
"terminal prompt: <screen>\n"
21229
"<command>sudo apt-get install nfs-common</command>\n"
21230
"</screen>"
21231
msgstr ""
21232
21233
#: serverguide/C/file-server.xml:437(ulink)
21234
msgid "Linux NFS faq"
21235
msgstr ""
21236
21237
#: serverguide/C/file-server.xml:439(ulink)
21238
msgid "Ubuntu Wiki NFS Howto"
21239
msgstr ""
21240
21241
#: serverguide/C/file-server.xml:445(title)
21242
msgid "CUPS - Print Server"
21243
msgstr ""
21244
21245
#: serverguide/C/file-server.xml:446(para)
21246
msgid ""
21247
"The primary mechanism for Ubuntu printing and print services is the "
21248
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21249
"printing system is a freely available, portable printing layer which has "
21250
"become the new standard for printing in most Linux distributions."
21251
msgstr ""
21252
21253
#: serverguide/C/file-server.xml:453(para)
21254
msgid ""
21255
"CUPS manages print jobs and queues and provides network printing using the "
21256
"standard Internet Printing Protocol (IPP), while offering support for a very "
21257
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21258
"also supports PostScript Printer Description (PPD) and auto-detection of "
21259
"network printers, and features a simple web-based configuration and "
21260
"administration tool."
21261
msgstr ""
21262
21263
#: serverguide/C/file-server.xml:463(para)
21264
msgid ""
21265
"To install CUPS on your Ubuntu computer, simply use "
21266
"<application>sudo</application> with the <application>apt-get</application> "
21267
"command and give the packages to install as the first parameter. A complete "
21268
"CUPS install has many package dependencies, but they may all be specified on "
21269
"the same command line. Enter the following at a terminal prompt to install "
21270
"CUPS:"
21271
msgstr ""
21272
21273
#: serverguide/C/file-server.xml:468(command)
21274
msgid "sudo apt-get install cups"
21275
msgstr ""
21276
21277
#: serverguide/C/file-server.xml:471(para)
21278
msgid ""
21279
"Upon authenticating with your user password, the packages should be "
21280
"downloaded and installed without error. Upon the conclusion of installation, "
21281
"the CUPS server will be started automatically."
21282
msgstr ""
21283
21284
#: serverguide/C/file-server.xml:476(para)
21285
msgid ""
21286
"For troubleshooting purposes, you can access CUPS server errors via the "
21287
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21288
"error log does not show enough information to troubleshoot any problems you "
21289
"encounter, the verbosity of the CUPS log can be increased by changing the "
21290
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21291
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21292
"everything, from the default of \"info\". If you make this change, remember "
21293
"to change it back once you've solved your problem, to prevent the log file "
21294
"from becoming overly large."
21295
msgstr ""
21296
21297
#: serverguide/C/file-server.xml:489(para)
21298
msgid ""
21299
"The Common UNIX Printing System server's behavior is configured through the "
21300
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21301
"The CUPS configuration file follows the same syntax as the primary "
21302
"configuration file for the Apache HTTP server, so users familiar with "
21303
"editing Apache's configuration file should feel at ease when editing the "
21304
"CUPS configuration file. Some examples of settings you may wish to change "
21305
"initially will be presented here."
21306
msgstr ""
21307
21308
#: serverguide/C/file-server.xml:499(para)
21309
msgid ""
21310
"Prior to editing the configuration file, you should make a copy of the "
21311
"original file and protect it from writing, so you will have the original "
21312
"settings as a reference, and to reuse as necessary."
21313
msgstr ""
21314
21315
#: serverguide/C/file-server.xml:503(para)
21316
msgid ""
21317
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21318
"writing with the following commands, issued at a terminal prompt:"
21319
msgstr ""
21320
21321
#: serverguide/C/file-server.xml:509(command)
21322
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21323
msgstr ""
21324
21325
#: serverguide/C/file-server.xml:510(command)
21326
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21327
msgstr ""
21328
21329
#: serverguide/C/file-server.xml:515(para)
21330
msgid ""
21331
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21332
"address of the designated administrator of the CUPS server, simply edit the "
21333
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21334
"preferred text editor, and add or modify the <emphasis "
21335
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21336
"you are the Administrator for the CUPS server, and your e-mail address is "
21337
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21338
"as such:"
21339
msgstr ""
21340
21341
#: serverguide/C/file-server.xml:526(screen)
21342
#, no-wrap
21343
msgid ""
21344
"\n"
21345
"ServerAdmin bjoy@somebigco.com\n"
21346
msgstr ""
21347
21348
#: serverguide/C/file-server.xml:532(para)
21349
msgid ""
21350
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21351
"server installation listens only on the loopback interface at IP address "
21352
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21353
"listen on an actual network adapter's IP address, you must specify either a "
21354
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21355
"addition of a Listen directive. For example, if your CUPS server resides on "
21356
"a local network at the IP address <emphasis "
21357
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21358
"accessible to the other systems on this subnetwork, you would edit the "
21359
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21360
"such:"
21361
msgstr ""
21362
21363
#: serverguide/C/file-server.xml:546(screen)
21364
#, no-wrap
21365
msgid ""
21366
"\n"
21367
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21368
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21369
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21370
"(IPP)\n"
21371
msgstr ""
21372
21373
#: serverguide/C/file-server.xml:552(para)
21374
msgid ""
21375
"In the example above, you may comment out or remove the reference to the "
21376
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21377
"</application> to listen on that interface, but would rather have it only "
21378
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21379
"listening for all network interfaces for which a certain hostname is bound, "
21380
"including the Loopback, you could create a Listen entry for the hostname "
21381
"<emphasis>socrates</emphasis> as such:"
21382
msgstr ""
21383
21384
#: serverguide/C/file-server.xml:562(screen)
21385
#, no-wrap
21386
msgid ""
21387
"\n"
21388
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21389
msgstr ""
21390
21391
#: serverguide/C/file-server.xml:566(para)
21392
msgid ""
21393
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21394
"instead, as in:"
21395
msgstr ""
21396
21397
#: serverguide/C/file-server.xml:568(screen)
21398
#, no-wrap
21399
msgid ""
21400
"\n"
21401
"Port 631 # Listen on port 631 on all interfaces\n"
21402
msgstr ""
21403
21404
#: serverguide/C/file-server.xml:575(para)
21405
msgid ""
21406
"For more examples of configuration directives in the CUPS server "
21407
"configuration file, view the associated system manual page by entering the "
21408
"following command at a terminal prompt:"
21409
msgstr ""
21410
21411
#: serverguide/C/file-server.xml:582(command)
21412
msgid "man cupsd.conf"
21413
msgstr ""
21414
21415
#: serverguide/C/file-server.xml:586(para)
21416
msgid ""
21417
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21418
"configuration file, you'll need to restart the CUPS server by typing the "
21419
"following command at a terminal prompt:"
21420
msgstr ""
21421
21422
#: serverguide/C/file-server.xml:592(command)
21423
msgid "sudo /etc/init.d/cups restart"
21424
msgstr ""
21425
21426
#: serverguide/C/file-server.xml:598(title)
21427
msgid "Web Interface"
21428
msgstr ""
21429
21430
#: serverguide/C/file-server.xml:600(para)
21431
msgid ""
21432
"CUPS can be configured and monitored using a web interface, which by default "
21433
"is available at <ulink "
21434
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21435
"web interface can be used to perform all printer management tasks."
21436
msgstr ""
21437
21438
#: serverguide/C/file-server.xml:604(para)
21439
msgid ""
21440
"In order to perform administrative tasks via the web interface, you must "
21441
"either have the root account enabled on your server, or authenticate as a "
21442
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21443
"reasons, CUPS won't authenticate a user that doesn't have a password."
21444
msgstr ""
21445
21446
#: serverguide/C/file-server.xml:607(para)
21447
msgid ""
21448
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21449
"at the terminal prompt: <screen>\n"
21450
"<command>sudo usermod -aG lpadmin username</command>\n"
21451
"</screen>"
21452
msgstr ""
21453
21454
#: serverguide/C/file-server.xml:613(para)
21455
msgid ""
21456
"Further documentation is available in the <emphasis "
21457
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21458
msgstr ""
21459
21460
#: serverguide/C/file-server.xml:621(ulink)
21461
msgid "CUPS Website"
21462
msgstr ""
21463
21464
#: serverguide/C/file-server.xml:624(ulink)
21465
msgid "Ubuntu Wiki CUPS page"
21466
msgstr ""
21467
21468
#: serverguide/C/dns.xml:13(title)
21469
msgid "Domain Name Service (DNS)"
21470
msgstr ""
21471
21472
#: serverguide/C/dns.xml:14(para)
21473
msgid ""
21474
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21475
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21476
"alleviates the need to remember IP addresses. Computers that run DNS are "
21477
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21478
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21479
"common program used for maintaining a name server on Linux."
21480
msgstr ""
21481
21482
#: serverguide/C/dns.xml:24(para)
21483
msgid ""
21484
"At a terminal prompt, enter the following command to install "
21485
"<application>dns</application>:"
21486
msgstr ""
21487
21488
#: serverguide/C/dns.xml:28(command)
21489
msgid "sudo apt-get install bind9"
21490
msgstr ""
21491
21492
#: serverguide/C/dns.xml:30(para)
21493
msgid ""
21494
"A very useful package for testing and troubleshooting DNS issues is the "
21495
"dnsutils package. To install <application>dnsutils</application> enter the "
21496
"following:"
21497
msgstr ""
21498
21499
#: serverguide/C/dns.xml:35(command)
21500
msgid "sudo apt-get install dnsutils"
21501
msgstr ""
21502
21503
#: serverguide/C/dns.xml:40(para)
21504
msgid ""
21505
"There are many ways to configure <application>BIND9</application>. Some of "
21506
"the most common configurations are a caching nameserver, primary master, and "
21507
"as a secondary master."
21508
msgstr ""
21509
21510
#: serverguide/C/dns.xml:46(para)
21511
msgid ""
21512
"When configured as a caching nameserver BIND9 will find the answer to name "
21513
"queries and remember the answer when the domain is queried again."
21514
msgstr ""
21515
21516
#: serverguide/C/dns.xml:52(para)
21517
msgid ""
21518
"As a primary master server BIND9 reads the data for a zone from a file on "
21519
"it's host and is authoritative for that zone."
21520
msgstr ""
21521
21522
#: serverguide/C/dns.xml:57(para)
21523
msgid ""
21524
"In a secondary master configuration BIND9 gets the zone data from another "
21525
"nameserver authoritative for the zone."
21526
msgstr ""
21527
21528
#: serverguide/C/dns.xml:65(para)
21529
msgid ""
21530
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21531
"directory. The primary configuration file is "
21532
"<filename>/etc/bind/named.conf</filename>."
21533
msgstr ""
21534
21535
#: serverguide/C/dns.xml:72(para)
21536
msgid ""
21537
"The <emphasis>include</emphasis> line specifies the filename which contains "
21538
"the DNS options. The <emphasis>directory</emphasis> line in the "
21539
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21540
"look for files. All files BIND uses will be relative to this directory."
21541
msgstr ""
21542
21543
#: serverguide/C/dns.xml:80(para)
21544
msgid ""
21545
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21546
"nameservers in the world. The servers change over time, so the "
21547
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21548
"This is usually done as updates to the <application>bind9</application> "
21549
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21550
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21551
msgstr ""
21552
21553
#: serverguide/C/dns.xml:90(para)
21554
msgid ""
21555
"It is possible to configure the same server to be a caching name server, "
21556
"primary master, and secondary master. A server can be the Start of Authority "
21557
"(SOA) for one zone, while providing secondary service for another zone. All "
21558
"the while providing caching services for hosts on the local LAN."
21559
msgstr ""
21560
21561
#: serverguide/C/dns.xml:98(title)
21562
msgid "Caching Nameserver"
21563
msgstr ""
21564
21565
#: serverguide/C/dns.xml:99(para)
21566
msgid ""
21567
"The default configuration is setup to act as a caching server. All that is "
21568
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21569
"uncomment and edit the following in "
21570
"<filename>/etc/bind/named.conf.options</filename>:"
21571
msgstr ""
21572
21573
#: serverguide/C/dns.xml:103(programlisting)
21574
#, no-wrap
21575
msgid ""
21576
"\n"
21577
"forwarders {\n"
21578
" 1.2.3.4;\n"
21579
" 5.6.7.8;\n"
21580
" };\n"
21581
msgstr ""
21582
21583
#: serverguide/C/dns.xml:110(para)
21584
msgid ""
21585
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21586
"the IP Adresses of actual nameservers."
