« back to all changes in this revision
Viewing changes to serverguide/po/zh_CN.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/zh_CN.po
1
# Chinese (China) translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-09-14 22:56+0000\n"
12
"Last-Translator: EAdam <liuannan@hotmail.com>\n"
13
"Language-Team: Chinese (China) <zh_CN@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:47+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu 文档项目)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Ubuntu 服务器指南"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "2007-09-30"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Windows 联网"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"计算机网络通常包含不同的系统,虽然管理全部由 Ubuntu 桌面计算机和服务器组成的网络会比较轻松,但某些网络环境会需要使 Ubuntu 和 "
48
"<trademark class=\"registered\">Microsoft</trademark> <trademark "
49
"class=\"registered\">Windows</trademark> 这两个系统协同工作。<phrase>Ubuntu</phrase> "
50
"服务器指南中的这部分内容将向你介绍 Ubuntu 服务器的原理及配置所用工具,以便同 Windows 计算机共享网络资源。"
51
52
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
53
msgid "Introduction"
54
msgstr "简介"
55
56
#: serverguide/C/windows-networking.xml:27(para)
57
msgid ""
58
"Successfully networking your Ubuntu system with Windows clients involves "
59
"providing and integrating with services common to Windows environments. Such "
60
"services assist the sharing of data and information about the computers and "
61
"users involved in the network, and may be classified under three major "
62
"categories of functionality:"
63
msgstr ""
64
"要想将您的 Ubuntu 系统与 Windows 客户机成功连网,则需要为 Windows "
65
"环境提供和整合常用服务。这些服务有助于网络中计算机和用户的数据和信息共享,它们按功能可划分为以下三大类:"
66
67
#: serverguide/C/windows-networking.xml:35(para)
68
msgid ""
69
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
70
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
71
"folders, volumes, and the sharing of printers throughout the network."
72
msgstr ""
73
"<emphasis role=\"bold\">文件和打印机共享服务</emphasis>。SMB(Server Message "
74
"Block,服务器信息块) 协议可以使在网络上共享文件、文件夹、卷和打印机变得容易。"
75
76
#: serverguide/C/windows-networking.xml:41(para)
77
msgid ""
78
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
79
"information about the computers and users of the network with such "
80
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
81
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
82
msgstr ""
83
"<emphasis role=\"bold\">目录服务</emphasis>。通过 LDAP(Lightweight Directory Access "
84
"Protocol,轻量目录访问协议) 和 Microsoft <trademark class=\"registered\">Active "
85
"Directory</trademark> 技术来共享网络计算机和用户的重要信息。"
86
87
#: serverguide/C/windows-networking.xml:48(para)
88
msgid ""
89
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
90
"the identity of a computer or user of the network and determining the "
91
"information the computer or user is authorized to access using such "
92
"principles and technologies as file permissions, group policies, and the "
93
"Kerberos authentication service."
94
msgstr ""
95
"<emphasis role=\"bold\">认证和权限</emphasis>。建立网络计算机和用户的身份信息,并通过使用文件权限、组策略和 "
96
"Kerberos 认证服务等原理和技术来确定计算机或用户可以访问的信息。"
97
98
#: serverguide/C/windows-networking.xml:56(para)
99
msgid ""
100
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
101
"clients and share network resources among them. One of the principal pieces "
102
"of software your Ubuntu system includes for Windows networking is the Samba "
103
"suite of SMB server applications and tools."
104
msgstr ""
105
"幸运的是您的 Ubuntu 系统可以为 Windows 客户端提供所有这样的便利,并在它们中共享网络资源。您的 Ubuntu为 Windows "
106
"网络提供的软件中主要部分之一是 SMB 服务器应用和工具的 Samba 套件。"
107
108
#: serverguide/C/windows-networking.xml:62(para)
109
msgid ""
110
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
111
"of the common Samba use cases, and how to install and configure the "
112
"necessary packages. Additional detailed documentation and information on "
113
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
114
"website</ulink>."
115
msgstr ""
116
"这部分<phrase>Ubuntu</phrase>服务器指南将介绍一些常用的 Samba 使用例子,以及如何安装和配置必要的软件包。关于 "
117
"Samba的附加详细文档和信息可以在 <ulink url=\"http://www.samba.org\">Samba 网站</ulink>找到。"
118
119
#: serverguide/C/windows-networking.xml:70(title)
120
msgid "Samba File Server"
121
msgstr "Samba 文件服务器"
122
123
#: serverguide/C/windows-networking.xml:72(para)
124
msgid ""
125
"One of the most common ways to network Ubuntu and Windows computers is to "
126
"configure Samba as a File Server. This section covers setting up a "
127
"<application>Samba</application> server to share files with Windows clients."
128
msgstr ""
129
"最通用的连接 Ubuntu 和 Windows的方法之一是将 Samba 配置为文件服务器。本部分包括设置Samba>服务器以便同 Windows "
130
"客户端共享文件。"
131
132
#: serverguide/C/windows-networking.xml:77(para)
133
msgid ""
134
"The server will be configured to share files with any client on the network "
135
"without prompting for a password. If your environment requires stricter "
136
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
137
msgstr ""
138
"服务器将被配置为不需要密码即可与网络上任何客户端共享文件。如果您的环境要求更严格的访问控制,请看<xref linkend=\"samba-"
139
"fileprint-security\"/>"
140
141
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
142
msgid "Installation"
143
msgstr "安装"
144
145
#: serverguide/C/windows-networking.xml:85(para)
146
msgid ""
147
"The first step is to install the <application>samba</application> package. "
148
"From a terminal prompt enter:"
149
msgstr "第一步是安装samba软件包。在终端提示符键入:"
150
151
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
152
msgid "sudo apt-get install samba"
153
msgstr "sudo apt-get install samba"
154
155
#: serverguide/C/windows-networking.xml:93(para)
156
msgid ""
157
"That's all there is to it; you are now ready to configure Samba to share "
158
"files."
159
msgstr "这是唯一需要做的;现在您可以通过配置 Samba 来共享文件了。"
160
161
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
162
msgid "Configuration"
163
msgstr "配置"
164
165
#: serverguide/C/windows-networking.xml:101(para)
166
msgid ""
167
"The main Samba configuration file is located in "
168
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
169
"a significant amount of comments in order to document various configuration "
170
"directives."
171
msgstr ""
172
"主要的 "
173
"Samba配置文件置于<filename>/etc/samba/smb.conf</filename>。默认的配置文件包含了大量的的注解,描述了各种配置指"
174
"令。"
175
176
#: serverguide/C/windows-networking.xml:106(para)
177
msgid ""
178
"Not all the available options are included in the default configuration "
179
"file. See the <filename>smb.conf</filename><application>man</application> "
180
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
181
"Collection/\">Samba HOWTO Collection</ulink> for more details."
182
msgstr ""
183
"不是所有可行的选项都包括在默认配置文件中。请参见<filename>smb.conf</filename><application>man</applic"
184
"ation> 手册页,或者 <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
185
"Collection/\">Samba HOWTO 合集</ulink>"
186
187
#: serverguide/C/windows-networking.xml:116(para)
188
msgid ""
189
"First, edit the following key/value pairs in the "
190
"<emphasis>[global]</emphasis> section of "
191
"<filename>/etc/samba/smb.conf</filename>:"
192
msgstr ""
193
"首先,编辑<filename>/etc/samba/smb.conf</filename>文件中的<emphasis>[global]</emphasis"
194
">片段的键值对"
195
196
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
197
#, no-wrap
198
msgid ""
199
"\n"
200
" workgroup = EXAMPLE\n"
201
" ...\n"
202
" security = user\n"
203
msgstr ""
204
"\n"
205
" 工作组 = EXAMPLE\n"
206
" ...\n"
207
" 安全等级 = user\n"
208
209
#: serverguide/C/windows-networking.xml:127(para)
210
msgid ""
211
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
212
"section, and is commented by default. Also, change "
213
"<emphasis>EXAMPLE</emphasis> to better match your environment."
214
msgstr ""
215
"<emphasis>security</emphasis>这个参数在[global]章节的下面,默认是被注释掉的。同样,根据你的环境改变<emphasis"
216
">EXAMPLE</emphasis>参数。"
217
218
#: serverguide/C/windows-networking.xml:135(para)
219
msgid ""
220
"Create a new section at the bottom of the file, or uncomment one of the "
221
"examples, for the directory to be shared:"
222
msgstr "在文件底部为要共享的目录创建一个新段落或将某一例子前#去掉,"
223
224
#: serverguide/C/windows-networking.xml:139(programlisting)
225
#, no-wrap
226
msgid ""
227
"\n"
228
"[share]\n"
229
" comment = Ubuntu File Server Share\n"
230
" path = /srv/samba/share\n"
231
" browsable = yes\n"
232
" guest ok = yes\n"
233
" read only = no\n"
234
" create mask = 0755\n"
235
msgstr ""
236
"\n"
237
"[share]\n"
238
" 说明 = Ubuntu File Server Share\n"
239
" 路径 = /srv/samba/share\n"
240
" 可浏览 = yes\n"
241
" 客人访问 = yes\n"
242
" 只读 = no\n"
243
" create mask = 0755\n"
244
245
#: serverguide/C/windows-networking.xml:151(para)
246
msgid ""
247
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
248
"fit your needs."
249
msgstr "<emphasis>comment:</emphasis> 一段简短的描述,根据你的需要进行调整。"
250
251
#: serverguide/C/windows-networking.xml:156(para)
252
msgid "<emphasis>path:</emphasis> the path to the directory to share."
253
msgstr "<emphasis>path:</emphasis>共享文件的路径"
254
255
#: serverguide/C/windows-networking.xml:159(para)
256
msgid ""
257
"This example uses <filename>/srv/samba/sharename</filename> because, "
258
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
259
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
260
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
261
"specific data should be served. Technically Samba shares can be placed "
262
"anywhere on the filesystem as long as the permissions are correct, but "
263
"adhering to standards is recommended."
264
msgstr ""
265
"这个例子使用的文件是 <filename>/srv/samba/sharename</filename> 因为按照 "
266
"<emphasis>文件系统层次结构标准(FHS)</emphasis>\r\n"
267
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
268
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
269
"站点提供的数据。技术上来说Samba shares只要权限正确,可以在文件系统的任何位置,但是建议遵守规范。"
270
271
#: serverguide/C/windows-networking.xml:168(para)
272
msgid ""
273
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
274
"directory using <application>Windows Explorer</application>."
275
msgstr "<emphasis>browsable:</emphasis> 允许windows客户机使用资源管理器浏览共享目录。"
276
277
#: serverguide/C/windows-networking.xml:174(para)
278
msgid ""
279
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
280
"without supplying a password."
281
msgstr "<emphasis>guest ok:</emphasis>允许客户机连接共享目录不用提供密码。"
282
283
#: serverguide/C/windows-networking.xml:179(para)
284
msgid ""
285
"<emphasis>read only:</emphasis> determines if the share is read only or if "
286
"write privileges are granted. Write privileges are allowed only when the "
287
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
288
"is <emphasis>yes</emphasis>, then access to the share is read only."
289
msgstr ""
290
"<emphasis>只读::</emphasis>决定共享是否为只读或已赋予写权限。只有当其值为<emphasis>no</emphasis>时才会赋予写"
291
"权限,就如此例中所看到的。如果值是<emphasis>yes</emphasis>,那么将只能以只读方式进入。"
292
293
#: serverguide/C/windows-networking.xml:184(para)
294
msgid ""
295
"<emphasis>create mask:</emphasis> determines the permissions new files will "
296
"have when created."
297
msgstr "<emphasis>create mask:</emphasis> 在文件被创建时确定新建文件的权限。"
298
299
#: serverguide/C/windows-networking.xml:193(para)
300
msgid ""
301
"Now that <application>Samba</application> is configured, the directory needs "
302
"to be created and the permissions changed. From a terminal enter:"
303
msgstr "既然<application>Samba</application>已经设置,您需要新建一个目录并更改授权。请从终端输入:"
304
305
#: serverguide/C/windows-networking.xml:199(command)
306
msgid "sudo mkdir -p /srv/samba/share"
307
msgstr "sudo mkdir -p /srv/samba/share"
308
309
#: serverguide/C/windows-networking.xml:200(command)
310
msgid "sudo chown nobody.nogroup /srv/samba/share/"
311
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
312
313
#: serverguide/C/windows-networking.xml:204(para)
314
msgid ""
315
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
316
"directory tree if it doesn't exist. Change the share name to fit your "
317
"environment."
318
msgstr "如果它不存在,<emphasis>-p</emphasis> 这个参数允许mkdir命令创建全部的目录树,请按照你的环境修改共享名。"
319
320
#: serverguide/C/windows-networking.xml:213(para)
321
msgid ""
322
"Finally, restart the <application>samba</application> services to enable the "
323
"new configuration:"
324
msgstr "最后,为使新设定生效,请重启<application>samba</application>服务。"
325
326
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
327
msgid "sudo restart smbd"
328
msgstr ""
329
330
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
331
msgid "sudo restart nmbd"
332
msgstr ""
333
334
#: serverguide/C/windows-networking.xml:226(para)
335
msgid ""
336
"Once again, the above configuration gives all access to any client on the "
337
"local network. For a more secure configuration see <xref linkend=\"samba-"
338
"fileprint-security\"/>."
339
msgstr ""
340
"再次地,上述设定使得所有用户可以接入本地网络。欲知更多安全设定方法请参阅<xref linkend=\"samba-fileprint-"
341
"security\"/>。"
342
343
#: serverguide/C/windows-networking.xml:232(para)
344
msgid ""
345
"From a Windows client you should now be able to browse to the Ubuntu file "
346
"server and see the shared directory. To check that everything is working try "
347
"creating a directory from Windows."
348
msgstr "您现在应该可以从Windows客户端检索Ubuntu文件和共享文件夹。您可以试着在Windows系统下创建一个文件夹以确认一切正常工作。"
349
350
#: serverguide/C/windows-networking.xml:237(para)
351
msgid ""
352
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
353
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
354
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
355
"share actually exists and the permissions are correct."
356
msgstr ""
357
"为了创建更多的共享只需在文件 <filename>/etc/samba/smb.conf</filename>中的章节下写入新的路径,并重新启动 "
358
"<emphasis>Samba</emphasis>。只需要确定该目录要共享和当前的权限是正确的。"
359
360
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
361
msgid "Resources"
362
msgstr "资源"
363
364
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
365
msgid ""
366
"For in depth Samba configurations see the <ulink "
367
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
368
"Collection</ulink>"
369
msgstr ""
370
"要更深入地了解Samba设定请参阅<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
371
"Collection/\">Samba HOWTO Collection</ulink>"
372
373
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
374
msgid ""
375
"The guide is also available in <ulink "
376
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
377
"format</ulink>."
378
msgstr ""
379
"您也可以在<ulink url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
380
"/0131882228\">printed format</ulink>查看帮助"
381
382
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
383
msgid ""
384
"O'Reilly's <ulink "
385
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
386
"another good reference."
387
msgstr ""
388
"O'Reilly's <ulink "
389
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink>是另一篇"
390
"很好的参考文章。"
391
392
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
393
msgid ""
394
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
395
"</ulink> page."
396
msgstr ""
397
398
#: serverguide/C/windows-networking.xml:275(title)
399
msgid "Samba Print Server"
400
msgstr "samba打印服务器"
401
402
#: serverguide/C/windows-networking.xml:277(para)
403
msgid ""
404
"Another common use of Samba is to configure it to share printers installed, "
405
"either locally or over the network, on an Ubuntu server. Similar to <xref "
406
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
407
"any client on the local network to use the installed printers without "
408
"prompting for a username and password."
409
msgstr ""
410
"另一种较常见的Samba应用是在Ubuntu服务器上安装共享打印机,无论是本地还是共享的。比如 <xref linkend=\"samba-"
411
"fileserver\"/> 这一节将配置Samba允许任何客户机安装使用本地网络上的打印机而不提示的用户名和密码。"
412
413
#: serverguide/C/windows-networking.xml:283(para)
414
msgid ""
415
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
416
"security\"/>."
417
msgstr "欲知更多关于安全设定的内容请查看<xref linkend=\"samba-fileprint-security\"/>"
418
419
#: serverguide/C/windows-networking.xml:290(para)
420
msgid ""
421
"Before installing and configuring Samba it is best to already have a working "
422
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
423
"for details."
424
msgstr ""
425
"在安装和设定Samba之前最好安装一个能工作的<application>CUPS</application>。欲知详情请查看<xref "
426
"linkend=\"cups\"/>。"
427
428
#: serverguide/C/windows-networking.xml:295(para)
429
msgid ""
430
"To install the <application>samba</application> package, from a terminal "
431
"enter:"
432
msgstr "要安装<application>samba</application>软件包,请在中断输入:"
433
434
#: serverguide/C/windows-networking.xml:306(para)
435
msgid ""
436
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
437
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
438
"network, and change <emphasis>security</emphasis> to <emphasis "
439
"role=\"italic\">share</emphasis>:"
440
msgstr ""
441
"在samba安装以后开始编辑 <filename>/etc/samba/smb.conf</filename> 按照你的网络情况改变 "
442
"<emphasis>workgroup</emphasis> 的属性。将 <emphasis>security</emphasis> 属性设置为 "
443
"<emphasis role=\"italic\">share</emphasis>:"
444
445
#: serverguide/C/windows-networking.xml:318(para)
446
msgid ""
447
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
448
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
449
msgstr ""
450
"在 <emphasis>[printers]</emphasis> 一节中改变 <emphasis>guest ok</emphasis> 参数为 "
451
"<emphasis role=\"italic\">yes</emphasis>:"
452
453
#: serverguide/C/windows-networking.xml:322(programlisting)
454
#, no-wrap
455
msgid ""
456
"\n"
457
" browsable = yes\n"
458
" guest ok = yes\n"
459
msgstr ""
460
"\n"
461
" browsable = yes\n"
462
" guest ok = yes\n"
463
464
#: serverguide/C/windows-networking.xml:327(para)
465
msgid "After editing <filename>smb.conf</filename> restart Samba:"
466
msgstr "编辑<filename>smb.conf</filename>后重启 Samba:"
467
468
#: serverguide/C/windows-networking.xml:336(para)
469
msgid ""
470
"The default Samba configuration will automatically share any printers "
471
"installed. Simply install the printer locally on your Windows clients."
472
msgstr "默认Samba设定将会自动共享安装的打印机。请在您的Windows客户端安装本地打印机。"
473
474
#: serverguide/C/windows-networking.xml:365(para)
475
msgid ""
476
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
477
"more information on configuring CUPS."
478
msgstr ""
479
"欲知更多关于CUPS的设定,请您参阅<ulink url=\"http://www.cups.org/\">CUPS Website</ulink>"
480
481
#: serverguide/C/windows-networking.xml:379(title)
482
msgid "Securing a Samba File and Print Server"
483
msgstr "正在保护Samba文件和打印服务器"
484
485
#: serverguide/C/windows-networking.xml:382(title)
486
msgid "Samba Security Modes"
487
msgstr "Samba安全模式"
488
489
#: serverguide/C/windows-networking.xml:384(para)
490
msgid ""
491
"There are two security levels available to the Common Internet Filesystem "
492
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
493
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
494
"allows more flexibility, providing four ways of implementing user-level "
495
"security and one way to implement share-level:"
496
msgstr ""
497
"有2种安全等级支持通用网络文件系统协议(CIFS), <emphasis>user-等级</emphasis> 和 <emphasis>share-"
498
"等级</emphasis> Samba的 <emphasis>security 模式</emphasis> 允许更灵活的执行方式,为user-"
499
"level安全等级提供了4种方式,为share-level等级提供了一种方式。"
500
501
#: serverguide/C/windows-networking.xml:393(para)
502
msgid ""
503
"<emphasis>security = user:</emphasis> requires clients to supply a username "
504
"and password to connect to shares. Samba user accounts are separate from "
505
"system accounts, but the <application>libpam-smbpass</application> package "
506
"will sync system users and passwords with the Samba user database."
507
msgstr ""
508
"设置为 <emphasis>security = user:</emphasis> "
509
"就需要连接共享的客户机提供用户名和密码。虽然Samba的用户帐户区别于系统帐户,但是软件包 <application>libpam-"
510
"smbpass</application> 会同步系统用户名和密码与Samba用户数据库。"
511
512
#: serverguide/C/windows-networking.xml:400(para)
513
msgid ""
514
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
515
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
516
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
517
"linkend=\"samba-dc\"/> for further information."
518
msgstr ""
519
"<emphasis>security = domain:</emphasis> 这个模式使得Samba 服务器作为 一个Windows "
520
"客户端的主域控制器 ( PDC ) , 备份域控制器(BDC) ,或者一个域成员服务器(DMS) ,了解更多信息参见 <xref "
521
"linkend=\"samba-dc\"/>。"
522
523
#: serverguide/C/windows-networking.xml:407(para)
524
msgid ""
525
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
526
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
527
"integration\"/> for details."
528
msgstr ""
529
"<emphasis>security = ADS:</emphasis> 允许 Samba服务器作为一个本地成员加入活动目录域。详细内容参见 <xref "
530
"linkend=\"samba-ad-integration\"/>"
531
532
#: serverguide/C/windows-networking.xml:413(para)
533
msgid ""
534
"<emphasis>security = server:</emphasis> this mode is left over from before "
535
"Samba could become a member server, and due to some security issues should "
536
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
537
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
538
"of the Samba guide for more details."
539
msgstr ""
540
"<emphasis>security = server:</emphasis> "
541
"这种模式是Samba作为一个成员服务器之前设置的。由于一些安全问题不应该使用。想了解更多信息,请查看 Samba 指南中<ulink "
542
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection "
543
"/ServerType.html#id349531\">Server Security</ulink>"
544
545
#: serverguide/C/windows-networking.xml:421(para)
546
msgid ""
547
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
548
"without supplying a username and password."
549
msgstr "参数 <emphasis>security = share:</emphasis> 允许客户机访问共享文件时不提供用户名和密码。"
550
551
#: serverguide/C/windows-networking.xml:428(para)
552
msgid ""
553
"The security mode you choose will depend on your environment and what you "
554
"need the Samba server to accomplish."
555
msgstr "您将选择的安全模式将取决与您的环境和您需要用Samba服务器完成的工作。"
556
557
#: serverguide/C/windows-networking.xml:434(title)
558
msgid "Security = User"
559
msgstr "Security = User"
560
561
#: serverguide/C/windows-networking.xml:436(para)
562
msgid ""
563
"This section will reconfigure the Samba file and print server, from <xref "
564
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
565
"require authentication."
566
msgstr ""
567
"本节将根据 <xref linkend=\"samba-fileserver\"/> 和 <xref linkend=\"samba-"
568
"printserver\"/>重新配置 Samba 文件和打印服务器。"
569
570
#: serverguide/C/windows-networking.xml:441(para)
571
msgid ""
572
"First, install the <application>libpam-smbpass</application> package which "
573
"will sync the system users to the Samba user database:"
574
msgstr ""
575
"首先安装软件包 <application>libpam-smbpass</application> 同步系统用户与 Samba 用户数据库:"
576
577
#: serverguide/C/windows-networking.xml:447(command)
578
msgid "sudo apt-get install libpam-smbpass"
579
msgstr "sudo apt-get install libpam-smbpass"
580
581
#: serverguide/C/windows-networking.xml:451(para)
582
msgid ""
583
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
584
"<application>libpam-smbpass</application> is already installed."
585
msgstr ""
586
"如果你在安装过程中选择 <emphasis>Samba Server</emphasis> 任务则软件包 <application>libpam-"
587
"smbpass</application> 就已经安装在系统中。"
588
589
#: serverguide/C/windows-networking.xml:457(para)
590
msgid ""
591
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
592
"<emphasis>[share]</emphasis> section change:"
593
msgstr ""
594
"编辑<filename>/etc/samba/smb.conf</filename>,并且在<emphasis>[share]</emphasis>区域更"
595
"改:"
596
597
#: serverguide/C/windows-networking.xml:461(programlisting)
598
#, no-wrap
599
msgid ""
600
"\n"
601
" guest ok = no\n"
602
msgstr ""
603
"\n"
604
" 来宾就绪=no\n"
605
606
#: serverguide/C/windows-networking.xml:465(para)
607
msgid "Finally, restart Samba for the new settings to take effect:"
608
msgstr "最后,为使得新设定生效,请重启Samba"
609
610
#: serverguide/C/windows-networking.xml:474(para)
611
msgid ""
612
"Now when connecting to the shared directories or printers you should be "
613
"prompted for a username and password."
614
msgstr "当连接到共享的目录或打印机时,您需要一个用户名和密码。"
615
616
#: serverguide/C/windows-networking.xml:479(para)
617
msgid ""
618
"If you choose to map a network drive to the share you can check the "
619
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
620
"enter the username and password once, at least until the password changes."
621
msgstr ""
622
"如果你选择要映射一个网络驱动器,那么你可以选择<quote>Reconnect at Logon</quote> "
623
"复选框,并且只需输入一次用户名和密码。至少在密码不变的情况下。"
624
625
#: serverguide/C/windows-networking.xml:487(title)
626
msgid "Share Security"
627
msgstr "共享安全"
628
629
#: serverguide/C/windows-networking.xml:489(para)
630
msgid ""
631
"There are several options available to increase the security for each "
632
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
633
"this section will cover some common options."
634
msgstr "有几个选项可以为每个共享目录增强安全性。以 <emphasis>[share]</emphasis> 为例,这节中包括了一些常见的选项。"
635
636
#: serverguide/C/windows-networking.xml:495(title)
637
msgid "Groups"
638
msgstr "组"
639
640
#: serverguide/C/windows-networking.xml:497(para)
641
msgid ""
642
"Groups define a collection of computers or users which have a common level "
643
"of access to particular network resources and offer a level of granularity "
644
"in controlling access to such resources. For example, if a group <emphasis "
645
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
646
"role=\"italic\">freda</emphasis>, <emphasis "
647
"role=\"italic\">danika</emphasis>, and <emphasis "
648
"role=\"italic\">rob</emphasis> and a second group <emphasis "
649
"role=\"italic\">support</emphasis> is defined and consists of users "
650
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
651
"role=\"italic\">jeremy</emphasis>, and <emphasis "
652
"role=\"italic\">vincent</emphasis> then certain network resources configured "
653
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
654
"subsequently enable access by freda, danika, and rob, but not jeremy or "
655
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
656
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
657
"role=\"italic\">support</emphasis> groups, she will be able to access "
658
"resources configured for access by both groups, whereas all other users will "
659
"have only access to resources explicitly allowing the group they are part of."
660
msgstr ""
661
"组定义了对指定网络资源拥有共同访问级别的一组计算机或用户,并提供对这些资源的访问控制粒度级别。举个例子,如果定义一个 <emphasis "
662
"role=\"italic\">qa</emphasis> 组并包含用户 <emphasis "
663
"role=\"italic\">freda</emphasis>、<emphasis role=\"italic\">danika</emphasis> "
664
"和 <emphasis role=\"italic\">rob</emphasis>,再定义第二个组 <emphasis "
665
"role=\"italic\">support</emphasis> 并包含 <emphasis "
666
"role=\"italic\">danika</emphasis>、<emphasis "
667
"role=\"italic\">jeremy</emphasis> 和 <emphasis "
668
"role=\"italic\">vincent</emphasis>。那么某个网络资源被配置为允许 <emphasis "
669
"role=\"italic\">qa</emphasis> 组访问时,则其可以被 freda、danika 和 rob访问,而不是 jeremy 或 "
670
"vincent。因为用户 <emphasis role=\"italic\">danika</emphasis> 属于 <emphasis "
671
"role=\"italic\">qa</emphasis> 和 <emphasis role=\"italic\">support</emphasis> "
672
"两个组,所以她能够访问配置为两个组访问的资源,而所有其他用户则只能访问明确允许其所属组访问的资源。"
673
674
#: serverguide/C/windows-networking.xml:511(para)
675
msgid ""
676
"By default Samba looks for the local system groups defined in "
677
"<filename>/etc/group</filename> to determine which users belong to which "
678
"groups. For more information on adding and removing users from groups see "
679
"<xref linkend=\"adding-deleting-users\"/>."
680
msgstr ""
681
"默认的 Samba 会查找本地系统组文件 <filename>/etc/group</filename> "
682
"以确定哪些用户属于哪些用户组。欲了解更多有关添加和删除用户组请访问 <xref linkend=\"adding-deleting-users\"/>."
683
684
#: serverguide/C/windows-networking.xml:517(para)
685
msgid ""
686
"When defining groups in the Samba configuration file, "
687
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
688
"preface the group name with an \"@\" symbol. For example, if you wished to "
689
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
690
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
691
"do so by entering the group name as <emphasis "
692
"role=\"bold\">@sysadmin</emphasis>."
693
msgstr ""
694
"在Samba 设置文件 <filename>/etc/samba/smb.conf</filename> 中定义了组以后,公认的语法是以“ @ "
695
"”符号作为组名的开始。例如,如果你想定义一个组名 <emphasis role=\"italic\">sysadmin</emphasis> "
696
"你就需要在文件 <filename>/etc/samba/smb.conf</filename>中相关的章节下输入组的名字比如 <emphasis "
697
"role=\"bold\">@sysadmin</emphasis>。"
698
699
#: serverguide/C/windows-networking.xml:526(title)
700
msgid "File Permissions"
701
msgstr "文件权限"
702
703
#: serverguide/C/windows-networking.xml:528(para)
704
msgid ""
705
"File Permissions define the explicit rights a computer or user has to a "
706
"particular directory, file, or set of files. Such permissions may be defined "
707
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
708
"the explicit permissions of a defined file share."
709
msgstr ""
710
"文件权限清楚的表明了计算机或者用户对特定目录所拥有的权力。这种权限的定义可以通过编辑文件 "
711
"<filename>/etc/samba/smb.conf</filename>来确定一个共享文件的权限。"
712
713
#: serverguide/C/windows-networking.xml:534(para)
714
msgid ""
715
"For example, if you have defined a Samba share called "
716
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
717
"only</emphasis> permissions to the group of users known as <emphasis "
718
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
719
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
720
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
721
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
722
"under the <emphasis>[share]</emphasis> entry:"
723
msgstr ""
724
"例如:如果你定义一个Samba的共享,命名为 <emphasis>share</emphasis>并且给予用户组<emphasis "
725
"role=\"italic\">qa</emphasis>, <emphasis role=\"italic\">只读</emphasis> 的权限, "
726
"。但是希望允许一个名为 <emphasis role=\"italic\">sysadmin</emphasis> 的组中一个<emphasis "
727
"role=\"italic\">vincent</emphasis> 用户可以写共享。这样的话你需要编辑文件 "
728
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis>下面添加:"
729
730
#: serverguide/C/windows-networking.xml:543(programlisting)
731
#, no-wrap
732
msgid ""
733
"\n"
734
" read list = @qa\n"
735
" write list = @sysadmin, vincent\n"
736
msgstr ""
737
"\n"
738
" read list = @qa\n"
739
" write list = @sysadmin, vincent\n"
740
741
#: serverguide/C/windows-networking.xml:548(para)
742
msgid ""
743
"Another possible Samba permission is to declare "
744
"<emphasis>administrative</emphasis> permissions to a particular shared "
745
"resource. Users having administrative permissions may read, write, or modify "
746
"any information contained in the resource the user has been given explicit "
747
"administrative permissions to."
748
msgstr ""
749
"另一种可能的Samba权限是为特定的共享资源声明一个管理权限。用户拥有管理权限后可以读,写或修改资源中的任何信息。用户被给予了明确的管理权限。"
750
751
#: serverguide/C/windows-networking.xml:554(para)
752
msgid ""
753
"For example, if you wanted to give the user <emphasis "
754
"role=\"italic\">melissa</emphasis> administrative permissions to the "
755
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
756
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
757
"under the <emphasis>[share]</emphasis> entry:"
758
msgstr ""
759
"举个例子,如果你想给予用户<emphasis role=\"italic\">melissa</emphasis>管理权限,你可以编辑文件 "
760
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis> "
761
"节中添加如内容:"
762
763
#: serverguide/C/windows-networking.xml:561(programlisting)
764
#, no-wrap
765
msgid ""
766
"\n"
767
" admin users = melissa\n"
768
msgstr ""
769
"\n"
770
" 用户名=melissa\n"
771
772
#: serverguide/C/windows-networking.xml:565(para)
773
msgid ""
774
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
775
"the changes to take effect:"
776
msgstr "编辑<filename>/etc/samba/smb.conf</filename>以后请重启Samba使更改生效:"
777
778
#: serverguide/C/windows-networking.xml:575(para)
779
msgid ""
780
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
781
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
782
"<emphasis role=\"italic\">security = share</emphasis>"
783
msgstr ""
784
"要想<emphasis>read list</emphasis>和<emphasis>write "
785
"list</emphasis>可以工作,Samba安全模式决不能设置成<emphasis role=\"italic\">security = "
786
"share</emphasis>"
787
788
#: serverguide/C/windows-networking.xml:581(para)
789
msgid ""
790
"Now that Samba has been configured to limit which groups have access to the "
791
"shared directory, the filesystem permissions need to be updated."
792
msgstr "Samba 已经配置为限定某些组对共享目录的访问,文件系统权限需要更新。"
793
794
#: serverguide/C/windows-networking.xml:586(para)
795
msgid ""
796
"Traditional Linux file permissions do not map well to Windows NT Access "
797
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
798
"providing more fine grained control. For example, to enable ACLs on "
799
"<filename>/srv</filename> an EXT3 filesystem, edit "
800
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
801
msgstr ""
802
"传统 Linux 文件权限没有很好地映射到 Windows NT 访问控制表(ACLs),然而,Ubuntu 服务器可以使用 POSIX ACLs "
803
"以提供更细粒度的控制。例如,想要在 EXT3 文件系统中使用 ACLs <filename>/srv</filename>,只需编辑文件 "
804
"<filename>/etc/fstab</filename>,添加 <emphasis>acl</emphasis> 选项:"
805
806
#: serverguide/C/windows-networking.xml:593(programlisting)
807
#, no-wrap
808
msgid ""
809
"\n"
810
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
811
"0 1\n"
812
msgstr ""
813
"\n"
814
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
815
"0 1\n"
816
817
#: serverguide/C/windows-networking.xml:597(para)
818
msgid "Then remount the partition:"
819
msgstr "然后重新挂载分区:"
820
821
#: serverguide/C/windows-networking.xml:602(command)
822
msgid "sudo mount -v -o remount /srv"
823
msgstr "sudo mount -v -o remount /srv"
824
825
#: serverguide/C/windows-networking.xml:606(para)
826
msgid ""
827
"The above example assumes <filename>/srv</filename> on a separate partition. "
828
"If <filename>/srv</filename>, or wherever you have configured your share "
829
"path, is part of the <filename>/</filename> partition a reboot may be "
830
"required."
831
msgstr ""
832
"以上示例假设 <filename>/srv</filename> 在单独的分区。无论您配置的共享目录 <filename>/srv</filename> "
833
"在什么位置,只要它属于 <filename>/</filename> 分区,都可能需要重启。"
834
835
#: serverguide/C/windows-networking.xml:613(para)
836
msgid ""
837
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
838
"group will be given read, write, and execute permissions to "
839
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
840
"will be given read and execute permissions, and the files will be owned by "
841
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
842
msgstr ""
843
"为完成以上 Samba 设置,针对共享目录 "
844
"<filename>/srv/samba/share</filename>,<emphasis>sysadmin</emphasis> "
845
"组需要给出读、写、执行的权限,而 <emphasis>qa</emphasis> 需要给出读与执行的权限,并且其文件应隶属于用户 "
846
"<emphasis>melissa</emphasis>。在终端中输入:"
847
848
#: serverguide/C/windows-networking.xml:621(command)
849
msgid "sudo chown -R melissa /srv/samba/share/"
850
msgstr "sudo chown -R melissa /srv/samba/share/"
851
852
#: serverguide/C/windows-networking.xml:622(command)
853
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
854
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
855
856
#: serverguide/C/windows-networking.xml:623(command)
857
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
858
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
859
860
#: serverguide/C/windows-networking.xml:627(para)
861
msgid ""
862
"The <application>setfacl</application> command above gives "
863
"<emphasis>execute</emphasis> permissions to all files in the "
864
"<filename>/srv/samba/share</filename> directory, which you may or may not "
865
"want."
866
msgstr ""
867
"如上命令 <application>setfacl</application> 会将目录 "
868
"<filename>/srv/samba/share</filename> 下所有文件给予 <emphasis>执行</emphasis> "
869
"的权限,这可能并不是您所希望的。"
870
871
#: serverguide/C/windows-networking.xml:633(para)
872
msgid ""
873
"Now from a Windows client you should notice the new file permissions are "
874
"implemented. See the <application>acl</application> and "
875
"<application>setfacl</application> man pages for more information on POSIX "
876
"ACLs."
877
msgstr ""
878
"现在,通过使用Windows客户端,你应该注意到新的文件的权限开始应用了。想了解更多关于POSIX ACLs的信息请使用 man 命令查看 "
879
"<application>acl</application> 和 <application>setfacl</application>程序的帮助文档。"
880
881
#: serverguide/C/windows-networking.xml:641(title)
882
msgid "Samba AppArmor Profile"
883
msgstr "Samba AppArmor 策略"
884
885
#: serverguide/C/windows-networking.xml:643(para)
886
msgid ""
887
"Ubuntu comes with the <application>AppArmor</application> security module, "
888
"which provides mandatory access controls. The default AppArmor profile for "
889
"Samba will need to be adapted to your configuration. For more details on "
890
"using AppArmor see <xref linkend=\"apparmor\"/>."
891
msgstr ""
892
"Ubuntu 带有 <application>AppArmor</application> "
893
"安全模块,提供必须的访问控制功能。为符合您的配置,需要对默认的 Samba AppArmor 策略做些修改。详情使用 AppArmor,请参考 "
894
"<xref linkend=\"apparmor\"/>。"
895
896
#: serverguide/C/windows-networking.xml:649(para)
897
msgid ""
898
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
899
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
900
"of the <application>apparmor-profiles</application> packages. To install the "
901
"package, from a terminal prompt enter:"
902
msgstr ""
903
"<filename>/usr/sbin/smbd</filename> 和 <filename>/usr/sbin/nmbd</filename> 是 "
904
"Samba 守护进程的两个程序,它们默认的 AppArmor 策略,包含在 <application>apparmor-"
905
"profiles</application> 软件包,要安装这个包,在终端命令行中输入:"
906
907
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
908
msgid "sudo apt-get install apparmor-profiles"
909
msgstr "sudo apt-get install apparmor-profiles"
910
911
#: serverguide/C/windows-networking.xml:660(para)
912
msgid "This package contains profiles for several other binaries."
913
msgstr "这个软件包还带有其它一些程序的策略。"
914
915
#: serverguide/C/windows-networking.xml:665(para)
916
msgid ""
917
"By default the profiles for <application>smbd</application> and "
918
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
919
"allowing Samba to work without modifying the profile, and only logging "
920
"errors. To place the <application>smbd</application> profile into "
921
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
922
"profile will need to be modified to reflect any directories that are shared."
923
msgstr ""
924
"默认情况下,<application>smbd</application> 和 <application>nmbd</application> 工作在 "
925
"<emphasis>complain</emphasis> 的策略模式,即无需修改默认的策略,Samba "
926
"就能工作,但在这种模式下,仅仅会记录错误到日志。 要让 <application>smbd</application> 切换到 "
927
"<emphasis>enforce</emphasis> 的策略模式,以使得 Samba "
928
"如期望地工作,则默认的策略需要进行修改,以反映到每一个共享的目录。"
929
930
#: serverguide/C/windows-networking.xml:672(para)
931
msgid ""
932
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
933
"for <emphasis>[share]</emphasis> from the file server example:"
934
msgstr ""
935
"例如,在文件服务器上添加 <emphasis>[share]</emphasis> 的标识信息,编辑 "
936
"<filename>/etc/apparmor.d/usr.sbin.smbd</filename>:"
937
938
#: serverguide/C/windows-networking.xml:677(programlisting)
939
#, no-wrap
940
msgid ""
941
"\n"
942
" /srv/samba/share/ r,\n"
943
" /srv/samba/share/** rwkix,\n"
944
msgstr ""
945
"\n"
946
" /srv/samba/share/ r,\n"
947
" /srv/samba/share/** rwkix,\n"
948
949
#: serverguide/C/windows-networking.xml:682(para)
950
msgid ""
951
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
952
msgstr "切换到 <emphasis>enforce</emphasis> 的策略模式,并重新加载:"
953
954
#: serverguide/C/windows-networking.xml:687(command)
955
msgid "sudo aa-enforce /usr/sbin/smbd"
956
msgstr "sudo aa-enforce /usr/sbin/smbd"
957
958
#: serverguide/C/windows-networking.xml:688(command)
959
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
960
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
961
962
#: serverguide/C/windows-networking.xml:691(para)
963
msgid ""
964
"You should now be able to read, write, and execute files in the shared "
965
"directory as normal, and the <application>smbd</application> binary will "
966
"have access to only the configured files and directories. Be sure to add "
967
"entries for each directory you configure Samba to share. Also, any errors "
968
"will be logged to <filename>/var/log/syslog</filename>."
969
msgstr ""
970
"您现在可以正常地读取、写入和执行共享目录中的文件,<application>smbd</application> "
971
"程序将仅会访问配置文件和目录。请确定添加要让 Samba 共享的每个目录。同时,任何的错误会被记录在 "
972
"<filename>/var/log/syslog</filename>。"
973
974
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
975
msgid ""
976
"O'Reilly's <ulink "
977
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
978
"also a good reference."
979
msgstr ""
980
"O'Reilly的<ulink "
981
"url=\"http://www.oreilly.com/catalog/9780596007690/\">使用Samba</ulink>也是一本不错的参"
982
"考书。"
983
984
#: serverguide/C/windows-networking.xml:722(para)
985
msgid ""
986
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
987
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
988
"security."
989
msgstr ""
990
"Samba HOWTO集锦的<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
991
"Collection/securing-samba.html\">第18章</ulink>主要致力于安全问题。"
992
993
#: serverguide/C/windows-networking.xml:728(para)
994
msgid ""
995
"For more information on Samba and ACLs see the <ulink "
996
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
997
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
998
msgstr ""
999
"有关Samba和ACL的更多信息请参看<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1000
"Collection/AccessControls.html#id397568\">Samba ACLs页面</ulink>。"
1001
1002
#: serverguide/C/windows-networking.xml:744(title)
1003
msgid "Samba as a Domain Controller"
1004
msgstr "Samba作为域控制器"
1005
1006
#: serverguide/C/windows-networking.xml:746(para)
1007
msgid ""
1008
"Although it cannot act as an Active Directory Primary Domain Controller "
1009
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1010
"domain controller. A major advantage of this configuration is the ability to "
1011
"centralize user and machine credentials. Samba can also use multiple "
1012
"backends to store the user information."
1013
msgstr ""
1014
"虽然 Samba 服务器不能作为活动目录主域控制器( PDC),但可以配置为类似 Windows NT4 "
1015
"风格的域控制器,该配置的主要优势在于能够集中用户和计算机证书。 此外,Samba 可以使用多种后端用于存储用户信息。"
1016
1017
#: serverguide/C/windows-networking.xml:753(title)
1018
msgid "Primary Domain Controller"
1019
msgstr "主域控制器"
1020
1021
#: serverguide/C/windows-networking.xml:755(para)
1022
msgid ""
1023
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1024
"using the default smbpasswd backend."
1025
msgstr "本节内容涉及使用默认的 smbpasswd 后端配置 Samba 作为主域控制器(PDC)。"
1026
1027
#: serverguide/C/windows-networking.xml:762(para)
1028
msgid ""
1029
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1030
"the user accounts, by entering the following in a terminal prompt:"
1031
msgstr ""
1032
"首先,安装 Samba 和用于同步用户账号的软件包 <application>libpam-smbpass</application>。 "
1033
"在终端命令行中输入如下:"
1034
1035
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1036
msgid "sudo apt-get install samba libpam-smbpass"
1037
msgstr "sudo apt-get install samba libpam-smbpass"
1038
1039
#: serverguide/C/windows-networking.xml:774(para)
1040
msgid ""
1041
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1042
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1043
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1044
"should relate to your organization:"
1045
msgstr ""
1046
"接下来,编辑 <filename>/etc/samba/smb.conf</filename> 以配置 Samba。 "
1047
"其中,<emphasis>security</emphasis> 模式需要设置为 <emphasis "
1048
"role=\"italic\">user</emphasis>; <emphasis>workgroup</emphasis> 设置为您的组织。"
1049
1050
#: serverguide/C/windows-networking.xml:789(para)
1051
msgid ""
1052
"In the commented <quote>Domains</quote> section add or uncomment the "
1053
"following:"
1054
msgstr "在 <quote>Domains</quote> 这个被注释掉的章节,添加内容或者取消注释,直至内容如下:"
1055
1056
#: serverguide/C/windows-networking.xml:793(programlisting)
1057
#, no-wrap
1058
msgid ""
1059
"\n"
1060
" domain logons = yes\n"
1061
" logon path = \\\\%N\\%U\\profile\n"
1062
" logon drive = H:\n"
1063
" logon home = \\\\%N\\%U\n"
1064
" logon script = logon.cmd\n"
1065
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1066
"/var/lib/samba -s /bin/false %u\n"
1067
msgstr ""
1068
"\n"
1069
" 域名登录 = yes\n"
1070
" 登录路径 = \\\\%N\\%U\\profile\n"
1071
" 登录的磁盘 = H:\n"
1072
" 登录的主目录 = \\\\%N\\%U\n"
1073
" 登录脚本 = logon.cmd\n"
1074
" 添加机器脚本 = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1075
"/var/lib/samba -s /bin/false %u\n"
1076
1077
#: serverguide/C/windows-networking.xml:804(para)
1078
msgid ""
1079
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1080
"Samba to act as a domain controller."
1081
msgstr ""
1082
"<emphasis>domain logons:</emphasis> 提供 netlogon 服务,使得 Samba 服务器成为域控制器。"
1083
1084
#: serverguide/C/windows-networking.xml:809(para)
1085
msgid ""
1086
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1087
"their home directory. It is also possible to configure a "
1088
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1089
"directory."
1090
msgstr ""
1091
"<emphasis>logon path:</emphasis> 存放用户的 Windows 配置文件到其主目录。 也可以创建一个 "
1092
"<emphasis>[profiles]</emphasis> 将所有用户的 Windows 配置文件存放到统一的目录。"
1093
1094
#: serverguide/C/windows-networking.xml:815(para)
1095
msgid ""
1096
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1097
msgstr "<emphasis>logon drive:</emphasis> 指定主目录本地路径。"
1098
1099
#: serverguide/C/windows-networking.xml:820(para)
1100
msgid ""
1101
"<emphasis>logon home:</emphasis> specifies the home directory location."
1102
msgstr "<emphasis>logon home:</emphasis> 指定主目录的位置。"
1103
1104
#: serverguide/C/windows-networking.xml:825(para)
1105
msgid ""
1106
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1107
"once a user has logged in. The script needs to be placed in the "
1108
"<emphasis>[netlogon]</emphasis> share."
1109
msgstr ""
1110
"<emphasis>logon script:</emphasis> 当用户登陆时,在其本地执行的脚本。 脚本必须存放在 "
1111
"<emphasis>[netlogon]</emphasis> 共享当中。"
1112
1113
#: serverguide/C/windows-networking.xml:831(para)
1114
msgid ""
1115
"<emphasis>add machine script:</emphasis> a script that will automatically "
1116
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1117
"workstation to join the domain."
1118
msgstr ""
1119
"<emphasis>add machine script:</emphasis> 为工作站加入域而自动创建 "
1120
"<emphasis>系统信任账户</emphasis> 的脚本。"
1121
1122
#: serverguide/C/windows-networking.xml:835(para)
1123
msgid ""
1124
"In this example the <emphasis>machines</emphasis> group will need to be "
1125
"created using the <application>addgroup</application> utility see <xref "
1126
"linkend=\"adding-deleting-users\"/> for details."
1127
msgstr ""
1128
"本示例中,需要使用 <application>addgroup</application> 工具创建 "
1129
"<emphasis>machines</emphasis> 组。 请参考 <xref linkend=\"adding-deleting-"
1130
"users\"/>。"
1131
1132
#: serverguide/C/windows-networking.xml:839(para)
1133
msgid ""
1134
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1135
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1136
"(and other admin functions) to work. This is achieved by executing:"
1137
msgstr ""
1138
1139
#: serverguide/C/windows-networking.xml:844(command)
1140
msgid ""
1141
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1142
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1143
"SeRemoteShutdownPrivilege"
1144
msgstr ""
1145
1146
#: serverguide/C/windows-networking.xml:851(para)
1147
msgid ""
1148
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1149
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1150
"commented."
1151
msgstr ""
1152
"如果您不想使用 <emphasis>漫游式的配置文件</emphasis>,将 <emphasis>logon home</emphasis> 和 "
1153
"<emphasis>logon path</emphasis> 选项注释掉即可。"
1154
1155
#: serverguide/C/windows-networking.xml:860(para)
1156
msgid ""
1157
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1158
"role=\"italic\">logon home</emphasis> to be mapped:"
1159
msgstr ""
1160
"为使得 <emphasis role=\"italic\">logon home</emphasis> 被正确映射到,需要对 "
1161
"<emphasis>[homes]</emphasis> 共享设置取消注释。"
1162
1163
#: serverguide/C/windows-networking.xml:865(programlisting)
1164
#, no-wrap
1165
msgid ""
1166
"\n"
1167
"[homes]\n"
1168
" comment = Home Directories\n"
1169
" browseable = no\n"
1170
" read only = no\n"
1171
" create mask = 0700\n"
1172
" directory mask = 0700\n"
1173
" valid users = %S\n"
1174
msgstr ""
1175
"\n"
1176
"[homes]\n"
1177
" comment = Home Directories\n"
1178
" browseable = no\n"
1179
" read only = no\n"
1180
" create mask = 0700\n"
1181
" directory mask = 0700\n"
1182
" valid users = %S\n"
1183
1184
#: serverguide/C/windows-networking.xml:878(para)
1185
msgid ""
1186
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1187
"share needs to be configured. To enable the share, uncomment:"
1188
msgstr ""
1189
"当配置为域控制器时,<emphasis>[netlogon]</emphasis> 共享设置需要开启。 要开启该共享设置,则需要取消注释,使得其内容如下:"
1190
1191
#: serverguide/C/windows-networking.xml:883(programlisting)
1192
#, no-wrap
1193
msgid ""
1194
"\n"
1195
"[netlogon]\n"
1196
" comment = Network Logon Service\n"
1197
" path = /srv/samba/netlogon\n"
1198
" guest ok = yes\n"
1199
" read only = yes\n"
1200
" share modes = no\n"
1201
msgstr ""
1202
"\n"
1203
"[netlogon]\n"
1204
" comment = Network Logon Service\n"
1205
" path = /srv/samba/netlogon\n"
1206
" guest ok = yes\n"
1207
" read only = yes\n"
1208
" share modes = no\n"
1209
1210
#: serverguide/C/windows-networking.xml:893(para)
1211
msgid ""
1212
"The original <emphasis>netlogon</emphasis> share path is "
1213
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1214
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1215
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1216
"location for site-specific data provided by the system."
1217
msgstr ""
1218
"最初的 <emphasis>netlogon</emphasis> 共享路径是 "
1219
"<filename>/home/samba/netlogon</filename>。 为符合文件系统层次结构规范(FHS),系统自带的 <ulink "
1220
"url=\"http://www.pathname.com/fhs/pub/fhs-"
1221
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> 是站点特定数据的合适位置。"
1222
1223
#: serverguide/C/windows-networking.xml:904(para)
1224
msgid ""
1225
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1226
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1227
msgstr ""
1228
"创建 <filename role=\"directory\">netlogon</filename> 目录和一个暂时为空的脚本文件 "
1229
"<filename>logon.cmd</filename>:"
1230
1231
#: serverguide/C/windows-networking.xml:910(command)
1232
msgid "sudo mkdir -p /srv/samba/netlogon"
1233
msgstr "sudo mkdir -p /srv/samba/netlogon"
1234
1235
#: serverguide/C/windows-networking.xml:911(command)
1236
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1237
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1238
1239
#: serverguide/C/windows-networking.xml:914(para)
1240
msgid ""
1241
"You can enter any normal Windows logon script commands in "
1242
"<filename>logon.cmd</filename> to customize the client's environment."
1243
msgstr ""
1244
"您可以在 <filename>logon.cmd</filename> 中输入任何 Windows 登陆的脚本命令,用以定制客户的工作环境。"
1245
1246
#: serverguide/C/windows-networking.xml:922(para)
1247
msgid ""
1248
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1249
"workstation to the domain, a system group needs to be mapped to the Windows "
1250
"<emphasis>Domain Admins</emphasis> group. Using the "
1251
"<application>net</application> utility, from a terminal enter:"
1252
msgstr ""
1253
"<emphasis>root</emphasis> 账户默认是被禁止的,为使工作站加入到域,需要将一个系统组映射到 Windows "
1254
"<emphasis>Domain Admins</emphasis> 组。 可以使用工具 "
1255
"<application>net</application>,在终端输入:"
1256
1257
#: serverguide/C/windows-networking.xml:929(command)
1258
msgid ""
1259
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1260
"type=d"
1261
msgstr ""
1262
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1263
"type=d"
1264
1265
#: serverguide/C/windows-networking.xml:933(para)
1266
msgid ""
1267
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1268
"prefer. Also, the user used to join the domain needs to be a member of the "
1269
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1270
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1271
"allows <application>sudo</application> use."
1272
msgstr ""
1273
"将 <emphasis role=\"italic\">sysadmin</emphasis> "
1274
"组修改为任何您喜欢的组,此外,曾经加入到域的用户,需设置为 <emphasis>sysadmin</emphasis> 组的成员,同样也要将其设置为 "
1275
"<emphasis>admin</emphasis> 组的成员,因为 <emphasis>admin</emphasis> 组可以使用 "
1276
"<application>sudo</application> 命令。"
1277
1278
#: serverguide/C/windows-networking.xml:944(para)
1279
msgid "Finally, restart Samba to enable the new domain controller:"
1280
msgstr "最后,重启 Samba 服务以应用新的域控制器:"
1281
1282
#: serverguide/C/windows-networking.xml:956(para)
1283
msgid ""
1284
"You should now be able to join Windows clients to the Domain in the same "
1285
"manner as joining them to an NT4 domain running on a Windows server."
1286
msgstr "现在,您可以将 Windows 客户加入到域,正如将它们加入到运行在 Windows 服务器上的 NT4 域。"
1287
1288
#: serverguide/C/windows-networking.xml:966(title)
1289
msgid "Backup Domain Controller"
1290
msgstr "备份域控制器"
1291
1292
#: serverguide/C/windows-networking.xml:968(para)
1293
msgid ""
1294
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1295
"Backup Domain Controller (BDC) as well. This will allow clients to "
1296
"authenticate in case the PDC becomes unavailable."
1297
msgstr "网络有了主域控制器(PDC),最好也有个备份的域控制器(BDC),这样,一旦 PDC 不可用,还可以使用 BDC 进行客户认证。"
1298
1299
#: serverguide/C/windows-networking.xml:973(para)
1300
msgid ""
1301
"When configuring Samba as a BDC you need a way to sync account information "
1302
"with the PDC. There are multiple ways of accomplishing this "
1303
"<application>scp</application>, <application>rsync</application>, or by "
1304
"using <application>LDAP</application> as the <emphasis>passdb "
1305
"backend</emphasis>."
1306
msgstr ""
1307
"将 Samba 配置为 BDC 时,您需要一种方法来实现与 PDC "
1308
"同步账户信息,而做到这点可以有多种途径:<application>scp</application>, "
1309
"<application>rsync</application> 或者使用 <application>LDAP</application> 作为 "
1310
"<emphasis>passdb 后端</emphasis>。"
1311
1312
#: serverguide/C/windows-networking.xml:979(para)
1313
msgid ""
1314
"Using LDAP is the most robust way to sync account information, because both "
1315
"domain controllers can use the same information in real time. However, "
1316
"setting up a LDAP server may be overly complicated for a small number of "
1317
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1318
msgstr ""
1319
"使用 LDAP 同步帐户信息是最稳健的做法,因为 PDC 和 BDC 都可以实时地使用相同的信息。然而,对于为数不多的用户和计算机帐户,配置 LDAP "
1320
"服务器会可能过于繁琐。"
1321
1322
#: serverguide/C/windows-networking.xml:988(para)
1323
msgid ""
1324
"First, install <application>samba</application> and <application>libpam-"
1325
"smbpass</application>. From a terminal enter:"
1326
msgstr ""
1327
"首先,安装 <application>samba</application> 和 <application>libpam-"
1328
"smbpass</application>。 在终端中输入:"
1329
1330
#: serverguide/C/windows-networking.xml:999(para)
1331
msgid ""
1332
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1333
"following in the <emphasis>[global]</emphasis>:"
1334
msgstr ""
1335
"编辑 <filename>/etc/samba/smb.conf</filename>,取消注释 "
1336
"<emphasis>[global]</emphasis> 中如下项:"
1337
1338
#: serverguide/C/windows-networking.xml:1012(para)
1339
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1340
msgstr "对被注释掉的 <emphasis>Domains</emphasis> 项进行取消注释,或者,如果没有该项则进行添加:"
1341
1342
#: serverguide/C/windows-networking.xml:1016(programlisting)
1343
#, no-wrap
1344
msgid ""
1345
"\n"
1346
" domain logons = yes\n"
1347
" domain master = no\n"
1348
msgstr ""
1349
"\n"
1350
" domain logons = yes\n"
1351
" domain master = no\n"
1352
1353
#: serverguide/C/windows-networking.xml:1024(para)
1354
msgid ""
1355
"Make sure a user has rights to read the files in "
1356
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1357
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1358
"files, enter:"
1359
msgstr ""
1360
"确保用户有权限读取 <filename>/var/lib/samba</filename> 中的文件。例如,为使得 "
1361
"<emphasis>admin</emphasis> 组的用户可以 <application>scp</application> "
1362
"其中的文件,在终端输入命令:"
1363
1364
#: serverguide/C/windows-networking.xml:1030(command)
1365
msgid "sudo chgrp -R admin /var/lib/samba"
1366
msgstr "sudo chgrp -R admin /var/lib/samba"
1367
1368
#: serverguide/C/windows-networking.xml:1036(para)
1369
msgid ""
1370
"Next, sync the user accounts, using <application>scp</application> to copy "
1371
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1372
msgstr ""
1373
"接下来,同步用户帐号。 使用 <application>scp</application> 从 PDC 上拷贝 目录 "
1374
"<filename>/var/lib/samba</filename>:"
1375
1376
#: serverguide/C/windows-networking.xml:1042(command)
1377
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1378
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1379
1380
#: serverguide/C/windows-networking.xml:1046(para)
1381
msgid ""
1382
"Replace <emphasis>username</emphasis> with a valid username and "
1383
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1384
msgstr ""
1385
"使用一个合法的用户名替换 <emphasis>username</emphasis>,并使用实际的 PDC 主机名或其 IP 地址替换 "
1386
"<emphasis>pdc</emphasis>。"
1387
1388
#: serverguide/C/windows-networking.xml:1055(para)
1389
msgid "Finally, restart <application>samba</application>:"
1390
msgstr "最后, 重启 <application>samba</application>:"
1391
1392
#: serverguide/C/windows-networking.xml:1067(para)
1393
msgid ""
1394
"You can test that your Backup Domain controller is working by stopping the "
1395
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1396
"the domain."
1397
msgstr "您可以这样来测试备份域控制器是否正确工作:在 PDC 上停止 Samba 守护进程,然后偿试登陆到一台加入域的 Windows 客户机。"
1398
1399
#: serverguide/C/windows-networking.xml:1072(para)
1400
msgid ""
1401
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1402
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1403
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1404
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1405
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1406
msgstr ""
1407
"另外需要牢记的一点是:如果您在 PDC 上将一个目录配置为 <emphasis>logon home</emphasis>,而 PDC "
1408
"无法访问时,则用户的 <emphasis>Home</emphasis> 位置也将无法访问。 出于这个原因,最好将 <emphasis>logon "
1409
"home</emphasis> 配置为驻留在 PDC 和 BDC 之外独立的文件服务器上。"
1410
1411
#: serverguide/C/windows-networking.xml:1102(para)
1412
msgid ""
1413
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1414
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1415
"up a Primary Domain Controller."
1416
msgstr ""
1417
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1418
"pdc.html\">第 4 章</ulink> 关于配置 Samba 为主域控制器的 HOWTO 收集。"
1419
1420
#: serverguide/C/windows-networking.xml:1108(para)
1421
msgid ""
1422
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1423
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1424
"explains setting up a Backup Domain Controller."
1425
msgstr ""
1426
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1427
"Collection/samba-bdc.html\">第 5 章</ulink> 关于配置 Samba 为备份域控制器的 HOWTO 收集。"
1428
1429
#: serverguide/C/windows-networking.xml:1123(title)
1430
msgid "Samba Active Directory Integration"
1431
msgstr "Samba 活动目录集成"
1432
1433
#: serverguide/C/windows-networking.xml:1126(title)
1434
msgid "Accessing a Samba Share"
1435
msgstr "访问 Samba 共享"
1436
1437
#: serverguide/C/windows-networking.xml:1128(para)
1438
msgid ""
1439
"Another, use for Samba is to integrate into an existing Windows network. "
1440
"Once part of an Active Directory domain, Samba can provide file and print "
1441
"services to AD users."
1442
msgstr ""
1443
"Samba 另一个用途是集成到一个现存的 Windows 网络。 一旦成为活动目录域的一部分,Samba 就可以为活动目录(AD)用户提供文件和打印服务。"
1444
1445
#: serverguide/C/windows-networking.xml:1133(para)
1446
msgid ""
1447
"The simplest way to join an AD domain is to use <application>Likewise-"
1448
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1449
"open\"/>."
1450
msgstr ""
1451
"加入到活动目录(AD)域的最简单的方法就是使用 <application>Likewise-open</application>。 详情请参考 "
1452
"<xref linkend=\"likewise-open\"/>。"
1453
1454
#: serverguide/C/windows-networking.xml:1138(para)
1455
msgid ""
1456
"Once part of the domain, enter the following command in the terminal prompt:"
1457
msgstr ""
1458
1459
#: serverguide/C/windows-networking.xml:1143(command)
1460
msgid "sudo apt-get install samba smbfs smbclient"
1461
msgstr "sudo apt-get install samba smbfs smbclient"
1462
1463
#: serverguide/C/windows-networking.xml:1146(para)
1464
msgid ""
1465
"Since the <application>likewise-open</application> and "
1466
"<application>samba</application> packages use separate "
1467
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1468
"<filename role=\"directory\">/var/lib/samba</filename>:"
1469
msgstr ""
1470
"从<application>likewise-"
1471
"open</application>和<application>samba</application>使用独立安装包<filename>secrets.t"
1472
"db</filename>文件起,符号连接必需创建在<filename "
1473
"role=\"directory\">/var/lib/samba</filename>:"
1474
1475
#: serverguide/C/windows-networking.xml:1152(command)
1476
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1477
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1478
1479
#: serverguide/C/windows-networking.xml:1153(command)
1480
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1481
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1482
1483
#: serverguide/C/windows-networking.xml:1156(para)
1484
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1485
msgstr "下一步,编辑 <filename>/etc/samba/smb.conf</filename>,修改:"
1486
1487
#: serverguide/C/windows-networking.xml:1160(programlisting)
1488
#, no-wrap
1489
msgid ""
1490
"\n"
1491
" workgroup = EXAMPLE\n"
1492
" ...\n"
1493
" security = ads\n"
1494
" realm = EXAMPLE.COM\n"
1495
" ...\n"
1496
" idmap backend = lwopen\n"
1497
" idmap uid = 50-9999999999\n"
1498
" idmap gid = 50-9999999999\n"
1499
msgstr ""
1500
"\n"
1501
" workgroup = EXAMPLE\n"
1502
" ...\n"
1503
" security = ads\n"
1504
" realm = EXAMPLE.COM\n"
1505
" ...\n"
1506
" idmap backend = lwopen\n"
1507
" idmap uid = 50-9999999999\n"
1508
" idmap gid = 50-9999999999\n"
1509
1510
#: serverguide/C/windows-networking.xml:1171(para)
1511
msgid ""
1512
"Restart <application>samba</application> for the new settings to take effect:"
1513
msgstr "重启<application>samba</application>为新的设置生效:"
1514
1515
#: serverguide/C/windows-networking.xml:1180(para)
1516
msgid ""
1517
"You should now be able to access any <application>Samba</application> shares "
1518
"from a Windows client. However, be sure to give the appropriate AD users or "
1519
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1520
"security\"/> for more details."
1521
msgstr ""
1522
"现在你应该能够从 Windows 客户端访问任何<application>Samba</application>共享了。但是,一定要给 AD "
1523
"用户或者组分配合适的共享目录。请参考<xref linkend=\"samba-fileprint-security\"/>获得更多详细信息。"
1524
1525
#: serverguide/C/windows-networking.xml:1188(title)
1526
msgid "Accessing a Windows Share"
1527
msgstr "访问 Windows 共享文件"
1528
1529
#: serverguide/C/windows-networking.xml:1190(para)
1530
msgid ""
1531
"Now that the Samba server is part of the Active Directory domain you can "
1532
"access any Windows server shares:"
1533
msgstr "Samba 已经是活动目录域的一部分,您可以任意访问 Windows 的共享:"
1534
1535
#: serverguide/C/windows-networking.xml:1197(para)
1536
msgid ""
1537
"To mount a Windows file share enter the following in a terminal prompt:"
1538
msgstr "挂载 Windows 文件共享,在终端命令行中输入:"
1539
1540
#: serverguide/C/windows-networking.xml:1201(command)
1541
msgid "mount.cifs //fs01.example.com/share mount_point"
1542
msgstr "mount.cifs //fs01.example.com/share mount_point"
1543
1544
#: serverguide/C/windows-networking.xml:1204(para)
1545
msgid ""
1546
"It is also possible to access shares on computers not part of an AD domain, "
1547
"but a username and password will need to be provided."
1548
msgstr "也可访问非活动域的计算机,不过,需要提供用户名和密码。"
1549
1550
#: serverguide/C/windows-networking.xml:1212(para)
1551
msgid ""
1552
"To mount the share during boot place an entry in "
1553
"<filename>/etc/fstab</filename>, for example:"
1554
msgstr "在系统启动时挂载共享,需要在 <filename>/etc/fstab</filename> 中添加相应项,例如:"
1555
1556
#: serverguide/C/windows-networking.xml:1216(programlisting)
1557
#, no-wrap
1558
msgid ""
1559
"\n"
1560
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1561
"0 0\n"
1562
msgstr ""
1563
"\n"
1564
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1565
"0 0\n"
1566
1567
#: serverguide/C/windows-networking.xml:1223(para)
1568
msgid ""
1569
"Another way to copy files from a Windows server is to use the "
1570
"<application>smbclient</application> utility. To list the files in a Windows "
1571
"share:"
1572
msgstr ""
1573
"从 Windows 服务器拷贝文件的另一种方法是使用 <application>smbclient</application> 程序。 列出 "
1574
"Windows 共享的文件:"
1575
1576
#: serverguide/C/windows-networking.xml:1229(command)
1577
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1578
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1579
1580
#: serverguide/C/windows-networking.xml:1235(para)
1581
msgid "To copy a file from the share, enter:"
1582
msgstr "从共享中拷贝文件,输入:"
1583
1584
#: serverguide/C/windows-networking.xml:1240(command)
1585
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1586
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1587
1588
#: serverguide/C/windows-networking.xml:1243(para)
1589
msgid ""
1590
"This will copy the <filename>file.txt</filename> into the current directory."
1591
msgstr "这将拷贝 <filename>file.txt</filename> 到当前目录。"
1592
1593
#: serverguide/C/windows-networking.xml:1250(para)
1594
msgid "And to copy a file to the share:"
1595
msgstr "同时,拷贝文件到共享:"
1596
1597
#: serverguide/C/windows-networking.xml:1255(command)
1598
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1599
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1600
1601
#: serverguide/C/windows-networking.xml:1258(para)
1602
msgid ""
1603
"This will copy the <filename>/etc/hosts</filename> to "
1604
"<filename>//fs01.example.com/share/hosts</filename>."
1605
msgstr ""
1606
"它会将<filename>/etc/hosts</filename>复制到<filename>//fs01.example.com/share/hosts"
1607
"</filename>."
1608
1609
#: serverguide/C/windows-networking.xml:1265(para)
1610
msgid ""
1611
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1612
"<application>smbclient</application> command all at once. This is useful for "
1613
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1614
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1615
"and directory commands, simply execute:"
1616
msgstr ""
1617
"以上使用到的 <emphasis>-c</emphasis> 选项允许您同时执行多个 "
1618
"<application>smbclient</application> 命令,这有利于使用脚本及少量的文件操作。 <emphasis>smb: \\"
1619
"></emphasis> 命令行类似于 FTP 命令行,您可以使用它进行普通的文件目录操作,要进入其命令行,只需执行:"
1620
1621
#: serverguide/C/windows-networking.xml:1272(command)
1622
msgid "smbclient //fs01.example.com/share -k"
1623
msgstr "smbclient //fs01.example.com/share -k"
1624
1625
#: serverguide/C/windows-networking.xml:1279(para)
1626
msgid ""
1627
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1628
"<emphasis>//192.168.0.5/share</emphasis>, "
1629
"<emphasis>username=steve,password=secret</emphasis>, and "
1630
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1631
"file name, and an actual username and password with rights to the share."
1632
msgstr ""
1633
"使用您的服务器IP,主机名,共享名,文件名,以及一个有访问共享权限的真实用户名和密码,替换所有<emphasis>fs01.example.com/sha"
1634
"re</emphasis>,<emphasis>//192.168.0.5/share</emphasis>,<emphasis>username=ste"
1635
"ve,password=secret</emphasis> 和 <emphasis>file.txt</emphasis> 的实例。"
1636
1637
#: serverguide/C/windows-networking.xml:1290(para)
1638
msgid ""
1639
"For more <application>smbclient</application> options see the man page: "
1640
"<command>man smbclient</command>, also available <ulink "
1641
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1642
">online</ulink>."
1643
msgstr ""
1644
1645
#: serverguide/C/windows-networking.xml:1295(para)
1646
msgid ""
1647
"The <application>mount.cifs</application><ulink "
1648
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1649
"\">man page</ulink> is also useful for more detailed information."
1650
msgstr ""
1651
1652
#: serverguide/C/windows-networking.xml:1308(title)
1653
msgid "Likewise Open"
1654
msgstr "Likewise Open"
1655
1656
#: serverguide/C/windows-networking.xml:1310(para)
1657
msgid ""
1658
"<application>Likewise Open</application> simplifies the necessary "
1659
"configuration needed to authenticate a Linux machine to an Active Directory "
1660
"domain. Based on <application>winbind</application>, the "
1661
"<application>likewise-open</application> package takes the pain out of "
1662
"integrating Ubuntu authentication into an existing Windows network."
1663
msgstr ""
1664
"<application>Likewise Open</application>简化了Linux机器获得授权登陆Active "
1665
"Directory域名所需必要的设置。基于<application>winbind</application>,<application>likewise"
1666
"-open</application>软件包省去了将Ubuntu授权认证整合到已有的Windows网络中的麻烦。"
1667
1668
#: serverguide/C/windows-networking.xml:1319(para)
1669
msgid ""
1670
"There are two ways to use Likewise Open, <application>likewise-"
1671
"open</application> the command line utility and <application>likewise-open-"
1672
"gui</application>. This section focuses on the command line utility."
1673
msgstr ""
1674
"使用Likewise Open有两种方法,<application>likewise-"
1675
"open</application>命令行工具和<application>likewise-open-gui</application>。 "
1676
"本章节着重讲解命令行工具。"
1677
1678
#: serverguide/C/windows-networking.xml:1324(para)
1679
msgid ""
1680
"To install the <application>likewise-open</application> package, open a "
1681
"terminal prompt and enter:"
1682
msgstr "要安装<application>likewise-open</application>软件包,打开一个终端模拟器并输入:"
1683
1684
#: serverguide/C/windows-networking.xml:1329(command)
1685
msgid "sudo apt-get install likewise-open"
1686
msgstr "sudo apt-get install likewise-open"
1687
1688
#: serverguide/C/windows-networking.xml:1334(title)
1689
msgid "Joining a Domain"
1690
msgstr "加入到某一域名"
1691
1692
#: serverguide/C/windows-networking.xml:1336(para)
1693
msgid ""
1694
"The main executable file of the <application>likewise-open</application> "
1695
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1696
"join your computer to the domain. Before you join a domain you will need to "
1697
"make sure you have:"
1698
msgstr ""
1699
"<application>likewise-"
1700
"open</application>包的主要可执行文件是<filename>/usr/bin/domainjoin-"
1701
"cli</filename>,这是用来把你的电脑连接到域的。在连接到域之前,你需要确定具备:"
1702
1703
#: serverguide/C/windows-networking.xml:1344(para)
1704
msgid ""
1705
"Access to an Active Directory user with appropriate rights to join the "
1706
"domain."
1707
msgstr "进入到某Active Directory用户并有加入到域名的合适权限。"
1708
1709
#: serverguide/C/windows-networking.xml:1349(para)
1710
msgid ""
1711
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1712
"you want to join. If your AD domain does not match a valid domain such as "
1713
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1714
"the form of <emphasis>domainname.local</emphasis>."
1715
msgstr ""
1716
"您想加入的域的 <emphasis>完全限定域名</emphasis>(FQDN)。 如果您的活动目录域未能匹配一个合法的域,例如<emphasis "
1717
"role=\"italic\">example.com</emphasis>,可能是由于它是 "
1718
"<emphasis>domainname.local</emphasis> 形式的。"
1719
1720
#: serverguide/C/windows-networking.xml:1356(para)
1721
msgid ""
1722
"DNS for the domain setup properly. In a production AD environment this "
1723
"should be the case. Proper Microsoft DNS is needed so that client "
1724
"workstations can determine the Active Directory domain is available."
1725
msgstr ""
1726
"域的 DNS 设置正确。 在生产活动目录环境,应该是如此。 需要有正确的 Microsoft DNS,这样,客户端工作站可以确定活动目录域可用。"
1727
1728
#: serverguide/C/windows-networking.xml:1360(para)
1729
msgid ""
1730
"If you don't have a Windows DNS server on your network, see <xref "
1731
"linkend=\"likewise-open-ms-dns\"/> for details."
1732
msgstr ""
1733
"如果您的网络没有 Windows DNS 服务器,查看 <xref linkend=\"likewise-open-ms-dns\"/> 以了解更多。"
1734
1735
#: serverguide/C/windows-networking.xml:1367(para)
1736
msgid "To join a domain, from a terminal prompt enter:"
1737
msgstr "要加入到一个域名,在终端里输入:"
1738
1739
#: serverguide/C/windows-networking.xml:1372(command)
1740
msgid "sudo domainjoin-cli join example.com Administrator"
1741
msgstr "sudo domainjoin-cli join example.com Administrator"
1742
1743
#: serverguide/C/windows-networking.xml:1376(para)
1744
msgid ""
1745
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1746
"<emphasis>Administrator</emphasis> with the appropriate user name."
1747
msgstr ""
1748
"将 <emphasis>example.com</emphasis> 替换为您的域名,并将 "
1749
"<emphasis>Administrator</emphasis> 替换为合适的用户名。"
1750
1751
#: serverguide/C/windows-networking.xml:1382(para)
1752
msgid ""
1753
"You will then be prompted for the user's password. If all goes well a "
1754
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1755
msgstr "接下来你会收到提示让你输入用户密码。如果一切顺利,你会看到终端里打印出<emphasis>SUCCESS</emphasis>的消息。"
1756
1757
#: serverguide/C/windows-networking.xml:1388(para)
1758
msgid ""
1759
"After joining the domain, it is necessary to reboot before attempting to "
1760
"authenticate against the domain."
1761
msgstr "在加入到某个域名后,有必要在认证此域名前重启。"
1762
1763
#: serverguide/C/windows-networking.xml:1394(para)
1764
msgid ""
1765
"After successfully joining an Ubuntu machine to an Active Directory domain "
1766
"you can authenticate using any valid AD user. To login you will need to "
1767
"enter the user name as 'domain\\username'. For example to ssh to a server "
1768
"joined to the domain enter:"
1769
msgstr ""
1770
"成功将Ubuntu机器加入到Active Directory域名中后,你就可以使用任何有效的AD用户进行身份验证。要想登陆,可以以‘域名\\"
1771
"用户名’形式输入用户的名字。如你要ssh到一个连接到某域名的服务器,输入:"
1772
1773
#: serverguide/C/windows-networking.xml:1401(command)
1774
msgid "ssh 'example\\steve'@hostname"
1775
msgstr "ssh 'example\\steve'@hostname"
1776
1777
#: serverguide/C/windows-networking.xml:1405(para)
1778
msgid ""
1779
"If configuring a Desktop the user name will need to be prefixed with "
1780
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1781
msgstr ""
1782
"如果是配置桌面,用户的名字也需要在图形登陆窗口以<emphasis role=\"italic\">domain\\</emphasis>为前缀。"
1783
1784
#: serverguide/C/windows-networking.xml:1411(para)
1785
msgid ""
1786
"To make likewise-open use a default domain, you can add the following "
1787
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1788
msgstr ""
1789
"要让 likewise-open 使用默认域,您可以在 <filename>/etc/samba/lwiauthd.conf</filename> "
1790
"中添加如下语句:"
1791
1792
#: serverguide/C/windows-networking.xml:1415(programlisting)
1793
#, no-wrap
1794
msgid ""
1795
"\n"
1796
"winbind use default domain = yes\n"
1797
msgstr ""
1798
"\n"
1799
"winbind use default domain = yes\n"
1800
1801
#: serverguide/C/windows-networking.xml:1419(para)
1802
msgid "Then restart the <application>likewise-open</application> daemons:"
1803
msgstr "然后,重启 <application>likewise-open</application> 守护进程:"
1804
1805
#: serverguide/C/windows-networking.xml:1424(command)
1806
msgid "sudo /etc/init.d/likewise-open restart"
1807
msgstr "sudo /etc/init.d/likewise-open restart"
1808
1809
#: serverguide/C/windows-networking.xml:1428(para)
1810
msgid ""
1811
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1812
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1813
"using only their username."
1814
msgstr ""
1815
"一旦配置为使用 <emphasis>默认域</emphasis>,就不必使用 <emphasis role=\"italic\">'domain\\"
1816
"'</emphasis>,用户使用其用户名即可登陆。"
1817
1818
#: serverguide/C/windows-networking.xml:1434(para)
1819
msgid ""
1820
"The <application>domainjoin-cli</application> utility can also be used to "
1821
"leave the domain. From a terminal:"
1822
msgstr "<application>domainjoin-cli</application>工具可用来脱离某域名。在终端输入:"
1823
1824
#: serverguide/C/windows-networking.xml:1439(command)
1825
msgid "sudo domainjoin-cli leave"
1826
msgstr "sudo domainjoin-cli leave"
1827
1828
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1829
msgid "Other Utilities"
1830
msgstr "其它工具"
1831
1832
#: serverguide/C/windows-networking.xml:1446(para)
1833
msgid ""
1834
"The <application>likewise-open</application> package comes with a few other "
1835
"utilities that may be useful for gathering information about the Active "
1836
"Directory environment. These utilities are used to join the machine to the "
1837
"domain, and are the same as those available in the <application>samba-"
1838
"common</application> and <application>winbind</application> packages:"
1839
msgstr ""
1840
"<application>likewise-open</application>一些其它的工具一起对于收集Active "
1841
"Directory环境下的信息很有用处。这些工具可用来将机器加入到某域名中,和那些在<application>samba-"
1842
"common</application>和<application>winbind</application>中的工具相同:"
1843
1844
#: serverguide/C/windows-networking.xml:1455(para)
1845
msgid ""
1846
"<application>lwinet</application>: Returns information about the network and "
1847
"the domain."
1848
msgstr "<application>lwinet</application>:返回有关网络和域名的信息。"
1849
1850
#: serverguide/C/windows-networking.xml:1460(para)
1851
msgid ""
1852
"<application>lwimsg</application>: Allows interaction with the "
1853
"<application>likewise-winbindd</application> daemon."
1854
msgstr ""
1855
"<application>lwimsg</application>:允许与<application>likewise-"
1856
"winbindd</application>程序进行交互操作。"
1857
1858
#: serverguide/C/windows-networking.xml:1465(para)
1859
msgid ""
1860
"<application>lwiinfo</application>: Displays information about various parts "
1861
"of the Domain."
1862
msgstr "<application>lwiinfo</application>:显示关于域名的各个部分的信息。"
1863
1864
#: serverguide/C/windows-networking.xml:1471(para)
1865
msgid "Please refer to each utility's man page specific for details."
1866
msgstr "详细信息请参见各个工具的帮助信息。"
1867
1868
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1869
msgid "Troubleshooting"
1870
msgstr "疑难解答"
1871
1872
#: serverguide/C/windows-networking.xml:1481(para)
1873
msgid ""
1874
"If the client has trouble joining the domain, double check that the "
1875
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1876
"example:"
1877
msgstr ""
1878
"如果客户端加入域时遇到困难,仔细检查 <filename>/etc/resolv.conf</filename>,确保 Microsoft DNS "
1879
"列在最前面。例如:"
1880
1881
#: serverguide/C/windows-networking.xml:1486(programlisting)
1882
#, no-wrap
1883
msgid ""
1884
"\n"
1885
"nameserver 192.168.0.1\n"
1886
msgstr ""
1887
"\n"
1888
"nameserver 192.168.0.1\n"
1889
1890
#: serverguide/C/windows-networking.xml:1491(para)
1891
msgid ""
1892
"For more information when joining a domain, use the <emphasis>--loglevel "
1893
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1894
"<application>domainjoin-cli</application> utility:"
1895
msgstr ""
1896
"要了解更多有关加入域的信息,在程序 <application>domainjoin-cli</application> 中使用 <emphasis>--"
1897
"loglevel verbose</emphasis> 或 <emphasis>--advanced</emphasis> 选项:"
1898
1899
#: serverguide/C/windows-networking.xml:1497(command)
1900
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1901
msgstr ""
1902
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1903
1904
#: serverguide/C/windows-networking.xml:1501(para)
1905
msgid ""
1906
"If an Active Directory user has trouble logging in, check the "
1907
"<filename>/var/log/auth.log</filename> for details."
1908
msgstr "如果活动目录用户在登陆时遇到困难,查看 <filename>/var/log/auth.log</filename> 以了解详情。"
1909
1910
#: serverguide/C/windows-networking.xml:1506(para)
1911
msgid ""
1912
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1913
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1914
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1915
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1916
"<emphasis>hosts</emphasis> option. For example:"
1917
msgstr ""
1918
1919
#: serverguide/C/windows-networking.xml:1512(programlisting)
1920
#, no-wrap
1921
msgid ""
1922
"\n"
1923
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1924
msgstr ""
1925
"\n"
1926
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1927
1928
#: serverguide/C/windows-networking.xml:1516(para)
1929
msgid "Change the above to:"
1930
msgstr "将以上修改为:"
1931
1932
#: serverguide/C/windows-networking.xml:1520(programlisting)
1933
#, no-wrap
1934
msgid ""
1935
"\n"
1936
"hosts: files dns [NOTFOUND=return]\n"
1937
msgstr ""
1938
"\n"
1939
"hosts: files dns [NOTFOUND=return]\n"
1940
1941
#: serverguide/C/windows-networking.xml:1524(para)
1942
msgid "Then restart networking by entering:"
1943
msgstr "然后,重启 networking 服务:"
1944
1945
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1946
msgid "sudo /etc/init.d/networking restart"
1947
msgstr "sudo /etc/init.d/networking restart"
1948
1949
#: serverguide/C/windows-networking.xml:1532(para)
1950
msgid "You should now be able to join the Active Directory domain."
1951
msgstr "现在您应该可以加入到活动目录域。"
1952
1953
#: serverguide/C/windows-networking.xml:1540(title)
1954
msgid "Microsoft DNS"
1955
msgstr "Microsoft DNS"
1956
1957
#: serverguide/C/windows-networking.xml:1542(para)
1958
msgid ""
1959
"The following are instructions for installing DNS on an Active Directory "
1960
"domain controller running Windows Server 2003, but the instructions should "
1961
"be similar for other versions:"
1962
msgstr "如下操作步骤,是在运行 Windows Server 2003 的活动目录域控制器上安装 DNS。 在其它版本上,这些操作步骤大致相同:"
1963
1964
#: serverguide/C/windows-networking.xml:1551(para)
1965
msgid ""
1966
"Click "
1967
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1968
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1969
"This will open the <application>Server Role Mangement</application> utility."
1970
msgstr ""
1971
1972
#: serverguide/C/windows-networking.xml:1559(para)
1973
msgid "Click <guilabel>Add or remove a role</guilabel>"
1974
msgstr ""
1975
1976
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1977
msgid "Click Next"
1978
msgstr "点击下一步"
1979
1980
#: serverguide/C/windows-networking.xml:1561(para)
1981
msgid "Select \"DNS Server\""
1982
msgstr "选择 ”DNS 服务器“"
1983
1984
#: serverguide/C/windows-networking.xml:1563(para)
1985
msgid "Click Next again to proceed"
1986
msgstr ""
1987
1988
#: serverguide/C/windows-networking.xml:1564(para)
1989
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1990
msgstr "如果 “创建正向查找区域” 项未被选取,则选取。"
1991
1992
#: serverguide/C/windows-networking.xml:1566(para)
1993
msgid ""
1994
"Make sure \"This server maintains the zone\" is selected and click Next."
1995
msgstr "确保 “这台服务器维护该区域” 项被选取,点击下一步。"
1996
1997
#: serverguide/C/windows-networking.xml:1567(para)
1998
msgid "Enter your domain name and click Next"
1999
msgstr "输入域名,点击下一步"
2000
2001
#: serverguide/C/windows-networking.xml:1568(para)
2002
msgid "Click Next to \"Allow only secure dynamic updates\""
2003
msgstr "选取 “只允许安全的动态更新”,点击下一步"
2004
2005
#: serverguide/C/windows-networking.xml:1570(para)
2006
msgid ""
2007
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2008
"should not forward queries\" and click Next."
2009
msgstr "输入 DNS 服务要转发查询的目的 IP 地址,或选择 “否,不向前转发查询”, 点击下一步。"
2010
2011
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2012
msgid "Click Finish"
2013
msgstr "点击完成"
2014
2015
#: serverguide/C/windows-networking.xml:1577(para)
2016
msgid ""
2017
"DNS is now installed and can be further configured using the "
2018
"<application>Microsoft Management Console</application> DNS snap-in."
2019
msgstr ""
2020
"DNS 安装完成,并可以使用 <application>微软管理控制台(mmc)</application> DNS 管理单元作进一步配置。"
2021
2022
#: serverguide/C/windows-networking.xml:1585(para)
2023
msgid "Click Start"
2024
msgstr "点击开始菜单"
2025
2026
#: serverguide/C/windows-networking.xml:1586(para)
2027
msgid "Control Panel"
2028
msgstr "控制面板"
2029
2030
#: serverguide/C/windows-networking.xml:1587(para)
2031
msgid "Network Connections"
2032
msgstr "网络连接"
2033
2034
#: serverguide/C/windows-networking.xml:1588(para)
2035
msgid "Right Click \"Local Area Connection\""
2036
msgstr "右键点击 “本地连接”"
2037
2038
#: serverguide/C/windows-networking.xml:1589(para)
2039
msgid "Click Properties"
2040
msgstr "点击属性"
2041
2042
#: serverguide/C/windows-networking.xml:1590(para)
2043
msgid "Double click \"Internet Protocol (TCP/IP)\""
2044
msgstr "双击 \"Internet Protocol (TCP/IP)\""
2045
2046
#: serverguide/C/windows-networking.xml:1591(para)
2047
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2048
msgstr "输入服务器 IP 地址作为 “首选 DNS 服务器”"
2049
2050
#: serverguide/C/windows-networking.xml:1592(para)
2051
msgid "Click Ok"
2052
msgstr "点击确定"
2053
2054
#: serverguide/C/windows-networking.xml:1593(para)
2055
msgid "Click Ok again to save the settings"
2056
msgstr "再次点击确定以保存设置"
2057
2058
#: serverguide/C/windows-networking.xml:1582(para)
2059
msgid ""
2060
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2061
msgstr "接下来,配置服务器使用自己的 DNS 查询:<placeholder-1/>"
2062
2063
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2064
msgid "References"
2065
msgstr "参考资料"
2066
2067
#: serverguide/C/windows-networking.xml:1602(para)
2068
msgid ""
2069
"Please refer to the <ulink "
2070
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2071
"further information."
2072
msgstr ""
2073
"更多信息请参见<ulink url=\"http://www.likewisesoftware.com/\">Likewise</ulink>的主页。"
2074
2075
#: serverguide/C/windows-networking.xml:1606(para)
2076
msgid ""
2077
"For more <application>domainjoin-cli</application> options see the man page: "
2078
"<command>man domainjoin-cli</command>."
2079
msgstr ""
2080
"更多有关 <application>domainjoin-cli</application> 的选项,请查阅使用手册 <command>man "
2081
"domainjoin-cli</command>。"
2082
2083
#: serverguide/C/windows-networking.xml:1610(para)
2084
msgid ""
2085
"Also, see the <ulink "
2086
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2087
"LikewiseOpen</ulink> page."
2088
msgstr ""
2089
2090
#: serverguide/C/web-servers.xml:13(title)
2091
msgid "Web Servers"
2092
msgstr "Web 服务器"
2093
2094
#: serverguide/C/web-servers.xml:14(para)
2095
msgid ""
2096
"A Web server is a software responsible for accepting HTTP requests from "
2097
"clients, which are known as Web browsers, and serving them HTTP responses "
2098
"along with optional data contents, which usually are Web pages such as HTML "
2099
"documents and linked objects (images, etc.)."
2100
msgstr ""
2101
"Web 服务器是一个负责接受来自客户端的 HTTP 请求的软件,并向它们返回 HTTP 应答与可选的数据内容,其中这些客户端称为 Web "
2102
"浏览器,而返回的数据通常是 Web 页面,如 HTML 文档和链接的对象 (图像等)。"
2103
2104
#: serverguide/C/web-servers.xml:19(title)
2105
msgid "HTTPD - Apache2 Web Server"
2106
msgstr "HTTPD - Apache2 Web 服务器"
2107
2108
#: serverguide/C/web-servers.xml:20(para)
2109
msgid ""
2110
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2111
"are used to serve Web Pages requested by client computers. Clients typically "
2112
"request and view Web Pages using Web Browser applications such as "
2113
"<application>Firefox</application>, <application>Opera</application>, or "
2114
"<application>Mozilla</application>."
2115
msgstr ""
2116
"Apache 是在 Linux 系统中使用最为广泛的 Web 服务器。Web 服务器被用来提供客户计算机所请求的 Web 页。客户计算机通常使用 Web "
2117
"浏览器来请求和查看 Web 页,如 "
2118
"<application>Firefox</application>、<application>Opera</application>,或是 "
2119
"<application>Mozilla</application>。"
2120
2121
#: serverguide/C/web-servers.xml:24(para)
2122
msgid ""
2123
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2124
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2125
"resource. For example, to view the home page of the <ulink "
2126
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2127
"the FQDN. To request specific information about <ulink "
2128
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2129
"enter the FQDN followed by a path."
2130
msgstr ""
2131
"用户输入一个统一资源定位器 (Uniform Resource Locator, URL) 来通过全称域名 (Fully Qualified "
2132
"Domain Name, FQDN) 和到所需资源的路径指向一台 Web 服务器。例如,要查看 <ulink "
2133
"url=\"http://www.ubuntu.com\">Ubuntu 网站</ulink> 的主页,用户只需输入其 FQDN。而当要请求关于 "
2134
"<ulink url=\"http://www.ubuntu.com/support/paid\">收费支持</ulink> 的特定信息时,用户就要输入 "
2135
"FQDN 及后面的路径。"
2136
2137
#: serverguide/C/web-servers.xml:29(para)
2138
msgid ""
2139
"The most common protocol used to transfer Web pages is the Hyper Text "
2140
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2141
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2142
"protocol for uploading and downloading files, are also supported."
2143
msgstr ""
2144
"用于传输网页的最常用协议就是超文本传输协议 (HTTP)。也支持诸如基于安全套接层的超文本传输协议 (HTTPS) 以及用于上传和下载文件的文件传输协议 "
2145
"(FTP) 等协议。"
2146
2147
#: serverguide/C/web-servers.xml:33(para)
2148
msgid ""
2149
"Apache Web Servers are often used in combination with the "
2150
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2151
"(<application>PHP</application>) scripting language, and other popular "
2152
"scripting languages such as <application>Python</application> and "
2153
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2154
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2155
"for the development and deployment of Web-based applications."
2156
msgstr ""
2157
"Apache Web 服务器常与 <application>MySQL</application> 数据库引擎、超文本处理器 "
2158
"(<application>PHP</application>) "
2159
"脚本语言及其他流行的脚本语言如<application>Python</application> 和 "
2160
"<application>Perl</application> 组合在一起。这一组合被称为 LAMP (Linux, Apache, MySQL and "
2161
"Perl/Python/PHP) ,并形成一个强大健壮的开发基于 Web 应用程序的开发平台。"
2162
2163
#: serverguide/C/web-servers.xml:42(para)
2164
msgid ""
2165
"The <application>Apache2</application> web server is available in Ubuntu "
2166
"Linux. To install Apache2:"
2167
msgstr ""
2168
2169
#: serverguide/C/web-servers.xml:48(para)
2170
msgid "At a terminal prompt enter the following command:"
2171
msgstr "在终端命令行输入如下命令:"
2172
2173
#: serverguide/C/web-servers.xml:53(command)
2174
msgid "sudo apt-get install apache2"
2175
msgstr "sudo apt-get install apache2"
2176
2177
#: serverguide/C/web-servers.xml:63(para)
2178
msgid ""
2179
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2180
"text configuration files. These <emphasis>directives</emphasis> are "
2181
"separated between the following files and directories:"
2182
msgstr ""
2183
2184
#: serverguide/C/web-servers.xml:71(para)
2185
msgid ""
2186
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2187
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2188
msgstr ""
2189
"<emphasis>apache2.conf:</emphasis> Apache2 的主要配置文件。 包含了 Apache2 "
2190
"的<emphasis>全局</emphasis>的配置。"
2191
2192
#: serverguide/C/web-servers.xml:77(para)
2193
msgid ""
2194
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2195
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2196
"serve content may add files, or symlinks, to this directory."
2197
msgstr ""
2198
2199
#: serverguide/C/web-servers.xml:83(para)
2200
msgid ""
2201
"<emphasis>envvars:</emphasis> file where Apache2 "
2202
"<emphasis>environment</emphasis> variables are set."
2203
msgstr ""
2204
"<emphasis> 环境变量设置: </emphasis> 文件下的 Apache2 <emphasis> 环境 </emphasis> 变量设置。"
2205
2206
#: serverguide/C/web-servers.xml:88(para)
2207
msgid ""
2208
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2209
"file, named after the <application>httpd</application> daemon. The file can "
2210
"be used for <emphasis>user specific</emphasis> configuration options that "
2211
"globally effect Apache2."
2212
msgstr ""
2213
"<emphasis>httpd.conf:</emphasis>以往主要的 Apache2 "
2214
"配置文件,以<application>httpd</application>守护进程来命名。该文件可用于<emphasis>用户手册<emphasis>在"
2215
"全局有效范围内 Aphache2 的配置选项。"
2216
2217
#: serverguide/C/web-servers.xml:95(para)
2218
msgid ""
2219
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2220
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2221
"modules will have specific configuration files, however."
2222
msgstr ""
2223
"<emphasis> mods-available: </emphasis> 该目录包含的配置文件都装载 <emphasis> 模块 "
2224
"</emphasis> 和设置它们。不管怎样并非所有模块都会有具体的配置文件。"
2225
2226
#: serverguide/C/web-servers.xml:101(para)
2227
msgid ""
2228
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2229
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2230
"configuration file is symlinked it will be enabled the next time "
2231
"<application>apache2</application> is restarted."
2232
msgstr ""
2233
"<emphasis>mods-enabled:</emphasis>保持<emphasis>符号链接</emphasis>文件在 "
2234
"<filename>/etc/apache2/mods-"
2235
"available</filename>。当一模块配置文件被设为符号连接后会在下一次<application>apache2</application>重"
2236
"启时激活。"
2237
2238
#: serverguide/C/web-servers.xml:108(para)
2239
msgid ""
2240
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2241
"TCP ports Apache2 is listening on."
2242
msgstr "<emphasis>ports.conf:</emphasis>房屋指示以确定 Apache2 正在监听哪些 TCP 端口。"
2243
2244
#: serverguide/C/web-servers.xml:113(para)
2245
msgid ""
2246
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2247
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2248
"to be configured for multiple sites that have separate configurations."
2249
msgstr ""
2250
2251
#: serverguide/C/web-servers.xml:119(para)
2252
msgid ""
2253
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2254
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2255
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2256
"a configuration file in sites-available is symlinked, the site configured by "
2257
"it will be active once Apache2 is restarted."
2258
msgstr ""
2259
2260
#: serverguide/C/web-servers.xml:127(para)
2261
msgid ""
2262
"In addition, other configuration files may be added using the "
2263
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2264
"many configuration files. Any directive may be placed in any of these "
2265
"configuration files. Changes to the main configuration files are only "
2266
"recognized by Apache2 when it is started or restarted."
2267
msgstr ""
2268
"除此之外,其他的配置文件可能会增加使用 <emphasis> 头文件 </emphasis> 指令, "
2269
"并和通配符用于包括许多配置文件。任何说明可放置于这些任意配置文件中。"
2270
2271
#: serverguide/C/web-servers.xml:136(para)
2272
msgid ""
2273
"The server also reads a file containing mime document types; the filename is "
2274
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2275
"<filename>/etc/mime.types</filename> by default."
2276
msgstr ""
2277
"服务器还能读取文件,包括 MIME 文件类型; 文件名由 <emphasis> TypesConfig </emphasis> 说明指定, 默认名为 "
2278
"<filename>/etc/mime.types</filename>"
2279
2280
#: serverguide/C/web-servers.xml:141(title)
2281
msgid "Basic Settings"
2282
msgstr "基本设置"
2283
2284
#: serverguide/C/web-servers.xml:142(para)
2285
msgid ""
2286
"This section explains Apache2 server essential configuration parameters. "
2287
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2288
"Documentation</ulink> for more details."
2289
msgstr ""
2290
"这一节讲述了Apache2服务器的基本配置参数。更详细的资料请查阅<ulink "
2291
"url=\"http://httpd.apache.org/docs/2.2/\">Apache2文档</ulink>"
2292
2293
#: serverguide/C/web-servers.xml:150(para)
2294
msgid ""
2295
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2296
"it is configured with a single default virtual host (using the "
2297
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2298
"if you have a single site, or used as a template for additional virtual "
2299
"hosts if you have multiple sites. If left alone, the default virtual host "
2300
"will serve as your default site, or the site users will see if the URL they "
2301
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2302
"your custom sites. To modify the default virtual host, edit the file "
2303
"<filename>/etc/apache2/sites-available/default</filename>."
2304
msgstr ""
2305
"Apache2以一个“虚拟主机友好”的默认配置来部署。也就是说,它以一个默认的虚拟主机(用<emphasis>VirtualHost</emphasis>"
2306
"指令)来配置。如果你只有一个站点,这个配置可以修改,也可以直接使用;或者如果你有多个站点,也可以把它当作模板来添加新的虚拟主机。如果不做改变的话,默认的虚"
2307
"拟主机将作为你的默认站点,否则站点用户将会看到他们所输入的URL是否没有匹配任何你的客户站点的<emphasis>ServerName</emphasis"
2308
">指令。要修改默认的虚拟主机,请编辑文件<filename>/etc/apache2/sites-"
2309
"available/default</filename>。"
2310
2311
#: serverguide/C/web-servers.xml:163(para)
2312
msgid ""
2313
"The directives set for a virtual host only apply to that particular virtual "
2314
"host. If a directive is set server-wide and not defined within the virtual "
2315
"host settings, the default setting is used. For example, you can define a "
2316
"Webmaster email address and not define individual email addresses for each "
2317
"virtual host."
2318
msgstr ""
2319
"虚拟主机的语句设置仅应用于特定的虚拟主机。如果一个语句在服务器范围中设置而没有在虚拟主机设置中定义,那么将使用缺省设置。例如,您可以定义网络管理员的邮件地"
2320
"址而无需为每个虚拟主机都分别定义邮件地址。"
2321
2322
#: serverguide/C/web-servers.xml:171(para)
2323
msgid ""
2324
"If you wish to configure a new virtual host or site, copy that file into the "
2325
"same directory with a name you choose. For example:"
2326
msgstr "如果您想设定一个新的虚拟主机或站点,请复制该文件到以您选择名称的同一目录下。例如:"
2327
2328
#: serverguide/C/web-servers.xml:177(command)
2329
msgid ""
2330
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2331
"available/mynewsite"
2332
msgstr ""
2333
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2334
"available/mynewsite"
2335
2336
#: serverguide/C/web-servers.xml:180(para)
2337
msgid ""
2338
"Edit the new file to configure the new site using some of the directives "
2339
"described below."
2340
msgstr "编辑新文件配置新的站点就要使用下列的一些指示说明。"
2341
2342
#: serverguide/C/web-servers.xml:187(para)
2343
msgid ""
2344
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2345
"to be advertised for the server's administrator. The default value is "
2346
"webmaster@localhost. This should be changed to an email address that is "
2347
"delivered to you (if you are the server's administrator). If your website "
2348
"has a problem, Apache2 will display an error message containing this email "
2349
"address to report the problem to. Find this directive in your site's "
2350
"configuration file in /etc/apache2/sites-available."
2351
msgstr ""
2352
"<emphasis>ServerAdmin</emphasis> 语句指定服务器管理员的邮件地址,缺省值是 "
2353
"webmaster@localhost。应该改成您的邮件地址 (如果您是服务器管理员的话)。如果您的网站有问题,Apache2 "
2354
"将显示包含该邮件地址的错误信息以便报告该问题。在 /etc/apache2/sites-available 目录中您网站的配置文件里可以找到该语句。"
2355
2356
#: serverguide/C/web-servers.xml:198(para)
2357
msgid ""
2358
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2359
"the IP address, Apache2 should listen on. If the IP address is not "
2360
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2361
"it runs on. The default value for the Listen directive is 80. Change this to "
2362
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2363
"that it will not be available to the Internet, to (for example) 81 to change "
2364
"the port that it listens on, or leave it as is for normal operation. This "
2365
"directive can be found and changed in its own file, "
2366
"<filename>/etc/apache2/ports.conf</filename>"
2367
msgstr ""
2368
"<emphasis>Listen</emphasis> 语句指定端口以及可选的 IP 地址,Apache2 将在其上监听。如果 IP "
2369
"地址没有被指定,Apache2 将监听所有指向其所运行机器上的 IP 地址。Listen 语句的缺省值是 80。把其改成 127.0.0.1:80 将使 "
2370
"Apache2 只在您的环回接口上临听以致于它相对于 Internet "
2371
"不可用。也可改变其监听端口如81,或保持原样以便正常操作。该语句可以在它自己的文件 <filename>/etc/apache2/ports.conf</"
2372
"filename> 中发现并修改。"
2373
2374
#: serverguide/C/web-servers.xml:211(para)
2375
msgid ""
2376
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2377
"FQDN your site should answer to. The default virtual host has no ServerName "
2378
"directive specified, so it will respond to all requests that do not match a "
2379
"ServerName directive in another virtual host. If you have just acquired the "
2380
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2381
"value of the ServerName directive in your virtual host configuration file "
2382
"should be ubunturocks.com. Add this directive to the new virtual host file "
2383
"you created earlier (<filename>/etc/apache2/sites-"
2384
"available/mynewsite</filename>)."
2385
msgstr ""
2386
"这<emphasis>服务器名</emphasis>指令是可选的,并且指定回答你站点的 FQDN "
2387
"。默认虚拟主机没有指定服务器指令。因此,它将会响应在另一虚拟主机不匹配服务器指令的所有请求。如果你仅取得 ubunturocks.com 域名并希望建立 "
2388
"Ubuntu 服务器,重要的是你要在虚拟主机配置文件里服务器指令应该设为 ubunturocks.com 。把这指令加到较早前你新创建的虚拟主机文件。"
2389
2390
#: serverguide/C/web-servers.xml:223(para)
2391
msgid ""
2392
"You may also want your site to respond to www.ubunturocks.com, since many "
2393
"users will assume the www prefix is appropriate. Use the "
2394
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2395
"wildcards in the ServerAlias directive."
2396
msgstr ""
2397
"可能还需要把您的站点来响应 www.ubunturocks.com ,因为许多用户会认定加上前缀 www "
2398
"是适当的。使用<emphasis>服务器别名</emphasis>指令来做这事。 可能需要在服务别名指令中使用通配符。"
2399
2400
#: serverguide/C/web-servers.xml:230(para)
2401
msgid ""
2402
"For example, the following configuration will cause your site to respond to "
2403
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2404
msgstr ""
2405
"比如,下一步的配置会引导您站点来响应在 <emphasis> .ubunturocks.com </emphasis> 的任意请求结束域。"
2406
2407
#: serverguide/C/web-servers.xml:236(programlisting)
2408
#, no-wrap
2409
msgid ""
2410
"\n"
2411
"ServerAlias *.ubunturocks.com\n"
2412
msgstr ""
2413
"\n"
2414
"服务器别名 *.ubunturocks.com\n"
2415
2416
#: serverguide/C/web-servers.xml:242(para)
2417
msgid ""
2418
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2419
"should look for the files that make up the site. The default value is "
2420
"/var/www. No site is configured there, but if you uncomment the "
2421
"<emphasis>RedirectMatch</emphasis> directive in "
2422
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2423
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2424
"this value in your site's virtual host file, and remember to create that "
2425
"directory if necessary!"