21587
msgstr ""
21588
21589
#: serverguide/C/dns.xml:114(para)
21590
msgid ""
21591
"Now restart the DNS server, to enable the new configuration. From a terminal "
21592
"prompt:"
21593
msgstr ""
21594
21595
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21596
msgid "sudo /etc/init.d/bind9 restart"
21597
msgstr ""
21598
21599
#: serverguide/C/dns.xml:120(para)
21600
msgid ""
21601
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21602
"DNS server."
21603
msgstr ""
21604
21605
#: serverguide/C/dns.xml:125(title)
21606
msgid "Primary Master"
21607
msgstr ""
21608
21609
#: serverguide/C/dns.xml:126(para)
21610
msgid ""
21611
"In this section <application>BIND9</application> will be configured as the "
21612
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21613
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21614
"(Fully Qualified Domain Name)."
21615
msgstr ""
21616
21617
#: serverguide/C/dns.xml:132(title)
21618
msgid "Forward Zone File"
21619
msgstr ""
21620
21621
#: serverguide/C/dns.xml:133(para)
21622
msgid ""
21623
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21624
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21625
msgstr ""
21626
21627
#: serverguide/C/dns.xml:137(programlisting)
21628
#, no-wrap
21629
msgid ""
21630
"\n"
21631
"zone \"example.com\" {\n"
21632
"\ttype master;\n"
21633
" file \"/etc/bind/db.example.com\";\n"
21634
"};\n"
21635
msgstr ""
21636
21637
#: serverguide/C/dns.xml:143(para)
21638
msgid ""
21639
"Now use an existing zone file as a template to create the "
21640
"<filename>/etc/bind/db.example.com</filename> file:"
21641
msgstr ""
21642
21643
#: serverguide/C/dns.xml:147(command)
21644
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21645
msgstr ""
21646
21647
#: serverguide/C/dns.xml:149(para)
21648
msgid ""
21649
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21650
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21651
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21652
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21653
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21654
"leaving the \".\" at the end."
21655
msgstr ""
21656
21657
#: serverguide/C/dns.xml:155(para)
21658
msgid ""
21659
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21660
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21661
msgstr ""
21662
21663
#: serverguide/C/dns.xml:159(programlisting)
21664
#, no-wrap
21665
msgid ""
21666
"\n"
21667
";\n"
21668
"; BIND data file for local loopback interface\n"
21669
";\n"
21670
"$TTL 604800\n"
21671
"@ IN SOA ns.example.com. root.example.com. (\n"
21672
" 2 ; Serial\n"
21673
" 604800 ; Refresh\n"
21674
" 86400 ; Retry\n"
21675
" 2419200 ; Expire\n"
21676
" 604800 ) ; Negative Cache TTL\n"
21677
";\n"
21678
"@ IN NS ns.example.com.\n"
21679
"@ IN A 127.0.0.1\n"
21680
"@ IN AAAA ::1\n"
21681
"ns IN A 192.168.1.10\n"
21682
msgstr ""
21683
21684
#: serverguide/C/dns.xml:176(para)
21685
msgid ""
21686
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21687
"make changes to the zone file. If you make multiple changes before "
21688
"restarting BIND9, simply increment the Serial once."
21689
msgstr ""
21690
21691
#: serverguide/C/dns.xml:180(para)
21692
msgid ""
21693
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21694
"linkend=\"dns-record-types\"/> for details."
21695
msgstr ""
21696
21697
#: serverguide/C/dns.xml:184(para)
21698
msgid ""
21699
"Many admins like to use the last date edited as the serial of a zone, such "
21700
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21701
"<emphasis>ss</emphasis> is the Serial Number)"
21702
msgstr ""
21703
21704
#: serverguide/C/dns.xml:189(para)
21705
msgid ""
21706
"Once you have made a change to the zone file "
21707
"<application>BIND9</application> will need to be restarted for the changes "
21708
"to take effect:"
21709
msgstr ""
21710
21711
#: serverguide/C/dns.xml:198(title)
21712
msgid "Reverse Zone File"
21713
msgstr ""
21714
21715
#: serverguide/C/dns.xml:199(para)
21716
msgid ""
21717
"Now that the zone is setup and resolving names to IP Adresses a "
21718
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21719
"DNS to resolve an address to a name."
21720
msgstr ""
21721
21722
#: serverguide/C/dns.xml:203(para)
21723
msgid "Edit /etc/bind/named.conf.local and add the following:"
21724
msgstr ""
21725
21726
#: serverguide/C/dns.xml:206(programlisting)
21727
#, no-wrap
21728
msgid ""
21729
"\n"
21730
"zone \"1.168.192.in-addr.arpa\" {\n"
21731
" type master;\n"
21732
" notify no;\n"
21733
" file \"/etc/bind/db.192\";\n"
21734
"};\n"
21735
msgstr ""
21736
21737
#: serverguide/C/dns.xml:214(para)
21738
msgid ""
21739
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21740
"whatever network you are using. Also, name the zone file "
21741
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21742
"first octet of your network."
21743
msgstr ""
21744
21745
#: serverguide/C/dns.xml:219(para)
21746
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21747
msgstr ""
21748
21749
#: serverguide/C/dns.xml:223(command)
21750
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21751
msgstr ""
21752
21753
#: serverguide/C/dns.xml:225(para)
21754
msgid ""
21755
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21756
"same options as <filename>/etc/bind/db.example.com</filename>:"
21757
msgstr ""
21758
21759
#: serverguide/C/dns.xml:229(programlisting)
21760
#, no-wrap
21761
msgid ""
21762
"\n"
21763
";\n"
21764
"; BIND reverse data file for local loopback interface\n"
21765
";\n"
21766
"$TTL 604800\n"
21767
"@ IN SOA ns.example.com. root.example.com. (\n"
21768
" 2 ; Serial\n"
21769
" 604800 ; Refresh\n"
21770
" 86400 ; Retry\n"
21771
" 2419200 ; Expire\n"
21772
" 604800 ) ; Negative Cache TTL\n"
21773
";\n"
21774
"@ IN NS ns.\n"
21775
"10 IN PTR ns.example.com.\n"
21776
msgstr ""
21777
21778
#: serverguide/C/dns.xml:244(para)
21779
msgid ""
21780
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21781
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21782
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21783
"create a <emphasis>PTR record</emphasis> in "
21784
"<filename>/etc/bind/db.192</filename>."
21785
msgstr ""
21786
21787
#: serverguide/C/dns.xml:249(para)
21788
msgid ""
21789
"After creating the reverse zone file restart "
21790
"<application>BIND9</application>:"
21791
msgstr ""
21792
21793
#: serverguide/C/dns.xml:258(title)
21794
msgid "Secondary Master"
21795
msgstr ""
21796
21797
#: serverguide/C/dns.xml:259(para)
21798
msgid ""
21799
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21800
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21801
"availability of the domain should the Primary become unavailable."
21802
msgstr ""
21803
21804
#: serverguide/C/dns.xml:263(para)
21805
msgid ""
21806
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21807
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21808
"and Reverse zone definitions in "
21809
"<filename>/etc/bind/named.conf.local</filename>:"
21810
msgstr ""
21811
21812
#: serverguide/C/dns.xml:267(programlisting)
21813
#, no-wrap
21814
msgid ""
21815
"\n"
21816
"zone \"example.com\" {\n"
21817
" type master;\n"
21818
"\tfile \"/etc/bind/db.example.com\";\n"
21819
" allow-transfer { 192.168.1.11; };\n"
21820
"};\n"
21821
"\n"
21822
"zone \"1.168.192.in-addr.arpa\" {\n"
21823
" type master;\n"
21824
" notify no;\n"
21825
" file \"/etc/bind/db.192\";\n"
21826
"\tallow-transfer { 192.168.1.11; };\n"
21827
"};\n"
21828
msgstr ""
21829
21830
#: serverguide/C/dns.xml:282(para)
21831
msgid ""
21832
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21833
"Secondary nameserver."
21834
msgstr ""
21835
21836
#: serverguide/C/dns.xml:286(para)
21837
msgid ""
21838
"Next, on the Secondary Master, install the <application>bind9</application> "
21839
"package the same way as on the Primary. Then edit the "
21840
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21841
"declarations for the Forward and Reverse zones:"
21842
msgstr ""
21843
21844
#: serverguide/C/dns.xml:290(programlisting)
21845
#, no-wrap
21846
msgid ""
21847
"\n"
21848
"zone \"example.com\" {\n"
21849
"\ttype slave;\n"
21850
" file \"/var/cache/bind/db.example.com\";\n"
21851
" masters { 192.168.1.10; };\n"
21852
"}; \n"
21853
" \n"
21854
"zone \"1.168.192.in-addr.arpa\" {\n"
21855
"\ttype slave;\n"
21856
" file \"/var/cache/bind/db.192\";\n"
21857
" masters { 192.168.1.10; };\n"
21858
"};\n"
21859
msgstr ""
21860
21861
#: serverguide/C/dns.xml:304(para)
21862
msgid ""
21863
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21864
"Primary nameserver."
21865
msgstr ""
21866
21867
#: serverguide/C/dns.xml:308(para)
21868
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21869
msgstr ""
21870
21871
#: serverguide/C/dns.xml:314(para)
21872
msgid ""
21873
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21874
msgstr ""
21875
21876
#: serverguide/C/dns.xml:317(programlisting)
21877
#, no-wrap
21878
msgid ""
21879
"\n"
21880
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21881
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21882
msgstr ""
21883
21884
#: serverguide/C/dns.xml:322(para)
21885
msgid ""
21886
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21887
"on the Primary is larger than the one on the Secondary."
21888
msgstr ""
21889
21890
#: serverguide/C/dns.xml:328(para)
21891
msgid ""
21892
"The default directory for non-authoritative zone files is "
21893
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21894
"<application>AppArmor</application> to allow the "
21895
"<application>named</application> daemon to write to it. For more information "
21896
"on AppArmor see <xref linkend=\"apparmor\"/>."
21897
msgstr ""
21898
21899
#: serverguide/C/dns.xml:339(para)
21900
msgid ""
21901
"This section covers ways to help determine the cause when problems happen "
21902
"with DNS and <application>BIND9</application>."
21903
msgstr ""
21904
21905
#: serverguide/C/dns.xml:345(title)
21906
msgid "resolv.conf"
21907
msgstr ""
21908
21909
#: serverguide/C/dns.xml:346(para)
21910
msgid ""
21911
"The first step in testing <application>BIND9</application> is to add the "
21912
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
21913
"be configured as well as another host to double check things. Simply edit "
21914
"<filename>/etc/resolv.conf</filename> and add the following:"
21915
msgstr ""
21916
21917
#: serverguide/C/dns.xml:351(programlisting)
21918
#, no-wrap
21919
msgid ""
21920
"\n"
21921
"nameserver\t192.168.1.10\n"
21922
"nameserver\t192.168.1.11\n"
21923
msgstr ""
21924
21925
#: serverguide/C/dns.xml:356(para)
21926
msgid ""
21927
"You should also add the IP Address of the Secondary nameserver in case the "
21928
"Primary becomes unavailable."
21929
msgstr ""
21930
21931
#: serverguide/C/dns.xml:362(title)
21932
msgid "dig"
21933
msgstr ""
21934
21935
#: serverguide/C/dns.xml:363(para)
21936
msgid ""
21937
"If you installed the <application>dnsutils</application> package you can "
21938
"test your setup using the DNS lookup utility <application>dig</application>:"
21939
msgstr ""
21940
21941
#: serverguide/C/dns.xml:369(para)
21942
msgid ""
21943
"After installing <application>BIND9</application> use "
21944
"<application>dig</application> against the loopback interface to make sure "
21945
"it is listening on port 53. From a terminal prompt:"
21946
msgstr ""
21947
21948
#: serverguide/C/dns.xml:374(command)
21949
msgid "dig -x 127.0.0.1"
21950
msgstr ""
21951
21952
#: serverguide/C/dns.xml:376(para)
21953
msgid "You should see lines similar to the following in the command output:"
21954
msgstr ""
21955
21956
#: serverguide/C/dns.xml:379(programlisting)
21957
#, no-wrap
21958
msgid ""
21959
"\n"
21960
";; Query time: 1 msec\n"
21961
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
21962
msgstr ""
21963
21964
#: serverguide/C/dns.xml:385(para)
21965
msgid ""
21966
"If you have configured <application>BIND9</application> as a "
21967
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
21968
"the query time:"
21969
msgstr ""
21970
21971
#: serverguide/C/dns.xml:390(command)
21972
msgid "dig ubuntu.com"
21973
msgstr ""
21974
21975
#: serverguide/C/dns.xml:392(para)
21976
msgid "Note the query time toward the end of the command output:"
21977
msgstr ""
21978
21979
#: serverguide/C/dns.xml:395(programlisting)
21980
#, no-wrap
21981
msgid ""
21982
"\n"
21983
";; Query time: 49 msec\n"
21984
msgstr ""
21985
21986
#: serverguide/C/dns.xml:398(para)
21987
msgid "After a second dig there should be improvement:"
21988
msgstr ""
21989
21990
#: serverguide/C/dns.xml:401(programlisting)
21991
#, no-wrap
21992
msgid ""
21993
"\n"
21994
";; Query time: 1 msec\n"
21995
msgstr ""
21996
21997
#: serverguide/C/dns.xml:408(title)
21998
msgid "ping"
21999
msgstr ""
22000
22001
#: serverguide/C/dns.xml:410(para)
22002
msgid ""
22003
"Now to demonstrate how applications make use of DNS to resolve a host name "
22004
"use the <application>ping</application> utility to send an ICMP echo "
22005
"request. From a terminal prompt enter:"
22006
msgstr ""
22007
22008
#: serverguide/C/dns.xml:416(command)
22009
msgid "ping example.com"
22010
msgstr ""
22011
22012
#: serverguide/C/dns.xml:418(para)
22013
msgid ""
22014
"This tests if the nameserver can resolve the name "
22015
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22016
"should resemble:"
22017
msgstr ""
22018
22019
#: serverguide/C/dns.xml:422(programlisting)
22020
#, no-wrap
22021
msgid ""
22022
"\n"
22023
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22024
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22025
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22026
msgstr ""
22027
22028
#: serverguide/C/dns.xml:429(title)
22029
msgid "named-checkzone"
22030
msgstr ""
22031
22032
#: serverguide/C/dns.xml:430(para)
22033
msgid ""
22034
"A great way to test your zone files is by using the <application>named-"
22035
"checkzone</application> utility installed with the "
22036
"<application>bind9</application> package. This utility allows you to make "
22037
"sure the configuration is correct before restarting "
22038
"<application>BIND9</application> and making the changes live."
22039
msgstr ""
22040
22041
#: serverguide/C/dns.xml:437(para)
22042
msgid ""
22043
"To test our example Forward zone file enter the following from a command "
22044
"prompt:"
22045
msgstr ""
22046
22047
#: serverguide/C/dns.xml:441(command)
22048
msgid "named-checkzone example.com /etc/bind/db.example.com"
22049
msgstr ""
22050
22051
#: serverguide/C/dns.xml:443(para)
22052
msgid ""
22053
"If everything is configured correctly you should see output similar to:"
22054
msgstr ""
22055
22056
#: serverguide/C/dns.xml:446(programlisting)
22057
#, no-wrap
22058
msgid ""
22059
"\n"
22060
"zone example.com/IN: loaded serial 6\n"
22061
"OK\n"
22062
msgstr ""
22063
22064
#: serverguide/C/dns.xml:452(para)
22065
msgid "Similarly, to test the Reverse zone file enter the following:"
22066
msgstr ""
22067
22068
#: serverguide/C/dns.xml:456(command)
22069
msgid "named-checkzone example.com /etc/bind/db.192"
22070
msgstr ""
22071
22072
#: serverguide/C/dns.xml:458(para)
22073
msgid "The output should be similar to:"
22074
msgstr ""
22075
22076
#: serverguide/C/dns.xml:461(programlisting)
22077
#, no-wrap
22078
msgid ""
22079
"\n"
22080
"zone example.com/IN: loaded serial 3\n"
22081
"OK\n"
22082
msgstr ""
22083
22084
#: serverguide/C/dns.xml:468(para)
22085
msgid ""
22086
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22087
"different."
22088
msgstr ""
22089
22090
#: serverguide/C/dns.xml:475(title)
22091
msgid "Logging"
22092
msgstr ""
22093
22094
#: serverguide/C/dns.xml:476(para)
22095
msgid ""
22096
"<application>BIND9</application> has a wide variety of logging configuration "
22097
"options available. There are two main options. The "
22098
"<emphasis>channel</emphasis> option configures where logs go, and the "
22099
"<emphasis>category</emphasis> option determines what information to log."
22100
msgstr ""
22101
22102
#: serverguide/C/dns.xml:480(para)
22103
msgid "If no logging option is configured the default option is:"
22104
msgstr ""
22105
22106
#: serverguide/C/dns.xml:483(programlisting)
22107
#, no-wrap
22108
msgid ""
22109
"\n"
22110
"logging {\n"
22111
" category default { default_syslog; default_debug; };\n"
22112
" category unmatched { null; };\n"
22113
"};\n"
22114
msgstr ""
22115
22116
#: serverguide/C/dns.xml:489(para)
22117
msgid ""
22118
"This section covers configuring <application>BIND9</application> to send "
22119
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22120
"file."
22121
msgstr ""
22122
22123
#: serverguide/C/dns.xml:494(para)
22124
msgid ""
22125
"First, we need to configure a channel to specify which file to send the "
22126
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22127
"the following:"
22128
msgstr ""
22129
22130
#: serverguide/C/dns.xml:498(programlisting)
22131
#, no-wrap
22132
msgid ""
22133
"\n"
22134
"logging {\n"
22135
" channel query.log { \n"
22136
" file \"/var/log/query.log\";\n"
22137
" severity debug 3; \n"
22138
" }; \n"
22139
"};\n"
22140
msgstr ""
22141
22142
#: serverguide/C/dns.xml:508(para)
22143
msgid "Next, configure a category to send all DNS queries to the query file:"
22144
msgstr ""
22145
22146
#: serverguide/C/dns.xml:511(programlisting)
22147
#, no-wrap
22148
msgid ""
22149
"\n"
22150
"logging {\n"
22151
" channel query.log { \n"
22152
" file \"/var/log/query.log\"; \n"
22153
" severity debug 3; \n"
22154
" }; \n"
22155
" <emphasis>category queries { query.log; };</emphasis> \n"
22156
"};\n"
22157
msgstr ""
22158
22159
#: serverguide/C/dns.xml:523(para)
22160
msgid ""
22161
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22162
"level isn't specified level 1 is the default."
22163
msgstr ""
22164
22165
#: serverguide/C/dns.xml:529(para)
22166
msgid ""
22167
"Since the <emphasis>named daemon</emphasis> runs as the "
22168
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22169
"file must be created and the ownership changed:"
22170
msgstr ""
22171
22172
#: serverguide/C/dns.xml:534(command)
22173
msgid "sudo touch /var/log/query.log"
22174
msgstr ""
22175
22176
#: serverguide/C/dns.xml:535(command)
22177
msgid "sudo chown bind /var/log/query.log"
22178
msgstr ""
22179
22180
#: serverguide/C/dns.xml:539(para)
22181
msgid ""
22182
"Before <application>named</application> daemon can write to the new log file "
22183
"the <application>AppArmor</application> profile must be updated. First, edit "
22184
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22185
msgstr ""
22186
22187
#: serverguide/C/dns.xml:543(programlisting)
22188
#, no-wrap
22189
msgid ""
22190
"\n"
22191
"/var/log/query.log w,\n"
22192
msgstr ""
22193
22194
#: serverguide/C/dns.xml:546(para)
22195
msgid "Next, reload the profile:"
22196
msgstr ""
22197
22198
#: serverguide/C/dns.xml:550(command)
22199
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22200
msgstr ""
22201
22202
#: serverguide/C/dns.xml:552(para)
22203
msgid ""
22204
"For more information on <application>AppArmor</application> see <xref "
22205
"linkend=\"apparmor\"/>"
22206
msgstr ""
22207
22208
#: serverguide/C/dns.xml:557(para)
22209
msgid ""
22210
"Now restart <application>BIND9</application> for the changes to take effect:"
22211
msgstr ""
22212
22213
#: serverguide/C/dns.xml:565(para)
22214
msgid ""
22215
"You should see the file <filename>/var/log/query.log</filename> fill with "
22216
"query information. This is a simple example of the "
22217
"<application>BIND9</application> logging options. For coverage of advanced "
22218
"options see <xref linkend=\"dns-more-info\"/>."
22219
msgstr ""
22220
22221
#: serverguide/C/dns.xml:574(title)
22222
msgid "Common Record Types"
22223
msgstr ""
22224
22225
#: serverguide/C/dns.xml:575(para)
22226
msgid "This section covers some of the most common DNS record types."
22227
msgstr ""
22228
22229
#: serverguide/C/dns.xml:580(para)
22230
msgid ""
22231
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22232
msgstr ""
22233
22234
#: serverguide/C/dns.xml:583(programlisting)
22235
#, no-wrap
22236
msgid ""
22237
"\n"
22238
"www IN A 192.168.1.12\n"
22239
msgstr ""
22240
22241
#: serverguide/C/dns.xml:588(para)
22242
msgid ""
22243
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22244
"record. You cannot create a CNAME record pointing to another CNAME record."
22245
msgstr ""
22246
22247
#: serverguide/C/dns.xml:591(programlisting)
22248
#, no-wrap
22249
msgid ""
22250
"\n"
22251
"web IN CNAME www\n"
22252
msgstr ""
22253
22254
#: serverguide/C/dns.xml:596(para)
22255
msgid ""
22256
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22257
"to. Must point to an A record, not a CNAME."
22258
msgstr ""
22259
22260
#: serverguide/C/dns.xml:599(programlisting)
22261
#, no-wrap
22262
msgid ""
22263
"\n"
22264
" IN MX 1 mail.example.com.\n"
22265
"mail IN A 192.168.1.13\n"
22266
msgstr ""
22267
22268
#: serverguide/C/dns.xml:605(para)
22269
msgid ""
22270
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22271
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22272
"Secondary servers are defined."
22273
msgstr ""
22274
22275
#: serverguide/C/dns.xml:609(programlisting)
22276
#, no-wrap
22277
msgid ""
22278
"\n"
22279
" IN NS ns.example.com.\n"
22280
"\tIN NS ns2.example.com.\n"
22281
"ns IN A 192.168.1.10\n"
22282
"ns2\tIN A\t 192.168.1.11\n"
22283
msgstr ""
22284
22285
#: serverguide/C/dns.xml:622(para)
22286
msgid ""
22287
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22288
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22289
msgstr ""
22290
22291
#: serverguide/C/dns.xml:627(para)
22292
msgid ""
22293
"For in depth coverage of <emphasis>DNS</emphasis> and "
22294
"<application>BIND9</application> see <ulink "
22295
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22296
msgstr ""
22297
22298
#: serverguide/C/dns.xml:632(para)
22299
msgid ""
22300
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22301
"BIND</ulink> is a popular book now in it's fifth edition."
22302
msgstr ""
22303
22304
#: serverguide/C/dns.xml:637(para)
22305
msgid ""
22306
"A great place to ask for <application>BIND9</application> assistance, and "
22307
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22308
"server</emphasis> IRC channel on <ulink "
22309
"url=\"http://freenode.net\">freenode</ulink>."
22310
msgstr ""
22311
22312
#: serverguide/C/dns.xml:643(para)
22313
msgid ""
22314
"Also, see the <ulink "
22315
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22316
"HOWTO</ulink> in the Ubuntu Wiki."
22317
msgstr ""
22318
22319
#: serverguide/C/databases.xml:13(title)
22320
msgid "Databases"
22321
msgstr ""
22322
22323
#: serverguide/C/databases.xml:14(para)
22324
msgid "Ubuntu provides two popular database servers. They are:"
22325
msgstr ""
22326
22327
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22328
msgid "PostgreSQL"
22329
msgstr ""
22330
22331
#: serverguide/C/databases.xml:25(para)
22332
msgid ""
22333
"They are available in the main repository. This section explains how to "
22334
"install and configure these database servers."
22335
msgstr ""
22336
22337
#: serverguide/C/databases.xml:32(para)
22338
msgid ""
22339
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22340
"It is intended for mission-critical, heavy-load production systems as well "
22341
"as for embedding into mass-deployed software."
22342
msgstr ""
22343
22344
#: serverguide/C/databases.xml:41(para)
22345
msgid "To install MySQL, run the following command from a terminal prompt:"
22346
msgstr ""
22347
22348
#: serverguide/C/databases.xml:46(command)
22349
msgid "sudo apt-get install mysql-server"
22350
msgstr ""
22351
22352
#: serverguide/C/databases.xml:48(para)
22353
msgid ""
22354
"During the installation process you will be prompted to enter a password for "
22355
"the <application>MySQL</application> root user."