2426
msgstr ""
2427
2428
#: serverguide/C/web-servers.xml:254(para)
2429
msgid ""
2430
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2431
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2432
"enabled point to \"available\" sites."
2433
msgstr ""
2434
"/etc/apache2/sites-availabl 此目录<emphasis role=\"bold\">不是</emphasis>由 "
2435
"Apache2 解析。在/etc/apache2/sites-enabled符号链接指向 \"有效\" 站点。"
2436
2437
#: serverguide/C/web-servers.xml:260(para)
2438
msgid ""
2439
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2440
"<application>a2ensite</application> utility and restart Apache2:"
2441
msgstr ""
2442
2443
#: serverguide/C/web-servers.xml:266(command)
2444
msgid "sudo a2ensite mynewsite"
2445
msgstr "sudo a2ensite mynewsite"
2446
2447
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2448
msgid "sudo /etc/init.d/apache2 restart"
2449
msgstr "sudo /etc/init.d/apache2 restart"
2450
2451
#: serverguide/C/web-servers.xml:271(para)
2452
msgid ""
2453
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2454
"name for the VirtualHost. One method is to name the file after the "
2455
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2456
msgstr "确定为虚拟主机用广泛的名字来代替新站点。一种方法是以虚拟主机的 <emphasis> 服务器名 </emphasis> 指令来命名。"
2457
2458
#: serverguide/C/web-servers.xml:278(para)
2459
msgid ""
2460
"Similarly, use the <application>a2dissite</application> utility to disable "
2461
"sites. This is can be useful when troubleshooting configuration problems "
2462
"with multiple VirtualHosts:"
2463
msgstr ""
2464
"同样,使用 <application> a2dissite </application> "
2465
"功能来关闭站点。使用多个虚拟主机来为故障排除配置问题是非常有用的。"
2466
2467
#: serverguide/C/web-servers.xml:284(command)
2468
msgid "sudo a2dissite mynewsite"
2469
msgstr "sudo a2dissite mynewsite"
2470
2471
#: serverguide/C/web-servers.xml:290(title)
2472
msgid "Default Settings"
2473
msgstr "缺省设置"
2474
2475
#: serverguide/C/web-servers.xml:292(para)
2476
msgid ""
2477
"This section explains configuration of the Apache2 server default settings. "
2478
"For example, if you add a virtual host, the settings you configure for the "
2479
"virtual host take precedence for that virtual host. For a directive not "
2480
"defined within the virtual host settings, the default value is used."
2481
msgstr ""
2482
"这部分内容说明 Apache2 "
2483
"服务器缺省设置的配置。举个例子,如果您添加一个虚拟主机,您为该虚拟主机配置的设置将优先于缺省虚拟主机。如果在该虚拟主机的设置中有个语句没有定义,那么将使用"
2484
"缺省值。"
2485
2486
#: serverguide/C/web-servers.xml:304(para)
2487
msgid ""
2488
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2489
"server when a user requests an index of a directory by specifying a forward "
2490
"slash (/) at the end of the directory name."
2491
msgstr ""
2492
"当用户在目录名后使用斜杠 (/) 来请求一个目录索引时,The <emphasis>DirectoryIndex</emphasis> "
2493
"将通过服务器提供缺省页服务。"
2494
2495
#: serverguide/C/web-servers.xml:311(para)
2496
msgid ""
2497
"For example, when a user requests the page "
2498
"http://www.example.com/this_directory/, he or she will get either the "
2499
"DirectoryIndex page if it exists, a server-generated directory list if it "
2500
"does not and the Indexes option is specified, or a Permission Denied page if "
2501
"neither is true. The server will try to find one of the files listed in the "
2502
"DirectoryIndex directive and will return the first one it finds. If it does "
2503
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2504
"set for that directory, the server will generate and return a list, in HTML "
2505
"format, of the subdirectories and files in the directory. The default value, "
2506
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2507
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2508
"Apache2 finds a file in a requested directory matching any of these names, "
2509
"the first will be displayed."
2510
msgstr ""
2511
2512
#: serverguide/C/web-servers.xml:332(para)
2513
msgid ""
2514
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2515
"file for Apache2 to use for specific error events. For example, if a user "
2516
"requests a resource that does not exist, a 404 error will occur, and per "
2517
"Apache2's default configuration, the file "
2518
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2519
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2520
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2521
"redirects requests to the /error directory to "
2522
"<filename>/usr/share/apache2/error/</filename>."
2523
msgstr ""
2524
2525
#: serverguide/C/web-servers.xml:344(para)
2526
msgid ""
2527
"To see a list of the default ErrorDocument directives, use this command:"
2528
msgstr "使用此命令,可以看到默认的错误文档指令列表:"
2529
2530
#: serverguide/C/web-servers.xml:350(command)
2531
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2532
msgstr "grep ErrorDocument /etc/apache2/apache2.conf"
2533
2534
#: serverguide/C/web-servers.xml:355(para)
2535
msgid ""
2536
"By default, the server writes the transfer log to the file "
2537
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2538
"per-site basis in your virtual host configuration files with the "
2539
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2540
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2541
"specify the file to which errors are logged, via the "
2542
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2543
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2544
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2545
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2546
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2547
"/etc/apache2/apache2.conf</filename> for the default value)."
2548
msgstr ""
2549
"默认情况下,服务器写的传输日志到 <filename>/var/log/apache2/access.log</filename> "
2550
"文件中。您可以改变这种基于每个站点基本虚拟主机带有 <emphasis> 自定义日志 </emphasis> 指令的文件,或者省略它接受在 "
2551
"<filename> /etc/apache2/apache2.conf </filename> 的默认配置。同样您可以通过 <emphasis> "
2552
"错误日志 </emphasis> 指令指定已经登陆的错误文件,默认日志是 <filename> /var/log/apache2/error.log "
2553
"</filename>。这些都是从传输日志分开与您的 Apache2 来帮助解决的问题。"
2554
2555
#: serverguide/C/web-servers.xml:370(para)
2556
msgid ""
2557
"Some options are specified on a per-directory basis rather than per-server. "
2558
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2559
"is enclosed in XML-like tags, like so:"
2560
msgstr ""
2561
"由每个目录基础来决定一些选项,而不是每个服务器。<emphasis> 选项 </emphasis> 是这些指令的其中之一。一节目录就是封闭的 XML-"
2562
"like 标签,像这样:"
2563
2564
#: serverguide/C/web-servers.xml:376(programlisting)
2565
#, no-wrap
2566
msgid ""
2567
"\n"
2568
"<Directory /var/www/mynewsite>\n"
2569
"...\n"
2570
"</Directory>\n"
2571
msgstr ""
2572
"\n"
2573
"<Directory /var/www/mynewsite>\n"
2574
"...\n"
2575
"</Directory>\n"
2576
2577
#: serverguide/C/web-servers.xml:382(para)
2578
msgid ""
2579
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2580
"one or more of the following values (among others), separated by spaces:"
2581
msgstr "<emphasis> 选项 </emphasis> 指令在目录接收一个或多个值(除了其它之外),由空格所分隔:"
2582
2583
#: serverguide/C/web-servers.xml:394(para)
2584
msgid ""
2585
"Most files should not be executed as CGI scripts. This would be very "
2586
"dangerous. CGI scripts should kept in a directory separate from and outside "
2587
"your DocumentRoot, and only this directory should have the ExecCGI option "
2588
"set. This is the default, and the default location for CGI scripts is "
2589
"<filename>/usr/lib/cgi-bin</filename>."
2590
msgstr ""
2591
"许多文件都不应该做为 CGI 脚本所执行。这会非常危险。CGI 脚本应该单独保存在一目录里和你的外部启动文档所分开,只有这目录已经设置了 ExecCGI "
2592
"选项。CGI 脚本的默认位置是 <filename> /usr/lib/cgi-bin </filename>。"
2593
2594
#: serverguide/C/web-servers.xml:389(para)
2595
msgid ""
2596
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2597
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2598
msgstr ""
2599
"<emphasis role=\"bold\">ExecCGI</emphasis> - 允许执行 CGI 脚本。如果该选项没有设置,则 CGI "
2600
"脚本将不能执行。<placeholder-1/>"
2601
2602
#: serverguide/C/web-servers.xml:405(para)
2603
msgid ""
2604
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2605
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2606
"other files. This is not a common option. See <ulink "
2607
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2608
"HOWTO</ulink> for more information."
2609
msgstr ""
2610
"<emphasis role=\"bold\">Includes</emphasis> - 允许服务器端的包含。 服务器端包括允许 HTML 文件 "
2611
"<emphasis> 包含</emphasis> 其它文件,这并不是常用选项,详情请查看 <ulink "
2612
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2613
"HOWTO</ulink>。"
2614
2615
#: serverguide/C/web-servers.xml:414(para)
2616
msgid ""
2617
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2618
"includes, but disable the <emphasis>#exec</emphasis> and "
2619
"<emphasis>#include</emphasis> commands in CGI scripts."
2620
msgstr ""
2621
"允许服务端包含 <emphasis role=\"bold\"> IncludesNOEXEC </emphasis>,但要在 CGI 脚本里禁用 "
2622
"<emphasis> #exec </emphasis> 和 <emphasis>#include</emphasis> 命令。"
2623
2624
#: serverguide/C/web-servers.xml:426(para)
2625
msgid ""
2626
"For security reasons, this should usually not be set, and certainly should "
2627
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2628
"per-directory basis only if you are certain you want users to see the entire "
2629
"contents of the directory."
2630
msgstr ""
2631
"出于安全考虑,这个通常不会设置,无疑也不应在您 DocumentRoot "
2632
"目录中设置。只有在您确定您希望用户看到目录的整个内容时请小心地基于每个目录启用该选项。"
2633
2634
#: serverguide/C/web-servers.xml:421(para)
2635
msgid ""
2636
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2637
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2638
"index.html) exists in the requested directory. <placeholder-1/>"
2639
msgstr ""
2640
"<emphasis role=\"bold\">Indexes</emphasis> - 显示一个按特定格式的文件目录,如果被请求的目录中 "
2641
"<emphasis>DirectoryIndex</emphasis> (比如index.html)不存在 。<placeholder-1/>"
2642
2643
#: serverguide/C/web-servers.xml:436(para)
2644
msgid ""
2645
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2646
"multiviews; this option is disabled by default for security reasons. See the "
2647
"<ulink "
2648
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2649
"Apache2 documentation on this option</ulink>."
2650
msgstr ""
2651
"<emphasis role=\"bold\">Multiview</emphasis> - 支持内容协商多视图,出于安全原因,该选项默认是被禁止的。 "
2652
"请参考 <ulink "
2653
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2654
"Apache2 关于该选项的文档</ulink>。"
2655
2656
#: serverguide/C/web-servers.xml:444(para)
2657
msgid ""
2658
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2659
"symbolic links if the target file or directory has the same owner as the "
2660
"link."
2661
msgstr ""
2662
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - "
2663
"仅在软连接与其目的文件或目录拥有相同所有者时才使用。"
2664
2665
#: serverguide/C/web-servers.xml:456(title)
2666
msgid "httpd Settings"
2667
msgstr "httpd 设置"
2668
2669
#: serverguide/C/web-servers.xml:458(para)
2670
msgid ""
2671
"This section explains some basic <application>httpd</application> daemon "
2672
"configuration settings."
2673
msgstr "本节说明了一些基本的 <application> httpd </application> 守护进程的配置设置。"
2674
2675
#: serverguide/C/web-servers.xml:462(para)
2676
msgid ""
2677
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2678
"the path to the lockfile used when the server is compiled with either "
2679
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2680
"stored on the local disk. It should be left to the default value unless the "
2681
"logs directory is located on an NFS share. If this is the case, the default "
2682
"value should be changed to a location on the local disk and to a directory "
2683
"that is readable only by root."
2684
msgstr ""
2685
"<emphasis role=\"bold\">LockFile</emphasis> - 当服务器编译时使用了 "
2686
"USE_FCNTL_SERIALIZED_ACCEPT 或 USE_FLOCK_SERIALIZED_ACCEPT 参数时,使用 LockFile "
2687
"语句来设置 lockfile 的路径。它必须保存在本地磁盘上,它应该设置成缺省值,除非日志目录被定位在 NFS "
2688
"共享上。如果是这种情况,缺省值应该被改为本地磁盘的位置并且其目录只对 root 用户可读。"
2689
2690
#: serverguide/C/web-servers.xml:471(para)
2691
msgid ""
2692
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2693
"file in which the server records its process ID (pid). This file should only "
2694
"be readable by root. In most cases, it should be left to the default value."
2695
msgstr ""
2696
"<emphasis role=\"bold\">PidFile</emphasis> - PidFile 语句设置服务器记录其进程 ID (pid) "
2697
"的文件。该文件只对 root 用户可读。在大多数情况下,应该保留其缺省值。"
2698
2699
#: serverguide/C/web-servers.xml:477(para)
2700
msgid ""
2701
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2702
"used by the server to answer requests. This setting determines the server's "
2703
"access. Any files inaccessible to this user will also be inaccessible to "
2704
"your website's visitors. The default value for User is www-data."
2705
msgstr ""
2706
"<emphasis role=\"bold\">User</emphasis> - User 语句设置被服务器用于回应请求的用户 "
2707
"ID。该设置决定服务器的权限。任何该用户无法访问的文件也无法被您网站的访问者访问。用户缺省值是 www-data。"
2708
2709
#: serverguide/C/web-servers.xml:484(para)
2710
msgid ""
2711
"Unless you know exactly what you are doing, do not set the User directive to "
2712
"root. Using root as the User will create large security holes for your Web "
2713
"server."
2714
msgstr ""
2715
"除非您的确知道您在做什么,否则请不要将 User 设为 root 用户。用 root 作为 User 的值将会在您的 Web 服务器中产生极大的安全漏洞。"
2716
2717
#: serverguide/C/web-servers.xml:490(para)
2718
msgid ""
2719
"The Group directive is similar to the User directive. Group sets the group "
2720
"under which the server will answer requests. The default group is also www-"
2721
"data."
2722
msgstr "Group 语句同 User 语句相似。Group 设置被服务器用于回应请求的用户组。缺省的组也是 www-data。"
2723
2724
#: serverguide/C/web-servers.xml:496(title)
2725
msgid "Apache2 Modules"
2726
msgstr ""
2727
2728
#: serverguide/C/web-servers.xml:498(para)
2729
msgid ""
2730
"Apache2 is a modular server. This implies that only the most basic "
2731
"functionality is included in the core server. Extended features are "
2732
"available through modules which can be loaded into Apache2. By default, a "
2733
"base set of modules is included in the server at compile-time. If the server "
2734
"is compiled to use dynamically loaded modules, then modules can be compiled "
2735
"separately, and added at any time using the LoadModule directive. Otherwise, "
2736
"Apache2 must be recompiled to add or remove modules."
2737
msgstr ""
2738
2739
#: serverguide/C/web-servers.xml:510(para)
2740
msgid ""
2741
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2742
"Configuration directives may be conditionally included on the presence of a "
2743
"particular module by enclosing them in an "
2744
"<emphasis><IfModule></emphasis> block."
2745
msgstr ""
2746
"Ubuntu把Apache2编译成可以动态加载模块的形式。配置命令可以通过包含在<emphasis><IfModule></emphasis>"
2747
"块中的方式包含到某个模块中。"
2748
2749
#: serverguide/C/web-servers.xml:517(para)
2750
msgid ""
2751
"You can install additional Apache2 modules and use them with your Web "
2752
"server. For example, run the following command from a terminal prompt to "
2753
"install the <emphasis>MySQL Authentication</emphasis> module:"
2754
msgstr ""
2755
"您可以安装额外的 Apache2 模块,并和您的 Web 服务器使用这些模块。例如,运行以下终端提示的命令来安装 <emphasis>MySQL "
2756
"认证</emphasis> 模块:"
2757
2758
#: serverguide/C/web-servers.xml:524(command)
2759
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2760
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2761
2762
#: serverguide/C/web-servers.xml:527(para)
2763
msgid ""
2764
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2765
"additional modules."
2766
msgstr "请浏览 <filename>/etc/apache2/mods-available</filename> 目录,能提供更多的模块。"
2767
2768
#: serverguide/C/web-servers.xml:531(para)
2769
msgid ""
2770
"Use the <application>a2enmod</application> utility to enable a module:"
2771
msgstr "使用 <application>a2enmod</application> 功能来激活模块:"
2772
2773
#: serverguide/C/web-servers.xml:537(command)
2774
msgid "sudo a2enmod auth_mysql"
2775
msgstr "sudo a2enmod auth_mysql"
2776
2777
#: serverguide/C/web-servers.xml:541(para)
2778
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2779
msgstr "同样的,<application>a2dismod</application> 将禁用模块。"
2780
2781
#: serverguide/C/web-servers.xml:546(command)
2782
msgid "sudo a2dismod auth_mysql"
2783
msgstr "sudo a2dismod auth_mysql"
2784
2785
#: serverguide/C/web-servers.xml:553(title)
2786
msgid "HTTPS Configuration"
2787
msgstr "HTTPS 配置"
2788
2789
#: serverguide/C/web-servers.xml:555(para)
2790
msgid ""
2791
"The <application>mod_ssl</application> module adds an important feature to "
2792
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2793
"browser is communicating using SSL, the https:// prefix is used at the "
2794
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2795
"bar."
2796
msgstr ""
2797
"<application>mod_ssl</application>模块为Apache2服务器提供了一个重要特性 - 对传送内容的加密功能。因此, "
2798
"当您使用SSL浏览信息的时候,即导航栏中有https:// 前缀的情况。"
2799
2800
#: serverguide/C/web-servers.xml:564(para)
2801
msgid ""
2802
"The <application>mod_ssl</application> module is available in "
2803
"<application>apache2-common</application> package. Execute the following "
2804
"command from a terminal prompt to enable the "
2805
"<application>mod_ssl</application> module:"
2806
msgstr ""
2807
"软件包 <application>apache2-common</application> 中包含了 "
2808
"<application>mod_ssl</application> 模块。 在终端命令行中输入如下命令以使用 "
2809
"<application>mod_ssl</application> 模块:"
2810
2811
#: serverguide/C/web-servers.xml:571(command)
2812
msgid "sudo a2enmod ssl"
2813
msgstr "sudo a2enmod ssl"
2814
2815
#: serverguide/C/web-servers.xml:574(para)
2816
msgid ""
2817
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2818
"available/default-ssl</filename>. In order for "
2819
"<application>Apache2</application> to provide HTTPS, a "
2820
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2821
"needed. The default HTTPS configuration will use a certificate and key "
2822
"generated by the <application>ssl-cert</application> package. They are good "
2823
"for testing, but the auto-generated certificate and key should be replaced "
2824
"by a certificate specific to the site or server. For information on "
2825
"generating a key and obtaining a certificate see <xref "
2826
"linkend=\"certificates-and-security\"/>"
2827
msgstr ""
2828
2829
#: serverguide/C/web-servers.xml:584(para)
2830
msgid ""
2831
"To configure <application>Apache2</application> for HTTPS, enter the "
2832
"following:"
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:589(command)
2836
msgid "sudo a2ensite default-ssl"
2837
msgstr "sudo a2ensite default-ssl"
2838
2839
#: serverguide/C/web-servers.xml:593(para)
2840
msgid ""
2841
"The directories <filename>/etc/ssl/certs</filename> and "
2842
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2843
"install the certificate and key in another directory make sure to change "
2844
"<emphasis>SSLCertificateFile</emphasis> and "
2845
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2846
msgstr ""
2847
"目录 <filename>/etc/ssl/certs</filename> 和 "
2848
"<filename>/etc/ssl/private</filename> 是默认的安全区域.如果您要把证书和密钥安装到其他的目录下,请确认更改了 "
2849
"<emphasis>SSLCertificateFile</emphasis> 和 "
2850
"<emphasis>SSLCertificateKeyFile</emphasis> 的配置。"
2851
2852
#: serverguide/C/web-servers.xml:600(para)
2853
msgid ""
2854
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2855
"settings:"
2856
msgstr ""
2857
2858
#: serverguide/C/web-servers.xml:611(para)
2859
msgid ""
2860
"Depending on how you obtained your certificate you may need to enter a "
2861
"passphrase when <application>Apache2</application> starts."
2862
msgstr ""
2863
2864
#: serverguide/C/web-servers.xml:617(para)
2865
msgid ""
2866
"You can access the secure server pages by typing https://your_hostname/url/ "
2867
"in your browser address bar."
2868
msgstr "你可通过在浏览器地址栏输入https://your_hostname/url/来进入安装服务器页面。"
2869
2870
#: serverguide/C/web-servers.xml:628(para)
2871
msgid ""
2872
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2873
"Documentation</ulink> contains in depth information on Apache2 configuration "
2874
"directives. Also, see the <application>apache2-doc</application> package for "
2875
"the official Apache2 docs."
2876
msgstr ""
2877
"<ulink url=\"http://httpd.apache.org/docs/2.2/\"> Apache2 文档</ulink>包含 "
2878
"Apache2 配置指令更深层的信息。同样也可参考官方 Apache2 docs 文档<application>apache2-"
2879
"doc</application>包。"
2880
2881
#: serverguide/C/web-servers.xml:635(para)
2882
msgid ""
2883
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2884
"Documentation</ulink> site for more SSL related information."
2885
msgstr ""
2886
"请浏览 <ulink url=\"http://www.modssl.org/docs/\">Mod SSL 文件</ulink>站点可以查到更多的 "
2887
"SSL 相关信息。"
2888
2889
#: serverguide/C/web-servers.xml:641(para)
2890
msgid ""
2891
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2892
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2893
"configurations."
2894
msgstr ""
2895
"奥赖利的 <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2896
"菜谱</ulink> 是个能完成特定 Apache2 配置的好资料。"
2897
2898
#: serverguide/C/web-servers.xml:647(para)
2899
msgid ""
2900
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2901
"server</emphasis> IRC channel on <ulink "
2902
"url=\"http://freenode.net/\">freenode.net</ulink>."
2903
msgstr ""
2904
"和 Ubuntu 有关 Apache2 的更多问题,请访问在 <ulink "
2905
"url=\"http://freenode.net/\">freenode.net</ulink> 的 <emphasis>#ubuntu-"
2906
"server</emphasis> IRC 频道。"
2907
2908
#: serverguide/C/web-servers.xml:653(para)
2909
msgid ""
2910
"Usually integrated with PHP and MySQL the <ulink "
2911
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2912
"Ubuntu Wiki </ulink> page is a good resource."
2913
msgstr ""
2914
2915
#: serverguide/C/web-servers.xml:664(title)
2916
msgid "PHP5 - Scripting Language"
2917
msgstr "PHP5 - 脚本语言"
2918
2919
#: serverguide/C/web-servers.xml:665(para)
2920
msgid ""
2921
"PHP is a general-purpose scripting language suited for Web development. The "
2922
"PHP script can be embedded into HTML. This section explains how to install "
2923
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2924
msgstr ""
2925
"PHP 是一种适合 Web 开发的通用脚本语言。PHP 脚本可以被嵌入 HTML 之中。本节解释了如何在已有 Apache2 和 MySQL 的 "
2926
"Ubuntu 系统中安装和配置 PHP5。"
2927
2928
#: serverguide/C/web-servers.xml:669(para)
2929
msgid ""
2930
"This section assumes you have installed and configured Apache2 Web Server "
2931
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2932
"sections in this document to install and configure Apache2 and MySQL "
2933
"respectively."
2934
msgstr ""
2935
2936
#: serverguide/C/web-servers.xml:676(para)
2937
msgid "The PHP5 is available in Ubuntu Linux."
2938
msgstr "Ubuntu Linux 中可以使用 PHP5。"
2939
2940
#: serverguide/C/web-servers.xml:678(para)
2941
msgid ""
2942
"To install PHP5 you can enter the following command in the terminal prompt: "
2943
"<screen>\n"
2944
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2945
"</screen>"
2946
msgstr ""
2947
"您可以通过在终端中输入以下命令来安装PHP5: <screen>\n"
2948
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2949
"</screen>"
2950
2951
#: serverguide/C/web-servers.xml:687(para)
2952
msgid ""
2953
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2954
"line you should install <application>php5-cli</application> package. To "
2955
"install <application>php5-cli</application> you can enter the following "
2956
"command in the terminal prompt: <screen>\n"
2957
"<command>sudo apt-get install php5-cli</command>\n"
2958
"</screen>"
2959
msgstr ""
2960
"您可从命令行运行 PHP5 脚本。要在命令行下运行 PHP5 脚本,您应当安装 <application>php5-cli</application> "
2961
"软件包。要安装<application>php5-cli</application>您可在终端提示符中输入如下命令:<screen>\n"
2962
"<command>sudo apt-get install php5-cli</command>\n"
2963
"</screen>"
2964
2965
#: serverguide/C/web-servers.xml:696(para)
2966
msgid ""
2967
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2968
"accomplish this, you should install <application>php5-cgi</application> "
2969
"package. You can run the following command in a terminal prompt to install "
2970
"<application>php5-cgi</application> package: <screen>\n"
2971
"<command>sudo apt-get install php5-cgi</command>\n"
2972
"</screen>"
2973
msgstr ""
2974
"您也可以在不安装PHP5的Apache组件的前提下执行PHP5脚本。要实现这个,您应当安装 <application>php5-"
2975
"cgi</application> 软件包。您可您可在终端提示符中运行如下命令来安装 <application>php5-"
2976
"cgi</application> 软件包:<screen>\n"
2977
"<command>sudo apt-get install php5-cgi</command>\n"
2978
"</screen>"
2979
2980
#: serverguide/C/web-servers.xml:706(para)
2981
msgid ""
2982
"To use <application>MySQL</application> with PHP5 you should install "
2983
"<application>php5-mysql</application> package. To install <application>php5-"
2984
"mysql</application> you can enter the following command in the terminal "
2985
"prompt: <screen>\n"
2986
"<command>sudo apt-get install php5-mysql</command>\n"
2987
"</screen>"
2988
msgstr ""
2989
"若想通过 PHP5 使用 MySQL,您需要安装 <application>php5-mysql</application> "
2990
"包。您可以在终端输入如下命令来安装 <application>php5-mysql</application>:<screen>\n"
2991
"<command>sudo apt-get install php5-mysql</command>\n"
2992
"</screen>"
2993
2994
#: serverguide/C/web-servers.xml:714(para)
2995
msgid ""
2996
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2997
"install <application>php5-pgsql</application> package. To install "
2998
"<application>php5-pgsql</application> you can enter the following command in "
2999
"the terminal prompt: <screen>\n"
3000
"<command>sudo apt-get install php5-pgsql</command>\n"
3001
"</screen>"
3002
msgstr ""
3003
"类似的,若想通过 PHP5 使用 PostgreSQL,您需要安装 <application>php5-pgsql</application> "
3004
"包。您可以在终端输入如下命令来安装 <application>php5-pgsql</application>:<screen>\n"
3005
"<command>sudo apt-get install php5-pgsql</command>\n"
3006
"</screen>"
3007
3008
#: serverguide/C/web-servers.xml:727(para)
3009
msgid ""
3010
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3011
"you have installed <application>php5-cli</application> package, you can run "
3012
"PHP5 scripts from your command prompt."
3013
msgstr ""
3014
"当你安装了PHP5后,你就可以在你的浏览器里运行PHP5脚本了。而且,如果你也安装了<application>php5-"
3015
"cli</application>软件包,你就可以在命令提示符下运行PHP5脚本了。"
3016
3017
#: serverguide/C/web-servers.xml:734(para)
3018
msgid ""
3019
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3020
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3021
"when you install the module. Please verify if the files "
3022
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3023
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3024
"not exists, you can enable the module using <command>a2enmod</command> "
3025
"command."
3026
msgstr ""
3027
"Apache 2 Web 服务器被默认配置为运行 PHP5 脚本。换句话说,在您安装了 PHP5 模块之后其就被自动在 Apache 2 Web "
3028
"服务器中加载了。请确认 <filename>/etc/apache2/mods-enabled/php5.conf</filename> 文件和 "
3029
"<filename>/etc/apache2/mods-enabled/php5.load</filename> "
3030
"文件是否存在。如果它们不存在的话,您可以使用 <command>a2enmod</command> 命令来加载模块。"
3031
3032
#: serverguide/C/web-servers.xml:745(para)
3033
msgid ""
3034
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3035
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3036
"following command at a terminal prompt to restart your web server: "
3037
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3038
msgstr ""
3039
"一旦您安装了 PHP5 相关的包并加载了 PHP5 的 Apache 2 模块,您应当重启 Apache2 Web 服务器以便运行 PHP5 "
3040
"脚本。您可以在终端输入以下命令来重启您的 web 服务器:<screen><command>sudo /etc/init.d/apache2 "
3041
"restart</command> </screen>"
3042
3043
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3044
msgid "Testing"
3045
msgstr "测试"
3046
3047
#: serverguide/C/web-servers.xml:754(para)
3048
msgid ""
3049
"To verify your installation, you can run following PHP5 phpinfo script:"
3050
msgstr "您可以运行如下的 PHP5 phpinfo 脚本来验证您的安装:"
3051
3052
#: serverguide/C/web-servers.xml:757(programlisting)
3053
#, no-wrap
3054
msgid ""
3055
"\n"
3056
"<?php\n"
3057
" phpinfo();\n"
3058
"?>\n"
3059
msgstr ""
3060
"\n"
3061
"<?php\n"
3062
" phpinfo();\n"
3063
"?>\n"
3064
3065
#: serverguide/C/web-servers.xml:762(para)
3066
msgid ""
3067
"You can save the content in a file <filename>phpinfo.php</filename> and "
3068
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3069
"server. When point your browser to "
3070
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3071
"various PHP5 configuration parameters."
3072
msgstr ""
3073
"您可以将此内容保存在一个 <filename>phpinfo.php</filename> 文件中并将其放在 Apache2 Web 服务器的 "
3074
"<command>DocumentRoot</command> 目录下。当把您的浏览器指向 "
3075
"<filename>http://hostname/phpinfo.php</filename> 后,将会显示 PHP5 的各种配置参数的值。"
3076
3077
#: serverguide/C/web-servers.xml:776(para)
3078
msgid ""
3079
"For more in depth information see <ulink "
3080
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3081
msgstr ""
3082
"更多的高级应用资料请访问<ulink url=\"http://www.php.net/docs.php\">php.net</ulink> 文档。"
3083
3084
#: serverguide/C/web-servers.xml:781(para)
3085
msgid ""
3086
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3087
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3088
"5</ulink> and the <ulink "
3089
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3090
msgstr ""
3091
"有很多关于 PHP 的书籍。推荐两本奥赖利的书是<ulink "
3092
"url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3093
"5</ulink>和<ulink url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook "
3094
"Book</ulink>。"
3095
3096
#: serverguide/C/web-servers.xml:788(para)
3097
msgid ""
3098
"Also, see the <ulink "
3099
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3100
"Ubuntu Wiki</ulink> page for more information."
3101
msgstr ""
3102
3103
#: serverguide/C/web-servers.xml:799(title)
3104
msgid "Squid - Proxy Server"
3105
msgstr "Squid - 代理服务器"
3106
3107
#: serverguide/C/web-servers.xml:800(para)
3108
msgid ""
3109
"Squid is a full-featured web proxy cache server application which provides "
3110
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3111
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3112
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3113
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3114
"caching. Squid also supports a wide variety of caching protocols, such as "
3115
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3116
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3117
"Protocol. (WCCP)"
3118
msgstr ""
3119
"Squid 是一个全功能的 web 代理与缓存服务器应用程序,它为超文本传输协议 (HTTP)、文件传输协议 (FTP) "
3120
"以及其他流行网络协议提供代理和缓存服务。Squid 可以实现安全套接层 (SSL) 请求的缓存和代理、域名服务器 (DNS) "
3121
"的缓存以及进行传输缓存。Squid 也支持大量不同的缓存协议,如 Internet 缓存协议 (ICP)、超文本缓存协议 (HTCP)、缓存阵列路由协议 "
3122
"(CARP) 以及 Web 缓存协同协议 (WCCP)。"
3123
3124
#: serverguide/C/web-servers.xml:808(para)
3125
msgid ""
3126
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3127
"and caching server needs, and scales from the branch office to enterprise "
3128
"level networks while providing extensive, granular access control mechanisms "
3129
"and monitoring of critical parameters via the Simple Network Management "
3130
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3131
"Squid proxy, or caching servers, ensure your system is configured with a "
3132
"large amount of physical memory, as Squid maintains an in-memory cache for "
3133
"increased performance."
3134
msgstr ""
3135
"Squid "
3136
"代理缓存服务器对于不同的代理和缓存服务器需求来说是一个极好的解决方案,它适用于从分支机构到企业级的网络,访问控制机制的粒度以及通过简单网络管理协议 "
3137
"(SNMP) 对临界参数的监视。当选择计算机系统用于 Squid 代理或缓存服务器时,请确保您的系统配置大量的物理内存以便 Squid "
3138
"可以使用内存进行缓存以提高性能。"
3139
3140
#: serverguide/C/web-servers.xml:817(para)
3141
msgid ""
3142
"At a terminal prompt, enter the following command to install the Squid "
3143
"server:"
3144
msgstr "在终端提示符后输入下列命令安装 Squid 服务器:"
3145
3146
#: serverguide/C/web-servers.xml:822(command)
3147
msgid "sudo apt-get install squid"
3148
msgstr "sudo apt-get install squid"
3149
3150
#: serverguide/C/web-servers.xml:828(para)
3151
msgid ""
3152
"Squid is configured by editing the directives contained within the "
3153
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3154
"examples illustrate some of the directives which may be modified to affect "
3155
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3156
"see the References section."
3157
msgstr ""
3158
"Squid 可以通过编辑在 <filename>/etc/squid/squid.conf</filename> "
3159
"配置文件中的语句来进行配置。下面的范例说明一些语句的修改可能对 Squid 服务器的影响。更多 Squid 的配置可以参阅参考章节。"
3160
3161
#: serverguide/C/web-servers.xml:834(para)
3162
msgid ""
3163
"Prior to editing the configuration file, you should make a copy of the "
3164
"original file and protect it from writing so you will have the original "
3165
"settings as a reference, and to re-use as necessary."
3166
msgstr "在编辑配置文件之前,您应该生成一份原始文件副本并对其进行写保护,以便您可以将原始文件作为参考并在必要时重用它。"
3167
3168
#: serverguide/C/web-servers.xml:837(para)
3169
msgid ""
3170
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3171
"writing with the following commands entered at a terminal prompt:"
3172
msgstr ""
3173
"要拷贝 <filename>/etc/squid/squid.conf</filename> 文件并对其进行写保护,可以在终端提示符后使用以下命令:"
3174
3175
#: serverguide/C/web-servers.xml:842(command)
3176
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3177
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3178
3179
#: serverguide/C/web-servers.xml:843(command)
3180
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3181
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3182
3183
#: serverguide/C/web-servers.xml:849(para)
3184
msgid ""
3185
"To set your Squid server to listen on TCP port 8888 instead of the default "
3186
"TCP port 3128, change the http_port directive as such:"
3187
msgstr ""
3188
"要将您的 Squid 服务器监听 TCP 端口 8888 以代替缺省的 TCP 端口 3128,可以如下所示修改 http_port 语句:"
3189
3190
#: serverguide/C/web-servers.xml:853(programlisting)
3191
#, no-wrap
3192
msgid ""
3193
"\n"
3194
"http_port 8888\n"
3195
msgstr ""
3196
"\n"
3197
"http_port 8888\n"
3198
3199
#: serverguide/C/web-servers.xml:858(para)
3200
msgid ""
3201
"Change the visible_hostname directive in order to give the Squid server a "
3202
"specific hostname. This hostname does not necessarily need to be the "
3203
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3204
msgstr ""
3205
"改变 visible_hostname 语句是为了给 Squid 服务器一个特定的主机名。该主机名并必是计算机的主机名。在本范例中它被设为 "
3206
"<emphasis>weezie</emphasis>。"
3207
3208
#: serverguide/C/web-servers.xml:862(programlisting)
3209
#, no-wrap
3210
msgid ""
3211
"\n"
3212
"visible_hostname weezie\n"
3213
msgstr ""
3214
"\n"
3215
"visible_hostname weezie\n"
3216
3217
#: serverguide/C/web-servers.xml:867(para)
3218
msgid ""
3219
"Using Squid's access control, you may configure use of Internet services "
3220
"proxied by Squid to be available only users with certain Internet Protocol "
3221
"(IP) addresses. For example, we will illustrate access by users of the "
3222
"192.168.42.0/24 subnetwork only:"
3223
msgstr ""
3224
3225
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3226
msgid ""
3227
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3228
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3229
msgstr ""
3230
"将下列语句添加到您 <filename>/etc/squid/squid.conf</filename> 文件 ACL 部分的 <emphasis "
3231
"role=\"bold\">底部</emphasis>:"
3232
3233
#: serverguide/C/web-servers.xml:875(programlisting)
3234
#, no-wrap
3235
msgid ""
3236
"\n"
3237
"acl fortytwo_network src 192.168.42.0/24\n"
3238
msgstr ""
3239
"\n"
3240
"acl fortytwo_network src 192.168.42.0/24\n"
3241
3242
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3243
msgid ""
3244
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3245
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3246
msgstr ""
3247
"然后添加下列语句到你 <filename>/etc/squid/squid.conf</filename> 文件 http_access 部分的 "
3248
"<emphasis role=\"bold\">顶部</emphasis>:"
3249
3250
#: serverguide/C/web-servers.xml:882(programlisting)
3251
#, no-wrap
3252
msgid ""
3253
"\n"
3254
"http_access allow fortytwo_network\n"
3255
msgstr ""
3256
"\n"
3257
"http_access allow fortytwo_network\n"
3258
3259
#: serverguide/C/web-servers.xml:887(para)
3260
msgid ""
3261
"Using the excellent access control features of Squid, you may configure use "
3262
"of Internet services proxied by Squid to be available only during normal "
3263
"business hours. For example, we'll illustrate access by employees of a "
3264
"business which is operating between 9:00AM and 5:00PM, Monday through "
3265
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3266
msgstr ""
3267
"使用 Squid 卓越的访问控制功能,您可以通过 Squid 代理将 Internet "
3268
"服务配置成仅限于在正常商务时间使用。例如,我们将举例说明只允许来自 10.1.42.0/24 子网的商务雇员在周一到周五的上午 9:00 到 下午 "
3269
"5:00 时间段内访问:"
3270
3271
#: serverguide/C/web-servers.xml:895(programlisting)
3272
#, no-wrap
3273
msgid ""
3274
"\n"
3275
"acl biz_network src 10.1.42.0/24\n"
3276
"acl biz_hours time M T W T F 9:00-17:00\n"
3277
msgstr ""
3278
"\n"
3279
"acl biz_network src 10.1.42.0/24\n"
3280
"acl biz_hours time M T W T F 9:00-17:00\n"
3281
3282
#: serverguide/C/web-servers.xml:903(programlisting)
3283
#, no-wrap
3284
msgid ""
3285
"\n"
3286
"http_access allow biz_network biz_hours\n"
3287
msgstr ""
3288
"\n"
3289
"http_access allow biz_network biz_hours\n"
3290
3291
#: serverguide/C/web-servers.xml:910(para)
3292
msgid ""
3293
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3294
"save the file and restart the <application>squid</application> server "
3295
"application to effect the changes using the following command entered at a "
3296
"terminal prompt:"
3297
msgstr ""
3298
"在修改 <filename>/etc/squid/squid.conf</filename> 文件后,保存该文件并重启 "
3299
"<application>squid</application> 服务器应用程序以使改动生效。可以在终端提示符后使用下列命令:"
3300
3301
#: serverguide/C/web-servers.xml:917(command)
3302
msgid "sudo /etc/init.d/squid restart"
3303
msgstr "sudo /etc/init.d/squid restart"
3304
3305
#: serverguide/C/web-servers.xml:924(ulink)
3306
msgid "Squid Website"
3307
msgstr "Squid 网站"
3308
3309
#: serverguide/C/web-servers.xml:926(para)
3310
msgid ""
3311
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3312
"Squid</ulink> page."
3313
msgstr ""
3314
3315
#: serverguide/C/web-servers.xml:933(title)
3316
msgid "Ruby on Rails"
3317
msgstr "Ruby on Rails"
3318
3319
#: serverguide/C/web-servers.xml:934(para)
3320
msgid ""
3321
"Ruby on Rails is an open source web framework for developing database backed "
3322
"web applications. It is optimized for sustainable productivity of the "
3323
"programmer since it lets the programmer to write code by favouring "
3324
"convention over configuration."
3325
msgstr ""
3326
"Ruby on Rails 是一个用于开发以数据库为后台的 web 应用程序的开源 web "
3327
"框架。其为发挥程序员持久的生产力而优化,因为它能让程序员通过有益的约定而不是配置来编写代码。"
3328
3329
#: serverguide/C/web-servers.xml:941(para)
3330
msgid ""
3331
"Before installing <application>Rails</application> you should install "
3332
"<application>Apache</application> and <application>MySQL</application>. To "
3333
"install the <application>Apache</application> package, please refer to <xref "
3334
"linkend=\"httpd\"/>. For instructions on installing "
3335
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3336
msgstr ""
3337
"在安装<application>Rails</application> 之前你应该安装<application>Apache</application> "
3338
"和 <application>MySQL</application>。关于<application>Apache</application> "
3339
"软件包的安装, 请参考<xref linkend=\"httpd\"/>。关于 <application>MySQL</application>则请参考 "
3340
"<xref linkend=\"mysql\"/>。"
3341
3342
#: serverguide/C/web-servers.xml:949(para)
3343
msgid ""
3344
"Once you have <application>Apache</application> and "
3345
"<application>MySQL</application> packages installed, you are ready to "
3346
"install <application>Ruby on Rails</application> package."
3347
msgstr ""
3348
"当你安装好了<application>Apache</application>和<application>MySQL</application>,你就可以"
3349
"安装<application>Ruby on Rails</application>软件包了。"
3350
3351
#: serverguide/C/web-servers.xml:956(para)
3352
msgid ""
3353
"To install the <application>Ruby</application> base packages and "
3354
"<application>Ruby on Rails</application>, you can enter the following "
3355
"command in the terminal prompt:"
3356
msgstr ""
3357
"要安装<application>Ruby</application>基础包和<application>Ruby on "
3358
"Rails</application>,你可以在终端输入如下命令:"
3359
3360
#: serverguide/C/web-servers.xml:962(command)
3361
msgid "sudo apt-get install rails"
3362
msgstr "sudo apt-get install rails"
3363
3364
#: serverguide/C/web-servers.xml:968(para)
3365
msgid ""
3366
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3367
"configuration file to setup your domains."
3368
msgstr ""
3369
"修改配置文件<filename>/etc/apache2/sites-available/default</filename>以建立起你的域名。"
3370
3371
#: serverguide/C/web-servers.xml:972(para)
3372
msgid ""
3373
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3374
msgstr "首先改变的是<emphasis>DocumentRoot</emphasis>指令:"
3375
3376
#: serverguide/C/web-servers.xml:976(programlisting)
3377
#, no-wrap
3378
msgid ""
3379
"\n"
3380
"DocumentRoot /path/to/rails/application/public\n"
3381
msgstr ""
3382
"\n"
3383
"DocumentRoot /path/to/rails/application/public\n"
3384
3385
#: serverguide/C/web-servers.xml:979(para)
3386
msgid ""
3387
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3388
"directive:"
3389
msgstr "下一步,改变 <Directory \"/path/to/rails/application/public\"> 指令:"
3390
3391
#: serverguide/C/web-servers.xml:983(programlisting)
3392
#, no-wrap
3393
msgid ""
3394
"\n"
3395
"<Directory \"/path/to/rails/application/public\">\n"
3396
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3397
" AllowOverride All\n"
3398
" Order allow,deny\n"
3399
" allow from all\n"
3400
" AddHandler cgi-script .cgi\n"
3401
"</Directory>\n"
3402
msgstr ""
3403
"\n"
3404
"<Directory \"/path/to/rails/application/public\">\n"
3405
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3406
" AllowOverride All\n"
3407
" Order allow,deny\n"
3408
" allow from all\n"
3409
" AddHandler cgi-script .cgi\n"
3410
"</Directory>\n"
3411
3412
#: serverguide/C/web-servers.xml:993(para)
3413
msgid ""
3414
"You should also enable the <application>mod_rewrite</application> module for "
3415
"Apache. To enable <application>mod_rewrite</application> module, please "
3416
"enter the following command in a terminal prompt:"
3417
msgstr ""
3418
"你也必须为Apache打开<application>mod_rewrite</application>模块。请在终端输入如下命令来打开<applicati"
3419
"on>mod_rewrite</application>模块:"
3420
3421
#: serverguide/C/web-servers.xml:999(command)
3422
msgid "sudo a2enmod rewrite"
3423
msgstr "sudo a2enmod rewrite"
3424
3425
#: serverguide/C/web-servers.xml:1002(para)
3426
msgid ""
3427
"Finally you will need to change the ownership of the "
3428
"<filename>/path/to/rails/application/public</filename> and "
3429
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3430
"used to run the <application>Apache</application> process:"
3431
msgstr ""
3432
"最后,您将需要改变<filename>/path/to/rails/application/public</filename> 与 "
3433
"<filename>/path/to/rails/application/tmp</filename> "
3434
"目录的所有权到运行<application>Apache</application> 进程的用户:"
3435
3436
#: serverguide/C/web-servers.xml:1008(command)
3437
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3438
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
3439
3440
#: serverguide/C/web-servers.xml:1009(command)
3441
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3442
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3443
3444
#: serverguide/C/web-servers.xml:1012(para)
3445
msgid ""
3446
"That's it! Now you have your Server ready for your <application>Ruby on "
3447
"Rails</application> applications."
3448
msgstr "搞定!现在您的服务器已经可以运行 <application>Ruby on Rails</application> 应用程序。"
3449
3450
#: serverguide/C/web-servers.xml:1021(para)
3451
msgid ""
3452
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3453
"for more information."
3454
msgstr ""
3455
"查看更多信息请浏览<ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink>站点。"
3456
3457
#: serverguide/C/web-servers.xml:1026(para)
3458
msgid ""
3459
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3460
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3461
"resource."
3462
msgstr ""
3463
"同样,<ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-with-"
3464
"rails-third-edition\">Agile Development with Rails</ulink>是个不错的学习材料。"
3465
3466
#: serverguide/C/web-servers.xml:1032(para)
3467
msgid ""
3468
"Another place for more information is the <ulink "
3469
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3470
"Wiki</ulink> page."
3471
msgstr ""
3472
3473
#: serverguide/C/web-servers.xml:1043(title)
3474
msgid "Apache Tomcat"
3475
msgstr "Apache Tomcat"
3476
3477
#: serverguide/C/web-servers.xml:1044(para)
3478
msgid ""
3479
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3480
"JSP (Java Server Pages) web applications."
3481
msgstr ""
3482
"Apache Tomcat 是一个 Web 容器,允许您为 Java Serlets 和 JSP(Java 服务器页面) 的 Web 应用提供服务。"
3483
3484
#: serverguide/C/web-servers.xml:1046(para)
3485
msgid ""
3486
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3487
"different ways of running Tomcat. You can install them as a classic unique "
3488
"system-wide instance, that will be started at boot time and will run as the "
3489
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3490
"will run with your own user rights, and that you should start and stop by "
3491
"yourself. This second way is particularly useful in a development server "
3492
"context where multiple users need to test on their own private Tomcat "
3493
"instances."
3494
msgstr ""
3495
"Ubuntu 中的 <application>Tomcat 6.0</application> 可以有两种不同的方式来运行 Tomcat。 "
3496
"您可以将它安装成经典的系统级的单一实例,在系统启动时就开启,并作为 tomcat6 未授权的用户运行。 "
3497
"您也可以部署私有实例,以您自己的用户权限来运行,这样,就需要您自己手动开启或停止。 在多个用户需要测试它们自己单独的 Tomcat "
3498
"实例的服务器开发场合,后一种方式特别有用。"
3499
3500
#: serverguide/C/web-servers.xml:1056(title)
3501
msgid "System-wide installation"
3502
msgstr "系统级安装"
3503
3504
#: serverguide/C/web-servers.xml:1057(para)
3505
msgid ""
3506
"To install the <application>Tomcat</application> server, you can enter the "
3507
"following command in the terminal prompt:"
3508
msgstr "要安装 <application>Tomcat</application> 服务器,您可在终端命令行中输入:"
3509
3510
#: serverguide/C/web-servers.xml:1060(command)
3511
msgid "sudo apt-get install tomcat6"
3512
msgstr "sudo apt-get install tomcat6"
3513
3514
#: serverguide/C/web-servers.xml:1062(para)
3515
msgid ""
3516
"This will install a Tomcat server with just a default ROOT webapp that "
3517
"displays a minimal \"It works\" page by default."
3518
msgstr "这将安装只带有一个默认的 ROOT Web 应用程序的 Tomcat 服务器,该 Web 应用程序默认仅显示 “正常工作” 的页面。"
3519
3520
#: serverguide/C/web-servers.xml:1068(para)
3521
msgid ""
3522
"Tomcat configuration files can be found in "
3523
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3524
"will be described here, please see <ulink "
3525
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3526
"documentation</ulink> for more."
3527
msgstr ""
3528
"Tomcat 配置文件可以在 <filename>/etc/tomcat6</filename> 中找到,这里仅简述一些常用的配置要点,请查看 "
3529
"<ulink url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3530
"documentation</ulink> 以了解更多。"
3531
3532
#: serverguide/C/web-servers.xml:1074(title)
3533
msgid "Changing default ports"
3534
msgstr "修改默认端口"
3535
3536
#: serverguide/C/web-servers.xml:1075(para)
3537
msgid ""
3538
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3539
"connector on port 8009. You might want to change those default ports to "
3540
"avoid conflict with another server on the system. This is done by changing "
3541
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3542
msgstr ""
3543
"默认情况下,Tomcat 6.0 在 8080 端口上运行一个 HTTP 连接器,并在 8009 端口上运行 AJP 连接器。 "
3544
"为避免与系统中其它服务器发生冲突,您可能需要修改这些默认的端口。 可以通过修改 "
3545
"<filename>/etc/tomcat6/server.xml</filename> 中如下行来实现:"
3546
3547
#: serverguide/C/web-servers.xml:1080(programlisting)
3548
#, no-wrap
3549
msgid ""
3550
"\n"
3551
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3552
" connectionTimeout=\"20000\" \n"
3553
" redirectPort=\"8443\" />\n"
3554
"...\n"
3555
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3556
"/>\n"
3557
msgstr ""
3558
"\n"
3559
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3560
" connectionTimeout=\"20000\" \n"
3561
" redirectPort=\"8443\" />\n"
3562
"...\n"
3563
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3564
"/>\n"
3565
3566
#: serverguide/C/web-servers.xml:1089(title)
3567
msgid "Changing JVM used"
3568
msgstr "修改使用的 JVM"
3569
3570
#: serverguide/C/web-servers.xml:1090(para)
3571
msgid ""
3572
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3573
"then try some other JVMs. If you have various JVMs installed, you can set "
3574
"which should be used by setting JAVA_HOME in "
3575
"<filename>/etc/default/tomcat6</filename>:"
3576
msgstr ""
3577
"默认情况下,Tomcat 优先使用 OpenJDK-6,然后偿试使用 Sun 公司的 JVM,最后再偿试使用其它的 JVM。 如果您安装了多个 "
3578
"JVM,您可以在 <filename>/etc/default/tomcat6</filename> 中设置 JAVA_HOME 以确定哪个 JVM:"
3579
3580
#: serverguide/C/web-servers.xml:1094(programlisting)
3581
#, no-wrap
3582
msgid ""
3583
"\n"
3584
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3585
msgstr ""
3586
"\n"
3587
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3588
3589
#: serverguide/C/web-servers.xml:1099(title)
3590
msgid "Declaring users and roles"
3591
msgstr "声明用户与角色"
3592
3593
#: serverguide/C/web-servers.xml:1100(para)
3594
msgid ""
3595
"Usernames, passwords and roles (groups) can be defined centrally in a "
3596
"Servlet container. In Tomcat 6.0 this is done in the "
3597
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3598
msgstr ""
3599
"用户名、密码以及角色(组)可以在 Servlet 容器中集中定义。 Tomcat 6.0 使用 "
3600
"<filename>/etc/tomcat6/tomcat-users.xml</filename> 来完成:"
3601
3602
#: serverguide/C/web-servers.xml:1103(programlisting)
3603
#, no-wrap
3604
msgid ""
3605
"\n"
3606
"<role rolename=\"admin\"/>\n"
3607
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3608
msgstr ""
3609
"\n"
3610
"<role rolename=\"admin\"/>\n"
3611
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3612
3613
#: serverguide/C/web-servers.xml:1111(title)
3614
msgid "Using Tomcat standard webapps"
3615
msgstr "使用 Tomcat 标准应用程序"
3616
3617
#: serverguide/C/web-servers.xml:1112(para)
3618
msgid ""
3619
"Tomcat is shipped with webapps that you can install for documentation, "
3620
"administration or demo purposes."
3621
msgstr "Tomcat 捆绑了一些应用程序,您可以安装作为文档、管理和演示之用。"
3622
3623
#: serverguide/C/web-servers.xml:1115(title)
3624
msgid "Tomcat documentation"
3625
msgstr "Tomcat 文档"
3626
3627
#: serverguide/C/web-servers.xml:1116(para)
3628
msgid ""
3629
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3630
"documentation, packaged as a webapp that you can access by default at "
3631
"http://yourserver:8080/docs. You can install it by entering the following "
3632
"command in the terminal prompt:"
3633
msgstr ""
3634
"tomcat6-docs 软件包带有 Tomcat 6.0 文档,该文档打包成应用程序,您可以使用默认的地址 "
3635
"http://yourserver:8080/docs 访问。 您可以在终端命令行中输入如下命令来安装该软件包:"
3636
3637
#: serverguide/C/web-servers.xml:1121(command)
3638
msgid "sudo apt-get install tomcat6-docs"
3639
msgstr "sudo apt-get install tomcat6-docs"
3640
3641
#: serverguide/C/web-servers.xml:1125(title)
3642
msgid "Tomcat administration webapps"
3643
msgstr "Tomcat 管理应用程序"
3644
3645
#: serverguide/C/web-servers.xml:1126(para)
3646
msgid ""
3647
"The <application>tomcat6-admin</application> package contains two webapps "
3648
"that can be used to administer the Tomcat server using a web interface. You "
3649
"can install them by entering the following command in the terminal prompt:"
3650
msgstr ""
3651
"tomcat6-admin 软件包包含两个应用程序,可以通过 Web 页面对 Tomcat "
3652
"服务器进行管理。您可以在终端命令行中输入如下命令来安装该软件包:"
3653
3654
#: serverguide/C/web-servers.xml:1131(command)
3655
msgid "sudo apt-get install tomcat6-admin"
3656
msgstr "sudo apt-get install tomcat6-admin"
3657
3658
#: serverguide/C/web-servers.xml:1133(para)
3659
msgid ""
3660
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3661
"access by default at http://yourserver:8080/manager/html. It is primarily "
3662
"used to get server status and restart webapps."
3663
msgstr ""
3664
"第一个应用程序是 manager,您可以在默认的地址 http://yourserver:8080/manager/html "
3665
"进行访问。它主要用于获取服务器状态以及重启应用程序。"
3666
3667
#: serverguide/C/web-servers.xml:1136(para)
3668
msgid ""
3669
"Access to the <emphasis>manager</emphasis> application is protected by "
3670
"default: you need to define a user with the role \"manager\" in "
3671
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3672
msgstr ""
3673
"默认情况下,对 manager 应用程序的访问是被保护的。在访问之前,您需要在 <filename>/etc/tomcat6/tomcat-"
3674
"users.xml</filename> 中定义一个“manager“角色的用户。"
3675
3676
#: serverguide/C/web-servers.xml:1140(para)
3677
msgid ""
3678
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3679
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3680
"used to create virtual hosts dynamically."
3681
msgstr ""
3682
"第二个应用程序是 host-manager,您可以在默认的地址 http://yourserver:8080/host-manager/html "
3683
"进行访问。它可以用于动态创建虚拟主机。"
3684
3685
#: serverguide/C/web-servers.xml:1144(para)
3686
msgid ""
3687
"Access to the <emphasis>host-manager</emphasis> application is also "
3688
"protected by default: you need to define a user with the role \"admin\" in "
3689
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3690
msgstr ""
3691
"默认情况下,对 host-manager 应用程序的访问也是被保护的。在访问之前,您需要在 <filename>/etc/tomcat6/tomcat-"
3692
"users.xml</filename> 中定义一个“admin“角色的用户。"
3693
3694
#: serverguide/C/web-servers.xml:1149(para)
3695
msgid ""
3696
"For security reasons, the tomcat6 user cannot write to the "
3697
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3698
"these admin webapps (application deployment, virtual host creation) need "
3699
"write access to that directory. If you want to use these features execute "
3700
"the following, to give users in the tomcat6 group the necessary rights:"
3701
msgstr ""
3702
"出于安全考虑,默认情况下,Tomcat6 用户对 <filename>/etc/tomcat6</filename> "
3703
"目录是不可写的,但这些管理应用程序中的某些功能(部署应用、创建虚拟主机)需要访问该目录,如果您需要使用这些功能,执行如下命令,以对 tomcat6 "
3704
"组的用户分配必要的权限:"
3705
3706
#: serverguide/C/web-servers.xml:1156(command)
3707
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3708
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3709
3710
#: serverguide/C/web-servers.xml:1157(command)
3711
msgid "sudo chmod -R g+w /etc/tomcat6"
3712
msgstr "sudo chmod -R g+w /etc/tomcat6"
3713
3714
#: serverguide/C/web-servers.xml:1162(title)
3715
msgid "Tomcat examples webapps"
3716
msgstr "Tomcat 示例应用程序"
3717
3718
#: serverguide/C/web-servers.xml:1163(para)
3719
msgid ""
3720
"The <application>tomcat6-examples</application> package contains two webapps "
3721
"that can be used to test or demonstrate Servlets and JSP features, which you "
3722
"can access them by default at http://yourserver:8080/examples. You can "
3723
"install them by entering the following command in the terminal prompt:"
3724
msgstr ""
3725
"tomcat6-examples 软件包包含两个应用程序,可以用于测试和演示 Servlets 和 JSP 功能,您可以在默认的地址 "
3726
"http://yourserver:8080/examples 进行访问。您可以在终端命令行中输入如下命令来安装:"
3727
3728
#: serverguide/C/web-servers.xml:1169(command)
3729
msgid "sudo apt-get install tomcat6-examples"
3730
msgstr "sudo apt-get install tomcat6-examples"
3731
3732
#: serverguide/C/web-servers.xml:1175(title)
3733
msgid "Using private instances"
3734
msgstr "使用私有实例"
3735
3736
#: serverguide/C/web-servers.xml:1176(para)
3737
msgid ""
3738
"Tomcat is heavily used in development and testing scenarios where using a "
3739
"single system-wide instance doesn't meet the requirements of multiple users "
3740
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3741
"help deploy your own user-oriented instances, allowing every user on a "
3742
"system to run (without root rights) separate private instances while still "
3743
"using the system-installed libraries."
3744
msgstr ""
3745
"Tomcat被广泛的应用于使用单一系统范围实例不需要考虑单一系统下多用户需求情景下的开发和测试方案。Ubuntu里的Tomcat6.0的包和相关工具可以帮"
3746
"助你部署你自己的面向用户的实例、允许每个系统用户运行(非root权限的)彼此分隔的私有实例,虽然这仍然是在使用以系统权限安装的库。"
3747
3748
#: serverguide/C/web-servers.xml:1183(para)
3749
msgid ""
3750
"It is possible to run the system-wide instance and the private instances in "
3751
"parallel, as long as they do not use the same TCP ports."
3752
msgstr "只要他们不使用同样的 TCP 端口,有可能并行运行全系统例子和人例子。"
3753
3754
#: serverguide/C/web-servers.xml:1187(title)
3755
msgid "Installing private instance support"
3756
msgstr "安装兼容的个人事例"
3757
3758
#: serverguide/C/web-servers.xml:1188(para)
3759
msgid ""
3760
"You can install everything necessary to run private instances by entering "
3761
"the following command in the terminal prompt:"
3762
msgstr "您可以安装所必需的和在终端提示上键入以下命令来运行个人事例:"
3763
3764
#: serverguide/C/web-servers.xml:1191(command)
3765
msgid "sudo apt-get install tomcat6-user"
3766
msgstr "sudo apt-get install tomcat6-user"
3767
3768
#: serverguide/C/web-servers.xml:1195(title)
3769
msgid "Creating a private instance"
3770
msgstr "创建个人事例"
3771
3772
#: serverguide/C/web-servers.xml:1196(para)
3773
msgid ""
3774
"You can create a private instance directory by entering the following "
3775
"command in the terminal prompt:"
3776
msgstr "你可以在终端处键入以下命令来建立个人文档目录:"
3777
3778
#: serverguide/C/web-servers.xml:1199(command)
3779
msgid "tomcat6-instance-create my-instance"
3780
msgstr "tomcat6-instance-create my-instance"
3781
3782
#: serverguide/C/web-servers.xml:1201(para)
3783
msgid ""
3784
"This will create a new <filename>my-instance</filename> directory with all "
3785
"the necessary subdirectories and scripts. You can for example install your "
3786
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3787
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3788
"are deployed by default."
3789
msgstr ""
3790
"这将会创建新的<filename>my-"
3791
"instance</filename>目录以提供一切必需子目录和脚本。例如,您也可以共同安装库在<filename>lib/</filename>子目录里"
3792
"来布置 webapps 在您的<filename>webapps/</filename>子目录里。默认下是没有布置 webapps 的。"
3793
3794
#: serverguide/C/web-servers.xml:1209(title)
3795
msgid "Configuring your private instance"
3796
msgstr "配置你的个人事例"
3797
3798
#: serverguide/C/web-servers.xml:1210(para)
3799
msgid ""
3800
"You will find the classic Tomcat configuration files for your private "
3801
"instance in the <filename>conf/</filename> subdirectory. You should for "
3802
"example certainly edit the <filename>conf/server.xml</filename> file to "
3803
"change the default ports used by your private Tomcat instance to avoid "
3804
"conflict with other instances that might be running."
3805
msgstr ""
3806
"您会在您个人示范 <filename>conf/</filename> 子目录里找到典型的 Tomcat 配置文件。你应该个人 Tomcat 示范编辑 "
3807
"<filename>conf/server.xml</filename> 文件来改变默认端口的使用,以避免运行时和其它的示范有冲突。"
3808
3809
#: serverguide/C/web-servers.xml:1218(title)
3810
msgid "Starting/stopping your private instance"
3811
msgstr "开始/停止 您的个人事例"
3812
3813
#: serverguide/C/web-servers.xml:1219(para)
3814
msgid ""
3815
"You can start your private instance by entering the following command in the "
3816
"terminal prompt (supposing your instance is located in the <filename>my-"
3817
"instance</filename> directory):"
3818
msgstr "您可以键入以下终端提示命令来启动你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
3819
3820
#: serverguide/C/web-servers.xml:1223(command)
3821
msgid "my-instance/bin/startup.sh"
3822
msgstr "my-instance/bin/startup.sh"
3823
3824
#: serverguide/C/web-servers.xml:1225(para)
3825
msgid ""
3826
"You should check the <filename>logs/</filename> subdirectory for any error. "
3827
"If you have a <emphasis>java.net.BindException: Address already in "
3828
"use<null>:8080</emphasis> error, it means that the port you're using "
3829
"is already taken and that you should change it."
3830
msgstr ""
3831
"您应该检查<filename>logs/</filename>子目录里的任何错误。如果出现 "
3832
"<emphasis>java.net.BindException: 地址已经在使用<null>:8080</emphasis> "
3833
"的错误,这意味着你您使用的端口已经被标记,您应该要使用另一端口。"
3834
3835
#: serverguide/C/web-servers.xml:1230(para)
3836
msgid ""
3837
"You can stop your instance by entering the following command in the terminal "
3838
"prompt (supposing your instance is located in the <filename>my-"
3839
"instance</filename> directory):"
3840
msgstr "您可以键入以下终端提示命令来停止你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
3841
3842
#: serverguide/C/web-servers.xml:1234(command)
3843
msgid "my-instance/bin/shutdown.sh"
3844
msgstr "my-instance/bin/shutdown.sh"
3845
3846
#: serverguide/C/web-servers.xml:1243(para)
3847
msgid ""
3848
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3849
"website for more information."
3850
msgstr ""
3851
"请浏览<ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink>站点查看更多信息。"
3852
3853
#: serverguide/C/web-servers.xml:1248(para)
3854
msgid ""
3855
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3856
"Definitive Guide</ulink> is a good resource for building web applications "
3857
"with Tomcat."
3858
msgstr ""
3859
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3860
"Definitive Guide</ulink> 是一份很好的关于使用Tomcat搭建Web应用程序的资源"
3861
3862
#: serverguide/C/web-servers.xml:1254(para)
3863
msgid ""
3864
"For additional books see the <ulink "
3865
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3866
"page."
3867
msgstr ""
3868
"更多的书籍请浏览<ulink url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat "
3869
"Books</ulink>清单页面。"
3870
3871
#: serverguide/C/web-servers.xml:1259(para)
3872
msgid ""
3873
"Also, see the<ulink "
3874
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3875
"Tomcat</ulink> page."
3876
msgstr ""
3877
3878
#: serverguide/C/vpn.xml:13(title)
3879
msgid "VPN"
3880
msgstr "VPN"
3881
3882
#: serverguide/C/vpn.xml:15(para)
3883
msgid ""
3884
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3885
"network connection between two or more networks. There are several ways to "
3886
"create a VPN using software as well as dedicated hardware appliances. This "
3887
"chapter will cover installing and configuring "
3888
"<application>OpenVPN</application> to create a VPN between two servers."
3889
msgstr ""
3890
"虚拟私有网络,即<emphasis>VPN</emphasis>,是两个或多个网络之间的加密网络连接。 "
3891
"有几种使用软件或专有硬件来创建VPN。本章会讲解如何通过安装和配置<application>OpenVPN</application>来在两个服务器之间创"
3892
"建VPN连接。"
3893
3894
#: serverguide/C/vpn.xml:23(title)
3895
msgid "OpenVPN"
3896
msgstr "OpenVPN"
3897
3898
#: serverguide/C/vpn.xml:25(para)
3899
msgid ""
3900
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3901
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3902
"clients through a bridge interface on the VPN server. This guide will assume "
3903
"that one VPN node, the server in this case, has a bridge interface "
3904
"configured. For more information on setting up a bridge see <xref "
3905
"linkend=\"bridging\"/>."
3906
msgstr ""
3907
"OpenVPN 使用公开密钥(PKI)来加密两个节点间的 VPN 通讯,用 OpenVPN 简单建立一个 VPN 连接的方法是使客户端通过 VPN "
3908
"服务器上的网桥接口建设连接。这个向导将假设一个 VPN 节点提供以上这种服务,已经配置好了一个网桥接口。更多关于如何建立网桥的信息请查看<xref "
3909
"linkend=\"bridging\"/>。"
3910
3911
#: serverguide/C/vpn.xml:35(para)
3912
msgid "To install <application>openvpn</application> in a terminal enter:"
3913
msgstr "要安装<application>openvpn</application>,请在终端输入:"
3914
3915
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3916
msgid "sudo apt-get install openvpn"
3917
msgstr "sudo apt-get install openvpn"
3918
3919
#: serverguide/C/vpn.xml:45(title)
3920
msgid "Server Certificates"
3921
msgstr "服务器证书"
3922
3923
#: serverguide/C/vpn.xml:47(para)
3924
msgid ""
3925
"Now that the <application>openvpn</application> package is installed, the "
3926
"certificates for the VPN server need to be created."
3927
msgstr "现在<application>openvpn</application>包已安装,接下来要为VPN服务器创建证书。"
3928
3929
#: serverguide/C/vpn.xml:52(para)
3930
msgid ""
3931
"First, copy the <filename>easy-rsa</filename> directory to "
3932
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3933
"scripts will not be lost when the package is updated. You will also need to "
3934
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3935
"the current user permission to create files. From a terminal enter:"
3936
msgstr ""
3937
3938
#: serverguide/C/vpn.xml:59(command)
3939
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3940
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
3941
3942
#: serverguide/C/vpn.xml:60(command)
3943
msgid ""
3944
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3945
"rsa/"
3946
msgstr ""
3947
3948
#: serverguide/C/vpn.xml:61(command)
3949
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3950
msgstr ""
3951
3952
#: serverguide/C/vpn.xml:64(para)
3953
msgid ""
3954
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3955
"following to your environment:"
3956
msgstr "接下来,编辑<filename>/etc/openvpn/easy-rsa/vars</filename>调整到适合您的环境:"
3957
3958
#: serverguide/C/vpn.xml:68(programlisting)
3959
#, no-wrap
3960
msgid ""
3961
"\n"
3962
"export KEY_COUNTRY=\"US\"\n"
3963
"export KEY_PROVINCE=\"NC\"\n"
3964
"export KEY_CITY=\"Winston-Salem\"\n"
3965
"export KEY_ORG=\"Example Company\"\n"
3966
"export KEY_EMAIL=\"steve@example.com\"\n"
3967
msgstr ""
3968
"\n"
3969
"export KEY_COUNTRY=\"US\"\n"
3970
"export KEY_PROVINCE=\"NC\"\n"
3971
"export KEY_CITY=\"Winston-Salem\"\n"
3972
"export KEY_ORG=\"Example Company\"\n"
3973
"export KEY_EMAIL=\"steve@example.com\"\n"
3974
3975
#: serverguide/C/vpn.xml:76(para)
3976
msgid "Enter the following to create the server certificates:"
3977
msgstr "输入以下命令来创建服务器证书:"
3978
3979
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3980
msgid "cd /etc/openvpn/easy-rsa/"
3981
msgstr "cd /etc/openvpn/easy-rsa/"
3982
3983
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3984
msgid "source vars"
3985
msgstr "原始变量"
3986
3987
#: serverguide/C/vpn.xml:83(command)
3988
msgid "./clean-all"
3989
msgstr "./clean-all"
3990
3991
#: serverguide/C/vpn.xml:84(command)
3992
msgid "./build-dh"
3993
msgstr "./build-dh"
3994
3995
#: serverguide/C/vpn.xml:85(command)
3996
msgid "./pkitool --initca"
3997
msgstr "./pkitool --initca"
3998
3999
#: serverguide/C/vpn.xml:86(command)
4000
msgid "./pkitool --server server"
4001
msgstr "./pkitool --server server"
4002
4003
#: serverguide/C/vpn.xml:87(command)
4004
msgid "cd keys"
4005
msgstr "cd keys"
4006
4007
#: serverguide/C/vpn.xml:88(command)
4008
msgid "openvpn --genkey --secret ta.key"
4009
msgstr "openvpn --genkey --secret ta.key"
4010
4011
#: serverguide/C/vpn.xml:89(command)
4012
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4013
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4014
4015
#: serverguide/C/vpn.xml:94(title)
4016
msgid "Client Certificates"
4017
msgstr "客户端证书"
4018
4019
#: serverguide/C/vpn.xml:96(para)
4020
msgid ""
4021
"The VPN client will also need a certificate to authenticate itself to the "
4022
"server. To create the certificate, enter the following in a terminal:"
4023
msgstr "VPN客户端也需要一个证书用来向服务器认证自己。要创建证书,请在终端输入:"
4024
4025
#: serverguide/C/vpn.xml:104(command)
4026
msgid "./pkitool hostname"
4027
msgstr "./pkitool hostname"
4028
4029
#: serverguide/C/vpn.xml:108(para)
4030
msgid ""
4031
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4032
"machine connecting to the VPN."
4033
msgstr "将<emphasis>hostname</emphasis>替换成要连接到VPN的实际主机名。"
4034
4035
#: serverguide/C/vpn.xml:113(para)
4036
msgid "Copy the following files to the client:"
4037
msgstr "将如下文件复制到客户端:"
4038
4039
#: serverguide/C/vpn.xml:118(para)
4040
msgid "/etc/openvpn/ca.crt"
4041
msgstr ""
4042
4043
#: serverguide/C/vpn.xml:119(para)
4044
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4045
msgstr ""
4046
4047
#: serverguide/C/vpn.xml:120(para)
4048
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4049
msgstr ""
4050
4051
#: serverguide/C/vpn.xml:121(para)
4052
msgid "/etc/openvpn/ta.key"
4053
msgstr ""
4054
4055
#: serverguide/C/vpn.xml:125(para)
4056
msgid ""
4057
"Remember to adjust the above file names for your client machine's "
4058
"<emphasis>hostname</emphasis>."
4059
msgstr "记得要将你的客户端机器的<emphasis>主机名</emphasis>的以上文件做相应调整。"
4060
4061
#: serverguide/C/vpn.xml:130(para)
4062
msgid ""
4063
"It is best to use a secure method to copy the certificate and key files. The "
4064
"<application>scp</application> utility is a good choice, but copying the "
4065
"files to removable media then to the client, also works well."
4066
msgstr ""
4067
"最好是使用安全的方法来复制证书和钥匙文件。<application>scp</application>工具是个不错的选择,但将文件复制到可移除介质再复制到"
4068
"客户端也是可以的。"
4069
4070
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4071
msgid "Server Configuration"
4072
msgstr "服务器配置"
4073
4074
#: serverguide/C/vpn.xml:143(para)
4075
msgid ""
4076
"Now configure the <application>openvpn</application> server by creating "
4077
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4078
"terminal enter:"
4079
msgstr ""
4080
"现在可以通过编辑示例文件中的<filename>/etc/openvpn/server.conf</filename>来配置<application>op"
4081
"envpn</application>。在终端中输入:"
4082
4083
#: serverguide/C/vpn.xml:149(command)
4084
msgid ""
4085
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4086
"/etc/openvpn/"
4087
msgstr ""
4088
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4089
"/etc/openvpn/"
4090
4091
#: serverguide/C/vpn.xml:150(command)
4092
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4093
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
4094
4095
#: serverguide/C/vpn.xml:153(para)
4096
msgid ""
4097
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4098
"options to:"
4099
msgstr ""
4100
4101
#: serverguide/C/vpn.xml:157(programlisting)
4102
#, no-wrap
4103
msgid ""
4104
"\n"
4105
"local 172.18.100.101\n"
4106
"dev tap0\n"
4107
"up \"/etc/openvpn/up.sh br0\"\n"
4108
"down \"/etc/openvpn/down.sh br0\"\n"
4109
";server 10.8.0.0 255.255.255.0\n"
4110
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4111
"push \"route 172.18.100.1 255.255.255.0\"\n"
4112
"push \"dhcp-option DNS 172.18.100.20\"\n"
4113
"push \"dhcp-option DOMAIN example.com\"\n"
4114
"tls-auth ta.key 0 # This file is secret\n"
4115
"user nobody\n"
4116
"group nogroup\n"
4117
msgstr ""
4118
4119
#: serverguide/C/vpn.xml:174(para)
4120
msgid ""
4121
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4122
msgstr "<emphasis>local</emphasis>:是桥接界面的IP地址。"
4123
4124
#: serverguide/C/vpn.xml:179(para)
4125
msgid ""
4126
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4127
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4128
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4129
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4130
"to clients."
4131
msgstr ""
4132
"<emphasis>server-bridge</emphasis>:在配置用户桥接时需要此项。<emphasis>172.18.100.101 "
4133
"255.255.255.0</emphasis>是桥接界面和掩码。IP范围<emphasis>172.18.100.105 "
4134
"172.18.100.200</emphasis>是将分配给客户端的IP地址范围。"
4135
4136
#: serverguide/C/vpn.xml:186(para)
4137
msgid ""
4138
"<emphasis>push</emphasis>: are directives to add networking options for "
4139
"clients."
4140
msgstr "<emphasis>push</emphasis>: 是为客户端添加网络选项的命令。"
4141
4142
#: serverguide/C/vpn.xml:191(para)
4143
msgid ""
4144
"<emphasis>user and group</emphasis>: configure which user and group the "
4145
"<application>openvpn</application> daemon executes as."
4146
msgstr ""
4147
"<emphasis>user and group</emphasis>: "
4148
"配置<application>openvpn</application>程序执行时所使用的用户名和组名。"
4149
4150
#: serverguide/C/vpn.xml:198(para)
4151
msgid ""
4152
"Replace all IP addresses and domain names above with those of your network."
4153
msgstr "用你自己网络相应的IP地址和域名来做替换。"
4154
4155
#: serverguide/C/vpn.xml:203(para)
4156
msgid ""
4157
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4158
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4159
msgstr ""
4160
"接下来,创建两个帮助脚本将<emphasis>tap</emphasis>界面添加至桥接。创建<filename>/etc/openvpn/up.sh</"
4161
"filename>:"
4162
4163
#: serverguide/C/vpn.xml:207(programlisting)
4164
#, no-wrap
4165
msgid ""
4166
"\n"
4167
"#!/bin/sh\n"
4168
"\n"
4169
"BR=$1\n"
4170
"DEV=$2\n"
4171
"MTU=$3\n"
4172
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4173
"/usr/sbin/brctl addif $BR $DEV\n"
4174
msgstr ""
4175
"\n"
4176
"#!/bin/sh\n"
4177
"\n"
4178
"BR=$1\n"
4179
"DEV=$2\n"
4180
"MTU=$3\n"
4181
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4182
"/usr/sbin/brctl addif $BR $DEV\n"
4183
4184
#: serverguide/C/vpn.xml:217(para)
4185
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4186
msgstr "和<filename>/etc/openvpn/down.sh</filename>:"
4187
4188
#: serverguide/C/vpn.xml:221(programlisting)
4189
#, no-wrap
4190
msgid ""
4191
"\n"
4192
"#!/bin/sh\n"
4193
"\n"
4194
"BR=$1\n"
4195
"DEV=$2\n"
4196
"\n"
4197
"/usr/sbin/brctl delif $BR $DEV\n"
4198
"/sbin/ifconfig $DEV down\n"
4199
msgstr ""
4200
"\n"
4201
"#!/bin/sh\n"
4202
"\n"
4203
"BR=$1\n"
4204
"DEV=$2\n"
4205
"\n"
4206
"/usr/sbin/brctl delif $BR $DEV\n"
4207
"/sbin/ifconfig $DEV down\n"
4208
4209
#: serverguide/C/vpn.xml:231(para)
4210
msgid "Then make them executable:"
4211
msgstr "然后让他们可执行:"
4212
4213
#: serverguide/C/vpn.xml:236(command)
4214
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4215
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
4216
4217
#: serverguide/C/vpn.xml:237(command)
4218
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4219
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
4220
4221
#: serverguide/C/vpn.xml:240(para)
4222
msgid ""
4223
"After configuring the server, restart <application>openvpn</application> by "
4224
"entering:"
4225
msgstr "配置完服务器之后,使用以下命令来重启<application>openvpn</application>:"
4226
4227
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4228
msgid "sudo /etc/init.d/openvpn restart"
4229
msgstr "sudo /etc/init.d/openvpn restart"
4230
4231
#: serverguide/C/vpn.xml:250(title)
4232
msgid "Client Configuration"
4233
msgstr "客户端配置"
4234
4235
#: serverguide/C/vpn.xml:252(para)
4236
msgid "First, install <application>openvpn</application> on the client:"
4237
msgstr ""
4238
4239
#: serverguide/C/vpn.xml:260(para)
4240
msgid ""
4241
"Then with the server configured and the client certificates copied to the "
4242
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4243
"file by copying the example. In a terminal on the client machine enter:"
4244
msgstr ""
4245
4246
#: serverguide/C/vpn.xml:266(command)
4247
msgid ""
4248
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4249
"/etc/openvpn"
4250
msgstr ""
4251
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4252
"/etc/openvpn"
4253
4254
#: serverguide/C/vpn.xml:269(para)
4255
msgid ""
4256
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4257
"following options:"
4258
msgstr "现在编辑<filename>/etc/openvpn/client.conf</filename>,更改以下选项:"
4259
4260
#: serverguide/C/vpn.xml:273(programlisting)
4261
#, no-wrap
4262
msgid ""
4263
"\n"
4264
"dev tap\n"
4265
"remote vpn.example.com 1194\n"
4266
"cert hostname.crt\n"
4267
"key hostname.key\n"
4268
"tls-auth ta.key 1\n"
4269
msgstr ""
4270
"\n"
4271
"dev tap\n"
4272
"remote vpn.example.com 1194\n"
4273
"cert hostname.crt\n"
4274
"key hostname.key\n"
4275
"tls-auth ta.key 1\n"
4276
4277
#: serverguide/C/vpn.xml:282(para)
4278
msgid ""
4279
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4280
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4281
"key filenames."
4282
msgstr ""
4283
"用您的VPN服务器的主机名替换<emphasis>vpn.example.com</emphasis>,并用实际的证书和钥匙文件名替换<emphasis>"
4284
"hostname.*</emphasis>。"
4285
4286
#: serverguide/C/vpn.xml:288(para)
4287
msgid "Finally, restart <application>openvpn</application>:"
4288
msgstr "最后,重启<application>openvpn</application>:"
4289
4290
#: serverguide/C/vpn.xml:296(para)
4291
msgid "You should now be able to connect to the remote LAN through the VPN."
4292
msgstr "您现在应该可以通过VPN连接到远程LAN。"
4293
4294
#: serverguide/C/vpn.xml:307(para)
4295
msgid ""
4296
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4297
"additional information."
4298
msgstr "请查看<ulink url=\"http://openvpn.net/\">OpenVPN</ulink>网站以获取更多信息。"
4299
4300
#: serverguide/C/vpn.xml:312(para)
4301
msgid ""
4302
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4303
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4304
msgstr ""
4305
"还有,Pakt的<ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4306
"Building and Integrating Virtual Private Networks</ulink>也是个不错的信息源。"
4307
4308
#: serverguide/C/vpn.xml:318(para)
4309
msgid ""
4310
"Another source of further information is the <ulink "
4311
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4312
"OpenVPN</ulink> page."
4313
msgstr ""
4314
4315
#: serverguide/C/virtualization.xml:13(title)
4316
msgid "Virtualization"
4317
msgstr "虚拟化"
4318
4319
#: serverguide/C/virtualization.xml:14(para)
4320
msgid ""
4321
"Virtualization is being adopted in many different environments and "
4322
"situations. If you are a developer, virtualization can provide you with a "
4323
"contained environment where you can safely do almost any sort of development "
4324
"safe from messing up your main working environment. If you are a systems "
4325
"administrator, you can use virtualization to more easily separate your "
4326
"services and move them around based on demand."
4327
msgstr ""
4328
"虚拟化正被广泛地使用于各种不同的环境之中。如果您是一位开发者,虚拟化可以为您提供一个虚拟的环境,在这个环境你可以做几乎所有的工作而不必更改你主要的工作环境"
4329
"。如果您是一位系统管理员,您可以使用虚拟化以满足不同的服务需求同时使他们依不同的需求而任意改变。"
4330
4331
#: serverguide/C/virtualization.xml:20(para)
4332
msgid ""
4333
"The default virtualization technology supported in Ubuntu is "
4334
"<application>KVM</application>, a technology that takes advantage of "
4335
"virtualization extensions built into Intel and AMD hardware. For hardware "
4336
"without virtualization extensions <application>Xen</application> and "
4337
"<application>Qemu</application> are popular solutions."
4338
msgstr ""
4339
"Ubuntu中支持的默认虚拟化技术是<application>KVM</application>,这种技术得利于Intel与AMD硬件内建的虚拟化扩展。在"
4340
"没有硬件支持的虚拟化扩展中,<application>Xen</application> 和 "
4341
"<application>Qemu</application> 是流行的解决方案。"
4342
4343
#: serverguide/C/virtualization.xml:27(title)
4344
msgid "libvirt"
4345
msgstr "libvirt"
4346
4347
#: serverguide/C/virtualization.xml:28(para)
4348
msgid ""
4349
"The <application>libvirt</application> library is used to interface with "
4350
"different virtualization technologies. Before getting started with "
4351
"<application>libvirt</application> it is best to make sure your hardware "
4352
"supports the necessary virtualization extensions for "
4353
"<application>KVM</application>. Enter the following from a terminal prompt:"
4354
msgstr ""
4355
"库 <application>libvirt</application> "
4356
"是支持不同的虚拟化技术的统一接口。在开始使用<application>libvirt</application> "
4357
"之前,最好确认您的硬件是否支持<application>KVM</application>所必须的虚拟化扩展。在终端提示符下输入如下内容:"
4358
4359
#: serverguide/C/virtualization.xml:35(command)
4360
msgid "kvm-ok"
4361
msgstr ""
4362
4363
#: serverguide/C/virtualization.xml:37(para)
4364
msgid ""
4365
"A message will be printed informing you if your CPU "
4366
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4367
"virtualization."
4368
msgstr ""
4369
4370
#: serverguide/C/virtualization.xml:41(para)
4371
msgid ""
4372
"On most computer whose processor supports virtualization, it is necessary to "
4373
"activate an option in the BIOS to enable it."
4374
msgstr ""
4375
4376
#: serverguide/C/virtualization.xml:47(title)
4377
msgid "Virtual Networking"
4378
msgstr "虚拟网络"
4379
4380
#: serverguide/C/virtualization.xml:49(para)
4381
msgid ""
4382
"There are a few different ways to allow a virtual machine access to the "
4383
"external network. The default virtual network configuration is "
4384
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4385
"traffic is NATed through the host interface to the outside network."
4386
msgstr ""
4387
"有一些不同的方式使一个虚拟机进入到外部网络。默认的虚拟网络配置是<emphasis>用户模式</emphasis>网络,它使用SLIRP协议,网络通过主机"
4388
"的接口被NAT到外部网络。"
4389
4390
#: serverguide/C/virtualization.xml:54(para)
4391
msgid ""
4392
"To enable external hosts to directly access services on virtual machines a "
4393
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4394
"interfaces to connect to the outside network through the physical interface, "
4395
"making them appear as normal hosts to the rest of the network. For "
4396
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4397
msgstr ""
4398
"为了使外部主机能直接访问虚拟主机的服务需要设置<emphasis>网桥</emphasis>。这使得虚拟接口通过物理接口来连接到外部网络,把它们显示为正常"
4399
"主机网络的其它部分。关于建立网桥的更多信息请浏览<xref linkend=\"bridging\"/>。"
4400
4401
#: serverguide/C/virtualization.xml:63(para)
4402
msgid "To install the necessary packages, from a terminal prompt enter:"
4403
msgstr "要安装必要的软件包,从终端中输入:"
4404
4405
#: serverguide/C/virtualization.xml:67(command)
4406
msgid "sudo apt-get install kvm libvirt-bin"
4407
msgstr "sudo apt-get install kvm libvirt-bin"
4408
4409
#: serverguide/C/virtualization.xml:69(para)
4410
msgid ""
4411
"After installing <application>libvirt-bin</application>, the user used to "
4412
"manage virtual machines will need to be added to the "
4413
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4414
"the advanced networking options."
4415
msgstr ""
4416
"在安装了<application>libvirt-"
4417
"bin</application>后,用于管理虚拟机的用户需要被添加到<emphasis>libvirtd</emphasis>组。这样做会赋予这个用户进"
4418
"入到高级网络选项的权限。"
4419
4420
#: serverguide/C/virtualization.xml:73(para)
4421
msgid "In a terminal enter:"
4422
msgstr "在终端中输入:"
4423
4424
#: serverguide/C/virtualization.xml:77(command)
4425
msgid "sudo adduser $USER libvirtd"
4426
msgstr "sudo adduser $USER libvirtd"
4427
4428
#: serverguide/C/virtualization.xml:80(para)
4429
msgid ""
4430
"If the user chosen is the current user, you will need to log out and back in "
4431
"for the new group membership to take effect."
4432
msgstr "如果用户是当前用户,你需要登出再登陆回来以使新的组成员设置生效。"
4433
4434
#: serverguide/C/virtualization.xml:84(para)
4435
msgid ""
4436
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4437
"Installing a virtual machine follows the same process as installing the "
4438
"operating system directly on the hardware. You either need a way to automate "
4439
"the installation, or a keyboard and monitor will need to be attached to the "
4440
"physical machine."
4441
msgstr ""
4442
"您现在已准备好安装一个 <emphasis>Guest</emphasis> "
4443
"操作系统。按照在真实硬件上直接安装操作系统的步骤来安装虚拟机。您也需要一个自动化安装的方法,否则一套键盘和显示器需要连接到物理机器上。"
4444
4445
#: serverguide/C/virtualization.xml:89(para)
4446
msgid ""
4447
"In the case of virtual machines a Graphical User Interface (GUI) is "
4448
"analogous to using a physical keyboard and mouse. Instead of installing a "
4449
"GUI the <application>virt-viewer</application> application can be used to "
4450
"connect to a virtual machine's console using <application>VNC</application>. "
4451
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4452
msgstr ""
4453
"在使用虚拟机的情况下,图形用户接口(GUI)模拟使用物理的键盘和鼠标。代替安装一个使用<application>VNC</application>GUI的"
4454
" <application>virt-viewer</application> 应用程序,能被用来连接虚拟机的控制台。要获取更多信息,请看 <xref "
4455
"linkend=\"libvirt-virt-viewer\"/> 。"
4456
4457
#: serverguide/C/virtualization.xml:94(para)
4458
msgid ""
4459
"There are several ways to automate the Ubuntu installation process, for "
4460
"example using preseeds, kickstart, etc. Refer to the <ulink "
4461
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4462
"Installation Guide</ulink> for details."
4463
msgstr ""
4464
4465
#: serverguide/C/virtualization.xml:98(para)
4466
msgid ""
4467
"Yet another way to install an Ubuntu virtual machine is to use "
4468
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4469
"builder</application> allows you to setup advanced partitions, execute "
4470
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4471
"vmbuilder\"/>"
4472
msgstr ""
4473
"然而,另一种安装 Ubuntu 虚拟机来使用 <application>ubuntu-vm-"
4474
"builder</application>。<application>ubuntu-vm-"
4475
"builder</application>允许你高级分区安装,执行安装后的自定义脚本等等。更多细节请查看<xref linkend=\"jeos-and-"
4476
"vmbuilder\"/>"
4477
4478
#: serverguide/C/virtualization.xml:104(title)
4479
msgid "virt-install"
4480
msgstr "virt-install"
4481
4482
#: serverguide/C/virtualization.xml:105(para)
4483
msgid ""
4484
"<application>virt-install</application> is part of the <application>python-"
4485
"virtinst</application> package. To install it, from a terminal prompt enter:"
4486
msgstr ""
4487
"<application>virt-install</application> 是<application>python-"
4488
"virtinst</application>软件包的一部分。要安装它,在终端中输入:"
4489
4490
#: serverguide/C/virtualization.xml:109(command)
4491
msgid "sudo apt-get install python-virtinst"
4492
msgstr "sudo apt-get install python-virtinst"
4493
4494
#: serverguide/C/virtualization.xml:111(para)
4495
msgid ""
4496
"There are several options available when using <application>virt-"
4497
"install</application>. For example:"
4498
msgstr "在使用<application>virt-install</application>时,有几个选项可供选择。例如:"
4499
4500
#: serverguide/C/virtualization.xml:115(command)
4501
msgid ""
4502
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4503
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4504
msgstr ""
4505
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4506
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4507
4508
#: serverguide/C/virtualization.xml:122(para)
4509
msgid ""
4510
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4511
"be <emphasis>web_devel</emphasis> in this example."
4512
msgstr ""
4513
"<emphasis>-n "
4514
"web_devel:</emphasis>本例中的新虚拟机的名字将是<emphasis>web_devel</emphasis>。"
4515
4516
#: serverguide/C/virtualization.xml:127(para)
4517
msgid ""
4518
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4519
"machine will use."
4520
msgstr "<emphasis>-r 256:</emphasis>指定虚拟机将使用的内存大小。"
4521
4522
#: serverguide/C/virtualization.xml:132(para)
4523
msgid ""
4524
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4525
"disk which can be a file, partition, or logical volume. In this example a "
4526
"file named <filename>web_devel.img</filename>."
4527
msgstr ""
4528
"<emphasis>-f "
4529
"web_devel.img:</emphasis>虚拟盘显示出来的路径可以看成一个文件,分区或者为逻辑卷。在这例子中文件命名为<filename>web_"
4530
"devel.img</filename>。"
4531
4532
#: serverguide/C/virtualization.xml:138(para)
4533
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4534
msgstr "<emphasis>-s 4:</emphasis>虚拟磁盘的大小。"
4535
4536
#: serverguide/C/virtualization.xml:143(para)
4537
msgid ""
4538
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4539
"file can be either an ISO file or the path to the host's CDROM device."
4540
msgstr ""
4541
"<emphasis>-c jeos.iso:</emphasis>文件将被当作虚拟的CDROM。此文件可以是一个ISO文件或是通往主机的CDROM设备。"
4542
4543
#: serverguide/C/virtualization.xml:149(para)
4544
msgid ""
4545
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4546
"technologies."
4547
msgstr "<emphasis>--accelerate:</emphasis>应用内核加速技术。"
4548
4549
#: serverguide/C/virtualization.xml:154(para)
4550
msgid ""
4551
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4552
msgstr "<emphasis>--vnc:</emphasis>用VNC输出客机的虚拟控制台。"
4553
4554
#: serverguide/C/virtualization.xml:159(para)
4555
msgid ""
4556
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4557
"virtual machine's console."
4558
msgstr "<emphasis>--noautoconsole:</emphasis>将不会自动连接到虚拟机的控制台。"
4559
4560
#: serverguide/C/virtualization.xml:164(para)
4561
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4562
msgstr "<emphasis>-v:</emphasis>创建完全虚拟化的客户端。"
4563
4564
#: serverguide/C/virtualization.xml:169(para)
4565
msgid ""
4566
"After launching <application>virt-install</application> you can connect to "
4567
"the virtual machine's console either locally using a GUI or with the "
4568
"<application>virt-viewer</application> utility."
4569
msgstr ""
4570
"当启动<application>virt-"
4571
"install</application>后,你可以通过使用GUI进行本地或者使用<application>virt-"
4572
"viewer</application>工具来连接到虚拟机。"
4573
4574
#: serverguide/C/virtualization.xml:175(title)
4575
msgid "virt-clone"
4576
msgstr "virt-clone"
4577
4578
#: serverguide/C/virtualization.xml:176(para)
4579
msgid ""
4580
"The <application>virt-clone</application> application can be used to copy "
4581
"one virtual machine to another. For example:"
4582
msgstr "<application>virt-clone</application>程序可从一个虚拟机复制成另一个。例如:"
4583
4584
#: serverguide/C/virtualization.xml:180(command)
4585
msgid ""
4586
"sudo virt-clone -o web_devel -n database_devel -f "
4587
"/path/to/database_devel.img --connect=qemu:///system"
4588
msgstr ""
4589
"sudo virt-clone -o web_devel -n database_devel -f "
4590
"/path/to/database_devel.img --connect=qemu:///system"
4591
4592
#: serverguide/C/virtualization.xml:184(para)
4593
msgid "<emphasis>-o:</emphasis> original virtual machine."
4594
msgstr "<emphasis>-o:</emphasis>原始虚拟机。"
4595
4596
#: serverguide/C/virtualization.xml:189(para)
4597
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4598
msgstr "<emphasis>-n:</emphasis>新的虚拟机的名字。"
4599
4600
#: serverguide/C/virtualization.xml:194(para)
4601
msgid ""
4602
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4603
"be used by the new virtual machine."
4604
msgstr "<emphasis>-f:</emphasis>文件、逻辑卷或新虚拟机使用的分区的路径。"
4605
4606
#: serverguide/C/virtualization.xml:199(para)
4607
msgid ""
4608
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4609
msgstr "<emphasis>--connect:</emphasis>指定要连接的管理程序。"
4610
4611
#: serverguide/C/virtualization.xml:204(para)
4612
msgid ""
4613
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4614
"help troubleshoot problems with <application>virt-clone</application>."
4615
msgstr ""
4616
"还有,用<emphasis>-d</emphasis>或<emphasis>--"
4617
"debug</emphasis>选项来为<application>virt-clone</application>寻找故障。"
4618
4619
#: serverguide/C/virtualization.xml:209(para)
4620
msgid ""
4621
"Replace <emphasis>web_devel</emphasis> and "
4622
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4623
msgstr ""
4624
"用相应的虚拟机名称来替代<emphasis>web_devel</emphasis>和<emphasis>database_devel</emphasis"
4625
">。"
4626
4627
#: serverguide/C/virtualization.xml:215(title)
4628
msgid "Virtual Machine Management"
4629
msgstr "虚拟机管理"
4630
4631
#: serverguide/C/virtualization.xml:217(title)
4632
msgid "virsh"
4633
msgstr "virsh"
4634
4635
#: serverguide/C/virtualization.xml:218(para)
4636
msgid ""
4637
"There are several utilities available to manage virtual machines and "
4638
"<application>libvirt</application>. The <application>virsh</application> "
4639
"utility can be used from the command line. Some examples:"
4640
msgstr ""
4641
"有几个工具可以用来管理虚拟机和<application>libvirt</application>。<application>virsh</applica"
4642
"tion>工具要顺命令行下使用。一些例子:"
4643
4644
#: serverguide/C/virtualization.xml:224(para)
4645
msgid "To list running virtual machines:"
4646
msgstr "列出正运行的虚拟机:"
4647
4648
#: serverguide/C/virtualization.xml:228(command)
4649
msgid "virsh -c qemu:///system list"
4650
msgstr "virsh -c qemu:///system list"
4651
4652
#: serverguide/C/virtualization.xml:232(para)
4653
msgid "To start a virtual machine:"
4654
msgstr "启动一个虚拟机:"
4655
4656
#: serverguide/C/virtualization.xml:236(command)
4657
msgid "virsh -c qemu:///system start web_devel"
4658
msgstr "virsh -c qemu:///system start web_devel"
4659
4660
#: serverguide/C/virtualization.xml:240(para)
4661
msgid "Similarly, to start a virtual machine at boot:"
4662
msgstr "类似地,在启动时开始一个虚拟机:"
4663
4664
#: serverguide/C/virtualization.xml:244(command)
4665
msgid "virsh -c qemu:///system autostart web_devel"
4666
msgstr "virsh -c qemu:///system autostart web_devel"
4667
4668
#: serverguide/C/virtualization.xml:248(para)
4669
msgid "Reboot a virtual machine with:"
4670
msgstr "重启一个虚拟机:"
4671
4672
#: serverguide/C/virtualization.xml:252(command)
4673
msgid "virsh -c qemu:///system reboot web_devel"
4674
msgstr "virsh -c qemu:///system reboot web_devel"
4675
4676
#: serverguide/C/virtualization.xml:256(para)
4677
msgid ""
4678
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4679
"order to be restored later. The following will save the virtual machine "
4680
"state into a file named according to the date:"
4681
msgstr ""
4682
"虚拟机的<emphasis>状态</emphasis>可被保存到一个文件中以方便稍后恢复。如下命令会将虚拟机的状态保存到一个以日期命名的文件中:"
4683
4684
#: serverguide/C/virtualization.xml:261(command)
4685
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4686
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
4687
4688
#: serverguide/C/virtualization.xml:263(para)
4689
msgid "Once saved the virtual machine will no longer be running."
4690
msgstr "一旦保存,虚拟机将不再运行。"
4691
4692
#: serverguide/C/virtualization.xml:268(para)
4693
msgid "A saved virtual machine can be restored using:"
4694
msgstr "一个经保存后的虚拟机可以用如下命令唤醒:"
4695
4696
#: serverguide/C/virtualization.xml:272(command)
4697
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4698
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
4699
4700
#: serverguide/C/virtualization.xml:276(para)
4701
msgid "To shutdown a virtual machine do:"
4702
msgstr "要关闭一个虚拟机,输入:"
4703
4704
#: serverguide/C/virtualization.xml:280(command)
4705
msgid "virsh -c qemu:///system shutdown web_devel"
4706
msgstr "virsh -c qemu:///system shutdown web_devel"
4707
4708
#: serverguide/C/virtualization.xml:284(para)
4709
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4710
msgstr "CDROM设备可以通过如下命令挂载到虚拟机上:"
4711
4712
#: serverguide/C/virtualization.xml:288(command)
4713
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4714
msgstr ""
4715
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4716
4717
#: serverguide/C/virtualization.xml:293(para)
4718
msgid ""
4719
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4720
"appropriate virtual machine name, and <filename>web_devel-"
4721
"022708.state</filename> with a descriptive file name."
4722
msgstr ""
4723
"在上面例子中把合适的虚拟主机名代替为<emphasis>web_devel</emphasis>,并和<filename>web_devel-"
4724
"022708.state</filename>带有详细描述的文件名。"
4725
4726
#: serverguide/C/virtualization.xml:300(title)
4727
msgid "Virtual Machine Manager"
4728
msgstr "虚拟机管理器"
4729
4730
#: serverguide/C/virtualization.xml:301(para)
4731
msgid ""
4732
"The <application>virt-manager</application> package contains a graphical "
4733
"utility to manage local and remote virtual machines. To install virt-manager "
4734
"enter:"
4735
msgstr ""
4736
"<application>virt-manager</application> 软件包含了一组图形化的程序用以管理本地和远程的虚拟机。要安装virt-"
4737
"manager请输入:"
4738
4739
#: serverguide/C/virtualization.xml:306(command)
4740
msgid "sudo apt-get install virt-manager"
4741
msgstr "sudo apt-get install virt-manager"
4742
4743
#: serverguide/C/virtualization.xml:308(para)
4744
msgid ""
4745
"Since <application>virt-manager</application> requires a Graphical User "
4746
"Interface (GUI) environment it is recommended to be installed on a "
4747
"workstation or test machine instead of a production server. To connect to "
4748
"the local <application>libvirt</application> service enter:"
4749
msgstr ""
4750
"既然<application>virt-"
4751
"manager</application>需要图形操作界面(GUI)环境,那么推荐将其安装在工作站或测试机器上,而不是生产用的服务器上。要连接到本地<ap"
4752
"plication>libvirt</application>服务,输入:"
4753
4754
#: serverguide/C/virtualization.xml:314(command)
4755
msgid "virt-manager -c qemu:///system"
4756
msgstr "virt-manager -c qemu:///system"
4757
4758
#: serverguide/C/virtualization.xml:316(para)
4759
msgid ""
4760
"You can connect to the <application>libvirt</application> service running on "
4761
"another host by entering the following in a terminal prompt:"
4762
msgstr "你可以通过在命令行输入命令来连接到在另一台主机上运行的<application>libvirt</application>服务:"
4763
4764
#: serverguide/C/virtualization.xml:320(command)
4765
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4766
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4767
4768
#: serverguide/C/virtualization.xml:323(para)
4769
msgid ""
4770
"The above example assumes that <application>SSH</application> connectivity "
4771
"between the management system and virtnode1.mydomain.com has already been "
4772
"configured, and uses SSH keys for authentication. SSH "
4773
"<emphasis>keys</emphasis> are needed because "
4774
"<application>libvirt</application> sends the password prompt to another "
4775
"process. For details on configuring <application>SSH</application> see <xref "
4776
"linkend=\"openssh-server\"/>"
4777
msgstr ""
4778
"上面的例子假设已经配置<application>SSH</application>在系统管理和 virtnode1.mydomain.com 的连通。使用"
4779
" SSH "
4780
"<emphasis>密钥</emphasis>是必需的,因为<application>libvirt</application>是发送密码提示到另一进程里"
4781
"。更多细节在设置<application>SSH</application>时请浏览<xref linkend=\"openssh-server\"/>"
4782
4783
#: serverguide/C/virtualization.xml:333(title)
4784
msgid "Virtual Machine Viewer"
4785
msgstr "虚拟机查看器"
4786
4787
#: serverguide/C/virtualization.xml:334(para)
4788
msgid ""
4789
"The <application>virt-viewer</application> application allows you to connect "
4790
"to a virtual machine's console. <application>virt-viewer</application> does "
4791
"require a Graphical User Interface (GUI) to interface with the virtual "
4792
"machine."
4793
msgstr ""
4794
"<application>virt-viewer</application> 程序使您能够连接到虚拟机。 运行<application>virt-"
4795
"viewer</application>需要您的虚拟机具备图形(GUI)支持。"
4796
4797
#: serverguide/C/virtualization.xml:338(para)
4798
msgid ""
4799
"To install <application>virt-viewer</application> from a terminal enter:"
4800
msgstr "要从命令行安装<application>virt-viewer</application>,输入:"
4801
4802
#: serverguide/C/virtualization.xml:342(command)
4803
msgid "sudo apt-get install virt-viewer"
4804
msgstr "sudo apt-get install virt-viewer"
4805
4806
#: serverguide/C/virtualization.xml:344(para)
4807
msgid ""
4808
"Once a virtual machine is installed and running you can connect to the "
4809
"virtual machine's console by using:"
4810
msgstr "当虚拟机安装并运行后,你可以通过如下命令连接到虚拟机的控制台:"
4811
4812
#: serverguide/C/virtualization.xml:348(command)
4813
msgid "virt-viewer -c qemu:///system web_devel"
4814
msgstr "virt-viewer -c qemu:///system web_devel"
4815
4816
#: serverguide/C/virtualization.xml:350(para)
4817
msgid ""
4818
"Similar to <application>virt-manager</application>, <application>virt-"
4819
"viewer</application> can connect to a remote host using "
4820
"<emphasis>SSH</emphasis> with key authentication, as well:"
4821
msgstr ""
4822
"和<application>virt-manager</application>相似,<application>virt-"
4823
"viewer</application>也可以通过键授权的<emphasis>SSH</emphasis>连接到远方主机:"
4824
4825
#: serverguide/C/virtualization.xml:355(command)
4826
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4827
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4828
4829
#: serverguide/C/virtualization.xml:357(para)
4830
msgid ""
4831
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4832
"appropriate virtual machine name."
4833
msgstr "一定要用相应的虚拟机名字替换<emphasis role=\"italic\">web_devel</emphasis>。"
4834
4835
#: serverguide/C/virtualization.xml:360(para)
4836
msgid ""
4837
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4838
"can also setup <application>SSH</application> access to the virtual machine. "
4839
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4840
"more details."
4841
msgstr ""
4842
"如果设为使用<emphasis>网桥</emphasis>网络接口,同样你也可以安装<application>SSH</application>访问虚拟主"
4843
"机。更多细节请浏览<xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/>。"
4844
4845
#: serverguide/C/virtualization.xml:369(para)
4846
msgid ""
4847
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4848
"for more details."
4849
msgstr "详情请参见 <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM 主页</ulink>。"
4850
4851
#: serverguide/C/virtualization.xml:374(para)
4852
msgid ""
4853
"For more information on <application>libvirt</application> see the <ulink "
4854
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4855
msgstr ""
4856
"关于<application>libvirt</application>的更多信息请参见<ulink "
4857
"url=\"http://libvirt.org/\">libvirt 主页</ulink>。"
4858
4859
#: serverguide/C/virtualization.xml:379(para)
4860
msgid ""
4861
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4862
"Manager</ulink> site has more information on <application>virt-"
4863
"manager</application> development."
4864
msgstr ""
4865
"<ulink url=\"http://virt-"
4866
"manager.et.redhat.com/\">虚拟机管理器网站</ulink>有上更多关于<application>virt-"
4867
"manager</application> 开发的信息。"
4868
4869
#: serverguide/C/virtualization.xml:385(para)
4870
msgid ""
4871
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4872
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4873
"technology in Ubuntu."
4874
msgstr ""
4875
"您还可以看看 <emphasis>#ubuntu-virt</emphasis>这个IRC频道 <ulink "
4876
"url=\"http://freenode.net/\">freenode</ulink> 来讨论关于Ubuntu中的虚拟化技术。"
4877
4878
#: serverguide/C/virtualization.xml:391(para)
4879
msgid ""
4880
"Another good resource is the <ulink "
4881
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4882
msgstr ""
4883
4884
#: serverguide/C/virtualization.xml:399(title)
4885
msgid "JeOS and vmbuilder"
4886
msgstr "JeOS 和 vmbuilder"
4887
4888
#: serverguide/C/virtualization.xml:405(title)
4889
msgid "What is JeOS"
4890
msgstr "什么是 JeOS"
4891
4892
#: serverguide/C/virtualization.xml:407(para)
4893
msgid ""
4894
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4895
"variant of the Ubuntu Server operating system, configured specifically for "
4896
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4897
"only as an option either:"
4898
msgstr ""
4899
"Ubuntu <emphasis>JeOS</emphasis>(发音为 \"朱丝\")是个高效率 Ubuntu "
4900
"服务器操作系统的不同版本,专门为虚拟设备所设置。不再做为 CD-ROM ISO 提供下载,但只能做为一种选择:"
4901
4902
#: serverguide/C/virtualization.xml:414(para)
4903
msgid ""
4904
"While installing from the Server Edition ISO (pressing "
4905
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4906
"installation\", which is the package selection equivalent to JeOS)."
4907
msgstr ""
4908
"在安装 ISO 的服务器版本时(在第一个画面请按<emphasis>F4</emphasis>将会允许你选择“最小安装”,这个选择的安装包相当于 "
4909
"JeOS)。"
4910
4911
#: serverguide/C/virtualization.xml:420(para)
4912
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4913
msgstr "否则采用所描述 Ubuntu 的 vmbuilder 。"
4914
4915
#: serverguide/C/virtualization.xml:426(para)
4916
msgid ""
4917
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4918
"kernel that only contains the base elements needed to run within a "
4919
"virtualized environment."
4920
msgstr "JeOS 是专门安装 Ubuntu 服务器版本以调整内核,包含的基本功能需要运行在虚拟环境里。"
4921
4922
#: serverguide/C/virtualization.xml:431(para)
4923
msgid ""
4924
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4925
"in the latest virtualization products from VMware. This combination of "
4926
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4927
"delivers a highly efficient use of server resources in large virtual "
4928
"deployments."
4929
msgstr ""
4930
"Ubuntu JeOS 已从 VMware 最新虚拟产品利用关键性能技术来调整。这种减少尺寸和优化性能的绑定保证了 Ubuntu JeOS "
4931
"版本在大型虚拟部署中提供高效的服务器资源使用。"
4932
4933
#: serverguide/C/virtualization.xml:437(para)
4934
msgid ""
4935
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4936
"can configure their supporting OS exactly as they require. They have the "
4937
"peace of mind that updates, whether for security or enhancement reasons, "
4938
"will be limited to the bare minimum of what is required in their specific "
4939
"environment. In turn, users deploying virtual appliances built on top of "
4940
"JeOS will have to go through fewer updates and therefore less maintenance "
4941
"than they would have had to with a standard full installation of a server."
4942
msgstr ""
4943
"基本不用驱动,只需最小安装包, ISVs "
4944
"完全可以设定自己所需支持的系统。他们正常安装时,无论出于安全还是增强原因,仅限定于在自己所需最低要求的环境中。相反,用户部署虚拟设备基础上的 JeOS "
4945
"将不得不通过少量更新,从而减少他们服务器标准完全安装的维护。"
4946
4947
#: serverguide/C/virtualization.xml:446(title)
4948
msgid "What is vmbuilder"
4949
msgstr "什么是 vmbuilder"
4950
4951
#: serverguide/C/virtualization.xml:448(para)
4952
msgid ""
4953
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4954
"will fetch the various package and build a virtual machine tailored for your "
4955
"needs in about a minute. vmbuilder is a script that automates the process of "
4956
"creating a ready to use Linux based VM. The currently supported hypervisors "
4957
"are KVM and Xen."
4958
msgstr ""
4959
4960
#: serverguide/C/virtualization.xml:454(para)
4961
msgid ""
4962
"You can pass command line options to add extra packages, remove packages, "
4963
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4964
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4965
"a local mirror, you can bootstrap a VM in less than a minute."
4966
msgstr ""
4967
"您可通过命令行选项来添加额外安装包,移除安装包,选择 Ubuntu "
4968
"版本的镜像等等。会列出最近大量内存的硬件,临时目录在<filename>/dev/shm</filename>或者使用 tmpfs 和 "
4969
"本地镜像,您可在一分钟内启动 VM。"
4970
4971
#: serverguide/C/virtualization.xml:460(para)
4972
msgid ""
4973
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4974
"vm-builder</application> started with little emphasis as a hack to help "
4975
"developers test their new code in a virtual machine without having to "
4976
"restart from scratch each time. As a few Ubuntu administrators started to "
4977
"notice this script, a few of them went on improving it and adapting it for "
4978
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4979
"virtualization specialist, not the golf player) decided to rewrite it from "
4980
"scratch for Intrepid as a python script with a few new design goals:"
4981
msgstr ""
4982
4983
#: serverguide/C/virtualization.xml:470(para)
4984
msgid "Develop it so that it can be reused by other distributions."
4985
msgstr "使之流传开发能由其它发布版本重复使用。"
4986
4987
#: serverguide/C/virtualization.xml:475(para)
4988
msgid ""
4989
"Use a plugin mechanisms for all virtualization interactions so that others "
4990
"can easily add logic for other virtualization environments."
4991
msgstr "为所有虚拟化的互动使用插件途径,使其他人能方便添加逻辑虚拟环境。"
4992
4993
#: serverguide/C/virtualization.xml:480(para)
4994
msgid ""
4995
"Provide an easy to maintain web interface as an option to the command line "
4996
"interface."
4997
msgstr "提供作为个命令行界面的选项能简单维护 web 的界面。"
4998
4999
#: serverguide/C/virtualization.xml:486(para)
5000
msgid "But the general principles and commands remain the same."
5001
msgstr "但一般原则和命令仍保持不变。"
5002
5003
#: serverguide/C/virtualization.xml:493(title)
5004
msgid "Initial Setup"
5005
msgstr "初始安装"
5006
5007
#: serverguide/C/virtualization.xml:495(para)
5008
msgid ""
5009
"It is assumed that you have installed and configured "
5010
"<application>libvirt</application> and <application>KVM</application> "
5011
"locally on the machine you are using. For details on how to perform this, "
5012
"please refer to:"
5013
msgstr ""
5014
"假如您已经安装并配置<application>libvirt</application>和<application>KVM</application>在本"
5015
"地的机器上。关于如何执行的更多细节请浏览:"
5016
5017
#: serverguide/C/virtualization.xml:507(para)
5018
msgid ""
5019
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5020
"page."
5021
msgstr ""
5022
"<ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki 页面。"
5023
5024
#: serverguide/C/virtualization.xml:513(para)
5025
msgid ""
5026
"We also assume that you know how to use a text based text editor such as "
5027
"nano or vi. If you have not used any of them before, you can get an overview "
5028
"of the various text editors available by reading the <ulink "
5029
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5030
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5031
"principle should remain on other virtualization technologies."
5032
msgstr ""
5033
"我们同样设定您知道怎样使用基于文本格式文本编辑器,例如nano或者vi。如果您之前没有使用过其中任何一个,可以通过阅读<ulink "
5034
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5035
"tEditors</ulink>页面来获得对各种文本编辑器的大致了解。这指南是针对 KVM 完成的,但一般原则应该对其他的虚拟化技术做保留。"
5036
5037
#: serverguide/C/virtualization.xml:521(title)
5038
msgid "Install vmbuilder"
5039
msgstr "安装l vmbuilder"
5040
5041
#: serverguide/C/virtualization.xml:523(para)
5042
msgid ""
5043
"The name of the package that we need to install is <application>python-vm-"
5044
"builder</application>. In a terminal prompt enter:"
5045
msgstr "我们必需要安装的安装包名字是<application>python-vm-builder</application>。在终端提示里键入:"
5046
5047
#: serverguide/C/virtualization.xml:528(command)
5048
msgid "sudo apt-get install python-vm-builder"
5049
msgstr "sudo apt-get install python-vm-builder"
5050
5051
#: serverguide/C/virtualization.xml:532(para)
5052
msgid ""
5053
"If you are running Hardy, you can still perform most of this using the older "
5054
"version of the package named <application>ubuntu-vm-builder</application>, "
5055
"there are only a few changes to the syntax of the tool."
5056
msgstr ""
5057
"如果您在运行 Hardy,你仍可以执行大多数使用的是旧版本且命名为<application>ubuntu-vm-"
5058
"builder</application>的老版本,只有少数语法变化的工具。"
5059
5060
#: serverguide/C/virtualization.xml:541(title)
5061
msgid "Defining Your Virtual Machine"
5062
msgstr "定义您的虚拟机"
5063
5064
#: serverguide/C/virtualization.xml:543(para)
5065
msgid ""
5066
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5067
"are a few thing to consider:"
5068
msgstr "定义 Ubuntu 的 vmbuilder 虚拟机非常简单,但这里有几点是要考虑的:"
5069
5070
#: serverguide/C/virtualization.xml:549(para)
5071
msgid ""
5072
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5073
"will know how to extend disk size to fit their need, so either plan for a "
5074
"large virtual disk to allow for your appliance to grow, or explain fairly "
5075
"well in your documentation how to allocate more space. It might actually be "
5076
"a good idea to store data on some separate external storage."
5077
msgstr ""
5078
"如果你想部署一个虚拟应用,不要假设终端用户会知道如何扩展磁盘空间以使之适合他们的需要。因此,要么预留一个大的虚拟磁盘来允许你的应用的增长,要么在你的文档里"
5079
"详细的说明如何获取更多的空间。把数据分别存放在不同的扩展存储器上是再好不过的主意了。"
5080
5081
#: serverguide/C/virtualization.xml:556(para)
5082
msgid ""
5083
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5084
"whatever you think is a safe minimum for your appliance."
5085
msgstr "内存在虚拟机中的分配比较容易一些,内存大小应该被设置为你想要的装置所需的最小安全值。"
5086
5087
#: serverguide/C/virtualization.xml:562(para)
5088
msgid ""
5089
"The <application>vmbuilder</application> command has 2 main parameters: the "
5090
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5091
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5092
"and can be found using the following command:"
5093
msgstr ""
5094
"<application>vmbuilder</application>命令有 2 "
5095
"个主要参数:<emphasis>虚拟化技术(hypervisor)</emphasis>和<emphasis>发布</emphasis>目标。可选参数可是"
5096
"相当多的,可使用以下命令:"
5097
5098
#: serverguide/C/virtualization.xml:568(command)
5099
msgid "vmbuilder --help"
5100
msgstr "vmbuilder --help"
5101
5102
#: serverguide/C/virtualization.xml:572(title)
5103
msgid "Base Parameters"
5104
msgstr "基本参数"
5105
5106
#: serverguide/C/virtualization.xml:574(para)
5107
msgid ""
5108
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5109
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5110
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5111
msgstr ""
5112
5113
#: serverguide/C/virtualization.xml:580(command)
5114
msgid ""
5115
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5116
"-libvirt qemu:///system"
5117
msgstr ""
5118
5119
#: serverguide/C/virtualization.xml:583(para)
5120
msgid ""
5121
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5122
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5123
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5124
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5125
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5126
"libvirt</emphasis> tells to inform the local virtualization environment to "
5127
"add the resulting VM to the list of available machines."
5128
msgstr ""
5129
"The <emphasis>--suite</emphasis>定义 Ubuntu 版本,<emphasis>--"
5130
"flavour</emphasis>规定,我们要使用的虚拟内核(这是用来建立一个 JeOS 图像),<emphasis>--"
5131
"arch</emphasis>告诉我们要使用 32 位的机器,<emphasis>-o</emphasis> 告诉 vmbuilder "
5132
"覆盖虚拟机的上个版本和 <emphasis>--libvirt</emphasis>通知本地虚拟化环境增加导致虚拟机的名单上可用机器。"
5133
5134
#: serverguide/C/virtualization.xml:591(para)
5135
msgid "Notes:"
5136
msgstr "备注:"
5137
5138
#: serverguide/C/virtualization.xml:597(para)
5139
msgid ""
5140
"Because of the nature of operations performed by vmbuilder, it needs to have "
5141
"root privilege, hence the use of sudo."
5142
msgstr "由于 vmbuilder 所要执行的任务,它需要有 root 权限,因此请使用命令 sudo 。"
5143
5144
#: serverguide/C/virtualization.xml:602(para)
5145
msgid ""
5146
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5147
"a 64 bit machine (--arch amd64)."
5148
msgstr "如果您的虚拟机需要使用超过 3Gb 的内存,应该建立64位虚拟机(--arch amd64)。"
5149
5150
#: serverguide/C/virtualization.xml:607(para)
5151
msgid ""
5152
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5153
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5154
"use <emphasis>--flavour</emphasis> server instead."
5155
msgstr ""
5156
"直到 Ubuntu 8.10 版本虚拟内核技术仅建立在 32 位结构,如果您想在 amd64 机器上安装 Hardy,您应使用<emphasis>--"
5157
"flavour</emphasis>服务器来代替使用。"
5158
5159
#: serverguide/C/virtualization.xml:615(title)
5160
msgid "JeOS Installation Parameters"
5161
msgstr "JeOS 安装参数"
5162
5163
#: serverguide/C/virtualization.xml:618(title)
5164
msgid "JeOS Networking"
5165
msgstr "JeOS 网络"
5166
5167
#: serverguide/C/virtualization.xml:621(title)
5168
msgid "Assigning a fixed IP address"
5169
msgstr "分配一个规定 IP 地址"
5170
5171
#: serverguide/C/virtualization.xml:623(para)
5172
msgid ""
5173
"As a virtual appliance that may be deployed on various very different "
5174
"networks, it is very difficult to know what the actual network will look "
5175
"like. In order to simplify configuration, it is a good idea to take an "
5176
"approach similar to what network hardware vendors usually do, namely "
5177
"assigning an initial fixed IP address to the appliance in a private class "
5178
"network that you will provide in your documentation. An address in the range "
5179
"192.168.0.0/255 is usually a good choice."
5180
msgstr ""
5181
"对于一个可能被部署到大不相同的各种网络上的虚拟装备来说,很难了解实际的网络是什么样的。为了简化配置,好的办法就是采取网络硬件供应商通常采取的办法,也就是在"
5182
"一个你要在文档中提供的私有级别的网络里,给装置分配一个初始的固定IP地址。地址范围为192.168.0.0/255通常是个好选择。"
5183
5184
#: serverguide/C/virtualization.xml:630(para)
5185
msgid "To do this we'll use the following parameters:"
5186
msgstr "做这种我们会使用下面的参数:"
5187
5188
#: serverguide/C/virtualization.xml:636(para)
5189
msgid ""
5190
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5191
"dhcp if not specified)"
5192
msgstr "<emphasis>--ip ADDRESS</emphasis>:IP 地址的指派(如没指定默认为 dhcp )"
5193
5194
#: serverguide/C/virtualization.xml:641(para)
5195
msgid ""
5196
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5197
"255.255.255.0)"
5198
msgstr "<emphasis>--net VALUE</emphasis>:IP 子网俺码的指派(默认:255.255.255.0)"
5199
5200
#: serverguide/C/virtualization.xml:646(para)
5201
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5202
msgstr "<emphasis>--net VALUE</emphasis>:IP 网络地址(默认:X.X.X.0)"
5203
5204
#: serverguide/C/virtualization.xml:651(para)
5205
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5206
msgstr "<emphasis>--bcast VALUE</emphasis>:IP 广播地址(默认:X.X.X.255)"
5207
5208
#: serverguide/C/virtualization.xml:656(para)
5209
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5210
msgstr "<emphasis>--gw ADDRESS</emphasis>:网关地址(默认:X.X.X.1)"
5211
5212
#: serverguide/C/virtualization.xml:661(para)
5213
msgid ""
5214
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5215
msgstr "<emphasis>--dns ADDRESS</emphasis>:DNS 服务器地址:(默认:X.X.X.1)"
5216
5217
#: serverguide/C/virtualization.xml:667(para)
5218
msgid ""
5219
"We assume for now that default values are good enough, so the resulting "
5220
"invocation becomes:"
5221
msgstr "我们承认目前默认值不够好,所以导致调用变成:"
5222
5223
#: serverguide/C/virtualization.xml:672(command)
5224
msgid ""
5225
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5226
"-libvirt qemu:///system --ip 192.168.0.100"
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:677(title)
5230
msgid "Modifying the libvirt Template to use Bridging"
5231
msgstr "修改 libvirt 模板来使用桥接"
5232
5233
#: serverguide/C/virtualization.xml:679(para)
5234
msgid ""
5235
"Because our appliance will be likely to need to be accessed by remote hosts, "
5236
"we need to configure libvirt so that the appliance uses bridge networking. "
5237
"To do this we use vmbuilder template mechanism to modify the default one."
5238
msgstr ""
5239
"因为我们设备有可能将会需要由远程主机来访问,需要设置 libvirt 使设备使用到网桥。为了做到这点我们使用 vmbuilder "
5240
"的默认模板来修改其中一个默认值。"
5241
5242
#: serverguide/C/virtualization.xml:684(para)
5243
msgid ""
5244
"In our working directory we create the template hierarchy and copy the "
5245
"default template:"
5246
msgstr "我们创建的模板等级和复制默认模板在活动目录中:"
5247
5248
#: serverguide/C/virtualization.xml:689(command)
5249
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5250
msgstr "mkdir -p VMBuilder/plugins/libvirt/templates"
5251
5252
#: serverguide/C/virtualization.xml:690(command)
5253
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5254
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5255
5256
#: serverguide/C/virtualization.xml:693(para)
5257
msgid ""
5258
"We can then edit "
5259
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5260
"change:"
5261
msgstr ""
5262
"我们可以编辑<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename"
5263
">来改变:"
5264
5265
#: serverguide/C/virtualization.xml:697(programlisting)
5266
#, no-wrap
5267
msgid ""
5268
"\n"
5269
" <interface type='network'>\n"
5270
" <source network='default'/>\n"
5271
" </interface>\n"
5272
msgstr ""
5273
"\n"
5274
" <interface type='network'>\n"
5275
" <source network='default'/>\n"
5276
" </interface>\n"
5277
5278
#: serverguide/C/virtualization.xml:703(para)
5279
msgid "To:"
5280
msgstr "到:"
5281
5282
#: serverguide/C/virtualization.xml:707(programlisting)
5283
#, no-wrap
5284
msgid ""
5285
"\n"
5286
" <interface type='bridge'>\n"
5287
" <source bridge='br0'/>\n"
5288
" </interface>\n"
5289
msgstr ""
5290
"\n"
5291
" <interface type='bridge'>\n"
5292
" <source bridge='br0'/>\n"
5293
" </interface>\n"
5294
5295
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5296
msgid "Partitioning"
5297
msgstr "分区"
5298
5299
#: serverguide/C/virtualization.xml:719(para)
5300
msgid ""
5301
"Partitioning of the virtual appliance will have to take into consideration "
5302
"what you are planning to do with is. Because most appliances want to have a "
5303
"separate storage for data, having a separate <filename>/var</filename> would "
5304
"make sense."
5305
msgstr ""
5306
"您必须认真考虑计划去做虚拟设备的分区的事。因为大多数设备只单独为数据存储,有个独立的<filename>/var</filename>分区是个明智的选择。"
5307
5308
#: serverguide/C/virtualization.xml:724(para)
5309
msgid ""
5310
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5311
msgstr "vmbuilder 为我们提供<emphasis>--part</emphasis>来做到这点:"
5312
5313
#: serverguide/C/virtualization.xml:728(programlisting)
5314
#, no-wrap
5315
msgid ""
5316
"\n"
5317
"--part PATH\n"
5318
" Allows you to specify a partition table in a partition file, located at "
5319
"PATH. Each line of the partition file should specify\n"
5320
" (root first):\n"
5321
" mountpoint size\n"
5322
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5323
"disk starts on a\n"
5324
" line with ’---’. ie :\n"
5325
" root 1000\n"
5326
" /opt 1000\n"
5327
" swap 256\n"
5328
" ---\n"
5329
" /var 2000\n"
5330
" /log 1500\n"
5331
msgstr ""
5332
5333
#: serverguide/C/virtualization.xml:743(para)
5334
msgid ""
5335
"In our case we will define a text file name "
5336
"<filename>vmbuilder.partition</filename> which will contain the following:"
5337
msgstr "就我们而言,我们会定义文本文件命名为<filename>vmbuilder.partition</filename>,这包含以下内容:"
5338
5339
#: serverguide/C/virtualization.xml:747(programlisting)
5340
#, no-wrap
5341
msgid ""
5342
"\n"
5343
"root 8000\n"
5344
"swap 4000\n"
5345
"---\n"
5346
"/var 20000\n"
5347
msgstr ""
5348
"\n"
5349
"root 8000\n"
5350
"swap 4000\n"
5351
"---\n"
5352
"/var 20000\n"
5353
5354
#: serverguide/C/virtualization.xml:755(para)
5355
msgid ""
5356
"Note that as we are using virtual disk images, the actual sizes that we put "
5357
"here are maximum sizes for these volumes."
5358
msgstr "注意的是我们正使用虚拟镜像盘,把这些卷的最大值设为实际大小值。"
5359
5360
#: serverguide/C/virtualization.xml:760(para)
5361
msgid "Our command line now looks like:"
5362
msgstr "现在我们使用的命令行看起来像:"
5363
5364
#: serverguide/C/virtualization.xml:765(command)
5365
msgid ""
5366
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5367
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:770(para)
5371
msgid ""
5372
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5373
"next line."
5374
msgstr "在命令里使用 “\\” 将允许换行时截断长字符串的命令。"
5375
5376
#: serverguide/C/virtualization.xml:777(title)
5377
msgid "User and Password"
5378
msgstr "用户和密码"
5379
5380
#: serverguide/C/virtualization.xml:779(para)
5381
msgid ""
5382
"Again setting up a virtual appliance, you will need to provide a default "
5383
"user and password that is generic so that you can include it in your "
5384
"documentation. We will see later on in this tutorial how we will provide "
5385
"some security by defining a script that will be run the first time a user "
5386
"actually logs in the appliance, that will, among other things, ask him to "
5387
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5388
"as my user name, and <emphasis>'default'</emphasis> as the password."
5389
msgstr ""
5390
"再次建立个虚拟设置,您需要提供通用的默认用户名和密码,让它可以包含在您的文档中。我们将看到后来的指南中将如何提供一些由脚本定义的安全性,该脚本将实际记录用"
5391
"户首次运行设备上,除此之外,会询问是否改变密码。在这例子中将会使用<emphasis>'user'</emphasis>来做为用户名和<emphasis>"
5392
"'default'</emphasis>做来密码。"
5393
5394
#: serverguide/C/virtualization.xml:787(para)
5395
msgid "To do this we use the following optional parameters:"
5396
msgstr "采用这步骤要使用以下可选参数:"
5397
5398
#: serverguide/C/virtualization.xml:793(para)
5399
msgid ""
5400
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5401
"Default: ubuntu."
5402
msgstr "<emphasis>--user USERNAME:</emphasis>添加新的用户名。默认名为:ubuntu。"
5403
5404
#: serverguide/C/virtualization.xml:798(para)
5405
msgid ""
5406
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5407
"added. Default: Ubuntu."
5408
msgstr "<emphasis>--name FULLNAME:</emphasis>添加新的用户全名。默认名为:Ubuntu。"
5409
5410
#: serverguide/C/virtualization.xml:803(para)
5411
msgid ""
5412
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5413
"Default: ubuntu."
5414
msgstr "<emphasis>--pass PASSWORD:</emphasis>为用户名设置密码。默认值为:ubuntu。"
5415
5416
#: serverguide/C/virtualization.xml:809(para)
5417
msgid "Our resulting command line becomes:"
5418
msgstr "我们的生效命令行成为:"
5419
5420
#: serverguide/C/virtualization.xml:814(command)
5421
msgid ""
5422
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5423
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
5424
"-user user --name user --pass default"
5425
msgstr ""
5426
5427
#: serverguide/C/virtualization.xml:822(title)
5428
msgid "Installing Required Packages"
5429
msgstr "安装需要的包"
5430
5431
#: serverguide/C/virtualization.xml:824(para)
5432
msgid ""
5433
"In this example we will be installing a package "
5434
"<application>(Limesurvey)</application> that accesses a "
5435
"<application>MySQL</application> database and has a web interface. We will "
5436
"therefore require our OS to provide us with:"
5437
msgstr ""
5438
"在这样例中我们将安装<application>(Limesurvey)</application>软件包以能够访问有 web "
5439
"接面的<application>MySQL</application>数据库。因此需要操作系统为我们提供:"
5440
5441
#: serverguide/C/virtualization.xml:831(para)
5442
msgid "Apache"
5443
msgstr "Apache"
5444
5445
#: serverguide/C/virtualization.xml:832(para)
5446
msgid "PHP"
5447
msgstr "PHP"
5448
5449
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5450
msgid "MySQL"
5451
msgstr "MySQL"
5452
5453
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5454
msgid "OpenSSH Server"
5455
msgstr "OpenSSH 服务器"
5456
5457
#: serverguide/C/virtualization.xml:835(para)
5458
msgid "Limesurvey (as an example application that we have packaged)"
5459
msgstr "Limesurvey (做为样例我们应打包应用程序)"
5460
5461
#: serverguide/C/virtualization.xml:838(para)
5462
msgid ""
5463
"This is done using vmbuilder by specifying the --addpkg option multiple "
5464
"times:"
5465
msgstr ""
5466
5467
#: serverguide/C/virtualization.xml:842(programlisting)
5468
#, no-wrap
5469
msgid ""
5470
"\n"
5471
"--addpkg PKG\n"
5472
" Install PKG into the guest (can be specfied multiple times)\n"
5473
msgstr ""
5474
"\n"
5475
"--addpkg PKG\n"
5476
" 安装 PKG 在 guest 帐号里 (能指定安装时间)\n"
5477
5478
#: serverguide/C/virtualization.xml:847(para)
5479
msgid ""
5480
"However, due to the way vmbuilder operates, packages that have to ask "
5481
"questions to the user during the post install phase are not supported and "
5482
"should instead be installed while interactivity can occur. This is the case "
5483
"of Limesurvey, which we will have to install later, once the user logs in."
5484
msgstr ""
5485
"然而,由于vmbuilder的操作方式,报在安装过程步骤中向用户提出问题的功能并不被支持,作为替代,在可以交互的时候才被安装。举例来说,Limesurve"
5486
"y就是这样的,这个软件将在随后登录之后安装。"
5487
5488
#: serverguide/C/virtualization.xml:853(para)
5489
msgid ""
5490
"Other packages that ask simple debconf question, such as <application>mysql-"
5491
"server</application> asking to set a password, the package can be installed "
5492
"immediately, but we will have to reconfigure it the first time the user logs "
5493
"in."
5494
msgstr ""
5495
"其它软件包会要求简单的 debconf 问题,例如<application>mysql-"
5496
"server</application>询问是否设置密码,软件包可以立即安装,但我们不得不将重设置在用户首次登陆上。"
5497
5498
#: serverguide/C/virtualization.xml:859(para)
5499
msgid ""
5500
"If some packages that we need to install are not in main, we need to enable "
5501
"the additional repositories using --comp and --ppa:"
5502
msgstr "如果安装的些软件包不是主要的,那我们需要使额外的库来使用 --comp 和 --ppa:"
5503
5504
#: serverguide/C/virtualization.xml:863(programlisting)
5505
#, no-wrap
5506
msgid ""
5507
"\n"
5508
"--components COMP1,COMP2,...,COMPN\n"
5509
" A comma separated list of distro components to include (e.g. "
5510
"main,universe). This defaults\n"
5511
" to \"main\"\n"
5512
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5513
msgstr ""
5514
"\n"
5515
"--components COMP1,COMP2,...,COMPN\n"
5516
" 包括以逗号分隔的发行组件清单(e.g. main,universe)。 默认为\n"
5517
" to \"main\"\n"
5518
"--ppa=PPA 加入 ppa 属于 PPA 虚拟的 sources.list。\n"
5519
5520
#: serverguide/C/virtualization.xml:870(para)
5521
msgid ""
5522
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5523
"PPA (personal package archive) address so that it is added to the VM "
5524
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5525
"to the command line:"
5526
msgstr ""
5527
"此刻 Limesurvey 不是做为存档的一部分,我们将指定它的 "
5528
"PPA(个人软件包存档)地址以便加入到虚拟机<filename>/etc/apt/source.list</filename>,所以我们把以下选项加到命令"
5529
"行:"
5530
5531
#: serverguide/C/virtualization.xml:876(command)
5532
msgid ""
5533
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5534
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5535
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5536
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5537
"server --ppa nijaba"
5538
msgstr ""
5539
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5540
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5541
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5542
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5543
"server --ppa nijaba"
5544
5545
#: serverguide/C/virtualization.xml:883(title)
5546
msgid "OpenSSH"
5547
msgstr "OpenSSH"
5548
5549
#: serverguide/C/virtualization.xml:885(para)
5550
msgid ""
5551
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5552
"it will allow our admins to access the appliance remotely. However, pushing "
5553
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5554
"security risk as all these server will share the same secret key, making it "
5555
"very easy for hackers to target our appliance with all the tools they need "
5556
"to crack it open in a breeze. As for the user password, we will instead rely "
5557
"on a script that will install OpenSSH the first time a user logs in so that "
5558
"the key generated will be different for each appliance. For this we'll use a "
5559
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5560
"interaction."
5561
msgstr ""
5562
"另一种我们希望在我们的设备上使用的方便的工具是OpenSSH "
5563
",它能让我们的管理员远程访问设备。然而,在实际环境中推广的预先安装OpenSSH的服务器设置方法是一个很大的安全风险,因为所有服务器将共享相同的密钥,使黑"
5564
"客很容易的找到我们的设备然后轻而易举的破解它。至于用户的密码,我们将转而依赖一个脚本,该脚本在用户第一次登陆时将安装OpenSSH,这样生成的密钥对于不同"
5565
"的设备是不同的。为此,我们要使用<emphasis> - firstboot “ /emphasis”的脚本,因为它不需要任何用户交互。"
5566
5567
#: serverguide/C/virtualization.xml:897(title)
5568
msgid "Speed Considerations"
5569
msgstr "敏捷思考"
5570
5571
#: serverguide/C/virtualization.xml:900(title)
5572
msgid "Package Caching"
5573
msgstr "包缓存"
5574
5575
#: serverguide/C/virtualization.xml:902(para)
5576
msgid ""
5577
"When vmbuilder creates builds your system, it has to go fetch each one of "
5578
"the packages that composes it over the network to one of the official "
5579
"repositories, which, depending on your internet connection speed and the "
5580
"load of the mirror, can have a big impact on the actual build time. In order "
5581
"to reduce this, it is recommended to either have a local repository (which "
5582
"can be created using <application>apt-mirror</application>) or using a "
5583
"caching proxy such as <application>apt-proxy</application>. The later option "
5584
"being much simpler to implement and requiring less disk space, it is the one "
5585
"we will pick in this tutorial. To install it, simply type:"
5586
msgstr ""
5587
5588
#: serverguide/C/virtualization.xml:912(command)
5589
msgid "sudo apt-get install apt-proxy"
5590
msgstr "sudo apt-get install apt-proxy"
5591
5592
#: serverguide/C/virtualization.xml:915(para)
5593
msgid ""
5594
"Once this is complete, your (empty) proxy is ready for use on "
5595
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5596
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5597
"option:"
5598
msgstr ""
5599
"一旦这完成后,您的(空)代理准备用于 http://mirroraddress:9999 和找到在存放在 /ubuntu 目录下的 ubuntu "
5600
"。为了能让 vmbuilder 能使用它,我们必须使用<emphasis>--mirror</emphasis>选项:"
5601
5602
#: serverguide/C/virtualization.xml:920(programlisting)
5603
#, no-wrap
5604
msgid ""
5605
"\n"
5606
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5607
" is http://archive.ubuntu.com/ubuntu for official\n"
5608
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5609
" otherwise\n"
5610
msgstr ""
5611
"\n"
5612
"--mirror=使用 Ubuntu 镜像 URL 来代替,URL\n"
5613
" 官方网是 http://archive.ubuntu.com/ubuntu\n"
5614
" 主站和 http://ports.ubuntu.com/ubuntu-ports\n"
5615
" 否则\n"
5616
5617
#: serverguide/C/virtualization.xml:927(para)
5618
msgid "So we add to the command line:"
5619
msgstr "因此加进命令行:"
5620
5621
#: serverguide/C/virtualization.xml:932(command)
5622
msgid "--mirror http://mirroraddress:9999/ubuntu"
5623
msgstr "--mirror http://mirroraddress:9999/ubuntu"
5624
5625
#: serverguide/C/virtualization.xml:936(para)
5626
msgid ""
5627
"The mirror address specified here will also be used in the "
5628
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5629
"is useful to specify here an address that can be resolved by the guest or to "
5630
"plan on reseting this address later on, such as in a <emphasis>--"
5631
"firstboot</emphasis> script."
5632
msgstr ""
5633
5634
#: serverguide/C/virtualization.xml:945(title)
5635
msgid "Install a Local Mirror"
5636
msgstr "安装本地镜像"
5637
5638
#: serverguide/C/virtualization.xml:947(para)
5639
msgid ""
5640
"If we are in a larger environment, it may make sense to setup a local mirror "
5641
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5642
"script that will handle the mirroring for you. You should plan on having "
5643
"about 20 gigabyte of free space per supported release and architecture."
5644
msgstr ""
5645
"如果我们在一个大环境中,建立一个Ubuntu的本地源是有意义的。apt-"
5646
"mirror使用脚本提供给你的包将处理您的镜像问题。您应该针对每个发行版和架构计划保留20GB的自由空间。"
5647
5648
#: serverguide/C/virtualization.xml:953(para)
5649
msgid ""
5650
"By default, <application>apt-mirror</application> uses the configuration "
5651
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5652
"replicate only the architecture of the local machine. If you would like to "
5653
"support other architectures on your mirror, simply duplicate the lines "
5654
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5655
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5656
"archives as well, you will have:"
5657
msgstr ""
5658
"默认情况下,<application>apt-"
5659
"mirror</application>使用在<filename>/etc/apt/mirror.list</filename>文件中包含的设置。一般设置"
5660
",它将只支持本地机器的结构。如果你需要在您的镜像上需要支持其他架构,只需要复制那些以\"deb\"开头的行,然后把deb用/deb-"
5661
"{arch}来代替,这里的arch可以是i386,amd64或者其他。举例来说,在一个amd64的机器上为了使用i386包,您将拥有:"
5662
5663
#: serverguide/C/virtualization.xml:960(programlisting)
5664
#, no-wrap
5665
msgid ""
5666
"\n"
5667
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5668
"multiverse \n"
5669
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5670
"universe multiverse\n"
5671
"\n"
5672
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5673
"universe multiverse \n"
5674
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5675
"universe multiverse \n"
5676
"\n"
5677
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5678
"universe multiverse \n"
5679
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5680
"restricted universe multiverse \n"
5681
"\n"
5682
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5683
"universe multiverse \n"
5684
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5685
"restricted universe multiverse \n"
5686
"\n"
5687
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5688
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5689
"installer \n"
5690
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5691
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5692
"installer \n"
5693
msgstr ""
5694
5695
#: serverguide/C/virtualization.xml:977(para)
5696
msgid ""
5697
"Notice that the source packages are not mirrored as they are seldom used "
5698
"compared to the binaries and they do take a lot more space, but they can be "
5699
"easily added to the list."
5700
msgstr "注意,源码包并没有被镜像,因为和二进制包相比它们使用的很少,但是却占用更多的空间。不过它们可以很容易的添加到列表。"
5701
5702
#: serverguide/C/virtualization.xml:982(para)
5703
msgid ""
5704
"Once the mirror has finished replicating (and this can be quite long), you "
5705
"need to configure Apache so that your mirror files (in "
5706
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5707
"default), are published by your Apache server. For more information on "
5708
"Apache see <xref linkend=\"httpd\"/>."
5709
msgstr ""
5710
"一旦镜像完成复制(这可能需要很长时间),你需要设置Apache,因为您的镜像文件(没有修改的话,默认在<filename>/var/spool/apt-"
5711
"mirror</filename>)是通过您的Apache服务器来发布的。关于Apache的更多信息,请参见<xref "
5712
"linkend=\"httpd\"/>"
5713
5714
#: serverguide/C/virtualization.xml:991(title)
5715
msgid "Installing in a RAM Disk"
5716
msgstr "安装在内存盘片"
5717
5718
#: serverguide/C/virtualization.xml:993(para)
5719
msgid ""
5720
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5721
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5722
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5723
"-tmpfs</emphasis> will help you do just that:"
5724
msgstr ""
5725
"很容易就可以想到,写到RAM中是一个比写到磁盘中<emphasis>快得多</emphasis>的方法。如果您有一些空的内存,让vmbuilder把它的操"
5726
"作放到RAM中将会有很大改观。选项<emphasis>--tmpfs</emphasis>可以实现这个功能,您只需要:"
5727
5728
#: serverguide/C/virtualization.xml:999(programlisting)
5729
#, no-wrap
5730
msgid ""
5731
"\n"
5732
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5733
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5734
msgstr ""
5735
"\n"
5736
"--tmpfs OPTS 使用 tmpfs 做为工作目录,指定它的\n"
5737
" 尺寸或者使用 \"-\" 来使用 tmpfs 默认值 (suid,dev,size=1G).\n"
5738
5739
#: serverguide/C/virtualization.xml:1004(para)
5740
msgid ""
5741
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5742
"have 1G of free ram."
5743
msgstr "因此,增加<command>--tmpfs -</command>看起来是个很好的主意,如果您有 1G 的闲置内存。"
5744
5745
#: serverguide/C/virtualization.xml:1011(title)
5746
msgid "Package the Application"
5747
msgstr "将程序打包"
5748
5749
#: serverguide/C/virtualization.xml:1013(para)
5750
msgid "Two option are available to us:"
5751
msgstr "2 个选项是可用的:"
5752
5753
#: serverguide/C/virtualization.xml:1019(para)
5754
msgid ""
5755
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5756
"package. Since this is outside of the scope of this tutorial, we will not "
5757
"perform this here and invite the reader to read the documentation on how to "
5758
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5759
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5760
"repository for your package so that updates can be conveniently pulled from "
5761
"it. See the <ulink url=\"http://www.debian-"
5762
"administration.org/articles/286\">Debian Administration</ulink> article for "
5763
"a tutorial on this."
5764
msgstr ""
5765
"达成此目的建议方法是制作一个<emphasis>Debian</emphasis>包。因为这已经超出了我们这个向导的范围,我们将不再在这里介绍,读者可以到"
5766
"网址<ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu Packaging "
5767
"Guide</ulink>来阅读如何达到这个目的的文档。在这种情况下,建立一个源是一个好主意,因为这样您可以随后方便的从它升级。关于这个的介绍,请参阅<u"
5768
"link url=\"http://www.debian-administration.org/articles/286\">Debian "
5769
"Administration</ulink>相关文章。"
5770
5771
#: serverguide/C/virtualization.xml:1028(para)
5772
msgid ""
5773
"Manually install the application under <filename>/opt</filename> as "
5774
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5775
"guidelines</ulink>."
5776
msgstr ""
5777
"在<filename>/opt</filename>下手动安装程序是<ulink "
5778
"url=\"http://www.pathname.com/fhs/\">FHS 指南</ulink>所推荐的方式."
5779
5780
#: serverguide/C/virtualization.xml:1035(para)
5781
msgid ""
5782
"In our case we'll use <application>Limesurvey</application> as example web "
5783
"application for which we wish to provide a virtual appliance. As noted "
5784
"before, we've made a version of the package available in a PPA (Personal "
5785
"Package Archive)."
5786
msgstr ""
5787
"在这里,我们将使用<application>Limesurvey</application>作为示例程序来展示我们如何提供一个虚拟装置。如前所述,我们制作"
5788
"了一个可以在一个PPA中(个人包获取)使用的版本的包。"
5789
5790
#: serverguide/C/virtualization.xml:1042(title)
5791
msgid "Finishing Install"
5792
msgstr "完成安装"
5793
5794
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5795
msgid "First Boot"
5796
msgstr "首次启动"
5797
5798
#: serverguide/C/virtualization.xml:1047(para)
5799
msgid ""
5800
"As we mentioned earlier, the first time the machine boots we'll need to "
5801
"install <application>openssh-server</application> so that the key generated "
5802
"for it is unique for each machine. To do this, we'll write a script called "
5803
"<filename>boot.sh</filename> as follows:"
5804
msgstr ""
5805
"如前所述,机器第一期启动的时候我们需要安装<application>openssh-"
5806
"server</application>,这样的话就可以为每一个机器生成一个唯一的键。为达到此目的,我们需要像下面这样编写一个叫做<filename>bo"
5807
"ot.sh</filename>的脚本:"
5808
5809
#: serverguide/C/virtualization.xml:1053(programlisting)
5810
#, no-wrap
5811
msgid ""
5812
"\n"
5813
"# This script will run the first time the virtual machine boots\n"
5814
"# It is ran as root.\n"
5815
"\n"
5816
"apt-get update\n"
5817
"apt-get install -qqy --force-yes openssh-server\n"
5818
msgstr ""
5819
"\n"
5820
"# 这个脚本将在虚拟机第一次启动时运行\n"
5821
"# 它将作为管理者身份运行\n"
5822
"\n"
5823
"apt-get update\n"
5824
"apt-get install -qqy --force-yes openssh-server\n"
5825
5826
#: serverguide/C/virtualization.xml:1061(para)
5827
msgid ""
5828
"And we add the <command>--firstboot boot.sh</command> option to our command "
5829
"line."
5830
msgstr "我们也要把<command>--firstboot boot.sh</command>选项命令加进命令行里。"
5831
5832
#: serverguide/C/virtualization.xml:1067(title)
5833
msgid "First Login"
5834
msgstr "首次登录"
5835
5836
#: serverguide/C/virtualization.xml:1069(para)
5837
msgid ""
5838
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5839
"set them up the first time a user logs in using a script named login.sh. "
5840
"We'll also use this script to let the user specify:"
5841
msgstr ""
5842
"Mysql和Limesuevey在他们的安装过程中需要一些用户交互,我们将在用户第一次登录的时候使用一个叫做login.sh的脚本来设置它们。我们同样适用"
5843
"这个脚本来进行用户设置:"
5844
5845
#: serverguide/C/virtualization.xml:1075(para)
5846
msgid "His own password"
5847
msgstr "他自己的密码"
5848
5849
#: serverguide/C/virtualization.xml:1076(para)
5850
msgid "Define the keyboard and other locale info he wants to use"
5851
msgstr "定义键盘和所想要使用的其它地区信息"
5852
5853
#: serverguide/C/virtualization.xml:1079(para)
5854
msgid "So we'll define <filename>login.sh</filename> as follows:"
5855
msgstr "因此我们将定义<filename>login.sh</filename>做为以下内容:"
5856
5857
#: serverguide/C/virtualization.xml:1083(programlisting)
5858
#, no-wrap
5859
msgid ""
5860
"\n"
5861
"# This script is ran the first time a user logs in\n"
5862
"\n"
5863
"echo \"Your appliance is about to be finished to be set up.\"\n"
5864
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5865
"echo \"starting by changing your user password.\"\n"
5866
"\n"
5867
"passwd\n"
5868
"\n"
5869
"#give the opportunity to change the keyboard\n"
5870
"sudo dpkg-reconfigure console-setup\n"
5871
"\n"
5872
"#configure the mysql server root password\n"
5873
"sudo dpkg-reconfigure mysql-server-5.0\n"
5874
"\n"
5875
"#install limesurvey\n"
5876
"sudo apt-get install -qqy --force-yes limesurvey\n"
5877
"\n"
5878
"echo \"Your appliance is now configured. To use it point your\"\n"
5879
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5880
msgstr ""
5881
"\n"
5882
"# This script is ran the first time a user logs in\n"
5883
"\n"
5884
"echo \"Your appliance is about to be finished to be set up.\"\n"
5885
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5886
"echo \"starting by changing your user password.\"\n"
5887
"\n"
5888
"passwd\n"
5889
"\n"
5890
"#give the opportunity to change the keyboard\n"
5891
"sudo dpkg-reconfigure console-setup\n"
5892
"\n"
5893
"#configure the mysql server root password\n"
5894
"sudo dpkg-reconfigure mysql-server-5.0\n"
5895
"\n"
5896
"#install limesurvey\n"
5897
"sudo apt-get install -qqy --force-yes limesurvey\n"
5898
"\n"
5899
"echo \"Your appliance is now configured. To use it point your\"\n"
5900
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5901
5902
#: serverguide/C/virtualization.xml:1105(para)
5903
msgid ""
5904
"And we add the <command>--firstlogin login.sh</command> option to our "
5905
"command line."
5906
msgstr "我们也要把<command>--firstlogin login.sh</command>选项命令加进命令行里。"
5907
5908
#: serverguide/C/virtualization.xml:1112(title)
5909
msgid "Useful Additions"
5910
msgstr "有用的扩展"
5911
5912
#: serverguide/C/virtualization.xml:1115(title)
5913
msgid "Configuring Automatic Updates"
5914
msgstr "配置自动更新"
5915
5916
#: serverguide/C/virtualization.xml:1117(para)
5917
msgid ""
5918
"To have your system be configured to update itself on a regular basis, we "
5919
"will just install <application>unattended-upgrades</application>, so we add "
5920
"the following option to our command line:"
5921
msgstr ""
5922
"想要将你的系统配置为定期自动更新,只需安装<application>unattended-upgrades</application>. "
5923
"在命令行中添加下面的选项."
5924
5925
#: serverguide/C/virtualization.xml:1123(command)
5926
msgid "--addpkg unattended-upgrades"
5927
msgstr "--addpkg unattended-upgrades"
5928
5929
#: serverguide/C/virtualization.xml:1126(para)
5930
msgid ""
5931
"As we have put our application package in a PPA, the process will update not "
5932
"only the system, but also the application each time we update the version in "
5933
"the PPA."
5934
msgstr "正如我们已经把应用包加入到了PPA, 我们在PPA中更新版本的时候,不仅会更新系统,应用程序也会更新."
5935
5936
#: serverguide/C/virtualization.xml:1133(title)
5937
msgid "ACPI Event Handling"
5938
msgstr "ACPI 事件处理"
5939
5940
#: serverguide/C/virtualization.xml:1135(para)
5941
msgid ""
5942
"For your virtual machine to be able to handle restart and shutdown events it "
5943
"is being sent, it is a good idea to install the acpid package as well. To do "
5944
"this we just add the following option:"
5945
msgstr "为了您的虚拟机发送信息能够处理重启和关闭事件,这也是个安装 acpid 软件包的好方法。为了做到这点我们只需加进以下选项即可:"
5946
5947
#: serverguide/C/virtualization.xml:1141(command)
5948
msgid "--addpkg acpid"
5949
msgstr "--addpkg acpid"
5950
5951
#: serverguide/C/virtualization.xml:1147(title)
5952
msgid "Final Command"
5953
msgstr "最终命令"
5954
5955
#: serverguide/C/virtualization.xml:1149(para)
5956
msgid "Here is the command with all the options discussed above:"
5957
msgstr "这是使用了上面所有涉及到选项的命令:"
5958
5959
#: serverguide/C/virtualization.xml:1154(command)
5960
msgid ""
5961
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5962
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5963
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5964
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5965
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5966
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5967
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5968
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5969
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5970
"firstlogin login.sh"
5971
msgstr ""
5972
5973
#: serverguide/C/virtualization.xml:1169(para)
5974
msgid ""
5975
"If you are interested in learning more, have questions or suggestions, "
5976
"please contact the Ubuntu Server Team at:"
5977
msgstr "如果您有兴趣了解更多,有问题或建议,请联系 Ubuntu 服务团队:"
5978
5979
#: serverguide/C/virtualization.xml:1174(para)
5980
msgid "IRC: #ubuntu-server on freenode"
5981
msgstr "IRC: #ubuntu-server on freenode"
5982
5983
#: serverguide/C/virtualization.xml:1179(para)
5984
msgid ""
5985
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5986
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5987
msgstr ""
5988
"邮件列表: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5989
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5990
5991
#: serverguide/C/virtualization.xml:1184(para)
5992
msgid ""
5993
"Also, see the <ulink "
5994
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5995
"Wiki</ulink> page."
5996
msgstr ""
5997
5998
#: serverguide/C/virtualization.xml:1192(title)
5999
msgid "UEC"
6000
msgstr ""
6001
6002
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
6003
msgid "Overview"
6004
msgstr "概览"
6005
6006
#: serverguide/C/virtualization.xml:1197(para)
6007
msgid ""
6008
"This tutorial covers <application>UEC</application> installation from the "
6009
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
6010
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
6011
"and one or more nodes attached."
6012
msgstr ""
6013
6014
#: serverguide/C/virtualization.xml:1202(para)
6015
msgid ""
6016
"From this Tutorial you will learn how to install, configure, register and "
6017
"perform several operations on a basic <application>UEC</application> setup "
6018
"that results in a cloud with a one controller <emphasis>\"front-"
6019
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6020
"instances. You will also use examples to help get you started using your own "
6021
"private compute cloud."
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1210(title)
6025
msgid "Prerequisites"
6026
msgstr ""
6027
6028
#: serverguide/C/virtualization.xml:1212(para)
6029
msgid ""
6030
"To deploy a minimal cloud infrastructure, you’ll need at least "
6031
"<emphasis>two</emphasis> dedicated systems:"
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1218(para)
6035
msgid "A front end."
6036
msgstr ""
6037
6038
#: serverguide/C/virtualization.xml:1223(para)
6039
msgid "One or more node(s)."
6040
msgstr ""
6041
6042
#: serverguide/C/virtualization.xml:1229(para)
6043
msgid ""
6044
"The following are recommendations, rather than fixed requirements. However, "
6045
"our experience in developing this documentation indicated the following "
6046
"suggestions."
6047
msgstr ""
6048
6049
#: serverguide/C/virtualization.xml:1234(title)
6050
msgid "Front End Requirements"
6051
msgstr ""
6052
6053
#: serverguide/C/virtualization.xml:1236(para)
6054
msgid "Use the following table for a system that will run one or more of:"
6055
msgstr ""
6056
6057
#: serverguide/C/virtualization.xml:1241(para)
6058
msgid "Cloud Controller (CLC)"
6059
msgstr ""
6060
6061
#: serverguide/C/virtualization.xml:1242(para)
6062
msgid "Cluster Controller (CC)"
6063
msgstr ""
6064
6065
#: serverguide/C/virtualization.xml:1243(para)
6066
msgid "Walrus (the S3-like storage service)"
6067
msgstr ""
6068
6069
#: serverguide/C/virtualization.xml:1244(para)
6070
msgid "Storage Controller (SC)"
6071
msgstr ""
6072
6073
#: serverguide/C/virtualization.xml:1248(title)
6074
msgid "UEC Front End Requirements"
6075
msgstr ""
6076
6077
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
6078
msgid "Hardware"
6079
msgstr ""
6080
6081
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
6082
msgid "Minimum"
6083
msgstr ""
6084
6085
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
6086
msgid "Suggested"
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
6090
msgid "Notes"
6091
msgstr ""
6092
6093
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
6094
msgid "CPU"
6095
msgstr ""
6096
6097
#: serverguide/C/virtualization.xml:1265(para)
6098
msgid "1 GHz"
6099
msgstr ""
6100
6101
#: serverguide/C/virtualization.xml:1266(para)
6102
msgid "2 x 2 GHz"
6103
msgstr ""
6104
6105
#: serverguide/C/virtualization.xml:1267(para)
6106
msgid ""
6107
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
6108
"a dual core processor."
6109
msgstr ""
6110
6111
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
6112
msgid "Memory"
6113
msgstr ""
6114
6115
#: serverguide/C/virtualization.xml:1271(para)
6116
msgid "2 GB"
6117
msgstr ""
6118
6119
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
6120
msgid "4 GB"
6121
msgstr ""
6122
6123
#: serverguide/C/virtualization.xml:1273(para)
6124
msgid "The Java web front end benefits from lots of available memory."
6125
msgstr ""
6126
6127
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
6128
msgid "Disk"
6129
msgstr ""
6130
6131
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
6132
msgid "5400 RPM IDE"
6133
msgstr ""
6134
6135
#: serverguide/C/virtualization.xml:1278(para)
6136
msgid "7200 RPM SATA"
6137
msgstr ""
6138
6139
#: serverguide/C/virtualization.xml:1279(para)
6140
msgid ""
6141
"Slower disks will work, but will yield much longer instance startup times."
6142
msgstr ""
6143
6144
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
6145
msgid "Disk Space"
6146
msgstr ""
6147
6148
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
6149
msgid "40 GB"
6150
msgstr ""
6151
6152
#: serverguide/C/virtualization.xml:1284(para)
6153
msgid "200 GB"
6154
msgstr ""
6155
6156
#: serverguide/C/virtualization.xml:1285(para)
6157
msgid ""
6158
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
6159
"does not like to run out of disk space."
6160
msgstr ""
6161
6162
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
6163
msgid "Networking"
6164
msgstr "联网"
6165
6166
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
6167
msgid "100 Mbps"
6168
msgstr ""
6169
6170
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
6171
msgid "1000 Mbps"
6172
msgstr ""
6173
6174
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
6175
msgid ""
6176
"Machine images are hundreds of MB, and need to be copied over the network to "
6177
"nodes."
6178
msgstr ""
6179
6180
#: serverguide/C/virtualization.xml:1299(title)
6181
msgid "Node Requirements"
6182
msgstr ""
6183
6184
#: serverguide/C/virtualization.xml:1301(para)
6185
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
6186
msgstr ""
6187
6188
#: serverguide/C/virtualization.xml:1306(para)
6189
msgid "the Node Controller (NC)"
6190
msgstr ""
6191
6192
#: serverguide/C/virtualization.xml:1310(title)
6193
msgid "UEC Node Requirements"
6194
msgstr ""
6195
6196
#: serverguide/C/virtualization.xml:1327(para)
6197
msgid "VT Extensions"
6198
msgstr ""
6199
6200
#: serverguide/C/virtualization.xml:1328(para)
6201
msgid "VT, 64-bit, Multicore"
6202
msgstr ""
6203
6204
#: serverguide/C/virtualization.xml:1329(para)
6205
msgid ""
6206
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
6207
"only run 1 VM per CPU core on a Node."
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:1333(para)
6211
msgid "1 GB"
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:1335(para)
6215
msgid "Additional memory means more, and larger guests."
6216
msgstr ""
6217
6218
#: serverguide/C/virtualization.xml:1340(para)
6219
msgid "7200 RPM SATA or SCSI"
6220
msgstr ""
6221
6222
#: serverguide/C/virtualization.xml:1341(para)
6223
msgid ""
6224
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
6225
"bottleneck."
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:1346(para)
6229
msgid "100 GB"
6230
msgstr ""
6231
6232
#: serverguide/C/virtualization.xml:1347(para)
6233
msgid ""
6234
"Images will be cached locally, Eucalyptus does not like to run out of disk "
6235
"space."
6236
msgstr ""
6237
6238
#: serverguide/C/virtualization.xml:1363(title)
6239
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
6240
msgstr ""
6241
6242
#: serverguide/C/virtualization.xml:1367(para)
6243
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
6244
msgstr ""
6245
6246
#: serverguide/C/virtualization.xml:1372(para)
6247
msgid ""
6248
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
6249
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
6250
"components are present."
6251
msgstr ""
6252
6253
#: serverguide/C/virtualization.xml:1377(para)
6254
msgid ""
6255
"You can then choose which components to install, based on your chosen <ulink "
6256
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
6257
msgstr ""
6258
6259
#: serverguide/C/virtualization.xml:1382(para)
6260
msgid ""
6261
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
6262
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
6263
msgstr ""
6264
6265
#: serverguide/C/virtualization.xml:1388(para)
6266
msgid ""
6267
"It will ask two other cloud-specific questions during the course of the "
6268
"install:"
6269
msgstr ""
6270
6271
#: serverguide/C/virtualization.xml:1393(para)
6272
msgid "Name of your cluster."
6273
msgstr ""
6274
6275
#: serverguide/C/virtualization.xml:1396(para)
6276
msgid "e.g. <emphasis>cluster1</emphasis>."
6277
msgstr ""
6278
6279
#: serverguide/C/virtualization.xml:1399(para)
6280
msgid ""
6281
"A range of public IP addresses on the LAN that the cloud can allocate to "
6282
"instances."
6283
msgstr ""
6284
6285
#: serverguide/C/virtualization.xml:1402(para)
6286
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6287
msgstr ""
6288
6289
#: serverguide/C/virtualization.xml:1410(title)
6290
msgid "Installing the Node Controller(s)"
6291
msgstr ""
6292
6293
#: serverguide/C/virtualization.xml:1412(para)
6294
msgid ""
6295
"The node controller install is even simpler. Just make sure that you are "
6296
"connected to the network on which the cloud/cluster controller is already "
6297
"running."
6298
msgstr ""
6299
6300
#: serverguide/C/virtualization.xml:1418(para)
6301
msgid "Boot from the same ISO on the node(s)."
6302
msgstr ""
6303
6304
#: serverguide/C/virtualization.xml:1423(para)
6305
msgid ""
6306
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6307
msgstr ""
6308
6309
#: serverguide/C/virtualization.xml:1428(para)
6310
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6311
msgstr ""
6312
6313
#: serverguide/C/virtualization.xml:1433(para)
6314
msgid ""
6315
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6316
"install for you."
6317
msgstr ""
6318
6319
#: serverguide/C/virtualization.xml:1438(para)
6320
msgid "Confirm the partitioning scheme."
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:1443(para)
6324
msgid ""
6325
"The rest of the installation should proceed uninterrupted; complete the "
6326
"installation and reboot the node."
6327
msgstr ""
6328
6329
#: serverguide/C/virtualization.xml:1451(title)
6330
msgid "Register the Node(s)"
6331
msgstr ""
6332
6333
#: serverguide/C/virtualization.xml:1456(para)
6334
msgid ""
6335
"Nodes are the physical systems within <application>UEC</application> that "
6336
"actually run the virtual machine instances of the cloud."
6337
msgstr ""
6338
6339
#: serverguide/C/virtualization.xml:1460(para)
6340
msgid "All component registration should be automatic, assuming:"
6341
msgstr ""
6342
6343
#: serverguide/C/virtualization.xml:1466(para)
6344
msgid "Public SSH keys have been exchanged properly."
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:1471(para)
6348
msgid "The services are configured properly."
6349
msgstr ""
6350
6351
#: serverguide/C/virtualization.xml:1476(para)
6352
msgid ""
6353
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
6354
msgstr ""
6355
6356
#: serverguide/C/virtualization.xml:1481(para)
6357
msgid "Verify Registration."
6358
msgstr ""
6359
6360
#: serverguide/C/virtualization.xml:1487(para)
6361
msgid ""
6362
"Steps a to e should only be required if you're using the <ulink "
6363
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
6364
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
6365
"should already be completed automatically for you, and therefore you can "
6366
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
6367
msgstr ""
6368
6369
#: serverguide/C/virtualization.xml:1495(para)
6370
msgid "Exchange Public Keys"
6371
msgstr ""
6372
6373
#: serverguide/C/virtualization.xml:1497(para)
6374
msgid ""
6375
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
6376
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
6377
"Controller as the eucalyptus user."
6378
msgstr ""
6379
6380
#: serverguide/C/virtualization.xml:1502(para)
6381
msgid ""
6382
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
6383
"ssh key by:"
6384
msgstr ""
6385
6386
#: serverguide/C/virtualization.xml:1508(para)
6387
msgid ""
6388
"On the target controller, temporarily set a password for the eucalyptus user:"
6389
msgstr ""
6390
6391
#: serverguide/C/virtualization.xml:1512(command)
6392
msgid "sudo passwd eucalyptus"
6393
msgstr ""
6394
6395
#: serverguide/C/virtualization.xml:1516(para)
6396
msgid "Then, on the Cloud Controller:"
6397
msgstr ""
6398
6399
#: serverguide/C/virtualization.xml:1520(command)
6400
msgid ""
6401
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
6402
"eucalyptus@<IP_OF_NODE>"
6403
msgstr ""
6404
6405
#: serverguide/C/virtualization.xml:1524(para)
6406
msgid ""
6407
"You can now remove the password of the eucalyptus account on the target "
6408
"controller, if you wish:"
6409
msgstr ""
6410
6411
#: serverguide/C/virtualization.xml:1528(command)
6412
msgid "sudo passwd -d eucalyptus"
6413
msgstr ""
6414
6415
#: serverguide/C/virtualization.xml:1535(para)
6416
msgid "Configuring the Services"
6417
msgstr ""
6418
6419
#: serverguide/C/virtualization.xml:1537(para)
6420
msgid "On the <emphasis>Cloud Controller</emphasis>:"
6421
msgstr ""
6422
6423
#: serverguide/C/virtualization.xml:1543(para)
6424
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
6425
msgstr ""
6426
6427
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
6428
msgid ""
6429
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
6430
"cc.conf</filename>"
6431
msgstr ""
6432
6433
#: serverguide/C/virtualization.xml:1549(para)
6434
msgid ""
6435
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6436
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6437
"addresses."
6438
msgstr ""
6439
6440
#: serverguide/C/virtualization.xml:1556(para)
6441
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
6442
msgstr ""
6443
6444
#: serverguide/C/virtualization.xml:1560(para)
6445
msgid ""
6446
"Define the shell variable WALRUS_IP_ADDR in "
6447
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
6448
"address."
6449
msgstr ""
6450
6451
#: serverguide/C/virtualization.xml:1565(para)
6452
msgid "On the <emphasis>Cluster Controller</emphasis>:"
6453
msgstr ""
6454
6455
#: serverguide/C/virtualization.xml:1571(para)
6456
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
6457
msgstr ""
6458
6459
#: serverguide/C/virtualization.xml:1577(para)
6460
msgid ""
6461
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6462
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6463
"addresses."
6464
msgstr ""
6465
6466
#: serverguide/C/virtualization.xml:1587(para)
6467
msgid "Publish"
6468
msgstr ""
6469
6470
#: serverguide/C/virtualization.xml:1589(para)
6471
msgid "Now start the publication services."
6472
msgstr ""
6473
6474
#: serverguide/C/virtualization.xml:1595(emphasis)
6475
msgid "Walrus Controller:"
6476
msgstr ""
6477
6478
#: serverguide/C/virtualization.xml:1597(command)
6479
msgid "sudo start eucalyptus-walrus-publication"
6480
msgstr ""
6481
6482
#: serverguide/C/virtualization.xml:1601(emphasis)
6483
msgid "Cluster Controller:"
6484
msgstr ""
6485
6486
#: serverguide/C/virtualization.xml:1603(command)
6487
msgid "sudo start eucalyptus-cc-publication"
6488
msgstr ""
6489
6490
#: serverguide/C/virtualization.xml:1607(emphasis)
6491
msgid "Storage Controller:"
6492
msgstr ""
6493
6494
#: serverguide/C/virtualization.xml:1609(command)
6495
msgid "sudo start eucalyptus-sc-publication"
6496
msgstr ""
6497
6498
#: serverguide/C/virtualization.xml:1613(emphasis)
6499
msgid "Node Controller:"
6500
msgstr ""
6501
6502
#: serverguide/C/virtualization.xml:1615(command)
6503
msgid "sudo start eucalyptus-nc-publication"
6504
msgstr ""
6505
6506
#: serverguide/C/virtualization.xml:1622(para)
6507
msgid "Start the Listener"
6508
msgstr ""
6509
6510
#: serverguide/C/virtualization.xml:1624(para)
6511
msgid ""
6512
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
6513
"Controller(s)</emphasis>, run:"
6514
msgstr ""
6515
6516
#: serverguide/C/virtualization.xml:1629(command)
6517
msgid "sudo start uec-component-listener"
6518
msgstr ""
6519
6520
#: serverguide/C/virtualization.xml:1634(para)
6521
msgid "Verify Registration"
6522
msgstr ""
6523
6524
#: serverguide/C/virtualization.xml:1637(command)
6525
msgid "cat /var/log/eucalyptus/registration.log"
6526
msgstr ""
6527
6528
#: serverguide/C/virtualization.xml:1638(computeroutput)
6529
#, no-wrap
6530
msgid ""
6531
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
6532
"10.1.1.75\n"
6533
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
6534
"0\n"
6535
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
6536
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
6537
"0\n"
6538
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
6539
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
6540
"returned 0\n"
6541
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
6542
"10.1.1.71\n"
6543
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
6544
msgstr ""
6545
6546
#: serverguide/C/virtualization.xml:1649(para)
6547
msgid "The output on your machine will vary from the example above."
6548
msgstr ""
6549
6550
#: serverguide/C/virtualization.xml:1659(title)
6551
msgid "Obtain Credentials"
6552
msgstr ""
6553
6554
#: serverguide/C/virtualization.xml:1661(para)
6555
msgid ""
6556
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6557
"users of the cloud will need to retrieve their credentials. This can be done "
6558
"either through a web browser, or at the command line."
6559
msgstr ""
6560
6561
#: serverguide/C/virtualization.xml:1667(title)
6562
msgid "From a Web Browser"
6563
msgstr ""
6564
6565
#: serverguide/C/virtualization.xml:1671(para)
6566
msgid ""
6567
"From your web browser (either remotely or on your Ubuntu server) access the "
6568
"following URL:"
6569
msgstr ""
6570
6571
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6572
#, no-wrap
6573
msgid ""
6574
"\n"
6575
"https://<cloud-controller-ip-address>:8443/\n"
6576
msgstr ""
6577
6578
#: serverguide/C/virtualization.xml:1679(para)
6579
msgid ""
6580
"You must use a secure connection, so make sure you use \"https\" not "
6581
"\"http\" in your URL. You will get a security certificate warning. You will "
6582
"have to add an exception to view the page. If you do not accept it you will "
6583
"not be able to view the Eucalyptus configuration page."
6584
msgstr ""
6585
6586
#: serverguide/C/virtualization.xml:1687(para)
6587
msgid ""
6588
"Use username <emphasis>'admin'</emphasis> and password "
6589
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6590
"to change your password)."
6591
msgstr ""
6592
6593
#: serverguide/C/virtualization.xml:1693(para)
6594
msgid ""
6595
"Then follow the on-screen instructions to update the admin password and "
6596
"email address."
6597
msgstr ""
6598
6599
#: serverguide/C/virtualization.xml:1698(para)
6600
msgid ""
6601
"Once the first time configuration process is completed, click the "
6602
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6603
"the screen."
6604
msgstr ""
6605
6606
#: serverguide/C/virtualization.xml:1704(para)
6607
msgid ""
6608
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6609
"certificates."
6610
msgstr ""
6611
6612
#: serverguide/C/virtualization.xml:1709(para)
6613
msgid "Save them to <filename>~/.euca</filename>."
6614
msgstr ""
6615
6616
#: serverguide/C/virtualization.xml:1714(para)
6617
msgid ""
6618
"Unzip the downloaded zip file into a safe location "
6619
"(<filename>~/.euca</filename>)."
6620
msgstr ""
6621
6622
#: serverguide/C/virtualization.xml:1718(command)
6623
msgid "unzip -d ~/.euca mycreds.zip"
6624
msgstr ""
6625
6626
#: serverguide/C/virtualization.xml:1725(title)
6627
msgid "From a Command Line"
6628
msgstr ""
6629
6630
#: serverguide/C/virtualization.xml:1729(para)
6631
msgid ""
6632
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6633
"Controller</emphasis>, you can run:"
6634
msgstr ""
6635
6636
#: serverguide/C/virtualization.xml:1733(command)
6637
msgid "mkdir -p ~/.euca"
6638
msgstr ""
6639
6640
#: serverguide/C/virtualization.xml:1734(command)
6641
msgid "chmod 700 ~/.euca"
6642
msgstr ""
6643
6644
#: serverguide/C/virtualization.xml:1735(command)
6645
msgid "cd ~/.euca"
6646
msgstr ""
6647
6648
#: serverguide/C/virtualization.xml:1736(command)
6649
msgid "sudo euca_conf --get-credentials mycreds.zip"
6650
msgstr ""
6651
6652
#: serverguide/C/virtualization.xml:1737(command)
6653
msgid "unzip mycreds.zip"
6654
msgstr ""
6655
6656
#: serverguide/C/virtualization.xml:1738(command)
6657
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6658
msgstr ""
6659
6660
#: serverguide/C/virtualization.xml:1739(command)
6661
msgid "cd -"
6662
msgstr ""
6663
6664
#: serverguide/C/virtualization.xml:1746(title)
6665
msgid "Extracting and Using Your Credentials"
6666
msgstr ""
6667
6668
#: serverguide/C/virtualization.xml:1748(para)
6669
msgid ""
6670
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6671
"certificates."
6672
msgstr ""
6673
6674
#: serverguide/C/virtualization.xml:1754(para)
6675
msgid "Install the required cloud user tools:"
6676
msgstr ""
6677
6678
#: serverguide/C/virtualization.xml:1758(command)
6679
msgid "sudo apt-get install euca2ools"
6680
msgstr ""
6681
6682
#: serverguide/C/virtualization.xml:1762(para)
6683
msgid ""
6684
"To validate that everything is working correctly, get the local cluster "
6685
"availability details:"
6686
msgstr ""
6687
6688
#: serverguide/C/virtualization.xml:1766(command)
6689
msgid ". ~/.euca/eucarc"
6690
msgstr ""
6691
6692
#: serverguide/C/virtualization.xml:1767(command)
6693
msgid "euca-describe-availability-zones verbose"
6694
msgstr ""
6695
6696
#: serverguide/C/virtualization.xml:1768(computeroutput)
6697
#, no-wrap
6698
msgid ""
6699
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6700
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6701
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6702
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6703
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6704
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6705
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6706
msgstr ""
6707
6708
#: serverguide/C/virtualization.xml:1778(para)
6709
msgid "Your output from the above command will vary."
6710
msgstr ""
6711
6712
#: serverguide/C/virtualization.xml:1788(title)
6713
msgid "Install an Image from the Store"
6714
msgstr ""
6715
6716
#: serverguide/C/virtualization.xml:1790(para)
6717
msgid ""
6718
"The following is by far the simplest way to install an image. However, "
6719
"advanced users may be interested in learning how to <ulink "
6720
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6721
"own image</ulink>."
6722
msgstr ""
6723
6724
#: serverguide/C/virtualization.xml:1795(para)
6725
msgid ""
6726
"The simplest way to add an image to <application>UEC</application> is to "
6727
"install it from the Image Store on the UEC web interface."
6728
msgstr ""
6729
6730
#: serverguide/C/virtualization.xml:1801(para)
6731
msgid ""
6732
"Access the web interface at the following URL (Make sure you specify https):"
6733
msgstr ""
6734
6735
#: serverguide/C/virtualization.xml:1809(para)
6736
msgid ""
6737
"Enter your login and password (if requested, as you may still be logged in "
6738
"from earlier)."
6739
msgstr ""
6740
6741
#: serverguide/C/virtualization.xml:1814(para)
6742
msgid "Click on the <emphasis>Store</emphasis> tab."
6743
msgstr ""
6744
6745
#: serverguide/C/virtualization.xml:1819(para)
6746
msgid "Browse available images."
6747
msgstr ""
6748
6749
#: serverguide/C/virtualization.xml:1824(para)
6750
msgid "Click on <emphasis>install</emphasis> for the image you want."
6751
msgstr ""
6752
6753
#: serverguide/C/virtualization.xml:1830(para)
6754
msgid ""
6755
"Once the image has been downloaded and installed, you can click on "
6756
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6757
"button to view the command to execute to instantiate (start) this image. The "
6758
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6759
"tab."
6760
msgstr ""
6761
6762
#: serverguide/C/virtualization.xml:1838(title)
6763
msgid "Run an Image"
6764
msgstr ""
6765
6766
#: serverguide/C/virtualization.xml:1840(para)
6767
msgid "There are multiple ways to instantiate an image in UEC:"
6768
msgstr ""
6769
6770
#: serverguide/C/virtualization.xml:1845(para)
6771
msgid "Use the command line."
6772
msgstr ""
6773
6774
#: serverguide/C/virtualization.xml:1846(para)
6775
msgid ""
6776
"Use one of the UEC compatible management tools such as "
6777
"<emphasis>Landscape</emphasis>."
6778
msgstr ""
6779
6780
#: serverguide/C/virtualization.xml:1848(para)
6781
msgid ""
6782
"Use the <ulink "
6783
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6784
"extension to Firefox."
6785
msgstr ""
6786
6787
#: serverguide/C/virtualization.xml:1854(para)
6788
msgid "Here we will describe the process from the command line:"
6789
msgstr ""
6790
6791
#: serverguide/C/virtualization.xml:1860(para)
6792
msgid ""
6793
"Before running an instance of your image, you should first create a "
6794
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6795
"instance as root, once it boots. The key is stored, so you will only have to "
6796
"do this once."
6797
msgstr ""
6798
6799
#: serverguide/C/virtualization.xml:1864(para)
6800
msgid "Run the following command:"
6801
msgstr ""
6802
6803
#: serverguide/C/virtualization.xml:1867(programlisting)
6804
#, no-wrap
6805
msgid ""
6806
"\n"
6807
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6808
" mkdir -p -m 700 ~/.euca\n"
6809
" touch ~/.euca/mykey.priv\n"
6810
" chmod 0600 ~/.euca/mykey.priv\n"
6811
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6812
"fi\n"
6813
msgstr ""
6814
6815
#: serverguide/C/virtualization.xml:1876(para)
6816
msgid ""
6817
"You can call your key whatever you like (in this example, the key is called "
6818
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6819
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6820
"a list of created keys stored in the system."
6821
msgstr ""
6822
6823
#: serverguide/C/virtualization.xml:1883(para)
6824
msgid "You must also allow access to port 22 in your instances:"
6825
msgstr ""
6826
6827
#: serverguide/C/virtualization.xml:1887(command)
6828
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6829
msgstr ""
6830
6831
#: serverguide/C/virtualization.xml:1891(para)
6832
msgid "Next, you can create instances of your registered image:"
6833
msgstr ""
6834
6835
#: serverguide/C/virtualization.xml:1895(command)
6836
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6837
msgstr ""
6838
6839
#: serverguide/C/virtualization.xml:1898(para)
6840
msgid ""
6841
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6842
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6843
"on the <emphasis>Store</emphasis> page to see the sample command."
6844
msgstr ""
6845
6846
#: serverguide/C/virtualization.xml:1905(para)
6847
msgid ""
6848
"The first time you run an instance, the system will be setting up caches for "
6849
"the image from which it will be created. This can often take some time the "
6850
"first time an instance is run given that VM images are usually quite large."
6851
msgstr ""
6852
6853
#: serverguide/C/virtualization.xml:1909(para)
6854
msgid "To monitor the state of your instance, run:"
6855
msgstr ""
6856
6857
#: serverguide/C/virtualization.xml:1913(command)
6858
msgid "watch -n5 euca-describe-instances"
6859
msgstr ""
6860
6861
#: serverguide/C/virtualization.xml:1915(para)
6862
msgid ""
6863
"In the output, you should see information about the instance, including its "
6864
"state. While first-time caching is being performed, the instance's state "
6865
"will be <emphasis>'pending'</emphasis>."
6866
msgstr ""
6867
6868
#: serverguide/C/virtualization.xml:1921(para)
6869
msgid ""
6870
"When the instance is fully started, the above state will become "
6871
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6872
"instance in the output, then connect to it:"
6873
msgstr ""
6874
6875
#: serverguide/C/virtualization.xml:1926(command)
6876
msgid ""
6877
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6878
"'{print $4}')"
6879
msgstr ""
6880
6881
#: serverguide/C/virtualization.xml:1927(command)
6882
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6883
msgstr ""
6884
6885
#: serverguide/C/virtualization.xml:1931(para)
6886
msgid ""
6887
"And when you are done with this instance, exit your SSH connection, then "
6888
"terminate your instance:"
6889
msgstr ""
6890
6891
#: serverguide/C/virtualization.xml:1935(command)
6892
msgid ""
6893
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6894
"awk '{print $2}')"
6895
msgstr ""
6896
6897
#: serverguide/C/virtualization.xml:1936(command)
6898
msgid "euca-terminate-instances $INSTANCEID"
6899
msgstr ""
6900
6901
#: serverguide/C/virtualization.xml:1944(para)
6902
msgid ""
6903
"The <application>cloud-init</application> package provides \"first boot\" "
6904
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6905
"generic filesystem image that is booting and customizing it for this "
6906
"particular instance. That includes things like:"
6907
msgstr ""
6908
6909
#: serverguide/C/virtualization.xml:1952(para)
6910
msgid "Setting the hostname."
6911
msgstr ""
6912
6913
#: serverguide/C/virtualization.xml:1957(para)
6914
msgid ""
6915
"Putting the provided ssh public keys into "
6916
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6917
msgstr ""
6918
6919
#: serverguide/C/virtualization.xml:1962(para)
6920
msgid "Running a user provided script, or otherwise modifying the image."
6921
msgstr ""
6922
6923
#: serverguide/C/virtualization.xml:1968(para)
6924
msgid ""
6925
"Setting hostname and configuring a system so the person who launched it can "
6926
"actually log into it are not terribly interesting. The interesting things "
6927
"that can be done with <application>cloud-init</application> are made "
6928
"possible by data provided at launch time called <ulink "
6929
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6930
"85\">user-data</ulink>."
6931
msgstr ""
6932
6933
#: serverguide/C/virtualization.xml:1974(para)
6934
msgid "First, install the <application>cloud-init</application> package:"
6935
msgstr ""
6936
6937
#: serverguide/C/virtualization.xml:1979(command)
6938
msgid "sudo apt-get install cloud-init"
6939
msgstr ""
6940
6941
#: serverguide/C/virtualization.xml:1982(para)
6942
msgid ""
6943
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6944
"stored and executed as root late in the boot process of the instance's first "
6945
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6946
"directed to the console."
6947
msgstr ""
6948
6949
#: serverguide/C/virtualization.xml:1987(para)
6950
msgid ""
6951
"For example, create a file named <filename>ud.txt</filename> containing:"
6952
msgstr ""
6953
6954
#: serverguide/C/virtualization.xml:1991(programlisting)
6955
#, no-wrap
6956
msgid ""
6957
"\n"
6958
"#!/bin/sh\n"
6959
"echo ========== Hello World: $(date) ==========\n"
6960
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6961
msgstr ""
6962
6963
#: serverguide/C/virtualization.xml:1997(para)
6964
msgid ""
6965
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6966
msgstr ""
6967
6968
#: serverguide/C/virtualization.xml:2002(command)
6969
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6970
msgstr ""
6971
6972
#: serverguide/C/virtualization.xml:2005(para)
6973
msgid ""
6974
"Wait now for the system to come up and console to be available. To see the "
6975
"result of the data file commands enter:"
6976
msgstr ""
6977
6978
#: serverguide/C/virtualization.xml:2010(command)
6979
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6980
msgstr ""
6981
6982
#: serverguide/C/virtualization.xml:2011(computeroutput)
6983
#, no-wrap
6984
msgid ""
6985
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6986
"I have been up for 28.26 sec"
6987
msgstr ""
6988
6989
#: serverguide/C/virtualization.xml:2016(para)
6990
msgid "Your output may vary."
6991
msgstr ""
6992
6993
#: serverguide/C/virtualization.xml:2021(para)
6994
msgid ""
6995
"The simple approach shown above gives a great deal of power. The user-data "
6996
"can contain a script in any language where an interpreter already exists in "
6997
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6998
")."
6999
msgstr ""
7000
7001
#: serverguide/C/virtualization.xml:2026(para)
7002
msgid ""
7003
"For many cases, the user may not be interested in writing a program. For "
7004
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
7005
"configuration based approach towards customization. To utilize the cloud-"
7006
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
7007
"config'</emphasis>."
7008
msgstr ""
7009
7010
#: serverguide/C/virtualization.xml:2031(para)
7011
msgid ""
7012
"For example, create a text file named <filename>clout-config.txt</filename> "
7013
"containing:"
7014
msgstr ""
7015
7016
#: serverguide/C/virtualization.xml:2035(programlisting)
7017
#, no-wrap
7018
msgid ""
7019
"\n"
7020
"#cloud-config\n"
7021
"apt_upgrade: true\n"
7022
"apt_sources:\n"
7023
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
7024
"\n"
7025
"packages:\n"
7026
"- build-essential\n"
7027
"- pastebinit\n"
7028
"\n"
7029
"runcmd:\n"
7030
"- echo ======= Hello World =====\n"
7031
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
7032
msgstr ""
7033
7034
#: serverguide/C/virtualization.xml:2050(para)
7035
msgid "Create a new instance:"
7036
msgstr ""
7037
7038
#: serverguide/C/virtualization.xml:2055(command)
7039
msgid ""
7040
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
7041
"config.txt"
7042
msgstr ""
7043
7044
#: serverguide/C/virtualization.xml:2058(para)
7045
msgid "Now, when the above system is booted, it will have:"
7046
msgstr ""
7047
7048
#: serverguide/C/virtualization.xml:2063(para)
7049
msgid "Added the Apache Edgers PPA."
7050
msgstr ""
7051
7052
#: serverguide/C/virtualization.xml:2064(para)
7053
msgid "Run an upgrade to get all updates available"
7054
msgstr ""
7055
7056
#: serverguide/C/virtualization.xml:2065(para)
7057
msgid "Installed the 'build-essential' and 'pastebinit' packages"
7058
msgstr ""
7059
7060
#: serverguide/C/virtualization.xml:2066(para)
7061
msgid "Printed a similar message to the script above"
7062
msgstr ""
7063
7064
#: serverguide/C/virtualization.xml:2070(para)
7065
msgid ""
7066
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
7067
"the latest version of Apache from upstream source repositories. Package "
7068
"versions in the PPA are unsupported, and depending on your situation, this "
7069
"may or may not be desirable. See the <ulink "
7070
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
7071
"Edgers</ulink> web page for more details."
7072
msgstr ""
7073
7074
#: serverguide/C/virtualization.xml:2077(para)
7075
msgid ""
7076
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
7077
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
7078
"It is present to allow you to get the full power of a scripting language if "
7079
"you need it without abandoning <emphasis>cloud-config</emphasis>."
7080
msgstr ""
7081
7082
#: serverguide/C/virtualization.xml:2082(para)
7083
msgid ""
7084
"For more information on what kinds of things can be done with "
7085
"<application>cloud-config</application>, see <ulink "
7086
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
7087
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
7088
msgstr ""
7089
7090
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
7091
msgid "More Information"
7092
msgstr "更多信息"
7093
7094
#: serverguide/C/virtualization.xml:2093(para)
7095
msgid ""
7096
"How to use the <ulink "
7097
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
7098
"Controller</ulink>"
7099
msgstr ""
7100
7101
#: serverguide/C/virtualization.xml:2097(para)
7102
msgid "Controlling eucalyptus services:"
7103
msgstr ""
7104
7105
#: serverguide/C/virtualization.xml:2102(para)
7106
msgid ""
7107
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
7108
msgstr ""
7109
7110
#: serverguide/C/virtualization.xml:2103(para)
7111
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
7112
msgstr ""
7113
7114
#: serverguide/C/virtualization.xml:2106(para)
7115
msgid "Locations of some important files:"
7116
msgstr ""
7117
7118
#: serverguide/C/virtualization.xml:2113(emphasis)
7119
msgid "Log files:"
7120
msgstr ""
7121
7122
#: serverguide/C/virtualization.xml:2116(para)
7123
msgid "/var/log/eucalyptus"
7124
msgstr ""
7125
7126
#: serverguide/C/virtualization.xml:2121(emphasis)
7127
msgid "Configuration files:"
7128
msgstr ""
7129
7130
#: serverguide/C/virtualization.xml:2124(para)
7131
msgid "/etc/eucalyptus"
7132
msgstr ""
7133
7134
#: serverguide/C/virtualization.xml:2129(emphasis)
7135
msgid "Database:"
7136
msgstr ""
7137
7138
#: serverguide/C/virtualization.xml:2132(para)
7139
msgid "/var/lib/eucalyptus/db"
7140
msgstr ""
7141
7142
#: serverguide/C/virtualization.xml:2137(emphasis)
7143
msgid "Keys:"
7144
msgstr ""
7145
7146
#: serverguide/C/virtualization.xml:2140(para)
7147
msgid "/var/lib/eucalyptus"
7148
msgstr ""
7149
7150
#: serverguide/C/virtualization.xml:2141(para)
7151
msgid "/var/lib/eucalyptus/.ssh"
7152
msgstr ""
7153
7154
#: serverguide/C/virtualization.xml:2147(para)
7155
msgid ""
7156
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
7157
"running the client tools."
7158
msgstr ""
7159
7160
#: serverguide/C/virtualization.xml:2158(para)
7161
msgid ""
7162
"For information on loading instances see the <ulink "
7163
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
7164
"page."
7165
msgstr ""
7166
"关于加载的例子的信息,请参见网页<ulink "
7167
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink>。"
7168
7169
#: serverguide/C/virtualization.xml:2163(para)
7170
msgid ""
7171
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
7172
"documentation, downloads)</ulink>."
7173
msgstr ""
7174
7175
#: serverguide/C/virtualization.xml:2168(para)
7176
msgid ""
7177
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
7178
"(bugs, code)</ulink>."
7179
msgstr ""
7180
7181
#: serverguide/C/virtualization.xml:2173(para)
7182
msgid ""
7183
"<ulink "
7184
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
7185
"ptus Troubleshooting (1.5)</ulink>."
7186
msgstr ""
7187
7188
#: serverguide/C/virtualization.xml:2178(para)
7189
msgid ""
7190
"<ulink url=\"http://support.rightscale.com/2._References/02-"
7191
"Cloud_Infrastructures/Eucalyptus/03-"
7192
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
7193
"RightScale</ulink>."
7194
msgstr ""
7195
7196
#: serverguide/C/virtualization.xml:2184(para)
7197
msgid ""
7198
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
7199
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7200
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7201
msgstr ""
7202
"您也可以在以下地方得到帮助: <emphasis>#ubuntu-virt</emphasis>, "
7203
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7204
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7205
7206
#: serverguide/C/virtualization.xml:2193(title)
7207
msgid "Glossary"
7208
msgstr ""
7209
7210
#: serverguide/C/virtualization.xml:2195(para)
7211
msgid ""
7212
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
7213
"unfamiliar to some readers. This page is intended to provide a glossary of "
7214
"such terms and acronyms."
7215
msgstr ""
7216
7217
#: serverguide/C/virtualization.xml:2202(para)
7218
msgid ""
7219
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
7220
"computing resources through virtual machines, provisioned and recollected "
7221
"dynamically."
7222
msgstr ""
7223
7224
#: serverguide/C/virtualization.xml:2208(para)
7225
msgid ""
7226
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
7227
"provides the web UI (an https server on port 8443), and implements the "
7228
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
7229
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
7230
"cloud</application> package."
7231
msgstr ""
7232
7233
#: serverguide/C/virtualization.xml:2215(para)
7234
msgid ""
7235
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
7236
"Cluster Controller. There can be more than one Cluster in an installation of "
7237
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
7238
"floor2, floor2)."
7239
msgstr ""
7240
7241
#: serverguide/C/virtualization.xml:2221(para)
7242
msgid ""
7243
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
7244
"manages collections of node resources. This service is provided by the "
7245
"Ubuntu <application>eucalyptus-cc</application> package."
7246
msgstr ""
7247
7248
#: serverguide/C/virtualization.xml:2227(para)
7249
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
7250
msgstr ""
7251
7252
#: serverguide/C/virtualization.xml:2232(para)
7253
msgid ""
7254
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
7255
"pay-by-the-gigabyte public cloud computing offering."
7256
msgstr ""
7257
7258
#: serverguide/C/virtualization.xml:2237(para)
7259
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
7260
msgstr ""
7261
7262
#: serverguide/C/virtualization.xml:2242(para)
7263
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
7264
msgstr ""
7265
7266
#: serverguide/C/virtualization.xml:2247(para)
7267
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
7268
msgstr ""
7269
7270
#: serverguide/C/virtualization.xml:2252(para)
7271
msgid ""
7272
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
7273
"Linking Your Programs To Useful Systems. An open source project originally "
7274
"from the University of California at Santa Barbara, now supported by "
7275
"Eucalyptus Systems, a Canonical Partner."
7276
msgstr ""
7277
7278
#: serverguide/C/virtualization.xml:2259(para)
7279
msgid ""
7280
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
7281
"the high level Eucalyptus components (cloud, walrus, storage controller, "
7282
"cluster controller)."
7283
msgstr ""
7284
7285
#: serverguide/C/virtualization.xml:2265(para)
7286
msgid ""
7287
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
7288
"running virtual machines, running a node controller. Within Ubuntu, this "
7289
"generally means that the CPU has VT extensions, and can run the KVM "
7290
"hypervisor."
7291
msgstr ""
7292
7293
#: serverguide/C/virtualization.xml:2271(para)
7294
msgid ""
7295
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
7296
"on nodes which host the virtual machines that comprise the cloud. This "
7297
"service is provided by the Ubuntu package <application>eucalyptus-"
7298
"nc</application>."
7299
msgstr ""
7300
7301
#: serverguide/C/virtualization.xml:2277(para)
7302
msgid ""
7303
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
7304
"gigabyte persistent storage solution for EC2."
7305
msgstr ""
7306
7307
#: serverguide/C/virtualization.xml:2282(para)
7308
msgid ""
7309
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
7310
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
7311
"installation can have its own Storage Controller. This component is provided "
7312
"by the <application>eucalyptus-sc</application> package."
7313
msgstr ""
7314
7315
#: serverguide/C/virtualization.xml:2289(para)
7316
msgid ""
7317
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
7318
"solution, based on Eucalyptus."
7319
msgstr ""
7320
7321
#: serverguide/C/virtualization.xml:2294(para)
7322
msgid "<emphasis>VM</emphasis> - Virtual Machine."
7323
msgstr ""
7324
7325
#: serverguide/C/virtualization.xml:2299(para)
7326
msgid ""
7327
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7328
"some modern CPUs, allowing for accelerated virtual machine hosting."
7329
msgstr ""
7330
7331
#: serverguide/C/virtualization.xml:2304(para)
7332
msgid ""
7333
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7334
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7335
"put/get abstractions."
7336
msgstr ""
7337
7338
#: serverguide/C/vcs.xml:13(title)
7339
msgid "Version Control System"
7340
msgstr "版本控制系统"
7341
7342
#: serverguide/C/vcs.xml:14(para)
7343
msgid ""
7344
"Version control is the art of managing changes to information. It has long "
7345
"been a critical tool for programmers, who typically spend their time making "
7346
"small changes to software and then undoing those changes the next day. But "
7347
"the usefulness of version control software extends far beyond the bounds of "
7348
"the software development world. Anywhere you can find people using computers "
7349
"to manage information that changes often, there is room for version control."
7350
msgstr ""
7351
"版本控制是管理改动信息的技术。它对于程序员而言一直是重要的工具,他们经常花时间对程序进行小改动之后又在第二天改回来。但版本控制软件的用途却远远超出了软件开"
7352
"发的界线。无论何处您可以发现人们使用计算机去管理那些经常变动的信息,那里都有使用版本控制的空间。"
7353
7354
#: serverguide/C/vcs.xml:17(title)
7355
msgid "Bazaar"
7356
msgstr "Bazaar"
7357
7358
#: serverguide/C/vcs.xml:18(para)
7359
msgid ""
7360
"Bazaar is a new version control system sponsored by Canonical, the "
7361
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7362
"support a central repository model, Bazaar also supports "
7363
"<emphasis>distributed version control</emphasis>, giving people the ability "
7364
"to collaborate more efficiently. In particular, Bazaar is designed to "
7365
"maximize the level of community participation in open source projects."
7366
msgstr ""
7367
"Bazaar是由Canonical,发行Ubuntu的商业公司,发起的一种新的版本控制系统。不像Subversion和CVS只支持中心存储库模式,Baza"
7368
"ar还支持<emphasis>分布式版本控制</emphasis>,让人们能够有效地协作。尤其是,Bazaar的设计意图就是让社区能在开源项目上尽最大可能"
7369
"的程序参与。"
7370
7371
#: serverguide/C/vcs.xml:29(para)
7372
msgid ""
7373
"At a terminal prompt, enter the following command to install "
7374
"<application>bzr</application>: <screen>\n"
7375
"<command>sudo apt-get install bzr</command>\n"
7376
"</screen>"
7377
msgstr ""
7378
"在一个终端提示符下,输入以下命令来安装<application>bzr</application>:<screen><command>sudo apt-"
7379
"get install bzr</command>"
7380
7381
#: serverguide/C/vcs.xml:40(para)
7382
msgid ""
7383
"To introduce yourself to <application>bzr</application>, use the "
7384
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7385
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7386
"</screen>"
7387
msgstr ""
7388
"要将您自己介绍给<application>bzr</application>可以按如下方式使用<emphasis>whoami</emphasis>命令:"
7389
"<screen>\n"
7390
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7391
"</screen>"
7392
7393
#: serverguide/C/vcs.xml:49(title)
7394
msgid "Learning Bazaar"
7395
msgstr "学习使用Bazaar"
7396
7397
#: serverguide/C/vcs.xml:50(para)
7398
msgid ""
7399
"Bazaar comes with bundled documentation installed into "
7400
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7401
"is a good place to start. The <application>bzr</application> command also "
7402
"comes with built-in help: <screen>\n"
7403
"<command>$ bzr help</command>\n"
7404
"</screen>"
7405
msgstr ""
7406
"Bazaar配备有默认安装在<application>/usr/share/doc/bzr/html</application>的绑定文档. "
7407
"这份教程是一个开始学习的好地方. <application>bzr</application>命令同时也有内建帮助:\n"
7408
"<command>$ bzr help</command>\n"
7409
"</screen>"
7410
7411
#: serverguide/C/vcs.xml:60(para)
7412
msgid ""
7413
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7414
"<command>$ bzr help foo</command>\n"
7415
"</screen>"
7416
msgstr ""
7417
"了解更多关于<emphasis>foo</emphasis> 命令,请使用: <screen>\n"
7418
"<command>$ bzr help foo</command>\n"
7419
"</screen>"
7420
7421
#: serverguide/C/vcs.xml:68(title)
7422
msgid "Launchpad Integration"
7423
msgstr "Launchpad 集成"
7424
7425
#: serverguide/C/vcs.xml:69(para)
7426
msgid ""
7427
"While highly useful as a stand-alone system, Bazaar has good, optional "
7428
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7429
"the collaborative development system used by Canonical and the broader open "
7430
"source community to manage and extend Ubuntu itself. For information on how "
7431
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7432
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7433
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7434
msgstr ""
7435
"相对于非常有用的独立系统,Bazaar与<ulink "
7436
"url=\"https://launchpad.net/\">Launchpad</ulink>有着良好的、可选的集成,Canonical与国外的开源社区"
7437
"使用合作开发系统来管理和扩展ubuntu。要得到有关怎样使用Bazaar和Launchpad来合作开发开源项目的信息,参见<ulink "
7438
"url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> http://bazaar-"
7439
"vcs.org/LaunchpadIntegration</ulink>。"
7440
7441
#: serverguide/C/vcs.xml:81(title)
7442
msgid "Subversion"
7443
msgstr "Subversion"
7444
7445
#: serverguide/C/vcs.xml:82(para)
7446
msgid ""
7447
"Subversion is an open source version control system. Using Subversion, you "
7448
"can record the history of source files and documents. It manages files and "
7449
"directories over time. A tree of files is placed into a central repository. "
7450
"The repository is much like an ordinary file server, except that it "
7451
"remembers every change ever made to files and directories."
7452
msgstr ""
7453
"Subversion 是一个开源的版本控制系统。使用 "
7454
"Subversion,您可以记录源文件和文档的历史。它管理文件和目录。文件树被放入了中心库中。库更象是一个普通的文件服务器,除了它可以记住对文件和目录的每"
7455
"次改变。"
7456
7457
#: serverguide/C/vcs.xml:87(para)
7458
msgid ""
7459
"To access Subversion repository using the HTTP protocol, you must install "
7460
"and configure a web server. Apache2 is proven to work with Subversion. "
7461
"Please refer to the HTTP subsection in the Apache2 section to install and "
7462
"configure Apache2. To access the Subversion repository using the HTTPS "
7463
"protocol, you must install and configure a digital certificate in your "
7464
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7465
"section to install and configure the digital certificate."
7466
msgstr ""
7467
"要通过 HTTP 协议来访问 Subversion 库,您必须安装和配置一个 web 服务器。Apache2 被证明可以和 Subversion "
7468
"一起工作。请参考 Apache2 章节的 HTTP 小节以安装和配置 Apache2。要使用 HTTPS 协议访问 Subversion "
7469
"库,您必须在您的 Apache2 web 服务器上安装和配置数字证书。请参考 Apache2 章节的 HTTPS 小节以安装和配置数据证书。"
7470
7471
#: serverguide/C/vcs.xml:96(para)
7472
msgid ""
7473
"To install Subversion, run the following command from a terminal prompt:"
7474
msgstr "要安装 Subversion,可以在终端提示符后运行以下命令:"
7475
7476
#: serverguide/C/vcs.xml:101(command)
7477
msgid "sudo apt-get install subversion libapache2-svn"
7478
msgstr "sudo apt-get install subversion libapache2-svn"
7479
7480
#: serverguide/C/vcs.xml:108(para)
7481
msgid ""
7482
"This step assumes you have installed above mentioned packages on your "
7483
"system. This section explains how to create a Subversion repository and "
7484
"access the project."
7485
msgstr "这一步假定您已经在您的系统上安装了上面提及的包。本部分内容说明如何创建一个 Subversion 库和访问项目。"
7486
7487
#: serverguide/C/vcs.xml:111(title)
7488
msgid "Create Subversion Repository"
7489
msgstr "创建 Subversion 库"
7490
7491
#: serverguide/C/vcs.xml:112(para)
7492
msgid ""
7493
"The Subversion repository can be created using the following command from a "
7494
"terminal prompt:"
7495
msgstr "Subversion 库可以在终端提示符后使用以下命令创建:"
7496
7497
#: serverguide/C/vcs.xml:116(command)
7498
msgid "svnadmin create /path/to/repos/project"
7499
msgstr "svnadmin create /path/to/repos/project"
7500
7501
#: serverguide/C/vcs.xml:121(title)
7502
msgid "Importing Files"
7503
msgstr "导入文件"
7504
7505
#: serverguide/C/vcs.xml:122(para)
7506
msgid ""
7507
"Once you create the repository you can <emphasis>import</emphasis> files "
7508
"into the repository. To import a directory, enter the following from a "
7509
"terminal prompt: <screen>\n"
7510
"<command>svn import /path/to/import/directory "
7511
"file:///path/to/repos/project</command>\n"
7512
"</screen>"
7513
msgstr ""
7514
"创建库后,你可以将文件<emphasis>导入</emphasis>到库中. 要导入文件夹, 在终端命令行中输入下面命令\n"
7515
"<command>svn import /path/to/import/directory "
7516
"file:///path/to/repos/project</command>\n"
7517
"</screen>"
7518
7519
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7520
msgid "Access Methods"
7521
msgstr "访问方式"
7522
7523
#: serverguide/C/vcs.xml:135(para)
7524
msgid ""
7525
"Subversion repositories can be accessed (checked out) through many different "
7526
"methods --on local disk, or through various network protocols. A repository "
7527
"location, however, is always a URL. The table describes how different URL "
7528
"schemes map to the available access methods."
7529
msgstr ""
7530
"版本库可以通过很多方式来存取(签出)--在本地磁盘,或者通过各种各样的网络协议。然而一个库的位置始终是个URL。表里描述了不同存取方法下的不同URL样子。"
7531
7532
#: serverguide/C/vcs.xml:146(para)
7533
msgid "Schema"
7534
msgstr "模式"
7535
7536
#: serverguide/C/vcs.xml:147(para)
7537
msgid "Access Method"
7538
msgstr "访问方式"
7539
7540
#: serverguide/C/vcs.xml:152(para)
7541
msgid "file://"
7542
msgstr "file://"
7543
7544
#: serverguide/C/vcs.xml:153(para)
7545
msgid "direct repository access (on local disk)"
7546
msgstr "直接访问库 (在本地磁盘)"
7547
7548
#: serverguide/C/vcs.xml:156(para)
7549
msgid "http://"
7550
msgstr "http://"
7551
7552
#: serverguide/C/vcs.xml:157(para)
7553
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7554
msgstr "通过 WebDAV 协议访问带有 Subversion 的 Apache2 web 服务器。"
7555
7556
#: serverguide/C/vcs.xml:160(para)
7557
msgid "https://"
7558
msgstr "https://"
7559
7560
#: serverguide/C/vcs.xml:161(para)
7561
msgid "Same as http://, but with SSL encryption"
7562
msgstr "与 http:// 相同,但有 SSL 加密"
7563
7564
#: serverguide/C/vcs.xml:164(para)
7565
msgid "svn://"
7566
msgstr "svn://"
7567
7568
#: serverguide/C/vcs.xml:165(para)
7569
msgid "Access via custom protocol to an svnserve server"
7570
msgstr "通过自身协议访问 svnserve 服务"
7571
7572
#: serverguide/C/vcs.xml:168(para)
7573
msgid "svn+ssh://"
7574
msgstr "svn+ssh://"
7575
7576
#: serverguide/C/vcs.xml:169(para)
7577
msgid "Same as svn://, but through an SSH tunnel"
7578
msgstr "与 svn:// 一样,但使用 SSH 遂道"
7579
7580
#: serverguide/C/vcs.xml:175(para)
7581
msgid ""
7582
"In this section, we will see how to configure Subversion for all these "
7583
"access methods. Here, we cover the basics. For more advanced usage details, "
7584
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7585
msgstr ""
7586
"在本部分,我们将看到如何为所有这些访问方式来配置 Subversion。这里,我们只介绍基本用法。更多详细、高级用法请参阅<ulink "
7587
"url=\"http://svnbook.red-bean.com/\">svn 书</ulink>"
7588
7589
#: serverguide/C/vcs.xml:182(title)
7590
msgid "Direct repository access (file://)"
7591
msgstr "直接访问库 (file://)"
7592
7593
#: serverguide/C/vcs.xml:183(para)
7594
msgid ""
7595
"This is the simplest of all access methods. It does not require any "
7596
"Subversion server process to be running. This access method is used to "
7597
"access Subversion from the same machine. The syntax of the command, entered "
7598
"at a terminal prompt, is as follows:"
7599
msgstr ""
7600
"这是所有访问方式中最简单的。它不要求运行任何 Subversion 服务器进程。该访问方式用于在同一台机器上访问 "
7601
"Subversion。在终端提示符后输入的命令如下所示:"
7602
7603
#: serverguide/C/vcs.xml:190(command)
7604
msgid "svn co file:///path/to/repos/project"
7605
msgstr "svn co file:///path/to/repos/project"
7606
7607
#: serverguide/C/vcs.xml:193(para)
7608
msgid "or"
7609
msgstr "或"
7610
7611
#: serverguide/C/vcs.xml:196(command)
7612
msgid "svn co file://localhost/path/to/repos/project"
7613
msgstr "svn co file://localhost/path/to/repos/project"
7614
7615
#: serverguide/C/vcs.xml:200(para)
7616
msgid ""
7617
"If you do not specify the hostname, there are three forward slashes (///) -- "
7618
"two for the protocol (file, in this case) plus the leading slash in the "
7619
"path. If you specify the hostname, you must use two forward slashes (//)."