22356
msgstr ""
22357
22358
#: serverguide/C/databases.xml:53(para)
22359
msgid ""
22360
"Once the installation is complete, the MySQL server should be started "
22361
"automatically. You can run the following command from a terminal prompt to "
22362
"check whether the MySQL server is running:"
22363
msgstr ""
22364
22365
#: serverguide/C/databases.xml:61(command)
22366
msgid "sudo netstat -tap | grep mysql"
22367
msgstr ""
22368
22369
#: serverguide/C/databases.xml:70(programlisting)
22370
#, no-wrap
22371
msgid ""
22372
"\n"
22373
"tcp 0 0 localhost:mysql *:* LISTEN "
22374
" 2556/mysqld\n"
22375
msgstr ""
22376
22377
#: serverguide/C/databases.xml:74(para)
22378
msgid ""
22379
"If the server is not running correctly, you can type the following command "
22380
"to start it:"
22381
msgstr ""
22382
22383
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22384
msgid "sudo /etc/init.d/mysql restart"
22385
msgstr ""
22386
22387
#: serverguide/C/databases.xml:85(para)
22388
msgid ""
22389
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22390
"the basic settings -- log file, port number, etc. For example, to configure "
22391
"<application>MySQL</application> to listen for connections from network "
22392
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22393
"server's IP address:"
22394
msgstr ""
22395
22396
#: serverguide/C/databases.xml:91(programlisting)
22397
#, no-wrap
22398
msgid ""
22399
"\n"
22400
"bind-address = 192.168.0.5\n"
22401
msgstr ""
22402
22403
#: serverguide/C/databases.xml:95(para)
22404
msgid "Replace 192.168.0.5 with the appropriate address."
22405
msgstr ""
22406
22407
#: serverguide/C/databases.xml:99(para)
22408
msgid ""
22409
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22410
"<application>mysql</application> daemon will need to be restarted:"
22411
msgstr ""
22412
22413
#: serverguide/C/databases.xml:107(para)
22414
msgid ""
22415
"If you would like to change the "
22416
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22417
"terminal enter:"
22418
msgstr ""
22419
22420
#: serverguide/C/databases.xml:113(command)
22421
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22422
msgstr ""
22423
22424
#: serverguide/C/databases.xml:116(para)
22425
msgid ""
22426
"The <application>mysql</application> daemon will be stopped, and you will be "
22427
"prompted to enter a new password."
22428
msgstr ""
22429
22430
#: serverguide/C/databases.xml:125(para)
22431
msgid ""
22432
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22433
"more information."
22434
msgstr ""
22435
22436
#: serverguide/C/databases.xml:130(para)
22437
msgid ""
22438
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22439
"<application>mysql-doc-5.0</application> package. To install the package "
22440
"enter the following in a terminal:"
22441
msgstr ""
22442
22443
#: serverguide/C/databases.xml:135(command)
22444
msgid "sudo apt-get install mysql-doc-5.0"
22445
msgstr ""
22446
22447
#: serverguide/C/databases.xml:137(para)
22448
msgid ""
22449
"The documentation is in HTML format, to view them enter "
22450
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22451
"chapter/index.html</command> in your browser's address bar."
22452
msgstr ""
22453
22454
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22455
msgid ""
22456
"For general SQL information see <ulink "
22457
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22458
"Special Edition</ulink> by Rafe Colburn."
22459
msgstr ""
22460
22461
#: serverguide/C/databases.xml:149(para)
22462
msgid ""
22463
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22464
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22465
msgstr ""
22466
22467
#: serverguide/C/databases.xml:158(para)
22468
msgid ""
22469
"PostgreSQL is an object-relational database system that has the features of "
22470
"traditional commercial database systems with enhancements to be found in "
22471
"next-generation DBMS systems."
22472
msgstr ""
22473
22474
#: serverguide/C/databases.xml:165(para)
22475
msgid ""
22476
"To install PostgreSQL, run the following command in the command prompt:"
22477
msgstr ""
22478
22479
#: serverguide/C/databases.xml:172(command)
22480
msgid "sudo apt-get install postgresql"
22481
msgstr ""
22482
22483
#: serverguide/C/databases.xml:176(para)
22484
msgid ""
22485
"Once the installation is complete, you should configure the PostgreSQL "
22486
"server based on your needs, although the default configuration is viable."
22487
msgstr ""
22488
22489
#: serverguide/C/databases.xml:184(para)
22490
msgid ""
22491
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22492
"client authentication methods. By default, IDENT authentication method is "
22493
"used for <application>postgres</application> and local users. Please refer "
22494
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22495
"PostgreSQL Administrator's Guide</ulink>."
22496
msgstr ""
22497
22498
#: serverguide/C/databases.xml:191(para)
22499
msgid ""
22500
"The following discussion assumes that you wish to enable TCP/IP connections "
22501
"and use the MD5 method for client authentication. PostgreSQL configuration "
22502
"files are stored in the "
22503
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22504
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22505
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22506
msgstr ""
22507
22508
#: serverguide/C/databases.xml:201(para)
22509
msgid ""
22510
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22511
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22512
msgstr ""
22513
22514
#: serverguide/C/databases.xml:208(para)
22515
msgid ""
22516
"To enable TCP/IP connections, edit the file "
22517
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22518
msgstr ""
22519
22520
#: serverguide/C/databases.xml:210(para)
22521
msgid ""
22522
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22523
"change it to:"
22524
msgstr ""
22525
22526
#: serverguide/C/databases.xml:213(programlisting)
22527
#, no-wrap
22528
msgid ""
22529
"\n"
22530
"listen_addresses = 'localhost'\n"
22531
msgstr ""
22532
22533
#: serverguide/C/databases.xml:217(para)
22534
msgid ""
22535
"To allow other computers to connect to your "
22536
"<application>PostgreSQL</application> server replace 'localhost' with the "
22537
"<emphasis>IP Address</emphasis> of your server."
22538
msgstr ""
22539
22540
#: serverguide/C/databases.xml:222(para)
22541
msgid ""
22542
"You may also edit all other parameters, if you know what you are doing! For "
22543
"details, refer to the configuration file or to the PostgreSQL documentation."
22544
msgstr ""
22545
22546
#: serverguide/C/databases.xml:227(para)
22547
msgid ""
22548
"Now that we can connect to our <application>PostgreSQL</application> server, "
22549
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22550
"user. Run the following command at a terminal prompt to connect to the "
22551
"default PostgreSQL template database:"
22552
msgstr ""
22553
22554
#: serverguide/C/databases.xml:234(command)
22555
msgid "sudo -u postgres psql template1"
22556
msgstr ""
22557
22558
#: serverguide/C/databases.xml:236(para)
22559
msgid ""
22560
"The above command connects to PostgreSQL database "
22561
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22562
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22563
"run the following SQL command at the <application>psql</application> prompt "
22564
"to configure the password for the user <emphasis "
22565
"role=\"italics\">postgres</emphasis>."
22566
msgstr ""
22567
22568
#: serverguide/C/databases.xml:244(command)
22569
msgid "ALTER USER postgres with encrypted password 'your_password';"
22570
msgstr ""
22571
22572
#: serverguide/C/databases.xml:246(para)
22573
msgid ""
22574
"After configuring the password, edit the file "
22575
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22576
"<emphasis>MD5</emphasis> authentication with the "
22577
"<emphasis>postgres</emphasis> user:"
22578
msgstr ""
22579
22580
#: serverguide/C/databases.xml:252(programlisting)
22581
#, no-wrap
22582
msgid ""
22583
"\n"
22584
"local all postgres md5\n"
22585
msgstr ""
22586
22587
#: serverguide/C/databases.xml:256(para)
22588
msgid ""
22589
"Finally, you should restart the <application>PostgreSQL</application> "
22590
"service to initialize the new configuration. From a terminal prompt enter "
22591
"the following to restart <application>PostgreSQL</application>:"
22592
msgstr ""
22593
22594
#: serverguide/C/databases.xml:262(command)
22595
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22596
msgstr ""
22597
22598
#: serverguide/C/databases.xml:265(para)
22599
msgid ""
22600
"The above configuration is not complete by any means. Please refer <ulink "
22601
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22602
"Administrator's Guide</ulink> to configure more parameters."
22603
msgstr ""
22604
22605
#: serverguide/C/databases.xml:276(para)
22606
msgid ""
22607
"As mentioned above the <ulink "
22608
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22609
"Guide</ulink> is an excellent resource. The guide is also available in the "
22610
"<application>postgresql-doc-8.4</application> package. Execute the following "
22611
"in a terminal to install the package:"
22612
msgstr ""
22613
22614
#: serverguide/C/databases.xml:282(command)
22615
msgid "sudo apt-get install postgresql-doc-8.4"
22616
msgstr ""
22617
22618
#: serverguide/C/databases.xml:284(para)
22619
msgid ""
22620
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22621
"8.4/html/index.html</command> into the address bar of your browser."
22622
msgstr ""
22623
22624
#: serverguide/C/databases.xml:296(para)
22625
msgid ""
22626
"Also, see the <ulink "
22627
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22628
"Wiki</ulink> page for more information."
22629
msgstr ""
22630
22631
#: serverguide/C/clustering.xml:13(title)
22632
msgid "Clustering"
22633
msgstr ""
22634
22635
#: serverguide/C/clustering.xml:16(title)
22636
msgid "DRBD"
22637
msgstr ""
22638
22639
#: serverguide/C/clustering.xml:18(para)
22640
msgid ""
22641
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22642
"multiple hosts. The replication is transparent to other applications on the "
22643
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22644
"volumes, etc can be mirrored."
22645
msgstr ""
22646
22647
#: serverguide/C/clustering.xml:24(para)
22648
msgid ""
22649
"To get started using <application>drbd</application>, first install the "
22650
"necessary packages. From a terminal enter:"
22651
msgstr ""
22652
22653
#: serverguide/C/clustering.xml:29(command)
22654
msgid "sudo apt-get install drbd8-utils"
22655
msgstr ""
22656
22657
#: serverguide/C/clustering.xml:33(para)
22658
msgid ""
22659
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22660
"virtual machine you will need to manually compile the "
22661
"<application>drbd</application> module. It may be easier to install the "
22662
"<application>linux-server</application> package inside the virtual machine."
22663
msgstr ""
22664
22665
#: serverguide/C/clustering.xml:40(para)
22666
msgid ""
22667
"This section covers setting up a <application>drbd</application> to "
22668
"replicate a separate <filename>/srv</filename> partition, with an "
22669
"<application>ext3</application> filesystem between two hosts. The partition "
22670
"size is not particularly relevant, but both partitions need to be the same "
22671
"size."
22672
msgstr ""
22673
22674
#: serverguide/C/clustering.xml:49(para)
22675
msgid ""
22676
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22677
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22678
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22679
"See <xref linkend=\"dns\"/> for details."
22680
msgstr ""
22681
22682
#: serverguide/C/clustering.xml:57(para)
22683
msgid ""
22684
"To configure <application>drbd</application>, on the first host edit "
22685
"<filename>/etc/drbd.conf</filename>:"
22686
msgstr ""
22687
22688
#: serverguide/C/clustering.xml:61(programlisting)
22689
#, no-wrap
22690
msgid ""
22691
"\n"
22692
"global { usage-count no; }\n"
22693
"common { syncer { rate 100M; } }\n"
22694
"resource r0 {\n"
22695
" protocol C;\n"
22696
" startup {\n"
22697
" wfc-timeout 15;\n"
22698
" degr-wfc-timeout 60;\n"
22699
" }\n"
22700
" net {\n"
22701
" cram-hmac-alg sha1;\n"
22702
" shared-secret \"secret\";\n"
22703
" }\n"
22704
" on drbd01 {\n"
22705
" device /dev/drbd0;\n"
22706
" disk /dev/sdb1;\n"
22707
" address 192.168.0.1:7788;\n"
22708
" meta-disk internal;\n"
22709
" }\n"
22710
" on drbd02 {\n"
22711
" device /dev/drbd0;\n"
22712
" disk /dev/sdb1;\n"
22713
" address 192.168.0.2:7788;\n"
22714
" meta-disk internal;\n"
22715
" }\n"
22716
"} \n"
22717
msgstr ""
22718
22719
#: serverguide/C/clustering.xml:90(para)
22720
msgid ""
22721
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22722
"this example their default values are fine."