7620
msgstr ""
7621
"如果您没有指定主机名,则需要三个斜杠 (///) -- 其中两个是协议的 (这里是 "
7622
"file),另一个是路径前的。如果您指定了主机名,那么您必须使用双个斜杠 (//)。"
7623
7624
#: serverguide/C/vcs.xml:202(para)
7625
msgid ""
7626
"The repository permissions depend on filesystem permissions. If the user has "
7627
"read/write permission, he can checkout from and commit to the repository."
7628
msgstr "库权限依赖于文件系统的权限。如果用户有读/写权限,他可以从库中检出或者提交到库。"
7629
7630
#: serverguide/C/vcs.xml:205(title)
7631
msgid "Access via WebDAV protocol (http://)"
7632
msgstr "通过 WebDAV 协议 (http://) 访问"
7633
7634
#: serverguide/C/vcs.xml:206(para)
7635
msgid ""
7636
"To access the Subversion repository via WebDAV protocol, you must configure "
7637
"your Apache 2 web server. Add the following snippet between the "
7638
"<emphasis><VirtualHost></emphasis> and "
7639
"<emphasis></VirtualHost></emphasis> elements in "
7640
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7641
"VirtualHost file:"
7642
msgstr ""
7643
7644
#: serverguide/C/vcs.xml:212(programlisting)
7645
#, no-wrap
7646
msgid ""
7647
"\n"
7648
" <Location /svn>\n"
7649
" DAV svn\n"
7650
" SVNPath /home/svn\n"
7651
" AuthType Basic\n"
7652
" AuthName \"Your repository name\"\n"
7653
" AuthUserFile /etc/subversion/passwd\n"
7654
" Require valid-user\n"
7655
" </Location> \n"
7656
msgstr ""
7657
7658
#: serverguide/C/vcs.xml:223(para)
7659
msgid ""
7660
"The above configuration snippet assumes that Subversion repositories are "
7661
"created under <filename>/home/svn/</filename> directory using "
7662
"<command>svnadmin</command> command. They can be accessible using "
7663
"<command>http://hostname/svn/repos_name</command> url."
7664
msgstr ""
7665
7666
#: serverguide/C/vcs.xml:229(para)
7667
msgid ""
7668
"To import or commit files to your Subversion repository over HTTP, the "
7669
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7670
"HTTP user is <command>www-data</command>. To change the ownership of the "
7671
"repository files enter the following command from terminal prompt:"
7672
msgstr ""
7673
"要通过HTTP导出或提交你的版本库,库必须由HTTP用户拥有。 在UBUNTU系统里,通常HTTP用户就是<command>www-"
7674
"data</command>。 要修改库文件的所有者,可以从终端命令提示符下输入以下命令:"
7675
7676
#: serverguide/C/vcs.xml:238(command)
7677
msgid "sudo chown -R www-data:www-data /path/to/repos"
7678
msgstr "sudo chown -R www-data:www-data /path/to/repos"
7679
7680
#: serverguide/C/vcs.xml:241(para)
7681
msgid ""
7682
"By changing the ownership of repository as <command>www-data</command> you "
7683
"will not be able to import or commit files into the repository by running "
7684
"<command>svn import file:///</command> command as any user other than "
7685
"<command>www-data</command>."
7686
msgstr ""
7687
"将版本库的所有者修改为<command>www-data</command>后,你不能用除<command>www-"
7688
"data</command>以外的用户运行<command>svn import file:///</command>命令来导出或提交文件。"
7689
7690
#: serverguide/C/vcs.xml:250(para)
7691
msgid ""
7692
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7693
"that will contain user authentication details. To create a file issue the "
7694
"following command at a command prompt (which will create the file and add "
7695
"the first user):"
7696
msgstr ""
7697
"然后, 你必须创建文件<filename>/etc/subversion/passwd</filename>来存放用户验证的详细信息. "
7698
"在命令提示符后面输入下面的命令:"
7699
7700
#: serverguide/C/vcs.xml:256(command)
7701
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7702
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
7703
7704
#: serverguide/C/vcs.xml:259(para)
7705
msgid ""
7706
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7707
"option replaces the old file. Instead use this form:"
7708
msgstr ""
7709
"添加附加的用户时请省略<emphasis>\"-c\"</emphasis>选项,因为这个选项将用来替换旧的文件。应该使用这个形式来代替:"
7710
7711
#: serverguide/C/vcs.xml:264(command)
7712
msgid "sudo htpasswd /etc/subversion/password user_name"
7713
msgstr "sudo htpasswd /etc/subversion/password user_name"
7714
7715
#: serverguide/C/vcs.xml:268(para)
7716
msgid ""
7717
"This command will prompt you to enter the password. Once you enter the "
7718
"password, the user is added. Now, to access the repository you can run the "
7719
"following command:"
7720
msgstr "该命令将提示您输入密码。一旦您输入密码。该用户将被添加。现在您可以运行下列命令来访问库:"
7721
7722
#: serverguide/C/vcs.xml:269(command)
7723
msgid "svn co http://servername/svn"
7724
msgstr "svn co http://servername/svn"
7725
7726
#: serverguide/C/vcs.xml:271(para)
7727
msgid ""
7728
"The password is transmitted as plain text. If you are worried about password "
7729
"snooping, you are advised to use SSL encryption. For details, please refer "
7730
"next section."
7731
msgstr "该密码是以纯文本传输的。如果您担心密码被截取,建议您使用 SSL 加密。相关细节,请参考下一章节。"
7732
7733
#: serverguide/C/vcs.xml:277(title)
7734
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7735
msgstr "通过带有 SSL 加密的 WebDAV 协议来访问 (https://)"
7736
7737
#: serverguide/C/vcs.xml:278(para)
7738
msgid ""
7739
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7740
"(https://) is similar to http:// except that you must install and configure "
7741
"the digital certificate in your Apache2 web server. To use SSL with "
7742
"Subversion add the above Apache2 configuration to "
7743
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7744
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7745
"configuration\"/>."
7746
msgstr ""
7747
"使用带有SSL加密的(https://)WebDAV协议访问Subversion仓库跟 http://... "
7748
"的方式相似,除了你必须在你的Apache2中安装配置数字证书。 你可以向<filename>/etc/apache2/sites-"
7749
"available/default-"
7750
"ssl</filename>文件添加以上Apache2配置来使用带有SSL的Subversion。关于配置Apache2 SSL的更多信息请看<xref "
7751
"linkend=\"https-configuration\"/>。"
7752
7753
#: serverguide/C/vcs.xml:287(para)
7754
msgid ""
7755
"You can install a digital certificate issued by a signing authority. "
7756
"Alternatively, you can install your own self-signed certificate."
7757
msgstr "您可以安装一个权威机构发行的数字证书。当然,您也可以安装一个自定义的证书。"
7758
7759
#: serverguide/C/vcs.xml:292(para)
7760
msgid ""
7761
"This step assumes you have installed and configured a digital certificate in "
7762
"your Apache 2 web server. Now, to access the Subversion repository, please "
7763
"refer to the above section! The access methods are exactly the same, except "
7764
"the protocol. You must use https:// to access the Subversion repository."
7765
msgstr ""
7766
"这一步假设您已经在您的 Apache2 web 服务器中安装和配置了数字证书。现在要访问 Subversion "
7767
"库,请参考上一章节!除了所用协议之外访问方式完全相同。您必须使用 https:// 来访问 Subversion 库。"
7768
7769
#: serverguide/C/vcs.xml:302(title)
7770
msgid "Access via custom protocol (svn://)"
7771
msgstr "通过自身协议访问 (svn://)"
7772
7773
#: serverguide/C/vcs.xml:303(para)
7774
msgid ""
7775
"Once the Subversion repository is created, you can configure the access "
7776
"control. You can edit the <filename> "
7777
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7778
"access control. For example, to set up authentication, you can uncomment the "
7779
"following lines in the configuration file:"
7780
msgstr ""
7781
"一旦 Subversion 库被创建,您就可以配置访问控制了。您可以通过编辑 <filename> "
7782
"/path/to/repos/project/conf/svnserve.conf</filename> "
7783
"文件来配置访问控制了。例如,要设置认证,您可以在配置文件中反注释下列行:"
7784
7785
#: serverguide/C/vcs.xml:310(programlisting)
7786
#, no-wrap
7787
msgid ""
7788
"# [general]\n"
7789
"# password-db = passwd"
7790
msgstr ""
7791
"# [general]\n"
7792
"# password-db = passwd"
7793
7794
#: serverguide/C/vcs.xml:313(para)
7795
msgid ""
7796
"After uncommenting the above lines, you can maintain the user list in the "
7797
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7798
"directory and add the new user. The syntax is as follows:"
7799
msgstr ""
7800
"在反注释上面几行之后,您可以在 passwd 文件中维护用户列表。因此编辑同一目录中的文件 <filename>passwd "
7801
"</filename>并添加新用户。其语法如下:"
7802
7803
#: serverguide/C/vcs.xml:319(programlisting)
7804
#, no-wrap
7805
msgid "username = password"
7806
msgstr "username = password"
7807
7808
#: serverguide/C/vcs.xml:320(para)
7809
msgid "For more details, please refer to the file."
7810
msgstr "更多细节,请参考该文件。"
7811
7812
#: serverguide/C/vcs.xml:324(para)
7813
msgid ""
7814
"Now, to access Subversion via the svn:// custom protocol, either from the "
7815
"same machine or a different machine, you can run svnserver using svnserve "
7816
"command. The syntax is as follows:"
7817
msgstr ""
7818
"现在要从本机或不同机器通过 svn:// 自身协议来访问 Subversion,您可以使用 svnserve 命令来运行 svnserver。其语法如下:"
7819
7820
#: serverguide/C/vcs.xml:329(programlisting)
7821
#, no-wrap
7822
msgid ""
7823
"$ svnserve -d --foreground -r /path/to/repos\n"
7824
"# -d -- daemon mode\n"
7825
"# --foreground -- run in foreground (useful for debugging)\n"
7826
"# -r -- root of directory to serve\n"
7827
"\n"
7828
"For more usage details, please refer to:\n"
7829
"$ svnserve --help"
7830
msgstr ""
7831
"$ svnserve -d --foreground -r /path/to/repos\n"
7832
"# -d -- daemon mode\n"
7833
"# --foreground -- run in foreground (useful for debugging)\n"
7834
"# -r -- root of directory to serve\n"
7835
"\n"
7836
"For more usage details, please refer to:\n"
7837
"$ svnserve --help"
7838
7839
#: serverguide/C/vcs.xml:337(para)
7840
msgid ""
7841
"Once you run this command, Subversion starts listening on default port "
7842
"(3690). To access the project repository, you must run the following command "
7843
"from a terminal prompt:"
7844
msgstr "一旦您运行该命令,将启动 Subversion 并在缺省端口 (3690) 监听。要访问项目库,您必须在终端提示符后运行下列命令:"
7845
7846
#: serverguide/C/vcs.xml:340(command)
7847
msgid "svn co svn://hostname/project project --username user_name"
7848
msgstr "svn co svn://hostname/project project --username user_name"
7849
7850
#: serverguide/C/vcs.xml:343(para)
7851
msgid ""
7852
"Based on server configuration, it prompts for password. Once you are "
7853
"authenticated, it checks out the code from Subversion repository. To "
7854
"synchronize the project repository with the local copy, you can run the "
7855
"<command>update</command> sub-command. The syntax of the command, entered at "
7856
"a terminal prompt, is as follows:"
7857
msgstr ""
7858
"根据服务器的配置,出现密码提示。一旦您认证通过,将从 Subversion 库检出代码。要让本地副本同步项目库,您可以运行 "
7859
"<command>update</command> 子命令。在终端提示符后的命令语法如下所示:"
7860
7861
#: serverguide/C/vcs.xml:351(command)
7862
msgid "cd project_dir ; svn update"
7863
msgstr "cd project_dir ; svn update"
7864
7865
#: serverguide/C/vcs.xml:354(para)
7866
msgid ""
7867
"For more details about using each Subversion sub-command, you can refer to "
7868
"the manual. For example, to learn more about the co (checkout) command, "
7869
"please run the following command from a terminal prompt:"
7870
msgstr ""
7871
"关于 Subversion 子命令的更多细节,您可以参考手册。如为了学到关于 co (checkout) 命令的细节,请在终端提示符后运行下列命令:"
7872
7873
#: serverguide/C/vcs.xml:358(command)
7874
msgid "svn co help"
7875
msgstr "svn co help"
7876
7877
#: serverguide/C/vcs.xml:362(title)
7878
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7879
msgstr "通过带有 SSL 加密的自身协议 (svn+ssh://) 访问"
7880
7881
#: serverguide/C/vcs.xml:363(para)
7882
msgid ""
7883
"The configuration and server process is same as in the svn:// method. For "
7884
"details, please refer to the above section. This step assumes you have "
7885
"followed the above step and started the Subversion server using "
7886
"<application>svnserve</application> command."
7887
msgstr ""
7888
"配置和服务器处理与用 svn:// 方式是相同的。详情请参考上面的章节。这一步假定您已经完成了上面的步骤并用 "
7889
"<application>svnserve</application> 命令启动了 Subversion 服务器。"
7890
7891
#: serverguide/C/vcs.xml:369(para)
7892
msgid ""
7893
"It is also assumed that the ssh server is running on that machine and that "
7894
"it is allowing incoming connections. To confirm, please try to login to that "
7895
"machine using ssh. If you can login, everything is perfect. If you cannot "
7896
"login, please address it before continuing further."
7897
msgstr ""
7898
"它也假定 ssh 服务器已经在该机上运行并允许连接。为了确认,请尝试使用 ssh 登录该机器。如果您可以登录,一切就绪。如果不能登录,请在继续之前解决它。"
7899
7900
#: serverguide/C/vcs.xml:375(para)
7901
msgid ""
7902
"The svn+ssh:// protocol is used to access the Subversion repository using "
7903
"SSL encryption. The data transfer is encrypted using this method. To access "
7904
"the project repository (for example with a checkout), you must use the "
7905
"following command syntax:"
7906
msgstr ""
7907
"svn+ssh:// 协议使用 SSL 加密来访问 Subversion 库。使用这种方式进行的数据传输是加密的。要访问项目库 (如 "
7908
"checkout),您必须使用下面的命令语法:"
7909
7910
#: serverguide/C/vcs.xml:382(command)
7911
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7912
msgstr "svn co svn+ssh://hostname/var/svn/repos/project"
7913
7914
#: serverguide/C/vcs.xml:386(para)
7915
msgid ""
7916
"You must use the full path (/path/to/repos/project) to access the Subversion "
7917
"repository using this access method."
7918
msgstr "使用这种访问方式您必须使用全路径 (/path/to/repos/project) 来访问 Subversion 库。"
7919
7920
#: serverguide/C/vcs.xml:389(para)
7921
msgid ""
7922
"Based on server configuration, it prompts for password. You must enter the "
7923
"password you use to login via ssh. Once you are authenticated, it checks out "
7924
"the code from the Subversion repository."
7925
msgstr ""
7926
"根据服务器配置,它将提示输入密码。在使用 ssh 登录时您必须输入密码。一旦您被认证通过之后,它将从 Subversion 库中检出代码。"
7927
7928
#: serverguide/C/vcs.xml:399(title)
7929
msgid "CVS Server"
7930
msgstr "CVS 服务器"
7931
7932
#: serverguide/C/vcs.xml:400(para)
7933
msgid ""
7934
"CVS is a version control system. You can use it to record the history of "
7935
"source files."
7936
msgstr "CVS 是一个版本控制系统。您可以使用它来记录源文件的历史。"
7937
7938
#: serverguide/C/vcs.xml:406(para)
7939
msgid ""
7940
"To install <application>CVS</application>, run the following command from a "
7941
"terminal prompt: <screen>\n"
7942
"<command>sudo apt-get install cvs</command>\n"
7943
"</screen> After you install <application>cvs</application>, you should "
7944
"install <application>xinetd</application> to start/stop the cvs server. At "
7945
"the prompt, enter the following command to install "
7946
"<application>xinetd</application>: <screen>\n"
7947
"<command>sudo apt-get install xinetd</command>\n"
7948
"</screen>"
7949
msgstr ""
7950
"安装<application>CVS</application>,从终端提示上运行以下命令:<screen>\n"
7951
"<command>sudo apt-get install cvs</command>\n"
7952
"</screen> 在您安装 "
7953
"<application>cvs</application>完毕后,应该安装<application>xinetd</application>来启动/停止"
7954
" cvs 服务器。在提示符上,键入以下命令来安装<application>xinetd</application>: <screen>\n"
7955
"<command>sudo apt-get install xinetd</command>\n"
7956
"</screen>"
7957
7958
#: serverguide/C/vcs.xml:439(programlisting)
7959
#, no-wrap
7960
msgid ""
7961
"\n"
7962
"service cvspserver\n"
7963
"{\n"
7964
" port = 2401\n"
7965
" socket_type = stream\n"
7966
" protocol = tcp\n"
7967
" user = root\n"
7968
" wait = no\n"
7969
" type = UNLISTED\n"
7970
" server = /usr/bin/cvs\n"
7971
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7972
" disable = no\n"
7973
"}\n"
7974
msgstr ""
7975
"\n"
7976
"service cvspserver\n"
7977
"{\n"
7978
" port = 2401\n"
7979
" socket_type = stream\n"
7980
" protocol = tcp\n"
7981
" user = root\n"
7982
" wait = no\n"
7983
" type = UNLISTED\n"
7984
" server = /usr/bin/cvs\n"
7985
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7986
" disable = no\n"
7987
"}\n"
7988
7989
#: serverguide/C/vcs.xml:455(para)
7990
msgid ""
7991
"Be sure to edit the repository if you have changed the default repository "
7992
"(<application>/var/lib/cvs</application>) directory."
7993
msgstr "如果你改变缺省的库目录 (<application>/var/lib/cvs</application>) 那么您必须要编辑库。"
7994
7995
#: serverguide/C/vcs.xml:424(para)
7996
msgid ""
7997
"Once you install cvs, the repository will be automatically initialized. By "
7998
"default, the repository resides under the "
7999
"<application>/var/lib/cvs</application> directory. You can change this path "
8000
"by running following command: <screen>\n"
8001
"<command>cvs -d /your/new/cvs/repo init</command>\n"
8002
"</screen> Once the initial repository is set up, you can configure "
8003
"<application>xinetd</application> to start the CVS server. You can copy the "
8004
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
8005
"<placeholder-1/><placeholder-2/> Once you have configured "
8006
"<application>xinetd</application> you can start the cvs server by running "
8007
"following command: <screen>\n"
8008
"<command>sudo /etc/init.d/xinetd restart</command>\n"
8009
"</screen>"
8010
msgstr ""
8011
"一旦你安装了CVS,库就会自动初始化. 默认情况下, 库在<application>/var/lib/cvs</application>目录下. "
8012
"你可以通过下面的命令来修改路径.<screen>\n"
8013
"<command>cvs -d /your/new/cvs/repo init</command>\n"
8014
"</screen>当初始化结束后,就可以配置<application>xinetd</application>来启动CVS服务器. "
8015
"你可以把下面的命令复制到文件<filename> /etc/xinetd.d/cvspserver</filename>中. <placeholder-"
8016
"1/><placeholder-2/> 配置好<application>xinetd</application>后,运行下面的命令来启动CVS服务器: "
8017
"<screen>\n"
8018
"<command>sudo /etc/init.d/xinetd restart</command>\n"
8019
"</screen>"
8020
8021
#: serverguide/C/vcs.xml:468(para)
8022
msgid ""
8023
"You can confirm that the CVS server is running by issuing the following "
8024
"command:"
8025
msgstr "您可以执行以下命令来确定 CVS 服务器正在运行:"
8026
8027
#: serverguide/C/vcs.xml:475(command)
8028
msgid "sudo netstat -tap | grep cvs"
8029
msgstr "sudo netstat -tap | grep cvs"
8030
8031
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
8032
msgid ""
8033
"When you run this command, you should see the following line or something "
8034
"similar:"
8035
msgstr "当您运行该命令时,您可以看到类似下面的行:"
8036
8037
#: serverguide/C/vcs.xml:484(programlisting)
8038
#, no-wrap
8039
msgid ""
8040
"\n"
8041
"tcp 0 0 *:cvspserver *:* LISTEN \n"
8042
msgstr ""
8043
"\n"
8044
"tcp 0 0 *:cvspserver *:* LISTEN \n"
8045
8046
#: serverguide/C/vcs.xml:488(para)
8047
msgid ""
8048
"From here you can continue to add users, add new projects, and manage the "
8049
"CVS server."
8050
msgstr "在这里您可以继续添加用户,添加新的项目以及管理 CVS 服务器"
8051
8052
#: serverguide/C/vcs.xml:493(para)
8053
msgid ""
8054
"CVS allows the user to add users independently of the underlying OS "
8055
"installation. Probably the easiest way is to use the Linux Users for CVS, "
8056
"although it has potential security issues. Please refer to the CVS manual "
8057
"for details."
8058
msgstr ""
8059
"CVS 允许用户添加独立于 OS 安装的用户。也许最容易的方式就是让 CVS 使用 Linux 的用户,虽然它有潜在的安全隐患。详细请参考 CVS 手册。"
8060
8061
#: serverguide/C/vcs.xml:503(title)
8062
msgid "Add Projects"
8063
msgstr "添加项目"
8064
8065
#: serverguide/C/vcs.xml:515(para)
8066
msgid ""
8067
"You can use the CVSROOT environment variable to store the CVS root "
8068
"directory. Once you export the CVSROOT environment variable, you can avoid "
8069
"using -d option in the above cvs command."
8070
msgstr "你可以使用CVSROOT环境变量来储存CVS的根目录。你输出CVSROOT环境变量后,在上面的命令里就可以不使用-d这个选项。"
8071
8072
#: serverguide/C/vcs.xml:527(para)
8073
msgid ""
8074
"When you add a new project, the CVS user you use must have write access to "
8075
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
8076
"the <application>src</application> group has write access to the CVS "
8077
"repository. So, you can add the user to this group, and he can then add and "
8078
"manage projects in the CVS repository."
8079
msgstr ""
8080
"当您新添项目时,您所用的 CVS 用户必须对 CVS 库 (<application>/var/lib/cvs</application>) "
8081
"有写权限。缺省状态下,<application>src</application> 组有对 CVS "
8082
"库的写权限,因此,您可以添加用户到该组,然后就该用户就可以在 CVS 库中添加和管理项目了。"
8083
8084
#: serverguide/C/vcs.xml:504(para)
8085
msgid ""
8086
"This section explains how to add new project to the CVS repository. Create "
8087
"the directory and add necessary document and source files to the directory. "
8088
"Now, run the following command to add this project to CVS repository: "
8089
"<screen>\n"
8090
"<command>cd your/project</command>\n"
8091
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
8092
"\"Importing my project to CVS repository\" . new_project start</command>\n"
8093
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
8094
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
8095
"purpose in this context, but since CVS requires them, they must be present. "
8096
"<placeholder-2/>"
8097
msgstr ""
8098
"这部分介绍如何在CVS版本库里增加新项目。创建一个文件夹,放入必需的文档和源文件。然后运行以下命令来把此项目加入到CVS版本库中:<screen>\n"
8099
"<command>cd your/project</command>\n"
8100
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
8101
"\"Importing my project to CVS repository\" . new_project start</command>\n"
8102
"</screen><placeholder-1/> 字符串 <emphasis>new_project</emphasis>是计算机销售商的标签,然后 "
8103
"<emphasis>start</emphasis> 是一个发行版标签。 "
8104
"它们在这里并没有什么用,但是因为CVS需要它们,所以这里必须出现。<placeholder-2/>"
8105
8106
#: serverguide/C/vcs.xml:540(ulink)
8107
msgid "Bazaar Home Page"
8108
msgstr "Bazaar主页"
8109
8110
#: serverguide/C/vcs.xml:541(ulink)
8111
msgid "Launchpad"
8112
msgstr "Launchpad"
8113
8114
#: serverguide/C/vcs.xml:542(ulink)
8115
msgid "Subversion Home Page"
8116
msgstr "Subversion 主页"
8117
8118
#: serverguide/C/vcs.xml:543(ulink)
8119
msgid "Subversion Book"
8120
msgstr "Subversion 书 (使用Subversion进行版本控制)"
8121
8122
#: serverguide/C/vcs.xml:545(ulink)
8123
msgid "CVS Manual"
8124
msgstr "CVS 手册"
8125
8126
#: serverguide/C/vcs.xml:546(ulink)
8127
msgid "Easy Bazaar Ubuntu Wiki page"
8128
msgstr ""
8129
8130
#: serverguide/C/vcs.xml:547(ulink)
8131
msgid "Ubuntu Wiki Subversion page"
8132
msgstr ""
8133
8134
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
8135
msgid "Credits and License"
8136
msgstr "贡献者与授权许可"
8137
8138
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
8139
msgid ""
8140
"This document is maintained by the Ubuntu documentation team "
8141
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
8142
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
8143
msgstr ""
8144
"本文档由Ubuntu文档团队(https://wiki.ubuntu.com/DocumentationTeam)维护。贡献者名单详见<ulink "
8145
"url=\"../../libs/C/contributors.xml\">贡献者页面</ulink>"
8146
8147
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
8148
msgid ""
8149
"This document is made available under the Creative Commons ShareAlike 2.5 "
8150
"License (CC-BY-SA)."
8151
msgstr "本文档在 Creative Commons ShareAlike 2.5 授权许可 (CC-BY-SA) 的条款下发布。"
8152
8153
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
8154
msgid ""
8155
"You are free to modify, extend, and improve the Ubuntu documentation source "
8156
"code under the terms of this license. All derivative works must be released "
8157
"under this license."
8158
msgstr "您可以在该许可的条款下自由地修改、扩展,以及改进本 Ubuntu 文档的源码。所有的衍生作品必须在本许可下发布。"
8159
8160
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
8161
msgid ""
8162
"This documentation is distributed in the hope that it will be useful, but "
8163
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
8164
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
8165
msgstr "本文档发布的目的是期望它有所用途,但不提供任何担保;对免责声明里提及的适销性和用于某一特定目的适用性,也不承担任何默示的担保。"
8166
8167
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
8168
msgid ""
8169
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
8170
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
8171
msgstr ""
8172
"该授权许可的副本可以在这里找到:<ulink url=\"/usr/share/ubuntu-"
8173
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>。"
8174
8175
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
8176
msgid "2010"
8177
msgstr ""
8178
8179
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
8180
msgid "Ubuntu Documentation Project"
8181
msgstr "Ubuntu 文档项目"
8182
8183
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
8184
msgid "Canonical Ltd. and members of the <placeholder-1/>"
8185
msgstr "Canonical公司和<placeholder-1/>的成员"
8186
8187
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
8188
msgid "The Ubuntu Documentation Project"
8189
msgstr "Ubuntu 文档项目"
8190
8191
#: serverguide/C/serverguide.xml:17(para)
8192
msgid ""
8193
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
8194
"information on how to install and configure various server applications on "
8195
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
8196
"guide for configuring and customizing your system."
8197
msgstr ""
8198
"欢迎来到 <emphasis>Ubuntu 服务器指南</emphasis>!本指南中的信息包括如何在您的 Ubuntu "
8199
"系统中安装和配置各种服务器应用程序来满足您的需求。这是一个配置和自定义您的系统的循序渐进、面向任务的指南。"
8200
8201
#: serverguide/C/security.xml:13(title)
8202
msgid "Security"
8203
msgstr "安全性"
8204
8205
#: serverguide/C/security.xml:14(para)
8206
msgid ""
8207
"Security should always be considered when installing, deploying, and using "
8208
"any type of computer system. Although a fresh installation of Ubuntu is "
8209
"relatively safe for immediate use on the Internet, it is important to have a "
8210
"balanced understanding of your systems security posture based on how it will "
8211
"be used after deployment."
8212
msgstr ""
8213
"安全问题在任何类型的计算机系统的安装,发布和使用过程都需要考虑的。虽然一个全新安装的Ubuntu系统在互联网上直接使用相对而言是安全的,对于系统发布后怎么"
8214
"处理系统安全的问题有个全面的了解还是很重要的。"
8215
8216
#: serverguide/C/security.xml:17(para)
8217
msgid ""
8218
"This chapter provides an overview of security related topics as they pertain "
8219
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
8220
"protect your server and network from any number of potential security "
8221
"threats."
8222
msgstr ""
8223
8224
#: serverguide/C/security.xml:21(title)
8225
msgid "User Management"
8226
msgstr "用户管理"
8227
8228
#: serverguide/C/security.xml:22(para)
8229
msgid ""
8230
"User management is a critical part of maintaining a secure system. "
8231
"Ineffective user and privilege management often lead many systems into being "
8232
"compromised. Therefore, it is important that you understand how you can "
8233
"protect your server through simple and effective user account management "
8234
"techniques."
8235
msgstr ""
8236
"用户管理是维护一个安全的系统中至关重要一个环节。在用户和权限管理方面跟不上步伐常常会导致其系统处在危险之中。因此,对于理解如何通过简单面有效的用户管理技术"
8237
"来保护你的服务器是必要重要的。"
8238
8239
#: serverguide/C/security.xml:26(title)
8240
msgid "Where is root?"
8241
msgstr "Root 在哪里?"
8242
8243
#: serverguide/C/security.xml:27(para)
8244
msgid ""
8245
"Ubuntu developers made a conscientious decision to disable the "
8246
"administrative root account by default in all Ubuntu installations. This "
8247
"does not mean that the root account has been deleted or that it may not be "
8248
"accessed. It merely has been given a password which matches no possible "
8249
"encrypted value, therefore may not log in directly by itself."
8250
msgstr ""
8251
"Ubuntu的开发者们作出了一个出于真诚的决定,即在默认的Ubuntu安装中禁止root用户。这并不意味着root用户被删除了或者您的系统无法被管理了。r"
8252
"oot用户被赋予了一个没有实际口令与之对应的加密口令,因为设定之后Ubuntu并没有将那个随机口令记录下来。"
8253
8254
#: serverguide/C/security.xml:30(para)
8255
msgid ""
8256
"Instead, users are encouraged to make use of a tool by the name of "
8257
"<application>sudo</application> to carry out system administrative duties. "
8258
"<application>Sudo</application> allows an authorized user to temporarily "
8259
"elevate their privileges using their own password instead of having to know "
8260
"the password belonging to the root account. This simple yet effective "
8261
"methodology provides accountability for all user actions, and gives the "
8262
"administrator granular control over which actions a user can perform with "
8263
"said privileges."
8264
msgstr ""
8265
"相反地,我们鼓励用户使用一个名为<application>sudo</application>的恒许来完成系统管理任务。<application>Sudo"
8266
"</application>允许用户使用自己设定的密码来管理而不需要root用户的密码。这个特性使得对各个雍和的各种权限的管理可以细化,并且将系统管理的部"
8267
"分活全部特权分给指定的用户。"
8268
8269
#: serverguide/C/security.xml:35(para)
8270
msgid ""
8271
"If for some reason you wish to enable the root account, simply give it a "
8272
"password:"
8273
msgstr "如果出于某些原因想启用root帐户,只要为它设置一个密码就可以了:"
8274
8275
#: serverguide/C/security.xml:39(command)
8276
msgid "sudo passwd"
8277
msgstr "sudo passwd"
8278
8279
#: serverguide/C/security.xml:41(para)
8280
msgid ""
8281
"Sudo will prompt you for your password, and then ask you to supply a new "
8282
"password for root as shown below:"
8283
msgstr "Sudo会让你输入你的密码,接着会让你为root设置新密码:"
8284
8285
#: serverguide/C/security.xml:44(userinput)
8286
#, no-wrap
8287
msgid "(enter your own password)"
8288
msgstr "(输入你自己的密码)"
8289
8290
#: serverguide/C/security.xml:45(userinput)
8291
#, no-wrap
8292
msgid "(enter a new password for root)"
8293
msgstr "(为 root 输入一个新密码)"
8294
8295
#: serverguide/C/security.xml:46(userinput)
8296
#, no-wrap
8297
msgid "(repeat new password for root)"
8298
msgstr "(重复为 root 输入一个新密码)"
8299
8300
#: serverguide/C/security.xml:44(computeroutput)
8301
#, no-wrap
8302
msgid ""
8303
"[sudo] password for username: <placeholder-1/>\n"
8304
"Enter new UNIX password: <placeholder-2/>\n"
8305
"Retype new UNIX password: <placeholder-3/>\n"
8306
"passwd: password updated successfully"
8307
msgstr ""
8308
"[sudo]用户名的密码:<placeholder-1/>\n"
8309
"输入新的UNIX密码:<placeholder-2/>\n"
8310
"确认输入新的UNIX密码:<placeholder-3/>\n"
8311
"passwd: 密码更新成功。"
8312
8313
#: serverguide/C/security.xml:51(para)
8314
msgid "To disable the root account, use the following passwd syntax:"
8315
msgstr "要禁用根用户,使用下面这个passwd命令:"
8316
8317
#: serverguide/C/security.xml:55(command)
8318
msgid "sudo passwd -l root"
8319
msgstr "sudo passwd -l root"
8320
8321
#: serverguide/C/security.xml:59(para)
8322
msgid ""
8323
"You should read more on <application>Sudo</application> by checking out it's "
8324
"man page:"
8325
msgstr "你应该到<application>Sudo</application>的man帮助信息里阅读更多有关信息:"
8326
8327
#: serverguide/C/security.xml:63(command)
8328
msgid "man sudo"
8329
msgstr "man sudo"
8330
8331
#: serverguide/C/security.xml:67(para)
8332
msgid ""
8333
"By default, the initial user created by the Ubuntu installer is a member of "
8334
"the group \"admin\" which is added to the file "
8335
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
8336
"give any other account full root access through "
8337
"<application>sudo</application>, simply add them to the admin group."
8338
msgstr ""
8339
"一般地,Ubuntu安装程序会把admin组的用户加入到<filename>/etc/sudoers</filename>使其成为授权的sudo用户。如果"
8340
"您需要允许其他用户使用sudo来获取root的特权,最简单的办法就是将他加入admin组。"
8341
8342
#: serverguide/C/security.xml:73(title)
8343
msgid "Adding and Deleting Users"
8344
msgstr "添加和删除用户"
8345
8346
#: serverguide/C/security.xml:74(para)
8347
msgid ""
8348
"The process for managing local users and groups is straight forward and "
8349
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
8350
"other Debian based distributions, encourage the use of the \"adduser\" "
8351
"package for account management."
8352
msgstr ""
8353
"管理本地用户和组的过程是很直接的,对于大多数其他GNU/Linux操作系统而言差异很小。Ubuntu和其他基于Debian的发行版,都鼓励使用\"addu"
8354
"ser\"包来管理用户。"
8355
8356
#: serverguide/C/security.xml:79(para)
8357
msgid ""
8358
"To add a user account, use the following syntax, and follow the prompts to "
8359
"give the account a password and identifiable characteristics such as a full "
8360
"name, phone number, etc."
8361
msgstr "如需添加帐户,请使用下述语句,并根据提示给帐户设置密码以及可识别的特征(如全名,电话等)。"
8362
8363
#: serverguide/C/security.xml:83(command)
8364
msgid "sudo adduser username"
8365
msgstr "sudo adduser username"
8366
8367
#: serverguide/C/security.xml:87(para)
8368
msgid ""
8369
"To delete a user account and its primary group, use the following syntax:"
8370
msgstr "要删除一个用户及其主要组别,使用如下命令:"
8371
8372
#: serverguide/C/security.xml:91(command)
8373
msgid "sudo deluser username"
8374
msgstr "sudo deluser username"
8375
8376
#: serverguide/C/security.xml:93(para)
8377
msgid ""
8378
"Deleting an account does not remove their respective home folder. It is up "
8379
"to you whether or not you wish to delete the folder manually or keep it "
8380
"according to your desired retention policies."
8381
msgstr "删除一个帐号并不会同时删除其相应的home文件夹。要你自己决定性是手动把它删掉还是根据你的保留政策而将其留下来。"
8382
8383
#: serverguide/C/security.xml:96(para)
8384
msgid ""
8385
"Remember, any user added later on with the same UID/GID as the previous "
8386
"owner will now have access to this folder if you have not taken the "
8387
"necessary precautions."
8388
msgstr "请记住,如果不采取预防措施,将来添加的任何与以前拥有者相同UID/GID的用户都能够进入到此文件夹。"
8389
8390
#: serverguide/C/security.xml:99(para)
8391
msgid ""
8392
"You may want to change these UID/GID values to something more appropriate, "
8393
"such as the root account, and perhaps even relocate the folder to avoid "
8394
"future conflicts:"
8395
msgstr "你可以将这些UID/GID改成比较合适的值,如根帐户,或许将文件夹也移至新位置以避免将来发生的冲突。"
8396
8397
#: serverguide/C/security.xml:103(command)
8398
msgid "sudo chown -R root:root /home/username/"
8399
msgstr "sudo chown -R root:root /home/username/"
8400
8401
#: serverguide/C/security.xml:104(command)
8402
msgid "sudo mkdir /home/archived_users/"
8403
msgstr "sudo mkdir /home/archived_users/"
8404
8405
#: serverguide/C/security.xml:105(command)
8406
msgid "sudo mv /home/username /home/archived_users/"
8407
msgstr "sudo mv /home/username /home/archived_users/"
8408
8409
#: serverguide/C/security.xml:109(para)
8410
msgid ""
8411
"To temporarily lock or unlock a user account, use the following syntax, "
8412
"respectively:"
8413
msgstr "要暂时锁住或解锁一个用户帐户,请相应地使用如下命令语句:"
8414
8415
#: serverguide/C/security.xml:113(command)
8416
msgid "sudo passwd -l username"
8417
msgstr "sudo passwd -l 用户名"
8418
8419
#: serverguide/C/security.xml:114(command)
8420
msgid "sudo passwd -u username"
8421
msgstr "sudo passwd -u 用户名"
8422
8423
#: serverguide/C/security.xml:118(para)
8424
msgid ""
8425
"To add or delete a personalized group, use the following syntax, "
8426
"respectively:"
8427
msgstr "要添加或删除一个个性化组,请相应地使用如下命令语句:"
8428
8429
#: serverguide/C/security.xml:122(command)
8430
msgid "sudo addgroup groupname"
8431
msgstr "sudo addgroup groupname"
8432
8433
#: serverguide/C/security.xml:123(command)
8434
msgid "sudo delgroup groupname"
8435
msgstr "sudo delgroup 组名称"
8436
8437
#: serverguide/C/security.xml:127(para)
8438
msgid "To add a user to a group, use the following syntax:"
8439
msgstr "要将一个用户加入到某个组,请使用如下命令语句:"
8440
8441
#: serverguide/C/security.xml:131(command)
8442
msgid "sudo adduser username groupname"
8443
msgstr "sudo adduser username groupname"
8444
8445
#: serverguide/C/security.xml:138(title)
8446
msgid "User Profile Security"
8447
msgstr "用户资料安全"
8448
8449
#: serverguide/C/security.xml:139(para)
8450
msgid ""
8451
"When a new user is created, the adduser utility creates a brand new home "
8452
"directory named <filename class=\"directory\">/home/username</filename>, "
8453
"respectively. The default profile is modeled after the contents found in the "
8454
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
8455
"includes all profile basics."
8456
msgstr ""
8457
"当新用户被创建时,adduser工具会为其相应地创建一个指向<filename "
8458
"class=\"directory\">/home/username</filename>的home目录。默认的资料是复制目录<filename "
8459
"class=\"directory\">/etc/skel</filename>中发现的内容,里面包含所有的基本信息。"
8460
8461
#: serverguide/C/security.xml:142(para)
8462
msgid ""
8463
"If your server will be home to multiple users, you should pay close "
8464
"attention to the user home directory permissions to ensure confidentiality. "
8465
"By default, user home directories in Ubuntu are created with world "
8466
"read/execute permissions. This means that all users can browse and access "
8467
"the contents of other users home directories. This may not be suitable for "
8468
"your environment."
8469
msgstr ""
8470
"如果你的服务器是供多人使用,那你就应该注意一下用户主目录的权限问题,以保安全。默认情况下,Ubuntu用户的主目录在创建时是被赋予写/执行权限。这意味着所"
8471
"有的用户都能够进入并浏览到其他用户的主目录里的内容。这对你的现状可能并不适用。"
8472
8473
#: serverguide/C/security.xml:147(para)
8474
msgid ""
8475
"To verify your current users home directory permissions, use the following "
8476
"syntax:"
8477
msgstr "要查验你的当前用户home目录权限,请使用如下命令语句:"
8478
8479
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8480
msgid "ls -ld /home/username"
8481
msgstr "ls -ld /home/username"
8482
8483
#: serverguide/C/security.xml:153(para)
8484
msgid ""
8485
"The following output shows that the directory <filename "
8486
"class=\"directory\">/home/username</filename> has world readable permissions:"
8487
msgstr ""
8488
"下列输出显示目录<filename class=\"directory\">/home/username</filename>拥有普遍读权限:"
8489
8490
#: serverguide/C/security.xml:156(computeroutput)
8491
#, no-wrap
8492
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8493
msgstr "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8494
8495
#: serverguide/C/security.xml:160(para)
8496
msgid ""
8497
"You can remove the world readable permissions using the following syntax:"
8498
msgstr "你可以使用如下命令语句移除普遍读权限:"
8499
8500
#: serverguide/C/security.xml:164(command)
8501
msgid "sudo chmod 0750 /home/username"
8502
msgstr "sudo chmod 0750 /home/username"
8503
8504
#: serverguide/C/security.xml:167(para)
8505
msgid ""
8506
"Some people tend to use the recursive option (-R) indiscriminately which "
8507
"modifies all child folders and files, but this is not necessary, and may "
8508
"yield other undesirable results. The parent directory alone is sufficient "
8509
"for preventing unauthorized access to anything below the parent."
8510
msgstr ""
8511
"有些人喜欢不分青红皂白地对子文件夹和文件使用递归选项(-"
8512
"R),其实这并没有必要,有时甚至会产生不必要的麻烦。仅使用父目录会阻止任何对父目录下的非经授权的闯入。"
8513
8514
#: serverguide/C/security.xml:171(para)
8515
msgid ""
8516
"A much more efficient approach to the matter would be to modify the "
8517
"<application>adduser</application> global default permissions when creating "
8518
"user home folders. Simply edit the file "
8519
"<filename>/etc/adduser.conf</filename> and modify the "
8520
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8521
"new home directories will receive the correct permissions."
8522
msgstr ""
8523
"解决这件事一个更高效的方法是在创建一个新的用户主目录时修改<application>adduser</application>的公共默认权限。恰当地编辑<"
8524
"filename>/etc/adduser.conf</filename>文件和修改<varname>DIR_MODE</varname>变量,这样新用户"
8525
"目录就会接受正确的权限。"
8526
8527
#: serverguide/C/security.xml:174(programlisting)
8528
#, no-wrap
8529
msgid ""
8530
"\n"
8531
"DIR_MODE=0750\n"
8532
msgstr ""
8533
"\n"
8534
"DIR_MODE=0750\n"
8535
8536
#: serverguide/C/security.xml:179(para)
8537
msgid ""
8538
"After correcting the directory permissions using any of the previously "
8539
"mentioned techniques, verify the results using the following syntax:"
8540
msgstr "在用了之前提到的技术更改过目录的权限后,使用如下命令语句来验证结果:"
8541
8542
#: serverguide/C/security.xml:185(para)
8543
msgid ""
8544
"The results below show that world readable permissions have been removed:"
8545
msgstr "结果显示普遍权限已被移除:"
8546
8547
#: serverguide/C/security.xml:188(computeroutput)
8548
#, no-wrap
8549
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8550
msgstr "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8551
8552
#: serverguide/C/security.xml:195(title)
8553
msgid "Password Policy"
8554
msgstr "密码策略"
8555
8556
#: serverguide/C/security.xml:196(para)
8557
msgid ""
8558
"A strong password policy is one of the most important aspects of your "
8559
"security posture. Many successful security breaches involve simple brute "
8560
"force and dictionary attacks against weak passwords. If you intend to offer "
8561
"any form of remote access involving your local password system, make sure "
8562
"you adequately address minimum password complexity requirements, maximum "
8563
"password lifetimes, and frequent audits of your authentication systems."
8564
msgstr ""
8565
"在您的安全状态中一个强大的密码策略是其中一个最重要的方面。许多成功的安全漏洞涉及穷举和字典攻击弱密码。如果您打算提供任何形式的远程访问涉及您当地的密码系统"
8566
",确保您充分解决最低密码复杂性的要求,密码最长寿命,和频繁发生的审计您的系统验证。"
8567
8568
#: serverguide/C/security.xml:200(title)
8569
msgid "Minimum Password Length"
8570
msgstr "最小密码长度"
8571
8572
#: serverguide/C/security.xml:201(para)
8573
msgid ""
8574
"By default, Ubuntu requires a minimum password length of 6 characters, as "
8575
"well as some basic entropy checks. These values are controlled in the file "
8576
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8577
msgstr ""
8578
8579
#: serverguide/C/security.xml:204(programlisting)
8580
#, no-wrap
8581
msgid ""
8582
"\n"
8583
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
8584
msgstr ""
8585
8586
#: serverguide/C/security.xml:207(para)
8587
msgid ""
8588
"If you would like to adjust the minimum length to 8 characters, change the "
8589
"appropriate variable to min=8. The modification is outlined below."
8590
msgstr ""
8591
8592
#: serverguide/C/security.xml:210(programlisting)
8593
#, no-wrap
8594
msgid ""
8595
"\n"
8596
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
8597
"min=8\n"
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:215(title)
8601
msgid "Password Expiration"
8602
msgstr "密码过期"
8603
8604
#: serverguide/C/security.xml:216(para)
8605
msgid ""
8606
"When creating user accounts, you should make it a policy to have a minimum "
8607
"and maximum password age forcing users to change their passwords when they "
8608
"expire."
8609
msgstr "当创建用户帐户时,你应该使用最短和最长密码期效来强迫用户在密码过期时改变他们的密码。"
8610
8611
#: serverguide/C/security.xml:221(para)
8612
msgid ""
8613
"To easily view the current status of a user account, use the following "
8614
"syntax:"
8615
msgstr "要简易地查看某用户的当前状态,使用如下命令语句:"
8616
8617
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
8618
msgid "sudo chage -l username"
8619
msgstr "sudo chage -l username"
8620
8621
#: serverguide/C/security.xml:227(para)
8622
msgid ""
8623
"The output below shows interesting facts about the user account, namely that "
8624
"there are no policies applied:"
8625
msgstr "下面输出显示了有关这个用户帐户的有趣事实,即其未应用任何策略:"
8626
8627
#: serverguide/C/security.xml:230(computeroutput)
8628
#, no-wrap
8629
msgid ""
8630
"Last password change : Jan 20, 2008\n"
8631
"Password expires : never\n"
8632
"Password inactive : never\n"
8633
"Account expires : never\n"
8634
"Minimum number of days between password change : 0\n"
8635
"Maximum number of days between password change : 99999\n"
8636
"Number of days of warning before password expires : 7"
8637
msgstr ""
8638
"上次密码改变日期 : 2008年1月20日\n"
8639
"密码过期 : 从不\n"
8640
"密码失效 : 从不\n"
8641
"帐号过期 : 从不\n"
8642
"两次密码改变这间最少天数 : 0\n"
8643
"两次密码改变这间最多天数 : 99999\n"
8644
"密码过期前警告天数 : 7"
8645
8646
#: serverguide/C/security.xml:240(para)
8647
msgid ""
8648
"To set any of these values, simply use the following syntax, and follow the "
8649
"interactive prompts:"
8650
msgstr "要设置其中任何一个值,使用以下语法,并跟随交互的提示:"
8651
8652
#: serverguide/C/security.xml:244(command)
8653
msgid "sudo chage username"
8654
msgstr "sudo chage username"
8655
8656
#: serverguide/C/security.xml:246(para)
8657
msgid ""
8658
"The following is also an example of how you can manually change the explicit "
8659
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8660
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8661
"password expiration, and a warning time period (-W) of 14 days before "
8662
"password expiration."
8663
msgstr ""
8664
"下面也是一个关于让你如何手动更改明确过期日期(-E)到01/31/2008,5天的最短密码寿命(-m),90天的最长密码寿命(-"
8665
"M),密码过期后5天的不活动期(-I),以及密码过期前14天的警告时段(-W)。"
8666
8667
#: serverguide/C/security.xml:250(command)
8668
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:254(para)
8672
msgid "To verify changes, use the same syntax as mentioned previously:"
8673
msgstr "要确认更改,请使用前面提到的相同命令语句:"
8674
8675
#: serverguide/C/security.xml:260(para)
8676
msgid ""
8677
"The output below shows the new policies that have been established for the "
8678
"account:"
8679
msgstr "以下的输出显示对帐号的新策略已建立:"
8680
8681
#: serverguide/C/security.xml:263(computeroutput)
8682
#, no-wrap
8683
msgid ""
8684
"Last password change : Jan 20, 2008\n"
8685
"Password expires : Apr 19, 2008\n"
8686
"Password inactive : May 19, 2008\n"
8687
"Account expires : Jan 31, 2008\n"
8688
"Minimum number of days between password change : 5\n"
8689
"Maximum number of days between password change : 90\n"
8690
"Number of days of warning before password expires : 14"
8691
msgstr ""
8692
"上次更改密码日期 : 1月20日, 2008年\n"
8693
"密码过期日期 : 4月19日, 2008年\n"
8694
"密码失效日期 : 5月19日, 2008年\n"
8695
"帐号过期日期 : 1月31日, 2008年\n"
8696
"两次密码更改之间最少天数 : 5\n"
8697
"两次密码更改之间最多天数 : 90\n"
8698
"密码过期前警告天数 : 14"
8699
8700
#: serverguide/C/security.xml:279(title)
8701
msgid "Other Security Considerations"
8702
msgstr "其它安全注意事项"
8703
8704
#: serverguide/C/security.xml:280(para)
8705
msgid ""
8706
"Many applications use alternate authentication mechanisms that can be easily "
8707
"overlooked by even experienced system administrators. Therefore, it is "
8708
"important to understand and control how users authenticate and gain access "
8709
"to services and applications on your server."
8710
msgstr "许多程序使用交替谁机制,即使是有经验的系统管理员也很容易对其忽视。因此,理解并控制用户获得认证和并进入你的服务器上的服务和程序就很重要。"
8711
8712
#: serverguide/C/security.xml:285(title)
8713
msgid "SSH Access by Disabled Users"
8714
msgstr "已禁用用户试图通过SSH连入"
8715
8716
#: serverguide/C/security.xml:286(para)
8717
msgid ""
8718
"Simply disabling/locking a user account will not prevent a user from logging "
8719
"into your server remotely if they have previously set up RSA public key "
8720
"authentication. They will still be able to gain shell access to the server, "
8721
"without the need for any password. Remember to check the users home "
8722
"directory for files that will allow for this type of authenticated SSH "
8723
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8724
msgstr ""
8725
"如果有用户之前设置了 RSA 公钥认证,简单地停用或锁定一个用户帐户并不能防止用户远程登录您的服务器。他们仍然能够得到服务器上 shell "
8726
"的访问权,并且不需要任何密码。记住检查用户的 home 目录,查看是否有允许这类 SSH "
8727
"访问验证的文件。例如:<filename>/home/username/.ssh/authorized_keys</filename>"
8728
8729
#: serverguide/C/security.xml:289(para)
8730
msgid ""
8731
"Remove or rename the directory <filename "
8732
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8733
"further SSH authentication capabilities."
8734
msgstr ""
8735
"将用户home文件夹下面的目录<filename "
8736
"class=\"directory\">.ssh/</filename>删除或改名,以防止将来自动获得SSH认证权限。"
8737
8738
#: serverguide/C/security.xml:292(para)
8739
msgid ""
8740
"Be sure to check for any established SSH connections by the disabled user, "
8741
"as it is possible they may have existing inbound or outbound connections. "
8742
"Kill any that are found."
8743
msgstr "一定要检查禁用用户创建的SSH连接,因为他们可能会有存在的入站或出站连接。发现一个取消一个。"
8744
8745
#: serverguide/C/security.xml:295(para)
8746
msgid ""
8747
"Restrict SSH access to only user accounts that should have it. For example, "
8748
"you may create a group called \"sshlogin\" and add the group name as the "
8749
"value associated with the <varname>AllowGroups</varname> variable located in "
8750
"the file <filename>/etc/ssh/sshd_config</filename>."
8751
msgstr ""
8752
"限制只有适当的用户拥有SSH的读取权限。例如,您可以生成一个叫做\"sshlogin\"的用户组,然后把和文件<filename>/etc/ssh/ssh"
8753
"d_config</filename>中的<varname>AllowGroups</varname>变量关联起来。"
8754
8755
#: serverguide/C/security.xml:298(programlisting)
8756
#, no-wrap
8757
msgid ""
8758
"\n"
8759
"AllowGroups sshlogin\n"
8760
msgstr ""
8761
"\n"
8762
"允许 ssh 组登陆\n"
8763
8764
#: serverguide/C/security.xml:301(para)
8765
msgid ""
8766
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8767
"SSH service."
8768
msgstr "然后将你允许的SSH用户添加到\"sshlogin\"组,并重启SSH服务。"
8769
8770
#: serverguide/C/security.xml:305(command)
8771
msgid "sudo adduser username sshlogin"
8772
msgstr "sudo adduser 用户名 sshlogin"
8773
8774
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8775
msgid "sudo /etc/init.d/ssh restart"
8776
msgstr "sudo /etc/init.d/ssh restart"
8777
8778
#: serverguide/C/security.xml:310(title)
8779
msgid "External User Database Authentication"
8780
msgstr "外部用户数据库认证"
8781
8782
#: serverguide/C/security.xml:311(para)
8783
msgid ""
8784
"Most enterprise networks require centralized authentication and access "
8785
"controls for all system resources. If you have configured your server to "
8786
"authenticate users against external databases, be sure to disable the user "
8787
"accounts both externally and locally, this way you ensure that local "
8788
"fallback authentication is not possible."
8789
msgstr ""
8790
"绝大多数企业网络对所有系统资源实行中心认证和准入控制。如果你配置你的服务来授权用户使用外部数据库,一定要将用户的帐号于外部和本地都予以禁用,以免其获得本地"
8791
"后退认证。"
8792
8793
#: serverguide/C/security.xml:320(title)
8794
msgid "Console Security"
8795
msgstr "控制台安全"
8796
8797
#: serverguide/C/security.xml:321(para)
8798
msgid ""
8799
"As with any other security barrier you put in place to protect your server, "
8800
"it is pretty tough to defend against untold damage caused by someone with "
8801
"physical access to your environment, for example, theft of hard drives, "
8802
"power or service disruption and so on. Therefore, console security should be "
8803
"addressed merely as one component of your overall physical security "
8804
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8805
"very least slow down a determined one, so it is still advisable to perform "
8806
"basic precautions with regard to console security."
8807
msgstr ""
8808
"即使您使用了很多方法来保护您的服务器,还是很难防止未经告知的使用物理方法进入您的环境所造成的损失。举例来说,硬件的丢失,电源或服务的损坏等等。因此,控制台"
8809
"安全应该成为您的物理安全策略中压倒一切的一个方面。一个“screen "
8810
"door”就能够制止一个漫不经心的犯罪,或者至少可以阻挠一个犯罪,因此仍然建议对于操作台安全有几个基本的警戒。"
8811
8812
#: serverguide/C/security.xml:324(para)
8813
msgid ""
8814
"The following instructions will help defend your server against issues that "
8815
"could otherwise yield very serious consequences."
8816
msgstr "以下建议会帮你避开那些会让你遭受严重后果的事件。"
8817
8818
#: serverguide/C/security.xml:329(title)
8819
msgid "Disable Ctrl+Alt+Delete"
8820
msgstr "禁用 Ctrl+Alt+Delete"
8821
8822
#: serverguide/C/security.xml:330(para)
8823
msgid ""
8824
"First and foremost, anyone that has physical access to the keyboard can "
8825
"simply use the "
8826
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8827
"eycombo> key combination to reboot the server without having to log on. "
8828
"Sure, someone could simply unplug the power source, but you should still "
8829
"prevent the use of this key combination on a production server. This forces "
8830
"an attacker to take more drastic measures to reboot the server, and will "
8831
"prevent accidental reboots at the same time."
8832
msgstr ""
8833
"首先的也是最初的,任何一个可以使用键盘的人可以简单的使用<keycombo><keycap>Ctrl</keycap><keycap>Alt</keyca"
8834
"p><keycap>Delete</keycap></keycombo>的组合键来重启服务器,而不需要登录。而且,任何人都可以很轻易的拔掉电源,不过您应该"
8835
"防止在一个生产用的服务器上使用这个组合键。这将导致攻击者使用更加激烈的方式来重启服务器或者在某些时候防止意外的重启。"
8836
8837
#: serverguide/C/security.xml:335(para)
8838
msgid ""
8839
"To disable the reboot action taken by pressing the "
8840
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8841
"eycombo> key combination, comment out the following line in the file "
8842
"<filename>/etc/init/control-alt-delete.conf</filename>."
8843
msgstr ""
8844
8845
#: serverguide/C/security.xml:338(programlisting)
8846
#, no-wrap
8847
msgid ""
8848
"\n"
8849
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8850
msgstr ""
8851
8852
#: serverguide/C/security.xml:347(title)
8853
msgid "Firewall"
8854
msgstr "防火墙"
8855
8856
#: serverguide/C/security.xml:350(para)
8857
msgid ""
8858
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8859
"which is used to manipulate or decide the fate of network traffic headed "
8860
"into or through your server. All modern Linux firewall solutions use this "
8861
"system for packet filtering."
8862
msgstr ""
8863
"Linux 内核包括 <emphasis>Netfilter</emphasis> 子系统,用来处理或决定网络传输头部进入或穿过你的服务器,目前所有的 "
8864
"Linux 防火墙都用该系统来做包过滤。"
8865
8866
#: serverguide/C/security.xml:355(para)
8867
msgid ""
8868
"The kernel's packet filtering system would be of little use to "
8869
"administrators without a userspace interface to manage it. This is the "
8870
"purpose of iptables. When a packet reaches your server, it will be handed "
8871
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8872
"based on the rules supplied to it from userspace via iptables. Thus, "
8873
"iptables is all you need to manage your firewall if you're familiar with it, "
8874
"but many frontends are available to simplify the task."
8875
msgstr ""
8876
"内核的包过滤系统如果没有一个用户态 (userspace) 界面来管理它的话对管理员来说几乎没有用。这正是 iptables "
8877
"的目的。当一个包到达您的服务器,它从用户态 (userspace) 通过 iptables 传给 Netfilter "
8878
"子系统,然后基于提供的规则去接受、操作或拒绝。因此,如果你能熟悉它的话,那么 iptables 就是您管理您防火墙所需的全部。"
8879
8880
#: serverguide/C/security.xml:365(title)
8881
msgid "ufw - Uncomplicated Firewall"
8882
msgstr "ufw - 不复杂的防火墙"
8883
8884
#: serverguide/C/security.xml:366(para)
8885
msgid ""
8886
"The default firewall configuration tool for Ubuntu is "
8887
"<application>ufw</application>. Developed to ease iptables firewall "
8888
"configuration, <application>ufw</application> provides a user friendly way "
8889
"to create an IPv4 or IPv6 host-based firewall."
8890
msgstr ""
8891
"Ubuntu默认的防火墙配置工具是<application>ufw</application>。为了使得iptables防火墙的配置轻松而开发的<appl"
8892
"ication>ufw</application>为用户提供了一种友好的方式来创建基于主机的IPv4或IPv6防火墙。"
8893
8894
#: serverguide/C/security.xml:370(para)
8895
msgid ""
8896
"<application>ufw</application> by default is initially disabled. From the "
8897
"<application>ufw</application> man page:"
8898
msgstr ""
8899
"默认情况下,<application>ufw</application>处于禁用状态. <application>ufw</application> "
8900
"man页面讲到:"
8901
8902
#: serverguide/C/security.xml:374(quote)
8903
msgid ""
8904
"ufw is not intended to provide complete firewall functionality via its "
8905
"command interface, but instead provides an easy way to add or remove simple "
8906
"rules. It is currently mainly used for host-based firewalls."
8907
msgstr "ufw并非意于通过其命令行界面提供完备的防火墙功能,而是为添加或删除简单规则提供了简易的方法。目前主要用于基于主机的防火墙。"
8908
8909
#: serverguide/C/security.xml:378(para)
8910
msgid ""
8911
"The following are some examples of how to use <application>ufw</application>:"
8912
msgstr "下面是几个关于如何使用<application>ufw</application>的例子:"
8913
8914
#: serverguide/C/security.xml:383(para)
8915
msgid ""
8916
"First, <application>ufw</application> needs to be enabled. From a terminal "
8917
"prompt enter:"
8918
msgstr "首先,<application>ufw</application>要被激活。在终端里输入:"
8919
8920
#: serverguide/C/security.xml:387(command)
8921
msgid "sudo ufw enable"
8922
msgstr "sudo ufw enable"
8923
8924
#: serverguide/C/security.xml:391(para)
8925
msgid "To open a port (ssh in this example):"
8926
msgstr "打开一个通信端口(本例中是ssh):"
8927
8928
#: serverguide/C/security.xml:395(command)
8929
msgid "sudo ufw allow 22"
8930
msgstr "sudo ufw allow 22"
8931
8932
#: serverguide/C/security.xml:399(para)
8933
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8934
msgstr "规则同样可以使用一个<emphasis>numbered</emphais>格式来添加:"
8935
8936
#: serverguide/C/security.xml:403(command)
8937
msgid "sudo ufw insert 1 allow 80"
8938
msgstr "sudo ufw insert 1 allow 80"
8939
8940
#: serverguide/C/security.xml:407(para)
8941
msgid "Similarly, to close an opened port:"
8942
msgstr "相应地,关闭一个打开的通信端口:"
8943
8944
#: serverguide/C/security.xml:411(command)
8945
msgid "sudo ufw deny 22"
8946
msgstr "sudo ufw deny 22"
8947
8948
#: serverguide/C/security.xml:415(para)
8949
msgid "To remove a rule, use delete followed by the rule:"
8950
msgstr "要删除一条规则,使用delete加上要删的规则:"
8951
8952
#: serverguide/C/security.xml:419(command)
8953
msgid "sudo ufw delete deny 22"
8954
msgstr "sudo ufw delete deny 22"
8955
8956
#: serverguide/C/security.xml:423(para)
8957
msgid ""
8958
"It is also possible to allow access from specific hosts or networks to a "
8959
"port. The following example allows ssh access from host 192.168.0.2 to any "
8960
"ip address on this host:"
8961
msgstr "也可以允许从某些特定的主机或网络进入某通信口。下面的例子可用允许主机192.168.0.2通过ssh进入到本主机的任何ip地址:"
8962
8963
#: serverguide/C/security.xml:428(command)
8964
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8965
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8966
8967
#: serverguide/C/security.xml:430(para)
8968
msgid ""
8969
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8970
"subnet."
8971
msgstr "用192.168.0.0/24替换掉192.168.0.2就可以允许ssh到整个子网。"
8972
8973
#: serverguide/C/security.xml:436(para)
8974
msgid ""
8975
"Adding the <emphasis>--dry-run</emphasis> option to a "
8976
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8977
"apply them. For example, the following is what would be applied if opening "
8978
"the HTTP port:"
8979
msgstr ""
8980
"在<emphasis>ufw</emphasis>命令中添加<emphasis>--dry-"
8981
"run</emphasis>选项将输出结果规则,但并不添加它们。举例来说,下面是将在打开HTTP端口的时候添加的内容:"
8982
8983
#: serverguide/C/security.xml:442(command)
8984
msgid "sudo ufw --dry-run allow http"
8985
msgstr "sudo ufw --dry-run allow http"
8986
8987
#: serverguide/C/security.xml:446(computeroutput)
8988
#, no-wrap
8989
msgid ""
8990
"*filter\n"
8991
":ufw-user-input - [0:0]\n"
8992
":ufw-user-output - [0:0]\n"
8993
":ufw-user-forward - [0:0]\n"
8994
":ufw-user-limit - [0:0]\n"
8995
":ufw-user-limit-accept - [0:0]\n"
8996
"### RULES ###\n"
8997
"\n"
8998
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8999
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
9000
"\n"
9001
"### END RULES ###\n"
9002
"-A ufw-user-input -j RETURN\n"
9003
"-A ufw-user-output -j RETURN\n"
9004
"-A ufw-user-forward -j RETURN\n"
9005
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
9006
"LIMIT]: \"\n"
9007
"-A ufw-user-limit -j REJECT\n"
9008
"-A ufw-user-limit-accept -j ACCEPT\n"
9009
"COMMIT\n"
9010
"Rules updated"
9011
msgstr ""
9012
"*filter\n"
9013
":ufw-user-input - [0:0]\n"
9014
":ufw-user-output - [0:0]\n"
9015
":ufw-user-forward - [0:0]\n"
9016
":ufw-user-limit - [0:0]\n"
9017
":ufw-user-limit-accept - [0:0]\n"
9018
"### RULES ###\n"
9019
"\n"
9020
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
9021
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
9022
"\n"
9023
"### END RULES ###\n"
9024
"-A ufw-user-input -j RETURN\n"
9025
"-A ufw-user-output -j RETURN\n"
9026
"-A ufw-user-forward -j RETURN\n"
9027
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
9028
"LIMIT]: \"\n"
9029
"-A ufw-user-limit -j REJECT\n"
9030
"-A ufw-user-limit-accept -j ACCEPT\n"
9031
"COMMIT\n"
9032
"规则更新"
9033
9034
#: serverguide/C/security.xml:470(para)
9035
msgid "<application>ufw</application> can be disabled by:"
9036
msgstr "<application>ufw</application>可以通过下列命令来禁用:"
9037
9038
#: serverguide/C/security.xml:474(command)
9039
msgid "sudo ufw disable"
9040
msgstr "sudo ufw disable"
9041
9042
#: serverguide/C/security.xml:478(para)
9043
msgid "To see the firewall status, enter:"
9044
msgstr "查看防火墙状态,键入:"
9045
9046
#: serverguide/C/security.xml:482(command)
9047
msgid "sudo ufw status"
9048
msgstr "sudo ufw status"
9049
9050
#: serverguide/C/security.xml:486(para)
9051
msgid "And for more verbose status information use:"
9052
msgstr "以及更详细的状态信息请使用:"
9053
9054
#: serverguide/C/security.xml:490(command)
9055
msgid "sudo ufw status verbose"
9056
msgstr "sudo ufw status verbose"
9057
9058
#: serverguide/C/security.xml:494(para)
9059
msgid "To view the <emphasis>numbered</emphasis> format:"
9060
msgstr "要查看<emphasis>numbered</emphasis>格式:"
9061
9062
#: serverguide/C/security.xml:498(command)
9063
msgid "sudo ufw status numbered"
9064
msgstr "sudo ufw status numbered"
9065
9066
#: serverguide/C/security.xml:503(para)
9067
msgid ""
9068
"If the port you want to open or close is defined in "
9069
"<filename>/etc/services</filename>, you can use the port name instead of the "
9070
"number. In the above examples, replace <emphasis>22</emphasis> with "
9071
"<emphasis>ssh</emphasis>."
9072
msgstr ""
9073
"如果你要打开或关闭的端口在<filename>/etc/services</filename>中已经定义了,你可以使用端口名称代替端口号。在上面的例子中,"
9074
"将<emphasis>22</emphasis>用<emphasis>ssh</emphasis>代替。"
9075
9076
#: serverguide/C/security.xml:509(para)
9077
msgid ""
9078
"This is a quick introduction to using <application>ufw</application>. Please "
9079
"refer to the <application>ufw</application> man page for more information."
9080
msgstr ""
9081
"这是一个使用<application>ufw</application>的快速介绍。请参阅<application>ufw</application>的m"
9082
"an页面来获得更多信息。"
9083
9084
#: serverguide/C/security.xml:515(title)
9085
msgid "ufw Application Integration"
9086
msgstr "ufw 应用集成"
9087
9088
#: serverguide/C/security.xml:517(para)
9089
msgid ""
9090
"Applications that open ports can include an <application>ufw</application> "
9091
"profile, which details the ports needed for the application to function "
9092
"properly. The profiles are kept in <filename "
9093
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
9094
"the default ports have been changed."
9095
msgstr ""
9096
"可以打开端口的应用程序可以被包含在<application>ufw</application>的预设文件中,这里根据功能适当的包含了应用程序所需的端口。这"
9097
"个预设文件包含在<filename "
9098
"role=\"directory\">/etc/ufw/applications.d</filename>,在默认端口发生改变的时候可以进行编辑。"
9099
9100
#: serverguide/C/security.xml:526(para)
9101
msgid ""
9102
"To view which applications have installed a profile, enter the following in "
9103
"a terminal:"
9104
msgstr "要查看已安装程序的配置文件,请在终端里键入以下内容:"
9105
9106
#: serverguide/C/security.xml:531(command)
9107
msgid "sudo ufw app list"
9108
msgstr "sudo ufw app list"
9109
9110
#: serverguide/C/security.xml:537(para)
9111
msgid ""
9112
"Similar to allowing traffic to a port, using an application profile is "
9113
"accomplished by entering:"
9114
msgstr "就像允许车辆到一个路口,可以通过输入下面的内容来使用一个应用程序预设文件。"
9115
9116
#: serverguide/C/security.xml:542(command)
9117
msgid "sudo ufw allow Samba"
9118
msgstr "sudo ufw allow Samba"
9119
9120
#: serverguide/C/security.xml:548(para)
9121
msgid "An extended syntax is available as well:"
9122
msgstr "一种扩展语法也是可用的:"
9123
9124
#: serverguide/C/security.xml:553(command)
9125
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
9126
msgstr "ufw allow from 192.168.0.0/24 to any app Samba"
9127
9128
#: serverguide/C/security.xml:556(para)
9129
msgid ""
9130
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
9131
"with the application profile you are using and the IP range for your network."
9132
msgstr ""
9133
"使用您所使用的主机名和您的网络的IP地址范围代替应用程序预预设文件中的<emphasis>Samba</emphasis>和<emphasis>192.1"
9134
"68.0.0/24</emphasis>。"
9135
9136
#: serverguide/C/security.xml:562(para)
9137
msgid ""
9138
"There is no need to specify the <emphasis>protocol</emphasis> for the "
9139
"application, because that information is detailed in the profile. Also, note "
9140
"that the <emphasis>app</emphasis> name replaces the "
9141
"<emphasis>port</emphasis> number."
9142
msgstr ""
9143
"对于应用程序来说,<emphasis>protocol</emphasis>并不需要特地的设置,因为信息被定义到了文件中。然后,注意我们使用<emphas"
9144
"is>app</emphahsis>替换了<emphasis>port</emphasis>。"
9145
9146
#: serverguide/C/security.xml:571(para)
9147
msgid ""
9148
"To view details about which ports, protocols, etc are defined for an "
9149
"application, enter:"
9150
msgstr "要查看关于端品,协议等细节来定义程序,键入:"
9151
9152
#: serverguide/C/security.xml:576(command)
9153
msgid "sudo ufw app info Samba"
9154
msgstr "sudo ufw app info Samba"
9155
9156
#: serverguide/C/security.xml:582(para)
9157
msgid ""
9158
"Not all applications that require opening a network port come with "
9159
"<application>ufw</application> profiles, but if you have profiled an "
9160
"application and want the file to be included with the package, please file a "
9161
"bug against the package in <ulink "
9162
"url=\"https://launchpad.net/\">Launchpad</ulink>."
9163
msgstr ""
9164
"不是所有的应用程序都需要在 <application>ufw</application> "
9165
"中配置一个网络端口,但是如果你已经配置了一个应用程序并且希望这个配置能被包含在软件包中,请提交 <ulink "
9166
"url=\"https://launchpad.net/\">Launchpad</ulink>的BUG/建议。"
9167
9168
#: serverguide/C/security.xml:591(title)
9169
msgid "IP Masquerading"
9170
msgstr "IP 伪装"
9171
9172
#: serverguide/C/security.xml:592(para)
9173
msgid ""
9174
"The purpose of IP Masquerading is to allow machines with private, non-"
9175
"routable IP addresses on your network to access the Internet through the "
9176
"machine doing the masquerading. Traffic from your private network destined "
9177
"for the Internet must be manipulated for replies to be routable back to the "
9178
"machine that made the request. To do this, the kernel must modify the "
9179
"<emphasis>source</emphasis> IP address of each packet so that replies will "
9180
"be routed back to it, rather than to the private IP address that made the "
9181
"request, which is impossible over the Internet. Linux uses "
9182
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
9183
"connections belong to which machines and reroute each return packet "
9184
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
9185
"having originated from your Ubuntu gateway machine. This process is referred "
9186
"to in Microsoft documentation as Internet Connection Sharing."
9187
msgstr ""
9188
"IP 伪装的目的是为了允许您网络上那些有着私有的、不可路由的 IP 地址的机器可以通过做伪装的机器访问 Internet。来自您私有网络并要访问 "
9189
"Internet 的传输必须是可以操作的,也就是说回复要可以被路由回来以送到发出请求的机器上。要做到这一点,内核必须修改每个包 "
9190
"<emphasis>源</emphasis> IP 地址以便回复能被路由回它这里,而不是发出请求的私有 IP 地址,因为它们对于 Internet "
9191
"来说是不存在的。Linux 使用 <emphasis>Connection Tracking</emphasis> (conntrack) "
9192
"来保持那个连接是属于哪个机器的,并相应地对每个返回包重新做路由。发自您私有网络的流量就这样被伪装成源于您的网关机器。这一过程在 Microsoft "
9193
"文档中被称为 Internet 连接共享。"
9194
9195
#: serverguide/C/security.xml:608(title)
9196
msgid "ufw Masquerading"
9197
msgstr "ufw Masquerading"
9198
9199
#: serverguide/C/security.xml:609(para)
9200
msgid ""
9201
"IP Masquerading can be achieved using custom <application>ufw</application> "
9202
"rules. This is possible because the current back-end for "
9203
"<application>ufw</application> is <application>iptables-"
9204
"restore</application> with the rules files located in "
9205
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
9206
"legacy iptables rules used without <application>ufw</application>, and rules "
9207
"that are more network gateway or bridge related."
9208
msgstr ""
9209
"IP伪装可以通过定制 <application>ufw</application> 的规则来实现,因为当前 "
9210
"<application>ufw</application> 的后端是 <application>iptables-"
9211
"restore</application>,其规则存储在 <filename>/etc/ufw/*.rules</filename> "
9212
"里。用户可以在这些文件中添加遗留 iptables 规则和与网关或网桥相关的规则,其中遗留 iptables 规则在没有 "
9213
"<application>ufw</application> 的情况下也会被使用。"
9214
9215
#: serverguide/C/security.xml:615(para)
9216
msgid ""
9217
"The rules are split into two different files, rules that should be executed "
9218
"before <application>ufw</application> command line rules, and rules that are "
9219
"executed after <application>ufw</application> command line rules."
9220
msgstr "规则被分割为两个不同的文件,并且分别在<application>ufw</application>的命令行规则的前后被执行。"
9221
9222
#: serverguide/C/security.xml:621(para)
9223
msgid ""
9224
"First, packet forwarding needs to be enabled in "
9225
"<application>ufw</application>. Two configuration files will need to be "
9226
"adjusted, in <filename>/etc/default/ufw</filename> change the "
9227
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
9228
msgstr ""
9229
"首先, <application>ufw</application> 需要先启用封包转发。其次,在配置文件: "
9230
"<filename>/etc/default/ufw</filename> "
9231
"中需要调整<emphasis>DEFAULT_FORWARD_POLICY</emphasis> 为 <quote>ACCEPT</quote>"
9232
9233
#: serverguide/C/security.xml:625(programlisting)
9234
#, no-wrap
9235
msgid ""
9236
"\n"
9237
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
9238
msgstr ""
9239
"\n"
9240
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
9241
9242
#: serverguide/C/security.xml:628(para)
9243
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
9244
msgstr "然后修改<filename>/etc/ufw/sysctl.conf</filename>,并注释掉:"
9245
9246
#: serverguide/C/security.xml:631(programlisting)
9247
#, no-wrap
9248
msgid ""
9249
"\n"
9250
"net/ipv4/ip_forward=1\n"
9251
msgstr ""
9252
"\n"
9253
"net/ipv4/ip_forward=1\n"
9254
9255
#: serverguide/C/security.xml:634(para)
9256
msgid "Similarly, for IPv6 forwarding uncomment:"
9257
msgstr "类似地,对IPv6的投递,注释掉:"
9258
9259
#: serverguide/C/security.xml:637(programlisting)
9260
#, no-wrap
9261
msgid ""
9262
"\n"
9263
"net/ipv6/conf/default/forwarding=1\n"
9264
msgstr ""
9265
"\n"
9266
"net/ipv6/conf/default/forwarding=1\n"
9267
9268
#: serverguide/C/security.xml:642(para)
9269
msgid ""
9270
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
9271
"file. The default rules only configure the <emphasis>filter</emphasis> "
9272
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
9273
"need to be configured. Add the following to the top of the file just after "
9274
"the header comments:"
9275
msgstr ""
9276
"现在我们将添加规则到文件:<filename>/etc/ufw/before.rules</filename>。默认的规则仅配置了<emphasis>fi"
9277
"lter</emphasis>表,如果需要启用伪装则需要配置<emphasis>nat</emphasis>表。请添加一下信息到配置文件紧跟在最头部注释的"
9278
"后面。"
9279
9280
#: serverguide/C/security.xml:647(programlisting)
9281
#, no-wrap
9282
msgid ""
9283
"\n"
9284
"# nat Table rules\n"
9285
"*nat\n"
9286
":POSTROUTING ACCEPT [0:0]\n"
9287
"\n"
9288
"# Forward traffic from eth1 through eth0.\n"
9289
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
9290
"\n"
9291
"# don't delete the 'COMMIT' line or these nat table rules won't be "
9292
"processed\n"
9293
"COMMIT\n"
9294
msgstr ""
9295
"\n"
9296
"# nat Table rules\n"
9297
"*nat\n"
9298
":POSTROUTING ACCEPT [0:0]\n"
9299
"\n"
9300
"# Forward traffic from eth1 through eth0.\n"
9301
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
9302
"\n"
9303
"# don't delete the 'COMMIT' line or these nat table rules won't be "
9304
"processed\n"
9305
"COMMIT\n"
9306
9307
#: serverguide/C/security.xml:658(para)
9308
msgid ""
9309
"The comments are not strictly necessary, but it is considered good practice "
9310
"to document your configuration. Also, when modifying any of the "
9311
"<emphasis>rules</emphasis> files in <filename "
9312
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
9313
"line for each table modified:"
9314
msgstr ""
9315
"书写注释是很好的习惯,虽然它不是必须的。并且当你在修改<filename "
9316
"class=\"directory\">/etc/ufw</filename>文件任何<emphasis>rules</emphasis>的时候,确保这些"
9317
"文字保留在每一处修改的后面。"
9318
9319
#: serverguide/C/security.xml:664(programlisting)
9320
#, no-wrap
9321
msgid ""
9322
"\n"
9323
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
9324
"COMMIT\n"
9325
msgstr ""
9326
"\n"
9327
"#不要删除'COMMIT'行,否则这些规则将不被处理\n"
9328
"表示一个换行。在翻译的相应位置开始新的行\n"
9329
9330
#: serverguide/C/security.xml:669(para)
9331
msgid ""
9332
"For each <emphasis>Table</emphasis> a corresponding "
9333
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
9334
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
9335
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
9336
"<emphasis>mangle</emphasis> tables."
9337
msgstr ""
9338
"每个 <emphasis>Table</emphasis> 都要有一个对应的 <emphasis>COMMIT</emphasis> 声明。本例只展示了 "
9339
"<emphasis>nat</emphasis> 和 <emphasis>filter</emphasis> 表,但您也可以为 "
9340
"<emphasis>raw</emphasis> 和 <emphasis>mangle</emphasis> 表添加规则。"
9341
9342
#: serverguide/C/security.xml:676(para)
9343
msgid ""
9344
"In the above example replace <emphasis>eth0</emphasis>, "
9345
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
9346
"appropriate interfaces and IP range for your network."
9347
msgstr ""
9348
"在上面的例子中将<emphasis>eth0</emphasis>, <emphasis>eth1</emphasis>, 和 "
9349
"<emphasis>192.168.0.0/24</emphasis>替换为你的网络的正确的设备和IP范围。"
9350
9351
#: serverguide/C/security.xml:684(para)
9352
msgid ""
9353
"Finally, disable and re-enable <application>ufw</application> to apply the "
9354
"changes:"
9355
msgstr "最后,禁止并重新激活<application>ufw</application>来运用修改"
9356
9357
#: serverguide/C/security.xml:688(command)
9358
msgid "sudo ufw disable && sudo ufw enable"
9359
msgstr "sudo ufw disable && sudo ufw enable"
9360
9361
#: serverguide/C/security.xml:692(para)
9362
msgid ""
9363
"IP Masquerading should now be enabled. You can also add any additional "
9364
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
9365
"recommended that these additional rules be added to the <emphasis>ufw-before-"
9366
"forward</emphasis> chain."
9367
msgstr ""
9368
"现在应该启用IP伪装。你还可以添加额外的更早的规则到<filename>/etc/ufw/before.rules</filename>。推荐将这些规则添"
9369
"加到<emphasis>ufw-before-forward</emphasis>节点。"
9370
9371
#: serverguide/C/security.xml:699(title)
9372
msgid "iptables Masquerading"
9373
msgstr "iptables 伪装"
9374
9375
#: serverguide/C/security.xml:700(para)
9376
msgid ""
9377
"<application>iptables</application> can also be used to enable masquerading."
9378
msgstr "<application>iptables</application> 同样可以用来开启伪装。"
9379
9380
#: serverguide/C/security.xml:705(para)
9381
msgid ""
9382
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
9383
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
9384
"uncomment the following line"
9385
msgstr ""
9386
"类似于<application>ufw</application>,激活IPv4包投递的第一步是编辑<filename>/etc/sysctl.conf<"
9387
"/filename>并注释掉以下行:"
9388
9389
#: serverguide/C/security.xml:709(programlisting)
9390
#, no-wrap
9391
msgid ""
9392
"\n"
9393
"net.ipv4.ip_forward=1\n"
9394
msgstr ""
9395
"\n"
9396
"net.ipv4.ip_forward=1\n"
9397
9398
#: serverguide/C/security.xml:712(para)
9399
msgid "If you wish to enable IPv6 forwarding also uncomment:"
9400
msgstr "如果你想激活IPv6投递,还要注释掉:"
9401
9402
#: serverguide/C/security.xml:715(programlisting)
9403
#, no-wrap
9404
msgid ""
9405
"\n"
9406
"net.ipv6.conf.default.forwarding=1\n"
9407
msgstr ""
9408
"\n"
9409
"net.ipv6.conf.default.forwarding=1\n"
9410
9411
#: serverguide/C/security.xml:720(para)
9412
msgid ""
9413
"Next, execute the <application>sysctl</application> command to enable the "
9414
"new settings in the configuration file:"
9415
msgstr "接下来,执行<application>sysctl</application>命令来激活配置文件中的新设置。"
9416
9417
#: serverguide/C/security.xml:724(command)
9418
msgid "sudo sysctl -p"
9419
msgstr "sudo sysctl -p"
9420
9421
#: serverguide/C/security.xml:728(para)
9422
msgid ""
9423
"IP Masquerading can now be accomplished with a single iptables rule, which "
9424
"may differ slightly based on your network configuration:"
9425
msgstr "如今根据一条iptables规则即可完成IP伪装,视您的网络而定,其配置可能略有不同。"
9426
9427
#: serverguide/C/security.xml:731(screen)
9428
#, no-wrap
9429
msgid ""
9430
"\n"
9431
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9432
msgstr ""
9433
"\n"
9434
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9435
9436
#: serverguide/C/security.xml:734(para)
9437
msgid ""
9438
"The above command assumes that your private address space is 192.168.0.0/16 "
9439
"and that your Internet-facing device is ppp0. The syntax is broken down as "
9440
"follows:"
9441
msgstr "上面的命令假定您的个人地址空间是 192.168.0.0/16,同时您的网络连接设备是 ppp0。这个语法失效,如下所示:"
9442
9443
#: serverguide/C/security.xml:739(para)
9444
msgid "-t nat -- the rule is to go into the nat table"
9445
msgstr "-t nat -- 该规则将进入 nat 表"
9446
9447
#: serverguide/C/security.xml:740(para)
9448
msgid ""
9449
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
9450
msgstr "-A POSTROUTING -- 该规则将被追加 (-A) 到 POSTROUTING 链"
9451
9452
#: serverguide/C/security.xml:741(para)
9453
msgid ""
9454
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
9455
"specified address space"
9456
msgstr "-s 192.168.0.0/16 -- 该规则将被应用在源自指定地址空间的流量上"
9457
9458
#: serverguide/C/security.xml:742(para)
9459
msgid ""
9460
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
9461
"specified network device"
9462
msgstr "-o ppp0 -- 该规则应用于计划通过指定网络设备的流量。"
9463
9464
#: serverguide/C/security.xml:744(para)
9465
msgid ""
9466
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
9467
"MASQUERADE target to be manipulated as described above"
9468
msgstr "-j MASQUERADE -- 匹配该规则的流量将如上所述 \"跳转\" (-j) 到 MASQUERADE (伪装) 目标。"
9469
9470
#: serverguide/C/security.xml:752(para)
9471
msgid ""
9472
"Also, each chain in the filter table (the default table, and where most or "
9473
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
9474
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
9475
"you may have set the policies to DROP or REJECT, in which case your "
9476
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
9477
"above rule to work:"
9478
msgstr ""
9479
"过滤表中的每个处理链都有一个默认的 ACCEPT "
9480
"<emphasis>策略(policy)</emphasis>,但如果您是为网关设备添加防火墙,那么您可能会将这些策略设置为 DROP 或 "
9481
"REJECT。在这种情况下您伪装过的数据流需要允许通过 FORWARD 链,以使得上述规则正确执行。"
9482
9483
#: serverguide/C/security.xml:759(screen)
9484
#, no-wrap
9485
msgid ""
9486
"\n"
9487
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9488
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9489
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9490
msgstr ""
9491
"\n"
9492
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9493
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9494
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9495
9496
#: serverguide/C/security.xml:763(para)
9497
msgid ""
9498
"The above commands will allow all connections from your local network to the "
9499
"Internet and all traffic related to those connections to return to the "
9500
"machine that initiated them."
9501
msgstr "上面的命令将允许从你的本地网络到互联网的所有连接,以及和这些连接相关的、返回产生它们的计算机的所有流量。"
9502
9503
#: serverguide/C/security.xml:770(para)
9504
msgid ""
9505
"If you want masquerading to be enabled on reboot, which you probably do, "
9506
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
9507
"example add the first command with no filtering:"
9508
msgstr ""
9509
"如果您想在重启以后应用IP伪装,您可能需要编辑<filename>/etc/rc.local</filename>并加入上面使用的任一命令。例如加入没有过"
9510
"滤的第一条命令:"
9511
9512
#: serverguide/C/security.xml:774(screen)
9513
#, no-wrap
9514
msgid ""
9515
"\n"
9516
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9517
msgstr ""
9518
"\n"
9519
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9520
9521
#: serverguide/C/security.xml:782(title)
9522
msgid "Logs"
9523
msgstr "日志"
9524
9525
#: serverguide/C/security.xml:783(para)
9526
msgid ""
9527
"Firewall logs are essential for recognizing attacks, troubleshooting your "
9528
"firewall rules, and noticing unusual activity on your network. You must "
9529
"include logging rules in your firewall for them to be generated, though, and "
9530
"logging rules must come before any applicable terminating rule (a rule with "
9531
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
9532
"REJECT)."
9533
msgstr ""
9534
"防火墙日志对于识别攻击、调试防火墙规则和发现你网络上不正常活动方面非常重要。一定要在防火墙里包含日志生成规则并且日志规则一定是在任何终结性规则之前使用(用"
9535
"来觉得字节包裹命运:如ACCEPT, DROP 或者 REJECT)。"
9536
9537
#: serverguide/C/security.xml:790(para)
9538
msgid ""
9539
"If you are using <application>ufw</application>, you can turn on logging by "
9540
"entering the following in a terminal:"
9541
msgstr "如果你在使用<application>ufw</application>,你可以在终端输入以下内容以开启登录:"
9542
9543
#: serverguide/C/security.xml:794(command)
9544
msgid "sudo ufw logging on"
9545
msgstr "sudo ufw logging on"
9546
9547
#: serverguide/C/security.xml:796(para)
9548
msgid ""
9549
"To turn logging off in <application>ufw</application>, simply replace "
9550
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
9551
"role=\"italic\">off</emphasis> in the above command."
9552
msgstr ""
9553
"为退出登录<application>ufw</application>,在以上命令中用<emphasis "
9554
"role=\"italic\">off</emphasis>替换<emphasis role=\"italic\">on</emphasis>即可。"
9555
9556
#: serverguide/C/security.xml:799(para)
9557
msgid ""
9558
"If using <application>iptables</application> instead of "
9559
"<application>ufw</application>, enter:"
9560
msgstr ""
9561
"如果您要使用<application>ufw</application>来代替<application>iptables</application>,请输"
9562
"入:"
9563
9564
#: serverguide/C/security.xml:802(screen)
9565
#, no-wrap
9566
msgid ""
9567
"\n"
9568
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9569
"prefix \"NEW_HTTP_CONN: \"\n"
9570
msgstr ""
9571
"\n"
9572
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9573
"prefix \"NEW_HTTP_CONN: \"\n"
9574
9575
#: serverguide/C/security.xml:805(para)
9576
msgid ""
9577
"A request on port 80 from the local machine, then, would generate a log in "
9578
"dmesg that looks like this:"
9579
msgstr "一个来自本地计算机的80端口请求,将在dmesg中产生一个log如下:"
9580
9581
#: serverguide/C/security.xml:810(programlisting)
9582
#, no-wrap
9583
msgid ""
9584
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9585
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9586
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9587
"WINDOW=32767 RES=0x00 SYN URGP=0"
9588
msgstr ""
9589
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9590
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9591
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9592
"WINDOW=32767 RES=0x00 SYN URGP=0"
9593
9594
#: serverguide/C/security.xml:812(para)
9595
msgid ""
9596
"The above log will also appear in <filename>/var/log/messages</filename>, "
9597
"<filename>/var/log/syslog</filename>, and "
9598
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
9599
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
9600
"and configuring <application>ulogd</application> and using the ULOG target "
9601
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
9602
"server that listens for logging instructions from the kernel specifically "
9603
"for firewalls, and can log to any file you like, or even to a "
9604
"<application>PostgreSQL</application> or <application>MySQL</application> "
9605
"database. Making sense of your firewall logs can be simplified by using a "
9606
"log analyzing tool such as <application>fwanalog</application>, "
9607
"<application> fwlogwatch</application>, or <application>lire</application>."
9608
msgstr ""
9609
"上面的日志也会出现在<filename>/var/log/messages</filename>、<filename>/var/log/syslog</f"
9610
"ilename> 和 <filename>/var/log/kern.log</filename> 中。这一过程可以通过适当编辑 "
9611
"<filename>/etc/syslog.conf</filename> 或安装配置 <application>ulogd</application> "
9612
"并用 ULOG 代替 LOG 来进行改变。<application>ulogd</application> "
9613
"守护程序是一种用户态服务器可以监听来自内核的防火墙日志指令,并且能够将其写到任何您希望的文件中,甚至是 "
9614
"<application>PostgreSQL</application> 或 <application>MySQL</application> "
9615
"数据库。使用诸如 "
9616
"<application>fwanalog</application>、<application>fwlogwatch</application> 或 "
9617
"<application>lire</application> 日志分析工具将会很轻松地弄懂您的防火墙日志。"
9618
9619
#: serverguide/C/security.xml:827(title)
9620
msgid "Other Tools"
9621
msgstr "其它工具"
9622
9623
#: serverguide/C/security.xml:828(para)
9624
msgid ""
9625
"There are many tools available to help you construct a complete firewall "
9626
"without intimate knowledge of iptables. For the GUI-inclined:"
9627
msgstr "有许多工具可以帮助你不用深奥的iptables的知识就创建一个完整的防火墙。图形操作界面的有:"
9628
9629
#: serverguide/C/security.xml:834(para)
9630
msgid ""
9631
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
9632
"popular and easy to use."
9633
msgstr ""
9634
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink>很流行,使用起来很简单。"
9635
9636
#: serverguide/C/security.xml:839(para)
9637
msgid ""
9638
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
9639
"and will look familiar to an administrator who has used a commercial "
9640
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9641
msgstr ""
9642
"<ulink "
9643
"url=\"http://www.fwbuilder.org/\">fwbuilder</ulink>功能很强大,使用过类似于<application>C"
9644
"heckpoint FireWall-1</application>等商业防火墙软件的管理员会对它很面熟。"
9645
9646
#: serverguide/C/security.xml:845(para)
9647
msgid ""
9648
"If you prefer a command-line tool with plain-text configuration files:"
9649
msgstr "如果你更倾向于使用有纯文本配置文件的命令行工具:"
9650
9651
#: serverguide/C/security.xml:850(para)
9652
msgid ""
9653
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9654
"powerful solution to help you configure an advanced firewall for any network."
9655
msgstr ""
9656
"<ulink "
9657
"url=\"http://www.shorewall.net/\">Shorewall</ulink>是一个非常强大的帮助你配置高级防火墙的解决方案,它适"
9658
"合于任何类型的网络。"
9659
9660
#: serverguide/C/security.xml:856(para)
9661
msgid ""
9662
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9663
"a working firewall \"out of the box\" with zero configuration, and will "
9664
"allow you to easily set up a more advanced firewall by editing simple, well-"
9665
"documented configuration files."
9666
msgstr ""
9667
"<ulink "
9668
"url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink>可以给你一个不用配置、拿来就用的防火墙,也允许你轻"
9669
"松通过编辑简单的、有完整说明的配置文件而创建一个更高级的防火墙。"
9670
9671
#: serverguide/C/security.xml:863(para)
9672
msgid ""
9673
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9674
"designed to be a desktop firewall application. It is made up of a server "
9675
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9676
"like many popular interactive firewall applications for Windows."
9677
msgstr ""
9678
"<ulink "
9679
"url=\"http://fireflier.sourceforge.net/\">fireflier</ulink>是一个桌面防火墙软件。由一个服务器("
9680
"fireflier-server)和图形操作界面客户端(GTK或QT)组成,很像许多流行的Windows交互式防火墙软件。"
9681
9682
#: serverguide/C/security.xml:875(para)
9683
msgid ""
9684
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9685
"Firewall</ulink> wiki page contains information on the development of "
9686
"<application>ufw</application>."
9687
msgstr ""
9688
"<ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9689
"Firewall</ulink>的维基百科页面包含了有关<application>ufw</application>的开发信息。"
9690
9691
#: serverguide/C/security.xml:881(para)
9692
msgid ""
9693
"Also, the <application>ufw</application> manual page contains some very "
9694
"useful information: <command>man ufw</command>."
9695
msgstr ""
9696
"同时,<application>ufw</application>的使用手册包含了一些非常有用的内容:<command>man ufw</command>"
9697
9698
#: serverguide/C/security.xml:886(para)
9699
msgid ""
9700
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9701
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9702
"on using <application>iptables</application>."
9703
msgstr ""
9704
"更多有关如何使用<application>iptables</application>的信息请参看<ulink "
9705
"url=\"http://www.netfilter.org/documentation/HOWTO/packet-filtering-"
9706
"HOWTO.html\">packet-filtering-HOWTO</ulink>。"
9707
9708
#: serverguide/C/security.xml:892(para)
9709
msgid ""
9710
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9711
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9712
msgstr ""
9713
"<ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9714
"HOWTO.html\">nat-HOWTO</ulink>包含了有关伪装地址的更多细节。"
9715
9716
#: serverguide/C/security.xml:898(para)
9717
msgid ""
9718
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9719
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9720
msgstr ""
9721
9722
#: serverguide/C/security.xml:906(title)
9723
msgid "AppArmor"
9724
msgstr "AppArmor"
9725
9726
#: serverguide/C/security.xml:907(para)
9727
msgid ""
9728
"<application>AppArmor</application> is a Linux Security Module "
9729
"implementation of name-based mandatory access controls. AppArmor confines "
9730
"individual programs to a set of listed files and posix 1003.1e draft "
9731
"capabilities."
9732
msgstr ""
9733
"<application>AppArmor</application> 是一个实施了基于名称强制存取控制的Linux安全模组。AppArmor "
9734
"界定了单个程序进入一组文件列表的权限并遵循posix 1003.1e 草稿的能力。"
9735
9736
#: serverguide/C/security.xml:911(para)
9737
msgid ""
9738
"<application>AppArmor</application> is installed and loaded by default. It "
9739
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9740
"and permissions the application requires. Some packages will install their "
9741
"own profiles, and additional profiles can be found in the "
9742
"<application>apparmor-profiles</application> package."
9743
msgstr ""
9744
"默认情况下<application>AppArmor</application>已安装并载入。它使用每个程序的<emphasis>profiles</em"
9745
"phasis>来确定这个程序需要什么文件和权限。有些包会安装它们自己的profiles,额外的profiles可以在<application>apparm"
9746
"or-profiles</application>包里找到。"
9747
9748
#: serverguide/C/security.xml:916(para)
9749
msgid ""
9750
"To install the <application>apparmor-profiles</application> package from a "
9751
"terminal prompt:"
9752
msgstr "要安装<application>apparmor-profiles</application>软件包,在终端输入:"
9753
9754
#: serverguide/C/security.xml:922(para)
9755
msgid "AppArmor profiles have two modes of execution:"
9756
msgstr "AppArmor配置文件有两种执行模式:"
9757
9758
#: serverguide/C/security.xml:927(para)
9759
msgid ""
9760
"Complaining/Learning: profile violations are permitted and logged. Useful "
9761
"for testing and developing new profiles."
9762
msgstr "投诉/学习: 允许并记录配置文件的冲突。对于测试并开发新的配置文件有用途。"
9763
9764
#: serverguide/C/security.xml:932(para)
9765
msgid ""
9766
"Enforced/Confined: enforces profile policy as well as logging the violation."
9767
msgstr "强制/受限:强制配置策略及违规记录。"
9768
9769
#: serverguide/C/security.xml:938(title)
9770
msgid "Using AppArmor"
9771
msgstr "使用 AppArmor"
9772
9773
#: serverguide/C/security.xml:939(para)
9774
msgid ""
9775
"The <application>apparmor-utils</application> package contains command line "
9776
"utilities that you can use to change the <application>AppArmor</application> "
9777
"execution mode, find the status of a profile, create new profiles, etc."
9778
msgstr ""
9779
"<application>apparmor-"
9780
"utils</application>软件包包含一些命令行工具,使用它们您可以更改<application>AppArmor</application>的"
9781
"执行模式、查看配置文件的状态、创建新的配置文件等等。"
9782
9783
#: serverguide/C/security.xml:945(para)
9784
msgid ""
9785
"<application>apparmor_status</application> is used to view the current "
9786
"status of AppArmor profiles."
9787
msgstr "<application>apparmor_status</application>是用来查看AppArmor配置文件的当前状态的。"
9788
9789
#: serverguide/C/security.xml:949(command)
9790
msgid "sudo apparmor_status"
9791
msgstr "sudo apparmor_status"
9792
9793
#: serverguide/C/security.xml:953(para)
9794
msgid ""
9795
"<application>aa-complain</application> places a profile into "
9796
"<emphasis>complain</emphasis> mode."
9797
msgstr ""
9798
"<application>aa-"
9799
"complain</application>将一个配置文件置入<emphasis>complain</emphasis>模式。"
9800
9801
#: serverguide/C/security.xml:957(command)
9802
msgid "sudo aa-complain /path/to/bin"
9803
msgstr "sudo aa-complain /path/to/bin"
9804
9805
#: serverguide/C/security.xml:961(para)
9806
msgid ""
9807
"<application>aa-enforce</application> places a profile into "
9808
"<emphasis>enforce</emphasis> mode."
9809
msgstr ""
9810
"<application>aa-enforce</application>将一个配置文件置入<emphasis>enforce</emphasis>模式。"
9811
9812
#: serverguide/C/security.xml:965(command)
9813
msgid "sudo aa-enforce /path/to/bin"
9814
msgstr "sudo aa-enforce /path/to/bin"
9815
9816
#: serverguide/C/security.xml:969(para)
9817
msgid ""
9818
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9819
"profiles are located. It can be used to manipulate the "
9820
"<emphasis>mode</emphasis> of all profiles."
9821
msgstr ""
9822
"<filename>/etc/apparmor.d</filename>目录是AppArmor配置文件的所在之处。可用来操作所有配置文件的<emphasi"
9823
"s>模式mode</emphasis>。"
9824
9825
#: serverguide/C/security.xml:973(para)
9826
msgid "Enter the following to place all profiles into complain mode:"
9827
msgstr "要将所有配置文件置入complain模式,输入:"
9828
9829
#: serverguide/C/security.xml:977(command)
9830
msgid "sudo aa-complain /etc/apparmor.d/*"
9831
msgstr "sudo aa-complain /etc/apparmor.d/*"
9832
9833
#: serverguide/C/security.xml:979(para)
9834
msgid "To place all profiles in enforce mode:"
9835
msgstr "要将所有配置文件置入enforce模式:"
9836
9837
#: serverguide/C/security.xml:983(command)
9838
msgid "sudo aa-enforce /etc/apparmor.d/*"
9839
msgstr "sudo aa-enforce /etc/apparmor.d/*"
9840
9841
#: serverguide/C/security.xml:987(para)
9842
msgid ""
9843
"<application>apparmor_parser</application> is used to load a profile into "
9844
"the kernel. It can also be used to reload a currently loaded profile using "
9845
"the <emphasis>-r</emphasis> option. To load a profile:"
9846
msgstr ""
9847
"<application>apparmor_parser</application>用来将一个配置文件载入内核。它也可以通过使用<emphasis>-"
9848
"r</emphasis>选项来重新载入当前已载入的配置文件。要载入一个配置文件:"
9849
9850
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
9851
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9852
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9853
9854
#: serverguide/C/security.xml:994(para)
9855
msgid "To reload a profile:"
9856
msgstr "要重新载入一个配置文件:"
9857
9858
#: serverguide/C/security.xml:998(command)
9859
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9860
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9861
9862
#: serverguide/C/security.xml:1002(para)
9863
msgid ""
9864
"<filename>/etc/init.d/apparmor</filename> can be used to "
9865
"<emphasis>reload</emphasis> all profiles:"
9866
msgstr ""
9867
"<filename>/etc/init.d/apparmor</filename>可用来<emphasis>重新载入</emphasis>所有配置文件:"
9868
9869
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
9870
msgid "sudo /etc/init.d/apparmor reload"
9871
msgstr "sudo /etc/init.d/apparmor reload"
9872
9873
#: serverguide/C/security.xml:1010(para)
9874
msgid ""
9875
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9876
"with the <application>apparmor_parser -R</application> option to "
9877
"<emphasis>disable</emphasis> a profile."
9878
msgstr ""
9879
"The "
9880
"<filename>/etc/apparmor.d/disable</filename>目录可以和<application>apparmor_parser"
9881
" -R</application>选项一起使用以<emphasis>禁用</emphasis>一个配置文件。"
9882
9883
#: serverguide/C/security.xml:1015(command)
9884
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9885
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9886
9887
#: serverguide/C/security.xml:1016(command)
9888
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9889
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9890
9891
#: serverguide/C/security.xml:1018(para)
9892
msgid ""
9893
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9894
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9895
"load the profile using the <emphasis>-a</emphasis> option."
9896
msgstr ""
9897
"要<emphasis>重新激活</emphasis> 一个已禁用的配置文件,请在 "
9898
"<filename>/etc/apparmor.d/disable/</filename>里删除到其配置文件的软链接。然后使用选项 <emphasis>-"
9899
"a</emphasis>载入配置文件。"
9900
9901
#: serverguide/C/security.xml:1023(command)
9902
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9903
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
9904
9905
#: serverguide/C/security.xml:1028(para)
9906
msgid ""
9907
"<application>AppArmor</application> can be disabled, and the kernel module "
9908
"unloaded by entering the following:"
9909
msgstr "<application>AppArmor</application>可以被禁用,其内核模块可以通过输入以下命令卸载:"
9910
9911
#: serverguide/C/security.xml:1032(command)
9912
msgid "sudo /etc/init.d/apparmor stop"
9913
msgstr "sudo /etc/init.d/apparmor stop"
9914
9915
#: serverguide/C/security.xml:1033(command)
9916
msgid "sudo update-rc.d -f apparmor remove"
9917
msgstr "sudo update-rc.d -f apparmor remove"
9918
9919
#: serverguide/C/security.xml:1037(para)
9920
msgid "To re-enable <application>AppArmor</application> enter:"
9921
msgstr "要重新启用<application>AppArmor</application>,输入:"
9922
9923
#: serverguide/C/security.xml:1041(command)
9924
msgid "sudo /etc/init.d/apparmor start"
9925
msgstr "sudo /etc/init.d/apparmor start"
9926
9927
#: serverguide/C/security.xml:1042(command)
9928
msgid "sudo update-rc.d apparmor defaults"
9929
msgstr "sudo update-rc.d apparmor defaults"
9930
9931
#: serverguide/C/security.xml:1047(para)
9932
msgid ""
9933
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9934
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9935
"the actual executable file path. For example for the "
9936
"<application>ping</application> command use <filename>/bin/ping</filename>"
9937
msgstr ""
9938
"用你操作的profile名称来替代<emphasis>profile.name</emphasis>。再有,用实际的执行文件的路径来代替<filename"
9939
">/path/to/bin/</filename>。例如,使用<filename>/bin/ping</filename>来替代<application>"
9940
"ping</application>"
9941
9942
#: serverguide/C/security.xml:1055(title)
9943
msgid "Profiles"
9944
msgstr "配置文件"
9945
9946
#: serverguide/C/security.xml:1056(para)
9947
msgid ""
9948
"<application>AppArmor</application> profiles are simple text files located "
9949
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9950
"path to the executable they profile replacing the \"/\" with \".\". For "
9951
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9952
"profile for the <filename>/bin/ping</filename> command."
9953
msgstr ""
9954
9955
#: serverguide/C/security.xml:1062(para)
9956
msgid "There are two main type of rules used in profiles:"
9957
msgstr "在配置文件中,主要有两种类型的规则"
9958
9959
#: serverguide/C/security.xml:1067(para)
9960
msgid ""
9961
"<emphasis>Path entries:</emphasis> which detail which files an application "
9962
"can access in the file system."
9963
msgstr "<emphasis>路径 项:</emphasis> 指定文件系统中哪些文件是一个应用程序可以访问的。"
9964
9965
#: serverguide/C/security.xml:1072(para)
9966
msgid ""
9967
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9968
"confined process is allowed to use."
9969
msgstr ""
9970
9971
#: serverguide/C/security.xml:1077(para)
9972
msgid ""
9973
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9974
msgstr "作为一个例子来看看<filename>/etc/apparmor.d/bin.ping</filename>:"
9975
9976
#: serverguide/C/security.xml:1080(programlisting)
9977
#, no-wrap
9978
msgid ""
9979
"\n"
9980
"#include <tunables/global>\n"
9981
"/bin/ping flags=(complain) {\n"
9982
" #include <abstractions/base>\n"
9983
" #include <abstractions/consoles>\n"
9984
" #include <abstractions/nameservice>\n"
9985
"\n"
9986
" capability net_raw,\n"
9987
" capability setuid,\n"
9988
" network inet raw,\n"
9989
" \n"
9990
" /bin/ping mixr,\n"
9991
" /etc/modules.conf r,\n"
9992
"}\n"
9993
msgstr ""
9994
"\n"
9995
"#include <tunables/global>\n"
9996
"/bin/ping flags=(complain) {\n"
9997
" #include <abstractions/base>\n"
9998
" #include <abstractions/consoles>\n"
9999
" #include <abstractions/nameservice>\n"
10000
"\n"
10001
" capability net_raw,\n"
10002
" capability setuid,\n"
10003
" network inet raw,\n"
10004
" \n"
10005
" /bin/ping mixr,\n"
10006
" /etc/modules.conf r,\n"
10007
"}\n"
10008
10009
#: serverguide/C/security.xml:1097(para)
10010
msgid ""
10011
"<emphasis>#include <tunables/global>:</emphasis> include statements "
10012
"from other files. This allows statements pertaining to multiple applications "
10013
"to be placed in a common file."
10014
msgstr ""
10015
"<emphasis>#include "
10016
"<tunables/global>:</emphasis>包含了来自另外文件的声明。这样做使得来自不同应用程序的相关声明都被放置在同一个文件中"
10017
"。"
10018
10019
#: serverguide/C/security.xml:1103(para)
10020
msgid ""
10021
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
10022
"program, also setting the mode to <emphasis>complain</emphasis>."
10023
msgstr ""
10024
10025
#: serverguide/C/security.xml:1109(para)
10026
msgid ""
10027
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
10028
"the CAP_NET_RAW Posix.1e capability."
10029
msgstr ""
10030
"<emphasis>capability net_raw,:</emphasis> 允许程序拥有连接 CAP_NET_RAW Posix.1e 的能力。"
10031
10032
#: serverguide/C/security.xml:1114(para)
10033
msgid ""
10034
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
10035
"execute access to the file."
10036
msgstr "<emphasis>/bin/ping mixr,:</emphasis> 允许应用程序读取和执行该文件。"
10037
10038
#: serverguide/C/security.xml:1120(para)
10039
msgid ""
10040
"After editing a profile file the profile must be reloaded. See <xref "
10041
"linkend=\"apparmor-usage\"/> for details."
10042
msgstr "编辑配置文件后必须重新载入配置文件。参看<xref linkend=\"apparmor-usage\"/> 获取详情"
10043
10044
#: serverguide/C/security.xml:1125(title)
10045
msgid "Creating a Profile"
10046
msgstr "创建配置文件"
10047
10048
#: serverguide/C/security.xml:1128(para)
10049
msgid ""
10050
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
10051
"application should be exercised. The test plan should be divided into small "
10052
"test cases. Each test case should have a small description and list the "
10053
"steps to follow."
10054
msgstr ""
10055
"<emphasis>设计测试计划:</emphasis> "
10056
"试着思考应用程序会怎样运行。测试计划可以分解为小的测试用例。对每个测试用例,应该有个简短的描述,并列出应该执行的步骤。"
10057
10058
#: serverguide/C/security.xml:1132(para)
10059
msgid "Some standard test cases are:"
10060
msgstr "一些标准的测试情况是:"
10061
10062
#: serverguide/C/security.xml:1137(para)
10063
msgid "Starting the program."
10064
msgstr "启动程序。"
10065
10066
#: serverguide/C/security.xml:1142(para)
10067
msgid "Stopping the program."
10068
msgstr "停止程序。"
10069
10070
#: serverguide/C/security.xml:1147(para)
10071
msgid "Reloading the program."
10072
msgstr "重新载入程序。"
10073
10074
#: serverguide/C/security.xml:1152(para)
10075
msgid "Testing all the commands supported by the init script."
10076
msgstr "测试所有init脚本支持的命令。"
10077
10078
#: serverguide/C/security.xml:1159(para)
10079
msgid ""
10080
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
10081
"genprof</application> to generate a new profile. From a terminal:"
10082
msgstr ""
10083
"<emphasis>生成新配置文件:</emphasis> 使用 <application>aa-genprof</application> "
10084
"生成新的配置文件。在终端输入:"
10085
10086
#: serverguide/C/security.xml:1164(command)
10087
msgid "sudo aa-genprof executable"
10088
msgstr "sudo aa-genprof executable"
10089
10090
#: serverguide/C/security.xml:1166(para)
10091
msgid "For example:"
10092
msgstr "例如:"
10093
10094
#: serverguide/C/security.xml:1170(command)
10095
msgid "sudo aa-genprof slapd"
10096
msgstr "sudo aa-genprof slapd"
10097
10098
#: serverguide/C/security.xml:1174(para)
10099
msgid ""
10100
"To get your new profile included in the <application>apparmor-"
10101
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
10102
"against the <ulink "
10103
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
10104
"/ulink> package:"
10105
msgstr ""
10106
"要想让你的配置文件被包含于 <application>apparmor-profiles</application> "
10107
"包内,在<emphasis>Launchpad</emphasis>上向<ulink "
10108
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
10109
"/ulink>发一个bug报告:"
10110
10111
#: serverguide/C/security.xml:1181(para)
10112
msgid "Include your test plan and test cases."
10113
msgstr "包含您的测试计划和测试用例。"
10114
10115
#: serverguide/C/security.xml:1186(para)
10116
msgid "Attach your new profile to the bug."
10117
msgstr "在bug报告里附上你的新配置文件。"
10118
10119
#: serverguide/C/security.xml:1195(title)
10120
msgid "Updating Profiles"
10121
msgstr "更新配置文件"
10122
10123
#: serverguide/C/security.xml:1196(para)
10124
msgid ""
10125
"When the program is misbehaving, audit messages are sent to the log files. "
10126
"The program <application>aa-logprof</application> can be used to scan log "
10127
"files for <application>AppArmor</application> audit messages, review them "
10128
"and update the profiles. From a terminal:"
10129
msgstr ""
10130
10131
#: serverguide/C/security.xml:1201(command)
10132
msgid "sudo aa-logprof"
10133
msgstr "sudo aa-logprof"
10134
10135
#: serverguide/C/security.xml:1209(para)
10136
msgid ""
10137
"See the <ulink "
10138
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
10139
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
10140
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
10141
"configuration options."
10142
msgstr ""
10143
"你可以在<ulink "
10144
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
10145
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
10146
"r_admin.html\">AppArmor 管理指南</ulink>找到高级配置选项。"
10147
10148
#: serverguide/C/security.xml:1216(para)
10149
msgid ""
10150
"For details using AppArmor with other Ubuntu releases see the <ulink "
10151
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
10152
"Wiki</ulink> page."
10153
msgstr ""
10154
"关于AppArmor在其他Ubuntu发行版的详细用法请看<ulink "
10155
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
10156
"Wiki</ulink>"
10157
10158
#: serverguide/C/security.xml:1224(para)
10159
msgid ""
10160
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
10161
"page is another introduction to AppArmor."
10162
msgstr ""
10163
"<ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
10164
"是另一个对AppArmor的介绍。"
10165
10166
#: serverguide/C/security.xml:1231(para)
10167
msgid ""
10168
"A great place to ask for <application>AppArmor</application> assistance, and "
10169
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
10170
"server</emphasis> IRC channel on <ulink "
10171
"url=\"http://freenode.net\">freenode</ulink>."
10172
msgstr ""
10173
"在 <ulink url=\"http://freenode.net\">freenode</ulink> 上的 <emphasis>#ubuntu-"
10174
"server</emphasis> IRC 聊天频道是一个寻求AppArmor帮助和参与Ubuntu Server社区的一个好地方。"
10175
10176
#: serverguide/C/security.xml:1241(title)
10177
msgid "Certificates"
10178
msgstr "证书"
10179
10180
#: serverguide/C/security.xml:1242(para)
10181
msgid ""
10182
"One of the most common forms of cryptography today is <emphasis>public-"
10183
"key</emphasis> cryptography. Public-key cryptography utilizes a "
10184
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
10185
"system works by <emphasis>encrypting</emphasis> information using the public "
10186
"key. The information can then only be <emphasis>decrypted</emphasis> using "
10187
"the private key."
10188
msgstr ""
10189
"<emphasis>公开密钥加密</emphasis>是当今使用最普遍的加密方式之一。公开密钥加密利用一个<emphasis>公钥</emphasis>和"
10190
"一个<emphasis>私钥</emphasis>来完成加解密。系统使用公钥来<emphasis>加密</emphasis>信息,加密后的信息只有用<em"
10191
"phasis>私钥</emphasis>才可以解密。"
10192
10193
#: serverguide/C/security.xml:1248(para)
10194
msgid ""
10195
"A common use for public-key cryptography is encrypting application traffic "
10196
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
10197
"connection. For example, configuring Apache to provide "
10198
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
10199
"encrypt traffic using a protocol that does not itself provide encryption."
10200
msgstr ""
10201
"一个公开密钥加密的普遍用法是使用SSL或者TLS加密应用程序传输的数据。例如,配置Apache提供HTTPS(HTTP over "
10202
"SSL)。这样可以提供一种方式来加密不自己实现加密机制的协议产生的流量。"
10203
10204
#: serverguide/C/security.xml:1253(para)
10205
msgid ""
10206
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
10207
"<emphasis>public key</emphasis> and other information about a server and the "
10208
"organization who is responsible for it. Certificates can be digitally signed "
10209
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
10210
"third party that has confirmed that the information contained in the "
10211
"certificate is accurate."
10212
msgstr ""
10213
"<emphasis>数字证书</emphasis>是一种传播公钥和关于服务器以及对其负责的组织的信息的一种方式。数字证书可以被<emphasis>证书认证"
10214
"机构(CA)</emphasis>签名。CA是一个被信任的第三方机构,用来保证被签名的数字证书内所包含的信息是准确有效的。"
10215
10216
#: serverguide/C/security.xml:1260(title)
10217
msgid "Types of Certificates"
10218
msgstr "证书类型"
10219
10220
#: serverguide/C/security.xml:1261(para)
10221
msgid ""
10222
"To set up a secure server using public-key cryptography, in most cases, you "
10223
"send your certificate request (including your public key), proof of your "
10224
"company's identity, and payment to a CA. The CA verifies the certificate "
10225
"request and your identity, and then sends back a certificate for your secure "
10226
"server. Alternatively, you can create your own <emphasis>self-"
10227
"signed</emphasis> certificate."
10228
msgstr ""
10229
"大多数情况下,要配置一个使用公开密钥加密的安全服务器,你需要:(1)向CA发送你的证书请求(CSR,里面包含你的公钥),证明你的公司的身份,并且付给CA一"
10230
"定的费用 "
10231
"(2)CA验证你的证书请求和身份,并且使用它的私钥签名,制作成证书发回来。或者,你可以自己创建一个<emphasis>自签名<emphasis>的证书。"
10232
10233
#: serverguide/C/security.xml:1271(para)
10234
msgid ""
10235
"Note, that self-signed certificates should not be used in most production "
10236
"environments."
10237
msgstr "注意, 自签名的证书不应当被用在生产环境上。"
10238
10239
#: serverguide/C/security.xml:1275(para)
10240
msgid ""
10241
"Continuing the HTTPS example, a CA-signed certificate provides two important "
10242
"capabilities that a self-signed certificate does not:"
10243
msgstr "继续HTTPS的例子,一个CA签署的证书可以提供两个自签名证书不能提供的重要的能力:"
10244
10245
#: serverguide/C/security.xml:1282(para)
10246
msgid ""
10247
"Browsers (usually) automatically recognize the certificate and allow a "
10248
"secure connection to be made without prompting the user."
10249
msgstr "浏览器 (通常) 会自动地识别证书并且在不提示用户的情况下允许创建一个安全连接。"
10250
10251
#: serverguide/C/security.xml:1289(para)
10252
msgid ""
10253
"When a CA issues a signed certificate, it is guaranteeing the identity of "
10254
"the organization that is providing the web pages to the browser."
10255
msgstr "当一个 CA 生成一个签署过的证书,它为提供网页给浏览器的组织提供身份担保。"
10256
10257
#: serverguide/C/security.xml:1297(para)
10258
msgid ""
10259
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
10260
"certificates they automatically accept. If a browser encounters a "
10261
"certificate whose authorizing CA is not in the list, the browser asks the "
10262
"user to either accept or decline the connection. Also, other applications "
10263
"may generate an error message when using a self-singed certificate."
10264
msgstr ""
10265
"大部分支持SSL的Web浏览器和操作系统都有一个CA列表,被这些CA签署的证书会被自动接受。如果浏览器遇到了一个被不在信任列表内的CA签署的证书时,会询问"
10266
"用户接受或者拒绝连接。同样,其他的程序可能会在遇到自签名证书是提示错误。"
10267
10268
#: serverguide/C/security.xml:1305(para)
10269
msgid ""
10270
"The process of getting a certificate from a CA is fairly easy. A quick "
10271
"overview is as follows:"
10272
msgstr "从CA获得一个数字证书相当简单。下面是简要步骤:"
10273
10274
#: serverguide/C/security.xml:1312(para)
10275
msgid "Create a private and public encryption key pair."
10276
msgstr "创建一个私有和公共密钥对"
10277
10278
#: serverguide/C/security.xml:1315(para)
10279
msgid ""
10280
"Create a certificate request based on the public key. The certificate "
10281
"request contains information about your server and the company hosting it."
10282
msgstr "基于公钥创建一个证书请求。证书请求包含您服务器及公司信息。"
10283
10284
#: serverguide/C/security.xml:1320(para)
10285
msgid ""
10286
"Send the certificate request, along with documents proving your identity, to "
10287
"a CA. We cannot tell you which certificate authority to choose. Your "
10288
"decision may be based on your past experiences, or on the experiences of "
10289
"your friends or colleagues, or purely on monetary factors."
10290
msgstr ""
10291
"发送证书请求,并随之提供您的身份文档到一个 CA。我们不能告诉您选择哪个证书颁发机构。您可以基于您以往的经验或您朋友或同事的经验或纯粹基于经济因素来决定。"
10292
10293
#: serverguide/C/security.xml:1326(para)
10294
msgid ""
10295
"Once you have decided upon a CA, you need to follow the instructions they "
10296
"provide on how to obtain a certificate from them."
10297
msgstr "一旦您选定一家 CA,您需要根据他们所提供的规程来从他们那里获得证书。"
10298
10299
#: serverguide/C/security.xml:1331(para)
10300
msgid ""
10301
"When the CA is satisfied that you are indeed who you claim to be, they send "
10302
"you a digital certificate."
10303
msgstr "当 CA 确定您确实如您所声称的那样时,他们将发给您一个数字证书。"
10304
10305
#: serverguide/C/security.xml:1335(para)
10306
msgid ""
10307
"Install this certificate on your secure server, and configure the "
10308
"appropriate applications to use the certificate."
10309
msgstr "将此证书安装到您的安全服务器,并使用证书配置相应的程序。"
10310
10311
#: serverguide/C/security.xml:1344(title)
10312
msgid "Generating a Certificate Signing Request (CSR)"
10313
msgstr "生成一个证书签署请求 (CSR)"
10314
10315
#: serverguide/C/security.xml:1346(para)
10316
msgid ""
10317
"Whether you are getting a certificate from a CA or generating your own self-"
10318
"signed certificate, the first step is to generate a key."
10319
msgstr "无论您是从一家 CA 那儿获得证书或是生成您自己签署的证书,第一步就是生成钥匙。"
10320
10321
#: serverguide/C/security.xml:1351(para)
10322
msgid ""
10323
"If the certificate will be used by service daemons, such as Apache, Postfix, "
10324
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
10325
"passphrase allows the services to start without manual intervention, usually "
10326
"the preferred way to start a daemon."
10327
msgstr ""
10328
"如果数字证书被服务进程使用(比如Apache,Postfix,Dovecot等等),一个没有密码保护的私钥是适用的。私钥没有密码保护可以让服务在没有人工干"
10329
"预的情况下启动,通常这是启动服务的首选方式。"
10330
10331
#: serverguide/C/security.xml:1357(para)
10332
msgid ""
10333
"This section will cover generating a key with a passphrase, and one without. "
10334
"The non-passphrase key will then be used to generate a certificate that can "
10335
"be used with various service daemons."
10336
msgstr "这一节的内容包括生成有密码保护和没有密码保护的密钥。没有密码保护的密钥将被用做生成一个可被各种服务使用的数字证书。"
10337
10338
#: serverguide/C/security.xml:1363(para)
10339
msgid ""
10340
"Running your secure service without a passphrase is convenient because you "
10341
"will not need to enter the passphrase every time you start your secure "
10342
"service. But it is insecure and a compromise of the key means a compromise "
10343
"of the server as well."
10344
msgstr ""
10345
"使用没有密码保护的私钥来运行服务很方便,因为你不需要在每次启动服务的时候输入密码。但是这是不安全的,而且对私钥的威胁同样也是对服务器的威胁。"
10346
10347
#: serverguide/C/security.xml:1370(para)
10348
msgid ""
10349
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
10350
"Request (CSR) run the following command from a terminal prompt:"
10351
msgstr "在终端提示符下运行以下命令来为这个证书签名请求(CSR)生成<emphasis>keys</emphasis>:"
10352
10353
#: serverguide/C/security.xml:1376(command)
10354
msgid "openssl genrsa -des3 -out server.key 1024"
10355
msgstr "openssl genrsa -des3 -out server.key 1024"
10356
10357
#: serverguide/C/security.xml:1379(programlisting)
10358
#, no-wrap
10359
msgid ""
10360
"\n"
10361
"Generating RSA private key, 1024 bit long modulus\n"
10362
".....................++++++\n"
10363
".................++++++\n"
10364
"unable to write 'random state'\n"
10365
"e is 65537 (0x10001)\n"
10366
"Enter pass phrase for server.key:\n"
10367
msgstr ""
10368
"\n"
10369
"Generating RSA private key, 1024 bit long modulus\n"
10370
".....................++++++\n"
10371
".................++++++\n"
10372
"unable to write 'random state'\n"
10373
"e is 65537 (0x10001)\n"
10374
"Enter pass phrase for server.key:\n"
10375
10376
#: serverguide/C/security.xml:1388(para)
10377
msgid ""
10378
"You can now enter your passphrase. For best security, it should at least "
10379
"contain eight characters. The minimum length when specifying -des3 is four "
10380
"characters. It should include numbers and/or punctuation and not be a word "
10381
"in a dictionary. Also remember that your passphrase is case-sensitive."
10382
msgstr ""
10383
"您现在可以输入您的 passphrase。为了最大程度的安全,它至少应该包含八个字符。当指定 -des3 "
10384
"时最小长度为四个字符。它应该包含数字和/或标点符号,并且不应该是字典中的单词。也请记住您的 passphrase 是大小写敏感的。"
10385
10386
#: serverguide/C/security.xml:1396(para)
10387
msgid ""
10388
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
10389
"server key is generated and stored in the <filename>server.key</filename> "
10390
"file."
10391
msgstr ""
10392
10393
#: serverguide/C/security.xml:1402(para)
10394
msgid ""
10395
"Now create the insecure key, the one without a passphrase, and shuffle the "
10396
"key names:"
10397
msgstr ""
10398
10399
#: serverguide/C/security.xml:1408(command)
10400
msgid "openssl rsa -in server.key -out server.key.insecure"
10401
msgstr "openssl rsa -in server.key -out server.key.insecure"
10402
10403
#: serverguide/C/security.xml:1409(command)
10404
msgid "mv server.key server.key.secure"
10405
msgstr "mv server.key server.key.secure"
10406
10407
#: serverguide/C/security.xml:1410(command)
10408
msgid "mv server.key.insecure server.key"
10409
msgstr "mv server.key.insecure server.key"
10410
10411
#: serverguide/C/security.xml:1413(para)
10412
msgid ""
10413
"The insecure key is now named <filename>server.key</filename>, and you can "
10414
"use this file to generate the CSR without passphrase."
10415
msgstr ""
10416
10417
#: serverguide/C/security.xml:1418(para)
10418
msgid "To create the CSR, run the following command at a terminal prompt:"
10419
msgstr "要创建 CSR,可以在终端提示符后运行以下命令:"
10420
10421
#: serverguide/C/security.xml:1423(command)
10422
msgid "openssl req -new -key server.key -out server.csr"
10423
msgstr "openssl req -new -key server.key -out server.csr"
10424
10425
#: serverguide/C/security.xml:1426(para)
10426
msgid ""
10427
"It will prompt you enter the passphrase. If you enter the correct "
10428
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
10429
"etc. Once you enter all these details, your CSR will be created and it will "
10430
"be stored in the <filename>server.csr</filename> file."
10431
msgstr ""
10432
10433
#: serverguide/C/security.xml:1434(para)
10434
msgid ""
10435
"You can now submit this CSR file to a CA for processing. The CA will use "
10436
"this CSR file and issue the certificate. On the other hand, you can create "
10437
"self-signed certificate using this CSR."
10438
msgstr ""
10439
10440
#: serverguide/C/security.xml:1442(title)
10441
msgid "Creating a Self-Signed Certificate"
10442
msgstr "创建一个自己签署的证书"
10443
10444
#: serverguide/C/security.xml:1443(para)
10445
msgid ""
10446
"To create the self-signed certificate, run the following command at a "
10447
"terminal prompt:"
10448
msgstr "要创建自己签署的证书,在终端提示符下运行以下命令:"
10449
10450
#: serverguide/C/security.xml:1448(command)
10451
msgid ""
10452
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
10453
"server.crt"
10454
msgstr ""
10455
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
10456
"server.crt"
10457
10458
#: serverguide/C/security.xml:1451(para)
10459
msgid ""
10460
"The above command will prompt you to enter the passphrase. Once you enter "
10461
"the correct passphrase, your certificate will be created and it will be "
10462
"stored in the <filename>server.crt</filename> file."
10463
msgstr ""
10464
"上述命令将提示您输入 passphrase。一旦您输入正确的 passphrase,您的证书将被创建并将保存在 "
10465
"<filename>server.crt</filename> 文件中。"
10466
10467
#: serverguide/C/security.xml:1456(para)
10468
msgid ""
10469
"If your secure server is to be used in a production environment, you "
10470
"probably need a CA-signed certificate. It is not recommended to use self-"
10471
"signed certificate."
10472
msgstr "如果您的安全服务器被用在生产环境中,你也许需要 CA 签署的证书。并不推荐使用自己签署的证书。"
10473
10474
#: serverguide/C/security.xml:1464(title)
10475
msgid "Installing the Certificate"
10476
msgstr "安装证书"
10477
10478
#: serverguide/C/security.xml:1466(para)
10479
msgid ""
10480
"You can install the key file <filename>server.key</filename> and certificate "
10481
"file <filename>server.crt</filename>, or the certificate file issued by your "
10482
"CA, by running following commands at a terminal prompt:"
10483
msgstr ""
10484
"您可以通过在终端提示符下运行以下命令来安装密钥文件<filename>server.key</filename>和证书文件<filename>server"
10485
".crt</filename>,或是由您的CA签发的证书文件。"
10486
10487
#: serverguide/C/security.xml:1472(command)
10488
msgid "sudo cp server.crt /etc/ssl/certs"
10489
msgstr "sudo cp server.crt /etc/ssl/certs"
10490
10491
#: serverguide/C/security.xml:1473(command)
10492
msgid "sudo cp server.key /etc/ssl/private"
10493
msgstr "sudo cp server.key /etc/ssl/private"
10494
10495
#: serverguide/C/security.xml:1475(para)
10496
msgid ""
10497
"Now simply configure any applications, with the ability to use public-key "
10498
"cryptography, to use the <emphasis>certificate</emphasis> and "
10499
"<emphasis>key</emphasis> files. For example, "
10500
"<application>Apache</application> can provide HTTPS, "
10501
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
10502
msgstr ""
10503
10504
#: serverguide/C/security.xml:1482(title)
10505
msgid "Certification Authority"
10506
msgstr "认证机构"
10507
10508
#: serverguide/C/security.xml:1484(para)
10509
msgid ""
10510
"If the services on your network require more than a few self-signed "
10511
"certificates it may be worth the additional effort to setup your own "
10512
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
10513
"certificates signed by your own CA, allows the various services using the "
10514
"certificates to easily trust other services using certificates issued from "
10515
"the same CA."
10516
msgstr ""
10517
10518
#: serverguide/C/security.xml:1494(para)
10519
msgid ""
10520
"First, create the directories to hold the CA certificate and related files:"
10521
msgstr "首先,创建一个目录,用来存放CA证书及其相关文件:"
10522
10523
#: serverguide/C/security.xml:1499(command)
10524
msgid "sudo mkdir /etc/ssl/CA"
10525
msgstr "sudo mkdir /etc/ssl/CA"
10526
10527
#: serverguide/C/security.xml:1500(command)
10528
msgid "sudo mkdir /etc/ssl/newcerts"
10529
msgstr "sudo mkdir /etc/ssl/newcerts"
10530
10531
#: serverguide/C/security.xml:1506(para)
10532
msgid ""
10533
"The CA needs a few additional files to operate, one to keep track of the "
10534
"last serial number used by the CA, each certificate must have a unique "
10535
"serial number, and another file to record which certificates have been "
10536
"issued:"
10537
msgstr ""
10538
10539
#: serverguide/C/security.xml:1513(command)
10540
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10541
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10542
10543
#: serverguide/C/security.xml:1514(command)
10544
msgid "sudo touch /etc/ssl/CA/index.txt"
10545
msgstr "sudo touch /etc/ssl/CA/index.txt"
10546
10547
#: serverguide/C/security.xml:1520(para)
10548
msgid ""
10549
"The third file is a CA configuration file. Though not strictly necessary, it "
10550
"is very convenient when issuing multiple certificates. Edit "
10551
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
10552
"]</emphasis> change:"
10553
msgstr ""
10554
10555
#: serverguide/C/security.xml:1526(programlisting)
10556
#, no-wrap
10557
msgid ""
10558
"\n"
10559
"dir = /etc/ssl/ # Where everything is kept\n"
10560
"database = $dir/CA/index.txt # database index file.\n"
10561
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10562
"serial = $dir/CA/serial # The current serial number\n"
10563
"private_key = $dir/private/cakey.pem# The private key\n"
10564
msgstr ""
10565
"\n"
10566
"dir = /etc/ssl/ # Where everything is kept\n"
10567
"database = $dir/CA/index.txt # database index file.\n"
10568
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10569
"serial = $dir/CA/serial # The current serial number\n"
10570
"private_key = $dir/private/cakey.pem# The private key\n"
10571
10572
#: serverguide/C/security.xml:1537(para)
10573
msgid "Next, create the self-singed root certificate:"
10574
msgstr "接下来,创建自签根证书:"
10575
10576
#: serverguide/C/security.xml:1542(command)
10577
msgid ""
10578
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10579
"days 3650"
10580
msgstr ""
10581
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10582
"days 3650"
10583
10584
#: serverguide/C/security.xml:1545(para)
10585
msgid "You will then be asked to enter the details about the certificate."
10586
msgstr "您将被要求输入关于证书的详情。"
10587
10588
#: serverguide/C/security.xml:1552(para)
10589
msgid "Now install the root certificate and key:"
10590
msgstr "现在安装根证书和钥匙:"
10591
10592
#: serverguide/C/security.xml:1557(command)
10593
msgid "sudo mv cakey.pem /etc/ssl/private/"
10594
msgstr "sudo mv cakey.pem /etc/ssl/private/"
10595
10596
#: serverguide/C/security.xml:1558(command)
10597
msgid "sudo mv cacert.pem /etc/ssl/certs/"
10598
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
10599
10600
#: serverguide/C/security.xml:1564(para)
10601
msgid ""
10602
"You are now ready to start signing certificates. The first item needed is a "
10603
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
10604
"for details. Once you have a CSR, enter the following to generate a "
10605
"certificate signed by the CA:"
10606
msgstr ""
10607
10608
#: serverguide/C/security.xml:1571(command)
10609
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10610
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10611
10612
#: serverguide/C/security.xml:1574(para)
10613
msgid ""
10614
"After entering the password for the CA key, you will be prompted to sign the "
10615
"certificate, and again to commit the new certificate. You should then see a "
10616
"somewhat large amount of output related to the certificate creation."
10617
msgstr ""
10618
10619
#: serverguide/C/security.xml:1583(para)
10620
msgid ""
10621
"There should now be a new file, "
10622
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
10623
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
10624
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
10625
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
10626
"the server where the certificate will be installed. For example "
10627
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
10628
msgstr ""
10629
10630
#: serverguide/C/security.xml:1591(para)
10631
msgid ""
10632
"Subsequent certificates will be named <filename>02.pem</filename>, "
10633
"<filename>03.pem</filename>, etc."
10634
msgstr ""
10635
"随后产生的证书将被命名为<filename>02.pem</filename>, <filename>03.pem</filename>,等等。"
10636
10637
#: serverguide/C/security.xml:1596(para)
10638
msgid ""
10639
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
10640
"name."
10641
msgstr "用你自己具有描述性的名字来替代<emphasis>mail.example.com.crt</emphasis>。"
10642
10643
#: serverguide/C/security.xml:1604(para)
10644
msgid ""
10645
"Finally, copy the new certificate to the host that needs it, and configure "
10646
"the appropriate applications to use it. The default location to install "
10647
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
10648
"enables multiple services to use the same certificate without overly "
10649
"complicated file permissions."
10650
msgstr ""
10651
10652
#: serverguide/C/security.xml:1610(para)
10653
msgid ""
10654
"For applications that can be configured to use a CA certificate, you should "
10655
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
10656
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
10657
"server."
10658
msgstr ""
10659
10660
#: serverguide/C/security.xml:1624(para)
10661
msgid ""
10662
"For more detailed instructions on using cryptography see the <ulink "
10663
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
10664
"Certificates HOWTO</ulink> by tlpd.org"
10665
msgstr ""
10666
"要得到更多关于加密的指导,请参阅由tlpd.org编写的<ulink url=\"http://tldp.org/HOWTO/SSL-"
10667
"Certificates-HOWTO/index.html\">SSL Certificates HOWTO</ulink>。"
10668
10669
#: serverguide/C/security.xml:1630(para)
10670
msgid ""
10671
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
10672
"of Certificate Authorities."
10673
msgstr ""
10674
10675
#: serverguide/C/security.xml:1635(para)
10676
msgid ""
10677
"The Wikipedia <ulink "
10678
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
10679
"information regarding HTTPS."
10680
msgstr ""
10681
"维基上关于<ulink "
10682
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink>的页面有更多关于HTTPS的信息。"
10683
10684
#: serverguide/C/security.xml:1640(para)
10685
msgid ""
10686
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
10687
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
10688
msgstr ""
10689
"更多关于 <emphasis>OpenSSL</emphasis> 的信息,请参阅 <ulink "
10690
"url=\"http://www.openssl.org/\">OpenSSL 主页</ulink>。"
10691
10692
#: serverguide/C/security.xml:1645(para)
10693
msgid ""
10694
"Also, O'Reilly's <ulink "
10695
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
10696
"OpenSSL</ulink> is a good in depth reference."
10697
msgstr ""
10698
10699
#: serverguide/C/security.xml:1654(title)
10700
msgid "eCryptfs"
10701
msgstr "eCryptfs"
10702
10703
#: serverguide/C/security.xml:1656(para)
10704
msgid ""
10705
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
10706
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
10707
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
10708
"filesystem, partition type, etc."
10709
msgstr ""
10710
10711
#: serverguide/C/security.xml:1662(para)
10712
msgid ""
10713
"During installation there is an option to encrypt the <filename "
10714
"role=\"directory\">/home</filename> partition. This will automatically "
10715
"configure everything needed to encrypt and mount the partition."
10716
msgstr ""
10717
"在安装过程中有一个加密 <filename role=\"directory\">/home</filename> "
10718
"分区的选项,该选项会自动完成有关加密及挂载该分区的所有配置。"
10719
10720
#: serverguide/C/security.xml:1667(para)
10721
msgid ""
10722
"As an example, this section will cover configuring <filename "
10723
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
10724
msgstr ""
10725
"作为一个例子,本节将涵盖如何使用 eCryptfs 来加密 <filename role=\"directory\">/srv</filename> "
10726
"的内容。"
10727
10728
#: serverguide/C/security.xml:1672(title)
10729
msgid "Using eCryptfs"
10730
msgstr "使用 eCryptfs"
10731
10732
#: serverguide/C/security.xml:1674(para)
10733
msgid "First, install the necessary packages. From a terminal prompt enter:"
10734
msgstr "首先,安装必要的软件包。在终端输入:"
10735
10736
#: serverguide/C/security.xml:1679(command)
10737
msgid "sudo apt-get install ecryptfs-utils"
10738
msgstr "sudo apt-get install ecryptfs-utils"
10739
10740
#: serverguide/C/security.xml:1682(para)
10741
msgid "Now mount the partition to be encrypted:"
10742
msgstr "现在挂载要加密的分区:"
10743
10744
#: serverguide/C/security.xml:1687(command)
10745
msgid "sudo mount -t ecryptfs /srv /srv"
10746
msgstr "sudo mount -t ecryptfs /srv /srv"
10747
10748
#: serverguide/C/security.xml:1690(para)
10749
msgid ""
10750
"You will then be prompted for some details on how "
10751
"<application>ecryptfs</application> should encrypt the data."
10752
msgstr "你接下来会看到有关<application>ecryptfs</application>如何加密数据的详细信息。"
10753
10754
#: serverguide/C/security.xml:1694(para)
10755
msgid ""
10756
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
10757
"copy the <filename>/etc/default</filename> folder to "
10758
"<filename>/srv</filename>:"
10759
msgstr ""
10760
"要测试<filename>/srv</filename>内的文件是否确实已加密,将文件夹<filename>/etc/default</filename>"
10761
"复制到<filename>/srv</filename>:"
10762
10763
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
10764
msgid "sudo cp -r /etc/default /srv"
10765
msgstr "sudo cp -r /etc/default /srv"
10766
10767
#: serverguide/C/security.xml:1703(para)
10768
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
10769
msgstr "现在卸载<filename>/srv</filename>,并尝试查看一个文件:"
10770
10771
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
10772
msgid "sudo umount /srv"
10773
msgstr "sudo umount /srv"
10774
10775
#: serverguide/C/security.xml:1709(command)
10776
msgid "cat /srv/default/cron"
10777
msgstr "cat /srv/default/cron"
10778
10779
#: serverguide/C/security.xml:1712(para)
10780
msgid ""
10781
"Remounting <filename>/srv</filename> using "
10782
"<application>ecryptfs</application> will make the data viewable once again."
10783
msgstr ""
10784
"再次使用<application>ecryptfs</application>挂载<filename>/srv</filename>将会让数据再次可查看。"
10785
10786
#: serverguide/C/security.xml:1718(title)
10787
msgid "Automatically Mounting Encrypted Partitions"
10788
msgstr "自动挂载加密分区"
10789
10790
#: serverguide/C/security.xml:1720(para)
10791
msgid ""
10792
"There are a couple of ways to automatically mount an "
10793
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10794
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10795
"mount options, along with a passphrase file residing on a USB key."
10796
msgstr ""
10797
"要在启动时加载 <application>ecryptfs</application> "
10798
"加密文件系统,有几种不同的方式。在本例中,我们将使用一个包含挂载选项的 <filename>/root/.ecryptfsrc</filename> "
10799
"文件,和一个保存在 USB 设备上的密码文件。"
10800
10801
#: serverguide/C/security.xml:1726(para)
10802
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10803
msgstr "首先,创建<filename>/root/.ecryptfsrc</filename>,并加入:"
10804
10805
#: serverguide/C/security.xml:1730(programlisting)
10806
#, no-wrap
10807
msgid ""
10808
"\n"
10809
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10810
"ecryptfs_sig=5826dd62cf81c615\n"
10811
"ecryptfs_cipher=aes\n"
10812
"ecryptfs_key_bytes=16\n"
10813
"ecryptfs_passthrough=n\n"
10814
"ecryptfs_enable_filename_crypto=n\n"
10815
msgstr ""
10816
"\n"
10817
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10818
"ecryptfs_sig=5826dd62cf81c615\n"
10819
"ecryptfs_cipher=aes\n"
10820
"ecryptfs_key_bytes=16\n"
10821
"ecryptfs_passthrough=n\n"
10822
"ecryptfs_enable_filename_crypto=n\n"
10823
10824
#: serverguide/C/security.xml:1740(para)
10825
msgid ""
10826
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10827
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10828
msgstr ""
10829
10830
#: serverguide/C/security.xml:1745(para)
10831
msgid ""
10832
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10833
"file:"
10834
msgstr ""
10835
10836
#: serverguide/C/security.xml:1749(programlisting)
10837
#, no-wrap
10838
msgid ""
10839
"\n"
10840
"passphrase_passwd=[secrets]\n"
10841
msgstr ""
10842
"\n"
10843
"passphrase_passwd=[secrets]\n"
10844
10845
#: serverguide/C/security.xml:1753(para)
10846
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10847
msgstr "现在将相应字段加入到<filename>/etc/fstab</filename>:"
10848
10849
#: serverguide/C/security.xml:1757(programlisting)
10850
#, no-wrap
10851
msgid ""
10852
"\n"
10853
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10854
"/srv /srv ecryptfs defaults 0 0\n"
10855
msgstr ""
10856
"\n"
10857
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10858
"/srv /srv ecryptfs defaults 0 0\n"
10859
10860
#: serverguide/C/security.xml:1762(para)
10861
msgid "Make sure the USB drive is mounted before the encrypted partition."
10862
msgstr "确信USB驱动器在加密分区之前得到挂载。"
10863
10864
#: serverguide/C/security.xml:1766(para)
10865
msgid ""
10866
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10867
"ecryptfs."
10868
msgstr "最后,重启,<filename>/srv</filename>应该已经使用ecryptfs挂载了。"
10869
10870
#: serverguide/C/security.xml:1774(para)
10871
msgid ""
10872
"The <application>ecryptfs-utils</application> package includes several other "
10873
"useful utilities:"
10874
msgstr "<application>ecryptfs-utils</application>软件包包含几个其它的有用工具:"
10875
10876
#: serverguide/C/security.xml:1780(para)
10877
msgid ""
10878
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10879
"<filename>~/Private</filename> directory to contain encrypted information. "
10880
"This utility can be run by unprivileged users to keep data private from "
10881
"other users on the system."
10882
msgstr ""
10883
10884
#: serverguide/C/security.xml:1787(para)
10885
msgid ""
10886
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10887
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10888
"directory."
10889
msgstr ""
10890
10891
#: serverguide/C/security.xml:1793(para)
10892
msgid ""
10893
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10894
"kernel keyring."
10895
msgstr ""
10896
10897
#: serverguide/C/security.xml:1798(para)
10898
msgid ""
10899
"<emphasis>ecryptfs-manager:</emphasis> manages "
10900
"<application>eCryptfs</application> objects such as keys."
10901
msgstr ""
10902
10903
#: serverguide/C/security.xml:1803(para)
10904
msgid ""
10905
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10906
"<application>ecryptfs</application> meta information for a file."
10907
msgstr ""
10908
10909
#: serverguide/C/security.xml:1816(para)
10910
msgid ""
10911
"For more information on eCryptfs see the <ulink "
10912
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10913
msgstr ""
10914
10915
#: serverguide/C/security.xml:1821(para)
10916
msgid ""
10917
"There is also a <ulink "
10918
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10919
"article covering eCryptfs."
10920
msgstr ""
10921
"在<ulink url=\"http://www.linuxjournal.com/article/9400\">Linux "
10922
"Journal</ulink> 上也有关于eCryptfs的文章。"
10923
10924
#: serverguide/C/security.xml:1826(para)
10925
msgid ""
10926
"Also, for more <application>ecryptfs</application> options see the <ulink "
10927
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
10928
"ecryptfs man page</ulink>."
10929
msgstr ""
10930
10931
#: serverguide/C/security.xml:1832(para)
10932
msgid ""
10933
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10934
"Ubuntu Wiki</ulink> page also has more details."
10935
msgstr ""
10936
10937
#: serverguide/C/reporting-bugs.xml:13(title)
10938
msgid "Appendix"
10939
msgstr ""
10940
10941
#: serverguide/C/reporting-bugs.xml:16(title)
10942
msgid "Reporting Bugs in Ubuntu Server Edition"
10943
msgstr ""
10944
10945
#: serverguide/C/reporting-bugs.xml:18(para)
10946
msgid ""
10947
"While the Ubuntu Project attempts to release software with as few bugs as "
10948
"possible, they do occur. You can help fix these bugs by reporting ones that "
10949
"you find to the project. The Ubuntu Project uses <ulink "
10950
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10951
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10952
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10953
"account</ulink>."
10954
msgstr ""
10955
10956
#: serverguide/C/reporting-bugs.xml:30(title)
10957
msgid "Reporting Bugs With ubuntu-bug"
10958
msgstr ""
10959
10960
#: serverguide/C/reporting-bugs.xml:32(para)
10961
msgid ""
10962
"The preferred way to report a bug is with the <application>ubuntu-"
10963
"bug</application> command. The ubuntu-bug tool gathers information about the "
10964
"system useful to developers in diagnosing the reported problem that will "
10965
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10966
"need to be filed against a specific software package, thus the name of the "
10967
"package that the bug occurs in needs to be given to ubuntu-bug:"
10968
msgstr ""
10969
10970
#: serverguide/C/reporting-bugs.xml:43(command)
10971
msgid "ubuntu-bug PACKAGENAME"
10972
msgstr ""
10973
10974
#: serverguide/C/reporting-bugs.xml:46(para)
10975
msgid ""
10976
"For example, to file a bug against the openssh-server package, you would do:"
10977
msgstr ""
10978
10979
#: serverguide/C/reporting-bugs.xml:51(command)
10980
msgid "ubuntu-bug openssh-server"
10981
msgstr ""
10982
10983
#: serverguide/C/reporting-bugs.xml:54(para)
10984
msgid ""
10985
"You can specify either a binary package or the source package for ubuntu-"
10986
"bug. Again using openssh-server as an example, you could also generate the "
10987
"report against the source package for openssh-server, openssh:"
10988
msgstr ""
10989
10990
#: serverguide/C/reporting-bugs.xml:62(command)
10991
msgid "ubuntu-bug openssh"
10992
msgstr ""
10993
10994
#: serverguide/C/reporting-bugs.xml:66(para)
10995
msgid ""
10996
"See <xref linkend=\"package-management\"/> for more information about "
10997
"packages in Ubuntu."
10998
msgstr ""
10999
11000
#: serverguide/C/reporting-bugs.xml:72(para)
11001
msgid ""
11002
"The ubuntu-bug command will gather information about the system in question, "
11003
"possibly including information specific to the specified package, and then "
11004
"ask you what you would like to do with collected information:"
11005
msgstr ""
11006
11007
#: serverguide/C/reporting-bugs.xml:80(command)
11008
msgid "ubuntu-bug postgresql"
11009
msgstr ""
11010
11011
#: serverguide/C/reporting-bugs.xml:79(screen)
11012
#, no-wrap
11013
msgid ""
11014
"\n"
11015
"<placeholder-1/>\n"
11016
"\n"
11017
"*** Collecting problem information\n"
11018
"\n"
11019
"The collected information can be sent to the developers to improve the\n"
11020
"application. This might take a few minutes.\n"
11021
"..........\n"
11022
"\n"
11023
"*** Send problem report to the developers?\n"
11024
"\n"
11025
"After the problem report has been sent, please fill out the form in the\n"
11026
"automatically opened web browser.\n"
11027
"\n"
11028
"What would you like to do? Your options are:\n"
11029
" S: Send report (1.7 KiB)\n"
11030
" V: View report\n"
11031
" K: Keep report file for sending later or copying to somewhere else\n"
11032
" C: Cancel\n"
11033
"Please choose (S/V/K/C):\n"
11034
msgstr ""
11035
11036
#: serverguide/C/reporting-bugs.xml:101(para)
11037
msgid "The options available are:"
11038
msgstr ""
11039
11040
#: serverguide/C/reporting-bugs.xml:108(para)
11041
msgid ""
11042
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
11043
"the collected information to Launchpad as part of the the process of filing "
11044
"a bug report. You will be given the opportunity to describe the situation "
11045
"that led up to the occurrence of the bug."
11046
msgstr ""
11047
11048
#: serverguide/C/reporting-bugs.xml:115(screen)
11049
#, no-wrap
11050
msgid ""
11051
"\n"
11052
"*** Uploading problem information\n"
11053
"\n"
11054
"The collected information is being sent to the bug tracking system.\n"
11055
"This might take a few minutes.\n"
11056
"91%\n"
11057
"\n"
11058
"*** To continue, you must visit the following URL:\n"
11059
"\n"
11060
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
11061
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
11062
"\n"
11063
"You can launch a browser now, or copy this URL into a browser on another\n"
11064
"computer.\n"
11065
"\n"
11066
"Choices:\n"
11067
" 1: Launch a browser now\n"
11068
" C: Cancel\n"
11069
"Please choose (1/C):\n"
11070
msgstr ""
11071
11072
#: serverguide/C/reporting-bugs.xml:135(para)
11073
msgid ""
11074
"If you choose to start a browser, by default the text based web browser "
11075
"<application>w3m</application> will be used to finish filing the bug report. "
11076
"Alternately, you can copy the given URL to a currently running web browser."
11077
msgstr ""
11078
11079
#: serverguide/C/reporting-bugs.xml:144(para)
11080
msgid ""
11081
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
11082
"the collected information to be displayed to the terminal for review."
11083
msgstr ""
11084
11085
#: serverguide/C/reporting-bugs.xml:150(screen)
11086
#, no-wrap
11087
msgid ""
11088
"\n"
11089
"Package: postgresql 8.4.2-2\n"
11090
"PackageArchitecture: all\n"
11091
"Tags: lucid\n"
11092
"ProblemType: Bug\n"
11093
"ProcEnviron:\n"
11094
" LANG=en_US.UTF-8\n"
11095
" SHELL=/bin/bash\n"
11096
"Uname: Linux 2.6.32-16-server x86_64\n"
11097
"Dependencies:\n"
11098
" adduser 3.112ubuntu1\n"
11099
" base-files 5.0.0ubuntu10\n"
11100
" base-passwd 3.5.22\n"
11101
" coreutils 7.4-2ubuntu2\n"
11102
"...\n"
11103
msgstr ""
11104
11105
#: serverguide/C/reporting-bugs.xml:167(para)
11106
msgid ""
11107
"After viewing the report, you will be brought back to the same menu asking "
11108
"what you would like to do with the report."
11109
msgstr ""
11110
11111
#: serverguide/C/reporting-bugs.xml:174(para)
11112
msgid ""
11113
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
11114
"File causes the gathered information to be written to a file. This file can "
11115
"then be used to later file a bug report or transferred to a different Ubuntu "
11116
"system for reporting. To submit the report file, simply give it as an "
11117
"argument to the ubuntu-bug command:"
11118
msgstr ""
11119
11120
#: serverguide/C/reporting-bugs.xml:189(userinput)
11121
#, no-wrap
11122
msgid "k"
11123
msgstr ""
11124
11125
#: serverguide/C/reporting-bugs.xml:192(command)
11126
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
11127
msgstr ""
11128
11129
#: serverguide/C/reporting-bugs.xml:183(screen)
11130
#, no-wrap
11131
msgid ""
11132
"\n"
11133
"What would you like to do? Your options are:\n"
11134
" S: Send report (1.7 KiB)\n"
11135
" V: View report\n"
11136
" K: Keep report file for sending later or copying to somewhere else\n"
11137
" C: Cancel\n"
11138
"Please choose (S/V/K/C): <placeholder-1/>\n"
11139
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
11140
"\n"
11141
"<placeholder-2/>\n"
11142
"\n"
11143
"*** Send problem report to the developers?\n"
11144
"...\n"
11145
msgstr ""
11146
11147
#: serverguide/C/reporting-bugs.xml:200(para)
11148
msgid ""
11149
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
11150
"collected information to be discarded."
11151
msgstr ""
11152
11153
#: serverguide/C/reporting-bugs.xml:210(title)
11154
msgid "Reporting Application Crashes"
11155
msgstr ""
11156
11157
#: serverguide/C/reporting-bugs.xml:212(para)
11158
msgid ""
11159
"The software package that provides the ubuntu-bug utility, "
11160
"<application>apport</application>, can be configured to trigger when "
11161
"applications crash. This is disabled by default, as capturing a crash can be "
11162
"resource intensive depending on how much memory the application that crashed "
11163
"was using as apport captures and processes the core dump."
11164
msgstr ""
11165
11166
#: serverguide/C/reporting-bugs.xml:221(para)
11167
msgid ""
11168
"Configuring apport to capture information about crashing applications "
11169
"requires a couple of steps. First, <application>gdb</application> needs to "
11170
"be installed; it is not installed by default in Ubuntu Server Edition."
11171
msgstr ""
11172
11173
#: serverguide/C/reporting-bugs.xml:229(command)
11174
msgid "sudo apt-get install gdb"
11175
msgstr ""
11176
11177
#: serverguide/C/reporting-bugs.xml:232(para)
11178
msgid ""
11179
"See <xref linkend=\"package-management\"/> for more information about "
11180
"managing packages in Ubuntu."
11181
msgstr ""
11182
11183
#: serverguide/C/reporting-bugs.xml:237(para)
11184
msgid ""
11185
"Once you have ensured that gdb is installed, open the file "
11186
"<filename>/etc/default/apport</filename> in your text editor, and change the "
11187
"<emphasis>enabled</emphasis> setting to be <emphasis "
11188
"role=\"bold\">1</emphasis> like so:"
11189
msgstr ""
11190
11191
#: serverguide/C/reporting-bugs.xml:244(programlisting)
11192
#, no-wrap
11193
msgid ""
11194
"\n"
11195
"# set this to 0 to disable apport, or to 1 to enable it\n"
11196
"# you can temporarily override this with\n"
11197
"# sudo service apport start force_start=1\n"
11198
"enabled=<userinput>1</userinput>\n"
11199
"\n"
11200
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
11201
"maxsize=209715200\n"
11202
msgstr ""
11203
11204
#: serverguide/C/reporting-bugs.xml:254(para)
11205
msgid ""
11206
"Once you have completed editing <filename>/etc/default/apport</filename>, "
11207
"start the apport service:"
11208
msgstr ""
11209
11210
#: serverguide/C/reporting-bugs.xml:261(command)
11211
msgid "sudo start apport"
11212
msgstr ""
11213
11214
#: serverguide/C/reporting-bugs.xml:264(para)
11215
msgid ""
11216
"After an application crashes, use the <application>apport-cli</application> "
11217
"command to search for the existing saved crash report information:"
11218
msgstr ""
11219
11220
#: serverguide/C/reporting-bugs.xml:271(command)
11221
msgid "apport-cli"
11222
msgstr ""
11223
11224
#: serverguide/C/reporting-bugs.xml:270(screen)
11225
#, no-wrap
11226
msgid ""
11227
"\n"
11228
"<placeholder-1/>\n"
11229
"\n"
11230
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
11231
"\n"
11232
"If you were not doing anything confidential (entering passwords or other\n"
11233
"private information), you can help to improve the application by\n"
11234
"reporting\n"
11235
"the problem.\n"
11236
"\n"
11237
"What would you like to do? Your options are:\n"
11238
" R: Report Problem...\n"
11239
" I: Cancel and ignore future crashes of this program version\n"
11240
" C: Cancel\n"
11241
"Please choose (R/I/C):\n"
11242
msgstr ""
11243
11244
#: serverguide/C/reporting-bugs.xml:287(para)
11245
msgid ""
11246
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
11247
"steps as when using ubuntu-bug. One important difference is that a crash "
11248
"report will be marked as private when filed on Launchpad, meaning that it "
11249
"will be visible to only a limited set of bug triagers. These triagers will "
11250
"review the gathered data for private information before making the bug "
11251
"report publicly visible."
11252
msgstr ""
11253
11254
#: serverguide/C/reporting-bugs.xml:307(para)
11255
msgid ""
11256
"See the <ulink "
11257
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
11258
"Bugs</ulink> Ubuntu wiki page."
11259
msgstr ""
11260
11261
#: serverguide/C/reporting-bugs.xml:313(para)
11262
msgid ""
11263
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
11264
"has some useful information. Though some of it pertains to using a GUI."
11265
msgstr ""
11266
11267
#: serverguide/C/remote-administration.xml:13(title)
11268
msgid "Remote Administration"
11269
msgstr "远程管理"
11270
11271
#: serverguide/C/remote-administration.xml:14(para)
11272
msgid ""
11273
"There are many ways to remotely administer a Linux server. This chapter will "
11274
"cover one of the most popular <application>OpenSSH</application>."
11275
msgstr ""
11276
11277
#: serverguide/C/remote-administration.xml:22(para)
11278
msgid ""
11279
"This section of the Ubuntu Server Guide introduces a powerful collection of "
11280
"tools for the remote control of networked computers and transfer of data "
11281
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
11282
"also learn about some of the configuration settings possible with the "
11283
"OpenSSH server application and how to change them on your Ubuntu system."
11284
msgstr ""
11285
"Ubuntu 服务器指南中的本节内容将介绍一个用于远程控制联网计算机及在联网计算机之间传输数据的功能强大的工具集合,称为 "
11286
"<emphasis>OpenSSH</emphasis>。您还会学到一些可用于 OpenSSH 服务器应用程序的配置设置,以及如何在您的 Ubuntu "
11287
"系统中改变它们。"
11288
11289
#: serverguide/C/remote-administration.xml:29(para)
11290
msgid ""
11291
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
11292
"family of tools for remotely controlling a computer or transferring files "
11293
"between computers. Traditional tools used to accomplish these functions, "
11294
"such as <application>telnet</application> or <application>rcp</application>, "
11295
"are insecure and transmit the user's password in cleartext when used. "
11296
"OpenSSH provides a server daemon and client tools to facilitate secure, "
11297
"encrypted remote control and file transfer operations, effectively replacing "
11298
"the legacy tools."
11299
msgstr ""
11300
"OpenSSH 是Secure Shell (SSH) "
11301
"协议工具集中的一个自由可用的版本,用以远程控制一台计算机或在计算机之间传输文件。完成这些功能的传统工具,如 "
11302
"<application>telnet</application> 或 <application>rcp</application> "
11303
"等,是不安全的,它们在使用时用明文来传输用户的密码。OpenSSH "
11304
"提供一个服务器守护程序和客户端工具来保障安全、加密的远程控制和文件传输操作,以有效地取代传统的工具。"
11305
11306
#: serverguide/C/remote-administration.xml:38(para)
11307
msgid ""
11308
"The OpenSSH server component, <application>sshd</application>, listens "
11309
"continuously for client connections from any of the client tools. When a "
11310
"connection request occurs, <application>sshd</application> sets up the "
11311
"correct connection depending on the type of client tool connecting. For "
11312
"example, if the remote computer is connecting with the "
11313
"<application>ssh</application> client application, the OpenSSH server sets "
11314
"up a remote control session after authentication. If a remote user connects "
11315
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
11316
"daemon initiates a secure copy of files between the server and client after "
11317
"authentication. OpenSSH can use many authentication methods, including plain "
11318
"password, public key, and <application>Kerberos</application> tickets."
11319
msgstr ""
11320
"OpenSSH 服务器组组件 <application>sshd</application> "
11321
"持续监听来自任何客户端工具的连接请求。当一个连接请求发生时,<application>sshd</application> "
11322
"根据客户端连接的类型来设置当前连接。例如,如果远程计算机是通过 <application>ssh</application> "
11323
"客户端应用程序来连接的话,OpenSSH 服务器将在认证之后设置一个远程控制会话。如果一个远程用户通过 "
11324
"<application>scp</application> 来连接 OpenSSH 服务器,OpenSSH "
11325
"服务器将在认证之后开始服务器和客户机之间的安全文件拷贝。OpenSSH "
11326
"可以支持多种认证模式,包括纯密码、公钥以及<application>Kerberos</application> 票据。"
11327
11328
#: serverguide/C/remote-administration.xml:52(para)
11329
msgid ""
11330
"Installation of the OpenSSH client and server applications is simple. To "
11331
"install the OpenSSH client applications on your Ubuntu system, use this "
11332
"command at a terminal prompt:"
11333
msgstr ""
11334
"OpenSSH 客户端及服务器应用程序的安装是简单的。要在您 Ubuntu 系统中安装 OpenSSH 客户端应用程序,可以在终端提示符后使用以下命令:"
11335
11336
#: serverguide/C/remote-administration.xml:58(command)
11337
msgid "sudo apt-get install openssh-client"
11338
msgstr "sudo apt-get install openssh-client"
11339
11340
#: serverguide/C/remote-administration.xml:60(para)
11341
msgid ""
11342
"To install the OpenSSH server application, and related support files, use "
11343
"this command at a terminal prompt:"
11344
msgstr "要安装 OpenSSH 服务器应用程序及相关的支持文件,可以在终端提示符后使用以下命令:"
11345
11346
#: serverguide/C/remote-administration.xml:65(command)
11347
msgid "sudo apt-get install openssh-server"
11348
msgstr "sudo apt-get install openssh-server"
11349
11350
#: serverguide/C/remote-administration.xml:67(para)
11351
msgid ""
11352
"The <application>openssh-server</application> package can also be selected "
11353
"to install during the Server Edition installation process."
11354
msgstr ""
11355
11356
#: serverguide/C/remote-administration.xml:74(para)
11357
msgid ""
11358
"You may configure the default behavior of the OpenSSH server application, "
11359
"<application>sshd</application>, by editing the file "
11360
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
11361
"configuration directives used in this file, you may view the appropriate "
11362
"manual page with the following command, issued at a terminal prompt:"
11363
msgstr ""
11364
"您可以通过编辑 <filename>/etc/ssh/sshd_config</filename> 文件来配置 OpenSSH "
11365
"服务器应用程序的缺省过程。关于该文件中使用的配置语句信息,您可以在终端提示符后运行下列命令来查阅相应的手册页:"
11366
11367
#: serverguide/C/remote-administration.xml:82(command)
11368
msgid "man sshd_config"
11369
msgstr "man sshd_config"
11370
11371
#: serverguide/C/remote-administration.xml:84(para)
11372
msgid ""
11373
"There are many directives in the <application>sshd</application> "
11374
"configuration file controlling such things as communication settings and "
11375
"authentication modes. The following are examples of configuration directives "
11376
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
11377
"file."
11378
msgstr ""
11379
11380
#: serverguide/C/remote-administration.xml:91(para)
11381
msgid ""
11382
"Prior to editing the configuration file, you should make a copy of the "
11383
"original file and protect it from writing so you will have the original "
11384
"settings as a reference and to reuse as necessary."
11385
msgstr "在编辑配置文件之前,您应该生成一个原始文件的拷贝并对其写保护,以便您可以参考原始文件并在必要时重用它。"
11386
11387
#: serverguide/C/remote-administration.xml:95(para)
11388
msgid ""
11389
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
11390
"writing with the following commands, issued at a terminal prompt:"
11391
msgstr ""
11392
"拷贝 <filename>/etc/ssh/sshd_config</filename> 文件并对其写保护可以通过在终端提示符后运行下列命令:"
11393
11394
#: serverguide/C/remote-administration.xml:100(command)
11395
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
11396
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
11397
11398
#: serverguide/C/remote-administration.xml:101(command)
11399
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
11400
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
11401
11402
#: serverguide/C/remote-administration.xml:103(para)
11403
msgid ""
11404
"The following are examples of configuration directives you may change:"
11405
msgstr "以下是您可能更改配置语句的范例:"
11406
11407
#: serverguide/C/remote-administration.xml:108(para)
11408
msgid ""
11409
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
11410
"port 22, change the Port directive as such:"
11411
msgstr "要设置您 OpenSSH 在 TCP 2222 端口而不是缺省的 TCP 20 端口监听,可以如下使用改变 Port 语句:"
11412
11413
#: serverguide/C/remote-administration.xml:112(para)
11414
msgid "Port 2222"
11415
msgstr "Port 2222"
11416
11417
#: serverguide/C/remote-administration.xml:117(para)
11418
msgid ""
11419
"To have <application>sshd</application> allow public key-based login "
11420
"credentials, simply add or modify the line:"
11421
msgstr "要让 <application>sshd</application> 允许基于公钥登录证书,可以简单添加或修改该行语句:"
11422
11423
#: serverguide/C/remote-administration.xml:121(para)
11424
msgid "PubkeyAuthentication yes"
11425
msgstr "PubkeyAuthentication yes"
11426
11427
#: serverguide/C/remote-administration.xml:124(para)
11428
msgid ""
11429
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
11430
"present, ensure the line is not commented out."
11431
msgstr ""
11432
11433
#: serverguide/C/remote-administration.xml:130(para)
11434
msgid ""
11435
"To make your OpenSSH server display the contents of the "
11436
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
11437
"or modify the line:"
11438
msgstr ""
11439
"要使您的 OpenSSH 服务器显示 <filename>/etc/issue.net</filename> 文件的内容以作为预登录 "
11440
"Banner,只需简单地将下行添加或修改:"
11441
11442
#: serverguide/C/remote-administration.xml:135(para)
11443
msgid "Banner /etc/issue.net"
11444
msgstr "Banner /etc/issue.net"
11445
11446
#: serverguide/C/remote-administration.xml:138(para)
11447
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
11448
msgstr "在 <filename>/etc/ssh/sshd_config</filename> 文件中。"
11449
11450
#: serverguide/C/remote-administration.xml:143(para)
11451
msgid ""
11452
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
11453
"save the file, and restart the <application>sshd</application> server "
11454
"application to effect the changes using the following command at a terminal "
11455
"prompt:"
11456
msgstr ""
11457
"在修改 <filename>/etc/ssh/sshd_config</filename> 文件之后,保存该文件并重启 "
11458
"<application>sshd</application> 服务器应用程序以使之生效。可以在终端提示符后使用下列命令:"
11459
11460
#: serverguide/C/remote-administration.xml:152(para)
11461
msgid ""
11462
"Many other configuration directives for <application>sshd</application> are "
11463
"available for changing the server application's behavior to fit your needs. "
11464
"Be advised, however, if your only method of access to a server is "
11465
"<application>ssh</application>, and you make a mistake in configuring "
11466
"<application>sshd</application> via the "
11467
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
11468
"out of the server upon restarting it, or that the "
11469
"<application>sshd</application> server refuses to start due to an incorrect "
11470
"configuration directive, so be extra careful when editing this file on a "
11471
"remote server."
11472
msgstr ""
11473
"许多其他的 <application>sshd</application> "
11474
"配置语句可以使服务器应用程序按您的要求运行。然而,给您一个忠告,如果您访问服务器的唯一方法就是使用 "
11475
"<application>ssh</application>,而且您在通过 "
11476
"<filename>/etc/ssh/sshd_config</filename> 文件来配置 "
11477
"<application>sshd</application> 时犯了一个错误,那么在重启该服务之后您可能会发现您被锁在服务器外面了,或者是 "
11478
"<application>sshd</application> 服务在处理一个不正确的配置语句时拒绝启用。因此当在远程服务器上编辑该文件时要格外的小心。"
11479
11480
#: serverguide/C/remote-administration.xml:167(title)
11481
msgid "SSH Keys"
11482
msgstr "SSH 钥匙"
11483
11484
#: serverguide/C/remote-administration.xml:168(para)
11485
msgid ""
11486
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
11487
"the need of a password. SSH key authentication uses two keys a "
11488
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
11489
msgstr ""
11490
11491
#: serverguide/C/remote-administration.xml:172(para)
11492
msgid "To generate the keys, from a terminal prompt enter:"
11493
msgstr "要生成一个密钥,在终端提示符下输入:"
11494
11495
#: serverguide/C/remote-administration.xml:176(command)
11496
msgid "ssh-keygen -t dsa"
11497
msgstr "ssh-keygen -t dsa"
11498
11499
#: serverguide/C/remote-administration.xml:178(para)
11500
msgid ""
11501
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
11502
"identity of the user. During the process you will be prompted for a "
11503
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
11504
"key."
11505
msgstr ""
11506
11507
#: serverguide/C/remote-administration.xml:182(para)
11508
msgid ""
11509
"By default the <emphasis>public</emphasis> key is saved in the file "
11510
"<filename>~/.ssh/id_dsa.pub</filename>, while "
11511
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
11512
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
11513
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
11514
msgstr ""
11515
11516
#: serverguide/C/remote-administration.xml:188(command)
11517
msgid "ssh-copy-id username@remotehost"
11518
msgstr "ssh-copy-id username@remotehost"
11519
11520
#: serverguide/C/remote-administration.xml:190(para)
11521
msgid ""
11522
"Finally, double check the permissions on the "
11523
"<filename>authorized_keys</filename> file, only the authenticated user "
11524
"should have read and write permissions. If the permissions are not correct "
11525
"change them by:"
11526
msgstr ""
11527
11528
#: serverguide/C/remote-administration.xml:195(command)
11529
msgid "chmod 600 .ssh/authorized_keys"
11530
msgstr ""
11531
11532
#: serverguide/C/remote-administration.xml:197(para)
11533
msgid ""
11534
"You should now be able to SSH to the host without being prompted for a "
11535
"password."
11536
msgstr "您现在应该可以通过 SSH 接入主机而不会被询问密码。"
11537
11538
#: serverguide/C/remote-administration.xml:206(para)
11539
msgid ""
11540
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
11541
"page."
11542
msgstr ""
11543
11544
#: serverguide/C/remote-administration.xml:212(ulink)
11545
msgid "OpenSSH Website"
11546
msgstr "OpenSSH 网站"
11547
11548
#: serverguide/C/remote-administration.xml:217(ulink)
11549
msgid "Advanced OpenSSH Wiki Page"
11550
msgstr "高级 OpenSSH 维基页"
11551
11552
#: serverguide/C/package-management.xml:13(title)
11553
msgid "Package Management"
11554
msgstr "包管理"
11555
11556
#: serverguide/C/package-management.xml:14(para)
11557
msgid ""
11558
"Ubuntu features a comprehensive package management system for the "
11559
"installation, upgrade, configuration, and removal of software. In addition "
11560
"to providing access to an organized base of over 24,000 software packages "
11561
"for your Ubuntu computer, the package management facilities also feature "
11562
"dependency resolution capabilities and software update checking."
11563
msgstr ""
11564
11565
#: serverguide/C/package-management.xml:16(para)
11566
msgid ""
11567
"Several tools are available for interacting with Ubuntu's package management "
11568
"system, from simple command-line utilities which may be easily automated by "
11569
"system administrators, to a simple graphical interface which is easy to use "
11570
"by those new to Ubuntu."
11571
msgstr ""
11572
"一些工具可以和 Ubuntu 包管理系统进行交互,从便于系统管理员做自动化处理的简单命令行工具到便于 Ubuntu 新手使用的简单图形界面。"
11573
11574
#: serverguide/C/package-management.xml:21(para)
11575
msgid ""
11576
"Ubuntu's package management system is derived from the same system used by "
11577
"the Debian GNU/Linux distribution. The package files contain all of the "
11578
"necessary files, meta-data, and instructions to implement a particular "
11579
"functionality or software application on your Ubuntu computer."
11580
msgstr ""
11581
"Ubuntu 的包管理系统是从 Debian GNU/Linux 发行版中洐生出来的。包文件包括在您 Ubuntu "
11582
"系统中实现特定功能或软件所必需的文件、元数据和指令。"
11583
11584
#: serverguide/C/package-management.xml:24(para)
11585
msgid ""
11586
"Debian package files typically have the extension '.deb', and typically "
11587
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
11588
"collections of packages found on various media, such as CD-ROM discs, or "
11589
"online. Packages are normally of the pre-compiled binary format; thus "
11590
"installation is quick and requires no compiling of software."
11591
msgstr ""
11592
"Debian 包文件一般用 '.deb' 作后缀,而且位于建立在不同介质上由包组成的 <emphasis "
11593
"role=\"italics\">软件库</emphasis> 中,这些介质包括 CD-ROM "
11594
"光盘和网站。包通常是预编译的二进制形式,因此安装速度快而且软件也无需编译。"
11595
11596
#: serverguide/C/package-management.xml:27(para)
11597
msgid ""
11598
"Many complex packages use the concept of <emphasis "
11599
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
11600
"packages required by the principal package in order to function properly. "
11601
"For example, the speech synthesis package "
11602
"<application>Festival</application> depends upon the package "
11603
"<application>libasound2</application>, which is a package supplying the "
11604
"<application>ALSA</application> sound library needed for audio playback. In "
11605
"order for <application>Festival</application> to function, it and all of its "
11606
"dependencies must be installed. The software management tools in Ubuntu will "
11607
"do this automatically."
11608
msgstr ""
11609
11610
#: serverguide/C/package-management.xml:32(title)
11611
msgid "dpkg"
11612
msgstr "dpkg"
11613
11614
#: serverguide/C/package-management.xml:34(para)
11615
msgid ""
11616
"<application>dpkg</application> is a package manager for "
11617
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
11618
"packages, but unlike other package management system's it can not "
11619
"automatically download and install packages and their dependencies. This "
11620
"section covers using <application>dpkg</application> to manage locally "
11621
"installed packages:"
11622
msgstr ""
11623
11624
#: serverguide/C/package-management.xml:43(para)
11625
msgid ""
11626
"To list all packages installed on the system, from a terminal prompt enter:"
11627
msgstr "要列出系统安装的所有软件包,请在终端提示符下输入:"
11628
11629
#: serverguide/C/package-management.xml:48(command)
11630
msgid "dpkg -l"
11631
msgstr "dpkg -l"
11632
11633
#: serverguide/C/package-management.xml:54(para)
11634
msgid ""
11635
"Depending on the amount of packages on your system, this can generate a "
11636
"large amount of output. Pipe the output through "
11637
"<application>grep</application> to see if a specific package is installed:"
11638
msgstr ""
11639
"根据您系统中安装的软件包数量,该命令可能会输出大量内容。要查询特定的软件包是否已经被安装,您应该将输出通过管道输送给 "
11640
"<application>grep</application> 命令。"
11641
11642
#: serverguide/C/package-management.xml:60(command)
11643
msgid "dpkg -l | grep apache2"
11644
msgstr "dpkg -l | grep apache2"
11645
11646
#: serverguide/C/package-management.xml:63(para)
11647
msgid ""
11648
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
11649
"package name, or other regular expression."
11650
msgstr ""
11651
11652
#: serverguide/C/package-management.xml:70(para)
11653
msgid ""
11654
"To list the files installed by a package, in this case the "
11655
"<application>ufw</application> package, enter:"
11656
msgstr ""
11657
11658
#: serverguide/C/package-management.xml:75(command)
11659
msgid "dpkg -L ufw"
11660
msgstr "dpkg -L ufw"
11661
11662
#: serverguide/C/package-management.xml:81(para)
11663
msgid ""
11664
"If you are not sure which package installed a file, <application>dpkg -"
11665
"S</application> may be able to tell you. For example:"
11666
msgstr ""
11667
11668
#: serverguide/C/package-management.xml:87(command)
11669
msgid "dpkg -S /etc/host.conf"
11670
msgstr "dpkg -S /etc/host.conf"
11671
11672
#: serverguide/C/package-management.xml:88(computeroutput)
11673
#, no-wrap
11674
msgid "base-files: /etc/host.conf"
11675
msgstr "base-files: /etc/host.conf"
11676
11677
#: serverguide/C/package-management.xml:91(para)
11678
msgid ""
11679
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
11680
"<application>base-files</application> package."
11681
msgstr ""
11682
"输出内容显示 <filename>/etc/host.conf</filename> 属于 <application>base-"
11683
"files</application> 软件包"
11684
11685
#: serverguide/C/package-management.xml:96(para)
11686
msgid ""
11687
"Many files are automatically generated during the package install process, "
11688
"and even though they are on the filesystem <command>dpkg -S</command> may "
11689
"not know which package they belong to."
11690
msgstr ""
11691
11692
#: serverguide/C/package-management.xml:105(para)
11693
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
11694
msgstr "安装一个本地的 <emphasis>.deb</emphasis> 文件,您可以输入:"
11695
11696
#: serverguide/C/package-management.xml:110(command)
11697
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
11698
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
11699
11700
#: serverguide/C/package-management.xml:113(para)
11701
msgid ""
11702
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
11703
"the local .deb file."
11704
msgstr ""
11705
11706
#: serverguide/C/package-management.xml:120(para)
11707
msgid "Uninstalling a package can be accomplished by:"
11708
msgstr ""
11709
11710
#: serverguide/C/package-management.xml:125(command)
11711
msgid "sudo dpkg -r zip"
11712
msgstr "sudo dpkg -r zip"
11713
11714
#: serverguide/C/package-management.xml:129(para)
11715
msgid ""
11716
"Uninstalling packages using <application>dpkg</application>, in most cases, "
11717
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
11718
"manager that handles dependencies, to ensure that the system is in a "
11719
"consistent state. For example using <command>dpkg -r</command> you can "
11720
"remove the <application>zip</application> package, but any packages that "
11721
"depend on it will still be installed and may no longer function correctly."
11722
msgstr ""
11723
11724
#: serverguide/C/package-management.xml:140(para)
11725
msgid ""
11726
"For more <application>dpkg</application> options see the man page: "
11727
"<command>man dpkg</command>."
11728
msgstr ""
11729
11730
#: serverguide/C/package-management.xml:146(title)
11731
msgid "Apt-Get"
11732
msgstr "Apt-Get"
11733
11734
#: serverguide/C/package-management.xml:147(para)
11735
msgid ""
11736
"The <application>apt-get</application> command is a powerful command-line "
11737
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
11738
"(APT) performing such functions as installation of new software packages, "
11739
"upgrade of existing software packages, updating of the package list index, "
11740
"and even upgrading the entire Ubuntu system."
11741
msgstr ""
11742
"<application>apt-get</application> 命令是一个强大的命令行工具,用于同 Ubuntu 的 "
11743
"<emphasis>Advanced Packaging Tool</emphasis> (APT) "
11744
"一起执行诸如安装新软件包、升级已有软件包、更新包列表索引,甚至是升级整个 Ubuntu 系统等功能。"
11745
11746
#: serverguide/C/package-management.xml:150(para)
11747
msgid ""
11748
"Being a simple command-line tool, <application>apt-get</application> has "
11749
"numerous advantages over other package management tools available in Ubuntu "
11750
"for server administrators. Some of these advantages include ease of use over "
11751
"simple terminal connections (SSH) and the ability to be used in system "
11752
"administration scripts, which can in turn be automated by the "
11753
"<application>cron</application> scheduling utility."
11754
msgstr ""
11755
"作为一个简单的命令行工具,<application>apt-get</application> 对于服务器管理员来说比 Ubuntu "
11756
"中的其他软件包管理工具有着相当多的优点。这些优点包括便于在简单终端连接 (SSH) "
11757
"中使用,同时能够用于系统管理脚本中,以便能被<application>cron</application> 动作计划工具自动运行。"
11758
11759
#: serverguide/C/package-management.xml:157(para)
11760
msgid ""
11761
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
11762
"packages using the <application>apt-get</application> tool is quite simple. "
11763
"For example, to install the network scanner <emphasis "
11764
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
11765
"<command>sudo apt-get install nmap</command>\n"
11766
"</screen>"
11767
msgstr ""
11768
"<emphasis role=\"bold\">安装软件包</emphasis>:使用 <application>apt-"
11769
"get</application> 工具安装软件包非常简单。举个例子,要安装网络扫描器 <emphasis "
11770
"role=\"italics\">nmap</emphasis>,可以输入下面命令: <screen>\n"
11771
"<command>sudo apt-get install nmap</command>\n"
11772
"</screen>"
11773
11774
#: serverguide/C/package-management.xml:165(para)
11775
msgid ""
11776
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
11777
"packages is also a straightforward and simple process. To remove the nmap "
11778
"package installed in the previous example, type the following: <screen>\n"
11779
"<command>sudo apt-get remove nmap</command>\n"
11780
"</screen>"
11781
msgstr ""
11782
"<emphasis role=\"bold\">卸载软件包</emphasis>:卸载一个或多个软件包也很简单直接。要卸载在上个例子中安装的 nmap "
11783
"软件包,可以输入下面命令:<screen>\n"
11784
"<command>sudo apt-get remove nmap</command>\n"
11785
"</screen>"
11786
11787
#: serverguide/C/package-management.xml:172(para)
11788
msgid ""
11789
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
11790
"multiple packages to be installed or removed, separated by spaces."
11791
msgstr "<emphasis role=\"bold\">多个软件包</emphasis>:你可以安装和卸载用空格分隔的多个软件包。"
11792
11793
#: serverguide/C/package-management.xml:175(para)
11794
msgid ""
11795
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
11796
"remove</command> will remove the package configuration files as well. This "
11797
"may or may not be the desired effect so use with caution."
11798
msgstr ""
11799
11800
#: serverguide/C/package-management.xml:181(para)
11801
msgid ""
11802
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
11803
"index is essentially a database of available packages from the repositories "
11804
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
11805
"the local package index with the latest changes made in repositories, type "
11806
"the following: <screen>\n"
11807
"<command>sudo apt-get update</command>\n"
11808
"</screen>"
11809
msgstr ""
11810
"<emphasis role=\"bold\">更新软件包索引</emphasis>:APT "
11811
"软件包索引从本质上来说是一个可用软件包数据库,这些可用软件包来自 <filename>/etc/apt/sources.list</filename> "
11812
"文件中定义的软件库。要更新由软件库的最新变动而生成的本地软件索引,输入下面的语句:<screen>\n"
11813
"<command>sudo apt-get update</command>\n"
11814
"</screen>"
11815
11816
#: serverguide/C/package-management.xml:189(para)
11817
msgid ""
11818
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
11819
"versions of packages currently installed on your computer may become "
11820
"available from the package repositories (for example security updates). To "
11821
"upgrade your system, first update your package index as outlined above, and "
11822
"then type: <screen>\n"
11823
"<command>sudo apt-get upgrade</command>\n"
11824
"</screen>"
11825
msgstr ""
11826
"<emphasis "
11827
"role=\"bold\">升级软件包</emphasis>:经过一段时间,您计算机上安装的软件的更新版本可能会在软件源中可用(例如安全更新等)。要升级您"
11828
"的系统,请先按照上述更新您的软件包索引,然后输入:<screen>\n"
11829
"<command>sudo apt-get upgrade</command>\n"
11830
"</screen>"
11831
11832
#: serverguide/C/package-management.xml:195(para)
11833
msgid ""
11834
"For information on upgrading to a new Ubuntu release see <xref "
11835
"linkend=\"installing-upgrading\"/>."
11836
msgstr ""
11837
11838
#: serverguide/C/package-management.xml:153(para)
11839
msgid ""
11840
"Some examples of popular uses for the <application>apt-get</application> "
11841
"utility: <placeholder-1/>"
11842
msgstr "<application>apt-get</application> 工具的一些常见用法示例:"
11843
11844
#: serverguide/C/package-management.xml:201(para)
11845
msgid ""
11846
"Actions of the <application>apt-get</application> command, such as "
11847
"installation and removal of packages, are logged in the /var/log/dpkg.log "
11848
"log file."
11849
msgstr ""
11850
"<application>apt-get</application> 命令所做操作,如包的安装和卸载,都被记录在 /var/log/dpkg.log "
11851
"日志文件里。"
11852
11853
#: serverguide/C/package-management.xml:204(para)
11854
msgid ""
11855
"For further information about the use of <application>APT</application>, "
11856
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
11857
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11858
"help</screen>"
11859
msgstr ""
11860
"关于 <application>APT</application> 用法的更多信息,可阅读全面的<ulink "
11861
"url=\"http://www.debian.org/doc/user-manuals#apt-howto\">Debian APT "
11862
"用户手册</ulink> 或输入:<screen>apt-get help</screen>"
11863
11864
#: serverguide/C/package-management.xml:208(title)
11865
msgid "Aptitude"
11866
msgstr "Aptitude"
11867
11868
#: serverguide/C/package-management.xml:209(para)
11869
msgid ""
11870
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11871
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11872
"the common package management functions, such as installation, removal, and "
11873
"upgrade, are performed in <application>Aptitude</application> with single-"
11874
"key commands, which are typically lowercase letters."
11875
msgstr ""
11876
"<application>Aptitude</application> 是一个菜单驱动,基于文本的 <emphasis>Advanced "
11877
"Packaging Tool</emphasis> (APT) "
11878
"系统前端。包管理的许多常用功能,如安装,卸载和升级,可以在<application>Aptitude</application> "
11879
"中单键执行命令,它通常是小写字母。"
11880
11881
#: serverguide/C/package-management.xml:212(para)
11882
msgid ""
11883
"<application>Aptitude</application> is best suited for use in a non-"
11884
"graphical terminal environment to ensure proper functioning of the command "
11885
"keys. You may start <application>Aptitude</application> as a normal user "
11886
"with the following command at a terminal prompt: <screen>\n"
11887
"<command>sudo aptitude</command>\n"
11888
"</screen>"
11889
msgstr ""
11890
"<application>Aptitude</application> "
11891
"最适合在非图形界面的终端环境中使用,以此来确保命令键的正常工作。您可以作为一个普通用户在终端提示中输入以下命令来启动 "
11892
"<application>Aptitude</application>:<screen>\n"
11893
"<command>sudo aptitude</command>\n"
11894
"</screen>"
11895
11896
#: serverguide/C/package-management.xml:219(para)
11897
msgid ""
11898
"When <application>Aptitude</application> starts, you will see a menu bar at "
11899
"the top of the screen and two panes below the menu bar. The top pane "
11900
"contains package categories, such as <emphasis role=\"italics\">New "
11901
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11902
"Packages</emphasis>. The bottom pane contains information related to the "
11903
"packages and package categories."
11904
msgstr ""
11905
"当 <application>Aptitude</application> 开始之后,你将看在屏幕顶部的一个菜单条,其下有两个窗,顶窗包含包的类别,如 "
11906
"<emphasis role=\"italics\">新软件包</emphasis> 和 <emphasis role=\"italics\"> "
11907
"未安装软件包 </emphasis>。底窗包含包和包类别的相关信息。"
11908
11909
#: serverguide/C/package-management.xml:222(para)
11910
msgid ""
11911
"Using <application>Aptitude</application> for package management is "
11912
"relatively straightforward, and the user interface makes common tasks simple "
11913
"to perform. The following are examples of common package management "
11914
"functions as performed in <application>Aptitude</application>:"
11915
msgstr ""
11916
"使用 <application>Aptitude</application> "
11917
"来进行软件包的管理相对来说比较直观,并且其用户界面使得执行一般任务变得简单。以下是可在 "
11918
"<application>Aptitude</application> 中进行的一般软件包管理功能的例子:"
11919
11920
#: serverguide/C/package-management.xml:226(para)
11921
msgid ""
11922
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11923
"locate the package via the Not Installed Packages package category, for "
11924
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11925
"key, and highlight the package you wish to install. After highlighting the "
11926
"package you wish to install, press the <keycap>+</keycap> key, and the "
11927
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11928
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11929
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11930
"again, and you will be prompted to become root to complete the installation. "
11931
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11932
"your user password to become root. Finally, press <keycap>g</keycap> once "
11933
"more and you'll be prompted to download the package. Press "
11934
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11935
"prompt, and downloading and installation of the package will commence."
11936
msgstr ""
11937
"<emphasis role=\"bold\">安装软件包</emphasis>:要安装包,通过未安装软件包包类别找到该软件包,如通过键盘箭头键和 "
11938
"<keycap>ENTER</keycap> 键定位并高亮你想安装的软件包。在高亮你要安装的软件包之后,将其标示为安装。现在按 "
11939
"<keycap>g</keycap> 键显示软件包的操作提示。再按 <keycap>g</keycap> 键,您将被提示要成为 root "
11940
"用户以完成安装。按 <keycap>ENTER</keycap> 键将显示 Password: 提示。输入您的用户密码成为 root "
11941
"用户。最后,再一次按 <keycap>g</keycap> 键,您将被提示下载软件包。在<emphasis "
11942
"role=\"italics\">Continue</emphasis> 提示上按 <keycap>ENTER</keycap> "
11943
"键,开始下载和安装软件包。"
11944
11945
#: serverguide/C/package-management.xml:230(para)
11946
msgid ""
11947
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11948
"locate the package via the Installed Packages package category, for example, "
11949
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11950
"highlight the package you wish to remove. After highlighting the package you "
11951
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11952
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11953
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11954
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11955
"prompted to become root to complete the installation. Press "
11956
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11957
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11958
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11959
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11960
"the package will commence."
11961
msgstr ""
11962
"<emphasis role=\"bold\">卸载软件包</emphasis>:要卸载软件包,通过已安装软件包包类别找到该软件包,如通过键盘箭头键和 "
11963
"<keycap>ENTER</keycap> 键定位并高亮你想卸载的软件包。在高亮你要卸载的软件包之后,按 <keycap>-</keycap> "
11964
"键,文件包条目将变成 <emphasis role=\"italics\">pink</emphasis>,标示其为卸载。现在按 "
11965
"<keycap>g</keycap> 键显示软件包的操作提示。再按 <keycap>g</keycap> 键,您将被提示要成为 root "
11966
"用户以完成卸载。按 <keycap>ENTER</keycap> 键将显示 Password: 提示。输入您的用户密码成为 root "
11967
"用户。最后,再一次按 <keycap>g</keycap> 键,您将被提示下载软件包。在<emphasis "
11968
"role=\"italics\">Continue</emphasis> 提示上按 <keycap>ENTER</keycap> 键,开始卸载软件包。"
11969
11970
#: serverguide/C/package-management.xml:234(para)
11971
msgid ""
11972
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11973
"package index, simply press the <keycap>u</keycap> key and you will be "
11974
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11975
"which will result in a Password: prompt. Enter your user password to become "
11976
"root. Updating of the package index will commence. Press "
11977
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11978
"presented to complete the process."
11979
msgstr ""
11980
"<emphasis role=\"bold\">升级软件包索引</emphasis>: 要升级软件包索引,只需按 <keycap>u</keycap> "
11981
"键,您会被提示要成为 root 来完成升级。按下 <keycap>ENTER</keycap> 将出现 Password: 提示。输入您的用户密码以成为 "
11982
"root。软件包索引的升级就会实行。当出现下载对话框时在 OK 提示上按下 <keycap>ENTER</keycap> 来完成该过程。"
11983
11984
#: serverguide/C/package-management.xml:238(para)
11985
msgid ""
11986
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11987
"perform the update of the package index as detailed above, and then press "
11988
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11989
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11990
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11991
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11992
"result in a Password: prompt. Enter your user password to become root. "
11993
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11994
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11995
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11996
"will commence."
11997
msgstr ""
11998
"<emphasis role=\"bold\">升级软件包</emphasis>:要升级软件包,如上述执行软件包索引的升级,然后按下 "
11999
"<keycap>U</keycap> 键来标记所有能升级的软件包。现在按下 <keycap>g</keycap> 您会看到一个包动作的概要。再次按下 "
12000
"<keycap>g</keycap>,您会被提示成为 root 来完成安装。按下 <keycap>ENTER</keycap> 会出现 "
12001
"Password: 提示。输入您的用户密码以成为 root。最后,再次按下 <keycap>g</keycap>,您会被提示下载软件包。在 "
12002
"<emphasis role=\"italics\">Continue</emphasis> 提示上按下 "
12003
"<keycap>ENTER</keycap>,软件包的升级就会被实行。"
12004
12005
#: serverguide/C/package-management.xml:245(para)
12006
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
12007
msgstr "<emphasis role=\"bold\">i</emphasis>: 已安装的软件包"
12008
12009
#: serverguide/C/package-management.xml:250(para)
12010
msgid ""
12011
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
12012
"configuration remains on system"
12013
msgstr "<emphasis role=\"bold\">c</emphasis>: 软件包没有安装,但在系统中有软件包的残留配置"
12014
12015
#: serverguide/C/package-management.xml:254(para)
12016
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
12017
msgstr "<emphasis role=\"bold\">p</emphasis>: 从系统彻底删除"
12018
12019
#: serverguide/C/package-management.xml:258(para)
12020
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
12021
msgstr "<emphasis role=\"bold\">v</emphasis>: 虚拟软件包"
12022
12023
#: serverguide/C/package-management.xml:262(para)
12024
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
12025
msgstr "<emphasis role=\"bold\">B</emphasis>: 已损坏的软件包"
12026
12027
#: serverguide/C/package-management.xml:266(para)
12028
msgid ""
12029
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
12030
"configured"
12031
msgstr "<emphasis role=\"bold\">u</emphasis>: 文件已解压,但尚未配置软件包"
12032
12033
#: serverguide/C/package-management.xml:270(para)
12034
msgid ""
12035
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
12036
"and requires fix"
12037
msgstr "<emphasis role=\"bold\">C</emphasis>: 半配置的 - 配置失败并需要修复"
12038
12039
#: serverguide/C/package-management.xml:274(para)
12040
msgid ""
12041
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
12042
"requires fix"
12043
msgstr "<emphasis role=\"bold\">H</emphasis>: 半安装的 - 移除失败并需要修复"
12044
12045
#: serverguide/C/package-management.xml:242(para)
12046
msgid ""
12047
"The first column of information displayed in the package list in the top "
12048
"pane, when actually viewing packages lists the current state of the package, "
12049
"and uses the following key to describe the state of the package: "
12050
"<placeholder-1/>"
12051
msgstr "当实际查看软件时列出软件包当前状态,在顶窗软件包列表中显示信息的第一列使用下列关键字来描述软件包状态:<placeholder-1/>"
12052
12053
#: serverguide/C/package-management.xml:280(para)
12054
msgid ""
12055
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
12056
"wish to exit. Many other functions are available from the Aptitude menu by "
12057
"pressing the <keycap>F10</keycap> key."
12058
msgstr ""
12059
"要退出 Aptitude,只需简单按 <keycap>q</keycap> 键并确认您想退出即可。在 Aptitude 菜单中按 "
12060
"<keycap>F10</keycap> 键可以列出其他许多功能。"
12061
12062
#: serverguide/C/package-management.xml:285(title)
12063
msgid "Automatic Updates"
12064
msgstr "自动更新"
12065
12066
#: serverguide/C/package-management.xml:287(para)
12067
msgid ""
12068
"The <application>unattended-upgrades</application> package can be used to "
12069
"automatically install updated packages, and can be configured to update all "
12070
"packages or just install security updates. First, install the package by "
12071
"entering the following in a terminal:"
12072
msgstr ""
12073
12074
#: serverguide/C/package-management.xml:293(command)
12075
msgid "sudo apt-get install unattended-upgrades"
12076
msgstr "sudo apt-get install unattended-upgrades"
12077
12078
#: serverguide/C/package-management.xml:296(para)
12079
msgid ""
12080
"To configure <application>unattended-upgrades</application>, edit "
12081
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
12082
"the following to fit your needs:"
12083
msgstr ""
12084
12085
#: serverguide/C/package-management.xml:301(programlisting)
12086
#, no-wrap
12087
msgid ""
12088
"\n"
12089
"Unattended-Upgrade::Allowed-Origins {\n"
12090
" \"Ubuntu maverick-security\";\n"
12091
"// \"Ubuntu maverick-updates\";\n"
12092
"};\n"
12093
msgstr ""
12094
12095
#: serverguide/C/package-management.xml:308(para)
12096
msgid ""
12097
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
12098
"will not be automatically updated. To blacklist a package, add it to the "
12099
"list:"
12100
msgstr ""
12101
12102
#: serverguide/C/package-management.xml:313(programlisting)
12103
#, no-wrap
12104
msgid ""
12105
"\n"
12106
"Unattended-Upgrade::Package-Blacklist {\n"
12107
"// \"vim\";\n"
12108
"// \"libc6\";\n"
12109
"// \"libc6-dev\";\n"
12110
"// \"libc6-i686\";\n"
12111
"};\n"
12112
msgstr ""
12113
12114
#: serverguide/C/package-management.xml:323(para)
12115
msgid ""
12116
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
12117
"whatever follows \"//\" will not be evaluated."
12118
msgstr ""
12119
12120
#: serverguide/C/package-management.xml:328(para)
12121
msgid ""
12122
"To enable automatic updates, edit "
12123
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
12124
"<application>apt</application> configuration options:"
12125
msgstr ""
12126
12127
#: serverguide/C/package-management.xml:332(programlisting)
12128
#, no-wrap
12129
msgid ""
12130
"\n"
12131
"APT::Periodic::Update-Package-Lists \"1\";\n"
12132
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
12133
"APT::Periodic::AutocleanInterval \"7\";\n"
12134
"APT::Periodic::Unattended-Upgrade \"1\";\n"
12135
msgstr ""
12136
12137
#: serverguide/C/package-management.xml:339(para)
12138
msgid ""
12139
"The above configuration updates the package list, downloads, and installs "
12140
"available upgrades every day. The local download archive is cleaned every "
12141
"week."
12142
msgstr ""
12143
12144
#: serverguide/C/package-management.xml:345(para)
12145
msgid ""
12146
"You can read more about <application>apt</application> Periodic "
12147
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
12148
"header."
12149
msgstr ""
12150
12151
#: serverguide/C/package-management.xml:350(para)
12152
msgid ""
12153
"The results of <application>unattended-upgrades</application> will be logged "
12154
"to <filename>/var/log/unattended-upgrades</filename>."
12155
msgstr ""
12156
12157
#: serverguide/C/package-management.xml:355(title)
12158
msgid "Notifications"
12159
msgstr "通知"
12160
12161
#: serverguide/C/package-management.xml:357(para)
12162
msgid ""
12163
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
12164
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
12165
"<application>unattended-upgrades</application> to email an administrator "
12166
"detailing any packages that need upgrading or have problems."
12167
msgstr ""
12168
12169
#: serverguide/C/package-management.xml:362(para)
12170
msgid ""
12171
"Another useful package is <application>apticron</application>. "
12172
"<application>apticron</application> will configure a "
12173
"<application>cron</application> job to email an administrator information "
12174
"about any packages on the system that have updates available, as well as a "
12175
"summary of changes in each package."
12176
msgstr ""
12177
12178
#: serverguide/C/package-management.xml:368(para)
12179
msgid ""
12180
"To install the <application>apticron</application> package, in a terminal "
12181
"enter:"
12182
msgstr "要安装 <application>apticron</application> 软件包,在终端中输入:"
12183
12184
#: serverguide/C/package-management.xml:373(command)
12185
msgid "sudo apt-get install apticron"
12186
msgstr "sudo apt-get install apticron"
12187
12188
#: serverguide/C/package-management.xml:376(para)
12189
msgid ""
12190
"Once the package is installed edit "
12191
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
12192
"and other options:"
12193
msgstr ""
12194
"软件包安装后,编辑 <filename>/etc/apticron/apticron.conf</filename> 来设置电子邮件地址和其他选项:"
12195
12196
#: serverguide/C/package-management.xml:380(programlisting)
12197
#, no-wrap
12198
msgid ""
12199
"\n"
12200
"EMAIL=\"root@example.com\"\n"
12201
msgstr ""
12202
12203
#: serverguide/C/package-management.xml:389(para)
12204
msgid ""
12205
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
12206
"system repositories is stored in the /etc/apt/sources.list configuration "
12207
"file. An example of this file is referenced here, along with information on "
12208
"adding or removing repository references from the file."
12209
msgstr ""
12210
"<emphasis>Advanced Packaging Tool</emphasis> (APT) 系统软件库的配置被保存在 "
12211
"/etc/apt/sources.list 文件中。这儿有个该文件的示例,"
12212
12213
#: serverguide/C/package-management.xml:395(para)
12214
msgid ""
12215
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
12216
"typical <filename>/etc/apt/sources.list</filename> file."
12217
msgstr ""
12218
"<ulink url=\"../sample/sources.list\">这里</ulink> 是一个典型的 "
12219
"<filename>/etc/apt/sources.list</filename> 文件范例。"
12220
12221
#: serverguide/C/package-management.xml:399(para)
12222
msgid ""
12223
"You may edit the file to enable repositories or disable them. For example, "
12224
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
12225
"operations occur, simply comment out the appropriate line for the CD-ROM, "
12226
"which appears at the top of the file:"
12227
msgstr ""
12228
"您可以编辑该文件来使软件库生效或失效。举个例子,要不想无论何时在发生文件包操作都会引起要求插入 Ubuntu CD-ROM ,只需要简单地将在文件顶部的 "
12229
"CD-ROM 相应行注释掉即可:"
12230
12231
#: serverguide/C/package-management.xml:404(screen)
12232
#, no-wrap
12233
msgid ""
12234
"\n"
12235
"# no more prompting for CD-ROM please\n"
12236
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
12237
"main restricted\n"
12238
msgstr ""
12239
12240
#: serverguide/C/package-management.xml:410(title)
12241
msgid "Extra Repositories"
12242
msgstr "其他软件库"
12243
12244
#: serverguide/C/package-management.xml:411(para)
12245
msgid ""
12246
"In addition to the officially supported package repositories available for "
12247
"Ubuntu, there exist additional community-maintained repositories which add "
12248
"thousands more potential packages for installation. Two of the most popular "
12249
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
12250
"repositories. These repositories are not officially supported by Ubuntu, but "
12251
"because they are maintained by the community they generally provide packages "
12252
"which are safe for use with your Ubuntu computer."
12253
msgstr ""
12254
"Ubuntu 除了官方支持的软件库外,还有额外的社区维护的软件库,能提供数千个可供安装的额外软件。其中最流行的两个软件库是 "
12255
"<emphasis>Universe</emphasis> 和 <emphasis>Multiverse</emphasis> 软件库。这些软件库不被 "
12256
"Ubuntu 官方支持,但是因为它们是由社区维护的,因此它们提供的软件通常可以在您的 Ubuntu 计算机中被安全地使用。"
12257
12258
#: serverguide/C/package-management.xml:414(para)
12259
msgid ""
12260
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
12261
"licensing issues that prevent them from being distributed with a free "
12262
"operating system, and they may be illegal in your locality."
12263
msgstr ""
12264
"在 <emphasis>Multiverse</emphasis> "
12265
"软件库中的软件包通常有授权问题,这阻碍了它们随同一个自由操作系统一起发布,并且它们在您所处的地域中可能是非法的。"
12266
12267
#: serverguide/C/package-management.xml:416(para)
12268
msgid ""
12269
"Be advised that neither the <emphasis>Universe</emphasis> or "
12270
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
12271
"packages. In particular, there may not be security updates for these "
12272
"packages."
12273
msgstr ""
12274
"提醒您在 <emphasis>Universe</emphasis> 或 <emphasis>Multiverse</emphasis> "
12275
"软件库中均没有官方支持的软件包。特别是这些软件包可能没有安全更新。"
12276
12277
#: serverguide/C/package-management.xml:420(para)
12278
msgid ""
12279
"Many other package sources are available, sometimes even offering only one "
12280
"package, as in the case of package sources provided by the developer of a "
12281
"single application. You should always be very careful and cautious when "
12282
"using non-standard package sources, however. Research the source and "
12283
"packages carefully before performing any installation, as some package "
12284
"sources and their packages could render your system unstable or non-"
12285
"functional in some respects."
12286
msgstr ""
12287
"许多其他软件包源也是可用的,有时甚至只提供一个软件包,这种情况主要发生在由单个应用程序的开发人员所提供软件包源上。然而当您在使用非标准软件包源时您应该非常"
12288
"小心谨慎,在执行任何安装之前仔细考查源和软件包,因为有些软件包源和其中的软件包可能会使您的系统在某些方面运行不稳定或不正常。"
12289
12290
#: serverguide/C/package-management.xml:423(para)
12291
msgid ""
12292
"By default, the <emphasis>Universe</emphasis> and "
12293
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
12294
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
12295
"comment the following lines:"
12296
msgstr ""
12297
12298
#: serverguide/C/package-management.xml:430(programlisting)
12299
#, no-wrap
12300
msgid ""
12301
"\n"
12302
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
12303
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
12304
"\n"
12305
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
12306
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
12307
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
12308
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
12309
"\n"
12310
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
12311
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
12312
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
12313
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
12314
"\n"
12315
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
12316
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
12317
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
12318
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
12319
msgstr ""
12320
12321
#: serverguide/C/package-management.xml:456(para)
12322
msgid ""
12323
"Most of the material covered in this chapter is available in "
12324
"<application>man</application> pages, many of which are available online."
12325
msgstr ""
12326
12327
#: serverguide/C/package-management.xml:463(para)
12328
msgid ""
12329
"The <ulink "
12330
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
12331
"re</ulink> Ubuntu wiki page has more information."
12332
msgstr ""
12333
12334
#: serverguide/C/package-management.xml:468(para)
12335
msgid ""
12336
"For more <application>dpkg</application> details see the <ulink "
12337
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
12338
" man page</ulink>."
12339
msgstr ""
12340
12341
#: serverguide/C/package-management.xml:474(para)
12342
msgid ""
12343
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
12344
"HOWTO</ulink> and <ulink "
12345
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
12346
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
12347
"<application>apt-get</application> usage."
12348
msgstr ""
12349
12350
#: serverguide/C/package-management.xml:481(para)
12351
msgid ""
12352
"See the <ulink "
12353
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
12354
"itude man page</ulink> for more <application>aptitude</application> options."
12355
msgstr ""
12356
12357
#: serverguide/C/package-management.xml:487(para)
12358
msgid ""
12359
"The <ulink "
12360
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
12361
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
12362
"adding repositories."
12363
msgstr ""
12364
12365
#: serverguide/C/other-apps.xml:13(title)
12366
msgid "Other Useful Applications"
12367
msgstr "其他有用的应用程序"
12368
12369
#: serverguide/C/other-apps.xml:15(para)
12370
msgid ""
12371
"There are many very useful applications developed by the Ubuntu Server Team, "
12372
"and others that are well integrated with Ubuntu Server Edition, that might "
12373
"not be well known. This chapter will showcase some useful applications that "
12374
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
12375
"easier."
12376
msgstr ""
12377
12378
#: serverguide/C/other-apps.xml:23(title)
12379
msgid "pam_motd"
12380
msgstr ""
12381
12382
#: serverguide/C/other-apps.xml:25(para)
12383
msgid ""
12384
"When logging into an Ubuntu server you may have noticed the informative "
12385
"Message Of The Day (MOTD). This information is obtained and displayed using "
12386
"a couple of packages:"
12387
msgstr ""
12388
12389
#: serverguide/C/other-apps.xml:32(para)
12390
msgid ""
12391
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
12392
"<application>landscape-client</application>, which can be used to manage "
12393
"systems using the web based <emphasis>Landscape</emphasis> application. The "
12394
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
12395
"utility which is used to gather the information displayed in the MOTD."
12396
msgstr ""
12397
12398
#: serverguide/C/other-apps.xml:40(para)
12399
msgid ""
12400
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
12401
"the MOTD via <application>pam_motd</application> module."
12402
msgstr ""
12403
12404
#: serverguide/C/other-apps.xml:46(para)
12405
msgid ""
12406
"<application>pam_motd</application> executes the scripts in "
12407
"<filename>/etc/update-motd.d</filename> in order based on the number "
12408
"prepended to the script. The output of the scripts is written to "
12409
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
12410
"concatenated with <filename>/etc/motd.tail</filename>."