22723
msgstr ""
22724
22725
#: serverguide/C/clustering.xml:98(para)
22726
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22727
msgstr ""
22728
22729
#: serverguide/C/clustering.xml:103(command)
22730
msgid "scp /etc/drbd.conf drbd02:~"
22731
msgstr ""
22732
22733
#: serverguide/C/clustering.xml:109(para)
22734
msgid ""
22735
"And, on <emphasis>drbd02</emphasis> move the file to "
22736
"<filename>/etc</filename>:"
22737
msgstr ""
22738
22739
#: serverguide/C/clustering.xml:114(command)
22740
msgid "sudo mv drbd.conf /etc/"
22741
msgstr ""
22742
22743
#: serverguide/C/clustering.xml:120(para)
22744
msgid ""
22745
"Next, on both hosts, start the <application>drbd</application> daemon:"
22746
msgstr ""
22747
22748
#: serverguide/C/clustering.xml:125(command)
22749
msgid "sudo /etc/init.d/drbd start"
22750
msgstr ""
22751
22752
#: serverguide/C/clustering.xml:131(para)
22753
msgid ""
22754
"Now using the <application>drbdadm</application> utility initialize the meta "
22755
"data storage. On each server execute:"
22756
msgstr ""
22757
22758
#: serverguide/C/clustering.xml:137(command)
22759
msgid "sudo drbdadm create-md r0"
22760
msgstr ""
22761
22762
#: serverguide/C/clustering.xml:143(para)
22763
msgid ""
22764
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22765
"primary, enter the following:"
22766
msgstr ""
22767
22768
#: serverguide/C/clustering.xml:148(command)
22769
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22770
msgstr ""
22771
22772
#: serverguide/C/clustering.xml:154(para)
22773
msgid ""
22774
"After executing the above command, the data will start syncing with the "
22775
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22776
"the following:"
22777
msgstr ""
22778
22779
#: serverguide/C/clustering.xml:160(command)
22780
msgid "watch -n1 cat /proc/drbd"
22781
msgstr ""
22782
22783
#: serverguide/C/clustering.xml:163(para)
22784
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22785
msgstr ""
22786
22787
#: serverguide/C/clustering.xml:170(para)
22788
msgid ""
22789
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22790
msgstr ""
22791
22792
#: serverguide/C/clustering.xml:175(command)
22793
msgid "sudo mkfs.ext3 /dev/drbd0"
22794
msgstr ""
22795
22796
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22797
msgid "sudo mount /dev/drbd0 /srv"
22798
msgstr ""
22799
22800
#: serverguide/C/clustering.xml:186(para)
22801
msgid ""
22802
"To test that the data is actually syncing between the hosts copy some files "
22803
"on the <emphasis>drbd01</emphasis>, the primary, to "
22804
"<filename>/srv</filename>:"
22805
msgstr ""
22806
22807
#: serverguide/C/clustering.xml:195(para)
22808
msgid "Next, unmount <filename>/srv</filename>:"
22809
msgstr ""
22810
22811
#: serverguide/C/clustering.xml:203(para)
22812
msgid ""
22813
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22814
"<emphasis>secondary</emphasis> role:"
22815
msgstr ""
22816
22817
#: serverguide/C/clustering.xml:208(command)
22818
msgid "sudo drbdadm secondary r0"
22819
msgstr ""
22820
22821
#: serverguide/C/clustering.xml:211(para)
22822
msgid ""
22823
"Now on the <emphasis>secondary</emphasis> server "
22824
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22825
msgstr ""
22826
22827
#: serverguide/C/clustering.xml:216(command)
22828
msgid "sudo drbdadm primary r0"
22829
msgstr ""
22830
22831
#: serverguide/C/clustering.xml:219(para)
22832
msgid "Lastly, mount the partition:"
22833
msgstr ""
22834
22835
#: serverguide/C/clustering.xml:227(para)
22836
msgid ""
22837
"Using <emphasis>ls</emphasis> you should see "
22838
"<filename>/srv/default</filename> copied from the former "
22839
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22840
msgstr ""
22841
22842
#: serverguide/C/clustering.xml:238(para)
22843
msgid ""
22844
"For more information on <application>DRBD</application> see the <ulink "
22845
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22846
msgstr ""
22847
22848
#: serverguide/C/clustering.xml:243(para)
22849
msgid ""
22850
"The <ulink "
22851
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22852
">drbd.conf man page</ulink> contains details on the options not covered in "
22853
"this guide."
22854
msgstr ""
22855
22856
#: serverguide/C/clustering.xml:249(para)
22857
msgid ""
22858
"Also, see the <ulink "
22859
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22860
"rbdadm man page</ulink>."
22861
msgstr ""
22862
22863
#: serverguide/C/clustering.xml:254(para)
22864
msgid ""
22865
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22866
"Wiki</ulink> page also has more information."
22867
msgstr ""
22868
22869
#: serverguide/C/chat.xml:13(title)
22870
msgid "Chat Applications"
22871
msgstr ""
22872
22873
#: serverguide/C/chat.xml:19(para)
22874
msgid ""
22875
"In this section, we will discuss how to install and configure a IRC server, "
22876
"<application>ircd-irc2</application>. We will also discuss how to install "
22877
"and configure Jabber, an instance messaging server."
22878
msgstr ""
22879
22880
#: serverguide/C/chat.xml:28(title)
22881
msgid "IRC Server"
22882
msgstr ""
22883
22884
#: serverguide/C/chat.xml:30(para)
22885
msgid ""
22886
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22887
"explains how to install and configure the original IRC server "
22888
"<application>ircd-irc2</application>."
22889
msgstr ""
22890
22891
#: serverguide/C/chat.xml:39(para)
22892
msgid ""
22893
"To install <application>ircd-irc2</application>, run the following command "
22894
"in the command prompt:"
22895
msgstr ""
22896
22897
#: serverguide/C/chat.xml:45(command)
22898
msgid "sudo apt-get install ircd-irc2"
22899
msgstr ""
22900
22901
#: serverguide/C/chat.xml:48(para)
22902
msgid ""
22903
"The configuration files are stored in <filename>/etc/ircd</filename> "
22904
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22905
"irc2</filename> directory."
22906
msgstr ""
22907
22908
#: serverguide/C/chat.xml:59(para)
22909
msgid ""
22910
"The IRC settings can be done in the configuration file "
22911
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
22912
"this file by editing the following line:"
22913
msgstr ""
22914
22915
#: serverguide/C/chat.xml:64(programlisting)
22916
#, no-wrap
22917
msgid ""
22918
"\n"
22919
"M:irc.localhost::Debian ircd default configuration::000A\n"
22920
msgstr ""
22921
22922
#: serverguide/C/chat.xml:68(para)
22923
msgid ""
22924
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
22925
"you set irc.livecipher.com as IRC host name, please make sure "
22926
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
22927
"name should not be same as the host name."
22928
msgstr ""
22929
22930
#: serverguide/C/chat.xml:75(para)
22931
msgid ""
22932
"The IRC admin details can be configured by editing the following line:"
22933
msgstr ""
22934
22935
#: serverguide/C/chat.xml:80(programlisting)
22936
#, no-wrap
22937
msgid ""
22938
"\n"
22939
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
22940
"Server::IRCnet:\n"
22941
msgstr ""
22942
22943
#: serverguide/C/chat.xml:84(para)
22944
msgid ""
22945
"You should add specific lines to configure the list of IRC ports to listen "
22946
"on, to configure Operator credentials, to configure client authentication, "
22947
"etc. For details, please refer to the example configuration file "
22948
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
22949
msgstr ""
22950
22951
#: serverguide/C/chat.xml:92(para)
22952
msgid ""
22953
"The IRC banner to be displayed in the IRC client, when the user connects to "
22954
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
22955
msgstr ""
22956
22957
#: serverguide/C/chat.xml:97(para)
22958
msgid ""
22959
"After making necessary changes to the configuration file, you can restart "
22960
"the IRC server using following command:"
22961
msgstr ""
22962
22963
#: serverguide/C/chat.xml:101(programlisting)
22964
#, no-wrap
22965
msgid ""
22966
"\n"
22967
"sudo /etc/init.d/ircd-irc2 restart\n"
22968
msgstr ""
22969
22970
#: serverguide/C/chat.xml:109(para)
22971
msgid ""
22972
"You may also be interested to take a look at other IRC servers available in "
22973
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
22974
"<application>ircd-hybrid</application>."
22975
msgstr ""
22976
22977
#: serverguide/C/chat.xml:117(para)
22978
msgid ""
22979
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
22980
"FAQ</ulink> for more details about the IRC Server."
22981
msgstr ""
22982
22983
#: serverguide/C/chat.xml:124(para)
22984
msgid ""
22985
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
22986
"IRCD</ulink> page has more information."
22987
msgstr ""
22988
22989
#: serverguide/C/chat.xml:132(title)
22990
msgid "Jabber Instant Messaging Server"
22991
msgstr ""
22992
22993
#: serverguide/C/chat.xml:134(para)
22994
msgid ""
22995
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
22996
"XMPP, an open standard for instant messaging, and used by many popular "
22997
"applications. This section covers setting up a <emphasis>Jabberd "
22998
"2</emphasis> server on a local LAN. This configuration can also be adapted "
22999
"to providing messaging services to users over the Internet."
23000
msgstr ""
23001
23002
#: serverguide/C/chat.xml:143(para)
23003
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23004
msgstr ""
23005
23006
#: serverguide/C/chat.xml:148(command)
23007
msgid "sudo apt-get install jabberd2"
23008
msgstr ""
23009
23010
#: serverguide/C/chat.xml:155(para)
23011
msgid ""
23012
"A couple of XML configuration files will be used to configure "
23013
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23014
"authentication. This is a very simple form of authentication. However, "
23015
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23016
"Postgresql, etc for for user authentication."
23017
msgstr ""
23018
23019
#: serverguide/C/chat.xml:162(para)
23020
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23021
msgstr ""
23022
23023
#: serverguide/C/chat.xml:166(programlisting)
23024
#, no-wrap
23025
msgid ""
23026
"\n"
23027
" <id>jabber.example.com</id>\n"
23028
msgstr ""
23029
23030
#: serverguide/C/chat.xml:171(para)
23031
msgid ""
23032
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23033
"id, of your server."
23034
msgstr ""
23035
23036
#: serverguide/C/chat.xml:176(para)
23037
msgid "Now in the <storage> section change the <driver> to:"
23038
msgstr ""
23039
23040
#: serverguide/C/chat.xml:180(programlisting)
23041
#, no-wrap
23042
msgid ""
23043
"\n"
23044
" <driver>db</driver>\n"
23045
msgstr ""
23046
23047
#: serverguide/C/chat.xml:184(para)
23048
msgid ""
23049
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23050
"<emphasis><local></emphasis> section change:"
23051
msgstr ""
23052
23053
#: serverguide/C/chat.xml:188(programlisting)
23054
#, no-wrap
23055
msgid ""
23056
"\n"
23057
" <id>jabber.example.com</id>\n"
23058
msgstr ""
23059
23060
#: serverguide/C/chat.xml:192(para)
23061
msgid ""
23062
"And in the <authreg> section adjust the <module> section to:"
23063
msgstr ""
23064
23065
#: serverguide/C/chat.xml:196(programlisting)
23066
#, no-wrap
23067
msgid ""
23068
"\n"
23069
" <module>db</module>\n"
23070
msgstr ""
23071
23072
#: serverguide/C/chat.xml:200(para)
23073
msgid ""
23074
"Finally, restart <application>jabberd2</application> to enable the new "
23075
"settings:"
23076
msgstr ""
23077
23078
#: serverguide/C/chat.xml:205(command)
23079
msgid "sudo /etc/init.d/jabberd2 restart"
23080
msgstr ""
23081
23082
#: serverguide/C/chat.xml:208(para)
23083
msgid ""
23084
"You should now be able to connect to the server using a Jabber client like "
23085
"<application>Pidgin</application> for example."
23086
msgstr ""
23087
23088
#: serverguide/C/chat.xml:213(para)
23089
msgid ""
23090
"The advantage of using Berkeley DB for user data is that after being "
23091
"configured no additional maintenance is required. If you need more control "
23092
"over user accounts and credentials another authentication method is "
23093
"recommended."
23094
msgstr ""
23095
23096
#: serverguide/C/chat.xml:225(para)
23097
msgid ""
23098
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23099
"Site</ulink> contains more details on configuring "
23100
"<application>Jabberd2</application>."
23101
msgstr ""
23102
23103
#: serverguide/C/chat.xml:231(para)
23104
msgid ""
23105
"For more authentication options see the <ulink "
23106
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23107
"Guide</ulink>."
23108
msgstr ""
23109
23110
#: serverguide/C/chat.xml:236(para)
23111
msgid ""
23112
"Also, the <ulink "
23113
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23114
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23115
msgstr ""
23116
23117
#: serverguide/C/backups.xml:13(title)
23118
msgid "Backups"
23119
msgstr ""
23120
23121
#: serverguide/C/backups.xml:14(para)
23122
msgid ""
23123
"There are many ways to backup an Ubuntu installation. The most important "
23124
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23125
"consisting of what to backup, where to back it up to, and how to restore it."
23126
msgstr ""
23127
23128
#: serverguide/C/backups.xml:18(para)
23129
msgid ""
23130
"The following sections discuss various ways of accomplishing these tasks."
23131
msgstr ""
23132
23133
#: serverguide/C/backups.xml:22(title)
23134
msgid "Shell Scripts"
23135
msgstr ""
23136
23137
#: serverguide/C/backups.xml:23(para)
23138
msgid ""
23139
"One of the simplest ways to backup a system is using a <emphasis>shell "
23140
"script</emphasis>. For example, a script can be used to configure which "
23141
"directories to backup, and use those directories as arguments to the "
23142
"<application>tar</application> utility creating an archive file. The archive "
23143
"file can then be moved or copied to another location. The archive can also "
23144
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23145
msgstr ""
23146
23147
#: serverguide/C/backups.xml:29(para)
23148
msgid ""
23149
"The <application>tar</application> utility creates one archive file out of "
23150
"many files or directories. <application>tar</application> can also filter "
23151
"the files through compression utilities reducing the size of the archive "
23152
"file."
23153
msgstr ""
23154
23155
#: serverguide/C/backups.xml:35(title)
23156
msgid "Simple Shell Script"
23157
msgstr ""
23158
23159
#: serverguide/C/backups.xml:36(para)
23160
msgid ""
23161
"The following shell script uses <application>tar</application> to create an "
23162
"archive file on a remotely mounted NFS file system. The archive filename is "
23163
"determined using additional command line utilities."
23164
msgstr ""
23165
23166
#: serverguide/C/backups.xml:40(programlisting)
23167
#, no-wrap
23168
msgid ""
23169
"\n"
23170
"#!/bin/sh\n"
23171
"####################################\n"
23172
"#\n"
23173
"# Backup to NFS mount script.\n"
23174
"#\n"
23175
"####################################\n"
23176
"\n"
23177
"# What to backup. \n"
23178
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23179
"\n"
23180
"# Where to backup to.\n"
23181
"dest=\"/mnt/backup\"\n"
23182
"\n"
23183
"# Create archive filename.\n"
23184
"day=$(date +%A)\n"
23185
"hostname=$(hostname -s)\n"
23186
"archive_file=\"$hostname-$day.tgz\"\n"
23187
"\n"
23188
"# Print start status message.\n"
23189
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23190
"date\n"
23191
"echo\n"
23192
"\n"
23193
"# Backup the files using tar.\n"
23194
"tar czf $dest/$archive_file $backup_files\n"
23195
"\n"
23196
"# Print end status message.\n"
23197
"echo\n"
23198
"echo \"Backup finished\"\n"
23199
"date\n"
23200
"\n"
23201
"# Long listing of files in $dest to check file sizes.\n"
23202
"ls -lh $dest\n"
23203
msgstr ""
23204
23205
#: serverguide/C/backups.xml:77(para)
23206
msgid ""
23207
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23208
"would like to backup. The list should be customized to fit your needs."
23209
msgstr ""
23210
23211
#: serverguide/C/backups.xml:83(para)
23212
msgid ""
23213
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23214
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23215
"day of the week, giving a backup history of seven days. There are other ways "
23216
"to accomplish this including other ways using the "
23217
"<application>date</application> utility."
23218
msgstr ""
23219
23220
#: serverguide/C/backups.xml:90(para)
23221
msgid ""
23222
"<emphasis>$hostname:</emphasis> variable containing the "
23223
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23224
"archive filename gives you the option of placing daily archive files from "
23225
"multiple systems in the same directory."
23226
msgstr ""
23227
23228
#: serverguide/C/backups.xml:97(para)
23229
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23230
msgstr ""
23231
23232
#: serverguide/C/backups.xml:102(para)
23233
msgid ""
23234
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23235
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23236
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23237
"details using <emphasis>NFS</emphasis>."
23238
msgstr ""
23239
23240
#: serverguide/C/backups.xml:109(para)
23241
msgid ""
23242
"<emphasis>status messages:</emphasis> optional messages printed to the "
23243
"console using the <application>echo</application> utility."
23244
msgstr ""
23245
23246
#: serverguide/C/backups.xml:115(para)
23247
msgid ""
23248
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23249
"<application>tar</application> command used to create the archive file."
23250
msgstr ""
23251
23252
#: serverguide/C/backups.xml:121(para)
23253
msgid "<emphasis>c:</emphasis> creates an archive."
23254
msgstr ""
23255
23256
#: serverguide/C/backups.xml:126(para)
23257
msgid ""
23258
"<emphasis>z:</emphasis> filter the archive through the "
23259
"<application>gzip</application> utility compressing the archive."
23260
msgstr ""
23261
23262
#: serverguide/C/backups.xml:131(para)
23263
msgid ""
23264
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23265
"<application>tar</application> output will be sent to STDOUT."
23266
msgstr ""
23267
23268
#: serverguide/C/backups.xml:138(para)
23269
msgid ""
23270
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23271
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23272
"of the destination directory. This is useful for a quick file size check of "
23273
"the archive file. This check should not replace testing the archive file."
23274
msgstr ""
23275
23276
#: serverguide/C/backups.xml:145(para)
23277
msgid ""
23278
"This is a simple example of a backup shell script. There are large amount of "
23279
"options that can be included in a backup script. See <xref linkend=\"backup-"
23280
"shellscript-references\"/> for links to resources providing more in depth "
23281
"shell scripting information."
23282
msgstr ""
23283
23284
#: serverguide/C/backups.xml:152(title)
23285
msgid "Executing the Script"
23286
msgstr ""
23287
23288
#: serverguide/C/backups.xml:154(title)
23289
msgid "Executing from a Terminal"
23290
msgstr ""
23291
23292
#: serverguide/C/backups.xml:155(para)
23293
msgid ""
23294
"The simplest way of executing the above backup script is to copy and paste "
23295
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23296
"from a terminal prompt:"
23297
msgstr ""
23298
23299
#: serverguide/C/backups.xml:160(command)
23300
msgid "sudo bash backup.sh"
23301
msgstr ""
23302
23303
#: serverguide/C/backups.xml:162(para)
23304
msgid ""
23305
"This is a great way to test the script to make sure everything works as "
23306
"expected."
23307
msgstr ""
23308
23309
#: serverguide/C/backups.xml:167(title)
23310
msgid "Executing with cron"
23311
msgstr ""
23312
23313
#: serverguide/C/backups.xml:168(para)
23314
msgid ""
23315
"The <application>cron</application> utility can be used to automate the "
23316
"script execution. The <application>cron</application> daemon allows the "
23317
"execution of scripts, or commands, at a specified time and date."
23318
msgstr ""
23319
23320
#: serverguide/C/backups.xml:172(para)
23321
msgid ""
23322
"<application>cron</application> is configured through entries in a "
23323
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23324
"separated into fields:"
23325
msgstr ""
23326
23327
#: serverguide/C/backups.xml:176(programlisting)
23328
#, no-wrap
23329
msgid ""
23330
"\n"
23331
"# m h dom mon dow command\n"
23332
msgstr ""
23333
23334
#: serverguide/C/backups.xml:181(para)
23335
msgid ""
23336
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23337
msgstr ""
23338
23339
#: serverguide/C/backups.xml:186(para)
23340
msgid ""
23341
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23342
msgstr ""
23343
23344
#: serverguide/C/backups.xml:191(para)
23345
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23346
msgstr ""
23347
23348
#: serverguide/C/backups.xml:196(para)
23349
msgid ""
23350
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23351
msgstr ""
23352
23353
#: serverguide/C/backups.xml:201(para)
23354
msgid ""
23355
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23356
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23357
"valid."
23358
msgstr ""
23359
23360
#: serverguide/C/backups.xml:206(para)
23361
msgid "<emphasis>command:</emphasis> the command to execute."
23362
msgstr ""
23363
23364
#: serverguide/C/backups.xml:211(para)
23365
msgid ""
23366
"To add or change entries in a <filename>crontab</filename> file the "
23367
"<application>crontab -e</application> command should be used. Also, the "
23368
"contents of a <filename>crontab</filename> file can be viewed using the "
23369
"<application>crontab -l</application> command."
23370
msgstr ""
23371
23372
#: serverguide/C/backups.xml:215(para)
23373
msgid ""
23374
"To execute the <application>backup.sh</application> script listed above "
23375
"using <application>cron</application>. Enter the following from a terminal "
23376
"prompt:"
23377
msgstr ""
23378
23379
#: serverguide/C/backups.xml:220(command)
23380
msgid "sudo crontab -e"
23381
msgstr ""
23382
23383
#: serverguide/C/backups.xml:223(para)
23384
msgid ""
23385
"Using <application>sudo</application> with the <application>crontab -"
23386
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23387
"This is necessary if you are backing up directories only the root user has "
23388
"access to."
23389
msgstr ""
23390
23391
#: serverguide/C/backups.xml:228(para)
23392
msgid "Add the following entry to the <filename>crontab</filename> file:"
23393
msgstr ""
23394
23395
#: serverguide/C/backups.xml:231(programlisting)
23396
#, no-wrap
23397
msgid ""
23398
"\n"
23399
"# m h dom mon dow command\n"
23400
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23401
msgstr ""
23402
23403
#: serverguide/C/backups.xml:235(para)
23404
msgid ""
23405
"The <application>backup.sh</application> script will now be executed every "
23406
"day at 12:00 am."
23407
msgstr ""
23408
23409
#: serverguide/C/backups.xml:239(para)
23410
msgid ""
23411
"The <application>backup.sh</application> script will need to be copied to "
23412
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23413
"to execute properly. The script can reside anywhere on the file system "
23414
"simply change the script path appropriately."
23415
msgstr ""
23416
23417
#: serverguide/C/backups.xml:244(para)
23418
msgid ""
23419
"For more in depth <application>crontab</application> options see <xref "
23420
"linkend=\"backup-shellscript-references\"/>."
23421
msgstr ""
23422
23423
#: serverguide/C/backups.xml:250(title)
23424
msgid "Restoring from the Archive"
23425
msgstr ""
23426
23427
#: serverguide/C/backups.xml:251(para)
23428
msgid ""
23429
"Once an archive has been created it is important to test the archive. The "
23430
"archive can be tested by listing the files it contains, but the best test is "
23431
"to <emphasis>restore</emphasis> a file from the archive."
23432
msgstr ""
23433
23434
#: serverguide/C/backups.xml:257(para)
23435
msgid "To see a listing of the archive contents. From a terminal prompt:"
23436
msgstr ""
23437
23438
#: serverguide/C/backups.xml:261(command)
23439
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23440
msgstr ""
23441
23442
#: serverguide/C/backups.xml:265(para)
23443
msgid "To restore a file from the archive to a different directory enter:"
23444
msgstr ""
23445
23446
#: serverguide/C/backups.xml:269(command)
23447
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23448
msgstr ""
23449
23450
#: serverguide/C/backups.xml:271(para)
23451
msgid ""
23452
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23453
"redirects the extracted files to the specified directory. The above example "
23454
"will extract the <filename>/etc/hosts</filename> file to "
23455
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23456
"recreates the directory structure that it contains."
23457
msgstr ""
23458
23459
#: serverguide/C/backups.xml:276(para)
23460
msgid ""
23461
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23462
"the file to restore."
23463
msgstr ""
23464
23465
#: serverguide/C/backups.xml:281(para)
23466
msgid "To restore all files in the archive enter the following:"
23467
msgstr ""
23468
23469
#: serverguide/C/backups.xml:285(command)
23470
msgid "cd /"
23471
msgstr ""
23472
23473
#: serverguide/C/backups.xml:286(command)
23474
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23475
msgstr ""
23476
23477
#: serverguide/C/backups.xml:291(para)
23478
msgid "This will overwrite the files currently on the file system."