12411
msgstr ""
12412
12413
#: serverguide/C/other-apps.xml:52(para)
12414
msgid ""
12415
"You can add your own dynamic information to the MOTD. For example, to add "
12416
"local weather information:"
12417
msgstr "您可以往MOTD上添加您自己的动态信息。比如,要添加当地的气象信息,您可以:"
12418
12419
#: serverguide/C/other-apps.xml:58(para)
12420
msgid "First, install the <application>weather-util</application> package:"
12421
msgstr "首先,安装 <application>weather-util</application> 软件包:"
12422
12423
#: serverguide/C/other-apps.xml:63(command)
12424
msgid "sudo apt-get install weather-util"
12425
msgstr ""
12426
12427
#: serverguide/C/other-apps.xml:68(para)
12428
msgid ""
12429
"The <application>weather</application> utility uses METAR data from the "
12430
"National Oceanic and Atmospheric Administration and forecasts from the "
12431
"National Weather Service. In order to find local information you will need "
12432
"the 4-character ICAO location indicator. This can be determined by browsing "
12433
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
12434
"Weather Service</ulink> site."
12435
msgstr ""
12436
12437
#: serverguide/C/other-apps.xml:75(para)
12438
msgid ""
12439
"Although the National Weather Service is a United States government agency "
12440
"there are weather stations available world wide. However, local weather "
12441
"information for all locations outside the U.S. may not be available."
12442
msgstr ""
12443
12444
#: serverguide/C/other-apps.xml:81(para)
12445
msgid ""
12446
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
12447
"script to use <application>weather</application> with your local ICAO "
12448
"indicator:"
12449
msgstr ""
12450
12451
#: serverguide/C/other-apps.xml:86(programlisting)
12452
#, no-wrap
12453
msgid ""
12454
"\n"
12455
"#!/bin/sh\n"
12456
"#\n"
12457
"#\n"
12458
"# Prints the local weather information for the MOTD.\n"
12459
"#\n"
12460
"#\n"
12461
"\n"
12462
"# Replace KINT with your local weather station.\n"
12463
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
12464
"\n"
12465
"echo\n"
12466
"weather -i KINT\n"
12467
"echo\n"
12468
"\n"
12469
msgstr ""
12470
12471
#: serverguide/C/other-apps.xml:104(para)
12472
msgid "Make the script executable:"
12473
msgstr "使脚本可以执行:"
12474
12475
#: serverguide/C/other-apps.xml:109(command)
12476
msgid "sudo chmod 755 /usr/local/bin/local-weather"
12477
msgstr ""
12478
12479
#: serverguide/C/other-apps.xml:113(para)
12480
msgid ""
12481
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
12482
"weather</filename>:"
12483
msgstr ""
12484
12485
#: serverguide/C/other-apps.xml:118(command)
12486
msgid ""
12487
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
12488
msgstr ""
12489
12490
#: serverguide/C/other-apps.xml:122(para)
12491
msgid "Finally, exit the server and re-login to view the new MOTD."
12492
msgstr ""
12493
12494
#: serverguide/C/other-apps.xml:128(para)
12495
msgid ""
12496
"You should now be greeted with some useful information, and some information "
12497
"about the local weather that may not be quite so useful. Hopefully the "
12498
"<application>local-weather</application> example demonstrates the "
12499
"flexibility of <application>pam_motd</application>."
12500
msgstr ""
12501
12502
#: serverguide/C/other-apps.xml:136(title)
12503
msgid "etckeeper"
12504
msgstr ""
12505
12506
#: serverguide/C/other-apps.xml:138(para)
12507
msgid ""
12508
"<application>etckeeper</application> allows the contents of <filename "
12509
"role=\"directory\">/etc</filename> be easily stored in Version Control "
12510
"System (VCS) repository. It hooks into <application>apt</application> to "
12511
"automatically commit changes to <filename>/etc</filename> when packages are "
12512
"installed or upgraded. Placing <filename>/etc</filename> under version "
12513
"control is considered an industry best practice, and the goal of "
12514
"<application>etckeeper</application> is to make this process as painless as "
12515
"possible."
12516
msgstr ""
12517
12518
#: serverguide/C/other-apps.xml:146(para)
12519
msgid ""
12520
"Install <application>etckeeper</application> by entering the following in a "
12521
"terminal:"
12522
msgstr ""
12523
12524
#: serverguide/C/other-apps.xml:151(command)
12525
msgid "sudo apt-get install etckeeper"
12526
msgstr ""
12527
12528
#: serverguide/C/other-apps.xml:154(para)
12529
msgid ""
12530
"The main configuration file, "
12531
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
12532
"main option is which VCS to use. By default "
12533
"<application>etckeeper</application> is configured to use "
12534
"<application>bzr</application> for version control. The repository is "
12535
"automatically initialized (and committed for the first time) during package "
12536
"installation. It is possible to undo this by entering the following command:"
12537
msgstr ""
12538
12539
#: serverguide/C/other-apps.xml:164(command)
12540
msgid "sudo etckeeper uninit"
12541
msgstr ""
12542
12543
#: serverguide/C/other-apps.xml:167(para)
12544
msgid ""
12545
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
12546
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
12547
"It will also automatically commit changes before and after package "
12548
"installation. For a more precise tracking of changes, it is recommended to "
12549
"commit your changes manually, together with a commit message, using:"
12550
msgstr ""
12551
12552
#: serverguide/C/other-apps.xml:176(command)
12553
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
12554
msgstr ""
12555
12556
#: serverguide/C/other-apps.xml:179(para)
12557
msgid ""
12558
"Using the VCS commands you can view log information about files in "
12559
"<filename>/etc</filename>:"
12560
msgstr ""
12561
12562
#: serverguide/C/other-apps.xml:184(command)
12563
msgid "sudo bzr log /etc/passwd"
12564
msgstr ""
12565
12566
#: serverguide/C/other-apps.xml:187(para)
12567
msgid ""
12568
"To demonstrate the integration with the package management system, install "
12569
"<application>postfix</application>:"
12570
msgstr ""
12571
12572
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
12573
msgid "sudo apt-get install postfix"
12574
msgstr ""
12575
12576
#: serverguide/C/other-apps.xml:195(para)
12577
msgid ""
12578
"When the installation is finished, all the "
12579
"<application>postfix</application> configuration files should be committed "
12580
"to the repository:"
12581
msgstr ""
12582
12583
#: serverguide/C/other-apps.xml:201(computeroutput)
12584
#, no-wrap
12585
msgid ""
12586
"Committing to: /etc/\n"
12587
"added aliases.db\n"
12588
"modified group\n"
12589
"modified group-\n"
12590
"modified gshadow\n"
12591
"modified gshadow-\n"
12592
"modified passwd\n"
12593
"modified passwd-\n"
12594
"added postfix\n"
12595
"added resolvconf\n"
12596
"added rsyslog.d\n"
12597
"modified shadow\n"
12598
"modified shadow-\n"
12599
"added init.d/postfix\n"
12600
"added network/if-down.d/postfix\n"
12601
"added network/if-up.d/postfix\n"
12602
"added postfix/dynamicmaps.cf\n"
12603
"added postfix/main.cf\n"
12604
"added postfix/master.cf\n"
12605
"added postfix/post-install\n"
12606
"added postfix/postfix-files\n"
12607
"added postfix/postfix-script\n"
12608
"added postfix/sasl\n"
12609
"added ppp/ip-down.d\n"
12610
"added ppp/ip-down.d/postfix\n"
12611
"added ppp/ip-up.d/postfix\n"
12612
"added rc0.d/K20postfix\n"
12613
"added rc1.d/K20postfix\n"
12614
"added rc2.d/S20postfix\n"
12615
"added rc3.d/S20postfix\n"
12616
"added rc4.d/S20postfix\n"
12617
"added rc5.d/S20postfix\n"
12618
"added rc6.d/K20postfix\n"
12619
"added resolvconf/update-libc.d\n"
12620
"added resolvconf/update-libc.d/postfix\n"
12621
"added rsyslog.d/postfix.conf\n"
12622
"added ufw/applications.d/postfix\n"
12623
"Committed revision 2."
12624
msgstr ""
12625
12626
#: serverguide/C/other-apps.xml:241(para)
12627
msgid ""
12628
"For an example of how <application>etckeeper</application> tracks manual "
12629
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12630
"<application>bzr</application> you can see which files have been modified:"
12631
msgstr ""
12632
12633
#: serverguide/C/other-apps.xml:247(command)
12634
msgid "sudo bzr status /etc/"
12635
msgstr ""
12636
12637
#: serverguide/C/other-apps.xml:248(computeroutput)
12638
#, no-wrap
12639
msgid ""
12640
"modified:\n"
12641
" hosts"
12642
msgstr ""
12643
12644
#: serverguide/C/other-apps.xml:252(para)
12645
msgid "Now commit the changes:"
12646
msgstr ""
12647
12648
#: serverguide/C/other-apps.xml:257(command)
12649
msgid "sudo etckeeper commit \"new host\""
12650
msgstr ""
12651
12652
#: serverguide/C/other-apps.xml:260(para)
12653
msgid ""
12654
"For more information on <application>bzr</application> see <xref "
12655
"linkend=\"bazaar\"/>."
12656
msgstr ""
12657
12658
#: serverguide/C/other-apps.xml:266(title)
12659
msgid "Byobu"
12660
msgstr ""
12661
12662
#: serverguide/C/other-apps.xml:268(para)
12663
msgid ""
12664
"One of the most useful applications for any system administrator is "
12665
"<application>screen</application>. It allows the execution of multiple "
12666
"shells in one terminal. To make some of the advanced "
12667
"<application>screen</application> features more user friendly, and provide "
12668
"some useful information about the system, the "
12669
"<application>byobu</application> package was created."
12670
msgstr ""
12671
12672
#: serverguide/C/other-apps.xml:275(para)
12673
msgid ""
12674
"When executing <application>byobu</application> pressing the "
12675
"<emphasis>F9</emphasis> key will bring up the "
12676
"<application>Configuration</application> menu. This menu will allow you to:"
12677
msgstr ""
12678
12679
#: serverguide/C/other-apps.xml:281(para)
12680
msgid "View the Help menu"
12681
msgstr "查看帮助菜单"
12682
12683
#: serverguide/C/other-apps.xml:282(para)
12684
msgid "Change Byobu's background color"
12685
msgstr ""
12686
12687
#: serverguide/C/other-apps.xml:283(para)
12688
msgid "Change Byobu's foreground color"
12689
msgstr ""
12690
12691
#: serverguide/C/other-apps.xml:284(para)
12692
msgid "Toggle status notifications"
12693
msgstr ""
12694
12695
#: serverguide/C/other-apps.xml:285(para)
12696
msgid "Change the key binding set"
12697
msgstr ""
12698
12699
#: serverguide/C/other-apps.xml:286(para)
12700
msgid "Change the escape sequence"
12701
msgstr ""
12702
12703
#: serverguide/C/other-apps.xml:287(para)
12704
msgid "Create new windows"
12705
msgstr ""
12706
12707
#: serverguide/C/other-apps.xml:288(para)
12708
msgid "Manage the default windows"
12709
msgstr ""
12710
12711
#: serverguide/C/other-apps.xml:289(para)
12712
msgid "Byobu currently does not launch at login (toggle on)"
12713
msgstr ""
12714
12715
#: serverguide/C/other-apps.xml:292(para)
12716
msgid ""
12717
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12718
"sequence, new window, change window, etc. There are two key binding sets to "
12719
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
12720
"keys</emphasis>. If you wish to use the original key bindings choose the "
12721
"<emphasis>none</emphasis> set."
12722
msgstr ""
12723
12724
#: serverguide/C/other-apps.xml:298(para)
12725
msgid ""
12726
"<application>byobu</application> provides a menu which displays the Ubuntu "
12727
"release, processor information, memory information, and the time and date. "
12728
"The effect is similar to a desktop menu."
12729
msgstr ""
12730
12731
#: serverguide/C/other-apps.xml:303(para)
12732
msgid ""
12733
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12734
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12735
"executed any time a terminal is opened. Changes made to "
12736
"<application>byobu</application> are on a per user basis, and will not "
12737
"affect other users on the system."
12738
msgstr ""
12739
12740
#: serverguide/C/other-apps.xml:309(para)
12741
msgid ""
12742
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12743
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12744
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
12745
"commands. Here is a quick list of movement commands:"
12746
msgstr ""
12747
12748
#: serverguide/C/other-apps.xml:316(para)
12749
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12750
msgstr ""
12751
12752
#: serverguide/C/other-apps.xml:317(para)
12753
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12754
msgstr ""
12755
12756
#: serverguide/C/other-apps.xml:318(para)
12757
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12758
msgstr ""
12759
12760
#: serverguide/C/other-apps.xml:319(para)
12761
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12762
msgstr ""
12763
12764
#: serverguide/C/other-apps.xml:320(para)
12765
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12766
msgstr ""
12767
12768
#: serverguide/C/other-apps.xml:321(para)
12769
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12770
msgstr ""
12771
12772
#: serverguide/C/other-apps.xml:322(para)
12773
msgid ""
12774
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12775
"the buffer)"
12776
msgstr ""
12777
12778
#: serverguide/C/other-apps.xml:323(para)
12779
msgid "<emphasis>/</emphasis> - Search forward"
12780
msgstr ""
12781
12782
#: serverguide/C/other-apps.xml:324(para)
12783
msgid "<emphasis>?</emphasis> - Search backward"
12784
msgstr ""
12785
12786
#: serverguide/C/other-apps.xml:325(para)
12787
msgid ""
12788
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
12789
msgstr ""
12790
12791
#: serverguide/C/other-apps.xml:334(para)
12792
msgid ""
12793
"See the <ulink "
12794
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
12795
"motd.1.html\">update-motd man page</ulink> for more options available to "
12796
"<application>update-motd</application>."
12797
msgstr ""
12798
12799
#: serverguide/C/other-apps.xml:340(para)
12800
msgid ""
12801
"The Debian Package of the Day <ulink "
12802
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12803
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12804
"details about using the <application>weather</application>utility."
12805
msgstr ""
12806
12807
#: serverguide/C/other-apps.xml:347(para)
12808
msgid ""
12809
"See the <ulink "
12810
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12811
"more details on using <application>etckeeper</application>."
12812
msgstr ""
12813
12814
#: serverguide/C/other-apps.xml:353(para)
12815
msgid ""
12816
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12817
"Ubuntu Wiki</ulink> page."
12818
msgstr ""
12819
12820
#: serverguide/C/other-apps.xml:358(para)
12821
msgid ""
12822
"For the latest news and information about <application>bzr</application> see "
12823
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12824
msgstr ""
12825
12826
#: serverguide/C/other-apps.xml:363(para)
12827
msgid ""
12828
"For more information on <application>screen</application> see the <ulink "
12829
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12830
msgstr ""
12831
12832
#: serverguide/C/other-apps.xml:368(para)
12833
msgid ""
12834
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12835
"screen</ulink> page."
12836
msgstr ""
12837
12838
#: serverguide/C/other-apps.xml:373(para)
12839
msgid ""
12840
"Also, see the <application>byobu</application><ulink "
12841
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12842
"information."
12843
msgstr ""
12844
12845
#: serverguide/C/network-config.xml:14(para)
12846
msgid ""
12847
"Networks consist of two or more devices, such as computer systems, printers, "
12848
"and related equipment which are connected by either physical cabling or "
12849
"wireless links for the purpose of sharing and distributing information among "
12850
"the connected devices."
12851
msgstr "网络由两个或多个设备组成,例如计算机系统、打印机,以及用物理线缆或是无线链接连接起来的相关设备,用来在其中共享和分发信息。"
12852
12853
#: serverguide/C/network-config.xml:20(para)
12854
msgid ""
12855
"This section provides general and specific information pertaining to "
12856
"networking, including an overview of network concepts and detailed "
12857
"discussion of popular network protocols."
12858
msgstr "本节提供属于联网范畴的一般和特定信息,包括网络概念的概览以及对于流行网络协议的详细讨论。"
12859
12860
#: serverguide/C/network-config.xml:27(title)
12861
msgid "Network Configuration"
12862
msgstr "网络配置"
12863
12864
#: serverguide/C/network-config.xml:28(para)
12865
msgid ""
12866
"Ubuntu ships with a number of graphical utilities to configure your network "
12867
"devices. This document is geared toward server administrators and will focus "
12868
"on managing your network on the command line."
12869
msgstr "Ubuntu 提供了许多图形化工具来配制您的网络设备。本文适用于服务器管理员并聚焦在命令行中管理您的网络。"
12870
12871
#: serverguide/C/network-config.xml:35(title)
12872
msgid "Ethernet Interfaces"
12873
msgstr ""
12874
12875
#: serverguide/C/network-config.xml:36(para)
12876
msgid ""
12877
"Ethernet interfaces are identified by the system using the naming convention "
12878
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
12879
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
12880
"interface is typically identified as <emphasis "
12881
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
12882
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
12883
"order."
12884
msgstr ""
12885
12886
#: serverguide/C/network-config.xml:46(title)
12887
msgid "Identify Ethernet Interfaces"
12888
msgstr ""
12889
12890
#: serverguide/C/network-config.xml:47(para)
12891
msgid ""
12892
"To quickly identify all available Ethernet interfaces, you can use the "
12893
"<application>ifconfig</application> command as shown below."
12894
msgstr ""
12895
12896
#: serverguide/C/network-config.xml:52(userinput)
12897
#, no-wrap
12898
msgid "ifconfig -a | grep eth"
12899
msgstr ""
12900
12901
#: serverguide/C/network-config.xml:51(screen)
12902
#, no-wrap
12903
msgid ""
12904
"\n"
12905
"<placeholder-1/>\n"
12906
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
12907
msgstr ""
12908
12909
#: serverguide/C/network-config.xml:55(para)
12910
msgid ""
12911
"Another application that can help identify all network interfaces available "
12912
"to your system is the <application>lshw</application> command. In the "
12913
"example below, <application>lshw</application> shows a single Ethernet "
12914
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
12915
"along with bus information, driver details and all supported capabilities."
12916
msgstr ""
12917
12918
#: serverguide/C/network-config.xml:62(userinput)
12919
#, no-wrap
12920
msgid "sudo lshw -class network"
12921
msgstr ""
12922
12923
#: serverguide/C/network-config.xml:61(screen)
12924
#, no-wrap
12925
msgid ""
12926
"\n"
12927
"<placeholder-1/>\n"
12928
" *-network\n"
12929
" description: Ethernet interface\n"
12930
" product: BCM4401-B0 100Base-TX\n"
12931
" vendor: Broadcom Corporation\n"
12932
" physical id: 0\n"
12933
" bus info: pci@0000:03:00.0\n"
12934
" logical name: eth0\n"
12935
" version: 02\n"
12936
" serial: 00:15:c5:4a:16:5a\n"
12937
" size: 10MB/s\n"
12938
" capacity: 100MB/s\n"
12939
" width: 32 bits\n"
12940
" clock: 33MHz\n"
12941
" capabilities: (snipped for brevity)\n"
12942
" configuration: (snipped for brevity)\n"
12943
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12944
msgstr ""
12945
12946
#: serverguide/C/network-config.xml:83(title)
12947
msgid "Ethernet Interface Logical Names"
12948
msgstr ""
12949
12950
#: serverguide/C/network-config.xml:84(para)
12951
msgid ""
12952
"Interface logical names are configured in the file "
12953
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12954
"like control which interface receives a particular logical name, find the "
12955
"line matching the interfaces physical MAC address and modify the value of "
12956
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12957
"Reboot the system to commit your changes."
12958
msgstr ""
12959
12960
#: serverguide/C/network-config.xml:92(programlisting)
12961
#, no-wrap
12962
msgid ""
12963
"\n"
12964
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12965
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12966
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12967
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12968
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12969
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12970
msgstr ""
12971
12972
#: serverguide/C/network-config.xml:99(title)
12973
msgid "Ethernet Interface Settings"
12974
msgstr ""
12975
12976
#: serverguide/C/network-config.xml:100(para)
12977
msgid ""
12978
"<application>ethtool</application> is a program that displays and changes "
12979
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12980
"and Wake-on-LAN. It is not installed by default, but is available for "
12981
"installation in the repositories."
12982
msgstr ""
12983
12984
#: serverguide/C/network-config.xml:106(userinput)
12985
#, no-wrap
12986
msgid "sudo apt-get install ethtool"
12987
msgstr ""
12988
12989
#: serverguide/C/network-config.xml:108(para)
12990
msgid ""
12991
"The following is an example of how to view supported features and configured "
12992
"settings of an Ethernet interface."
12993
msgstr ""
12994
12995
#: serverguide/C/network-config.xml:113(userinput)
12996
#, no-wrap
12997
msgid "sudo ethtool eth0"
12998
msgstr ""
12999
13000
#: serverguide/C/network-config.xml:112(screen)
13001
#, no-wrap
13002
msgid ""
13003
"\n"
13004
"<placeholder-1/>\n"
13005
"Settings for eth0:\n"
13006
" Supported ports: [ TP ]\n"
13007
" Supported link modes: 10baseT/Half 10baseT/Full \n"
13008
" 100baseT/Half 100baseT/Full \n"
13009
" 1000baseT/Half 1000baseT/Full \n"
13010
" Supports auto-negotiation: Yes\n"
13011
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
13012
" 100baseT/Half 100baseT/Full \n"
13013
" 1000baseT/Half 1000baseT/Full \n"
13014
" Advertised auto-negotiation: Yes\n"
13015
" Speed: 1000Mb/s\n"
13016
" Duplex: Full\n"
13017
" Port: Twisted Pair\n"
13018
" PHYAD: 1\n"
13019
" Transceiver: internal\n"
13020
" Auto-negotiation: on\n"
13021
" Supports Wake-on: g\n"
13022
" Wake-on: d\n"
13023
" Current message level: 0x000000ff (255)\n"
13024
" Link detected: yes\n"
13025
msgstr ""
13026
13027
#: serverguide/C/network-config.xml:135(para)
13028
msgid ""
13029
"Changes made with the <application>ethtool</application> command are "
13030
"temporary and will be lost after a reboot. If you would like to retain "
13031
"settings, simply add the desired <application>ethtool</application> command "
13032
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
13033
"configuration file <filename>/etc/network/interfaces</filename>."
13034
msgstr ""
13035
13036
#: serverguide/C/network-config.xml:141(para)
13037
msgid ""
13038
"The following is an example of how the interface identified as <emphasis "
13039
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
13040
"speed of 1000Mb/s running in full duplex mode."
13041
msgstr ""
13042
13043
#: serverguide/C/network-config.xml:145(programlisting)
13044
#, no-wrap
13045
msgid ""
13046
"\n"
13047
"auto eth0\n"
13048
"iface eth0 inet static\n"
13049
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
13050
msgstr ""
13051
13052
#: serverguide/C/network-config.xml:151(para)
13053
msgid ""
13054
"Although the example above shows the interface configured to use the "
13055
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
13056
"other methods as well, such as DHCP. The example is meant to demonstrate "
13057
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
13058
"statement in relation to the rest of the interface configuration."
13059
msgstr ""
13060
13061
#: serverguide/C/network-config.xml:163(title)
13062
msgid "IP Addressing"
13063
msgstr ""
13064
13065
#: serverguide/C/network-config.xml:164(para)
13066
msgid ""
13067
"The following section describes the process of configuring your systems IP "
13068
"address and default gateway needed for communicating on a local area network "
13069
"and the Internet."
13070
msgstr ""
13071
13072
#: serverguide/C/network-config.xml:171(title)
13073
msgid "Temporary IP Address Assignment"
13074
msgstr ""
13075
13076
#: serverguide/C/network-config.xml:172(para)
13077
msgid ""
13078
"For temporary network configurations, you can use standard commands such as "
13079
"<application>ip</application>, <application>ifconfig</application> and "
13080
"<application>route</application>, which are also found on most other "
13081
"GNU/Linux operating systems. These commands allow you to configure settings "
13082
"which take effect immediately, however they are not persistent and will be "
13083
"lost after a reboot."
13084
msgstr ""
13085
13086
#: serverguide/C/network-config.xml:180(para)
13087
msgid ""
13088
"To temporarily configure an IP address, you can use the "
13089
"<application>ifconfig</application> command in the following manner. Just "
13090
"modify the IP address and subnet mask to match your network requirements."
13091
msgstr ""
13092
13093
#: serverguide/C/network-config.xml:186(userinput)
13094
#, no-wrap
13095
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
13096
msgstr ""
13097
13098
#: serverguide/C/network-config.xml:188(para)
13099
msgid ""
13100
"To verify the IP address configuration of <application>eth0</application>, "
13101
"you can use the <application>ifconfig</application> command in the following "
13102
"manner."
13103
msgstr ""
13104
13105
#: serverguide/C/network-config.xml:193(userinput)
13106
#, no-wrap
13107
msgid "ifconfig eth0"
13108
msgstr ""
13109
13110
#: serverguide/C/network-config.xml:192(screen)
13111
#, no-wrap
13112
msgid ""
13113
"\n"
13114
"<placeholder-1/>\n"
13115
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
13116
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
13117
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
13118
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
13119
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
13120
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
13121
" collisions:0 txqueuelen:1000 \n"
13122
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
13123
" Interrupt:16 \n"
13124
msgstr ""
13125
13126
#: serverguide/C/network-config.xml:204(para)
13127
msgid ""
13128
"To configure a default gateway, you can use the "
13129
"<application>route</application> command in the following manner. Modify the "
13130
"default gateway address to match your network requirements."
13131
msgstr ""
13132
13133
#: serverguide/C/network-config.xml:210(userinput)
13134
#, no-wrap
13135
msgid "sudo route add default gw 10.0.0.1 eth0"
13136
msgstr ""
13137
13138
#: serverguide/C/network-config.xml:212(para)
13139
msgid ""
13140
"To verify your default gateway configuration, you can use the "
13141
"<application>route</application> command in the following manner."
13142
msgstr ""
13143
13144
#: serverguide/C/network-config.xml:217(userinput)
13145
#, no-wrap
13146
msgid "route -n"
13147
msgstr ""
13148
13149
#: serverguide/C/network-config.xml:216(screen)
13150
#, no-wrap
13151
msgid ""
13152
"\n"
13153
"<placeholder-1/>\n"
13154
"Kernel IP routing table\n"
13155
"Destination Gateway Genmask Flags Metric Ref Use "
13156
"Iface\n"
13157
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
13158
"eth0\n"
13159
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
13160
"eth0\n"
13161
msgstr ""
13162
13163
#: serverguide/C/network-config.xml:223(para)
13164
msgid ""
13165
"If you require DNS for your temporary network configuration, you can add DNS "
13166
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
13167
"example below shows how to enter two DNS servers to "
13168
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
13169
"appropriate for your network. A more lengthy description of DNS client "
13170
"configuration is in a following section."
13171
msgstr ""
13172
13173
#: serverguide/C/network-config.xml:230(programlisting)
13174
#, no-wrap
13175
msgid ""
13176
"\n"
13177
"nameserver 8.8.8.8\n"
13178
"nameserver 8.8.4.4\n"
13179
msgstr ""
13180
13181
#: serverguide/C/network-config.xml:234(para)
13182
msgid ""
13183
"If you no longer need this configuration and wish to purge all IP "
13184
"configuration from an interface, you can use the "
13185
"<application>ip</application> command with the flush option as shown below."
13186
msgstr ""
13187
13188
#: serverguide/C/network-config.xml:240(userinput)
13189
#, no-wrap
13190
msgid "ip addr flush eth0"
13191
msgstr ""
13192
13193
#: serverguide/C/network-config.xml:243(para)
13194
msgid ""
13195
"Flushing the IP configuration using the <application>ip</application> "
13196
"command does not clear the contents of "
13197
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
13198
"entries manually."
13199
msgstr ""
13200
13201
#: serverguide/C/network-config.xml:251(title)
13202
msgid "Dynamic IP Address Assignment (DHCP Client)"
13203
msgstr ""
13204
13205
#: serverguide/C/network-config.xml:252(para)
13206
msgid ""
13207
"To configure your server to use DHCP for dynamic address assignment, add the "
13208
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
13209
"statement for the appropriate interface in the file "
13210
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
13211
"are configuring your first Ethernet interface identified as <emphasis "
13212
"role=\"italic\">eth0</emphasis>."
13213
msgstr ""
13214
13215
#: serverguide/C/network-config.xml:259(programlisting)
13216
#, no-wrap
13217
msgid ""
13218
"\n"
13219
"auto eth0\n"
13220
"iface eth0 inet dhcp\n"
13221
msgstr ""
13222
13223
#: serverguide/C/network-config.xml:263(para)
13224
msgid ""
13225
"By adding an interface configuration as shown above, you can manually enable "
13226
"the interface through the <application>ifup</application> command which "
13227
"initiates the DHCP process via <application>dhclient</application>."
13228
msgstr ""
13229
13230
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
13231
#, no-wrap
13232
msgid "sudo ifup eth0"
13233
msgstr ""
13234
13235
#: serverguide/C/network-config.xml:271(para)
13236
msgid ""
13237
"To manually disable the interface, you can use the "
13238
"<application>ifdown</application> command, which in turn will initiate the "
13239
"DHCP release process and shut down the interface."
13240
msgstr ""
13241
13242
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
13243
#, no-wrap
13244
msgid "sudo ifdown eth0"
13245
msgstr ""
13246
13247
#: serverguide/C/network-config.xml:282(title)
13248
msgid "Static IP Address Assignment"
13249
msgstr ""
13250
13251
#: serverguide/C/network-config.xml:283(para)
13252
msgid ""
13253
"To configure your system to use a static IP address assignment, add the "
13254
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
13255
"family statement for the appropriate interface in the file "
13256
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
13257
"are configuring your first Ethernet interface identified as <emphasis "
13258
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
13259
"role=\"italic\">address</emphasis>, <emphasis "
13260
"role=\"italic\">netmask</emphasis>, and <emphasis "
13261
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
13262
"network."
13263
msgstr ""
13264
13265
#: serverguide/C/network-config.xml:292(programlisting)
13266
#, no-wrap
13267
msgid ""
13268
"\n"
13269
"auto eth0\n"
13270
"iface eth0 inet static\n"
13271
"address 10.0.0.100\n"
13272
"netmask 255.255.255.0\n"
13273
"gateway 10.0.0.1\n"
13274
msgstr ""
13275
13276
#: serverguide/C/network-config.xml:299(para)
13277
msgid ""
13278
"By adding an interface configuration as shown above, you can manually enable "
13279
"the interface through the <application>ifup</application> command."
13280
msgstr ""
13281
13282
#: serverguide/C/network-config.xml:306(para)
13283
msgid ""
13284
"To manually disable the interface, you can use the "
13285
"<application>ifdown</application> command."
13286
msgstr ""
13287
13288
#: serverguide/C/network-config.xml:316(title)
13289
msgid "Loopback Interface"
13290
msgstr ""
13291
13292
#: serverguide/C/network-config.xml:317(para)
13293
msgid ""
13294
"The loopback interface is identified by the system as <emphasis "
13295
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
13296
"can be viewed using the ifconfig command."
13297
msgstr ""
13298
13299
#: serverguide/C/network-config.xml:322(userinput)
13300
#, no-wrap
13301
msgid "ifconfig lo"
13302
msgstr ""
13303
13304
#: serverguide/C/network-config.xml:321(screen)
13305
#, no-wrap
13306
msgid ""
13307
"\n"
13308
"<placeholder-1/>\n"
13309
"lo Link encap:Local Loopback \n"
13310
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
13311
" inet6 addr: ::1/128 Scope:Host\n"
13312
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
13313
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
13314
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
13315
" collisions:0 txqueuelen:0 \n"
13316
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
13317
msgstr ""
13318
13319
#: serverguide/C/network-config.xml:332(para)
13320
msgid ""
13321
"By default, there should be two lines in "
13322
"<filename>/etc/network/interfaces</filename> responsible for automatically "
13323
"configuring your loopback interface. It is recommended that you keep the "
13324
"default settings unless you have a specific purpose for changing them. An "
13325
"example of the two default lines are shown below."
13326
msgstr ""
13327
13328
#: serverguide/C/network-config.xml:338(programlisting)
13329
#, no-wrap
13330
msgid ""
13331
"\n"
13332
"auto lo\n"
13333
"iface lo inet loopback\n"
13334
msgstr ""
13335
13336
#: serverguide/C/network-config.xml:347(title)
13337
msgid "Name Resolution"
13338
msgstr ""
13339
13340
#: serverguide/C/network-config.xml:348(para)
13341
msgid ""
13342
"Name resolution as it relates to IP networking is the process of mapping IP "
13343
"addresses to hostnames, making it easier to identify resources on a network. "
13344
"The following section will explain how to properly configure your system for "
13345
"name resolution using DNS and static hostname records."
13346
msgstr ""
13347
13348
#: serverguide/C/network-config.xml:356(title)
13349
msgid "DNS Client Configuration"
13350
msgstr ""
13351
13352
#: serverguide/C/network-config.xml:357(para)
13353
msgid ""
13354
"To configure your system to use DNS for name resolution, add the IP "
13355
"addresses of the DNS servers that are appropriate for your network in the "
13356
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
13357
"suffix search-lists to match your network domain names."
13358
msgstr ""
13359
13360
#: serverguide/C/network-config.xml:362(para)
13361
msgid ""
13362
"Below is an example of a typical configuration of "
13363
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
13364
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
13365
msgstr ""
13366
13367
#: serverguide/C/network-config.xml:367(programlisting)
13368
#, no-wrap
13369
msgid ""
13370
"\n"
13371
"search example.com\n"
13372
"nameserver 8.8.8.8\n"
13373
"nameserver 8.8.4.4\n"
13374
msgstr ""
13375
13376
#: serverguide/C/network-config.xml:372(para)
13377
msgid ""
13378
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
13379
"multiple domain names so that DNS queries will be appended in the order in "
13380
"which they are entered. For example, your network may have multiple sub-"
13381
"domains to search; a parent domain of <emphasis "
13382
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
13383
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
13384
"role=\"italic\">dev.example.com</emphasis>."
13385
msgstr ""
13386
13387
#: serverguide/C/network-config.xml:380(para)
13388
msgid ""
13389
"If you have multiple domains you wish to search, your configuration might "
13390
"look like the following."
13391
msgstr ""
13392
13393
#: serverguide/C/network-config.xml:383(programlisting)
13394
#, no-wrap
13395
msgid ""
13396
"\n"
13397
"search example.com sales.example.com dev.example.com\n"
13398
"nameserver 8.8.8.8\n"
13399
"nameserver 8.8.4.4\n"
13400
msgstr ""
13401
13402
#: serverguide/C/network-config.xml:388(para)
13403
msgid ""
13404
"If you try to ping a host with the name of <emphasis "
13405
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
13406
"for its Fully Qualified Domain Name (FQDN) in the following order:"
13407
msgstr ""
13408
13409
#: serverguide/C/network-config.xml:394(para)
13410
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
13411
msgstr ""
13412
13413
#: serverguide/C/network-config.xml:399(para)
13414
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
13415
msgstr ""
13416
13417
#: serverguide/C/network-config.xml:404(para)
13418
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
13419
msgstr ""
13420
13421
#: serverguide/C/network-config.xml:409(para)
13422
msgid ""
13423
"If no matches are found, the DNS server will provide a result of <emphasis "
13424
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
13425
msgstr ""
13426
13427
#: serverguide/C/network-config.xml:416(title)
13428
msgid "Static Hostnames"
13429
msgstr ""
13430
13431
#: serverguide/C/network-config.xml:417(para)
13432
msgid ""
13433
"Static hostnames are locally defined hostname-to-IP mappings located in the "
13434
"file <filename>/etc/hosts</filename>. Entries in the "
13435
"<filename>hosts</filename> file will have precedence over DNS by default. "
13436
"This means that if your system tries to resolve a hostname and it matches an "
13437
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
13438
"some configurations, especially when Internet access is not required, "
13439
"servers that communicate with a limited number of resources can be "
13440
"conveniently set to use static hostnames instead of DNS."
13441
msgstr ""
13442
13443
#: serverguide/C/network-config.xml:424(para)
13444
msgid ""
13445
"The following is an example of a <filename>hosts</filename> file where a "
13446
"number of local servers have been identified by simple hostnames, aliases "
13447
"and their equivalent Fully Qualified Domain Names (FQDN's)."
13448
msgstr ""
13449
13450
#: serverguide/C/network-config.xml:428(programlisting)
13451
#, no-wrap
13452
msgid ""
13453
"\n"
13454
"127.0.0.1\tlocalhost\n"
13455
"127.0.1.1\tubuntu-server\n"
13456
"10.0.0.11\tserver1 vpn server1.example.com\n"
13457
"10.0.0.12\tserver2 mail server2.example.com\n"
13458
"10.0.0.13\tserver3 www server3.example.com\n"
13459
"10.0.0.14\tserver4 file server4.example.com\n"
13460
msgstr ""
13461
13462
#: serverguide/C/network-config.xml:437(para)
13463
msgid ""
13464
"In the above example, notice that each of the servers have been given "
13465
"aliases in addition to their proper names and FQDN's. <emphasis "
13466
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
13467
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
13468
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
13469
"role=\"italic\">server3</emphasis> as <emphasis "
13470
"role=\"italic\">www</emphasis>, and <emphasis "
13471
"role=\"italic\">server4</emphasis> as <emphasis "
13472
"role=\"italic\">file</emphasis>."
13473
msgstr ""
13474
13475
#: serverguide/C/network-config.xml:449(title)
13476
msgid "Name Service Switch Configuration"
13477
msgstr ""
13478
13479
#: serverguide/C/network-config.xml:450(para)
13480
msgid ""
13481
"The order in which your system selects a method of resolving hostnames to IP "
13482
"addresses is controlled by the Name Service Switch (NSS) configuration file "
13483
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
13484
"section, typically static hostnames defined in the systems "
13485
"<filename>/etc/hosts</filename> file have precedence over names resolved "
13486
"from DNS. The following is an example of the line responsible for this order "
13487
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
13488
msgstr ""
13489
13490
#: serverguide/C/network-config.xml:458(programlisting)
13491
#, no-wrap
13492
msgid ""
13493
"\n"
13494
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
13495
msgstr ""
13496
13497
#: serverguide/C/network-config.xml:464(para)
13498
msgid ""
13499
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
13500
"hostnames located in <filename>/etc/hosts</filename>."
13501
msgstr ""
13502
13503
#: serverguide/C/network-config.xml:470(para)
13504
msgid ""
13505
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
13506
"name using Multicast DNS."
13507
msgstr ""
13508
13509
#: serverguide/C/network-config.xml:475(para)
13510
msgid ""
13511
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
13512
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
13513
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
13514
"authoritative and that the system should not try to continue hunting for an "
13515
"answer."
13516
msgstr ""
13517
13518
#: serverguide/C/network-config.xml:483(para)
13519
msgid ""
13520
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
13521
msgstr ""
13522
13523
#: serverguide/C/network-config.xml:488(para)
13524
msgid ""
13525
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
13526
msgstr ""
13527
13528
#: serverguide/C/network-config.xml:494(para)
13529
msgid ""
13530
"To modify the order of the above mentioned name resolution methods, you can "
13531
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
13532
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
13533
"versus Multicast DNS, you can change the string in "
13534
"<filename>/etc/nsswitch.conf</filename> as shown below."
13535
msgstr ""
13536
13537
#: serverguide/C/network-config.xml:501(programlisting)
13538
#, no-wrap
13539
msgid ""
13540
"\n"
13541
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
13542
msgstr ""
13543
13544
#: serverguide/C/network-config.xml:508(title)
13545
msgid "Bridging"
13546
msgstr ""
13547
13548
#: serverguide/C/network-config.xml:510(para)
13549
msgid ""
13550
"Bridging multiple interfaces is a more advanced configuration, but is very "
13551
"useful in multiple scenarios. One scenario is setting up a bridge with "
13552
"multiple network interfaces, then using a firewall to filter traffic between "
13553
"two network segments. Another scenario is using bridge on a system with one "
13554
"interface to allow virtual machines direct access to the outside network. "
13555
"The following example covers the latter scenario."
13556
msgstr ""
13557
13558
#: serverguide/C/network-config.xml:517(para)
13559
msgid ""
13560
"Before configuring a bridge you will need to install the <application>bridge-"
13561
"utils</application> package. To install the package, in a terminal enter:"
13562
msgstr ""
13563
13564
#: serverguide/C/network-config.xml:523(command)
13565
msgid "sudo apt-get install bridge-utils"
13566
msgstr ""
13567
13568
#: serverguide/C/network-config.xml:526(para)
13569
msgid ""
13570
"Next, configure the bridge by editing "
13571
"<filename>/etc/network/interfaces</filename>:"
13572
msgstr ""
13573
13574
#: serverguide/C/network-config.xml:530(programlisting)
13575
#, no-wrap
13576
msgid ""
13577
"\n"
13578
"auto lo\n"
13579
"iface lo inet loopback\n"
13580
"\n"
13581
"auto br0\n"
13582
"iface br0 inet static\n"
13583
" address 192.168.0.10\n"
13584
" network 192.168.0.0\n"
13585
" netmask 255.255.255.0\n"
13586
" broadcast 192.168.0.255\n"
13587
" gateway 192.168.0.1\n"
13588
" bridge_ports eth0\n"
13589
" bridge_fd 9\n"
13590
" bridge_hello 2\n"
13591
" bridge_maxage 12\n"
13592
" bridge_stp off\n"
13593
msgstr ""
13594
"\n"
13595
"auto lo\n"
13596
"iface lo inet loopback\n"
13597
"\n"
13598
"auto br0\n"
13599
"iface br0 inet static\n"
13600
" address 192.168.0.10\n"
13601
" network 192.168.0.0\n"
13602
" netmask 255.255.255.0\n"
13603
" broadcast 192.168.0.255\n"
13604
" gateway 192.168.0.1\n"
13605
" bridge_ports eth0\n"
13606
" bridge_fd 9\n"
13607
" bridge_hello 2\n"
13608
" bridge_maxage 12\n"
13609
" bridge_stp off\n"
13610
13611
#: serverguide/C/network-config.xml:549(para)
13612
msgid "Enter the appropriate values for your physical interface and network."
13613
msgstr "为你的物理接口和网络输入相应的值。"
13614
13615
#: serverguide/C/network-config.xml:554(para)
13616
msgid "Now restart networking to enable the bridge interface:"
13617
msgstr ""
13618
13619
#: serverguide/C/network-config.xml:561(para)
13620
msgid ""
13621
"The new bridge interface should now be up and running. The "
13622
"<application>brctl</application> provides useful information about the state "
13623
"of the bridge, controls which interfaces are part of the bridge, etc. See "
13624
"<command>man brctl</command> for more information."
13625
msgstr ""
13626
13627
#: serverguide/C/network-config.xml:577(para)
13628
msgid ""
13629
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
13630
"Network page</ulink> has links to articles covering more advanced network "
13631
"configuration."
13632
msgstr ""
13633
13634
#: serverguide/C/network-config.xml:583(para)
13635
msgid ""
13636
"The <ulink "
13637
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
13638
"\">interfaces man page</ulink> has details on more options for "
13639
"<filename>/etc/network/interfaces</filename>."
13640
msgstr ""
13641
13642
#: serverguide/C/network-config.xml:589(para)
13643
msgid ""
13644
"The <ulink "
13645
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
13646
"dhclient man page</ulink> has details on more options for configuring DHCP "
13647
"client settings."
13648
msgstr ""
13649
13650
#: serverguide/C/network-config.xml:595(para)
13651
msgid ""
13652
"For more information on DNS client configuration see the <ulink "
13653
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
13654
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
13655
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
13656
"Administrator's Guide</ulink> is a good source of resolver and name service "
13657
"configuration information."
13658
msgstr ""
13659
13660
#: serverguide/C/network-config.xml:603(para)
13661
msgid ""
13662
"For more information on <emphasis>bridging</emphasis> see the <ulink "
13663
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
13664
"tl man page</ulink> and the Linux Foundation's <ulink "
13665
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
13666
msgstr ""
13667
13668
#: serverguide/C/network-config.xml:614(title)
13669
msgid "TCP/IP"
13670
msgstr "TCP/IP"
13671
13672
#: serverguide/C/network-config.xml:615(para)
13673
msgid ""
13674
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13675
"standard set of protocols developed in the late 1970s by the Defense "
13676
"Advanced Research Projects Agency (DARPA) as a means of communication "
13677
"between different types of computers and computer networks. TCP/IP is the "
13678
"driving force of the Internet, and thus it is the most popular set of "
13679
"network protocols on Earth."
13680
msgstr ""
13681
"传输控制协议和网际协议 (TCP/IP) 是在 20世纪70年代被美国国防部高级研究规划局 "
13682
"(DARPA)作为在不同类型计算机及计算机网络之间的通信手段而被开发的一个标准协议簇。TCP/IP 是 Internet "
13683
"的驱动力,因此它是全球最流行的网络协议簇。"
13684
13685
#: serverguide/C/network-config.xml:623(title)
13686
msgid "TCP/IP Introduction"
13687
msgstr "TCP/IP 介绍"
13688
13689
#: serverguide/C/network-config.xml:624(para)
13690
msgid ""
13691
"The two protocol components of TCP/IP deal with different aspects of "
13692
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13693
"TCP/IP is a connectionless protocol which deals only with network packet "
13694
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
13695
"basic unit of networking information. The IP Datagram consists of a header "
13696
"followed by a message. The <emphasis> Transmission Control "
13697
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
13698
"establish connections which may be used to exchange data streams. TCP also "
13699
"guarantees that the data between connections is delivered and that it "
13700
"arrives at one network host in the same order as sent from another network "
13701
"host."
13702
msgstr ""
13703
13704
#: serverguide/C/network-config.xml:637(title)
13705
msgid "TCP/IP Configuration"
13706
msgstr "TCP/IP 配置"
13707
13708
#: serverguide/C/network-config.xml:638(para)
13709
msgid ""
13710
"The TCP/IP protocol configuration consists of several elements which must be "
13711
"set by editing the appropriate configuration files, or deploying solutions "
13712
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
13713
"can be configured to provide the proper TCP/IP configuration settings to "
13714
"network clients automatically. These configuration values must be set "
13715
"correctly in order to facilitate the proper network operation of your Ubuntu "
13716
"system."
13717
msgstr ""
13718
"TCP/IP 协议配置由必须设置的几个元素组成,可以通过编辑相应的配置文件或配置方案如动态主机配置协议 (DHCP) 来设置,它可以配置成提供适当的 "
13719
"TCP/IP 配置来自动设置网络客户机。这些配置值必须正确设置,以便于您的 Ubuntu 系统进行相应网络操作。"
13720
13721
#: serverguide/C/network-config.xml:650(para)
13722
msgid ""
13723
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13724
"identifying string expressed as four decimal numbers ranging from zero (0) "
13725
"to two-hundred and fifty-five (255), separated by periods, with each of the "
13726
"four numbers representing eight (8) bits of the address for a total length "
13727
"of thirty-two (32) bits for the whole address. This format is called "
13728
"<emphasis>dotted quad notation</emphasis>."
13729
msgstr ""
13730
"<emphasis role=\"bold\">IP 地址</emphasis> IP 地址是唯一标识字符串,它由四部分由点号分隔的,范围从 0 到 "
13731
"255 的十进制数组成。 每部分由8个比特表示,整个地址总长为32个比特。这种格式被称为 <emphasis>dotted quad "
13732
"notation</emphasis>。"
13733
13734
#: serverguide/C/network-config.xml:660(para)
13735
msgid ""
13736
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13737
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13738
"separate the portions of an IP address significant to the network from the "
13739
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
13740
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
13741
"three bytes of the IP address and allows the last byte of the IP address to "
13742
"remain available for specifying hosts on the subnetwork."
13743
msgstr ""
13744
"<emphasis role=\"bold\">掩码</emphasis> 子网掩码 (或简称<emphasis>掩码</emphasis>) "
13745
"是一个局部位掩码,或用指定的 <emphasis>子网掩码</emphasis> 来将IP 地址中的网络分隔出来的一组标识。举个例子,在 C "
13746
"类网络中,标准的掩码是 255.255.255.0 屏蔽了 IP 地址的前三个字节,并允许 IP 地址的最后一个字节指定子网中的主机。"
13747
13748
#: serverguide/C/network-config.xml:671(para)
13749
msgid ""
13750
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13751
"represents the bytes comprising the network portion of an IP address. For "
13752
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
13753
"network address, where twelve (12) represents the first byte of the IP "
13754
"address, (the network part) and zeroes (0) in all of the remaining three "
13755
"bytes to represent the potential host values. A network host using the "
13756
"private IP address 192.168.1.100 would in turn use a Network Address of "
13757
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
13758
"network and a zero (0) for all the possible hosts on the network."
13759
msgstr ""
13760
"<emphasis role=\"bold\">网络地址</emphasis> 网络地址表示包括IP 地址网络部分的字节。 例如, 一个 A "
13761
"类网络的主机 12.128.1.2 将使用 12.0.0.0 作为网络地址,使用 12 来表示 IP 地址的第一个字节 (网络部分), 余下的三个为 0 "
13762
"的字节表示可能的主机值的。网络主机使用象 192.168.1.100 这样的私有 IP 地址将使用 192.168.1.0 "
13763
"作为网络地址,其用前三个字节来指定 C 类 192.168.1 网络,而用一个 0 来表示网络上所有可能的主机。"
13764
13765
#: serverguide/C/network-config.xml:684(para)
13766
msgid ""
13767
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13768
"is an IP address which allows network data to be sent simultaneously to all "
13769
"hosts on a given subnetwork rather than specifying a particular host. The "
13770
"standard general broadcast address for IP networks is 255.255.255.255, but "
13771
"this broadcast address cannot be used to send a broadcast message to every "
13772
"host on the Internet because routers block it. A more appropriate broadcast "
13773
"address is set to match a specific subnetwork. For example, on the private "
13774
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
13775
"Broadcast messages are typically produced by network protocols such as the "
13776
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13777
msgstr ""
13778
"<emphasis role=\"bold\">广播地址</emphasis> "
13779
"广播地址是一个允许向给定子网中的所有主机而不是一台特定的网络主机同时发送网络数据的 IP 地址。IP 网络的标准通用广播地址是 "
13780
"255.255.255.255,但这个广播地址不能用来为 Internet "
13781
"上的每台主机发送一个广播消息,因为路由器会阻止它。更特定的广播地址被设置成匹配特定的子网。例如,在私有 C 类 IP 网 192.168.1.0 "
13782
"中,广播地址为 192.168.1.255。广播消息一般都是由网络协议产生的,如地址解析协议 (ARP) 和路由信息协议 (RIP)。"
13783
13784
#: serverguide/C/network-config.xml:697(para)
13785
msgid ""
13786
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13787
"IP address through which a particular network, or host on a network, may be "
13788
"reached. If one network host wishes to communicate with another network "
13789
"host, and that host is not located on the same network, then a "
13790
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
13791
"Address will be that of a router on the same network, which will in turn "
13792
"pass traffic on to other networks or hosts, such as Internet hosts. The "
13793
"value of the Gateway Address setting must be correct, or your system will "
13794
"not be able to reach any hosts beyond those on the same network."
13795
msgstr ""
13796
"<emphasis role=\"bold\">网关地址</emphasis> 网关地址是一个通过该地址可能会到达指定网络或网络主机的 IP "
13797
"地址。如果一台网络主机希望与另一台网络主机通讯,而该机并不在同一网络中,就必须使用 "
13798
"<emphasis>网关</emphasis>。在很多情况下,网关地址会是同一个网络中的某台路由器,其会接着将网络流量输送到其它的网络或主机,如 "
13799
"Internet 主机。网关地址设置必须正确,否则您的系统将除了在同一个网络中的主机外不能到达任何其它主机。"
13800
13801
#: serverguide/C/network-config.xml:708(para)
13802
msgid ""
13803
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13804
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13805
"resolve network hostnames into IP addresses. There are three levels of "
13806
"Nameserver Addresses, which may be specified in order of precedence: The "
13807
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
13808
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
13809
"your system to be able to resolve network hostnames into their corresponding "
13810
"IP addresses, you must specify valid Nameserver Addresses which you are "
13811
"authorized to use in your system's TCP/IP configuration. In many cases these "
13812
"addresses can and will be provided by your network service provider, but "
13813
"many free and publicly accessible nameservers are available for use, such as "
13814
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
13815
msgstr ""
13816
13817
#: serverguide/C/network-config.xml:722(para)
13818
msgid ""
13819
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
13820
"Address are typically specified via the appropriate directives in the file "
13821
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
13822
"typically specified via <emphasis>nameserver</emphasis> directives in the "
13823
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
13824
"system manual page for <filename>interfaces</filename> or "
13825
"<filename>resolv.conf</filename> respectively, with the following commands "
13826
"typed at a terminal prompt:"
13827
msgstr ""
13828
"IP 地址、掩码、网络地址、广播地址以及网关地址一般都是在文件 <filename>/etc/network/interfaces</filename> "
13829
"中通过相应的语句来指定的。名称服务器地址一般是在文件 <filename>/etc/resolv.conf</filename> 中通过 "
13830
"<emphasis>nameserver</emphasis> 语句来指定的。更多详情,请分别查阅 "
13831
"<filename>interfaces</filename> 或 <filename>resolv.conf</filename> 的系统手册页。"
13832
13833
#: serverguide/C/network-config.xml:729(para)
13834
msgid ""
13835
"Access the system manual page for <filename>interfaces</filename> with the "
13836
"following command:"
13837
msgstr "查阅 <filename>interfaces</filename> 系统手册页,可用以下命令:"
13838
13839
#: serverguide/C/network-config.xml:734(command)
13840
msgid "man interfaces"
13841
msgstr "man interfaces"
13842
13843
#: serverguide/C/network-config.xml:737(para)
13844
msgid ""
13845
"Access the system manual page for <filename>resolv.conf</filename> with the "
13846
"following command:"
13847
msgstr "查阅 <filename>resolv.conf</filename> 系统手册页,用以下命令:"
13848
13849
#: serverguide/C/network-config.xml:741(command)
13850
msgid "man resolv.conf"
13851
msgstr "man resolv.conf"
13852
13853
#: serverguide/C/network-config.xml:646(para)
13854
msgid ""
13855
"The common configuration elements of TCP/IP and their purposes are as "
13856
"follows: <placeholder-1/>"
13857
msgstr "TCP/IP 常用配置元素及其作用如下所示:<placeholder-1/>"
13858
13859
#: serverguide/C/network-config.xml:748(title)
13860
msgid "IP Routing"
13861
msgstr "IP 路由"
13862
13863
#: serverguide/C/network-config.xml:749(para)
13864
msgid ""
13865
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13866
"network along which network data may be sent. Routing uses a set of "
13867
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
13868
"packets from their source to the destination, often via many intermediary "
13869
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
13870
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
13871
"<emphasis>Dynamic Routing.</emphasis>"
13872
msgstr ""
13873
"IP 路由是在 TCP/IP 网络上为发送的网络数据指定或发现路径的一种方法。路由使用一组 <emphasis>路由表</emphasis> "
13874
"来指示网络数据包从源地址转发到目的地,经常是通过许多叫做 <emphasis>路由器</emphasis> 的网络节点做中转。IP "
13875
"路由分为两种主要形式:<emphasis>静态</emphasis> 和 <emphasis>动态路由。</emphasis>"
13876
13877
#: serverguide/C/network-config.xml:758(para)
13878
msgid ""
13879
"Static routing involves manually adding IP routes to the system's routing "
13880
"table, and this is usually done by manipulating the routing table with the "
13881
"<application>route</application> command. Static routing enjoys many "
13882
"advantages over dynamic routing, such as simplicity of implementation on "
13883
"smaller networks, predictability (the routing table is always computed in "
13884
"advance, and thus the route is precisely the same each time it is used), and "
13885
"low overhead on other routers and network links due to the lack of a dynamic "
13886
"routing protocol. However, static routing does present some disadvantages as "
13887
"well. For example, static routing is limited to small networks and does not "
13888
"scale well. Static routing also fails completely to adapt to network outages "
13889
"and failures along the route due to the fixed nature of the route."
13890
msgstr ""
13891
"静态路由牵涉到手工往系统的路由表中添加 IP 路由,这通常是通过使用 <application>route</application> "
13892
"命令操作路由表来完成的。静态路由与动态路由相比有许多优势,例如在小型网络中实现简单,可预测(路由表总是事先计算得到的,因此路由在每次使用时都是精确一致的)"
13893
",以及在连接其它的路由器和网络时由于无需动态路由协议所带来的低开销。然而,静态路由同样也存在一些缺点。例如,静态路由仅限于在小型网络中使用,没有很好的递增"
13894
"适应性。而由于其路由固定的本质,静态路由在遇到沿路由的网络失效时也会完全失效。"
13895
13896
#: serverguide/C/network-config.xml:768(para)
13897
msgid ""
13898
"Dynamic routing depends on large networks with multiple possible IP routes "
13899
"from a source to a destination and makes use of special routing protocols, "
13900
"such as the Router Information Protocol (RIP), which handle the automatic "
13901
"adjustments in routing tables that make dynamic routing possible. Dynamic "
13902
"routing has several advantages over static routing, such as superior "
13903
"scalability and the ability to adapt to failures and outages along network "
13904
"routes. Additionally, there is less manual configuration of the routing "
13905
"tables, since routers learn from one another about their existence and "
13906
"available routes. This trait also eliminates the possibility of introducing "
13907
"mistakes in the routing tables via human error. Dynamic routing is not "
13908
"perfect, however, and presents disadvantages such as heightened complexity "
13909
"and additional network overhead from router communications, which does not "
13910
"immediately benefit the end users, but still consumes network bandwidth."
13911
msgstr ""
13912
"动态路由有赖于从一个源到目的有多条 IP 路由可用的大型网络,利用特定的路由协议,如路由信息协议 "
13913
"(RIP),其可以自动调整路由表以使动态路由成为可能。动态路由相对静态路由有一些优势,如超强的可伸缩性及能适应网络路由沿线的网络中断和故障。此外,几乎无须"
13914
"手工配置路由表,因为路由器可以相互学到其他已有并且可用的路由器。这一特性也消除了由于人为错误而在路由表中引入错误的可能。然而,动态路由也并不完美,其表现出"
13915
"来的缺点如相当复杂以及由于路由器通信所带来的额外的网络开销,后者并不能使最终用户由此获益,却仍旧会消耗网络带宽。"
13916
13917
#: serverguide/C/network-config.xml:782(title)
13918
msgid "TCP and UDP"
13919
msgstr "TCP 和 UDP"
13920
13921
#: serverguide/C/network-config.xml:783(para)
13922
msgid ""
13923
"TCP is a connection-based protocol, offering error correction and guaranteed "
13924
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13925
"Flow control determines when the flow of a data stream needs to be stopped, "
13926
"and previously sent data packets should to be re-sent due to problems such "
13927
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
13928
"accurate delivery of the data. TCP is typically used in the exchange of "
13929
"important information such as database transactions."
13930
msgstr ""
13931
"TCP 是一个基于连接的协议,提供纠错并通过 <emphasis>流量控制</emphasis> "
13932
"来确保数据的送达。流量控制决定像什么时候需要停止一个数据流,以及在出现诸如 <emphasis>冲突</emphasis> "
13933
"等问题时重发先前发送的数据包,以确保完整和准确的数据传输。TCP 常用于重要信息的交换,如数据库事务。"
13934
13935
#: serverguide/C/network-config.xml:791(para)
13936
msgid ""
13937
"The User Datagram Protocol (UDP), on the other hand, is a "
13938
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13939
"transmission of important data because it lacks flow control or any other "
13940
"method to ensure reliable delivery of the data. UDP is commonly used in such "
13941
"applications as audio and video streaming, where it is considerably faster "
13942
"than TCP due to the lack of error correction and flow control, and where the "
13943
"loss of a few packets is not generally catastrophic."
13944
msgstr ""
13945
"另一方面,用户数据报协议 (UDP) 是一个 <emphasis>无连接</emphasis> "
13946
"协议,很少用于重要数据的传输,因为缺乏流量控制或其他一些确保可靠数据传输的方法。UDP 常用在如音视频流这样的应用程序,由于它缺少纠错和流控,因此相对于 "
13947
"TCP 来说更快,而且丢失少量包通常也不会造成灾难性的后果。"
13948
13949
#: serverguide/C/network-config.xml:801(title)
13950
msgid "ICMP"
13951
msgstr "ICMP"
13952
13953
#: serverguide/C/network-config.xml:802(para)
13954
msgid ""
13955
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13956
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13957
"supports network packets containing control, error, and informational "
13958
"messages. ICMP is used by such network applications as the "
13959
"<application>ping</application> utility, which can determine the "
13960
"availability of a network host or device. Examples of some error messages "
13961
"returned by ICMP which are useful to both network hosts and devices such as "
13962
"routers, include <emphasis>Destination Unreachable</emphasis> and "
13963
"<emphasis>Time Exceeded</emphasis>."
13964
msgstr ""
13965
"Internet 控制消息协议是在Request For Comments (RFC) #792 中定义的,是对网际协议 (IP) "
13966
"的一个扩充。支持的网络包包括控制、错误和信息的消息。ICMP 常被用在诸如判断一台网络主机或设备可用性的 "
13967
"<application>ping</application> 工具这样的网络应用程序。在网络主机和设备如路由器之间使用 ICMP "
13968
"所返回的错误消息示例包括 <emphasis>Destination Unreachable</emphasis> 和 <emphasis>Time "
13969
"Exceeded</emphasis>。"
13970
13971
#: serverguide/C/network-config.xml:812(title)
13972
msgid "Daemons"
13973
msgstr "守护程序"
13974
13975
#: serverguide/C/network-config.xml:813(para)
13976
msgid ""
13977
"Daemons are special system applications which typically execute continuously "
13978
"in the background and await requests for the functions they provide from "
13979
"other applications. Many daemons are network-centric; that is, a large "
13980
"number of daemons executing in the background on an Ubuntu system may "
13981
"provide network-related functionality. Some examples of such network daemons "
13982
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13983
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13984
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13985
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13986
"Daemon</emphasis> (imapd), which provides E-Mail services."
13987
msgstr ""
13988
"守护程序是特殊的系统应用程序,一般常驻在后台并等待来自其他应用程序请求其所提供的功能。许多守护程序都是面向网络的;也就是说,在 Ubuntu "
13989
"系统后台执行的许多守护程序都可以提供网络的相关功能。这些网络守护程序包括 <emphasis>超文本传输协议守护程序</emphasis> "
13990
"(httpd),用于提供web服务器功能;<emphasis>Secure SHell 守护程序</emphasis> "
13991
"(sshd),用于提供安全远程登录 shell 和文件传输功能;<emphasis>Internet Message Access Protocol "
13992
"守护程序</emphasis> (imapd),用于提供 E-Mail 服务。"
13993
13994
#: serverguide/C/network-config.xml:828(para)
13995
msgid ""
13996
"There are man pages for <ulink "
13997
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
13998
"ulink> and <ulink "
13999
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
14000
"> that contain more useful information."
14001
msgstr ""
14002
14003
#: serverguide/C/network-config.xml:834(para)
14004
msgid ""
14005
"Also, see the <ulink "
14006
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
14007
"and Technical Overview</ulink> IBM Redbook."
14008
msgstr ""
14009
14010
#: serverguide/C/network-config.xml:840(para)
14011
msgid ""
14012
"Another resource is O'Reilly's <ulink "
14013
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
14014
"Administration</ulink>."
14015
msgstr ""
14016
14017
#: serverguide/C/network-config.xml:849(title)
14018
msgid "Dynamic Host Configuration Protocol (DHCP)"
14019
msgstr "动态主机配置协议 (DHCP)"
14020
14021
#: serverguide/C/network-config.xml:850(para)
14022
msgid ""
14023
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
14024
"enables host computers to be automatically assigned settings from a server "
14025
"as opposed to manually configuring each network host. Computers configured "
14026
"to be DHCP clients have no control over the settings they receive from the "
14027
"DHCP server, and the configuration is transparent to the computer's user."
14028
msgstr ""
14029
"动态主机配置协议 (DHCP) 是一种网络服务,相对于手工为每台网络主机配置,它使网络主机可能自动被服务器指定设置。被配置成 DHCP "
14030
"客户端的计算机并不能控制其从 DHCP 服务器得到的设置,且该配置对于计算机用户来说是透明的。"
14031
14032
#: serverguide/C/network-config.xml:857(para)
14033
msgid ""
14034
"The most common settings provided by a DHCP server to DHCP clients include:"
14035
msgstr "由 DHCP 服务器提供给 DHCP 客户端最常用的设置包括:"
14036
14037
#: serverguide/C/network-config.xml:862(para)
14038
msgid "IP-Address and Netmask"
14039
msgstr "IP 地址和掩码"
14040
14041
#: serverguide/C/network-config.xml:865(para)
14042
msgid "DNS"
14043
msgstr "DNS"
14044
14045
#: serverguide/C/network-config.xml:868(para)
14046
msgid "WINS"
14047
msgstr "WINS"
14048
14049
#: serverguide/C/network-config.xml:871(para)
14050
msgid ""
14051
"However, a DHCP server can also supply configuration properties such as:"
14052
msgstr "然而,一个 DHCP 服务器也支持配置如下属性,如:"
14053
14054
#: serverguide/C/network-config.xml:876(para)
14055
msgid "Host Name"
14056
msgstr "主机名"
14057
14058
#: serverguide/C/network-config.xml:879(para)
14059
msgid "Domain Name"
14060
msgstr "域名"
14061
14062
#: serverguide/C/network-config.xml:882(para)
14063
msgid "Default Gateway"
14064
msgstr "默认网关"
14065
14066
#: serverguide/C/network-config.xml:885(para)
14067
msgid "Time Server"
14068
msgstr "时间服务器"
14069
14070
#: serverguide/C/network-config.xml:888(para)
14071
msgid "Print Server"
14072
msgstr "打印服务器"
14073
14074
#: serverguide/C/network-config.xml:891(para)
14075
msgid ""
14076
"The advantage of using DHCP is that changes to the network, for example a "
14077
"change in the address of the DNS server, need only be changed at the DHCP "
14078
"server, and all network hosts will be reconfigured the next time their DHCP "
14079
"clients poll the DHCP server. As an added advantage, it is also easier to "
14080
"integrate new computers into the network, as there is no need to check for "
14081
"the availability of an IP address. Conflicts in IP address allocation are "
14082
"also reduced."
14083
msgstr ""
14084
"使用 DHCP 的好处在于当网络发生改变如 DNS 服务器地址改变时,只需要在 DHCP 服务器中改变即可,所有网络主机将在其 DHCP "
14085
"客户端下一次轮询 DHCP 服务器时被重新配置。另一个好处就是,它在将新计算机整合到网络时也更容易,因为不需要再检查 IP 地址的有效性。同时也减少 "
14086
"IP 地址的冲突。"
14087
14088
#: serverguide/C/network-config.xml:899(para)
14089
msgid "A DHCP server can provide configuration settings using two methods:"
14090
msgstr "一个 DHCP 服务器可以用两个模式来提供配置设置"
14091
14092
#: serverguide/C/network-config.xml:904(term)
14093
msgid "MAC Address"
14094
msgstr "MAC 地址"
14095
14096
#: serverguide/C/network-config.xml:906(para)
14097
msgid ""
14098
"This method entails using DHCP to identify the unique hardware address of "
14099
"each network card connected to the network and then continually supplying a "
14100
"constant configuration each time the DHCP client makes a request to the DHCP "
14101
"server using that network device."
14102
msgstr ""
14103
"该模式需要用 DHCP 去标明连接到网上的每块网卡唯一的硬件地址,然后在 DHCP 客户端每次使用该网络设备发送给 DHCP "
14104
"服务器请求时提供给它一个固定的配置。"
14105
14106
#: serverguide/C/network-config.xml:915(term)
14107
msgid "Address Pool"
14108
msgstr "地址池"
14109
14110
#: serverguide/C/network-config.xml:917(para)
14111
msgid ""
14112
"This method entails defining a pool (sometimes also called a range or scope) "
14113
"of IP addresses from which DHCP clients are supplied their configuration "
14114
"properties dynamically and on a \"first come, first served\" basis. When a "
14115
"DHCP client is no longer on the network for a specified period, the "
14116
"configuration is expired and released back to the address pool for use by "
14117
"other DHCP Clients."
14118
msgstr ""
14119
14120
#: serverguide/C/network-config.xml:928(para)
14121
msgid ""
14122
"Ubuntu is shipped with both DHCP server and client. The server is "
14123
"<application>dhcpd</application> (dynamic host configuration protocol "
14124
"daemon). The client provided with Ubuntu is "
14125
"<application>dhclient</application> and should be installed on all computers "
14126
"required to be automatically configured. Both programs are easy to install "
14127
"and configure and will be automatically started at system boot."
14128
msgstr ""
14129
"Ubuntu 提供 DHCP 服务器及其客户端。服务器叫 <application>dhcpd</application> "
14130
"(动态主机配置协议守护程序)。Ubuntu 提供的客户端叫 "
14131
"<application>dhclient</application>,应该安装在所有自动配置的计算机上。这两个程序很容易安装和配置,并可在系统引导时自动"
14132
"启用。"
14133
14134
#: serverguide/C/network-config.xml:938(para)
14135
msgid ""
14136
"At a terminal prompt, enter the following command to install "
14137
"<application>dhcpd</application>:"
14138
msgstr "要安装 <application>dhcpd</application>,可以在终端提示符后输入以下命令:"
14139
14140
#: serverguide/C/network-config.xml:943(command)
14141
msgid "sudo apt-get install dhcp3-server"
14142
msgstr "sudo apt-get install dhcp3-server"
14143
14144
#: serverguide/C/network-config.xml:945(para)
14145
msgid ""
14146
"You will probably need to change the default configuration by editing "
14147
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
14148
msgstr "您可能需要通过编辑 /etc/dhcp3/dhcpd.conf 来改变其默认配置,以使其满足您的需要和特定配置。"
14149
14150
#: serverguide/C/network-config.xml:949(para)
14151
msgid ""
14152
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
14153
"dhcpd should listen to. By default it listens to eth0."
14154
msgstr "您还需要编辑 /etc/default/dhcp3-server 来指定 dhcpd 要监听的网络接口。其默认会监听 eth0。"
14155
14156
#: serverguide/C/network-config.xml:953(para)
14157
msgid ""
14158
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
14159
"messages."
14160
msgstr "注意:dhcpd 的消息会被发往 syslog。可以在那里寻找诊断信息。"
14161
14162
#: serverguide/C/network-config.xml:960(para)
14163
msgid ""
14164
"The error message the installation ends with might be a little confusing, "
14165
"but the following steps will help you configure the service:"
14166
msgstr "安装结束后的错误消息可能会带来小小的困惑,不过下面几步将帮助您配置服务:"
14167
14168
#: serverguide/C/network-config.xml:964(para)
14169
msgid ""
14170
"Most commonly, what you want to do is assign an IP address randomly. This "
14171
"can be done with settings as follows:"
14172
msgstr "通常,您想做的是随机指定一个 IP 地址。这可以通过以下设置来实现:"
14173
14174
#: serverguide/C/network-config.xml:968(programlisting)
14175
#, no-wrap
14176
msgid ""
14177
"\n"
14178
"# Sample /etc/dhcpd.conf\n"
14179
"# (add your comments here) \n"
14180
"default-lease-time 600;\n"
14181
"max-lease-time 7200;\n"
14182
"option subnet-mask 255.255.255.0;\n"
14183
"option broadcast-address 192.168.1.255;\n"
14184
"option routers 192.168.1.254;\n"
14185
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
14186
"option domain-name \"mydomain.example\";\n"
14187
"\n"
14188
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
14189
"range 192.168.1.10 192.168.1.100;\n"
14190
"range 192.168.1.150 192.168.1.200;\n"
14191
"} \n"
14192
msgstr ""
14193
14194
#: serverguide/C/network-config.xml:984(para)
14195
msgid ""
14196
"This will result in the DHCP server giving a client an IP address from the "
14197
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
14198
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
14199
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
14200
"server will also \"advise\" the client that it should use 255.255.255.0 as "
14201
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
14202
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
14203
msgstr ""
14204
"这将导致 DHCP 服务器从 192.168.1.10-192.168.1.100 或 192.168.1.150-192.168.1.200 "
14205
"范围中分配客户端一个 IP 地址。如果客户端没有要求一个特定的时间帧的话它将租用 600秒的 IP 地址。否则最大 (允许) 租用时间为 7200 "
14206
"秒。服务器也 \"建议\" 客户端使用 255.255.255.0 做为它的子网掩码,192.168.1.255 "
14207
"作为它的广播地址,192.168.1.254 作为路由器/网关,同时将 192.168.1.1 和 192.168.1.2 作为它的 DNS 服务器。"
14208
14209
#: serverguide/C/network-config.xml:993(para)
14210
msgid ""
14211
"If you need to specify a WINS server for your Windows clients, you will need "
14212
"to include the netbios-name-servers option, e.g."
14213
msgstr "如果您需要为您的 Windows 客户机指定一个 WINS 服务器,您需要包含 netbios-name-servers 选项,如:"
14214
14215
#: serverguide/C/network-config.xml:997(programlisting)
14216
#, no-wrap
14217
msgid ""
14218
"\n"
14219
"option netbios-name-servers 192.168.1.1; \n"
14220
msgstr ""
14221
14222
#: serverguide/C/network-config.xml:1000(para)
14223
msgid ""
14224
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
14225
"be found <ulink "
14226
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
14227
msgstr ""
14228
"Dhcpd 配置设置可以从 DHCP 快速指南中得到,该指南可以在 <ulink "
14229
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">这里</ulink> 找到。"
14230
14231
#: serverguide/C/network-config.xml:1010(para)
14232
msgid ""
14233
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
14234
"server Ubuntu Wiki</ulink> page has more information."
14235
msgstr ""
14236
14237
#: serverguide/C/network-config.xml:1015(para)
14238
msgid ""
14239
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
14240
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
14241
"\">dhcpd.conf man page</ulink>."
14242
msgstr ""
14243
14244
#: serverguide/C/network-config.xml:1021(para)
14245
msgid ""
14246
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
14247
"FAQ</ulink>"
14248
msgstr ""
14249
14250
#: serverguide/C/network-config.xml:1031(title)
14251
msgid "Time Synchronisation with NTP"
14252
msgstr "使用 NTP 进行时间同步"
14253
14254
#: serverguide/C/network-config.xml:1032(para)
14255
msgid ""
14256
"This page describes methods for keeping your computer's time accurate. This "
14257
"is useful for servers, but is not necessary (or desirable) for desktop "
14258
"machines."
14259
msgstr "本页描述了使您计算机的时间保持准确的方法。这对于服务器来说很有用,但对于桌面计算机来说则不是必需的(或可取的)。"
14260
14261
#: serverguide/C/network-config.xml:1035(para)
14262
msgid ""
14263
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
14264
"client requests the current time from a server, and uses it to set its own "
14265
"clock."
14266
msgstr "NTP 是通过网络来同步时间的一种 TCP/IP 协议。通常客户端向服务器请求当前的时间,并根据结果来设置其时钟。"
14267
14268
#: serverguide/C/network-config.xml:1038(para)
14269
msgid ""
14270
"Behind this simple description, there is a lot of complexity - there are "
14271
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
14272
"clocks (often via GPS), and tier two and three servers spreading the load of "
14273
"actually handling requests across the Internet. Also the client software is "
14274
"a lot more complex than you might think - it has to factor out communication "
14275
"delays, and adjust the time in a way that does not upset all the other "
14276
"processes that run on the server. But luckily all that complexity is hidden "
14277
"from you!"
14278
msgstr ""
14279
14280
#: serverguide/C/network-config.xml:1041(para)
14281
msgid ""
14282
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
14283
msgstr "Ubuntu 有两种方式可以自动设置您的时间:ntpdate 和 ntpd。"
14284
14285
#: serverguide/C/network-config.xml:1046(title)
14286
msgid "ntpdate"
14287
msgstr "ntpdate"
14288
14289
#: serverguide/C/network-config.xml:1047(para)
14290
msgid ""
14291
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
14292
"set up your time according to Ubuntu's NTP server. However, a server's clock "
14293
"is likely to drift considerably between reboots, so it makes sense to "
14294
"correct the time occasionally. The easiest way to do this is to get cron to "
14295
"run ntpdate every day. With your favorite editor, as root, create a file "
14296
"<code>/etc/cron.daily/ntpdate</code> containing:"
14297
msgstr ""
14298
14299
#: serverguide/C/network-config.xml:1052(screen)
14300
#, no-wrap
14301
msgid "ntpdate ntp.ubuntu.com\n"
14302
msgstr "ntpdate ntp.ubuntu.com\n"
14303
14304
#: serverguide/C/network-config.xml:1054(para)
14305
msgid ""
14306
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
14307
msgstr "<code>/etc/cron.daily/ntpdate</code> 文件还必须是可执行的。"
14308
14309
#: serverguide/C/network-config.xml:1057(screen)
14310
#, no-wrap
14311
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
14312
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
14313
14314
#: serverguide/C/network-config.xml:1061(title)
14315
msgid "ntpd"
14316
msgstr "ntpd"
14317
14318
#: serverguide/C/network-config.xml:1062(para)
14319
msgid ""
14320
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
14321
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
14322
"calculates the drift of your system clock and continuously adjusts it, so "
14323
"there are no large corrections that could lead to inconsistent logs for "
14324
"instance. The cost is a little processing power and memory, but for a modern "
14325
"server this is negligible."
14326
msgstr ""
14327
"ntpdate 有些迟钝 - 它只能一天调整一次时间,每次都是一个大改动。而 ntp 守护进程 ntpd "
14328
"就很灵巧。它会计算您系统时钟的偏差并持续不断地调整时间,这样就不至于因为调整过大而引起像日志不一致这样的问题。其代价是消耗一点处理能力和内存,但对于现代服"
14329
"务器来说这点是可以忽略的。"
14330
14331
#: serverguide/C/network-config.xml:1065(para)
14332
msgid "To set up ntpd:"
14333
msgstr "若想设置 ntpd:"
14334
14335
#: serverguide/C/network-config.xml:1066(screen)
14336
#, no-wrap
14337
msgid "sudo apt-get install ntp\n"
14338
msgstr ""
14339
14340
#: serverguide/C/network-config.xml:1071(title)
14341
msgid "Changing Time Servers"
14342
msgstr "改变时间服务器"
14343
14344
#: serverguide/C/network-config.xml:1072(para)
14345
msgid ""
14346
"In both cases above, your system will use Ubuntu's NTP server at "
14347
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
14348
"use several servers to increase accuracy and resilience, and you may want to "
14349
"use time servers that are geographically closer to you. to do this for "
14350
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
14351
msgstr ""
14352
"在上述的两种情况中,您的系统会默认使用位于 <code>ntp.ubuntu.com</code> 的 Ubuntu NTP "
14353
"服务器。这没有问题,但您可以会想使用多个服务器来增加准确性和弹性,并且使用在地理位置上更接近您的时间服务器。若要对 ntpdate 这样做,请将 "
14354
"<code>/etc/cron.daily/ntpdate</code> 的内容修改为:"
14355
14356
#: serverguide/C/network-config.xml:1079(screen)
14357
#, no-wrap
14358
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
14359
msgstr "ntpdate ntp.ubuntu.com pool.ntp.org \n"
14360
14361
#: serverguide/C/network-config.xml:1081(para)
14362
msgid ""
14363
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
14364
"lines:"
14365
msgstr "对于 ntpd,请编辑 <code>/etc/ntp.conf</code> 以加入额外的服务器:"
14366
14367
#: serverguide/C/network-config.xml:1086(screen)
14368
#, no-wrap
14369
msgid ""
14370
"server ntp.ubuntu.com\n"
14371
"server pool.ntp.org\n"
14372
msgstr ""
14373
"server ntp.ubuntu.com\n"
14374
"server pool.ntp.org\n"
14375
14376
#: serverguide/C/network-config.xml:1089(para)
14377
msgid ""
14378
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
14379
"really good idea which uses round-robin DNS to return an NTP server from a "
14380
"pool, spreading the load between several different servers. Even better, "
14381
"they have pools for different regions - for instance, if you are in New "
14382
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
14383
"<code>pool.ntp.org</code> . Look at <ulink "
14384
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
14385
"details."
14386
msgstr ""
14387
"您可能注意到了上面例子中的 <code>pool.ntp.org</code>。通过一个使用转轮法的 DNS 来从服务器池中返回一个 NTP "
14388
"服务器实在是个好主意,这样可以在不同的服务器之间平摊负载。更好的是,对于不同的区域有不同的服务器池 - 例如,假如您在新西兰的话,您就可以使用 "
14389
"<code>nz.pool.ntp.org</code> 取代 <code>pool.ntp.org</code>。参见 <ulink "
14390
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> 以获得更多信息。"
14391
14392
#: serverguide/C/network-config.xml:1100(para)
14393
msgid ""
14394
"You can also Google for NTP servers in your region, and add these to your "
14395
"configuration. To test that a server works, just type <code>sudo ntpdate "
14396
"ntp.server.name</code> and see what happens."
14397
msgstr ""
14398
"您也可以使用 Google 搜索您所在区域中的 NTP 服务器,再将其加入您的配置中。若想测试该服务器是否工作,只需键入 <code>sudo "
14399
"ntpdate ntp.server.name</code> 然后看结果。"
14400
14401
#: serverguide/C/network-config.xml:1111(para)
14402
msgid ""
14403
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
14404
"Time</ulink> wiki page for more information."
14405
msgstr ""
14406
14407
#: serverguide/C/network-config.xml:1117(ulink)
14408
msgid "NTP Support"
14409
msgstr "NTP 支持"
14410
14411
#: serverguide/C/network-config.xml:1122(ulink)
14412
msgid "The NTP FAQ and HOWTO"
14413
msgstr "NTP FAQ 和 HOWTO"
14414
14415
#: serverguide/C/network-auth.xml:13(title)
14416
msgid "Network Authentication"
14417
msgstr "网络认证"
14418
14419
#: serverguide/C/network-auth.xml:15(para)
14420
msgid "This section explains various Network Authentication protocols."
14421
msgstr "本节解释各种网络认证协议"
14422
14423
#: serverguide/C/network-auth.xml:19(title)
14424
msgid "OpenLDAP Server"
14425
msgstr "OpenLDAP 服务器"
14426
14427
#: serverguide/C/network-auth.xml:20(para)
14428
msgid ""
14429
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
14430
"simplified version of the X.500 protocol. The directory setup in this "
14431
"section will be used for authentication. Nevertheless, LDAP can be used in "
14432
"numerous ways: authentication, shared directory (for mail clients), address "
14433
"book, etc."
14434
msgstr ""
14435
14436
#: serverguide/C/network-auth.xml:28(para)
14437
msgid ""
14438
"To describe LDAP quickly, all information is stored in a tree structure. "
14439
"With <application>OpenLDAP</application> you have freedom to determine the "
14440
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
14441
"We will begin with a basic tree containing two nodes below the root:"
14442
msgstr ""
14443
14444
#: serverguide/C/network-auth.xml:37(para)
14445
msgid "\"People\" node where your users will be stored"
14446
msgstr "\"People\" 节点,将存储您的用户"
14447
14448
#: serverguide/C/network-auth.xml:40(para)
14449
msgid "\"Groups\" node where your groups will be stored"
14450
msgstr "\"Groups\" 节点,将存储您的组"
14451
14452
#: serverguide/C/network-auth.xml:44(para)
14453
msgid ""
14454
"Before beginning, you should determine what the root of your LDAP directory "
14455
"will be. By default, your tree will be determined by your Fully Qualified "
14456
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
14457
"example), your root node will be dc=example,dc=com."
14458
msgstr ""
14459
14460
#: serverguide/C/network-auth.xml:54(para)
14461
msgid ""
14462
"First, install the <application>OpenLDAP</application> server daemon "
14463
"<application>slapd</application> and <application>ldap-utils</application>, "
14464
"a package containing LDAP management utilities:"
14465
msgstr ""
14466
14467
#: serverguide/C/network-auth.xml:60(command)
14468
msgid "sudo apt-get install slapd ldap-utils"
14469
msgstr ""
14470
14471
#: serverguide/C/network-auth.xml:63(para)
14472
msgid ""
14473
"By default <application>slapd</application> is configured with minimal "
14474
"options needed to run the <application>slapd</application> daemon."
14475
msgstr ""
14476
14477
#: serverguide/C/network-auth.xml:68(para)
14478
msgid ""
14479
"The configuration example in the following sections will match the domain "
14480
"name of the server. For example, if the machine's Fully Qualified Domain "
14481
"Name (FQDN) is ldap.example.com, the default suffix will be "
14482
"<emphasis>dc=example,dc=com</emphasis>."
14483
msgstr ""
14484
14485
#: serverguide/C/network-auth.xml:76(title)
14486
msgid "Populating LDAP"
14487
msgstr "准备 LDAP"
14488
14489
#: serverguide/C/network-auth.xml:78(para)
14490
msgid ""
14491
"<application>OpenLDAP</application> uses a separate directory which contains "
14492
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
14493
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
14494
"<application>slapd</application> daemon, allowing the modification of schema "
14495
"definitions, indexes, ACLs, etc without stopping the service."
14496
msgstr ""
14497
14498
#: serverguide/C/network-auth.xml:86(para)
14499
msgid ""
14500
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
14501
"configuration and will need additional configuration options in order to "
14502
"populate the frontend directory. The frontend will be populated with a "
14503
"\"classical\" scheme that will be compatible with address book applications "
14504
"and with Unix Posix accounts. Posix accounts will allow authentication to "
14505
"various applications, such as web applications, email Mail Transfer Agent "
14506
"(MTA) applications, etc."
14507
msgstr ""
14508
14509
#: serverguide/C/network-auth.xml:95(para)
14510
msgid ""
14511
"For external applications to authenticate using LDAP they will each need to "
14512
"be specifically configured to do so. Refer to the individual application "
14513
"documentation for details."
14514
msgstr ""
14515
14516
#: serverguide/C/network-auth.xml:103(para)
14517
msgid ""
14518
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
14519
"examples to match your LDAP configuration."
14520
msgstr ""
14521
14522
#: serverguide/C/network-auth.xml:108(para)
14523
msgid ""
14524
"First, some additional schema files need to be loaded. In a terminal enter:"
14525
msgstr ""
14526
14527
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
14528
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
14529
msgstr ""
14530
14531
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
14532
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
14533
msgstr ""
14534
14535
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
14536
msgid ""
14537
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
14538
msgstr ""
14539
14540
#: serverguide/C/network-auth.xml:118(para)
14541
msgid ""
14542
"Next, copy the following example LDIF file, naming it "
14543
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
14544
msgstr ""
14545
14546
#: serverguide/C/network-auth.xml:123(programlisting)
14547
#, no-wrap
14548
msgid ""
14549
"\n"
14550
"# Load dynamic backend modules\n"
14551
"dn: cn=module,cn=config\n"
14552
"objectClass: olcModuleList\n"
14553
"cn: module\n"
14554
"olcModulepath: /usr/lib/ldap\n"
14555
"olcModuleload: back_hdb\n"
14556
"\n"
14557
"# Database settings\n"
14558
"dn: olcDatabase=hdb,cn=config\n"
14559
"objectClass: olcDatabaseConfig\n"
14560
"objectClass: olcHdbConfig\n"
14561
"olcDatabase: {1}hdb\n"
14562
"olcSuffix: dc=example,dc=com\n"
14563
"olcDbDirectory: /var/lib/ldap\n"
14564
"olcRootDN: cn=admin,dc=example,dc=com\n"
14565
"olcRootPW: secret\n"
14566
"olcDbConfig: set_cachesize 0 2097152 0\n"
14567
"olcDbConfig: set_lk_max_objects 1500\n"
14568
"olcDbConfig: set_lk_max_locks 1500\n"
14569
"olcDbConfig: set_lk_max_lockers 1500\n"
14570
"olcDbIndex: objectClass eq\n"
14571
"olcLastMod: TRUE\n"
14572
"olcDbCheckpoint: 512 30\n"
14573
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14574
"by anonymous auth by self write by * none\n"
14575
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14576
"olcAccess: to dn.base=\"\" by * read\n"
14577
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14578
"\n"
14579
msgstr ""
14580
14581
#: serverguide/C/network-auth.xml:155(para)
14582
msgid ""
14583
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
14584
msgstr ""
14585
14586
#: serverguide/C/network-auth.xml:160(para)
14587
msgid "Now add the LDIF to the directory:"
14588
msgstr ""
14589
14590
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
14591
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
14592
msgstr ""
14593
14594
#: serverguide/C/network-auth.xml:168(para)
14595
msgid ""
14596
"The frontend directory is now ready to be populated. Create a "
14597
"<filename>frontend.example.com.ldif</filename> with the following contents:"
14598
msgstr ""
14599
14600
#: serverguide/C/network-auth.xml:173(programlisting)
14601
#, no-wrap
14602
msgid ""
14603
"\n"
14604
"# Create top-level object in domain\n"
14605
"dn: dc=example,dc=com\n"
14606
"objectClass: top\n"
14607
"objectClass: dcObject\n"
14608
"objectclass: organization\n"
14609
"o: Example Organization\n"
14610
"dc: Example\n"
14611
"description: LDAP Example \n"
14612
"\n"
14613
"# Admin user.\n"
14614
"dn: cn=admin,dc=example,dc=com\n"
14615
"objectClass: simpleSecurityObject\n"
14616
"objectClass: organizationalRole\n"
14617
"cn: admin\n"
14618
"description: LDAP administrator\n"
14619
"userPassword: secret\n"
14620
"\n"
14621
"dn: ou=people,dc=example,dc=com\n"
14622
"objectClass: organizationalUnit\n"
14623
"ou: people\n"
14624
"\n"
14625
"dn: ou=groups,dc=example,dc=com\n"
14626
"objectClass: organizationalUnit\n"
14627
"ou: groups\n"
14628
"\n"
14629
"dn: uid=john,ou=people,dc=example,dc=com\n"
14630
"objectClass: inetOrgPerson\n"
14631
"objectClass: posixAccount\n"
14632
"objectClass: shadowAccount\n"
14633
"uid: john\n"
14634
"sn: Doe\n"
14635
"givenName: John\n"
14636
"cn: John Doe\n"
14637
"displayName: John Doe\n"
14638
"uidNumber: 1000\n"
14639
"gidNumber: 10000\n"
14640
"userPassword: password\n"
14641
"gecos: John Doe\n"
14642
"loginShell: /bin/bash\n"
14643
"homeDirectory: /home/john\n"
14644
"shadowExpire: -1\n"
14645
"shadowFlag: 0\n"
14646
"shadowWarning: 7\n"
14647
"shadowMin: 8\n"
14648
"shadowMax: 999999\n"
14649
"shadowLastChange: 10877\n"
14650
"mail: john.doe@example.com\n"
14651
"postalCode: 31000\n"
14652
"l: Toulouse\n"
14653
"o: Example\n"
14654
"mobile: +33 (0)6 xx xx xx xx\n"
14655
"homePhone: +33 (0)5 xx xx xx xx\n"
14656
"title: System Administrator\n"
14657
"postalAddress: \n"
14658
"initials: JD\n"
14659
"\n"
14660
"dn: cn=example,ou=groups,dc=example,dc=com\n"
14661
"objectClass: posixGroup\n"
14662
"cn: example\n"
14663
"gidNumber: 10000\n"
14664
msgstr ""
14665
14666
#: serverguide/C/network-auth.xml:236(para)
14667
msgid ""
14668
"In this example the directory structure, a user, and a group have been "
14669
"setup. In other examples you might see the <emphasis>objectClass: "
14670
"top</emphasis> added in every entry, but that is the default behaviour so "
14671
"you do not have to add it explicitly."
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:243(para)
14675
msgid "Add the entries to the LDAP directory:"
14676
msgstr ""
14677
14678
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
14679
msgid ""
14680
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
14681
msgstr ""
14682
14683
#: serverguide/C/network-auth.xml:252(para)
14684
msgid ""
14685
"We can check that the content has been correctly added with the "
14686
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
14687
"directory:"
14688
msgstr ""
14689
14690
#: serverguide/C/network-auth.xml:258(command)
14691
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
14692
msgstr ""
14693
14694
#: serverguide/C/network-auth.xml:259(computeroutput)
14695
#, no-wrap
14696
msgid ""
14697
"\n"
14698
"dn: uid=john,ou=people,dc=example,dc=com\n"
14699
"cn: John Doe\n"
14700
"sn: Doe\n"
14701
"givenName: John\n"
14702
msgstr ""
14703
14704
#: serverguide/C/network-auth.xml:267(para)
14705
msgid "Just a quick explanation:"
14706
msgstr ""
14707
14708
#: serverguide/C/network-auth.xml:273(para)
14709
msgid ""
14710
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
14711
"the default."
14712
msgstr ""
14713
14714
#: serverguide/C/network-auth.xml:279(para)
14715
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
14716
msgstr ""
14717
14718
#: serverguide/C/network-auth.xml:287(title)
14719
msgid "Further Configuration"
14720
msgstr ""
14721
14722
#: serverguide/C/network-auth.xml:290(para)
14723
msgid ""
14724
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
14725
"utilities in the <application>ldap-utils</application> package. For example:"
14726
msgstr ""
14727
14728
#: serverguide/C/network-auth.xml:298(para)
14729
msgid ""
14730
"Use <application>ldapsearch</application> to view the tree, entering the "
14731
"admin password set during installation or reconfiguration:"
14732
msgstr ""
14733
14734
#: serverguide/C/network-auth.xml:304(command)
14735
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
14736
msgstr ""
14737
14738
#: serverguide/C/network-auth.xml:308(computeroutput)
14739
#, no-wrap
14740
msgid ""
14741
"\n"
14742
"SASL/EXTERNAL authentication started\n"
14743
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14744
"SASL SSF: 0\n"
14745
"dn: cn=config\n"
14746
"\n"
14747
"dn: cn=module{0},cn=config\n"
14748
"\n"
14749
"dn: cn=schema,cn=config\n"
14750
"\n"
14751
"dn: cn={0}core,cn=schema,cn=config\n"
14752
"\n"
14753
"dn: cn={1}cosine,cn=schema,cn=config\n"
14754
"\n"
14755
"dn: cn={2}nis,cn=schema,cn=config\n"
14756
"\n"
14757
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14758
"\n"
14759
"dn: olcDatabase={-1}frontend,cn=config\n"
14760
"\n"
14761
"dn: olcDatabase={0}config,cn=config\n"
14762
"\n"
14763
"dn: olcDatabase={1}hdb,cn=config\n"
14764
msgstr ""
14765
14766
#: serverguide/C/network-auth.xml:334(para)
14767
msgid ""
14768
"The output above is the current configuration options for the "
14769
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
14770
msgstr ""
14771
14772
#: serverguide/C/network-auth.xml:342(para)
14773
msgid ""
14774
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
14775
"another attribute to the index list using "
14776
"<application>ldapmodify</application>:"
14777
msgstr ""
14778
14779
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
14780
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
14781
msgstr ""
14782
14783
#: serverguide/C/network-auth.xml:356(userinput)
14784
#, no-wrap
14785
msgid ""
14786
"dn: olcDatabase={1}hdb,cn=config\n"
14787
"add: olcDbIndex\n"
14788
"olcDbIndex: uidNumber eq"
14789
msgstr ""
14790
14791
#: serverguide/C/network-auth.xml:352(computeroutput)
14792
#, no-wrap
14793
msgid ""
14794
"\n"
14795
"SASL/EXTERNAL authentication started\n"
14796
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14797
"SASL SSF: 0\n"
14798
"<placeholder-1/>\n"
14799
"\n"
14800
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14801
msgstr ""
14802
14803
#: serverguide/C/network-auth.xml:364(para)
14804
msgid ""
14805
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
14806
"exit the utility."
14807
msgstr ""
14808
14809
#: serverguide/C/network-auth.xml:371(para)
14810
msgid ""
14811
"<application>ldapmodify</application> can also read the changes from a file. "
14812
"Copy and paste the following into a file named "
14813
"<filename>uid_index.ldif</filename>:"
14814
msgstr ""
14815
14816
#: serverguide/C/network-auth.xml:376(programlisting)
14817
#, no-wrap
14818
msgid ""
14819
"\n"
14820
"dn: olcDatabase={1}hdb,cn=config\n"
14821
"add: olcDbIndex\n"
14822
"olcDbIndex: uid eq,pres,sub\n"
14823
msgstr ""
14824
14825
#: serverguide/C/network-auth.xml:382(para)
14826
msgid "Then execute <application>ldapmodify</application>:"
14827
msgstr ""
14828
14829
#: serverguide/C/network-auth.xml:387(command)
14830
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14831
msgstr ""
14832
14833
#: serverguide/C/network-auth.xml:391(computeroutput)
14834
#, no-wrap
14835
msgid ""
14836
"\n"
14837
"SASL/EXTERNAL authentication started\n"
14838
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14839
"SASL SSF: 0\n"
14840
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14841
msgstr ""
14842
14843
#: serverguide/C/network-auth.xml:399(para)
14844
msgid "The file method is very useful for large changes."
14845
msgstr ""
14846
14847
#: serverguide/C/network-auth.xml:406(para)
14848
msgid ""
14849
"Adding additional <emphasis>schemas</emphasis> to "
14850
"<application>slapd</application> requires the schema to be converted to LDIF "
14851
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
14852
"directory contains some schema files already converted to LDIF format as "
14853
"demonstrated in the previous section. Fortunately, the "
14854
"<application>slapd</application> program can be used to automate the "
14855
"conversion. The following example will add the "
14856
"<emphasis>dyngroup.schema</emphasis>:"
14857
msgstr ""
14858
14859
#: serverguide/C/network-auth.xml:416(para)
14860
msgid ""
14861
"First, create a conversion <filename>schema_convert.conf</filename> file "
14862
"containing the following lines:"
14863
msgstr ""
14864
14865
#: serverguide/C/network-auth.xml:421(programlisting)
14866
#, no-wrap
14867
msgid ""
14868
"\n"
14869
"include /etc/ldap/schema/core.schema\n"
14870
"include /etc/ldap/schema/collective.schema\n"
14871
"include /etc/ldap/schema/corba.schema\n"
14872
"include /etc/ldap/schema/cosine.schema\n"
14873
"include /etc/ldap/schema/duaconf.schema\n"
14874
"include /etc/ldap/schema/dyngroup.schema\n"
14875
"include /etc/ldap/schema/inetorgperson.schema\n"
14876
"include /etc/ldap/schema/java.schema\n"
14877
"include /etc/ldap/schema/misc.schema\n"
14878
"include /etc/ldap/schema/nis.schema\n"
14879
"include /etc/ldap/schema/openldap.schema\n"
14880
"include /etc/ldap/schema/ppolicy.schema\n"
14881
msgstr ""
14882
14883
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
14884
msgid "Next, create a temporary directory to hold the output:"
14885
msgstr ""
14886
14887
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
14888
msgid "mkdir /tmp/ldif_output"
14889
msgstr ""
14890
14891
#: serverguide/C/network-auth.xml:450(para)
14892
msgid ""
14893
"Now using <application>slapcat</application> convert the schema files to "
14894
"LDIF:"
14895
msgstr ""
14896
14897
#: serverguide/C/network-auth.xml:455(command)
14898
msgid ""
14899
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14900
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
14901
msgstr ""
14902
14903
#: serverguide/C/network-auth.xml:458(para)
14904
msgid ""
14905
"Adjust the configuration file name and temporary directory names if yours "
14906
"are different. Also, it may be worthwhile to keep the "
14907
"<filename>ldif_output</filename> directory around in case you want to add "
14908
"additional schemas in the future."
14909
msgstr ""
14910
14911
#: serverguide/C/network-auth.xml:467(para)
14912
msgid ""
14913
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
14914
"following attributes:"
14915
msgstr ""
14916
14917
#: serverguide/C/network-auth.xml:471(programlisting)
14918
#, no-wrap
14919
msgid ""
14920
"\n"
14921
"dn: cn=dyngroup,cn=schema,cn=config\n"
14922
"...\n"
14923
"cn: dyngroup\n"
14924
msgstr ""
14925
14926
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
14927
msgid "And remove the following lines from the bottom of the file:"
14928
msgstr ""
14929
14930
#: serverguide/C/network-auth.xml:481(programlisting)
14931
#, no-wrap
14932
msgid ""
14933
"\n"
14934
"structuralObjectClass: olcSchemaConfig\n"
14935
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
14936
"creatorsName: cn=config\n"
14937
"createTimestamp: 20080826021140Z\n"
14938
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
14939
"modifiersName: cn=config\n"
14940
"modifyTimestamp: 20080826021140Z\n"
14941
msgstr ""
14942
14943
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
14944
msgid ""
14945
"The attribute values will vary, just be sure the attributes are removed."
14946
msgstr ""
14947
14948
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
14949
msgid ""
14950
"Finally, using the <application>ldapadd</application> utility, add the new "
14951
"schema to the directory:"
14952
msgstr ""
14953
14954
#: serverguide/C/network-auth.xml:506(command)
14955
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
14956
msgstr ""
14957
14958
#: serverguide/C/network-auth.xml:512(para)
14959
msgid ""
14960
"There should now be a <emphasis>dn: "
14961
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:522(title)
14965
msgid "LDAP Replication"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:524(para)
14969
msgid ""
14970
"LDAP often quickly becomes a highly critical service to the network. "
14971
"Multiple systems will come to depend on LDAP for authentication, "
14972
"authorization, configuration, etc. It is a good idea to setup a redundant "
14973
"system through replication."
14974
msgstr ""
14975
14976
#: serverguide/C/network-auth.xml:530(para)
14977
msgid ""
14978
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
14979
"Syncrepl allows the changes to be synced using a "
14980
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
14981
"provider sends directory changes to consumers."
14982
msgstr ""
14983
14984
#: serverguide/C/network-auth.xml:537(title)
14985
msgid "Provider Configuration"
14986
msgstr ""
14987
14988
#: serverguide/C/network-auth.xml:539(para)
14989
msgid ""
14990
"The following is an example of a <emphasis>Single-Master</emphasis> "
14991
"configuration. In this configuration one OpenLDAP server is configured as a "
14992
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
14993
msgstr ""
14994
14995
#: serverguide/C/network-auth.xml:547(para)
14996
msgid ""
14997
"First, configure the provider server. Copy the following to a file named "
14998
"<filename>provider_sync.ldif</filename>:"
14999
msgstr ""
15000
15001
#: serverguide/C/network-auth.xml:552(programlisting)
15002
#, no-wrap
15003
msgid ""
15004
"\n"
15005
"# Add indexes to the frontend db.\n"
15006
"dn: olcDatabase={1}hdb,cn=config\n"
15007
"changetype: modify\n"
15008
"add: olcDbIndex\n"
15009
"olcDbIndex: entryCSN eq\n"
15010
"-\n"
15011
"add: olcDbIndex\n"
15012
"olcDbIndex: entryUUID eq\n"
15013
"\n"
15014
"#Load the syncprov and accesslog modules.\n"
15015
"dn: cn=module{0},cn=config\n"
15016
"changetype: modify\n"
15017
"add: olcModuleLoad\n"
15018
"olcModuleLoad: syncprov\n"
15019
"-\n"
15020
"add: olcModuleLoad\n"
15021
"olcModuleLoad: accesslog\n"
15022
"\n"
15023
"# Accesslog database definitions\n"
15024
"dn: olcDatabase={2}hdb,cn=config\n"
15025
"objectClass: olcDatabaseConfig\n"
15026
"objectClass: olcHdbConfig\n"
15027
"olcDatabase: {2}hdb\n"
15028
"olcDbDirectory: /var/lib/ldap/accesslog\n"
15029
"olcSuffix: cn=accesslog\n"
15030
"olcRootDN: cn=admin,dc=example,dc=com\n"
15031
"olcDbIndex: default eq\n"
15032
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
15033
"\n"
15034
"# Accesslog db syncprov.\n"
15035
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
15036
"changetype: add\n"
15037
"objectClass: olcOverlayConfig\n"
15038
"objectClass: olcSyncProvConfig\n"
15039
"olcOverlay: syncprov\n"
15040
"olcSpNoPresent: TRUE\n"
15041
"olcSpReloadHint: TRUE\n"
15042
"\n"
15043
"# syncrepl Provider for primary db\n"
15044
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
15045
"changetype: add\n"
15046
"objectClass: olcOverlayConfig\n"
15047
"objectClass: olcSyncProvConfig\n"
15048
"olcOverlay: syncprov\n"
15049
"olcSpNoPresent: TRUE\n"
15050
"\n"
15051
"# accesslog overlay definitions for primary db\n"
15052
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
15053
"objectClass: olcOverlayConfig\n"
15054
"objectClass: olcAccessLogConfig\n"
15055
"olcOverlay: accesslog\n"
15056
"olcAccessLogDB: cn=accesslog\n"
15057
"olcAccessLogOps: writes\n"
15058
"olcAccessLogSuccess: TRUE\n"
15059
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
15060
"olcAccessLogPurge: 07+00:00 01+00:00\n"
15061
msgstr ""
15062
15063
#: serverguide/C/network-auth.xml:614(para)
15064
msgid ""
15065
"The <application>AppArmor</application> profile for "
15066
"<application>slapd</application> will need to be adjusted for the accesslog "
15067
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
15068
"adding:"
15069
msgstr ""
15070
15071
#: serverguide/C/network-auth.xml:619(programlisting)
15072
#, no-wrap
15073
msgid ""
15074
"\n"
15075
" /var/lib/ldap/accesslog/ r,\n"
15076
" /var/lib/ldap/accesslog/** rwk,\n"
15077
msgstr ""
15078
15079
#: serverguide/C/network-auth.xml:624(para)
15080
msgid ""
15081
"Then create the directory, reload the <application>apparmor</application> "
15082
"profile, and copy the <filename>DB_CONFIG</filename> file:"
15083
msgstr ""
15084
15085
#: serverguide/C/network-auth.xml:630(command)
15086
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
15087
msgstr ""
15088
15089
#: serverguide/C/network-auth.xml:631(command)
15090
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
15091
msgstr ""
15092
15093
#: serverguide/C/network-auth.xml:636(para)
15094
msgid ""
15095
"Using the <emphasis>-u openldap</emphasis> option with the "
15096
"<application>sudo</application> commands above removes the need to adjust "
15097
"permissions for the new directory later."