23479
msgstr ""
23480
23481
#: serverguide/C/backups.xml:300(para)
23482
msgid ""
23483
"For more information on shell scripting see the <ulink "
23484
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23485
msgstr ""
23486
23487
#: serverguide/C/backups.xml:305(para)
23488
msgid ""
23489
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23490
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23491
"great resource for shell scripting."
23492
msgstr ""
23493
23494
#: serverguide/C/backups.xml:311(para)
23495
msgid ""
23496
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23497
"Wiki Page</ulink> contains details on advanced "
23498
"<application>cron</application> options."
23499
msgstr ""
23500
23501
#: serverguide/C/backups.xml:318(para)
23502
msgid ""
23503
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23504
"tar Manual</ulink> for more <application>tar</application> options."
23505
msgstr ""
23506
23507
#: serverguide/C/backups.xml:324(para)
23508
msgid ""
23509
"The Wikipedia <ulink "
23510
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23511
"Scheme</ulink> article contains information on other backup rotation schemes."
23512
msgstr ""
23513
23514
#: serverguide/C/backups.xml:330(para)
23515
msgid ""
23516
"The shell script uses <application>tar</application> to create the archive, "
23517
"but there many other command line utilities that can be used. For example:"
23518
msgstr ""
23519
23520
#: serverguide/C/backups.xml:336(para)
23521
msgid ""
23522
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23523
"files to and from archives."
23524
msgstr ""
23525
23526
#: serverguide/C/backups.xml:341(para)
23527
msgid ""
23528
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23529
"the <application>coreutils</application> package. A low level utility that "
23530
"can copy data from one format to another"
23531
msgstr ""
23532
23533
#: serverguide/C/backups.xml:347(para)
23534
msgid ""
23535
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23536
"snap shot utility used to create copies of an entire file system."
23537
msgstr ""
23538
23539
#: serverguide/C/backups.xml:358(title)
23540
msgid "Archive Rotation"
23541
msgstr ""
23542
23543
#: serverguide/C/backups.xml:359(para)
23544
msgid ""
23545
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23546
"allows for seven different archives. For a server whose data doesn't change "
23547
"often this may be enough. If the server has a large amount of data a more "
23548
"robust rotation scheme should be used."
23549
msgstr ""
23550
23551
#: serverguide/C/backups.xml:365(title)
23552
msgid "Rotating NFS Archives"
23553
msgstr ""
23554
23555
#: serverguide/C/backups.xml:366(para)
23556
msgid ""
23557
"In this section the shell script will be slightly modified to implement a "
23558
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23559
msgstr ""
23560
23561
#: serverguide/C/backups.xml:372(para)
23562
msgid ""
23563
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23564
"Friday."
23565
msgstr ""
23566
23567
#: serverguide/C/backups.xml:377(para)
23568
msgid ""
23569
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23570
"weekly backups a month."
23571
msgstr ""
23572
23573
#: serverguide/C/backups.xml:382(para)
23574
msgid ""
23575
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23576
"rotating two monthly backups based on if the month is odd or even."
23577
msgstr ""
23578
23579
#: serverguide/C/backups.xml:388(para)
23580
msgid "Here is the new script:"
23581
msgstr ""
23582
23583
#: serverguide/C/backups.xml:391(programlisting)
23584
#, no-wrap
23585
msgid ""
23586
"\n"
23587
"#!/bin/bash\n"
23588
"####################################\n"
23589
"#\n"
23590
"# Backup to NFS mount script with\n"
23591
"# grandfather-father-son rotation.\n"
23592
"#\n"
23593
"####################################\n"
23594
"\n"
23595
"# What to backup. \n"
23596
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23597
"\n"
23598
"# Where to backup to.\n"
23599
"dest=\"/mnt/backup\"\n"
23600
"\n"
23601
"# Setup variables for the archive filename.\n"
23602
"day=$(date +%A)\n"
23603
"hostname=$(hostname -s)\n"
23604
"\n"
23605
"# Find which week of the month 1-4 it is.\n"
23606
"day_num=$(date +%d)\n"
23607
"if (( $day_num <= 7 )); then\n"
23608
" week_file=\"$hostname-week1.tgz\"\n"
23609
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23610
" week_file=\"$hostname-week2.tgz\"\n"
23611
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23612
" week_file=\"$hostname-week3.tgz\"\n"
23613
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23614
" week_file=\"$hostname-week4.tgz\"\n"
23615
"fi\n"
23616
"\n"
23617
"# Find if the Month is odd or even.\n"
23618
"month_num=$(date +%m)\n"
23619
"month=$(expr $month_num % 2)\n"
23620
"if [ $month -eq 0 ]; then\n"
23621
" month_file=\"$hostname-month2.tgz\"\n"
23622
"else\n"
23623
" month_file=\"$hostname-month1.tgz\"\n"
23624
"fi\n"
23625
"\n"
23626
"# Create archive filename.\n"
23627
"if [ $day_num == 1 ]; then\n"
23628
"\tarchive_file=$month_file\n"
23629
"elif [ $day != \"Saturday\" ]; then\n"
23630
" archive_file=\"$hostname-$day.tgz\"\n"
23631
"else \n"
23632
"\tarchive_file=$week_file\n"
23633
"fi\n"
23634
"\n"
23635
"# Print start status message.\n"
23636
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23637
"date\n"
23638
"echo\n"
23639
"\n"
23640
"# Backup the files using tar.\n"
23641
"tar czf $dest/$archive_file $backup_files\n"
23642
"\n"
23643
"# Print end status message.\n"
23644
"echo\n"
23645
"echo \"Backup finished\"\n"
23646
"date\n"
23647
"\n"
23648
"# Long listing of files in $dest to check file sizes.\n"
23649
"ls -lh $dest/\n"
23650
msgstr ""
23651
23652
#: serverguide/C/backups.xml:456(para)
23653
msgid ""
23654
"The script can be executed using the same methods as in <xref "
23655
"linkend=\"backup-executing-shellscript\"/>."
23656
msgstr ""
23657
23658
#: serverguide/C/backups.xml:459(para)
23659
msgid ""
23660
"It is good practice to take backup media off site in case of a disaster. In "
23661
"the shell script example the backup media is another server providing an NFS "
23662
"share. In all likelihood taking the NFS server to another location would not "
23663
"be practical. Depending upon connection speeds it may be an option to copy "
23664
"the archive file over a WAN link to a server in another location."
23665
msgstr ""
23666
23667
#: serverguide/C/backups.xml:465(para)
23668
msgid ""
23669
"Another option is to copy the archive file to an external hard drive which "
23670
"can then be taken off site. Since the price of external hard drives continue "
23671
"to decrease it may be cost-effective to use two drives for each archive "
23672
"level. This would allow you to have one external drive attached to the "
23673
"backup server and one in another location."
23674
msgstr ""
23675
23676
#: serverguide/C/backups.xml:472(title)
23677
msgid "Tape Drives"
23678
msgstr ""
23679
23680
#: serverguide/C/backups.xml:473(para)
23681
msgid ""
23682
"A tape drive attached to the server can be used instead of a NFS share. "
23683
"Using a tape drive simplifies archive rotation, and taking the media off "
23684
"site as well."
23685
msgstr ""
23686
23687
#: serverguide/C/backups.xml:477(para)
23688
msgid ""
23689
"When using a tape drive the filename portions of the script aren't needed "
23690
"because the date is sent directly to the tape device. Some commands to "
23691
"manipulate the tape are needed. This is accomplished using "
23692
"<application>mt</application>, a magnetic tape control utility part of the "
23693
"<application>cpio</application> package."
23694
msgstr ""
23695
23696
#: serverguide/C/backups.xml:482(para)
23697
msgid "Here is the shell script modified to use a tape drive:"
23698
msgstr ""
23699
23700
#: serverguide/C/backups.xml:485(programlisting)
23701
#, no-wrap
23702
msgid ""
23703
"\n"
23704
"#!/bin/bash\n"
23705
"####################################\n"
23706
"#\n"
23707
"# Backup to tape drive script.\n"
23708
"#\n"
23709
"####################################\n"
23710
"\n"
23711
"# What to backup. \n"
23712
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23713
"\n"
23714
"# Where to backup to.\n"
23715
"dest=\"/dev/st0\"\n"
23716
"\n"
23717
"# Print start status message.\n"
23718
"echo \"Backing up $backup_files to $dest\"\n"
23719
"date\n"
23720
"echo\n"
23721
"\n"
23722
"# Make sure the tape is rewound.\n"
23723
"mt -f $dest rewind\n"
23724
"\n"
23725
"# Backup the files using tar.\n"
23726
"tar czf $dest $backup_files\n"
23727
"\n"
23728
"# Rewind and eject the tape.\n"
23729
"mt -f $dest rewoffl\n"
23730
"\n"
23731
"# Print end status message.\n"
23732
"echo\n"
23733
"echo \"Backup finished\"\n"
23734
"date\n"
23735
msgstr ""
23736
23737
#: serverguide/C/backups.xml:519(para)
23738
msgid ""
23739
"The default device name for a SCSI tape drive is "
23740
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23741
"system."
23742
msgstr ""
23743
23744
#: serverguide/C/backups.xml:524(para)
23745
msgid ""
23746
"Restoring from a tape drive is basically the same as restoring from a file. "
23747
"Simply rewind the tape and use the device path instead of a file path. For "
23748
"example to restore the <filename>/etc/hosts</filename> file to "
23749
"<filename>/tmp/etc/hosts</filename>:"
23750
msgstr ""
23751
23752
#: serverguide/C/backups.xml:529(command)
23753
msgid "mt -f /dev/st0 rewind"
23754
msgstr ""
23755
23756
#: serverguide/C/backups.xml:530(command)
23757
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23758
msgstr ""
23759
23760
#: serverguide/C/backups.xml:535(title)
23761
msgid "Bacula"
23762
msgstr ""
23763
23764
#: serverguide/C/backups.xml:536(para)
23765
msgid ""
23766
"<application>Bacula</application> is a backup program enabling you to "
23767
"backup, restore, and verify data across your network. There are Bacula "
23768
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23769
"wide solution."
23770
msgstr ""
23771
23772
#: serverguide/C/backups.xml:542(para)
23773
msgid ""
23774
"<application>Bacula</application> is made up of several components and "
23775
"services used to manage which files to backup and where to back them up to:"
23776
msgstr ""
23777
23778
#: serverguide/C/backups.xml:548(para)
23779
msgid ""
23780
"<application>Bacula Director:</application> a service that controls all "
23781
"backup, restore, verify, and archive operations."
23782
msgstr ""
23783
23784
#: serverguide/C/backups.xml:553(para)
23785
msgid ""
23786
"<application>Bacula Console:</application> an application allowing "
23787
"communication with the Director. There are three versions of the Console:"
23788
msgstr ""
23789
23790
#: serverguide/C/backups.xml:558(para)
23791
msgid "Text based command line version."
23792
msgstr ""
23793
23794
#: serverguide/C/backups.xml:559(para)
23795
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23796
msgstr ""
23797
23798
#: serverguide/C/backups.xml:560(para)
23799
msgid "wxWidgets GUI interface."
23800
msgstr ""
23801
23802
#: serverguide/C/backups.xml:564(para)
23803
msgid ""
23804
"<application>Bacula File:</application> also known as the "
23805
"<application>Bacula Client</application> program. This application is "
23806
"installed on machines to be backed up, and is responsible for the data "
23807
"requested by the Director."
23808
msgstr ""
23809
23810
#: serverguide/C/backups.xml:570(para)
23811
msgid ""
23812
"<application>Bacula Storage:</application> the programs that perform the "
23813
"storage and recovery of data to the physical media."
23814
msgstr ""
23815
23816
#: serverguide/C/backups.xml:575(para)
23817
msgid ""
23818
"<application>Bacula Catalog:</application> is responsible for maintaining "
23819
"the file indexes and volume databases for all files backed up, enabling "
23820
"quick location and restoration of archived files. The Catalog supports three "
23821
"different databases MySQL, PostgreSQL, and SQLite."
23822
msgstr ""
23823
23824
#: serverguide/C/backups.xml:581(para)
23825
msgid ""
23826
"<application>Bacula Monitor:</application> allows the monitoring of the "
23827
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23828
"available as a GTK+ GUI application."
23829
msgstr ""
23830
23831
#: serverguide/C/backups.xml:587(para)
23832
msgid ""
23833
"These services and applications can be run on multiple servers and clients, "
23834
"or they can be installed on one machine if backing up a single disk or "
23835
"volume."