15098
msgstr ""
15099
15100
#: serverguide/C/network-auth.xml:645(para)
15101
msgid ""
15102
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
15103
"directory:"
15104
msgstr ""
15105
15106
#: serverguide/C/network-auth.xml:649(programlisting)
15107
#, no-wrap
15108
msgid ""
15109
"\n"
15110
"olcRootDN: cn=admin,dc=example,dc=com\n"
15111
msgstr ""
15112
15113
#: serverguide/C/network-auth.xml:657(para)
15114
msgid ""
15115
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
15116
msgstr ""
15117
15118
#: serverguide/C/network-auth.xml:662(command)
15119
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
15120
msgstr ""
15121
15122
#: serverguide/C/network-auth.xml:669(para)
15123
msgid "Restart <application>slapd</application>:"
15124
msgstr ""
15125
15126
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
15127
msgid "sudo /etc/init.d/slapd restart"
15128
msgstr ""
15129
15130
#: serverguide/C/network-auth.xml:680(para)
15131
msgid ""
15132
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
15133
"to configure a <emphasis>Consumer</emphasis> server."
15134
msgstr ""
15135
15136
#: serverguide/C/network-auth.xml:687(title)
15137
msgid "Consumer Configuration"
15138
msgstr ""
15139
15140
#: serverguide/C/network-auth.xml:692(para)
15141
msgid ""
15142
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
15143
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
15144
"configuration steps."
15145
msgstr ""
15146
15147
#: serverguide/C/network-auth.xml:697(para)
15148
msgid "Add the additional schema files:"
15149
msgstr ""
15150
15151
#: serverguide/C/network-auth.xml:707(para)
15152
msgid ""
15153
"Also, create, or copy from the provider server, the "
15154
"<filename>backend.example.com.ldif</filename>"
15155
msgstr ""
15156
15157
#: serverguide/C/network-auth.xml:711(programlisting)
15158
#, no-wrap
15159
msgid ""
15160
"\n"
15161
"# Load dynamic backend modules\n"
15162
"dn: cn=module,cn=config\n"
15163
"objectClass: olcModuleList\n"
15164
"cn: module\n"
15165
"olcModulepath: /usr/lib/ldap\n"
15166
"olcModuleload: back_hdb\n"
15167
"\n"
15168
"# Database settings\n"
15169
"dn: olcDatabase=hdb,cn=config\n"
15170
"objectClass: olcDatabaseConfig\n"
15171
"objectClass: olcHdbConfig\n"
15172
"olcDatabase: {1}hdb\n"
15173
"olcSuffix: dc=example,dc=com\n"
15174
"olcDbDirectory: /var/lib/ldap\n"
15175
"olcRootDN: cn=admin,dc=example,dc=com\n"
15176
"olcRootPW: secret\n"
15177
"olcDbConfig: set_cachesize 0 2097152 0\n"
15178
"olcDbConfig: set_lk_max_objects 1500\n"
15179
"olcDbConfig: set_lk_max_locks 1500\n"
15180
"olcDbConfig: set_lk_max_lockers 1500\n"
15181
"olcDbIndex: objectClass eq\n"
15182
"olcLastMod: TRUE\n"
15183
"olcDbCheckpoint: 512 30\n"
15184
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
15185
"by anonymous auth by self write by * none\n"
15186
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
15187
"olcAccess: to dn.base=\"\" by * read\n"
15188
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
15189
msgstr ""
15190
15191
#: serverguide/C/network-auth.xml:741(para)
15192
msgid "And add the LDIF by entering:"
15193
msgstr ""
15194
15195
#: serverguide/C/network-auth.xml:752(para)
15196
msgid ""
15197
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
15198
"listed above, and add it:"
15199
msgstr ""
15200
15201
#: serverguide/C/network-auth.xml:760(para)
15202
msgid ""
15203
"The two severs should now have the same configuration except for the "
15204
"<emphasis>Syncrepl</emphasis> options."
15205
msgstr ""
15206
15207
#: serverguide/C/network-auth.xml:768(para)
15208
msgid ""
15209
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
15210
msgstr ""
15211
15212
#: serverguide/C/network-auth.xml:772(programlisting)
15213
#, no-wrap
15214
msgid ""
15215
"\n"
15216
"#Load the syncprov module.\n"
15217
"dn: cn=module{0},cn=config\n"
15218
"changetype: modify\n"
15219
"add: olcModuleLoad\n"
15220
"olcModuleLoad: syncprov\n"
15221
"\n"
15222
"# syncrepl specific indices\n"
15223
"dn: olcDatabase={1}hdb,cn=config\n"
15224
"changetype: modify\n"
15225
"add: olcDbIndex\n"
15226
"olcDbIndex: entryUUID eq\n"
15227
"-\n"
15228
"add: olcSyncRepl\n"
15229
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15230
"binddn=\"cn=admin,dc=example,dc=com\" \n"
15231
" credentials=secret searchbase=\"dc=example,dc=com\" "
15232
"logbase=\"cn=accesslog\" \n"
15233
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
15234
"schemachecking=on \n"
15235
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
15236
"-\n"
15237
"add: olcUpdateRef\n"
15238
"olcUpdateRef: ldap://ldap01.example.com\n"
15239
msgstr ""
15240
15241
#: serverguide/C/network-auth.xml:795(para)
15242
msgid "You will probably want to change the following attributes:"
15243
msgstr ""
15244
15245
#: serverguide/C/network-auth.xml:800(para)
15246
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
15247
msgstr ""
15248
15249
#: serverguide/C/network-auth.xml:801(emphasis)
15250
msgid "binddn"
15251
msgstr ""
15252
15253
#: serverguide/C/network-auth.xml:802(emphasis)
15254
msgid "credentials"
15255
msgstr ""
15256
15257
#: serverguide/C/network-auth.xml:803(emphasis)
15258
msgid "searchbase"
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:804(emphasis)
15262
msgid "olcUpdateRef:"
15263
msgstr ""
15264
15265
#: serverguide/C/network-auth.xml:810(para)
15266
msgid "Add the LDIF file to the configuration tree:"
15267
msgstr ""
15268
15269
#: serverguide/C/network-auth.xml:815(command)
15270
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
15271
msgstr ""
15272
15273
#: serverguide/C/network-auth.xml:821(para)
15274
msgid ""
15275
"The frontend database should now sync between servers. You can add "
15276
"additional servers using the steps above as the need arises."
15277
msgstr ""
15278
15279
#: serverguide/C/network-auth.xml:831(programlisting)
15280
#, no-wrap
15281
msgid "127.0.0.1\tldap01.example.com ldap01"
15282
msgstr ""
15283
15284
#: serverguide/C/network-auth.xml:827(para)
15285
msgid ""
15286
"The <application>slapd</application> daemon will send log information to "
15287
"<filename>/var/log/syslog</filename> by default. So if all does "
15288
"<emphasis>not</emphasis> go well check there for errors and other "
15289
"troubleshooting information. Also, be sure that each server knows it's Fully "
15290
"Qualified Domain Name (FQDN). This is configured in "
15291
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
15292
msgstr ""
15293
15294
#: serverguide/C/network-auth.xml:839(title)
15295
msgid "Setting up ACL"
15296
msgstr "设置 ACL"
15297
15298
#: serverguide/C/network-auth.xml:841(para)
15299
msgid ""
15300
"Authentication requires access to the password field, that should be not "
15301
"accessible by default. Also, in order for users to change their own "
15302
"password, using <command>passwd</command> or other utilities, "
15303
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
15304
"authenticated."
15305
msgstr ""
15306
15307
#: serverguide/C/network-auth.xml:848(para)
15308
msgid ""
15309
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
15310
"tree, use the <application>ldapsearch</application> utility:"
15311
msgstr ""
15312
15313
#: serverguide/C/network-auth.xml:854(command)
15314
msgid ""
15315
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
15316
"olcDatabase=config olcAccess"
15317
msgstr ""
15318
15319
#: serverguide/C/network-auth.xml:858(computeroutput)
15320
#, no-wrap
15321
msgid ""
15322
"SASL/EXTERNAL authentication started\n"
15323
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15324
"SASL SSF: 0\n"
15325
"dn: olcDatabase={0}config,cn=config\n"
15326
"olcAccess: {0}to * by "
15327
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
15328
" ,cn=auth manage by * break\n"
15329
msgstr ""
15330
15331
#: serverguide/C/network-auth.xml:867(para)
15332
msgid "To see the ACL for the frontend tree enter:"
15333
msgstr ""
15334
15335
#: serverguide/C/network-auth.xml:872(command)
15336
msgid ""
15337
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
15338
"olcDatabase={1}hdb olcAccess"
15339
msgstr ""
15340
15341
#: serverguide/C/network-auth.xml:878(title)
15342
msgid "TLS and SSL"
15343
msgstr ""
15344
15345
#: serverguide/C/network-auth.xml:880(para)
15346
msgid ""
15347
"When authenticating to an OpenLDAP server it is best to do so using an "
15348
"encrypted session. This can be accomplished using Transport Layer Security "
15349
"(TLS) and/or Secure Sockets Layer (SSL)."
15350
msgstr ""
15351
15352
#: serverguide/C/network-auth.xml:885(para)
15353
msgid ""
15354
"The first step in the process is to obtain or create a "
15355
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
15356
"is compiled using the <application>gnutls</application> library, the "
15357
"<application>certtool</application> utility will be used to create "
15358
"certificates."
15359
msgstr ""
15360
15361
#: serverguide/C/network-auth.xml:894(para)
15362
msgid ""
15363
"First, install <application>gnutls-bin</application> by entering the "
15364
"following in a terminal:"
15365
msgstr ""
15366
15367
#: serverguide/C/network-auth.xml:899(command)
15368
msgid "sudo apt-get install gnutls-bin"
15369
msgstr ""
15370
15371
#: serverguide/C/network-auth.xml:905(para)
15372
msgid ""
15373
"Next, create a private key for the <emphasis>Certificate "
15374
"Authority</emphasis> (CA):"
15375
msgstr ""
15376
15377
#: serverguide/C/network-auth.xml:910(command)
15378
msgid ""
15379
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
15380
msgstr ""
15381
15382
#: serverguide/C/network-auth.xml:916(para)
15383
msgid ""
15384
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
15385
"CA certificate containing:"
15386
msgstr ""
15387
15388
#: serverguide/C/network-auth.xml:920(programlisting)
15389
#, no-wrap
15390
msgid ""
15391
"\n"
15392
"cn = Example Company\n"
15393
"ca\n"
15394
"cert_signing_key\n"
15395
msgstr ""
15396
15397
#: serverguide/C/network-auth.xml:929(para)
15398
msgid "Now create the self-signed CA certificate:"
15399
msgstr ""
15400
15401
#: serverguide/C/network-auth.xml:934(command)
15402
msgid ""
15403
"sudo certtool --generate-self-signed --load-privkey "
15404
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
15405
"/etc/ssl/certs/cacert.pem"
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:941(para)
15409
msgid "Make a private key for the server:"
15410
msgstr ""
15411
15412
#: serverguide/C/network-auth.xml:946(command)
15413
msgid ""
15414
"sudo sh -c \"certtool --generate-privkey > "
15415
"/etc/ssl/private/ldap01_slapd_key.pem\""
15416
msgstr ""
15417
15418
#: serverguide/C/network-auth.xml:950(para)
15419
msgid ""
15420
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15421
"hostname. Naming the certificate and key for the host and service that will "
15422
"be using them will help keep filenames and paths straight."
15423
msgstr ""
15424
15425
#: serverguide/C/network-auth.xml:959(para)
15426
msgid ""
15427
"To sign the server's certificate with the CA, create the "
15428
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
15429
msgstr ""
15430
15431
#: serverguide/C/network-auth.xml:963(programlisting)
15432
#, no-wrap
15433
msgid ""
15434
"\n"
15435
"organization = Example Company\n"
15436
"cn = ldap01.example.com\n"
15437
"tls_www_server\n"
15438
"encryption_key\n"
15439
"signing_key\n"
15440
msgstr ""
15441
15442
#: serverguide/C/network-auth.xml:974(para)
15443
msgid "Create the server's certificate:"
15444
msgstr ""
15445
15446
#: serverguide/C/network-auth.xml:979(command)
15447
msgid ""
15448
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
15449
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
15450
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
15451
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
15452
msgstr ""
15453
15454
#: serverguide/C/network-auth.xml:987(para)
15455
msgid ""
15456
"Once you have a certificate, key, and CA cert installed, use "
15457
"<application>ldapmodify</application> to add the new configuration options:"
15458
msgstr ""
15459
15460
#: serverguide/C/network-auth.xml:998(userinput)
15461
#, no-wrap
15462
msgid ""
15463
"dn: cn=config\n"
15464
"add: olcTLSCACertificateFile\n"
15465
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
15466
"-\n"
15467
"add: olcTLSCertificateFile\n"
15468
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
15469
"-\n"
15470
"add: olcTLSCertificateKeyFile\n"
15471
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
15472
msgstr ""
15473
15474
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
15475
#, no-wrap
15476
msgid ""
15477
"Enter LDAP Password:\n"
15478
"<placeholder-1/>\n"
15479
"\n"
15480
"modifying entry \"cn=config\"\n"
15481
msgstr ""
15482
15483
#: serverguide/C/network-auth.xml:1013(para)
15484
msgid ""
15485
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
15486
"<filename>ldap01_slapd_key.pem</filename>, and "
15487
"<filename>cacert.pem</filename> names if yours are different."
15488
msgstr ""
15489
15490
#: serverguide/C/network-auth.xml:1019(para)
15491
msgid ""
15492
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
15493
"<emphasis>SLAPD_SERVICES</emphasis> option:"
15494
msgstr ""
15495
15496
#: serverguide/C/network-auth.xml:1023(programlisting)
15497
#, no-wrap
15498
msgid ""
15499
"\n"
15500
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
15501
msgstr ""
15502
15503
#: serverguide/C/network-auth.xml:1027(para)
15504
msgid ""
15505
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
15506
msgstr ""
15507
15508
#: serverguide/C/network-auth.xml:1032(command)
15509
msgid "sudo adduser openldap ssl-cert"
15510
msgstr ""
15511
15512
#: serverguide/C/network-auth.xml:1033(command)
15513
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15514
msgstr ""
15515
15516
#: serverguide/C/network-auth.xml:1034(command)
15517
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15518
msgstr ""
15519
15520
#: serverguide/C/network-auth.xml:1038(para)
15521
msgid ""
15522
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
15523
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
15524
"adjust the commands appropriately."
15525
msgstr ""
15526
15527
#: serverguide/C/network-auth.xml:1044(para)
15528
msgid "Finally, restart <application>slapd</application>:"
15529
msgstr ""
15530
15531
#: serverguide/C/network-auth.xml:1052(para)
15532
msgid ""
15533
"The <application>slapd</application> daemon should now be listening for "
15534
"LDAPS connections and be able to use STARTTLS during authentication."
15535
msgstr ""
15536
15537
#: serverguide/C/network-auth.xml:1058(para)
15538
msgid ""
15539
"If you run into troubles with the server not starting, check the "
15540
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
15541
"it is likely there is a configuration problem. Check that the certificate is "
15542
"signed by the authority from in the files configured, and that the ssl-cert "
15543
"group has read permissions on the private key."
15544
msgstr ""
15545
15546
#: serverguide/C/network-auth.xml:1070(title)
15547
msgid "TLS Replication"
15548
msgstr ""
15549
15550
#: serverguide/C/network-auth.xml:1072(para)
15551
msgid ""
15552
"If you have setup <application>Syncrepl</application> between servers, it is "
15553
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
15554
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
15555
"linkend=\"openldap-server-replication\"/>."
15556
msgstr ""
15557
15558
#: serverguide/C/network-auth.xml:1078(para)
15559
msgid ""
15560
"Assuming you have followed the above instructions and created a CA "
15561
"certificate and server certificate on the <emphasis>Provider</emphasis> "
15562
"server. Follow the following instructions to create a certificate and key "
15563
"for the <emphasis>Consumer</emphasis> server."
15564
msgstr ""
15565
15566
#: serverguide/C/network-auth.xml:1087(para)
15567
msgid "Create a new key for the Consumer server:"
15568
msgstr ""
15569
15570
#: serverguide/C/network-auth.xml:1092(command)
15571
msgid "mkdir ldap02-ssl"
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:1093(command)
15575
msgid "cd ldap02-ssl"
15576
msgstr ""
15577
15578
#: serverguide/C/network-auth.xml:1094(command)
15579
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
15580
msgstr ""
15581
15582
#: serverguide/C/network-auth.xml:1098(para)
15583
msgid ""
15584
"Creating a new directory is not strictly necessary, but it will help keep "
15585
"things organized and make it easier to copy the files to the Consumer server."
15586
msgstr ""
15587
15588
#: serverguide/C/network-auth.xml:1107(para)
15589
msgid ""
15590
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
15591
"server, changing the attributes to match your locality and server:"
15592
msgstr ""
15593
15594
#: serverguide/C/network-auth.xml:1112(programlisting)
15595
#, no-wrap
15596
msgid ""
15597
"\n"
15598
"country = US\n"
15599
"state = North Carolina\n"
15600
"locality = Winston-Salem\n"
15601
"organization = Example Company\n"
15602
"cn = ldap02.salem.edu\n"
15603
"tls_www_client\n"
15604
"encryption_key\n"
15605
"signing_key\n"
15606
msgstr ""
15607
15608
#: serverguide/C/network-auth.xml:1126(para)
15609
msgid "Create the certificate:"
15610
msgstr ""
15611
15612
#: serverguide/C/network-auth.xml:1131(command)
15613
msgid ""
15614
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
15615
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
15616
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
15617
"ldap02_slapd_cert.pem"
15618
msgstr ""
15619
15620
#: serverguide/C/network-auth.xml:1139(para)
15621
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
15622
msgstr ""
15623
15624
#: serverguide/C/network-auth.xml:1144(command)
15625
msgid "cp /etc/ssl/certs/cacert.pem ."
15626
msgstr ""
15627
15628
#: serverguide/C/network-auth.xml:1150(para)
15629
msgid ""
15630
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
15631
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
15632
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
15633
"and copy <filename>ldap02_slapd_key.pem</filename> to "
15634
"<filename>/etc/ssl/private</filename>."
15635
msgstr ""
15636
15637
#: serverguide/C/network-auth.xml:1159(para)
15638
msgid ""
15639
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
15640
"by entering:"
15641
msgstr ""
15642
15643
#: serverguide/C/network-auth.xml:1169(userinput)
15644
#, no-wrap
15645
msgid ""
15646
"dn: cn=config\n"
15647
"add: olcTLSCACertificateFile\n"
15648
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
15649
"-\n"
15650
"add: olcTLSCertificateFile\n"
15651
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15652
"-\n"
15653
"add: olcTLSCertificateKeyFile\n"
15654
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
15655
msgstr ""
15656
15657
#: serverguide/C/network-auth.xml:1186(para)
15658
msgid ""
15659
"As with the Provider you can now edit "
15660
"<filename>/etc/default/slapd</filename> and add the "
15661
"<emphasis>ldaps:///</emphasis> parameter to the "
15662
"<emphasis>SLAPD_SERVICES</emphasis> option."
15663
msgstr ""
15664
15665
#: serverguide/C/network-auth.xml:1194(para)
15666
msgid ""
15667
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
15668
"modify the <emphasis>Consumer</emphasis> server's "
15669
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
15670
msgstr ""
15671
15672
#: serverguide/C/network-auth.xml:1207(userinput)
15673
#, no-wrap
15674
msgid ""
15675
"\n"
15676
"dn: olcDatabase={1}hdb,cn=config\n"
15677
"replace: olcSyncrepl\n"
15678
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15679
"binddn=\"cn=ad\n"
15680
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
15681
"logbas\n"
15682
" e=\"cn=accesslog\" "
15683
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
15684
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
15685
"starttls=yes"
15686
msgstr ""
15687
15688
#: serverguide/C/network-auth.xml:1204(computeroutput)
15689
#, no-wrap
15690
msgid ""
15691
"SASL/EXTERNAL authentication started\n"
15692
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15693
"SASL SSF: 0\n"
15694
"<placeholder-1/>\n"
15695
"\n"
15696
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15697
msgstr ""
15698
15699
#: serverguide/C/network-auth.xml:1219(para)
15700
msgid ""
15701
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
15702
"(FQDN) in the certificate, you may have to edit "
15703
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
15704
msgstr ""
15705
15706
#: serverguide/C/network-auth.xml:1224(programlisting)
15707
#, no-wrap
15708
msgid ""
15709
"\n"
15710
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15711
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
15712
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15713
msgstr ""
15714
15715
#: serverguide/C/network-auth.xml:1231(para)
15716
msgid ""
15717
"Finally, restart <application>slapd</application> on each of the servers:"
15718
msgstr ""
15719
15720
#: serverguide/C/network-auth.xml:1244(title)
15721
msgid "LDAP Authentication"
15722
msgstr ""
15723
15724
#: serverguide/C/network-auth.xml:1246(para)
15725
msgid ""
15726
"Once you have a working LDAP server, the <application>auth-client-"
15727
"config</application> and <application>libnss-ldap</application> packages "
15728
"take the pain out of configuring an Ubuntu client to authenticate using "
15729
"LDAP. To install the packages from, a terminal prompt enter:"
15730
msgstr ""
15731
15732
#: serverguide/C/network-auth.xml:1253(command)
15733
msgid "sudo apt-get install libnss-ldap"
15734
msgstr ""
15735
15736
#: serverguide/C/network-auth.xml:1256(para)
15737
msgid ""
15738
"During the install a menu dialog will ask you connection details about your "
15739
"LDAP server."
15740
msgstr ""
15741
15742
#: serverguide/C/network-auth.xml:1260(para)
15743
msgid ""
15744
"If you make a mistake when entering your information you can execute the "
15745
"dialog again using:"
15746
msgstr ""
15747
15748
#: serverguide/C/network-auth.xml:1265(command)
15749
msgid "sudo dpkg-reconfigure ldap-auth-config"
15750
msgstr ""
15751
15752
#: serverguide/C/network-auth.xml:1268(para)
15753
msgid ""
15754
"The results of the dialog can be seen in "
15755
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15756
"covered in the menu edit this file accordingly."
15757
msgstr ""
15758
15759
#: serverguide/C/network-auth.xml:1273(para)
15760
msgid ""
15761
"Now that <application>libnss-ldap</application> is configured enable the "
15762
"<application>auth-client-config</application> LDAP profile by entering:"
15763
msgstr ""
15764
15765
#: serverguide/C/network-auth.xml:1279(command)
15766
msgid "sudo auth-client-config -t nss -p lac_ldap"
15767
msgstr ""
15768
15769
#: serverguide/C/network-auth.xml:1284(para)
15770
msgid ""
15771
"<emphasis>-t:</emphasis> only modifies "
15772
"<filename>/etc/nsswitch.conf</filename>."
15773
msgstr ""
15774
15775
#: serverguide/C/network-auth.xml:1289(para)
15776
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
15777
msgstr ""
15778
15779
#: serverguide/C/network-auth.xml:1294(para)
15780
msgid ""
15781
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
15782
"config</application> profile that is part of the <application>ldap-auth-"
15783
"config</application> package."
15784
msgstr ""
15785
15786
#: serverguide/C/network-auth.xml:1301(para)
15787
msgid ""
15788
"Using the <application>pam-auth-update</application> utility, configure the "
15789
"system to use LDAP for authentication:"
15790
msgstr ""
15791
15792
#: serverguide/C/network-auth.xml:1306(command)
15793
msgid "sudo pam-auth-update"
15794
msgstr ""
15795
15796
#: serverguide/C/network-auth.xml:1309(para)
15797
msgid ""
15798
"From the <application>pam-auth-update</application> menu, choose LDAP and "
15799
"any other authentication mechanisms you need."
15800
msgstr ""
15801
15802
#: serverguide/C/network-auth.xml:1313(para)
15803
msgid ""
15804
"You should now be able to login using user credentials stored in the LDAP "
15805
"directory."
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:1318(para)
15809
msgid ""
15810
"If you are going to use LDAP to store Samba users you will need to configure "
15811
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
15812
"for details."
15813
msgstr ""
15814
15815
#: serverguide/C/network-auth.xml:1326(title)
15816
msgid "User and Group Management"
15817
msgstr ""
15818
15819
#: serverguide/C/network-auth.xml:1328(para)
15820
msgid ""
15821
"The <application>ldap-utils</application> package comes with multiple "
15822
"utilities to manage the directory, but the long string of options needed, "
15823
"can make them a burden to use. The <application>ldapscripts</application> "
15824
"package contains configurable scripts to easily manage LDAP users and groups."
15825
msgstr ""
15826
15827
#: serverguide/C/network-auth.xml:1334(para)
15828
msgid "To install the package, from a terminal enter:"
15829
msgstr ""
15830
15831
#: serverguide/C/network-auth.xml:1339(command)
15832
msgid "sudo apt-get install ldapscripts"
15833
msgstr ""
15834
15835
#: serverguide/C/network-auth.xml:1342(para)
15836
msgid ""
15837
"Next, edit the config file "
15838
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
15839
"changing the following to match your environment:"
15840
msgstr ""
15841
15842
#: serverguide/C/network-auth.xml:1347(programlisting)
15843
#, no-wrap
15844
msgid ""
15845
"\n"
15846
"SERVER=localhost\n"
15847
"BINDDN='cn=admin,dc=example,dc=com'\n"
15848
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
15849
"SUFFIX='dc=example,dc=com'\n"
15850
"GSUFFIX='ou=Groups'\n"
15851
"USUFFIX='ou=People'\n"
15852
"MSUFFIX='ou=Computers'\n"
15853
"GIDSTART=10000\n"
15854
"UIDSTART=10000\n"
15855
"MIDSTART=10000\n"
15856
msgstr ""
15857
15858
#: serverguide/C/network-auth.xml:1360(para)
15859
msgid ""
15860
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
15861
"authenticated access to the directory:"
15862
msgstr ""
15863
15864
#: serverguide/C/network-auth.xml:1365(command)
15865
msgid ""
15866
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15867
msgstr ""
15868
15869
#: serverguide/C/network-auth.xml:1366(command)
15870
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15871
msgstr ""
15872
15873
#: serverguide/C/network-auth.xml:1370(para)
15874
msgid ""
15875
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
15876
"user."
15877
msgstr ""
15878
15879
#: serverguide/C/network-auth.xml:1375(para)
15880
msgid ""
15881
"The <application>ldapscripts</application> are now ready to help manage your "
15882
"directory. The following are some examples of how to use the scripts:"
15883
msgstr ""
15884
15885
#: serverguide/C/network-auth.xml:1382(para)
15886
msgid "Create a new user:"
15887
msgstr ""
15888
15889
#: serverguide/C/network-auth.xml:1386(command)
15890
msgid "sudo ldapadduser george example"
15891
msgstr ""
15892
15893
#: serverguide/C/network-auth.xml:1388(para)
15894
msgid ""
15895
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15896
"and set the user's primary group (gid) to <emphasis "
15897
"role=\"italic\">example</emphasis>"
15898
msgstr ""
15899
15900
#: serverguide/C/network-auth.xml:1394(para)
15901
msgid "Change a user's password:"
15902
msgstr ""
15903
15904
#: serverguide/C/network-auth.xml:1398(command)
15905
msgid "sudo ldapsetpasswd george"
15906
msgstr ""
15907
15908
#: serverguide/C/network-auth.xml:1399(computeroutput)
15909
#, no-wrap
15910
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15911
msgstr ""
15912
15913
#: serverguide/C/network-auth.xml:1400(userinput)
15914
#, no-wrap
15915
msgid "New Password: "
15916
msgstr ""
15917
15918
#: serverguide/C/network-auth.xml:1401(userinput)
15919
#, no-wrap
15920
msgid "New Password (verify): "
15921
msgstr ""
15922
15923
#: serverguide/C/network-auth.xml:1405(para)
15924
msgid "Delete a user:"
15925
msgstr ""
15926
15927
#: serverguide/C/network-auth.xml:1409(command)
15928
msgid "sudo ldapdeleteuser george"
15929
msgstr ""
15930
15931
#: serverguide/C/network-auth.xml:1414(para)
15932
msgid "Add a group:"
15933
msgstr ""
15934
15935
#: serverguide/C/network-auth.xml:1418(command)
15936
msgid "sudo ldapaddgroup qa"
15937
msgstr ""
15938
15939
#: serverguide/C/network-auth.xml:1422(para)
15940
msgid "Delete a group:"
15941
msgstr ""
15942
15943
#: serverguide/C/network-auth.xml:1426(command)
15944
msgid "sudo ldapdeletegroup qa"
15945
msgstr ""
15946
15947
#: serverguide/C/network-auth.xml:1430(para)
15948
msgid "Add a user to a group:"
15949
msgstr ""
15950
15951
#: serverguide/C/network-auth.xml:1434(command)
15952
msgid "sudo ldapaddusertogroup george qa"
15953
msgstr ""
15954
15955
#: serverguide/C/network-auth.xml:1436(para)
15956
msgid ""
15957
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15958
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15959
"role=\"italic\">george</emphasis>."
15960
msgstr ""
15961
15962
#: serverguide/C/network-auth.xml:1442(para)
15963
msgid "Remove a user from a group:"
15964
msgstr ""
15965
15966
#: serverguide/C/network-auth.xml:1446(command)
15967
msgid "sudo ldapdeleteuserfromgroup george qa"
15968
msgstr ""
15969
15970
#: serverguide/C/network-auth.xml:1448(para)
15971
msgid ""
15972
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15973
"<emphasis role=\"italic\">qa</emphasis> group."
15974
msgstr ""
15975
15976
#: serverguide/C/network-auth.xml:1454(para)
15977
msgid ""
15978
"The <application>ldapmodifyuser</application> script allows you to add, "
15979
"remove, or replace a user's attributes. The script uses the same syntax as "
15980
"the <application>ldapmodify</application> utility. For example:"
15981
msgstr ""
15982
15983
#: serverguide/C/network-auth.xml:1459(command)
15984
msgid "sudo ldapmodifyuser george"
15985
msgstr ""
15986
15987
#: serverguide/C/network-auth.xml:1460(computeroutput)
15988
#, no-wrap
15989
msgid ""
15990
"# About to modify the following entry :\n"
15991
"dn: uid=george,ou=People,dc=example,dc=com\n"
15992
"objectClass: account\n"
15993
"objectClass: posixAccount\n"
15994
"cn: george\n"
15995
"uid: george\n"
15996
"uidNumber: 1001\n"
15997
"gidNumber: 1001\n"
15998
"homeDirectory: /home/george\n"
15999
"loginShell: /bin/bash\n"
16000
"gecos: george\n"
16001
"description: User account\n"
16002
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
16003
"\n"
16004
"# Enter your modifications here, end with CTRL-D.\n"
16005
"dn: uid=george,ou=People,dc=example,dc=com"
16006
msgstr ""
16007
16008
#: serverguide/C/network-auth.xml:1476(userinput)
16009
#, no-wrap
16010
msgid ""
16011
"replace: gecos\n"
16012
"gecos: George Carlin"
16013
msgstr ""
16014
16015
#: serverguide/C/network-auth.xml:1479(para)
16016
msgid ""
16017
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
16018
"Carlin</quote>."
16019
msgstr ""
16020
16021
#: serverguide/C/network-auth.xml:1484(para)
16022
msgid ""
16023
"Another great feature of <application>ldapscripts</application>, is the "
16024
"template system. Templates allow you to customize the attributes of user, "
16025
"group, and machine objectes. For example, to enable the "
16026
"<emphasis>user</emphasis> template edit "
16027
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
16028
msgstr ""
16029
16030
#: serverguide/C/network-auth.xml:1491(programlisting)
16031
#, no-wrap
16032
msgid ""
16033
"\n"
16034
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
16035
msgstr ""
16036
16037
#: serverguide/C/network-auth.xml:1495(para)
16038
msgid ""
16039
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
16040
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
16041
"<filename>ldapadduser.template.sample</filename> file to "
16042
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
16043
msgstr ""
16044
16045
#: serverguide/C/network-auth.xml:1502(command)
16046
msgid ""
16047
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
16048
"/etc/ldapscripts/ldapadduser.template"
16049
msgstr ""
16050
16051
#: serverguide/C/network-auth.xml:1505(para)
16052
msgid ""
16053
"Edit the new template to add the desired attributes. The following will "
16054
"create new user's as with an <emphasis>objectClass</emphasis> of "
16055
"<emphasis>inetOrgPerson</emphasis>:"
16056
msgstr ""
16057
16058
#: serverguide/C/network-auth.xml:1510(programlisting)
16059
#, no-wrap
16060
msgid ""
16061
"\n"
16062
"dn: uid=<user>,<usuffix>,<suffix>\n"
16063
"objectClass: inetOrgPerson\n"
16064
"objectClass: posixAccount\n"
16065
"cn: <user>\n"
16066
"sn: <ask>\n"
16067
"uid: <user>\n"
16068
"uidNumber: <uid>\n"
16069
"gidNumber: <gid>\n"
16070
"homeDirectory: <home>\n"
16071
"loginShell: <shell>\n"
16072
"gecos: <user>\n"
16073
"description: User account\n"
16074
"title: Employee\n"
16075
msgstr ""
16076
16077
#: serverguide/C/network-auth.xml:1526(para)
16078
msgid ""
16079
"Notice the <emphasis><ask></emphasis> option used for the "
16080
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
16081
"<application>ldapadduser</application> to prompt you for the attribute value "
16082
"during user creation."
16083
msgstr ""
16084
16085
#: serverguide/C/network-auth.xml:1534(para)
16086
msgid ""
16087
"There are more useful scripts in the package, to see a full list enter: "
16088
"<command>dpkg -L ldapscripts | grep bin</command>"
16089
msgstr ""
16090
16091
#: serverguide/C/network-auth.xml:1543(para)
16092
msgid ""
16093
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16094
"Ubuntu Wiki</ulink> page has more details."
16095
msgstr ""
16096
16097
#: serverguide/C/network-auth.xml:1548(para)
16098
msgid ""
16099
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
16100
"Home Page</ulink>"
16101
msgstr ""
16102
16103
#: serverguide/C/network-auth.xml:1553(para)
16104
msgid ""
16105
"Though starting to show it's age, a great source for in depth LDAP "
16106
"information is O'Reilly's <ulink "
16107
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16108
"Administration</ulink>"
16109
msgstr ""
16110
16111
#: serverguide/C/network-auth.xml:1559(para)
16112
msgid ""
16113
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16114
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
16115
"newer versions of OpenLDAP."
16116
msgstr ""
16117
16118
#: serverguide/C/network-auth.xml:1565(para)
16119
msgid ""
16120
"For more information on <application>auth-client-config</application> see "
16121
"the man page: <command>man auth-client-config</command>."
16122
msgstr ""
16123
16124
#: serverguide/C/network-auth.xml:1570(para)
16125
msgid ""
16126
"For more details regarding the <application>ldapscripts</application> "
16127
"package see the man pages: <command>man ldapscripts</command>, <command>man "
16128
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
16129
msgstr ""
16130
16131
#: serverguide/C/network-auth.xml:1580(title)
16132
msgid "Samba and LDAP"
16133
msgstr ""
16134
16135
#: serverguide/C/network-auth.xml:1582(para)
16136
msgid ""
16137
"This section covers configuring Samba to use LDAP for user, group, and "
16138
"machine account information and authentication. The assumption is, you "
16139
"already have a working OpenLDAP directory installed and the server is "
16140
"configured to use it for authentication. See <xref linkend=\"openldap-"
16141
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
16142
"setting up OpenLDAP. For more information on installing and configuring "
16143
"Samba see <xref linkend=\"windows-networking\"/>."
16144
msgstr ""
16145
16146
#: serverguide/C/network-auth.xml:1592(para)
16147
msgid ""
16148
"There are three packages needed when integrating Samba with LDAP. "
16149
"<application>samba</application>, <application>samba-doc</application>, and "
16150
"<application>smbldap-tools</application> packages . To install the packages, "
16151
"from a terminal enter:"
16152
msgstr ""
16153
16154
#: serverguide/C/network-auth.xml:1598(command)
16155
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16156
msgstr ""
16157
16158
#: serverguide/C/network-auth.xml:1601(para)
16159
msgid ""
16160
"Strictly speaking the <application>smbldap-tools</application> package isn't "
16161
"needed, but unless you have another package or custom scripts, a method of "
16162
"managing users, groups, and computer accounts is needed."
16163
msgstr ""
16164
16165
#: serverguide/C/network-auth.xml:1608(title)
16166
msgid "OpenLDAP Configuration"
16167
msgstr ""
16168
16169
#: serverguide/C/network-auth.xml:1610(para)
16170
msgid ""
16171
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
16172
"the user objects in the directory will need additional attributes. This "
16173
"section assumes you want Samba to be configured as a Windows NT domain "
16174
"controller, and will add the necessary LDAP objects and attributes."
16175
msgstr ""
16176
16177
#: serverguide/C/network-auth.xml:1618(para)
16178
msgid ""
16179
"The Samba attributes are defined in the <filename>samba.schema</filename> "
16180
"file which is part of the <application>samba-doc</application> package. The "
16181
"schema file needs to be unzipped and copied to "
16182
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
16183
msgstr ""
16184
16185
#: serverguide/C/network-auth.xml:1625(command)
16186
msgid ""
16187
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16188
"/etc/ldap/schema/"
16189
msgstr ""
16190
16191
#: serverguide/C/network-auth.xml:1626(command)
16192
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16193
msgstr ""
16194
16195
#: serverguide/C/network-auth.xml:1632(para)
16196
msgid ""
16197
"The <emphasis>samba</emphasis> schema needs to be added to the "
16198
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16199
"<application>slapd</application> is also detailed in <xref "
16200
"linkend=\"openldap-configuration\"/>."
16201
msgstr ""
16202
16203
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
16204
msgid ""
16205
"First, create a configuration file named "
16206
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
16207
"containing the following lines:"
16208
msgstr ""
16209
16210
#: serverguide/C/network-auth.xml:1645(programlisting)
16211
#, no-wrap
16212
msgid ""
16213
"\n"
16214
"include /etc/ldap/schema/core.schema\n"
16215
"include /etc/ldap/schema/collective.schema\n"
16216
"include /etc/ldap/schema/corba.schema\n"
16217
"include /etc/ldap/schema/cosine.schema\n"
16218
"include /etc/ldap/schema/duaconf.schema\n"
16219
"include /etc/ldap/schema/dyngroup.schema\n"
16220
"include /etc/ldap/schema/inetorgperson.schema\n"
16221
"include /etc/ldap/schema/java.schema\n"
16222
"include /etc/ldap/schema/misc.schema\n"
16223
"include /etc/ldap/schema/nis.schema\n"
16224
"include /etc/ldap/schema/openldap.schema\n"
16225
"include /etc/ldap/schema/ppolicy.schema\n"
16226
"include /etc/ldap/schema/samba.schema\n"
16227
msgstr ""
16228
16229
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
16230
msgid ""
16231
"Now use <application>slapcat</application> to convert the schema files:"
16232
msgstr ""
16233
16234
#: serverguide/C/network-auth.xml:1680(command)
16235
msgid ""
16236
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16237
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
16238
msgstr ""
16239
16240
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
16241
msgid ""
16242
"Change the above file and path names to match your own if they are different."
16243
msgstr ""
16244
16245
#: serverguide/C/network-auth.xml:1690(para)
16246
msgid ""
16247
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
16248
"the following attributes:"
16249
msgstr ""
16250
16251
#: serverguide/C/network-auth.xml:1694(programlisting)
16252
#, no-wrap
16253
msgid ""
16254
"\n"
16255
"dn: cn=samba,cn=schema,cn=config\n"
16256
"...\n"
16257
"cn: samba\n"
16258
msgstr ""
16259
16260
#: serverguide/C/network-auth.xml:1704(programlisting)
16261
#, no-wrap
16262
msgid ""
16263
"\n"
16264
"structuralObjectClass: olcSchemaConfig\n"
16265
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
16266
"creatorsName: cn=config\n"
16267
"createTimestamp: 20080827045234Z\n"
16268
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
16269
"modifiersName: cn=config\n"
16270
"modifyTimestamp: 20080827045234Z\n"
16271
msgstr ""
16272
16273
#: serverguide/C/network-auth.xml:1729(command)
16274
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
16275
msgstr ""
16276
16277
#: serverguide/C/network-auth.xml:1735(para)
16278
msgid ""
16279
"There should now be a <emphasis>dn: "
16280
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
16281
"sequential schema, entry in the cn=config tree."
16282
msgstr ""
16283
16284
#: serverguide/C/network-auth.xml:1743(para)
16285
msgid ""
16286
"Copy and paste the following into a file named "
16287
"<filename>samba_indexes.ldif</filename>:"
16288
msgstr ""
16289
16290
#: serverguide/C/network-auth.xml:1747(programlisting)
16291
#, no-wrap
16292
msgid ""
16293
"\n"
16294
"dn: olcDatabase={1}hdb,cn=config\n"
16295
"changetype: modify\n"
16296
"add: olcDbIndex\n"
16297
"olcDbIndex: uidNumber eq\n"
16298
"olcDbIndex: gidNumber eq\n"
16299
"olcDbIndex: loginShell eq\n"
16300
"olcDbIndex: uid eq,pres,sub\n"
16301
"olcDbIndex: memberUid eq,pres,sub\n"
16302
"olcDbIndex: uniqueMember eq,pres\n"
16303
"olcDbIndex: sambaSID eq\n"
16304
"olcDbIndex: sambaPrimaryGroupSID eq\n"
16305
"olcDbIndex: sambaGroupType eq\n"
16306
"olcDbIndex: sambaSIDList eq\n"
16307
"olcDbIndex: sambaDomainName eq\n"
16308
"olcDbIndex: default sub\n"
16309
msgstr ""
16310
16311
#: serverguide/C/network-auth.xml:1765(para)
16312
msgid ""
16313
"Using the <application>ldapmodify</application> utility load the new indexes:"
16314
msgstr ""
16315
16316
#: serverguide/C/network-auth.xml:1770(command)
16317
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
16318
msgstr ""
16319
16320
#: serverguide/C/network-auth.xml:1772(para)
16321
msgid ""
16322
"If all went well you should see the new indexes using "
16323
"<application>ldapsearch</application>:"
16324
msgstr ""
16325
16326
#: serverguide/C/network-auth.xml:1777(command)
16327
msgid ""
16328
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
16329
msgstr ""
16330
16331
#: serverguide/C/network-auth.xml:1783(para)
16332
msgid ""
16333
"Next, configure the <application>smbldap-tools</application> package to "
16334
"match your environment. The package comes with a configuration script that "
16335
"will ask questions about the needed options. To run the script enter:"
16336
msgstr ""
16337
16338
#: serverguide/C/network-auth.xml:1789(command)
16339
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
16340
msgstr ""
16341
16342
#: serverguide/C/network-auth.xml:1790(command)
16343
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
16344
msgstr ""
16345
16346
#: serverguide/C/network-auth.xml:1793(para)
16347
msgid ""
16348
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
16349
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
16350
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
16351
"configure script, so if you made any mistakes while executing the script it "
16352
"may be simpler to edit the file appropriately."
16353
msgstr ""
16354
16355
#: serverguide/C/network-auth.xml:1803(para)
16356
msgid ""
16357
"The <application>smbldap-populate</application> script will add the "
16358
"necessary users, groups, and LDAP objects required for Samba. It is a good "
16359
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
16360
"<application>slapcat</application> before executing the command:"
16361
msgstr ""
16362
16363
#: serverguide/C/network-auth.xml:1810(command)
16364
msgid "sudo slapcat -l backup.ldif"
16365
msgstr ""
16366
16367
#: serverguide/C/network-auth.xml:1816(para)
16368
msgid ""
16369
"Once you have a current backup execute <application>smbldap-"
16370
"populate</application> by entering:"
16371
msgstr ""
16372
16373
#: serverguide/C/network-auth.xml:1821(command)
16374
msgid "sudo smbldap-populate"
16375
msgstr ""
16376
16377
#: serverguide/C/network-auth.xml:1825(para)
16378
msgid ""
16379
"You can create an LDIF file containing the new Samba objects by executing "
16380
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16381
"look over the changes making sure everything is correct."
16382
msgstr ""
16383
16384
#: serverguide/C/network-auth.xml:1833(para)
16385
msgid ""
16386
"Your LDAP directory now has the necessary domain information to authenticate "
16387
"Samba users."
16388
msgstr ""
16389
16390
#: serverguide/C/network-auth.xml:1839(title)
16391
msgid "Samba Configuration"
16392
msgstr ""
16393
16394
#: serverguide/C/network-auth.xml:1841(para)
16395
msgid ""
16396
"There a multiple ways to configure Samba for details on some common "
16397
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
16398
"Samba to use LDAP, edit the main Samba configuration file "
16399
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
16400
"backend</emphasis> option and adding the following:"
16401
msgstr ""
16402
16403
#: serverguide/C/network-auth.xml:1847(programlisting)
16404
#, no-wrap
16405
msgid ""
16406
"\n"
16407
"# passdb backend = tdbsam\n"
16408
"\n"
16409
"# LDAP Settings\n"
16410
" passdb backend = ldapsam:ldap://hostname\n"
16411
" ldap suffix = dc=example,dc=com\n"
16412
" ldap user suffix = ou=People\n"
16413
" ldap group suffix = ou=Groups\n"
16414
" ldap machine suffix = ou=Computers\n"
16415
" ldap idmap suffix = ou=Idmap\n"
16416
" ldap admin dn = cn=admin,dc=example,dc=com\n"
16417
" ldap ssl = start tls\n"
16418
" ldap passwd sync = yes\n"
16419
"...\n"
16420
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16421
msgstr ""
16422
16423
#: serverguide/C/network-auth.xml:1864(para)
16424
msgid "Restart <application>samba</application> to enable the new settings:"
16425
msgstr ""
16426
16427
#: serverguide/C/network-auth.xml:1873(para)
16428
msgid ""
16429
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
16430
"enter:"
16431
msgstr ""
16432
16433
#: serverguide/C/network-auth.xml:1878(command)
16434
msgid "sudo smbpasswd -w secret"
16435
msgstr ""
16436
16437
#: serverguide/C/network-auth.xml:1882(para)
16438
msgid ""
16439
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
16440
"password."
16441
msgstr ""
16442
16443
#: serverguide/C/network-auth.xml:1887(para)
16444
msgid ""
16445
"If you currently have users in LDAP, and you want them to authenticate using "
16446
"Samba, they will need some Samba attributes defined in the "
16447
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
16448
"users using the <application>smbpasswd</application> utility, replacing "
16449
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
16450
msgstr ""
16451
16452
#: serverguide/C/network-auth.xml:1895(command)
16453
msgid "sudo smbpasswd -a username"
16454
msgstr ""
16455
16456
#: serverguide/C/network-auth.xml:1898(para)
16457
msgid "You will then be asked to enter the user's password."
16458
msgstr ""
16459
16460
#: serverguide/C/network-auth.xml:1902(para)
16461
msgid ""
16462
"To add new user, group, and machine accounts use the utilities from the "
16463
"<application>smbldap-tools</application> package. Here are some examples:"
16464
msgstr ""
16465
16466
#: serverguide/C/network-auth.xml:1909(para)
16467
msgid ""
16468
"To add a new user to LDAP with Samba attributes enter the following, "
16469
"replacing username with an actual username:"
16470
msgstr ""
16471
16472
#: serverguide/C/network-auth.xml:1913(command)
16473
msgid "sudo smbldap-useradd -a -P username"
16474
msgstr ""
16475
16476
#: serverguide/C/network-auth.xml:1915(para)
16477
msgid ""
16478
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16479
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
16480
"passwd</application> utility after the user is created allowing you to enter "
16481
"a password for the user."
16482
msgstr ""
16483
16484
#: serverguide/C/network-auth.xml:1921(para)
16485
msgid "To remove a user from the directory enter:"
16486
msgstr ""
16487
16488
#: serverguide/C/network-auth.xml:1925(command)
16489
msgid "sudo smbldap-userdel username"
16490
msgstr ""
16491
16492
#: serverguide/C/network-auth.xml:1927(para)
16493
msgid ""
16494
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
16495
"r</emphasis> option to remove the user's home directory."
16496
msgstr ""
16497
16498
#: serverguide/C/network-auth.xml:1932(para)
16499
msgid ""
16500
"Use <application>smbldap-groupadd</application> to add a group, replacing "
16501
"groupname with an appropriate group:"
16502
msgstr ""
16503
16504
#: serverguide/C/network-auth.xml:1936(command)
16505
msgid "sudo smbldap-groupadd -a groupname"
16506
msgstr ""
16507
16508
#: serverguide/C/network-auth.xml:1938(para)
16509
msgid ""
16510
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
16511
"a</emphasis> adds the Samba attributes."
16512
msgstr ""
16513
16514
#: serverguide/C/network-auth.xml:1943(para)
16515
msgid ""
16516
"To add a user to a group use <application>smbldap-groupmod</application>:"
16517
msgstr ""
16518
16519
#: serverguide/C/network-auth.xml:1947(command)
16520
msgid "sudo smbldap-groupmod -m username groupname"
16521
msgstr ""
16522
16523
#: serverguide/C/network-auth.xml:1949(para)
16524
msgid ""
16525
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
16526
"<emphasis>-m</emphasis> option can add more than one user at a time by "
16527
"listing them in <emphasis>comma separated</emphasis> format."
16528
msgstr ""
16529
16530
#: serverguide/C/network-auth.xml:1955(para)
16531
msgid ""
16532
"<application>smbldap-groupmod</application> can also be used to remove a "
16533
"user from a group:"
16534
msgstr ""
16535
16536
#: serverguide/C/network-auth.xml:1959(command)
16537
msgid "sudo smbldap-groupmod -x username groupname"
16538
msgstr ""
16539
16540
#: serverguide/C/network-auth.xml:1963(para)
16541
msgid ""
16542
"Additionally, the <application>smbldap-useradd</application> utility can add "
16543
"Samba machine accounts:"
16544
msgstr ""
16545
16546
#: serverguide/C/network-auth.xml:1967(command)
16547
msgid "sudo smbldap-useradd -t 0 -w username"
16548
msgstr ""
16549
16550
#: serverguide/C/network-auth.xml:1969(para)
16551
msgid ""
16552
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16553
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16554
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
16555
"machine account. Also, note the <emphasis>add machine script</emphasis> "
16556
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
16557
"<application>smbldap-useradd</application>."
16558
msgstr ""
16559
16560
#: serverguide/C/network-auth.xml:1978(para)
16561
msgid ""
16562
"There are more useful utilities and options in the <application>smbldap-"
16563
"tools</application> package. The man page for each utility provides more "
16564
"details."
16565
msgstr ""
16566
16567
#: serverguide/C/network-auth.xml:1989(para)
16568
msgid ""
16569
"There are multiple places where LDAP and Samba is documented in the <ulink "
16570
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
16571
"Collection</ulink>."
16572
msgstr ""
16573
16574
#: serverguide/C/network-auth.xml:1995(para)
16575
msgid ""
16576
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
16577
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
16578
msgstr ""
16579
16580
#: serverguide/C/network-auth.xml:2001(para)
16581
msgid ""
16582
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
16583
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
16584
msgstr ""
16585
16586
#: serverguide/C/network-auth.xml:2007(para)
16587
msgid ""
16588
"Again, for more information on <application>smbldap-tools</application> see "
16589
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
16590
"groupadd</command>, <command>man smbldap-populate</command>, etc."
16591
msgstr ""
16592
16593
#: serverguide/C/network-auth.xml:2014(para)
16594
msgid ""
16595
"Also, there is a list of <ulink "
16596
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
16597
"wiki</ulink> articles with more information."
16598
msgstr ""
16599
16600
#: serverguide/C/network-auth.xml:2023(title)
16601
msgid "Kerberos"
16602
msgstr "Kerberos"
16603
16604
#: serverguide/C/network-auth.xml:2025(para)
16605
msgid ""
16606
"<application>Kerberos</application> is a network authentication system based "
16607
"on the principal of a trusted third party. The other two parties being the "
16608
"user and the service the user wishes to authenticate to. Not all services "
16609
"and applications can use Kerberos, but for those that can, it brings the "
16610
"network environment one step closer to being Single Sign On (SSO)."
16611
msgstr ""
16612
16613
#: serverguide/C/network-auth.xml:2031(para)
16614
msgid ""
16615
"This section covers installation and configuration of a Kerberos server, and "
16616
"some example client configurations."
16617
msgstr ""
16618
16619
#: serverguide/C/network-auth.xml:2038(para)
16620
msgid ""
16621
"If you are new to Kerberos there are a few terms that are good to understand "
16622
"before setting up a Kerberos server. Most of the terms will relate to things "
16623
"you may be familiar with in other environments:"
16624
msgstr ""
16625
16626
#: serverguide/C/network-auth.xml:2045(para)
16627
msgid ""
16628
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16629
"by servers need to be defined as Kerberos Principals."
16630
msgstr ""
16631
16632
#: serverguide/C/network-auth.xml:2050(para)
16633
msgid ""
16634
"<emphasis>Instances:</emphasis> are used for service principals and special "
16635
"administrative principals."
16636
msgstr ""
16637
16638
#: serverguide/C/network-auth.xml:2055(para)
16639
msgid ""
16640
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16641
"Kerberos installation. Usually the DNS domain converted to uppercase "
16642
"(EXAMPLE.COM)."
16643
msgstr ""
16644
16645
#: serverguide/C/network-auth.xml:2061(para)
16646
msgid ""
16647
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16648
"a database of all principals, the authentication server, and the ticket "
16649
"granting server. For each realm there must be at least one KDC."
16650
msgstr ""
16651
16652
#: serverguide/C/network-auth.xml:2067(para)
16653
msgid ""
16654
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16655
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16656
"password which is known only to the user and the KDC."
16657
msgstr ""
16658
16659
#: serverguide/C/network-auth.xml:2073(para)
16660
msgid ""
16661
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16662
"clients upon request."
16663
msgstr ""
16664
16665
#: serverguide/C/network-auth.xml:2078(para)
16666
msgid ""
16667
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16668
"One principal being a user and the other a service requested by the user. "
16669
"Tickets establish an encryption key used for secure communication during the "
16670
"authenticated session."
16671
msgstr ""
16672
16673
#: serverguide/C/network-auth.xml:2084(para)
16674
msgid ""
16675
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16676
"principal database and contain the encryption key for a service or host."
16677
msgstr ""
16678
16679
#: serverguide/C/network-auth.xml:2091(para)
16680
msgid ""
16681
"To put the pieces together, a Realm has at least one KDC, preferably two for "
16682
"redundancy, which contains a database of Principals. When a user principal "
16683
"logs into a workstation, configured for Kerberos authentication, the KDC "
16684
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
16685
"match, the user is authenticated and can then request tickets for Kerberized "
16686
"services from the Ticket Granting Server (TGS). The service tickets allow "
16687
"the user to authenticate to the service without entering another username "
16688
"and password."
16689
msgstr ""
16690
16691
#: serverguide/C/network-auth.xml:2100(title)
16692
msgid "Kerberos Server"
16693
msgstr ""
16694
16695
#: serverguide/C/network-auth.xml:2104(para)
16696
msgid ""
16697
"Before installing the Kerberos server a properly configured DNS server is "
16698
"needed for your domain. Since the Kerberos Realm by convention matches the "
16699
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
16700
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
16701
msgstr ""
16702
16703
#: serverguide/C/network-auth.xml:2110(para)
16704
msgid ""
16705
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16706
"between a client machine and the server differs by more than five minutes "
16707
"(by default), the workstation will not be able to authenticate. To correct "
16708
"the problem all hosts should have their time synchronized using the "
16709
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
16710
"NTP see <xref linkend=\"NTP\"/>."
16711
msgstr ""
16712
16713
#: serverguide/C/network-auth.xml:2117(para)
16714
msgid ""
16715
"The first step in installing a Kerberos Realm is to install the "
16716
"<application>krb5-kdc</application> and <application>krb5-admin-"
16717
"server</application> packages. From a terminal enter:"
16718
msgstr ""
16719
16720
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
16721
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16722
msgstr ""
16723
16724
#: serverguide/C/network-auth.xml:2126(para)
16725
msgid ""
16726
"You will be asked at the end of the install to supply a name for the "
16727
"Kerberos and Admin servers, which may or may not be the same server, for the "
16728
"realm."
16729
msgstr ""
16730
16731
#: serverguide/C/network-auth.xml:2131(para)
16732
msgid ""
16733
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16734
"utility:"
16735
msgstr ""
16736
16737
#: serverguide/C/network-auth.xml:2136(command)
16738
msgid "sudo krb5_newrealm"
16739
msgstr ""
16740
16741
#: serverguide/C/network-auth.xml:2143(para)
16742
msgid ""
16743
"The questions asked during installation are used to configure the "
16744
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16745
"Distribution Center (KDC) settings simply edit the file and restart the "
16746
"<application>krb5-kdc</application> daemon."
16747
msgstr ""
16748
16749
#: serverguide/C/network-auth.xml:2151(para)
16750
msgid ""
16751
"Now that the KDC running an admin user is needed. It is recommended to use a "
16752
"different username from your everyday username. Using the "
16753
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16754
msgstr ""
16755
16756
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
16757
msgid "sudo kadmin.local"
16758
msgstr ""
16759
16760
#: serverguide/C/network-auth.xml:2158(computeroutput)
16761
#, no-wrap
16762
msgid ""
16763
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16764
"kadmin.local:"
16765
msgstr ""
16766
16767
#: serverguide/C/network-auth.xml:2159(userinput)
16768
#, no-wrap
16769
msgid " addprinc steve/admin"
16770
msgstr ""
16771
16772
#: serverguide/C/network-auth.xml:2160(computeroutput)
16773
#, no-wrap
16774
msgid ""
16775
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16776
"policy\n"
16777
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16778
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16779
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
16780
"kadmin.local:"
16781
msgstr ""
16782
16783
#: serverguide/C/network-auth.xml:2164(userinput)
16784
#, no-wrap
16785
msgid " quit"
16786
msgstr ""
16787
16788
#: serverguide/C/network-auth.xml:2167(para)
16789
msgid ""
16790
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16791
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16792
"is an <emphasis>Instance</emphasis>, and <emphasis "
16793
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
16794
"role=\"italic\">\"every day\"</emphasis> Principal would be "
16795
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
16796
"rights."
16797
msgstr ""
16798
16799
#: serverguide/C/network-auth.xml:2175(para)
16800
msgid ""
16801
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16802
"your Realm and admin username."
16803
msgstr ""
16804
16805
#: serverguide/C/network-auth.xml:2183(para)
16806
msgid ""
16807
"Next, the new admin user needs to have the appropriate Access Control List "
16808
"(ACL) permissions. The permissions are configured in the "
16809
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16810
msgstr ""
16811
16812
#: serverguide/C/network-auth.xml:2188(programlisting)
16813
#, no-wrap
16814
msgid ""
16815
"\n"
16816
"steve/admin@EXAMPLE.COM *\n"
16817
msgstr ""
16818
16819
#: serverguide/C/network-auth.xml:2192(para)
16820
msgid ""
16821
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16822
"any operation on all principals in the realm."
16823
msgstr ""
16824
16825
#: serverguide/C/network-auth.xml:2199(para)
16826
msgid ""
16827
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16828
"to take affect:"
16829
msgstr ""
16830
16831
#: serverguide/C/network-auth.xml:2204(command)
16832
msgid "sudo /etc/init.d/krb5-admin-server restart"
16833
msgstr ""
16834
16835
#: serverguide/C/network-auth.xml:2210(para)
16836
msgid ""
16837
"The new user principal can be tested using the <application>kinit "
16838
"utility</application>:"
16839
msgstr ""
16840
16841
#: serverguide/C/network-auth.xml:2215(command)
16842
msgid "kinit steve/admin"
16843
msgstr ""
16844
16845
#: serverguide/C/network-auth.xml:2216(computeroutput)
16846
#, no-wrap
16847
msgid "steve/admin@EXAMPLE.COM's Password:"
16848
msgstr ""
16849
16850
#: serverguide/C/network-auth.xml:2219(para)
16851
msgid ""
16852
"After entering the password, use the <application>klist</application> "
16853
"utility to view information about the Ticket Granting Ticket (TGT):"
16854
msgstr ""
16855
16856
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
16857
msgid "klist"
16858
msgstr ""
16859
16860
#: serverguide/C/network-auth.xml:2226(computeroutput)
16861
#, no-wrap
16862
msgid ""
16863
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16864
" Principal: steve/admin@EXAMPLE.COM\n"
16865
"\n"
16866
" Issued Expires Principal\n"
16867
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16868
msgstr ""
16869
16870
#: serverguide/C/network-auth.xml:2233(para)
16871
msgid ""
16872
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
16873
"the KDC. For example:"
16874
msgstr ""
16875
16876
#: serverguide/C/network-auth.xml:2237(programlisting)
16877
#, no-wrap
16878
msgid ""
16879
"\n"
16880
"192.168.0.1 kdc01.example.com kdc01\n"
16881
msgstr ""
16882
16883
#: serverguide/C/network-auth.xml:2241(para)
16884
msgid ""
16885
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
16886
msgstr ""
16887
16888
#: serverguide/C/network-auth.xml:2248(para)
16889
msgid ""
16890
"In order for clients to determine the KDC for the Realm some DNS SRV records "
16891
"are needed. Add the following to "
16892
"<filename>/etc/named/db.example.com</filename>:"
16893
msgstr ""
16894
16895
#: serverguide/C/network-auth.xml:2253(programlisting)
16896
#, no-wrap
16897
msgid ""
16898
"\n"
16899
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16900
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16901
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16902
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16903
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16904
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16905
msgstr ""
16906
16907
#: serverguide/C/network-auth.xml:2263(para)
16908
msgid ""
16909
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16910
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16911
"KDC."
16912
msgstr ""
16913
16914
#: serverguide/C/network-auth.xml:2269(para)
16915
msgid ""
16916
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16917
msgstr ""
16918
16919
#: serverguide/C/network-auth.xml:2276(para)
16920
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16921
msgstr ""
16922
16923
#: serverguide/C/network-auth.xml:2283(title)
16924
msgid "Secondary KDC"
16925
msgstr ""
16926
16927
#: serverguide/C/network-auth.xml:2285(para)
16928
msgid ""
16929
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16930
"practice to have a Secondary KDC in case the primary becomes unavailable."
16931
msgstr ""
16932
16933
#: serverguide/C/network-auth.xml:2293(para)
16934
msgid ""
16935
"First, install the packages, and when asked for the Kerberos and Admin "
16936
"server names enter the name of the Primary KDC:"
16937
msgstr ""
16938
16939
#: serverguide/C/network-auth.xml:2304(para)
16940
msgid ""
16941
"Once you have the packages installed, create the Secondary KDC's host "
16942
"principal. From a terminal prompt, enter:"
16943
msgstr ""
16944
16945
#: serverguide/C/network-auth.xml:2309(command)
16946
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16947
msgstr ""
16948
16949
#: serverguide/C/network-auth.xml:2313(para)
16950
msgid ""
16951
"After, issuing any <application>kadmin</application> commands you will be "
16952
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16953
"password."
16954
msgstr ""
16955
16956
#: serverguide/C/network-auth.xml:2322(para)
16957
msgid "Extract the <emphasis>keytab</emphasis> file:"
16958
msgstr ""
16959
16960
#: serverguide/C/network-auth.xml:2327(command)
16961
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
16962
msgstr ""
16963
16964
#: serverguide/C/network-auth.xml:2333(para)
16965
msgid ""
16966
"There should now be a <filename>keytab.kdc02</filename> in the current "
16967
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16968
msgstr ""
16969
16970
#: serverguide/C/network-auth.xml:2339(command)
16971
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16972
msgstr ""
16973
16974
#: serverguide/C/network-auth.xml:2343(para)
16975
msgid ""
16976
"If the path to the <filename>keytab.kdc02</filename> file is different "
16977
"adjust accordingly."
16978
msgstr ""
16979
16980
#: serverguide/C/network-auth.xml:2348(para)
16981
msgid ""
16982
"Also, you can list the principals in a Keytab file, which can be useful when "
16983
"troubleshooting, using the <application>klist</application> utility:"
16984
msgstr ""
16985
16986
#: serverguide/C/network-auth.xml:2354(command)
16987
msgid "sudo klist -k /etc/krb5.keytab"
16988
msgstr ""
16989
16990
#: serverguide/C/network-auth.xml:2360(para)
16991
msgid ""
16992
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16993
"that lists all KDCs for the Realm. For example, on both primary and "
16994
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16995
msgstr ""
16996
16997
#: serverguide/C/network-auth.xml:2365(programlisting)
16998
#, no-wrap
16999
msgid ""
17000
"\n"
17001
"host/kdc01.example.com@EXAMPLE.COM\n"
17002
"host/kdc02.example.com@EXAMPLE.COM\n"
17003
msgstr ""
17004
17005
#: serverguide/C/network-auth.xml:2373(para)
17006
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17007
msgstr ""
17008
17009
#: serverguide/C/network-auth.xml:2378(command)
17010
msgid "sudo kdb5_util -s create"
17011
msgstr ""
17012
17013
#: serverguide/C/network-auth.xml:2384(para)
17014
msgid ""
17015
"Now start the <application>kpropd</application> daemon, which listens for "
17016
"connections from the <application>kprop</application> utility. "
17017
"<application>kprop</application> is used to transfer dump files:"
17018
msgstr ""
17019
17020
#: serverguide/C/network-auth.xml:2391(command)
17021
msgid "sudo kpropd -S"
17022
msgstr ""
17023
17024
#: serverguide/C/network-auth.xml:2397(para)
17025
msgid ""
17026
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17027
"of the principal database:"
17028
msgstr ""
17029
17030
#: serverguide/C/network-auth.xml:2402(command)
17031
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17032
msgstr ""
17033
17034
#: serverguide/C/network-auth.xml:2408(para)
17035
msgid ""
17036
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17037
"<filename>/etc/krb5.keytab</filename>:"
17038
msgstr ""
17039
17040
#: serverguide/C/network-auth.xml:2413(command)
17041
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17042
msgstr ""
17043
17044
#: serverguide/C/network-auth.xml:2414(command)
17045
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17046
msgstr ""
17047
17048
#: serverguide/C/network-auth.xml:2418(para)
17049
msgid ""
17050
"Make sure there is a <emphasis>host</emphasis> for "
17051
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17052
msgstr ""
17053
17054
#: serverguide/C/network-auth.xml:2426(para)
17055
msgid ""
17056
"Using the <application>kprop</application> utility push the database to the "
17057
"Secondary KDC:"
17058
msgstr ""
17059
17060
#: serverguide/C/network-auth.xml:2431(command)
17061
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17062
msgstr ""
17063
17064
#: serverguide/C/network-auth.xml:2435(para)
17065
msgid ""
17066
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17067
"worked. If there is an error message check "
17068
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
17069
"information."
17070
msgstr ""
17071
17072
#: serverguide/C/network-auth.xml:2441(para)
17073
msgid ""
17074
"You may also want to create a <application>cron</application> job to "
17075
"periodically update the database on the Secondary KDC. For example, the "
17076
"following will push the database every hour:"
17077
msgstr ""
17078
17079
#: serverguide/C/network-auth.xml:2446(programlisting)
17080
#, no-wrap
17081
msgid ""
17082
"\n"
17083
"# m h dom mon dow command\n"
17084
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
17085
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17086
msgstr ""
17087
17088
#: serverguide/C/network-auth.xml:2454(para)
17089
msgid ""
17090
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17091
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17092
msgstr ""
17093
17094
#: serverguide/C/network-auth.xml:2460(command)
17095
msgid "sudo kdb5_util stash"
17096
msgstr ""
17097
17098
#: serverguide/C/network-auth.xml:2466(para)
17099
msgid ""
17100
"Finally, start the <application>krb5-kdc</application> daemon on the "
17101
"Secondary KDC:"
17102
msgstr ""
17103
17104
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
17105
msgid "sudo /etc/init.d/krb5-kdc start"
17106
msgstr ""
17107
17108
#: serverguide/C/network-auth.xml:2477(para)
17109
msgid ""
17110
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17111
"for the Realm. You can test this by stopping the <application>krb5-"
17112
"kdc</application> daemon on the Primary KDC, then use "
17113
"<application>kinit</application> to request a ticket. If all goes well you "
17114
"should receive a ticket from the Secondary KDC."
17115
msgstr ""
17116
17117
#: serverguide/C/network-auth.xml:2485(title)
17118
msgid "Kerberos Linux Client"
17119
msgstr ""
17120
17121
#: serverguide/C/network-auth.xml:2487(para)
17122
msgid ""
17123
"This section covers configuring a Linux system as a "
17124
"<application>Kerberos</application> client. This will allow access to any "
17125
"kerberized services once a user has successfully logged into the system."
17126
msgstr ""
17127
17128
#: serverguide/C/network-auth.xml:2495(para)
17129
msgid ""
17130
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17131
"user</application> and <application>libpam-krb5</application> packages are "
17132
"needed, along with a few others that are not strictly necessary but make "
17133
"life easier. To install the packages enter the following in a terminal "
17134
"prompt:"
17135
msgstr ""
17136
17137
#: serverguide/C/network-auth.xml:2502(command)
17138
msgid ""
17139
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17140
msgstr ""
17141
17142
#: serverguide/C/network-auth.xml:2505(para)
17143
msgid ""
17144
"The <application>auth-client-config</application> package allows simple "
17145
"configuration of PAM for authentication from multiple sources, and the "
17146
"<application>libpam-ccreds</application> will cache authentication "
17147
"credentials allowing you to login in case the Key Distribution Center (KDC) "
17148
"is unavailable. This package is also useful for laptops that may "
17149
"authenticate using Kerberos while on the corporate network, but will need to "
17150
"be accessed off the network as well."
17151
msgstr ""
17152
17153
#: serverguide/C/network-auth.xml:2516(para)
17154
msgid "To configure the client in a terminal enter:"
17155
msgstr ""
17156
17157
#: serverguide/C/network-auth.xml:2521(command)
17158
msgid "sudo dpkg-reconfigure krb5-config"
17159
msgstr ""
17160
17161
#: serverguide/C/network-auth.xml:2524(para)
17162
msgid ""
17163
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17164
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17165
"records, the menu will prompt you for the hostname of the Key Distribution "
17166
"Center (KDC) and Realm Administration server."
17167
msgstr ""
17168
17169
#: serverguide/C/network-auth.xml:2530(para)
17170
msgid ""
17171
"The <application>dpkg-reconfigure</application> adds entries to the "
17172
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17173
"entries similar to the following:"
17174
msgstr ""
17175
17176
#: serverguide/C/network-auth.xml:2535(programlisting)
17177
#, no-wrap
17178
msgid ""
17179
"\n"
17180
"[libdefaults]\n"
17181
" default_realm = EXAMPLE.COM\n"
17182
"...\n"
17183
"[realms]\n"
17184
" EXAMPLE.COM = } \n"
17185
" kdc = 192.168.0.1 \n"
17186
" admin_server = 192.168.0.1\n"
17187
" }\n"
17188
msgstr ""
17189
17190
#: serverguide/C/network-auth.xml:2546(para)
17191
msgid ""
17192
"You can test the configuration by requesting a ticket using the "
17193
"<application>kinit</application> utility. For example:"
17194
msgstr ""
17195
17196
#: serverguide/C/network-auth.xml:2551(command)
17197
msgid "kinit steve@EXAMPLE.COM"
17198
msgstr ""
17199
17200
#: serverguide/C/network-auth.xml:2552(computeroutput)
17201
#, no-wrap
17202
msgid "Password for steve@EXAMPLE.COM:"
17203
msgstr ""
17204
17205
#: serverguide/C/network-auth.xml:2555(para)
17206
msgid ""
17207
"When a ticket has been granted, the details can be viewed using "
17208
"<application>klist</application>:"
17209
msgstr ""
17210
17211
#: serverguide/C/network-auth.xml:2561(computeroutput)
17212
#, no-wrap
17213
msgid ""
17214
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17215
"Default principal: steve@EXAMPLE.COM\n"
17216
"\n"
17217
"Valid starting Expires Service principal\n"
17218
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
17219
" renew until 07/25/08 05:18:57\n"
17220
"\n"
17221
"\n"
17222
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
17223
"klist: You have no tickets cached"
17224
msgstr ""
17225
17226
#: serverguide/C/network-auth.xml:2573(para)
17227
msgid ""
17228
"Next, use the <application>auth-client-config</application> to configure the "
17229
"<application>libpam-krb5</application> module to request a ticket during "
17230
"login:"
17231
msgstr ""
17232
17233
#: serverguide/C/network-auth.xml:2579(command)
17234
msgid "sudo auth-client-config -a -p kerberos_example"
17235
msgstr ""
17236
17237
#: serverguide/C/network-auth.xml:2582(para)
17238
msgid ""
17239
"You will should now receive a ticket upon successful login authentication."
17240
msgstr ""
17241
17242
#: serverguide/C/network-auth.xml:2593(para)
17243
msgid ""
17244
"For more information on Kerberos see the <ulink "
17245
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17246
msgstr ""
17247
17248
#: serverguide/C/network-auth.xml:2598(para)
17249
msgid ""
17250
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17251
"Kerberos</ulink> page has more details."
17252
msgstr ""
17253
17254
#: serverguide/C/network-auth.xml:2603(para)
17255
msgid ""
17256
"O'Reilly's <ulink "
17257
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17258
"Guide</ulink> is a great reference when setting up Kerberos."
17259
msgstr ""
17260
17261
#: serverguide/C/network-auth.xml:2609(para)
17262
msgid ""
17263
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
17264
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
17265
"Kerberos questions."
17266
msgstr ""
17267
17268
#: serverguide/C/network-auth.xml:2619(title)
17269
msgid "Kerberos and LDAP"
17270
msgstr ""
17271
17272
#: serverguide/C/network-auth.xml:2621(para)
17273
msgid ""
17274
"Replicating a Kerberos principal database between two servers can be "
17275
"complicated, and adds an additional user database to your network. "
17276
"Fortunately, MIT Kerberos can be configured to use an "
17277
"<application>LDAP</application> directory as a principal database. This "
17278
"section covers configuring a primary and secondary kerberos server to use "
17279
"<application>OpenLDAP</application> for the principal database."
17280
msgstr ""
17281
17282
#: serverguide/C/network-auth.xml:2629(title)
17283
msgid "Configuring OpenLDAP"
17284
msgstr ""
17285
17286
#: serverguide/C/network-auth.xml:2631(para)
17287
msgid ""
17288
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17289
"<application>OpenLDAP</application> server that has network connectivity to "
17290
"the Primary and Secondary KDCs. The rest of this section assumes that you "
17291
"also have LDAP replication configured between at least two servers. For "
17292
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17293
msgstr ""
17294
17295
#: serverguide/C/network-auth.xml:2638(para)
17296
msgid ""
17297
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17298
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17299
"linkend=\"openldap-tls\"/> for details."
17300
msgstr ""
17301
17302
#: serverguide/C/network-auth.xml:2645(para)
17303
msgid ""
17304
"To load the schema into LDAP, on the LDAP server install the "
17305
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17306
msgstr ""
17307
17308
#: serverguide/C/network-auth.xml:2651(command)
17309
msgid "sudo apt-get install krb5-kdc-ldap"
17310
msgstr ""
17311
17312
#: serverguide/C/network-auth.xml:2656(para)
17313
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17314
msgstr ""
17315
17316
#: serverguide/C/network-auth.xml:2661(command)
17317
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17318
msgstr ""
17319
17320
#: serverguide/C/network-auth.xml:2662(command)
17321
msgid ""
17322
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17323
msgstr ""
17324
17325
#: serverguide/C/network-auth.xml:2668(para)
17326
msgid ""
17327
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17328
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17329
"<application>slapd</application> is also detailed in <xref "
17330
"linkend=\"openldap-configuration\"/>."
17331
msgstr ""
17332
17333
#: serverguide/C/network-auth.xml:2681(programlisting)
17334
#, no-wrap
17335
msgid ""
17336
"\n"
17337
"include /etc/ldap/schema/core.schema\n"
17338
"include /etc/ldap/schema/collective.schema\n"
17339
"include /etc/ldap/schema/corba.schema\n"
17340
"include /etc/ldap/schema/cosine.schema\n"
17341
"include /etc/ldap/schema/duaconf.schema\n"
17342
"include /etc/ldap/schema/dyngroup.schema\n"
17343
"include /etc/ldap/schema/inetorgperson.schema\n"
17344
"include /etc/ldap/schema/java.schema\n"
17345
"include /etc/ldap/schema/misc.schema\n"
17346
"include /etc/ldap/schema/nis.schema\n"
17347
"include /etc/ldap/schema/openldap.schema\n"
17348
"include /etc/ldap/schema/ppolicy.schema\n"
17349
"include /etc/ldap/schema/kerberos.schema\n"
17350
msgstr ""
17351
17352
#: serverguide/C/network-auth.xml:2701(para)
17353
msgid "Create a temporary directory to hold the LDIF files:"
17354
msgstr ""
17355
17356
#: serverguide/C/network-auth.xml:2716(command)
17357
msgid ""
17358
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
17359
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17360
msgstr ""
17361
17362
#: serverguide/C/network-auth.xml:2726(para)
17363
msgid ""
17364
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17365
"changing the following attributes:"
17366
msgstr ""
17367
17368
#: serverguide/C/network-auth.xml:2730(programlisting)
17369
#, no-wrap
17370
msgid ""
17371
"\n"
17372
"dn: cn=kerberos,cn=schema,cn=config\n"
17373
"...\n"
17374
"cn: kerberos\n"
17375
msgstr ""
17376
17377
#: serverguide/C/network-auth.xml:2736(para)
17378
msgid "And remove the following lines from the end of the file:"
17379
msgstr ""
17380
17381
#: serverguide/C/network-auth.xml:2740(programlisting)
17382
#, no-wrap
17383
msgid ""
17384
"\n"
17385
"structuralObjectClass: olcSchemaConfig\n"
17386
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
17387
"creatorsName: cn=config\n"
17388
"createTimestamp: 20090111203515Z\n"
17389
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
17390
"modifiersName: cn=config\n"
17391
"modifyTimestamp: 20090111203515Z\n"
17392
msgstr ""
17393
17394
#: serverguide/C/network-auth.xml:2759(para)
17395
msgid "Load the new schema with <application>ldapadd</application>:"
17396
msgstr ""
17397
17398
#: serverguide/C/network-auth.xml:2764(command)
17399
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17400
msgstr ""
17401
17402
#: serverguide/C/network-auth.xml:2770(para)
17403
msgid ""
17404
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17405
msgstr ""
17406
17407
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
17408
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17409
msgstr ""
17410
17411
#: serverguide/C/network-auth.xml:2777(userinput)
17412
#, no-wrap
17413
msgid ""
17414
"dn: olcDatabase={1}hdb,cn=config\n"
17415
"add: olcDbIndex\n"
17416
"olcDbIndex: krbPrincipalName eq,pres,sub"
17417
msgstr ""
17418
17419
#: serverguide/C/network-auth.xml:2776(computeroutput)
17420
#, no-wrap
17421
msgid ""
17422
"Enter LDAP Password:\n"
17423
"<placeholder-1/>\n"
17424
"\n"
17425
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17426
msgstr ""
17427
17428
#: serverguide/C/network-auth.xml:2787(para)
17429
msgid "Finally, update the Access Control Lists (ACL):"
17430
msgstr ""
17431
17432
#: serverguide/C/network-auth.xml:2794(userinput)
17433
#, no-wrap
17434
msgid ""
17435
"dn: olcDatabase={1}hdb,cn=config\n"
17436
"replace: olcAccess\n"
17437
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
17438
"dn=\"cn=admin,dc=exampl\n"
17439
" e,dc=com\" write by anonymous auth by self write by * none\n"
17440
"-\n"
17441
"add: olcAccess\n"
17442
"olcAccess: to dn.base=\"\" by * read\n"
17443
"-\n"
17444
"add: olcAccess\n"
17445
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17446
msgstr ""
17447
17448
#: serverguide/C/network-auth.xml:2793(computeroutput)
17449
#, no-wrap
17450
msgid ""
17451
"Enter LDAP Password: \n"
17452
"<placeholder-1/>\n"
17453
"\n"
17454
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17455
msgstr ""
17456
17457
#: serverguide/C/network-auth.xml:2814(para)
17458
msgid ""
17459
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17460
"database."
17461
msgstr ""
17462
17463
#: serverguide/C/network-auth.xml:2820(title)
17464
msgid "Primary KDC Configuration"
17465
msgstr ""
17466
17467
#: serverguide/C/network-auth.xml:2822(para)
17468
msgid ""
17469
"With <application>OpenLDAP</application> configured it is time to configure "
17470
"the KDC."
17471
msgstr ""
17472
17473
#: serverguide/C/network-auth.xml:2828(para)
17474
msgid "First, install the necessary packages, from a terminal enter:"
17475
msgstr ""
17476
17477
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
17478
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17479
msgstr ""
17480
17481
#: serverguide/C/network-auth.xml:2839(para)
17482
msgid ""
17483
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17484
"under the appropriate sections:"
17485
msgstr ""
17486
17487
#: serverguide/C/network-auth.xml:2843(programlisting)
17488
#, no-wrap
17489
msgid ""
17490
"\n"
17491
"[libdefaults]\n"
17492
" default_realm = EXAMPLE.COM\n"
17493
"\n"
17494
"...\n"
17495
"\n"
17496
"[realms]\n"
17497
" EXAMPLE.COM = {\n"
17498
" kdc = kdc01.example.com\n"
17499
" kdc = kdc02.example.com\n"
17500
" admin_server = kdc01.example.com\n"
17501
" admin_server = kdc02.example.com\n"
17502
" default_domain = example.com\n"
17503
" database_module = openldap_ldapconf\n"
17504
" }\n"
17505
"\n"
17506
"...\n"
17507
"\n"
17508
"[domain_realm]\n"
17509
" .example.com = EXAMPLE.COM\n"
17510
"\n"
17511
"\n"
17512
"...\n"
17513
"\n"
17514
"[dbdefaults]\n"
17515
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17516
"\n"
17517
"[dbmodules]\n"
17518
" openldap_ldapconf = {\n"
17519
" db_library = kldap\n"
17520
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17521
"\n"
17522
" # this object needs to have read rights on\n"
17523
" # the realm container, principal container and realm sub-"
17524
"trees\n"
17525
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17526
"\n"
17527
" # this object needs to have read and write rights on\n"
17528
" # the realm container, principal container and realm sub-"
17529
"trees\n"
17530
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17531
" ldap_servers = ldaps://ldap01.example.com "
17532
"ldaps://ldap02.example.com\n"
17533
" ldap_conns_per_server = 5\n"
17534
" }\n"
17535
msgstr ""
17536
17537
#: serverguide/C/network-auth.xml:2888(para)
17538
msgid ""
17539
"Change <emphasis>example.com</emphasis>, "
17540
"<emphasis>dc=example,dc=com</emphasis>, "
17541
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
17542
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
17543
"object, and LDAP server for your network."
17544
msgstr ""
17545
17546
#: serverguide/C/network-auth.xml:2897(para)
17547
msgid ""
17548
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17549
"the realm:"
17550
msgstr ""
17551
17552
#: serverguide/C/network-auth.xml:2902(command)
17553
msgid ""
17554
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
17555
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17556
msgstr ""
17557
17558
#: serverguide/C/network-auth.xml:2908(para)
17559
msgid ""
17560
"Create a stash of the password used to bind to the LDAP server. This "
17561
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17562
"<emphasis>ldap_kadmin_dn</emphasis> options in "
17563
"<filename>/etc/krb5.conf</filename>:"
17564
msgstr ""
17565
17566
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
17567
msgid ""
17568
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
17569
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17570
msgstr ""
17571
17572
#: serverguide/C/network-auth.xml:2920(para)
17573
msgid "Copy the CA certificate from the LDAP server:"
17574
msgstr ""
17575
17576
#: serverguide/C/network-auth.xml:2925(command)
17577
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17578
msgstr ""
17579
17580
#: serverguide/C/network-auth.xml:2926(command)
17581
msgid "sudo cp cacert.pem /etc/ssl/certs"
17582
msgstr ""
17583
17584
#: serverguide/C/network-auth.xml:2929(para)
17585
msgid ""
17586
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17587
msgstr ""
17588
17589
#: serverguide/C/network-auth.xml:2933(programlisting)
17590
#, no-wrap
17591
msgid ""
17592
"\n"
17593
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17594
msgstr ""
17595
17596
#: serverguide/C/network-auth.xml:2938(para)
17597
msgid ""
17598
"The certificate will also need to be copied to the Secondary KDC, to allow "
17599
"the connection to the LDAP servers using LDAPS."
17600
msgstr ""
17601
17602
#: serverguide/C/network-auth.xml:2947(para)
17603
msgid ""
17604
"You can now add Kerberos principals to the LDAP database, and they will be "
17605
"copied to any other LDAP servers configured for replication. To add a "
17606
"principal using the <application>kadmin.local</application> utility enter:"
17607
msgstr ""
17608
17609
#: serverguide/C/network-auth.xml:2955(userinput)
17610
#, no-wrap
17611
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17612
msgstr ""
17613
17614
#: serverguide/C/network-auth.xml:2954(computeroutput)
17615
#, no-wrap
17616
msgid ""
17617
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17618
"kadmin.local: <placeholder-1/>\n"
17619
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
17620
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
17621
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
17622
"Principal \"steve@EXAMPLE.COM\" created."
17623
msgstr ""
17624
17625
#: serverguide/C/network-auth.xml:2962(para)
17626
msgid ""
17627
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17628
"krbExtraData attributes added to the "
17629
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
17630
"the <application>kinit</application> and <application>klist</application> "
17631
"utilities to test that the user is indeed issued a ticket."
17632
msgstr ""
17633
17634
#: serverguide/C/network-auth.xml:2969(para)
17635
msgid ""
17636
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17637
"option is needed to add the Kerberos attributes. Otherwise a new "
17638
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17639
msgstr ""
17640
17641
#: serverguide/C/network-auth.xml:2977(title)
17642
msgid "Secondary KDC Configuration"
17643
msgstr ""
17644
17645
#: serverguide/C/network-auth.xml:2979(para)
17646
msgid ""
17647
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17648
"one using the normal Kerberos database."
17649
msgstr ""
17650
17651
#: serverguide/C/network-auth.xml:2985(para)
17652
msgid "First, install the necessary packages. In a terminal enter:"
17653
msgstr ""
17654
17655
#: serverguide/C/network-auth.xml:2996(para)
17656
msgid ""
17657
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17658
msgstr ""
17659
17660
#: serverguide/C/network-auth.xml:3000(programlisting)
17661
#, no-wrap
17662
msgid ""
17663
"\n"
17664
"[libdefaults]\n"
17665
" default_realm = EXAMPLE.COM\n"
17666
"\n"
17667
"...\n"
17668
"\n"
17669
"[realms]\n"
17670
" EXAMPLE.COM = {\n"
17671
" kdc = kdc01.example.com\n"
17672
" kdc = kdc02.example.com\n"
17673
" admin_server = kdc01.example.com\n"
17674
" admin_server = kdc02.example.com\n"
17675
" default_domain = example.com\n"
17676
" database_module = openldap_ldapconf\n"
17677
" }\n"
17678
"\n"
17679
"...\n"
17680
"\n"
17681
"[domain_realm]\n"
17682
" .example.com = EXAMPLE.COM\n"
17683
"\n"
17684
"...\n"
17685
"\n"
17686
"[dbdefaults]\n"
17687
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17688
"\n"
17689
"[dbmodules]\n"
17690
" openldap_ldapconf = {\n"
17691
" db_library = kldap\n"
17692
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17693
"\n"
17694
" # this object needs to have read rights on\n"
17695
" # the realm container, principal container and realm sub-"
17696
"trees\n"
17697
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17698
"\n"
17699
" # this object needs to have read and write rights on\n"
17700
" # the realm container, principal container and realm sub-"
17701
"trees\n"
17702
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17703
" ldap_servers = ldaps://ldap01.example.com "
17704
"ldaps://ldap02.example.com\n"
17705
" ldap_conns_per_server = 5\n"
17706
" }\n"
17707
msgstr ""
17708
17709
#: serverguide/C/network-auth.xml:3047(para)
17710
msgid "Create the stash for the LDAP bind password:"
17711
msgstr ""
17712
17713
#: serverguide/C/network-auth.xml:3058(para)
17714
msgid ""
17715
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17716
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17717
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
17718
"encrypted connection such as <application>scp</application>, or on physical "
17719
"media."
17720
msgstr ""
17721
17722
#: serverguide/C/network-auth.xml:3065(command)
17723
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17724
msgstr ""
17725
17726
#: serverguide/C/network-auth.xml:3066(command)
17727
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17728
msgstr ""
17729
17730
#: serverguide/C/network-auth.xml:3070(para)
17731
msgid ""
17732
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17733
msgstr ""
17734
17735
#: serverguide/C/network-auth.xml:3078(para)
17736
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17737
msgstr ""
17738
17739
#: serverguide/C/network-auth.xml:3089(para)
17740
msgid ""
17741
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17742
"you should be able to continue to authenticate users if one LDAP server, one "
17743
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17744
msgstr ""
17745
17746
#: serverguide/C/network-auth.xml:3101(para)
17747
msgid ""
17748
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17749
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17750
"Guide</ulink> has some additional details."
17751
msgstr ""
17752
17753
#: serverguide/C/network-auth.xml:3107(para)
17754
msgid ""
17755
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17756
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17757
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
17758
"5.6</ulink> and the <ulink "
17759
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
17760
"tml\">kdb5_ldap_util man page</ulink>."
17761
msgstr ""
17762
17763
#: serverguide/C/network-auth.xml:3115(para)
17764
msgid ""
17765
"Another useful link is the <ulink "
17766
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
17767
">krb5.conf man page</ulink>."
17768
msgstr ""
17769
17770
#: serverguide/C/network-auth.xml:3120(para)
17771
msgid ""
17772
"Also, see the <ulink "
17773
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17774
"and LDAP</ulink> Ubuntu wiki page."
17775
msgstr ""
17776
17777
#: serverguide/C/monitoring.xml:13(title)
17778
msgid "Monitoring"
17779
msgstr ""
17780
17781
#: serverguide/C/monitoring.xml:17(para)
17782
msgid ""
17783
"The monitoring of essential servers and services is an important part of "
17784
"system administration. Most network services are monitored for performance, "
17785
"availability, or both. This section will cover installation and "
17786
"configuration of <application>Nagios</application> for availability "
17787
"monitoring, and <application>Munin</application> for performance monitoring."
17788
msgstr ""
17789
17790
#: serverguide/C/monitoring.xml:24(para)
17791
msgid ""
17792
"The examples in this section will use two servers with hostnames "
17793
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
17794
"<emphasis>Server01</emphasis> will be configured with "
17795
"<application>Nagios</application> to monitor services on itself and "
17796
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
17797
"<application>munin</application> package to gather information from the "
17798
"network. Using the <application>munin-node</application> package, "
17799
"<emphasis>server02</emphasis> will be configured to send information to "
17800
"<emphasis>server01</emphasis>."
17801
msgstr ""
17802
17803
#: serverguide/C/monitoring.xml:33(para)
17804
msgid ""
17805
"Hopefully these simple examples will allow you to monitor additional servers "
17806
"and services on your network."
17807
msgstr ""
17808
17809
#: serverguide/C/monitoring.xml:39(title)
17810
msgid "Nagios"
17811
msgstr ""
17812
17813
#: serverguide/C/monitoring.xml:44(para)
17814
msgid ""
17815
"First, on <emphasis>server01</emphasis> install the "
17816
"<application>nagios</application> package. In a terminal enter:"
17817
msgstr ""
17818
17819
#: serverguide/C/monitoring.xml:50(command)
17820
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
17821
msgstr ""
17822
17823
#: serverguide/C/monitoring.xml:53(para)
17824
msgid ""
17825
"You will be asked to enter a password for the "
17826
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
17827
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
17828
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
17829
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
17830
"of the <application>apache2-utils</application> package."
17831
msgstr ""
17832
17833
#: serverguide/C/monitoring.xml:60(para)
17834
msgid ""
17835
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
17836
"user enter:"
17837
msgstr ""
17838
17839
#: serverguide/C/monitoring.xml:65(command)
17840
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
17841
msgstr ""
17842
17843
#: serverguide/C/monitoring.xml:68(para)
17844
msgid "To add a user:"
17845
msgstr ""
17846
17847
#: serverguide/C/monitoring.xml:73(command)
17848
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
17849
msgstr ""
17850
17851
#: serverguide/C/monitoring.xml:76(para)
17852
msgid ""
17853
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
17854
"server</application> package. From a terminal on server02 enter:"
17855
msgstr ""
17856
17857
#: serverguide/C/monitoring.xml:82(command)
17858
msgid "sudo apt-get install nagios-nrpe-server"
17859
msgstr ""
17860
17861
#: serverguide/C/monitoring.xml:86(para)
17862
msgid ""
17863
"<application>NRPE</application> allows you to execute local checks on remote "
17864
"hosts. There are other ways of accomplishing this through other Nagios "
17865
"plugins as well as other checks."
17866
msgstr ""
17867
17868
#: serverguide/C/monitoring.xml:94(title)
17869
msgid "Configuration Overview"
17870
msgstr ""
17871
17872
#: serverguide/C/monitoring.xml:96(para)
17873
msgid ""
17874
"There are a couple of directories containing "
17875
"<application>Nagios</application> configuration and check files."
17876
msgstr ""
17877
17878
#: serverguide/C/monitoring.xml:102(para)
17879
msgid ""
17880
"<filename>/etc/nagios3</filename>: contains configuration files for the "
17881
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
17882
"etc."
17883
msgstr ""
17884
17885
#: serverguide/C/monitoring.xml:108(para)
17886
msgid ""
17887
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
17888
"service checks."
17889
msgstr ""
17890
17891
#: serverguide/C/monitoring.xml:113(para)
17892
msgid ""
17893
"<filename>/etc/nagios</filename>: on the remote host contains the "
17894
"<application>nagios-nrpe-server</application> configuration files."
17895
msgstr ""
17896
17897
#: serverguide/C/monitoring.xml:118(para)
17898
msgid ""
17899
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
17900
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
17901
msgstr ""
17902
17903
#: serverguide/C/monitoring.xml:123(para)
17904
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
17905
msgstr ""
17906
17907
#: serverguide/C/monitoring.xml:129(para)
17908
msgid ""
17909
"There are a plethora of checks <application>Nagios</application> can be "
17910
"configured to execute for any given host. For this example Nagios will be "
17911
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
17912
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
17913
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
17914
msgstr ""
17915
17916
#: serverguide/C/monitoring.xml:136(para)
17917
msgid ""
17918
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
17919
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
17920
msgstr ""
17921
17922
#: serverguide/C/monitoring.xml:141(para)
17923
msgid ""
17924
"Additionally, there are some terms that once explained will hopefully make "
17925
"understanding Nagios configuration easier:"
17926
msgstr ""
17927
17928
#: serverguide/C/monitoring.xml:147(para)
17929
msgid ""
17930
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
17931
"is being monitored."
17932
msgstr ""
17933
17934
#: serverguide/C/monitoring.xml:152(para)
17935
msgid ""
17936
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
17937
"could group all web servers, file server, etc."
17938
msgstr ""
17939
17940
#: serverguide/C/monitoring.xml:157(para)
17941
msgid ""
17942
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
17943
"as HTTP, DNS, NFS, etc."
17944
msgstr ""
17945
17946
#: serverguide/C/monitoring.xml:162(para)
17947
msgid ""
17948
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
17949
"together. This is useful for grouping multiple HTTP for example."
17950
msgstr ""
17951
17952
#: serverguide/C/monitoring.xml:168(para)
17953
msgid ""
17954
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
17955
"place. Nagios can be configured to send emails, SMS messages, etc."
17956
msgstr ""
17957
17958
#: serverguide/C/monitoring.xml:174(para)
17959
msgid ""
17960
"By default Nagios is configured to check HTTP, disk space, SSH, current "
17961
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
17962
"will also <application>ping</application> check the "
17963
"<emphasis>gateway</emphasis>."
17964
msgstr ""
17965
17966
#: serverguide/C/monitoring.xml:179(para)
17967
msgid ""
17968
"Large Nagios installations can be quite complex to configure. It is usually "
17969
"best to start small, one or two hosts, get things configured the way you "
17970
"like then expand."
17971
msgstr ""
17972
17973
#: serverguide/C/monitoring.xml:194(para)
17974
msgid ""
17975
"First, create a <emphasis>host</emphasis> configuration file for "
17976
"<emphasis>server02</emphasis>. In a terminal enter:"
17977
msgstr ""
17978
17979
#: serverguide/C/monitoring.xml:199(command)
17980
msgid ""
17981
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
17982
"/etc/nagios3/conf.d/server02.cfg"
17983
msgstr ""
17984
17985
#: serverguide/C/monitoring.xml:203(para)
17986
msgid ""
17987
"In the above and following command examples, replace "
17988
"<emphasis>\"server01\"</emphasis>, "
17989
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
17990
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
17991
"your servers."
17992
msgstr ""
17993
17994
#: serverguide/C/monitoring.xml:212(para)
17995
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17996
msgstr ""
17997
17998
#: serverguide/C/monitoring.xml:216(programlisting)
17999
#, no-wrap
18000
msgid ""
18001
"\n"
18002
"define host{\n"
18003
" use generic-host ; Name of host "
18004
"template to use\n"
18005
" host_name server02\n"
18006
" alias Server 02\n"
18007
" address 172.18.100.101\n"
18008
"}\n"
18009
"\n"
18010
"# check DNS service.\n"
18011
"define service {\n"
18012
" use generic-service\n"
18013
" host_name server02\n"
18014
" service_description DNS\n"
18015
" check_command check_dns!172.18.100.101\n"
18016
"}\n"
18017
msgstr ""
18018
18019
#: serverguide/C/monitoring.xml:236(para)
18020
msgid ""
18021
"Restart the <application>nagios</application> daemon to enable the new "
18022
"configuration:"
18023
msgstr ""
18024
18025
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
18026
msgid "sudo /etc/init.d/nagios3 restart"
18027
msgstr ""
18028
18029
#: serverguide/C/monitoring.xml:251(para)
18030
msgid ""
18031
"Now add a service definition for the MySQL check by adding the following to "
18032
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
18033
msgstr ""
18034
18035
#: serverguide/C/monitoring.xml:255(programlisting)
18036
#, no-wrap
18037
msgid ""
18038
"\n"
18039
"# check MySQL servers.\n"
18040
"define service {\n"
18041
" hostgroup_name mysql-servers\n"
18042
" service_description MySQL\n"
18043
" check_command "
18044
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
18045
" use generic-service\n"
18046
" notification_interval 0 ; set > 0 if you want to be "
18047
"renotified\n"
18048
"}\n"
18049
msgstr ""
18050
18051
#: serverguide/C/monitoring.xml:269(para)
18052
msgid ""
18053
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
18054
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
18055
msgstr ""
18056
18057
#: serverguide/C/monitoring.xml:274(programlisting)
18058
#, no-wrap
18059
msgid ""
18060
"\n"
18061
"# MySQL hostgroup.\n"
18062
"define hostgroup {\n"
18063
" hostgroup_name mysql-servers\n"
18064
" alias MySQL servers\n"
18065
" members localhost, server02\n"
18066
" }\n"
18067
msgstr ""
18068
18069
#: serverguide/C/monitoring.xml:286(para)
18070
msgid ""
18071
"The Nagios check needs to authenticate to MySQL. To add a "
18072
"<emphasis>nagios</emphasis> user to MySQL enter:"
18073
msgstr ""
18074
18075
#: serverguide/C/monitoring.xml:291(command)
18076
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
18077
msgstr ""
18078
18079
#: serverguide/C/monitoring.xml:295(para)
18080
msgid ""
18081
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
18082
"<emphasis>mysql-servers</emphasis> hostgroup."
18083
msgstr ""
18084
18085
#: serverguide/C/monitoring.xml:303(para)
18086
msgid ""
18087
"Restart <application>nagios</application> to start checking the MySQL "
18088
"servers."
18089
msgstr ""
18090
18091
#: serverguide/C/monitoring.xml:318(para)
18092
msgid ""
18093
"Lastly configure NRPE to check the disk space on "
18094
"<emphasis>server02</emphasis>."
18095
msgstr ""
18096
18097
#: serverguide/C/monitoring.xml:322(para)
18098
msgid ""
18099
"On <emphasis>server01</emphasis> add the service check to "
18100
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
18101
msgstr ""
18102
18103
#: serverguide/C/monitoring.xml:327(programlisting)
18104
#, no-wrap
18105
msgid ""
18106
"\n"
18107
"# NRPE disk check.\n"
18108
"define service {\n"
18109
" use generic-service\n"
18110
" host_name server02\n"
18111
" service_description nrpe-disk\n"
18112
" check_command "
18113
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
18114
"}\n"
18115
msgstr ""
18116
18117
#: serverguide/C/monitoring.xml:340(para)
18118
msgid ""
18119
"Now on <emphasis>server02</emphasis> edit "
18120
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
18121
msgstr ""
18122
18123
#: serverguide/C/monitoring.xml:344(programlisting)
18124
#, no-wrap
18125
msgid ""
18126
"\n"
18127
"allowed_hosts=172.18.100.100\n"
18128
msgstr ""
18129
18130
#: serverguide/C/monitoring.xml:348(para)
18131
msgid "And below in the command definition area add:"
18132
msgstr ""
18133
18134
#: serverguide/C/monitoring.xml:352(programlisting)
18135
#, no-wrap
18136
msgid ""
18137
"\n"
18138
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
18139
"e\n"
18140
msgstr ""
18141
18142
#: serverguide/C/monitoring.xml:359(para)
18143
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
18144
msgstr ""
18145
18146
#: serverguide/C/monitoring.xml:364(command)
18147
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
18148
msgstr ""
18149
18150
#: serverguide/C/monitoring.xml:370(para)
18151
msgid ""
18152
"Also, on <emphasis>server01</emphasis> restart "
18153
"<application>nagios</application>:"
18154
msgstr ""
18155
18156
#: serverguide/C/monitoring.xml:383(para)
18157
msgid ""
18158
"You should now be able to see the host and service checks in the Nagios CGI "
18159
"files. To access them point a browser to http://server01/nagios3. You will "
18160
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
18161
"password."
18162
msgstr ""
18163
18164
#: serverguide/C/monitoring.xml:393(para)
18165
msgid ""
18166
"This section has just scratched the surface of Nagios' features. The "
18167
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
18168
"plugins</application> contain many more service checks."
18169
msgstr ""
18170
18171
#: serverguide/C/monitoring.xml:400(para)
18172
msgid ""
18173
"For more information see <ulink "
18174
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
18175
msgstr ""
18176
18177
#: serverguide/C/monitoring.xml:405(para)
18178
msgid ""
18179
"Specifically the <ulink "
18180
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
18181
"site."
18182
msgstr ""
18183
18184
#: serverguide/C/monitoring.xml:410(para)
18185
msgid ""
18186
"There is also a list of <ulink "
18187
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
18188
"Nagios and network monitoring:"
18189
msgstr ""
18190
18191
#: serverguide/C/monitoring.xml:416(para)
18192
msgid ""
18193
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
18194
"Wiki</ulink> page also has more details."
18195
msgstr ""
18196
18197
#: serverguide/C/monitoring.xml:425(title)
18198
msgid "Munin"
18199
msgstr ""
18200
18201
#: serverguide/C/monitoring.xml:430(para)
18202
msgid ""
18203
"Before installing <application>Munin</application> on "
18204
"<emphasis>server01</emphasis><application>apache2</application> will need to "
18205
"be installed. The default configuration is fine for running a "
18206
"<application>munin</application> server. For more information see <xref "
18207
"linkend=\"httpd\"/>."
18208
msgstr ""
18209
18210
#: serverguide/C/monitoring.xml:436(para)
18211
msgid ""
18212
"First, on <emphasis>server01</emphasis> install "
18213
"<application>munin</application>. In a terminal enter:"
18214
msgstr ""
18215
18216
#: serverguide/C/monitoring.xml:441(command)
18217
msgid "sudo apt-get install munin"
18218
msgstr ""
18219
18220
#: serverguide/C/monitoring.xml:444(para)
18221
msgid ""
18222
"Now on <emphasis>server02</emphasis> install the <application>munin-"
18223
"node</application> package:"
18224
msgstr ""
18225
18226
#: serverguide/C/monitoring.xml:449(command)
18227
msgid "sudo apt-get install munin-node"
18228
msgstr ""
18229
18230
#: serverguide/C/monitoring.xml:456(para)
18231
msgid ""
18232
"On <emphasis>server01</emphasis> edit the "
18233
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
18234
"<emphasis>server02</emphasis>:"
18235
msgstr ""
18236
18237
#: serverguide/C/monitoring.xml:461(programlisting)
18238
#, no-wrap
18239
msgid ""
18240
"\n"
18241
"## First our \"normal\" host.\n"
18242
"[server02]\n"
18243
" address 172.18.100.101\n"
18244
msgstr ""
18245
18246
#: serverguide/C/monitoring.xml:468(para)
18247
msgid ""
18248
"Replace <emphasis>server02</emphasis> and "
18249
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
18250
"for your server."