23836
msgstr ""
23837
23838
#: serverguide/C/backups.xml:594(para)
23839
msgid ""
23840
"There are multiple packages containing the different "
23841
"<application>Bacula</application> components. To install Bacula, from a "
23842
"terminal prompt enter:"
23843
msgstr ""
23844
23845
#: serverguide/C/backups.xml:599(command)
23846
msgid "sudo apt-get install bacula"
23847
msgstr ""
23848
23849
#: serverguide/C/backups.xml:601(para)
23850
msgid ""
23851
"By default installing the <application>bacula</application> package will use "
23852
"a <application>MySQL</application> database for the Catalog. If you want to "
23853
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23854
"director-sqlite3</application> or <application>bacula-director-"
23855
"pgsql</application> respectively."
23856
msgstr ""
23857
23858
#: serverguide/C/backups.xml:607(para)
23859
msgid ""
23860
"During the install process you will be asked to supply credentials for the "
23861
"database <emphasis>administrator</emphasis> and the "
23862
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23863
"database administrator will need to have the appropriate rights to create a "
23864
"database, see <xref linkend=\"mysql\"/> for more information."
23865
msgstr ""
23866
23867
#: serverguide/C/backups.xml:617(para)
23868
msgid ""
23869
"<application>Bacula</application> configuration files are formatted based on "
23870
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23871
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23872
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23873
"directory."
23874
msgstr ""
23875
23876
#: serverguide/C/backups.xml:622(para)
23877
msgid ""
23878
"The various <application>Bacula</application> components must authorize "
23879
"themselves to each other. This is accomplished using the "
23880
"<emphasis>password</emphasis> directive. For example, the "
23881
"<emphasis>Storage</emphasis> resource password in the "
23882
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23883
"<emphasis>Director</emphasis> resource password in "
23884
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23885
msgstr ""
23886
23887
#: serverguide/C/backups.xml:628(para)
23888
msgid ""
23889
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23890
"to archive the <application>Bacula</application> Catalog. If you plan on "
23891
"using the server to backup more than one client you should change the name "
23892
"of this job to something more descriptive. To change the name edit "
23893
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23894
msgstr ""
23895
23896
#: serverguide/C/backups.xml:633(programlisting)
23897
#, no-wrap
23898
msgid ""
23899
"\n"
23900
"#\n"
23901
"# Define the main nightly save backup job\n"
23902
"# By default, this job will back up to disk in \n"
23903
"Job {\n"
23904
" Name = \"BackupServer\"\n"
23905
" JobDefs = \"DefaultJob\"\n"
23906
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23907
"}\n"
23908
msgstr ""
23909
23910
#: serverguide/C/backups.xml:644(para)
23911
msgid ""
23912
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
23913
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
23914
"your appropriate hostname, or other descriptive name."
23915
msgstr ""
23916
23917
#: serverguide/C/backups.xml:649(para)
23918
msgid ""
23919
"The <emphasis>Console</emphasis> can be used to query the "
23920
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
23921
"<emphasis>non-root</emphasis> user, the user needs to be in the "
23922
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
23923
"the following from a terminal:"
23924
msgstr ""
23925
23926
#: serverguide/C/backups.xml:655(command)
23927
msgid "sudo adduser $username bacula"
23928
msgstr ""
23929
23930
#: serverguide/C/backups.xml:658(para)
23931
msgid ""
23932
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
23933
"you are adding the current user to the group you should log out and back in "
23934
"for the new permissions to take effect."
23935
msgstr ""
23936
23937
#: serverguide/C/backups.xml:665(title)
23938
msgid "Localhost Backup"
23939
msgstr ""
23940
23941
#: serverguide/C/backups.xml:666(para)
23942
msgid ""
23943
"This section describes how to backup specified directories on a single host "
23944
"to a local tape drive."
23945
msgstr ""
23946
23947
#: serverguide/C/backups.xml:671(para)
23948
msgid ""
23949
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
23950
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
23951
msgstr ""
23952
23953
#: serverguide/C/backups.xml:674(programlisting)
23954
#, no-wrap
23955
msgid ""
23956
"\n"
23957
"Device {\n"
23958
" Name = \"Tape Drive\"\n"
23959
" Device Type = tape\n"
23960
" Media Type = DDS-4\n"
23961
" Archive Device = /dev/st0\n"
23962
" Hardware end of medium = No;\n"
23963
" AutomaticMount = yes; # when device opened, read it\n"
23964
" AlwaysOpen = Yes;\n"
23965
" RemovableMedia = yes;\n"
23966
" RandomAccess = no;\n"
23967
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
23968
"}\n"
23969
msgstr ""
23970
23971
#: serverguide/C/backups.xml:688(para)
23972
msgid ""
23973
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
23974
"Type and Archive Device to match your hardware."
23975
msgstr ""
23976
23977
#: serverguide/C/backups.xml:691(para)
23978
msgid "You could also uncomment one of the other examples in the file."
23979
msgstr ""
23980
23981
#: serverguide/C/backups.xml:696(para)
23982
msgid ""
23983
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
23984
"<application>Storage</application> daemon will need to be restarted:"
23985
msgstr ""
23986
23987
#: serverguide/C/backups.xml:701(command)
23988
msgid "sudo /etc/init.d/bacula-sd restart"
23989
msgstr ""
23990
23991
#: serverguide/C/backups.xml:705(para)
23992
msgid ""
23993
"Now add a <emphasis>Storage</emphasis> resource in "
23994
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
23995
msgstr ""
23996
23997
#: serverguide/C/backups.xml:708(programlisting)
23998
#, no-wrap
23999
msgid ""
24000
"\n"
24001
"# Definition of \"Tape Drive\" storage device\n"
24002
"Storage {\n"
24003
" Name = TapeDrive\n"
24004
" # Do not use \"localhost\" here \n"
24005
" Address = backupserver # N.B. Use a fully qualified name "
24006
"here\n"
24007
" SDPort = 9103\n"
24008
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24009
" Device = \"Tape Drive\"\n"
24010
" Media Type = tape\n"
24011
"}\n"
24012
msgstr ""
24013
24014
#: serverguide/C/backups.xml:720(para)
24015
msgid ""
24016
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24017
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24018
"to the actual host name."
24019
msgstr ""
24020
24021
#: serverguide/C/backups.xml:724(para)
24022
msgid ""
24023
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24024
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24025
msgstr ""
24026
24027
#: serverguide/C/backups.xml:730(para)
24028
msgid ""
24029
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24030
"directories to backup, by adding:"
24031
msgstr ""
24032
24033
#: serverguide/C/backups.xml:733(programlisting)
24034
#, no-wrap
24035
msgid ""
24036
"\n"
24037
"# LocalhostBacup FileSet.\n"
24038
"FileSet {\n"
24039
" Name = \"LocalhostFiles\"\n"
24040
" Include {\n"
24041
" Options {\n"
24042
" signature = MD5\n"
24043
" compression=GZIP\n"
24044
" }\n"
24045
" File = /etc\n"
24046
" File = /home\n"
24047
" }\n"
24048
"}\n"
24049
msgstr ""
24050
24051
#: serverguide/C/backups.xml:747(para)
24052
msgid ""
24053
"This <emphasis>FileSet</emphasis> will backup the <filename "
24054
"role=\"directory\">/etc</filename> and <filename "
24055
"role=\"directory\">/home</filename> directories. The "
24056
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24057
"create a MD5 signature for each file backed up, and to compress the files "
24058
"using GZIP."
24059
msgstr ""
24060
24061
#: serverguide/C/backups.xml:754(para)
24062
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24063
msgstr ""
24064
24065
#: serverguide/C/backups.xml:757(programlisting)
24066
#, no-wrap
24067
msgid ""
24068
"\n"
24069
"# LocalhostBackup Schedule -- Daily.\n"
24070
"Schedule {\n"
24071
" Name = \"LocalhostDaily\"\n"
24072
" Run = Full daily at 00:01\n"
24073
"}\n"
24074
msgstr ""
24075
24076
#: serverguide/C/backups.xml:764(para)
24077
msgid ""
24078
"The job will run every day at 00:01 or 12:01 am. There are many other "
24079
"scheduling options available."
24080
msgstr ""
24081
24082
#: serverguide/C/backups.xml:769(para)
24083
msgid "Finally create the <emphasis>Job</emphasis>:"
24084
msgstr ""
24085
24086
#: serverguide/C/backups.xml:772(programlisting)
24087
#, no-wrap
24088
msgid ""
24089
"\n"
24090
"# Localhost backup.\n"
24091
"Job {\n"
24092
" Name = \"LocalhostBackup\"\n"
24093
" JobDefs = \"DefaultJob\"\n"
24094
" Enabled = yes\n"
24095
" Level = Full\n"
24096
" FileSet = \"LocalhostFiles\"\n"
24097
" Schedule = \"LocalhostDaily\"\n"
24098
" Storage = TapeDrive\n"
24099
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24100
"} \n"
24101
msgstr ""
24102
24103
#: serverguide/C/backups.xml:785(para)
24104
msgid ""
24105
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24106
"drive."
24107
msgstr ""
24108
24109
#: serverguide/C/backups.xml:790(para)
24110
msgid ""
24111
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24112
"current tape does not have a label <application>Bacula</application> will "
24113
"send an email letting you know. To label a tape using the "
24114
"<application>Console</application> enter the following from a terminal:"
24115
msgstr ""
24116
24117
#: serverguide/C/backups.xml:796(command)
24118
msgid "bconsole"
24119
msgstr ""
24120
24121
#: serverguide/C/backups.xml:800(para)
24122
msgid "At the Bacula Console prompt enter:"
24123
msgstr ""
24124
24125
#: serverguide/C/backups.xml:804(command)
24126
msgid "label"
24127
msgstr ""
24128
24129
#: serverguide/C/backups.xml:808(para)
24130
msgid ""
24131
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24132
msgstr ""
24133
24134
#: serverguide/C/backups.xml:818(userinput)
24135
#, no-wrap
24136
msgid "2"
24137
msgstr ""
24138
24139
#: serverguide/C/backups.xml:812(computeroutput)
24140
#, no-wrap
24141
msgid ""
24142
"\n"
24143
"Automatically selected Catalog: MyCatalog\n"
24144
"Using Catalog \"MyCatalog\"\n"
24145
"The defined Storage resources are:\n"
24146
" 1: File\n"
24147
" 2: TapeDrive\n"
24148
"Select Storage resource (1-2):<placeholder-1/>\n"
24149
msgstr ""
24150
24151
#: serverguide/C/backups.xml:823(para)
24152
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24153
msgstr ""
24154
24155
#: serverguide/C/backups.xml:828(userinput)
24156
#, no-wrap
24157
msgid "Sunday"
24158
msgstr ""
24159
24160
#: serverguide/C/backups.xml:827(computeroutput)
24161
#, no-wrap
24162
msgid ""
24163
"\n"
24164
"Enter new Volume name: <placeholder-1/>\n"
24165
"Defined Pools:\n"
24166
" 1: Default\n"
24167
" 2: Scratch"
24168
msgstr ""
24169
24170
#: serverguide/C/backups.xml:833(para)
24171
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24172
msgstr ""
24173
24174
#: serverguide/C/backups.xml:838(para)
24175
msgid "Now, select the <emphasis>Pool</emphasis>:"
24176
msgstr ""
24177
24178
#: serverguide/C/backups.xml:843(userinput)
24179
#, no-wrap
24180
msgid "1"
24181
msgstr ""
24182
24183
#: serverguide/C/backups.xml:842(computeroutput)
24184
#, no-wrap
24185
msgid ""
24186
"\n"
24187
"Select the Pool (1-2): <placeholder-1/>\n"
24188
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24189
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24190
msgstr ""
24191
24192
#: serverguide/C/backups.xml:850(para)
24193
msgid ""
24194
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24195
"backup the localhost to an attached tape drive."
24196
msgstr ""
24197
24198
#: serverguide/C/backups.xml:858(para)
24199
msgid ""
24200
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24201
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24202
"Manual</ulink>"
24203
msgstr ""
24204
24205
#: serverguide/C/backups.xml:864(para)
24206
msgid ""
24207
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24208
"the latest Bacula news and developments."
24209
msgstr ""
24210
24211
#: serverguide/C/backups.xml:869(para)
24212
msgid ""
24213
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24214
"Ubuntu Wiki</ulink> page."
24215
msgstr ""
24216
24217
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24218
#: serverguide/C/backups.xml:0(None)
24219
msgid "translator-credits"
24220
msgstr ""
24221
"Launchpad Contributions:\n"
24222
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
24223
"admins\n"
24224
" dinhtrung https://launchpad.net/~dinhtrung"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1