18251
msgstr ""
18252
18253
#: serverguide/C/monitoring.xml:474(para)
18254
msgid ""
18255
"Next, configure <application>munin-node</application> on "
18256
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
18257
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
18258
msgstr ""
18259
18260
#: serverguide/C/monitoring.xml:479(programlisting)
18261
#, no-wrap
18262
msgid ""
18263
"\n"
18264
"allow ^172\\.18\\.100\\.100$\n"
18265
msgstr ""
18266
18267
#: serverguide/C/monitoring.xml:484(para)
18268
msgid ""
18269
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
18270
"<application>munin</application> server."
18271
msgstr ""
18272
18273
#: serverguide/C/monitoring.xml:489(para)
18274
msgid ""
18275
"Now restart <application>munin-node</application> on "
18276
"<emphasis>server02</emphasis> for the changes to take effect:"
18277
msgstr ""
18278
18279
#: serverguide/C/monitoring.xml:494(command)
18280
msgid "sudo /etc/init.d/munin-node restart"
18281
msgstr ""
18282
18283
#: serverguide/C/monitoring.xml:497(para)
18284
msgid ""
18285
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
18286
"you should see links to nice graphs displaying information from the standard "
18287
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
18288
msgstr ""
18289
18290
#: serverguide/C/monitoring.xml:503(para)
18291
msgid ""
18292
"Since this is a new install it may take some time for the graphs to display "
18293
"anything useful."
18294
msgstr ""
18295
18296
#: serverguide/C/monitoring.xml:510(title)
18297
msgid "Additional Plugins"
18298
msgstr ""
18299
18300
#: serverguide/C/monitoring.xml:512(para)
18301
msgid ""
18302
"The <application>munin-plugins-extra</application> package contains "
18303
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
18304
"install the package, from a terminal enter:"
18305
msgstr ""
18306
18307
#: serverguide/C/monitoring.xml:518(command)
18308
msgid "sudo apt-get install munin-plugins-extra"
18309
msgstr ""
18310
18311
#: serverguide/C/monitoring.xml:521(para)
18312
msgid "Be sure to install the package on both the server and node machines."
18313
msgstr ""
18314
18315
#: serverguide/C/monitoring.xml:531(para)
18316
msgid ""
18317
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
18318
"website for more details."
18319
msgstr ""
18320
18321
#: serverguide/C/monitoring.xml:536(para)
18322
msgid ""
18323
"Specifically the <ulink "
18324
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
18325
"Documentation</ulink> page includes information on additional plugins, "
18326
"writing plugins, etc."
18327
msgstr ""
18328
18329
#: serverguide/C/monitoring.xml:542(para)
18330
msgid ""
18331
"Also, there is a book in German by Open Source Press: <ulink "
18332
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
18333
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
18334
msgstr ""
18335
18336
#: serverguide/C/monitoring.xml:548(para)
18337
msgid ""
18338
"Another resource is the <ulink "
18339
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
18340
"page."
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:13(title)
18344
msgid "Email Services"
18345
msgstr "邮件服务"
18346
18347
#: serverguide/C/mail.xml:14(para)
18348
msgid ""
18349
"The process of getting an email from one person to another over a network or "
18350
"the Internet involves many systems working together. Each of these systems "
18351
"must be correctly configured for the process to work. The sender uses a "
18352
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
18353
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
18354
"the last of which will hand it off to a <emphasis>Mail Delivery "
18355
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
18356
"it will be retrieved by the recipient's email client, usually via a POP3 or "
18357
"IMAP server."
18358
msgstr ""
18359
"在网络或 Internet "
18360
"上从一个人得到邮件给另一个人的处理过程包含许多系统的协同工作。这些系统中的每一个都必须配置正确以便可以正常工作。发送者使用一个 <emphasis>邮件用"
18361
"户代理</emphasis> (MUA),或邮件客户端通过一个或多个 <emphasis>邮件传输代理</emphasis> (MTA) "
18362
"来发送信息,最后一个将信息送到 <emphasis>邮件投递代理</emphasis> (MDA) "
18363
"以便将其投递到接受者的收件箱中。该信息将会被接受者邮件客户端检索到,通常是通过 POP3 或 IMAP 服务器。"
18364
18365
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
18366
msgid "Postfix"
18367
msgstr "Postfix"
18368
18369
#: serverguide/C/mail.xml:25(para)
18370
msgid ""
18371
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
18372
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
18373
"compatible with the MTA <application>sendmail</application>. This section "
18374
"explains how to install and configure <application>postfix</application>. It "
18375
"also explains how to set it up as an SMTP server using a secure connection "
18376
"(for sending emails securely)."
18377
msgstr ""
18378
"<application>Postfix</application> 是 Ubuntu 中缺省的邮件传输代理 "
18379
"(MTA)。它试图变得快捷、易于管理和安全。它与 MTA <application>sendmail</application> "
18380
"兼容。这部分内容说明如何安装和配置 <application>postfix</application>。还说明如何将它设置成使用安全连接的 SMTP "
18381
"服务器 (为了安全发送邮件)。"
18382
18383
#: serverguide/C/mail.xml:34(para)
18384
msgid ""
18385
"This guide does not cover setting up Postfix <emphasis>Virtual "
18386
"Domains</emphasis>, for information on Virtual Domains and other advanced "
18387
"configurations see <xref linkend=\"postfix-references\"/>."
18388
msgstr ""
18389
18390
#: serverguide/C/mail.xml:41(para)
18391
msgid ""
18392
"To install <application>postfix</application> run the following command:"
18393
msgstr ""
18394
18395
#: serverguide/C/mail.xml:47(para)
18396
msgid ""
18397
"Simply press return when the installation process asks questions, the "
18398
"configuration will be done in greater detail in the next stage."
18399
msgstr ""
18400
18401
#: serverguide/C/mail.xml:52(title)
18402
msgid "Basic Configuration"
18403
msgstr "基本配置"
18404
18405
#: serverguide/C/mail.xml:53(para)
18406
msgid ""
18407
"To configure <application>postfix</application>, run the following command:"
18408
msgstr ""
18409
18410
#: serverguide/C/mail.xml:57(command)
18411
msgid "sudo dpkg-reconfigure postfix"
18412
msgstr "sudo dpkg-reconfigure postfix"
18413
18414
#: serverguide/C/mail.xml:63(para)
18415
msgid "Internet Site"
18416
msgstr "Internet 站点"
18417
18418
#: serverguide/C/mail.xml:64(para)
18419
msgid "mail.example.com"
18420
msgstr "mail.example.com"
18421
18422
#: serverguide/C/mail.xml:65(para)
18423
msgid "steve"
18424
msgstr ""
18425
18426
#: serverguide/C/mail.xml:66(para)
18427
msgid "mail.example.com, localhost.localdomain, localhost"
18428
msgstr "mail.example.com, localhost.localdomain, localhost"
18429
18430
#: serverguide/C/mail.xml:67(para)
18431
msgid "No"
18432
msgstr "No"
18433
18434
#: serverguide/C/mail.xml:68(para)
18435
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
18436
msgstr ""
18437
18438
#: serverguide/C/mail.xml:69(para)
18439
msgid "0"
18440
msgstr "0"
18441
18442
#: serverguide/C/mail.xml:70(para)
18443
msgid "+"
18444
msgstr "+"
18445
18446
#: serverguide/C/mail.xml:71(para)
18447
msgid "all"
18448
msgstr "全部"
18449
18450
#: serverguide/C/mail.xml:59(para)
18451
msgid ""
18452
"The user interface will be displayed. On each screen, select the following "
18453
"values: <placeholder-1/>"
18454
msgstr ""
18455
18456
#: serverguide/C/mail.xml:75(para)
18457
msgid ""
18458
"Replace mail.example.com with the domain for which you'll accept email, "
18459
"192.168.0.0/24 with the actual network and class range of your mail server, "
18460
"and steve with the appropriate username."
18461
msgstr ""
18462
18463
#: serverguide/C/mail.xml:81(para)
18464
msgid ""
18465
"Now is a good time to decide which mailbox format you want to use. By "
18466
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
18467
"mailbox format. Rather than editing the configuration file directly, you can "
18468
"use the <command>postconf</command> command to configure all "
18469
"<application>postfix</application> parameters. The configuration parameters "
18470
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
18471
"you wish to re-configure a particular parameter, you can either run the "
18472
"command or change it manually in the file."
18473
msgstr ""
18474
18475
#: serverguide/C/mail.xml:92(para)
18476
msgid ""
18477
"To configure the mailbox format for <emphasis "
18478
"role=\"strong\">Maildir:</emphasis>"
18479
msgstr ""
18480
18481
#: serverguide/C/mail.xml:97(command)
18482
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
18483
msgstr "sudo postconf -e 'home_mailbox = Maildir/'"
18484
18485
#: serverguide/C/mail.xml:100(para)
18486
msgid ""
18487
"This will place new mail in /home/<emphasis "
18488
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
18489
"your Mail Delivery Agent (MDA) to use the same path."
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
18493
msgid "SMTP Authentication"
18494
msgstr "SMTP 认证"
18495
18496
#: serverguide/C/mail.xml:110(para)
18497
msgid ""
18498
"SMTP-AUTH allows a client to identify itself through an authentication "
18499
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
18500
"the authentication process. Once authenticated the SMTP server will allow "
18501
"the client to relay mail."
18502
msgstr ""
18503
18504
#: serverguide/C/mail.xml:117(para)
18505
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
18506
msgstr ""
18507
18508
#: serverguide/C/mail.xml:120(screen)
18509
#, no-wrap
18510
msgid ""
18511
"\n"
18512
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
18513
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
18514
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
18515
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
18516
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
18517
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
18518
"sudo postconf -e 'smtpd_recipient_restrictions = "
18519
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
18520
"sudo postconf -e 'inet_interfaces = all'\n"
18521
msgstr ""
18522
18523
#: serverguide/C/mail.xml:131(para)
18524
msgid ""
18525
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
18526
"the Postfix queue directory."
18527
msgstr ""
18528
18529
#: serverguide/C/mail.xml:137(para)
18530
msgid ""
18531
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
18532
"and-security\"/> for details. This example also uses a Certificate Authority "
18533
"(CA). For information on generating a CA certificate see <xref "
18534
"linkend=\"certificate-authority\"/>."
18535
msgstr ""
18536
18537
#: serverguide/C/mail.xml:143(para)
18538
msgid ""
18539
"You can get the digital certificate from a certificate authority. But unlike "
18540
"web clients, SMTP clients rarely complain about \"self-signed "
18541
"certificates\", so alternatively, you can create the certificate yourself. "
18542
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
18543
"details."
18544
msgstr ""
18545
18546
#: serverguide/C/mail.xml:155(para)
18547
msgid ""
18548
"Once you have a certificate, configure Postfix to provide TLS encryption for "
18549
"both incoming and outgoing mail:"
18550
msgstr ""
18551
18552
#: serverguide/C/mail.xml:158(screen)
18553
#, no-wrap
18554
msgid ""
18555
"\n"
18556
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
18557
"sudo postconf -e 'smtp_use_tls = yes'\n"
18558
"sudo postconf -e 'smtpd_use_tls = yes'\n"
18559
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
18560
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
18561
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
18562
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
18563
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
18564
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
18565
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
18566
"sudo postconf -e 'myhostname = mail.example.com'\n"
18567
msgstr ""
18568
18569
#: serverguide/C/mail.xml:173(para)
18570
msgid ""
18571
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
18572
"the certificate enter:"
18573
msgstr ""
18574
18575
#: serverguide/C/mail.xml:177(command)
18576
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
18577
msgstr ""
18578
18579
#: serverguide/C/mail.xml:180(para)
18580
msgid ""
18581
"Again, for more details about certificates see <xref linkend=\"certificates-"
18582
"and-security\"/>."
18583
msgstr ""
18584
18585
#: serverguide/C/mail.xml:186(para)
18586
msgid ""
18587
"After running all the commands, <application>Postfix</application> is "
18588
"configured for SMTP-AUTH and a self-signed certificate has been created for "
18589
"TLS encryption."
18590
msgstr ""
18591
18592
#: serverguide/C/mail.xml:191(para)
18593
msgid ""
18594
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
18595
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
18596
msgstr ""
18597
"现在文件 <filename>/etc/postfix/main.cf</filename> 看上去就象 <ulink "
18598
"url=\"../sample/postfix_configuration\">这样</ulink>。"
18599
18600
#: serverguide/C/mail.xml:195(para)
18601
msgid ""
18602
"The postfix initial configuration is complete. Run the following command to "
18603
"restart the postfix daemon:"
18604
msgstr ""
18605
18606
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
18607
msgid "sudo /etc/init.d/postfix restart"
18608
msgstr "sudo /etc/init.d/postfix restart"
18609
18610
#: serverguide/C/mail.xml:204(para)
18611
msgid ""
18612
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
18613
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
18614
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
18615
"However it is still necessary to set up SASL authentication before you can "
18616
"use SMTP-AUTH."
18617
msgstr ""
18618
18619
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
18620
msgid "Configuring SASL"
18621
msgstr "配置 SASL"
18622
18623
#: serverguide/C/mail.xml:215(para)
18624
msgid ""
18625
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
18626
"enable Dovecot SASL the <application>dovecot-common</application> package "
18627
"will need to be installed. From a terminal prompt enter the following:"
18628
msgstr ""
18629
18630
#: serverguide/C/mail.xml:221(command)
18631
msgid "sudo apt-get install dovecot-common"
18632
msgstr "sudo apt-get install dovecot-common"
18633
18634
#: serverguide/C/mail.xml:223(para)
18635
msgid ""
18636
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
18637
"In the <emphasis>auth default</emphasis> section uncomment the "
18638
"<emphasis>socket listen</emphasis> option and change the following:"
18639
msgstr ""
18640
18641
#: serverguide/C/mail.xml:227(programlisting)
18642
#, no-wrap
18643
msgid ""
18644
"\n"
18645
" socket listen {\n"
18646
" #master {\n"
18647
" # Master socket provides access to userdb information. It's typically\n"
18648
" # used to give Dovecot's local delivery agent access to userdb so it\n"
18649
" # can find mailbox locations.\n"
18650
" #path = /var/run/dovecot/auth-master\n"
18651
" #mode = 0600\n"
18652
" # Default user/group is the one who started dovecot-auth (root)\n"
18653
" #user = \n"
18654
" #group = \n"
18655
" #}\n"
18656
" client {\n"
18657
" # The client socket is generally safe to export to everyone. Typical "
18658
"use\n"
18659
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
18660
" # using it.\n"
18661
" path = /var/spool/postfix/private/auth-client\n"
18662
" mode = 0660\n"
18663
" user = postfix\n"
18664
" group = postfix\n"
18665
" }\n"
18666
" }\n"
18667
msgstr ""
18668
18669
#: serverguide/C/mail.xml:251(para)
18670
msgid ""
18671
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
18672
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
18673
"add <emphasis>\"login\"</emphasis>:"
18674
msgstr ""
18675
18676
#: serverguide/C/mail.xml:256(programlisting)
18677
#, no-wrap
18678
msgid ""
18679
"\n"
18680
" mechanisms = plain login\n"
18681
msgstr ""
18682
18683
#: serverguide/C/mail.xml:260(para)
18684
msgid ""
18685
"Once you have <application>Dovecot</application> configured restart it with:"
18686
msgstr ""
18687
18688
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
18689
msgid "sudo /etc/init.d/dovecot restart"
18690
msgstr ""
18691
18692
#: serverguide/C/mail.xml:269(title)
18693
msgid "Postfix-Dovecot"
18694
msgstr ""
18695
18696
#: serverguide/C/mail.xml:271(para)
18697
msgid ""
18698
"Another option for configuring <application>Postfix</application> for SMTP-"
18699
"AUTH is using the <application>dovecot-postfix</application> package. This "
18700
"package will install <application>Dovecot</application> and configure "
18701
"<application>Postfix</application> to use it for both SASL authentication "
18702
"and as a Mail Delivery Agent (MDA). The package also configures "
18703
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
18704
msgstr ""
18705
18706
#: serverguide/C/mail.xml:280(para)
18707
msgid ""
18708
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
18709
"server. For example, if you are configuring your server to be a mail "
18710
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
18711
"the above commands to configure Postfix for SMTPAUTH."
18712
msgstr ""
18713
18714
#: serverguide/C/mail.xml:287(para)
18715
msgid "To install the package, from a terminal prompt enter:"
18716
msgstr ""
18717
18718
#: serverguide/C/mail.xml:292(command)
18719
msgid "sudo apt-get install dovecot-postfix"
18720
msgstr ""
18721
18722
#: serverguide/C/mail.xml:295(para)
18723
msgid ""
18724
"You should now have a working mail server, but there are a few options that "
18725
"you may wish to further customize. For example, the package uses the "
18726
"certificate and key from the <application>ssl-cert</application> package, "
18727
"and in a production environment you should use a certificate and key "
18728
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
18729
"for more details."
18730
msgstr ""
18731
18732
#: serverguide/C/mail.xml:301(para)
18733
msgid ""
18734
"Once you have a customized certificate and key for the host, change the "
18735
"following options in <filename>/etc/postfix/main.cf</filename>:"
18736
msgstr ""
18737
18738
#: serverguide/C/mail.xml:305(programlisting)
18739
#, no-wrap
18740
msgid ""
18741
"\n"
18742
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
18743
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
18744
msgstr ""
18745
18746
#: serverguide/C/mail.xml:310(para)
18747
msgid "Then restart Postfix:"
18748
msgstr ""
18749
18750
#: serverguide/C/mail.xml:321(para)
18751
msgid ""
18752
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
18753
msgstr ""
18754
18755
#: serverguide/C/mail.xml:324(para)
18756
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
18757
msgstr ""
18758
18759
#: serverguide/C/mail.xml:329(command)
18760
msgid "telnet mail.example.com 25"
18761
msgstr "telnet mail.example.com 25"
18762
18763
#: serverguide/C/mail.xml:331(para)
18764
msgid ""
18765
"After you have established the connection to the postfix mail server, type:"
18766
msgstr ""
18767
18768
#: serverguide/C/mail.xml:335(screen)
18769
#, no-wrap
18770
msgid ""
18771
"\n"
18772
"ehlo mail.example.com\n"
18773
msgstr ""
18774
"\n"
18775
"ehlo mail.example.com\n"
18776
18777
#: serverguide/C/mail.xml:338(para)
18778
msgid ""
18779
"If you see the following lines among others, then everything is working "
18780
"perfectly. Type <command>quit</command> to exit."
18781
msgstr ""
18782
18783
#: serverguide/C/mail.xml:342(programlisting)
18784
#, no-wrap
18785
msgid ""
18786
"\n"
18787
"250-STARTTLS\n"
18788
"250-AUTH LOGIN PLAIN\n"
18789
"250-AUTH=LOGIN PLAIN\n"
18790
"250 8BITMIME\n"
18791
msgstr ""
18792
"\n"
18793
"250-STARTTLS\n"
18794
"250-AUTH LOGIN PLAIN\n"
18795
"250-AUTH=LOGIN PLAIN\n"
18796
"250 8BITMIME\n"
18797
18798
#: serverguide/C/mail.xml:352(para)
18799
msgid ""
18800
"This section introduces some common ways to determine the cause if problems "
18801
"arise."
18802
msgstr ""
18803
18804
#: serverguide/C/mail.xml:356(title)
18805
msgid "Escaping chroot"
18806
msgstr ""
18807
18808
#: serverguide/C/mail.xml:357(para)
18809
msgid ""
18810
"The Ubuntu <application>postfix</application> package will by default "
18811
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
18812
"This can add greater complexity when troubleshooting problems."
18813
msgstr ""
18814
18815
#: serverguide/C/mail.xml:361(para)
18816
msgid ""
18817
"To turn off the chroot operation locate for the following line in the "
18818
"<filename>/etc/postfix/master.cf</filename> configuration file:"
18819
msgstr ""
18820
18821
#: serverguide/C/mail.xml:365(screen)
18822
#, no-wrap
18823
msgid ""
18824
"\n"
18825
"smtp inet n - - - - smtpd\n"
18826
msgstr ""
18827
"\n"
18828
"smtp inet n - - - - smtpd\n"
18829
18830
#: serverguide/C/mail.xml:368(para)
18831
msgid "and modify it as follows:"
18832
msgstr "并且修改它如下:"
18833
18834
#: serverguide/C/mail.xml:371(screen)
18835
#, no-wrap
18836
msgid ""
18837
"\n"
18838
"smtp inet n - n - - smtpd\n"
18839
msgstr ""
18840
"\n"
18841
"smtp inet n - n - - smtpd\n"
18842
18843
#: serverguide/C/mail.xml:374(para)
18844
msgid ""
18845
"You will then need to restart Postfix to use the new configuration. From a "
18846
"terminal prompt enter:"
18847
msgstr ""
18848
18849
#: serverguide/C/mail.xml:382(title)
18850
msgid "Log Files"
18851
msgstr ""
18852
18853
#: serverguide/C/mail.xml:383(para)
18854
msgid ""
18855
"<application>Postfix</application> sends all log messages to "
18856
"<filename>/var/log/mail.log</filename>. However error and warning messages "
18857
"can sometimes get lost in the normal log output so they are also logged to "
18858
"<filename>/var/log/mail.err</filename> and "
18859
"<filename>/var/log/mail.warn</filename> respectively."
18860
msgstr ""
18861
18862
#: serverguide/C/mail.xml:388(para)
18863
msgid ""
18864
"To see messages entered into the logs in real time you can use the "
18865
"<application>tail -f</application> command:"
18866
msgstr ""
18867
18868
#: serverguide/C/mail.xml:393(command)
18869
msgid "tail -f /var/log/mail.err"
18870
msgstr "tail -f /var/log/mail.err"
18871
18872
#: serverguide/C/mail.xml:395(para)
18873
msgid ""
18874
"The amount of detail that is recorded in the logs can be increased. Below "
18875
"are some configuration options for increasing the log level for some of the "
18876
"areas covered above."
18877
msgstr ""
18878
18879
#: serverguide/C/mail.xml:401(para)
18880
msgid ""
18881
"To increase <emphasis>TLS</emphasis> activity logging set the "
18882
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
18883
msgstr ""
18884
18885
#: serverguide/C/mail.xml:405(command)
18886
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18887
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18888
18889
#: serverguide/C/mail.xml:409(para)
18890
msgid ""
18891
"If you are having trouble sending or receiving mail from a specific domain "
18892
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
18893
msgstr ""
18894
18895
#: serverguide/C/mail.xml:414(command)
18896
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
18897
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
18898
18899
#: serverguide/C/mail.xml:418(para)
18900
msgid ""
18901
"You can increase the verbosity of any <application>Postfix</application> "
18902
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
18903
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
18904
"<emphasis>smtp</emphasis> entry:"
18905
msgstr ""
18906
18907
#: serverguide/C/mail.xml:422(programlisting)
18908
#, no-wrap
18909
msgid ""
18910
"\n"
18911
"smtp unix - - - - - smtp -v\n"
18912
msgstr ""
18913
"\n"
18914
"smtp unix - - - - - smtp -v\n"
18915
18916
#: serverguide/C/mail.xml:428(para)
18917
msgid ""
18918
"It is important to note that after making one of the logging changes above "
18919
"the <application>Postfix</application> process will need to be reloaded in "
18920
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
18921
"reload</command>"
18922
msgstr ""
18923
18924
#: serverguide/C/mail.xml:435(para)
18925
msgid ""
18926
"To increase the amount of information logged when troubleshooting "
18927
"<emphasis>SASL</emphasis> issues you can set the following options in "
18928
"<filename>/etc/dovecot/dovecot.conf</filename>"
18929
msgstr ""
18930
18931
#: serverguide/C/mail.xml:439(programlisting)
18932
#, no-wrap
18933
msgid ""
18934
"\n"
18935
"auth_debug=yes\n"
18936
"auth_debug_passwords=yes\n"
18937
msgstr ""
18938
"\n"
18939
"auth_debug=yes\n"
18940
"auth_debug_passwords=yes\n"
18941
18942
#: serverguide/C/mail.xml:446(para)
18943
msgid ""
18944
"Just like <application>Postfix</application> if you change a "
18945
"<application>Dovecot</application> configuration the process will need to be "
18946
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
18947
msgstr ""
18948
18949
#: serverguide/C/mail.xml:452(para)
18950
msgid ""
18951
"Some of the options above can drastically increase the amount of information "
18952
"sent to the log files. Remember to return the log level back to normal after "
18953
"you have corrected the problem. Then reload the appropriate daemon for the "
18954
"new configuration to take affect."
18955
msgstr ""
18956
18957
#: serverguide/C/mail.xml:460(para)
18958
msgid ""
18959
"Administering a <application>Postfix</application> server can be a very "
18960
"complicated task. At some point you may need to turn to the Ubuntu community "
18961
"for more experienced help."
18962
msgstr ""
18963
18964
#: serverguide/C/mail.xml:464(para)
18965
msgid ""
18966
"A great place to ask for <application>Postfix</application> assistance, and "
18967
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
18968
"server</emphasis> IRC channel on <ulink "
18969
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
18970
"one of the <ulink "
18971
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
18972
msgstr ""
18973
18974
#: serverguide/C/mail.xml:469(para)
18975
msgid ""
18976
"For in depth <application>Postfix</application> information Ubuntu "
18977
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
18978
"Book of Postfix</ulink>."
18979
msgstr ""
18980
18981
#: serverguide/C/mail.xml:473(para)
18982
msgid ""
18983
"Finally, the <ulink "
18984
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
18985
"also has great documentation on all the different configuration options "
18986
"available."
18987
msgstr ""
18988
18989
#: serverguide/C/mail.xml:477(para)
18990
msgid ""
18991
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
18992
"Wiki Postifx</ulink> page has more information."
18993
msgstr ""
18994
18995
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
18996
msgid "Exim4"
18997
msgstr "Exim4"
18998
18999
#: serverguide/C/mail.xml:486(para)
19000
msgid ""
19001
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
19002
"developed at the University of Cambridge for use on Unix systems connected "
19003
"to the Internet. Exim can be installed in place of "
19004
"<application>sendmail</application>, although the configuration of "
19005
"<application>exim</application> is quite different to that of "
19006
"<application>sendmail</application>."
19007
msgstr ""
19008
19009
#: serverguide/C/mail.xml:497(para)
19010
msgid ""
19011
"To install <application>exim4</application>, run the following command: "
19012
"<screen>\n"
19013
"<command>sudo apt-get install exim4</command>\n"
19014
"</screen>"
19015
msgstr ""
19016
19017
#: serverguide/C/mail.xml:506(para)
19018
msgid ""
19019
"To configure <application>Exim4</application>, run the following command:"
19020
msgstr ""
19021
19022
#: serverguide/C/mail.xml:510(command)
19023
msgid "sudo dpkg-reconfigure exim4-config"
19024
msgstr "sudo dpkg-reconfigure exim4-config"
19025
19026
#: serverguide/C/mail.xml:512(para)
19027
msgid ""
19028
"The user interface will be displayed. The user interface lets you configure "
19029
"many parameters. For example, In <application>Exim4</application> the "
19030
"configuration files are split among multiple files. If you wish to have them "
19031
"in one file you can configure accordingly in this user interface."
19032
msgstr ""
19033
19034
#: serverguide/C/mail.xml:520(para)
19035
msgid ""
19036
"All the parameters you configure in the user interface are stored in "
19037
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
19038
"re-configure, either you re-run the configuration wizard or manually edit "
19039
"this file using your favorite editor. Once you configure, you can run the "
19040
"following command to generate the master configuration file:"
19041
msgstr ""
19042
19043
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
19044
msgid "sudo update-exim4.conf"
19045
msgstr "sudo update-exim4.conf"
19046
19047
#: serverguide/C/mail.xml:533(para)
19048
msgid ""
19049
"The master configuration file, is generated and it is stored in "
19050
"<filename>/var/lib/exim4/config.autogenerated</filename>."
19051
msgstr ""
19052
19053
#: serverguide/C/mail.xml:539(para)
19054
msgid ""
19055
"At any time, you should not edit the master configuration file, "
19056
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
19057
"updated automatically every time you run <command>update-exim4.conf</command>"
19058
msgstr ""
19059
"在任何时候,你都不要手工编辑主配置文件 "
19060
"<filename>/var/lib/exim4/config.autogenerated</filename>。它在每次您运行 "
19061
"<command>update-exim4.conf</command> 之后会自动更新。"
19062
19063
#: serverguide/C/mail.xml:547(para)
19064
msgid ""
19065
"You can run the following command to start <application>Exim4</application> "
19066
"daemon."
19067
msgstr ""
19068
19069
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
19070
msgid "sudo /etc/init.d/exim4 start"
19071
msgstr "sudo /etc/init.d/exim4 start"
19072
19073
#: serverguide/C/mail.xml:557(para)
19074
msgid ""
19075
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
19076
msgstr ""
19077
19078
#: serverguide/C/mail.xml:560(para)
19079
msgid ""
19080
"The first step is to create a certificate for use with TLS. Enter the "
19081
"following into a terminal prompt:"
19082
msgstr ""
19083
19084
#: serverguide/C/mail.xml:564(command)
19085
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19086
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19087
19088
#: serverguide/C/mail.xml:566(para)
19089
msgid ""
19090
"Now Exim4 needs to be configured for TLS by editing "
19091
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
19092
"the following:"
19093
msgstr ""
19094
19095
#: serverguide/C/mail.xml:570(programlisting)
19096
#, no-wrap
19097
msgid ""
19098
"\n"
19099
"MAIN_TLS_ENABLE = yes\n"
19100
msgstr ""
19101
"\n"
19102
"MAIN_TLS_ENABLE = yes\n"
19103
19104
#: serverguide/C/mail.xml:573(para)
19105
msgid ""
19106
"Next you need to configure <application>Exim4</application> to use the "
19107
"<application>saslauthd</application> for authentication. Edit "
19108
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
19109
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
19110
"<emphasis>login_saslauthd_server</emphasis> sections:"
19111
msgstr ""
19112
19113
#: serverguide/C/mail.xml:578(programlisting)
19114
#, no-wrap
19115
msgid ""
19116
"\n"
19117
" plain_saslauthd_server:\n"
19118
" driver = plaintext\n"
19119
" public_name = PLAIN\n"
19120
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
19121
" server_set_id = $auth2\n"
19122
" server_prompts = :\n"
19123
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
19124
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
19125
" .endif\n"
19126
"#\n"
19127
" login_saslauthd_server:\n"
19128
" driver = plaintext\n"
19129
" public_name = LOGIN\n"
19130
" server_prompts = \"Username:: : Password::\"\n"
19131
" # don't send system passwords over unencrypted connections\n"
19132
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
19133
" server_set_id = $auth1\n"
19134
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
19135
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
19136
" .endif\n"
19137
msgstr ""
19138
19139
#: serverguide/C/mail.xml:600(para)
19140
msgid "Finally, update the Exim4 configuration and restart the service:"
19141
msgstr ""
19142
19143
#: serverguide/C/mail.xml:605(command)
19144
msgid "sudo /etc/init.d/exim4 restart"
19145
msgstr "sudo /etc/init.d/exim4 restart"
19146
19147
#: serverguide/C/mail.xml:610(para)
19148
msgid ""
19149
"This section provides details on configuring the saslauthd to provide "
19150
"authentication for <application>Exim4</application>."
19151
msgstr ""
19152
19153
#: serverguide/C/mail.xml:613(para)
19154
msgid ""
19155
"The first step is to install the sasl2-bin package. From a terminal prompt "
19156
"enter the following:"
19157
msgstr ""
19158
19159
#: serverguide/C/mail.xml:617(command)
19160
msgid "sudo apt-get install sasl2-bin"
19161
msgstr "sudo apt-get install sasl2-bin"
19162
19163
#: serverguide/C/mail.xml:619(para)
19164
msgid ""
19165
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
19166
"and set START=no to:"
19167
msgstr ""
19168
19169
#: serverguide/C/mail.xml:622(programlisting)
19170
#, no-wrap
19171
msgid ""
19172
"\n"
19173
"START=yes\n"
19174
msgstr ""
19175
"\n"
19176
"START=yes\n"
19177
19178
#: serverguide/C/mail.xml:625(para)
19179
msgid ""
19180
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
19181
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
19182
"service:"
19183
msgstr ""
19184
19185
#: serverguide/C/mail.xml:630(command)
19186
msgid "sudo adduser Debian-exim sasl"
19187
msgstr "sudo adduser Debian-exim sasl"
19188
19189
#: serverguide/C/mail.xml:632(para)
19190
msgid "Now start the <application>saslauthd</application> service:"
19191
msgstr ""
19192
19193
#: serverguide/C/mail.xml:636(command)
19194
msgid "sudo /etc/init.d/saslauthd start"
19195
msgstr "sudo /etc/init.d/saslauthd start"
19196
19197
#: serverguide/C/mail.xml:638(para)
19198
msgid ""
19199
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
19200
"and SASL authentication."
19201
msgstr ""
19202
19203
#: serverguide/C/mail.xml:647(para)
19204
msgid ""
19205
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
19206
"information."
19207
msgstr ""
19208
19209
#: serverguide/C/mail.xml:652(para)
19210
msgid ""
19211
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
19212
"server\">Exim4 Book</ulink> available."
19213
msgstr ""
19214
19215
#: serverguide/C/mail.xml:657(para)
19216
msgid ""
19217
"Another resource is the <ulink "
19218
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
19219
"page."
19220
msgstr ""
19221
19222
#: serverguide/C/mail.xml:666(title)
19223
msgid "Dovecot Server"
19224
msgstr "Dovecot 服务器"
19225
19226
#: serverguide/C/mail.xml:667(para)
19227
msgid ""
19228
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
19229
"security primarily in mind. It supports the major mailbox formats: mbox or "
19230
"Maildir. This section explain how to set it up as an imap or pop3 server."
19231
msgstr ""
19232
"<application>Dovecot</application> 是一个主要出于安全考虑编写的邮件投递代理。它支持主要收件箱格式:mbox 或 "
19233
"Maidir。这部分说明如何将它设为一个 imap 或 pop3 服务器。"
19234
19235
#: serverguide/C/mail.xml:675(para)
19236
msgid ""
19237
"To install <application>dovecot</application>, run the following command in "
19238
"the command prompt:"
19239
msgstr ""
19240
19241
#: serverguide/C/mail.xml:680(command)
19242
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
19243
msgstr ""
19244
19245
#: serverguide/C/mail.xml:685(para)
19246
msgid ""
19247
"To configure <application>dovecot</application>, you can edit the file "
19248
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
19249
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
19250
"secure). A description of these protocols is beyond the scope of this guide. "
19251
"For further information, refer to the Wikipedia articles on <ulink "
19252
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
19253
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
19254
"link>."
19255
msgstr ""
19256
19257
#: serverguide/C/mail.xml:695(para)
19258
msgid ""
19259
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
19260
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
19261
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
19262
msgstr ""
19263
19264
#: serverguide/C/mail.xml:701(programlisting)
19265
#, no-wrap
19266
msgid ""
19267
"\n"
19268
"protocols = pop3 pop3s imap imaps\n"
19269
msgstr ""
19270
"\n"
19271
"protocols = pop3 pop3s imap imaps\n"
19272
19273
#: serverguide/C/mail.xml:704(para)
19274
msgid ""
19275
"Next, choose the mailbox you would like to use. "
19276
"<application>Dovecot</application> supports <emphasis "
19277
"role=\"strong\">maildir</emphasis> and <emphasis "
19278
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
19279
"mailbox formats. They both have their own benefits and are discussed on "
19280
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
19281
"site</ulink>."
19282
msgstr ""
19283
19284
#: serverguide/C/mail.xml:712(para)
19285
msgid ""
19286
"Once you have chosen your mailbox type, edit the file "
19287
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
19288
msgstr ""
19289
19290
#: serverguide/C/mail.xml:717(programlisting)
19291
#, no-wrap
19292
msgid ""
19293
"\n"
19294
"mail_location = maildir:~/Maildir # (for maildir)\n"
19295
"or\n"
19296
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
19297
msgstr ""
19298
"\n"
19299
"mail_location = maildir:~/Maildir # (对于 maildir)\n"
19300
"或\n"
19301
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (对于 mbox)\n"
19302
19303
#: serverguide/C/mail.xml:723(para)
19304
msgid ""
19305
"You should configure your Mail Transport Agent (MTA) to transfer the "
19306
"incoming mail to this type of mailbox if it is different from the one you "
19307
"have configured."
19308
msgstr ""
19309
"您应当配置您的 MTA (Mail Transport Agent,邮件传输助理)来将新邮件传输到这类邮箱中,如果其与您已经配置的不同的话。"
19310
19311
#: serverguide/C/mail.xml:729(para)
19312
msgid ""
19313
"Once you have configured dovecot, restart the "
19314
"<application>dovecot</application> daemon in order to test your setup:"
19315
msgstr ""
19316
19317
#: serverguide/C/mail.xml:738(para)
19318
msgid ""
19319
"If you have enabled imap, or pop3, you can also try to log in with the "
19320
"commands <command>telnet localhost pop3</command> or <command>telnet "
19321
"localhost imap2</command>. If you see something like the following, the "
19322
"installation has been successful:"
19323
msgstr ""
19324
19325
#: serverguide/C/mail.xml:745(programlisting)
19326
#, no-wrap
19327
msgid ""
19328
"\n"
19329
"bhuvan@rainbow:~$ telnet localhost pop3\n"
19330
"Trying 127.0.0.1...\n"
19331
"Connected to localhost.localdomain.\n"
19332
"Escape character is '^]'.\n"
19333
"+OK Dovecot ready.\n"
19334
msgstr ""
19335
"\n"
19336
"bhuvan@rainbow:~$ telnet localhost pop3\n"
19337
"Trying 127.0.0.1...\n"
19338
"Connected to localhost.localdomain.\n"
19339
"Escape character is '^]'.\n"
19340
"+OK Dovecot ready.\n"
19341
19342
#: serverguide/C/mail.xml:754(title)
19343
msgid "Dovecot SSL Configuration"
19344
msgstr "Dovecot SSL 配置"
19345
19346
#: serverguide/C/mail.xml:755(para)
19347
msgid ""
19348
"To configure <application>dovecot</application> to use SSL, you can edit the "
19349
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
19350
"lines:"
19351
msgstr ""
19352
19353
#: serverguide/C/mail.xml:760(programlisting)
19354
#, no-wrap
19355
msgid ""
19356
"\n"
19357
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
19358
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
19359
"ssl_disable = no\n"
19360
"disable_plaintext_auth = no\n"
19361
msgstr ""
19362
"\n"
19363
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
19364
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
19365
"ssl_disable = no\n"
19366
"disable_plaintext_auth = no\n"
19367
19368
#: serverguide/C/mail.xml:766(para)
19369
msgid ""
19370
"You can get the SSL certificate from a Certificate Issuing Authority or you "
19371
"can create self signed SSL certificate. The latter is a good option for "
19372
"email, because SMTP clients rarely complain about \"self-signed "
19373
"certificates\". Please refer to <xref linkend=\"certificates-and-"
19374
"security\"/> for details about how to create self signed SSL certificate. "
19375
"Once you create the certificate, you will have a key file and a certificate "
19376
"file. Please copy them to the location pointed in the "
19377
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
19378
msgstr ""
19379
19380
#: serverguide/C/mail.xml:781(title)
19381
msgid "Firewall Configuration for an Email Server"
19382
msgstr "邮件服务器的防火墙配置"
19383
19384
#: serverguide/C/mail.xml:787(para)
19385
msgid "IMAP - 143"
19386
msgstr "IMAP - 143"
19387
19388
#: serverguide/C/mail.xml:788(para)
19389
msgid "IMAPS - 993"
19390
msgstr "IMAPS - 993"
19391
19392
#: serverguide/C/mail.xml:789(para)
19393
msgid "POP3 - 110"
19394
msgstr "POP3 - 110"
19395
19396
#: serverguide/C/mail.xml:790(para)
19397
msgid "POP3S - 995"
19398
msgstr "POP3S - 995"
19399
19400
#: serverguide/C/mail.xml:782(para)
19401
msgid ""
19402
"To access your mail server from another computer, you must configure your "
19403
"firewall to allow connections to the server on the necessary ports. "
19404
"<placeholder-1/>"
19405
msgstr "要从另一台计算机访问您的邮件服务器,您必须配置您的防火墙以允许连接服务器必要的端口。<placeholder-1/>"
19406
19407
#: serverguide/C/mail.xml:799(para)
19408
msgid ""
19409
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
19410
"more information."
19411
msgstr ""
19412
19413
#: serverguide/C/mail.xml:804(para)
19414
msgid ""
19415
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
19416
"Ubuntu Wiki</ulink> page has more details."
19417
msgstr ""
19418
19419
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
19420
msgid "Mailman"
19421
msgstr "Mailman"
19422
19423
#: serverguide/C/mail.xml:814(para)
19424
msgid ""
19425
"Mailman is an open source program for managing electronic mail discussions "
19426
"and e-newsletter lists. Many open source mailing lists (including all the "
19427
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
19428
"Mailman as their mailing list software. It is powerful and easy to install "
19429
"and maintain."
19430
msgstr ""
19431
"Mailman 是一个管理电子邮件讨论及电子通讯列表的开源程序。许多开源的邮件列表 (包括所有的 <ulink "
19432
"url=\"http://lists.ubuntu.com\">Ubuntu 邮件列表</ulink>)使用 Mailman "
19433
"作为他们的邮件列表软件。它是强大的且易于安装和维护。"
19434
19435
#: serverguide/C/mail.xml:824(para)
19436
msgid ""
19437
"Mailman provides a web interface for the administrators and users, using an "
19438
"external mail server to send and receive emails. It works perfectly with the "
19439
"following mail servers:"
19440
msgstr ""
19441
19442
#: serverguide/C/mail.xml:835(application)
19443
msgid "Exim"
19444
msgstr "Exim"
19445
19446
#: serverguide/C/mail.xml:838(application)
19447
msgid "Sendmail"
19448
msgstr "Sendmail"
19449
19450
#: serverguide/C/mail.xml:841(application)
19451
msgid "Qmail"
19452
msgstr "Qmail"
19453
19454
#: serverguide/C/mail.xml:846(para)
19455
msgid ""
19456
"We will see how to install and configure Mailman with, the Apache web "
19457
"server, and either the Postfix or Exim mail server. If you wish to install "
19458
"Mailman with a different mail server, please refer to the references section."
19459
msgstr ""
19460
19461
#: serverguide/C/mail.xml:853(para)
19462
msgid ""
19463
"You only need to install one mail server and "
19464
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
19465
msgstr ""
19466
19467
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
19468
msgid "Apache2"
19469
msgstr "Apache2"
19470
19471
#: serverguide/C/mail.xml:859(para)
19472
msgid ""
19473
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
19474
"installation\">HTTPD Installation</ulink> section for details."
19475
msgstr ""
19476
"若要安装 apache2,详情请参考 <ulink url=\"./web-servers.xml#http-installation\">HTTPD "
19477
"安装</ulink> 一节。"
19478
19479
#: serverguide/C/mail.xml:867(para)
19480
msgid ""
19481
"For instructions on installing and configuring Postfix refer to <xref "
19482
"linkend=\"postfix\"/>"
19483
msgstr ""
19484
19485
#: serverguide/C/mail.xml:873(para)
19486
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
19487
msgstr ""
19488
19489
#: serverguide/C/mail.xml:884(application)
19490
msgid "dc_use_split_config='true'"
19491
msgstr "dc_use_split_config='true'"
19492
19493
#: serverguide/C/mail.xml:876(para)
19494
msgid ""
19495
"Once exim4 is installed, the configuration files are stored in the "
19496
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
19497
"configuration files are split across different files. You can change this "
19498
"behavior by changing the following variable in the "
19499
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
19500
msgstr ""
19501
19502
#: serverguide/C/mail.xml:891(para)
19503
msgid ""
19504
"To install <application>Mailman</application>, run following command at a "
19505
"terminal prompt:"
19506
msgstr ""
19507
19508
#: serverguide/C/mail.xml:895(command)
19509
msgid "sudo apt-get install mailman"
19510
msgstr "sudo apt-get install mailman"
19511
19512
#: serverguide/C/mail.xml:897(para)
19513
msgid ""
19514
"It copies the installation files in "
19515
"<application>/var/lib/mailman</application> directory. It installs the CGI "
19516
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
19517
"creates <emphasis>list</emphasis> linux user. It creates the "
19518
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
19519
"this user."
19520
msgstr ""
19521
19522
#: serverguide/C/mail.xml:909(para)
19523
msgid ""
19524
"This section assumes you have successfully installed "
19525
"<application>mailman</application>, <application>apache2</application>, and "
19526
"<application>postfix</application> or <application>exim4</application>. Now "
19527
"you just need to configure them."
19528
msgstr ""
19529
19530
#: serverguide/C/mail.xml:918(para)
19531
msgid ""
19532
"An example Apache configuration file comes with "
19533
"<application>Mailman</application> and is placed in "
19534
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
19535
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
19536
"available</filename>:"
19537
msgstr ""
19538
19539
#: serverguide/C/mail.xml:924(command)
19540
msgid ""
19541
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
19542
msgstr ""
19543
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
19544
19545
#: serverguide/C/mail.xml:926(para)
19546
msgid ""
19547
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
19548
"Mailman administration site. Now enable the new configuration and restart "
19549
"Apache:"
19550
msgstr ""
19551
19552
#: serverguide/C/mail.xml:931(command)
19553
msgid "sudo a2ensite mailman.conf"
19554
msgstr "sudo a2ensite mailman.conf"
19555
19556
#: serverguide/C/mail.xml:934(para)
19557
msgid ""
19558
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
19559
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
19560
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
19561
"can make changes to the <filename>/etc/apache2/sites-"
19562
"available/mailman.conf</filename> file if you wish to change this behavior."
19563
msgstr ""
19564
19565
#: serverguide/C/mail.xml:945(para)
19566
msgid ""
19567
"For <application>Postfix</application> integration, we will associate the "
19568
"domain lists.example.com with the mailing lists. Please replace "
19569
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
19570
msgstr ""
19571
19572
#: serverguide/C/mail.xml:949(para)
19573
msgid ""
19574
"You can use the postconf command to add the necessary configuration to "
19575
"<filename>/etc/postfix/main.cf</filename>:"
19576
msgstr ""
19577
19578
#: serverguide/C/mail.xml:953(command)
19579
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
19580
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
19581
19582
#: serverguide/C/mail.xml:954(command)
19583
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
19584
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
19585
19586
#: serverguide/C/mail.xml:955(command)
19587
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
19588
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
19589
19590
#: serverguide/C/mail.xml:957(para)
19591
msgid ""
19592
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
19593
"the following transport:"
19594
msgstr ""
19595
19596
#: serverguide/C/mail.xml:960(programlisting)
19597
#, no-wrap
19598
msgid ""
19599
"\n"
19600
"mailman unix - n n - - pipe\n"
19601
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
19602
" ${nexthop} ${user}\n"
19603
msgstr ""
19604
"\n"
19605
"mailman unix - n n - - pipe\n"
19606
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
19607
" ${nexthop} ${user}\n"
19608
19609
#: serverguide/C/mail.xml:965(para)
19610
msgid ""
19611
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
19612
"is delivered to a list."
19613
msgstr "当有邮件发送到一个列表时,它会调用<emphasis>postfix-to-mailman.py</emphasis>脚本。"
19614
19615
#: serverguide/C/mail.xml:968(para)
19616
msgid ""
19617
"Associate the domain lists.example.com to the Mailman transport with the "
19618
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
19619
msgstr ""
19620
"用传送图将域名lists.example.com与Mailman传送连接起来。请编辑文件<filename>/etc/postfix/transport<"
19621
"/filename>:"
19622
19623
#: serverguide/C/mail.xml:971(programlisting)
19624
#, no-wrap
19625
msgid ""
19626
"\n"
19627
"lists.example.com mailman:\n"
19628
msgstr ""
19629
"\n"
19630
"lists.example.com mailman:\n"
19631
19632
#: serverguide/C/mail.xml:974(para)
19633
msgid ""
19634
"Now have <application>Postfix</application> build the transport map by "
19635
"entering the following from a terminal prompt:"
19636
msgstr "然后在终端输入如下命令来用<application>Postfix</application>构建传送图:"
19637
19638
#: serverguide/C/mail.xml:978(command)
19639
msgid "sudo postmap -v /etc/postfix/transport"
19640
msgstr "sudo postmap -v /etc/postfix/transport"
19641
19642
#: serverguide/C/mail.xml:980(para)
19643
msgid "Then restart Postfix to enable the new configurations:"
19644
msgstr "然后重启Postfix以启用新的配置:"
19645
19646
#: serverguide/C/mail.xml:989(para)
19647
msgid ""
19648
"Once Exim4 is installed, you can start the Exim server using the following "
19649
"command from a terminal prompt:"
19650
msgstr "当Exim4安装以后,你可以在终端输入如下命令以启动Exim服务器:"
19651
19652
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
19653
msgid "Main"
19654
msgstr "主"
19655
19656
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
19657
msgid "Transport"
19658
msgstr "传输"
19659
19660
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
19661
msgid "Router"
19662
msgstr "路由器"
19663
19664
#: serverguide/C/mail.xml:996(para)
19665
msgid ""
19666
"In order to make mailman work with Exim4, you need to configure Exim4. As "
19667
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
19668
"different types. For details, please refer to the <ulink "
19669
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
19670
"add new a configuration file to the following configuration types: "
19671
"<placeholder-1/> Exim creates a master configuration file by sorting all "
19672
"these mini configuration files. So, the order of these configuration files "
19673
"is very important."
19674
msgstr ""
19675
"要使mailman能够与Exim4协同工作,你需要配置Exim4。如早前提过的,Exim4默认情况下是使用不同文件类型的多种配置文件。详细内容请查看<ul"
19676
"ink "
19677
"url=\"http://www.exim.org\">Exim</ulink>网站。要运行mailman,我们要向如下配置类型里添加一个新的配置文件:<"
19678
"placeholder-1/> Exim通过搜选这些迷你配置文件来创建一个主配置文件。因此,这些配置文件罗列的顺序是非常重要的。"
19679
19680
#: serverguide/C/mail.xml:1027(programlisting)
19681
#, no-wrap
19682
msgid ""
19683
"\n"
19684
"# start\n"
19685
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
19686
"# directory.\n"
19687
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
19688
"# This is normally the same as ~mailman\n"
19689
"MM_HOME=/var/lib/mailman\n"
19690
"#\n"
19691
"# User and group for Mailman, should match your --with-mail-gid\n"
19692
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
19693
"MM_UID=list\n"
19694
"MM_GID=list\n"
19695
"#\n"
19696
"# Domains that your lists are in - colon separated list\n"
19697
"# you may wish to add these into local_domains as well\n"
19698
"domainlist mm_domains=hostname.com\n"
19699
"#\n"
19700
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
19701
"#\n"
19702
"# These values are derived from the ones above and should not need\n"
19703
"# editing unless you have munged your mailman installation\n"
19704
"#\n"
19705
"# The path of the Mailman mail wrapper script\n"
19706
"MM_WRAP=MM_HOME/mail/mailman\n"
19707
"#\n"
19708
"# The path of the list config file (used as a required file when\n"
19709
"# verifying list addresses)\n"
19710
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
19711
"# end\n"
19712
msgstr ""
19713
"\n"
19714
"# start\n"
19715
"\n"
19716
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
19717
"\n"
19718
"# directory.\n"
19719
"\n"
19720
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
19721
"\n"
19722
"# This is normally the same as ~mailman\n"
19723
"\n"
19724
"MM_HOME=/var/lib/mailman\n"
19725
"\n"
19726
"#\n"
19727
"\n"
19728
"# User and group for Mailman, should match your --with-mail-gid\n"
19729
"\n"
19730
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
19731
"\n"
19732
"MM_UID=list\n"
19733
"\n"
19734
"MM_GID=list\n"
19735
"\n"
19736
"#\n"
19737
"\n"
19738
"# Domains that your lists are in - colon separated list\n"
19739
"\n"
19740
"# you may wish to add these into local_domains as well\n"
19741
"\n"
19742
"domainlist mm_domains=hostname.com\n"
19743
"\n"
19744
"#\n"
19745
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
19746
"#\n"
19747
"# These values are derived from the ones above and should not need\n"
19748
"# editing unless you have munged your mailman installation\n"
19749
"#\n"
19750
"# The path of the Mailman mail wrapper script\n"
19751
"MM_WRAP=MM_HOME/mail/mailman\n"
19752
"#\n"
19753
"# The path of the list config file (used as a required file when\n"
19754
"# verifying list addresses)\n"
19755
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
19756
"# end\n"
19757
19758
#: serverguide/C/mail.xml:1021(para)
19759
msgid ""
19760
"All the configuration files belonging to the main type are stored in the "
19761
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
19762
"following content to a new file, named <filename>04_exim4-"
19763
"config_mailman</filename>: <placeholder-1/>"
19764
msgstr ""
19765
"所有隶属于主类别的配置文件都被保存在 <filename>/etc/exim4/conf.d/main/</filename> "
19766
"目录中。您可以将下面的内容添加到一个名为 <filename>04_exim4-config_mailman</filename> "
19767
"的新文件中:<placeholder-1/>"
19768
19769
#: serverguide/C/mail.xml:1067(programlisting)
19770
#, no-wrap
19771
msgid ""
19772
"\n"
19773
" mailman_transport:\n"
19774
" driver = pipe\n"
19775
" command = MM_WRAP \\\n"
19776
" '${if def:local_part_suffix \\\n"
19777
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19778
"\\\n"
19779
" {post}}' \\\n"
19780
" $local_part\n"
19781
" current_directory = MM_HOME\n"
19782
" home_directory = MM_HOME\n"
19783
" user = MM_UID\n"
19784
" group = MM_GID\n"
19785
msgstr ""
19786
"\n"
19787
" mailman_transport:\n"
19788
" driver = pipe\n"
19789
" command = MM_WRAP \\\n"
19790
" '${if def:local_part_suffix \\\n"
19791
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19792
"\\\n"
19793
" {post}}' \\\n"
19794
" $local_part\n"
19795
" current_directory = MM_HOME\n"
19796
" home_directory = MM_HOME\n"
19797
" user = MM_UID\n"
19798
" group = MM_GID\n"
19799
19800
#: serverguide/C/mail.xml:1061(para)
19801
msgid ""
19802
"All the configuration files belonging to transport type are stored in the "
19803
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
19804
"following content to a new file named <filename> 40_exim4-"
19805
"config_mailman</filename>: <placeholder-1/>"
19806
msgstr ""
19807
"所有隶属于传输类型的文件被保存在 <filename>/etc/exim4/conf.d/transport/</filename> "
19808
"目录中。您可以将下面的内容添加到一个名为 <filename>40_exim4-config_mailman</filename> "
19809
"的新文件中:<placeholder-1/>"
19810
19811
#: serverguide/C/mail.xml:1088(programlisting)
19812
#, no-wrap
19813
msgid ""
19814
"\n"
19815
" mailman_router:\n"
19816
" driver = accept\n"
19817
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19818
" local_part_suffix_optional\n"
19819
" local_part_suffix = -bounces : -bounces+* : \\\n"
19820
" -confirm+* : -join : -leave : \\\n"
19821
" -owner : -request : -admin\n"
19822
" transport = mailman_transport\n"
19823
msgstr ""
19824
"\n"
19825
" mailman_router:\n"
19826
" driver = accept\n"
19827
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19828
" local_part_suffix_optional\n"
19829
" local_part_suffix = -bounces : -bounces+* : \\\n"
19830
" -confirm+* : -join : -leave : \\\n"
19831
" -owner : -request : -admin\n"
19832
" transport = mailman_transport\n"
19833
19834
#: serverguide/C/mail.xml:1084(para)
19835
msgid ""
19836
"All the configuration files belonging to router type are stored in the "
19837
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
19838
"following content in to a new file named <filename>101_exim4-"
19839
"config_mailman</filename>: <placeholder-1/>"
19840
msgstr ""
19841
"所有隶属于路由类的所有配置文件都被保存在 <filename>/etc/exim4/conf.d/router/</filename> "
19842
"目录中。您可以将下列内容添加到名为 <filename>101_exim4-config_mailman</filename> "
19843
"的新文件中:<placeholder-1/>"
19844
19845
#: serverguide/C/mail.xml:1101(para)
19846
msgid ""
19847
"The order of main and transport configuration files can be in any order. "
19848
"But, the order of router configuration files must be the same. This "
19849
"particular file must appear before the <application>200_exim4-"
19850
"config_primary</application> file. These two configuration files contain "
19851
"same type of information. The first file takes the precedence. For more "
19852
"details, please refer to the references section."
19853
msgstr ""
19854
"主类和传输类的配置文件的顺序可以随意。但路由类的配置文件的顺序必须相同。该文件必须在 <application>200_exim4-"
19855
"config_primary</application> 文件之前出现。如果两个配置文件包含相同类型的信息。第一个文件优先。详情请参阅参考部分。"
19856
19857
#: serverguide/C/mail.xml:1114(para)
19858
msgid ""
19859
"Once mailman is installed, you can run it using the following command:"
19860
msgstr "当mailman安装之后,你可以使用如下命令来运行它:"
19861
19862
#: serverguide/C/mail.xml:1118(command)
19863
msgid "sudo /etc/init.d/mailman start"
19864
msgstr "sudo /etc/init.d/mailman start"
19865
19866
#: serverguide/C/mail.xml:1120(para)
19867
msgid ""
19868
"Once mailman is installed, you should create the default mailing list. Run "
19869
"the following command to create the mailing list:"
19870
msgstr "当mailman安装以后,你可以创建默认的邮件列表。运行如下命令来创建邮件列表:"
19871
19872
#: serverguide/C/mail.xml:1126(command)
19873
msgid "sudo /usr/sbin/newlist mailman"
19874
msgstr "sudo /usr/sbin/newlist mailman"
19875
19876
#: serverguide/C/mail.xml:1129(programlisting)
19877
#, no-wrap
19878
msgid ""
19879
"\n"
19880
" Enter the email address of the person running the list: bhuvan at "
19881
"ubuntu.com\n"
19882
" Initial mailman password:\n"
19883
" To finish creating your mailing list, you must edit your "
19884
"<filename>/etc/aliases</filename> (or\n"
19885
" equivalent) file by adding the following lines, and possibly running the\n"
19886
" `newaliases' program:\n"
19887
"\n"
19888
" ## mailman mailing list\n"
19889
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19890
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19891
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19892
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19893
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19894
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19895
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19896
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19897
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
19898
"mailman\"\n"
19899
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19900
"mailman\"\n"
19901
"\n"
19902
" Hit enter to notify mailman owner...\n"
19903
"\n"
19904
" # \n"
19905
msgstr ""
19906
"\n"
19907
" Enter the email address of the person running the list: bhuvan at "
19908
"ubuntu.com\n"
19909
" Initial mailman password:\n"
19910
" To finish creating your mailing list, you must edit your "
19911
"<filename>/etc/aliases</filename> (or\n"
19912
" equivalent) file by adding the following lines, and possibly running the\n"
19913
" `newaliases' program:\n"
19914
"\n"
19915
" ## mailman mailing list\n"
19916
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19917
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19918
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19919
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19920
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19921
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19922
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19923
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19924
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe mailman\"\n"
19925
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19926
"mailman\"\n"
19927
"\n"
19928
"\n"
19929
" Hit enter to notify mailman owner...\n"
19930
"\n"
19931
" # \n"
19932
19933
#: serverguide/C/mail.xml:1152(para)
19934
msgid ""
19935
"We have configured either Postfix or Exim4 to recognize all emails from "
19936
"mailman. So, it is not mandatory to make any new entries in "
19937
"<filename>/etc/aliases</filename>. If you have made any changes to the "
19938
"configuration files, please ensure that you restart those services before "
19939
"continuing to next section."
19940
msgstr ""
19941
"我们已经配置了Postfix或Exim4以查看来自mailman的所有邮件。因此,你不用必须在<filename>/etc/aliases</filena"
19942
"me>里添加新的条目了。如果你对配置文件做过了更改,请确保在进入下一环节之前已重启过这些服务。"
19943
19944
#: serverguide/C/mail.xml:1160(para)
19945
msgid ""
19946
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
19947
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
19948
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
19949
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
19950
msgstr ""
19951
"因为Exim4使用<emphasis>发现</emphasis> "
19952
"机制,所以它不使用以上的别名将邮件转发给Mailman。要在创建列表时禁止别名,你可以将<emphasis>MTA=None</emphasis>添加到M"
19953
"ailman的配置文件<filename>/etc/mailman/mm_cfg.py</filename>中。"
19954
19955
#: serverguide/C/mail.xml:1171(title)
19956
msgid "Administration"
19957
msgstr "管理"
19958
19959
#: serverguide/C/mail.xml:1172(para)
19960
msgid ""
19961
"We assume you have a default installation. The mailman cgi scripts are still "
19962
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
19963
"Mailman provides a web based administration facility. To access this page, "
19964
"point your browser to the following url:"
19965
msgstr ""
19966
"我们假设您是默认安装。mailman 的 cgi 脚本还在 <application>/usr/lib/cgi-"
19967
"bin/mailman/</application> 目录中。mailman 提供了一个基于 web "
19968
"的管理工具。若想访问这个页面,请将您的浏览器指向以下 url:"
19969
19970
#: serverguide/C/mail.xml:1180(para)
19971
msgid "http://hostname/cgi-bin/mailman/admin"
19972
msgstr "http://hostname/cgi-bin/mailman/admin"
19973
19974
#: serverguide/C/mail.xml:1184(para)
19975
msgid ""
19976
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19977
"screen. If you click the mailing list name, it will ask for your "
19978
"authentication password. If you enter the correct password, you will be able "
19979
"to change administrative settings of this mailing list. You can create a new "
19980
"mailing list using the command line utility "
19981
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
19982
"mailing list using the web interface."
19983
msgstr ""
19984
"默认的邮件列表 <emphasis>mailman</emphasis> "
19985
"会在这个屏幕中出现。如果您点击邮件列表的名称,它会向您询问通行密码。如果您输入了正确的密码,您就可以修改这个邮件列表的管理设定。您可以使用命令行工具来创建"
19986
"新的邮件列表(<command>/usr/sbin/newlist</command>)。或者您也可以使用 web 界面"
19987
19988
#: serverguide/C/mail.xml:1197(title)
19989
msgid "Users"
19990
msgstr "用户"
19991
19992
#: serverguide/C/mail.xml:1198(para)
19993
msgid ""
19994
"Mailman provides a web based interface for users. To access this page, point "
19995
"your browser to the following url:"
19996
msgstr "Mailman 为用户提供了一个 web 界面,可以在您的浏览器中输入下列 url 来访问该页:"
19997
19998
#: serverguide/C/mail.xml:1203(para)
19999
msgid "http://hostname/cgi-bin/mailman/listinfo"
20000
msgstr "http://hostname/cgi-bin/mailman/listinfo"
20001
20002
#: serverguide/C/mail.xml:1207(para)
20003
msgid ""
20004
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20005
"screen. If you click the mailing list name, it will display the subscription "
20006
"form. You can enter your email address, name (optional), and password to "
20007
"subscribe. An email invitation will be sent to you. You can follow the "
20008
"instructions in the email to subscribe."
20009
msgstr ""
20010
"缺省邮件列表 <emphasis>mailman</emphasis> "
20011
"将出现在屏幕上。如果您点击邮件列表名,它将显示订阅表单。您可以输入您的邮件地址、姓名 "
20012
"(可选)及密码来订阅。一个邀请邮件将发送给您。您可以根据该邮件的指示完成订阅。"
20013
20014
#: serverguide/C/mail.xml:1219(ulink)
20015
msgid "GNU Mailman - Installation Manual"
20016
msgstr "GNU Mailman - 安装手册"
20017
20018
#: serverguide/C/mail.xml:1223(ulink)
20019
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
20020
msgstr "指南 - 一起使用 Exim 4 和 Mailman 2.1"
20021
20022
#: serverguide/C/mail.xml:1226(para)
20023
msgid ""
20024
"Also, see the <ulink "
20025
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
20026
"Wiki</ulink> page."
20027
msgstr ""
20028
20029
#: serverguide/C/mail.xml:1232(title)
20030
msgid "Mail Filtering"
20031
msgstr "邮件过滤"
20032
20033
#: serverguide/C/mail.xml:1233(para)
20034
msgid ""
20035
"One of the largest issues with email today is the problem of Unsolicited "
20036
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
20037
"and other forms of malware. According to some reports these messages make up "
20038
"the bulk of all email traffic on the Internet."
20039
msgstr ""
20040
"当前邮件面临的最大问题是垃圾广告邮件(UBE,即Unsolicited Bulk "
20041
"Email)。也叫做SPAM,此类信息也可能携带病毒或者其它形式的流氓软件。据一些报告显示,此类邮件已占据互联网邮件流量的大部分。"
20042
20043
#: serverguide/C/mail.xml:1238(para)
20044
msgid ""
20045
"This section will cover integrating <application>Amavisd-new</application>, "
20046
"<application>Spamassassin</application>, and "
20047
"<application>ClamAV</application> with the "
20048
"<application>Postfix</application> Mail Transport Agent (MTA). "
20049
"<application>Postfix</application> can also check email validity by passing "
20050
"it through external content filters. These filters can sometimes determine "
20051
"if a message is spam without needing to process it with more resource "
20052
"intensive applications. Two common filters are "
20053
"<application>opendkim</application> and <application>python-policyd-"
20054
"spf</application>."
20055
msgstr ""
20056
20057
#: serverguide/C/mail.xml:1248(para)
20058
msgid ""
20059
"<application>Amavisd-new</application> is a wrapper program that can call "
20060
"any number of content filtering programs for spam detection, antivirus, etc."
20061
msgstr ""
20062
20063
#: serverguide/C/mail.xml:1254(para)
20064
msgid ""
20065
"<application>Spamassassin</application> uses a variety of mechanisms to "
20066
"filter email based on the message content."
20067
msgstr ""
20068
20069
#: serverguide/C/mail.xml:1259(para)
20070
msgid ""
20071
"<application>ClamAV</application> is an open source antivirus application."
20072
msgstr ""
20073
20074
#: serverguide/C/mail.xml:1264(para)
20075
msgid ""
20076
"<application>opendkim</application> implements a Sendmail Mail Filter "
20077
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
20078
msgstr ""
20079
20080
#: serverguide/C/mail.xml:1270(para)
20081
msgid ""
20082
"<application>python-policyd-spf</application> enables Sender Policy "
20083
"Framework (SPF) checking with <application>Postfix</application>."
20084
msgstr ""
20085
20086
#: serverguide/C/mail.xml:1275(para)
20087
msgid "This is how the pieces fit together:"
20088
msgstr ""
20089
20090
#: serverguide/C/mail.xml:1280(para)
20091
msgid "An email message is accepted by <application>Postfix</application>."
20092
msgstr ""
20093
20094
#: serverguide/C/mail.xml:1285(para)
20095
msgid ""
20096
"The message is passed through any external filters "
20097
"<application>opendkim</application> and <application>python-policyd-"
20098
"spf</application> in this case."
20099
msgstr ""
20100
20101
#: serverguide/C/mail.xml:1291(para)
20102
msgid "<application>Amavisd-new</application> then processes the message."
20103
msgstr ""
20104
20105
#: serverguide/C/mail.xml:1296(para)
20106
msgid ""
20107
"<application>ClamAV</application> is used to scan the message. If the "
20108
"message contains a virus <application>Postfix</application> will reject the "
20109
"message."
20110
msgstr ""
20111
20112
#: serverguide/C/mail.xml:1302(para)
20113
msgid ""
20114
"Clean messages will then be analyzed by "
20115
"<application>Spamassassin</application> to find out if the message is spam. "
20116
"<application>Spamassassin</application> will then add X-Header lines "
20117
"allowing <application>Amavisd-new</application> to further manipulate the "
20118
"message."
20119
msgstr ""
20120
20121
#: serverguide/C/mail.xml:1309(para)
20122
msgid ""
20123
"For example, if a message has a Spam score of over fifty the message could "
20124
"be automatically dropped from the queue without the recipient ever having to "
20125
"be bothered. Another, way to handle flagged messages is to deliver them to "
20126
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
20127
"see fit."
20128
msgstr ""
20129
20130
#: serverguide/C/mail.xml:1316(para)
20131
msgid ""
20132
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20133
"configuring Postfix."
20134
msgstr ""
20135
20136
#: serverguide/C/mail.xml:1319(para)
20137
msgid ""
20138
"To install the rest of the applications enter the following from a terminal "
20139
"prompt:"
20140
msgstr ""
20141
20142
#: serverguide/C/mail.xml:1323(command)
20143
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20144
msgstr ""
20145
20146
#: serverguide/C/mail.xml:1324(command)
20147
msgid "sudo apt-get install opendkim python-policyd-spf"
20148
msgstr ""
20149
20150
#: serverguide/C/mail.xml:1326(para)
20151
msgid ""
20152
"There are some optional packages that integrate with "
20153
"<application>Spamassassin</application> for better spam detection:"
20154
msgstr ""
20155
20156
#: serverguide/C/mail.xml:1330(command)
20157
msgid "sudo apt-get install pyzor razor"
20158
msgstr "sudo apt-get install pyzor razor"
20159
20160
#: serverguide/C/mail.xml:1332(para)
20161
msgid ""
20162
"Along with the main filtering applications compression utilities are needed "
20163
"to process some email attachments:"
20164
msgstr ""
20165
20166
#: serverguide/C/mail.xml:1336(command)
20167
msgid ""
20168
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20169
msgstr ""
20170
20171
#: serverguide/C/mail.xml:1339(para)
20172
msgid ""
20173
"If some packages are not found, check that the "
20174
"<emphasis>multiverse</emphasis> repository is enabled in "
20175
"<filename>/etc/apt/sources.list</filename>"
20176
msgstr ""
20177
20178
#: serverguide/C/mail.xml:1340(para)
20179
msgid ""
20180
"If you make changes to the file, be sure to run <command>sudo apt-get "
20181
"update</command> before trying to install again."
20182
msgstr ""
20183
20184
#: serverguide/C/mail.xml:1345(para)
20185
msgid "Now configure everything to work together and filter email."
20186
msgstr ""
20187
20188
#: serverguide/C/mail.xml:1349(title)
20189
msgid "ClamAV"
20190
msgstr "ClamAV"
20191
20192
#: serverguide/C/mail.xml:1350(para)
20193
msgid ""
20194
"The default behaviour of <application>ClamAV</application> will fit our "
20195
"needs. For more ClamAV configuration options, check the configuration files "
20196
"in <filename>/etc/clamav</filename>."
20197
msgstr ""
20198
20199
#: serverguide/C/mail.xml:1355(para)
20200
msgid ""
20201
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20202
"group in order for <application>Amavisd-new</application> to have the "
20203
"appropriate access to scan files:"
20204
msgstr ""
20205
20206
#: serverguide/C/mail.xml:1360(command)
20207
msgid "sudo adduser clamav amavis"
20208
msgstr ""
20209
20210
#: serverguide/C/mail.xml:1364(title)
20211
msgid "Spamassassin"
20212
msgstr "Spamassassin"
20213
20214
#: serverguide/C/mail.xml:1365(para)
20215
msgid ""
20216
"Spamassassin automatically detects optional components and will use them if "
20217
"they are present. This means that there is no need to configure "
20218
"<application>pyzor</application> and <application>razor</application>."
20219
msgstr ""
20220
20221
#: serverguide/C/mail.xml:1369(para)
20222
msgid ""
20223
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20224
"<application>Spamassassin</application> daemon. Change "
20225
"<emphasis>ENABLED=0</emphasis> to:"
20226
msgstr ""
20227
20228
#: serverguide/C/mail.xml:1373(programlisting)
20229
#, no-wrap
20230
msgid ""
20231
"\n"
20232
"ENABLED=1\n"
20233
msgstr ""
20234
"\n"
20235
"ENABLED=1\n"
20236
20237
#: serverguide/C/mail.xml:1376(para)
20238
msgid "Now start the daemon:"
20239
msgstr "现在启动守护进程:"
20240
20241
#: serverguide/C/mail.xml:1380(command)
20242
msgid "sudo /etc/init.d/spamassassin start"
20243
msgstr "sudo /etc/init.d/spamassassin start"
20244
20245
#: serverguide/C/mail.xml:1384(title)
20246
msgid "Amavisd-new"
20247
msgstr ""
20248
20249
#: serverguide/C/mail.xml:1385(para)
20250
msgid ""
20251
"First activate spam and antivirus detection in <application>Amavisd-"
20252
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
20253
"content_filter_mode</filename>:"
20254
msgstr ""
20255
20256
#: serverguide/C/mail.xml:1389(programlisting)
20257
#, no-wrap
20258
msgid ""
20259
"\n"
20260
"use strict;\n"
20261
"\n"
20262
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
20263
"# and to re-enable antivirus checking.\n"
20264
"\n"
20265
"#\n"
20266
"# Default antivirus checking mode\n"
20267
"# Uncomment the two lines below to enable it\n"
20268
"#\n"
20269
"\n"
20270
"@bypass_virus_checks_maps = (\n"
20271
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
20272
"$bypass_virus_checks_re);\n"
20273
"\n"
20274
"\n"
20275
"#\n"
20276
"# Default SPAM checking mode\n"
20277
"# Uncomment the two lines below to enable it\n"
20278
"#\n"
20279
"\n"
20280
"@bypass_spam_checks_maps = (\n"
20281
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
20282
"$bypass_spam_checks_re);\n"
20283
"\n"
20284
"1; # insure a defined return\n"
20285
msgstr ""
20286
20287
#: serverguide/C/mail.xml:1414(para)
20288
msgid ""
20289
"Bouncing spam can be a bad idea as the return address is often faked. "
20290
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
20291
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
20292
"D_BOUNCE, as follows:"
20293
msgstr ""
20294
20295
#: serverguide/C/mail.xml:1420(programlisting)
20296
#, no-wrap
20297
msgid ""
20298
"\n"
20299
"$final_spam_destiny = D_DISCARD;\n"
20300
msgstr ""
20301
"\n"
20302
"$final_spam_destiny = D_DISCARD;\n"
20303
20304
#: serverguide/C/mail.xml:1424(para)
20305
msgid ""
20306
"Additionally, you may want to adjust the following options to flag more "
20307
"messages as spam:"
20308
msgstr ""
20309
20310
#: serverguide/C/mail.xml:1428(programlisting)
20311
#, no-wrap
20312
msgid ""
20313
"\n"
20314
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
20315
"level\n"
20316
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
20317
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
20318
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
20319
msgstr ""
20320
20321
#: serverguide/C/mail.xml:1435(para)
20322
msgid ""
20323
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
20324
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
20325
"option. Also, if the server receives mail for multiple domains the "
20326
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
20327
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
20328
msgstr ""
20329
20330
#: serverguide/C/mail.xml:1442(programlisting)
20331
#, no-wrap
20332
msgid ""
20333
"\n"
20334
"$myhostname = 'mail.example.com';\n"
20335
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
20336
msgstr ""
20337
20338
#: serverguide/C/mail.xml:1447(para)
20339
msgid ""
20340
"After configuration <application>Amavisd-new</application> needs to be "
20341
"restarted:"
20342
msgstr ""
20343
20344
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
20345
msgid "sudo /etc/init.d/amavis restart"
20346
msgstr "sudo /etc/init.d/amavis restart"
20347
20348
#: serverguide/C/mail.xml:1454(title)
20349
msgid "DKIM Whitelist"
20350
msgstr ""
20351
20352
#: serverguide/C/mail.xml:1456(para)
20353
msgid ""
20354
"<application>Amavisd-new</application> can be configured to automatically "
20355
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
20356
"Keys. There are some pre-configured domains in the "
20357
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
20358
msgstr ""
20359
20360
#: serverguide/C/mail.xml:1462(para)
20361
msgid "There are multiple ways to configure the Whitelist for a domain:"
20362
msgstr ""
20363
20364
#: serverguide/C/mail.xml:1468(para)
20365
msgid ""
20366
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20367
"address from the \"example.com\" domain."
20368
msgstr ""
20369
20370
#: serverguide/C/mail.xml:1473(para)
20371
msgid ""
20372
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20373
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
20374
"have a valid signature."
20375
msgstr ""
20376
20377
#: serverguide/C/mail.xml:1479(para)
20378
msgid ""
20379
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
20380
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
20381
"role=\"italic\">example.com</emphasis> the parent domain."
20382
msgstr ""
20383
20384
#: serverguide/C/mail.xml:1485(para)
20385
msgid ""
20386
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
20387
"that have a valid signature from \"example.com\". This is usually used for "
20388
"discussion groups that sign their messages."
20389
msgstr ""
20390
20391
#: serverguide/C/mail.xml:1492(para)
20392
msgid ""
20393
"A domain can also have multiple Whitelist configurations. After, editing the "
20394
"file restart <application>amaisd-new</application>:"
20395
msgstr ""
20396
20397
#: serverguide/C/mail.xml:1501(para)
20398
msgid ""
20399
"In this context, once a domain has been added to the Whitelist the message "
20400
"will not receive any anti-virus or spam filtering. This may or may not be "
20401
"the intended behavior you wish for a domain."
20402
msgstr ""
20403
20404
#: serverguide/C/mail.xml:1511(para)
20405
msgid ""
20406
"For <application>Postfix</application> integration, enter the following from "
20407
"a terminal prompt:"
20408
msgstr ""
20409
20410
#: serverguide/C/mail.xml:1515(command)
20411
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20412
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20413
20414
#: serverguide/C/mail.xml:1517(para)
20415
msgid ""
20416
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
20417
"to the end of the file:"
20418
msgstr ""
20419
20420
#: serverguide/C/mail.xml:1520(programlisting)
20421
#, no-wrap
20422
msgid ""
20423
"\n"
20424
"smtp-amavis unix - - - - 2 smtp\n"
20425
" -o smtp_data_done_timeout=1200\n"
20426
" -o smtp_send_xforward_command=yes\n"
20427
" -o disable_dns_lookups=yes\n"
20428
" -o max_use=20\n"
20429
"\n"
20430
"127.0.0.1:10025 inet n - - - - smtpd\n"
20431
" -o content_filter=\n"
20432
" -o local_recipient_maps=\n"
20433
" -o relay_recipient_maps=\n"
20434
" -o smtpd_restriction_classes=\n"
20435
" -o smtpd_delay_reject=no\n"
20436
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
20437
" -o smtpd_helo_restrictions=\n"
20438
" -o smtpd_sender_restrictions=\n"
20439
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
20440
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
20441
" -o smtpd_end_of_data_restrictions=\n"
20442
" -o mynetworks=127.0.0.0/8\n"
20443
" -o smtpd_error_sleep_time=0\n"
20444
" -o smtpd_soft_error_limit=1001\n"
20445
" -o smtpd_hard_error_limit=1000\n"
20446
" -o smtpd_client_connection_count_limit=0\n"
20447
" -o smtpd_client_connection_rate_limit=0\n"
20448
" -o "
20449
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
20450
msgstr ""
20451
20452
#: serverguide/C/mail.xml:1547(para)
20453
msgid ""
20454
"Also add the following two lines immediately below the "
20455
"<emphasis>\"pickup\"</emphasis> transport service:"
20456
msgstr ""
20457
20458
#: serverguide/C/mail.xml:1550(programlisting)
20459
#, no-wrap
20460
msgid ""
20461
"\n"
20462
" -o content_filter=\n"
20463
" -o receive_override_options=no_header_body_checks\n"
20464
msgstr ""
20465
"\n"
20466
" -o content_filter=\n"
20467
" -o receive_override_options=no_header_body_checks\n"
20468
20469
#: serverguide/C/mail.xml:1554(para)
20470
msgid ""
20471
"This will prevent messages that are generated to report on spam from being "
20472
"classified as spam."
20473
msgstr ""
20474
20475
#: serverguide/C/mail.xml:1557(para)
20476
msgid "Now restart <application>Postfix</application>:"
20477
msgstr "现在重启 <application>Postfix</application>:"
20478
20479
#: serverguide/C/mail.xml:1563(para)
20480
msgid "Content filtering with spam and virus detection is now enabled."
20481
msgstr ""
20482
20483
#: serverguide/C/mail.xml:1569(title)
20484
msgid "Amavisd-new and Spamassassin"
20485
msgstr ""
20486
20487
#: serverguide/C/mail.xml:1571(para)
20488
msgid ""
20489
"When integrating <application>Amavisd-new</application> with "
20490
"<application>Spamassassin</application>, if you choose to disable the bayes "
20491
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
20492
"<application>cron</application> to update the nightly rules, the result can "
20493
"cause a situation where a large amount of error messages are sent to the "
20494
"<emphasis>amavis</emphasis> user via the amavisd-new "
20495
"<application>cron</application> job."
20496
msgstr ""
20497
20498
#: serverguide/C/mail.xml:1578(para)
20499
msgid "There are several ways to handle this situation:"
20500
msgstr ""
20501
20502
#: serverguide/C/mail.xml:1584(para)
20503
msgid "Configure your MDA to filter messages you do not wish to see."
20504
msgstr ""
20505
20506
#: serverguide/C/mail.xml:1589(para)
20507
msgid ""
20508
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
20509
"<emphasis>use_bayes 0</emphasis>. For example, edit "
20510
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
20511
"the top before the <emphasis>test</emphasis> statements:"
20512
msgstr ""
20513
20514
#: serverguide/C/mail.xml:1593(programlisting)
20515
#, no-wrap
20516
msgid ""
20517
"\n"
20518
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
20519
"exit 0\n"
20520
msgstr ""
20521
20522
#: serverguide/C/mail.xml:1603(para)
20523
msgid ""
20524
"First, test that the <application>Amavisd-new</application> SMTP is "
20525
"listening:"
20526
msgstr ""
20527
20528
#: serverguide/C/mail.xml:1606(programlisting)
20529
#, no-wrap
20530
msgid ""
20531
"\n"
20532
"telnet localhost 10024\n"
20533
"Trying 127.0.0.1...\n"
20534
"Connected to localhost.\n"
20535
"Escape character is '^]'.\n"
20536
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
20537
"^]\n"
20538
msgstr ""
20539
20540
#: serverguide/C/mail.xml:1614(para)
20541
msgid ""
20542
"In the Header of messages that go through the content filter you should see:"
20543
msgstr ""
20544
20545
#: serverguide/C/mail.xml:1617(programlisting)
20546
#, no-wrap
20547
msgid ""
20548
"\n"
20549
"X-Spam-Level: \n"
20550
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
20551
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
20552
"BAYES_00\n"
20553
"X-Spam-Level: \n"
20554
msgstr ""
20555
"\n"
20556
"X-Spam-Level: \n"
20557
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
20558
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
20559
"BAYES_00\n"
20560
"X-Spam-Level: \n"
20561
20562
#: serverguide/C/mail.xml:1624(para)
20563
msgid ""
20564
"Your output will vary, but the important thing is that there are <emphasis>X-"
20565
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
20566
msgstr ""
20567
20568
#: serverguide/C/mail.xml:1632(para)
20569
msgid ""
20570
"The best way to figure out why something is going wrong is to check the log "
20571
"files."
20572
msgstr ""
20573
20574
#: serverguide/C/mail.xml:1637(para)
20575
msgid ""
20576
"For instructions on <application>Postfix</application> logging see the <xref "
20577
"linkend=\"postfix-troubleshooting\"/> section."
20578
msgstr ""
20579
20580
#: serverguide/C/mail.xml:1643(para)
20581
msgid ""
20582
"<application>Amavisd-new</application> uses "
20583
"<application>Syslog</application> to send messages to "
20584
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
20585
"increased by adding the <emphasis>$log_level</emphasis> option to "
20586
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
20587
"1 to 5."
20588
msgstr ""
20589
20590
#: serverguide/C/mail.xml:1648(programlisting)
20591
#, no-wrap
20592
msgid ""
20593
"\n"
20594
"$log_level = 2;\n"
20595
msgstr ""
20596
"\n"
20597
"$log_level = 2;\n"
20598
20599
#: serverguide/C/mail.xml:1652(para)
20600
msgid ""
20601
"When the <application>Amavisd-new</application> log output is increased "
20602
"<application>Spamassassin</application> log output is also increased."
20603
msgstr ""
20604
20605
#: serverguide/C/mail.xml:1659(para)
20606
msgid ""
20607
"The <application>ClamAV</application> log level can be increased by editing "
20608
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
20609
msgstr ""
20610
20611
#: serverguide/C/mail.xml:1663(programlisting)
20612
#, no-wrap
20613
msgid ""
20614
"\n"
20615
"LogVerbose true\n"
20616
msgstr ""
20617
20618
#: serverguide/C/mail.xml:1666(para)
20619
msgid ""
20620
"By default <application>ClamAV</application> will send log messages to "
20621
"<filename>/var/log/clamav/clamav.log</filename>."
20622
msgstr ""
20623
20624
#: serverguide/C/mail.xml:1672(para)
20625
msgid ""
20626
"After changing an applications log settings remember to restart the service "
20627
"for the new settings to take affect. Also, once the issue you are "
20628
"troubleshooting is resolved it is a good idea to change the log settings "
20629
"back to normal."
20630
msgstr ""
20631
20632
#: serverguide/C/mail.xml:1680(para)
20633
msgid "For more information on filtering mail see the following links:"
20634
msgstr ""
20635
20636
#: serverguide/C/mail.xml:1686(ulink)
20637
msgid "Amavisd-new Documentation"
20638
msgstr ""
20639
20640
#: serverguide/C/mail.xml:1690(para)
20641
msgid ""
20642
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
20643
"Documentation</ulink> and <ulink "
20644
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
20645
msgstr ""
20646
20647
#: serverguide/C/mail.xml:1697(ulink)
20648
msgid "Spamassassin Wiki"
20649
msgstr "Spamassassin 维基"
20650
20651
#: serverguide/C/mail.xml:1702(ulink)
20652
msgid "Pyzor Homepage"
20653
msgstr "Pyzor 主页"
20654
20655
#: serverguide/C/mail.xml:1707(ulink)
20656
msgid "Razor Homepage"
20657
msgstr "Razor 主页"
20658
20659
#: serverguide/C/mail.xml:1712(ulink)
20660
msgid "DKIM.org"
20661
msgstr ""
20662
20663
#: serverguide/C/mail.xml:1717(ulink)
20664
msgid "Postfix Amavis New"
20665
msgstr ""
20666
20667
#: serverguide/C/mail.xml:1721(para)
20668
msgid ""
20669
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
20670
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
20671
msgstr ""
20672
20673
#: serverguide/C/lamp-applications.xml:13(title)
20674
msgid "LAMP Applications"
20675
msgstr ""
20676
20677
#: serverguide/C/lamp-applications.xml:19(para)
20678
msgid ""
20679
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
20680
"Ubuntu servers. There is a plethora of Open Source applications written "
20681
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
20682
"Content Management Systems, and Management Software such as phpMyAdmin."
20683
msgstr ""
20684
20685
#: serverguide/C/lamp-applications.xml:26(para)
20686
msgid ""
20687
"One advantage of LAMP is the substantial flexibility for different database, "
20688
"web server, and scripting languages. Popular substitutes for MySQL include "
20689
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
20690
"instead of PHP."
20691
msgstr ""
20692
20693
#: serverguide/C/lamp-applications.xml:32(para)
20694
msgid ""
20695
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
20696
"is:"
20697
msgstr ""
20698
20699
#: serverguide/C/lamp-applications.xml:38(para)
20700
msgid "Download an archive containing the application source files."
20701
msgstr ""
20702
20703
#: serverguide/C/lamp-applications.xml:43(para)
20704
msgid ""
20705
"Unpack the archive, usually in a directory accessible to a web server."
20706
msgstr ""
20707
20708
#: serverguide/C/lamp-applications.xml:48(para)
20709
msgid ""
20710
"Depending on where the source was extracted, configure a web server to serve "
20711
"the files."
20712
msgstr ""
20713
20714
#: serverguide/C/lamp-applications.xml:53(para)
20715
msgid "Configure the application to connect to the database."
20716
msgstr ""
20717
20718
#: serverguide/C/lamp-applications.xml:58(para)
20719
msgid ""
20720
"Run a script, or browse to a page of the application, to install the "
20721
"database needed by the application."
20722
msgstr ""
20723
20724
#: serverguide/C/lamp-applications.xml:63(para)
20725
msgid ""
20726
"Once the steps above, or similar steps, are completed you are ready to begin "
20727
"using the application."
20728
msgstr ""
20729
20730
#: serverguide/C/lamp-applications.xml:69(para)
20731
msgid ""
20732
"A disadvantage of using this approach is that the application files are not "
20733
"placed in the file system in a standard way, which can cause confusion as to "
20734
"where the application is installed. Another larger disadvantage is updating "
20735
"the application. When a new version is released, the same process used to "
20736
"install the application is needed to apply updates."
20737
msgstr ""
20738
20739
#: serverguide/C/lamp-applications.xml:76(para)
20740
msgid ""
20741
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
20742
"packaged for Ubuntu, and are available for installation in the same way as "
20743
"non-LAMP applications. Depending on the application some extra configuration "
20744
"and setup steps may be needed, however."
20745
msgstr ""
20746
20747
#: serverguide/C/lamp-applications.xml:82(para)
20748
msgid ""
20749
"This section covers howto install and configure the Wiki applications "
20750
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
20751
"and the MySQL management application <application>phpMyAdmin</application>."
20752
msgstr ""
20753
20754
#: serverguide/C/lamp-applications.xml:88(para)
20755
msgid ""
20756
"A Wiki is a website that allows the visitors to easily add, remove and "
20757
"modify available content easily. The ease of interaction and operation makes "
20758
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
20759
"also referred to the collaborative software."
20760
msgstr ""
20761
"Wiki 是一种允许访问者方便地添加、删除和修改可用内容的网站。其交互和操作的便利性使得 Wiki 成为大规模协作写作的有效工具。术语 Wiki "
20762
"同时也代表该协作软件。"
20763
20764
#: serverguide/C/lamp-applications.xml:100(title)
20765
msgid "Moin Moin"
20766
msgstr "Moin Moin"
20767
20768
#: serverguide/C/lamp-applications.xml:102(para)
20769
msgid ""
20770
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
20771
"engine, and licensed under the GNU GPL."
20772
msgstr "MoinMoin 是个用 Python 实现的 Wiki 引擎,其基于 PikiPiki Wiki 引擎,并在 GNU GPL 下授权。"
20773
20774
#: serverguide/C/lamp-applications.xml:110(para)
20775
msgid ""
20776
"To install <application>MoinMoin</application>, run the following command in "
20777
"the command prompt:"
20778
msgstr "若想安装 <application>MoinMoin</application>,请在命令行提示中运行如下命令:"
20779
20780
#: serverguide/C/lamp-applications.xml:116(command)
20781
msgid "sudo apt-get install python-moinmoin"
20782
msgstr "sudo apt-get install python-moinmoin"
20783
20784
#: serverguide/C/lamp-applications.xml:119(para)
20785
msgid ""
20786
"You should also install <application>apache2</application> web server. For "
20787
"installing <application>apache2</application> web server, please refer to "
20788
"<xref linkend=\"http-installation\"/> sub-section in <xref "
20789
"linkend=\"httpd\"/> section."
20790
msgstr ""
20791
"你也应该安装<application>apache2</application>网络服务器。为了安装<application>apache2</appli"
20792
"cation>网络服务器,请参考<xref linkend=\"http-installation\"/> sub-section in <xref "
20793
"linkend=\"httpd\"/> section。"
20794
20795
#: serverguide/C/lamp-applications.xml:130(para)
20796
msgid ""
20797
"For configuring your first Wiki application, please run the following set of "
20798
"commands. Let us assume that you are creating a Wiki named "
20799
"<emphasis>mywiki</emphasis>:"
20800
msgstr ""
20801
"要设置您的第一个 Wiki 应用程序,请运行以下一组命令。让我们假设您正在创建一个名为 <emphasis>mywiki</emphasis> 的 "
20802
"Wiki:"
20803
20804
#: serverguide/C/lamp-applications.xml:137(command)
20805
msgid "cd /usr/share/moin"
20806
msgstr ""
20807
20808
#: serverguide/C/lamp-applications.xml:138(command)
20809
msgid "sudo mkdir mywiki"
20810
msgstr ""
20811
20812
#: serverguide/C/lamp-applications.xml:139(command)
20813
msgid "sudo cp -R data mywiki"
20814
msgstr ""
20815
20816
#: serverguide/C/lamp-applications.xml:140(command)
20817
msgid "sudo cp -R underlay mywiki"
20818
msgstr ""
20819
20820
#: serverguide/C/lamp-applications.xml:141(command)
20821
msgid "sudo cp server/moin.cgi mywiki"
20822
msgstr ""
20823
20824
#: serverguide/C/lamp-applications.xml:142(command)
20825
msgid "sudo chown -R www-data.www-data mywiki"
20826
msgstr ""
20827
20828
#: serverguide/C/lamp-applications.xml:143(command)
20829
msgid "sudo chmod -R ug+rwX mywiki"
20830
msgstr ""
20831
20832
#: serverguide/C/lamp-applications.xml:144(command)
20833
msgid "sudo chmod -R o-rwx mywiki"
20834
msgstr ""
20835
20836
#: serverguide/C/lamp-applications.xml:147(para)
20837
msgid ""
20838
"Now you should configure <application>MoinMoin</application> to find your "
20839
"new Wiki <emphasis>mywiki</emphasis>. To configure "
20840
"<application>MoinMoin</application>, open "
20841
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
20842
msgstr ""
20843
"现在您需要配置 <application>MoinMoin</application> 来找到您的新 Wiki "
20844
"<emphasis>mywiki</emphasis>。要配置 <application>MoinMoin</application>,请打开 "
20845
"<filename>/etc/moin/mywiki.py</filename> 文件并改动以下的行:"
20846
20847
#: serverguide/C/lamp-applications.xml:155(programlisting)
20848
#, no-wrap
20849
msgid "data_dir = '/org/mywiki/data'"
20850
msgstr ""
20851
20852
#: serverguide/C/lamp-applications.xml:157(para)
20853
msgid "to"
20854
msgstr "改为"
20855
20856
#: serverguide/C/lamp-applications.xml:161(programlisting)
20857
#, no-wrap
20858
msgid "data_dir = '/usr/share/moin/mywiki/data'"
20859
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
20860
20861
#: serverguide/C/lamp-applications.xml:163(para)
20862
msgid ""
20863
"Also, below the <emphasis>data_dir</emphasis> option add the "
20864
"<emphasis>data_underlay_dir</emphasis>:"
20865
msgstr ""
20866
20867
#: serverguide/C/lamp-applications.xml:167(programlisting)
20868
#, no-wrap
20869
msgid ""
20870
"\n"
20871
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
20872
msgstr ""
20873
20874
#: serverguide/C/lamp-applications.xml:172(para)
20875
msgid ""
20876
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
20877
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
20878
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
20879
"change."
20880
msgstr ""
20881
"如果 <filename>/etc/moin/mywiki.py</filename> 文件不存在,您需要将 "
20882
"<filename>/etc/moin/moinmaster.py</filename> 文件复制为 "
20883
"<filename>/etc/moin/mywiki.py</filename> 文件,并进行上述的更改。"
20884
20885
#: serverguide/C/lamp-applications.xml:181(para)
20886
msgid ""
20887
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
20888
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
20889
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
20890
"<quote>(\"mywiki\", r\".*\")</quote>."
20891
msgstr ""
20892
"如果您将您的 Wiki 命名为 <emphasis>my_wiki_name</emphasis>,您需要在 "
20893
"<filename>/etc/moin/farmconfig.py</filename> 中的 <quote>(\"mywiki\", "
20894
"r\".*\")</quote> 行后插入一行 <quote>(\"my_wiki_name\", r\".*\")</quote>。"
20895
20896
#: serverguide/C/lamp-applications.xml:189(para)
20897
msgid ""
20898
"Once you have configured <application>MoinMoin</application> to find your "
20899
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
20900
"<application>apache2</application> and make it ready for your Wiki "
20901
"application."
20902
msgstr ""
20903
"当您配置了 <application>MoinMoin</application> 来找到您的第一个 Wiki 应用程序 "
20904
"<emphasis>mywiki</emphasis> 后,您还要配置 <application>apache2</application> "
20905
"以使其能运行您的 Wiki 应用程序。"
20906
20907
#: serverguide/C/lamp-applications.xml:196(para)
20908
msgid ""
20909
"You should add the following lines in <filename>/etc/apache2/sites-"
20910
"available/default</filename> file inside the <quote><VirtualHost "
20911
"*></quote> tag:"
20912
msgstr ""
20913
"您应当在 <filename>/etc/apache2/sites-available/default</filename> 中的 "
20914
"<quote><VirtualHost *></quote> 标签内添加如下内容:"
20915
20916
#: serverguide/C/lamp-applications.xml:202(programlisting)
20917
#, no-wrap
20918
msgid ""
20919
"\n"
20920
"### moin\n"
20921
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
20922
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
20923
" <Directory /usr/share/moin/htdocs>\n"
20924
" Order allow,deny\n"
20925
" allow from all\n"
20926
" </Directory>\n"
20927
"### end moin\n"
20928
msgstr ""
20929
20930
#: serverguide/C/lamp-applications.xml:214(para)
20931
msgid ""
20932
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
20933
"<emphasis>alias</emphasis> line above, to the "
20934
"<application>moinmoin</application> version installed."
20935
msgstr ""
20936
20937
#: serverguide/C/lamp-applications.xml:220(para)
20938
msgid ""
20939
"Once you configure the <application>apache2</application> web server and "
20940
"make it ready for your Wiki application, you should restart it. You can run "
20941
"the following command to restart the <application>apache2</application> web "
20942
"server:"
20943
msgstr ""
20944
"当您配置完 <application>apache2</application> web 服务器,要使其能运行您的 Wiki "
20945
"应用程序,您需要重启它。您可以运行如下命令来重启 <application>apache2</application> web 服务器:"
20946
20947
#: serverguide/C/lamp-applications.xml:233(title)
20948
msgid "Verification"
20949
msgstr "验证"
20950
20951
#: serverguide/C/lamp-applications.xml:235(para)
20952
msgid ""
20953
"You can verify the Wiki application and see if it works by pointing your web "
20954
"browser to the following URL:"
20955
msgstr "您可以把您的浏览器指向如下地址来验证 Wiki 应用是否工作:"
20956
20957
#: serverguide/C/lamp-applications.xml:239(programlisting)
20958
#, no-wrap
20959
msgid ""
20960
"\n"
20961
"http://localhost/mywiki\n"
20962
msgstr ""
20963
"\n"
20964
"http://localhost/mywiki\n"
20965
20966
#: serverguide/C/lamp-applications.xml:243(para)
20967
msgid ""
20968
"You can also run the test command by pointing your web browser to the "
20969
"following URL:"
20970
msgstr "您可以把您的浏览器指向如下地址来运行测试命令:工作"
20971
20972
#: serverguide/C/lamp-applications.xml:248(programlisting)
20973
#, no-wrap
20974
msgid ""
20975
"\n"
20976
"http://localhost/mywiki?action=test\n"
20977
msgstr ""
20978
"\n"
20979
"http://localhost/mywiki?action=test\n"
20980
20981
#: serverguide/C/lamp-applications.xml:252(para)
20982
msgid ""
20983
"For more details, please refer to the <ulink "
20984
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
20985
msgstr ""
20986
20987
#: serverguide/C/lamp-applications.xml:263(para)
20988
msgid ""
20989
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
20990
"Wiki</ulink>."
20991
msgstr ""
20992
20993
#: serverguide/C/lamp-applications.xml:268(para)
20994
msgid ""
20995
"Also, see the <ulink "
20996
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
20997
"MoinMoin</ulink> page."
20998
msgstr ""
20999
21000
#: serverguide/C/lamp-applications.xml:277(title)
21001
msgid "MediaWiki"
21002
msgstr "MediaWiki"
21003
21004
#: serverguide/C/lamp-applications.xml:279(para)
21005
msgid ""
21006
"MediaWiki is an web based Wiki software written in the PHP language. It can "
21007
"either use <application>MySQL</application> or "
21008
"<application>PostgreSQL</application> Database Management System."
21009
msgstr ""
21010
"MediaWiki是一款用PHP语言写成的基于网页的维基软件。它可使用<application>MySQL</application> "
21011
"或<application>PostgreSQL</application>数据库管理系统(Database Management "
21012
"System即DMS)。"
21013
21014
#: serverguide/C/lamp-applications.xml:289(para)
21015
msgid ""
21016
"Before installing <application>MediaWiki</application> you should also "
21017
"install <application>Apache2</application>, the "
21018
"<application>PHP5</application> scripting language and Database a Management "
21019
"System. <application>MySQL</application> or "
21020
"<application>PostgreSQL</application> are the most common, choose one "
21021
"depending on your need. Please refer to those sections in this manual for "
21022
"installation instructions."
21023
msgstr ""
21024
"安装 <application>MediaWiki</application> 之前,您需要安装 "
21025
"<application>Apache2</application>,<application>PHP5</application> "
21026
"脚本语言和一个数据库管理系统。 <application>MySQL</application> 和 "
21027
"<application>PostgreSQL</application> 最为常用,根据您的需要选择一个,其安装步骤请查阅本手册相关章节。"
21028
21029
#: serverguide/C/lamp-applications.xml:297(para)
21030
msgid ""
21031
"To install <application>MediaWiki</application>, run the following command "
21032
"in the command prompt:"
21033
msgstr "若想安装 <application>MediaWiki</application>,请在命令行提示中运行如下命令:"
21034
21035
#: serverguide/C/lamp-applications.xml:303(command)
21036
msgid "sudo apt-get install mediawiki php5-gd"
21037
msgstr "sudo apt-get install mediawiki php5-gd"
21038
21039
#: serverguide/C/lamp-applications.xml:306(para)
21040
msgid ""
21041
"For additional <application>MediaWiki</application> functionality see the "
21042
"<application>mediawiki-extensions</application> package."
21043
msgstr ""
21044
21045
#: serverguide/C/lamp-applications.xml:316(para)
21046
msgid ""
21047
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21048
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
21049
"directory. You should uncomment the following line in this file to access "
21050
"MediaWiki application."
21051
msgstr ""
21052
21053
#: serverguide/C/lamp-applications.xml:324(screen)
21054
#, no-wrap
21055
msgid ""
21056
"\n"
21057
"# Alias /mediawiki /var/lib/mediawiki\n"
21058
msgstr ""
21059
21060
#: serverguide/C/lamp-applications.xml:328(para)
21061
msgid ""
21062
"After you uncomment the above line, restart Apache server and access "
21063
"MediaWiki using the following url:"
21064
msgstr ""
21065
21066
#: serverguide/C/lamp-applications.xml:333(programlisting)
21067
#, no-wrap
21068
msgid ""
21069
"\n"
21070
"http://localhost/mediawiki/config/index.php\n"
21071
msgstr ""
21072
"\n"
21073
"http://localhost/mediawiki/config/index.php\n"
21074
21075
#: serverguide/C/lamp-applications.xml:338(para)
21076
msgid ""
21077
"Please read the <quote>Checking environment...</quote> section in this page. "
21078
"You should be able to fix many issues by carefully reading this section."
21079
msgstr "请阅读本页中的 <quote>检查环境...</quote> 部分。通过仔细阅读这部分您应当能够解决许多问题。"
21080
21081
#: serverguide/C/lamp-applications.xml:345(para)
21082
msgid ""
21083
"Once the configuration is complete, you should copy the "
21084
"<filename>LocalSettings.php</filename> file to "
21085
"<filename>/etc/mediawiki</filename> directory:"
21086
msgstr ""
21087
21088
#: serverguide/C/lamp-applications.xml:352(command)
21089
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
21090
msgstr ""
21091
21092
#: serverguide/C/lamp-applications.xml:355(para)
21093
msgid ""
21094
"You may also want to edit "
21095
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
21096
msgstr ""
21097
21098
#: serverguide/C/lamp-applications.xml:360(programlisting)
21099
#, no-wrap
21100
msgid ""
21101
"\n"
21102
"ini_set( 'memory_limit', '64M' );\n"
21103
msgstr ""
21104
21105
#: serverguide/C/lamp-applications.xml:367(title)
21106
msgid "Extensions"
21107
msgstr ""
21108
21109
#: serverguide/C/lamp-applications.xml:368(para)
21110
msgid ""
21111
"The extensions add new features and enhancements for the MediaWiki "
21112
"application. The extensions give wiki administrators and end users the "
21113
"ability to customize MediaWiki to their requirements."
21114
msgstr ""
21115
21116
#: serverguide/C/lamp-applications.xml:374(para)
21117
msgid ""
21118
"You can download MediaWiki extensions as an archive file or checkout from "
21119
"the Subversion repository. You should copy it to "
21120
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
21121
"also add the following line at the end of file: "
21122
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
21123
msgstr ""
21124
21125
#: serverguide/C/lamp-applications.xml:382(programlisting)
21126
#, no-wrap
21127
msgid ""
21128
"\n"
21129
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
21130
msgstr ""
21131
21132
#: serverguide/C/lamp-applications.xml:392(para)
21133
msgid ""
21134
"For more details, please refer to the <ulink "
21135
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
21136
msgstr "详情请参阅 <ulink url=\"http://www.mediawiki.org\">MediaWiki</ulink> 网站。"
21137
21138
#: serverguide/C/lamp-applications.xml:398(para)
21139
msgid ""
21140
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
21141
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
21142
"new MediaWiki administrators."
21143
msgstr ""
21144
21145
#: serverguide/C/lamp-applications.xml:404(para)
21146
msgid ""
21147
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
21148
"Wiki MediaWiki</ulink> page is a good resource."
21149
msgstr ""
21150
21151
#: serverguide/C/lamp-applications.xml:414(title)
21152
msgid "phpMyAdmin"
21153
msgstr ""
21154
21155
#: serverguide/C/lamp-applications.xml:416(para)
21156
msgid ""
21157
"<application>phpMyAdmin</application> is a LAMP application specifically "
21158
"written for administering <application>MySQL</application> servers. Written "
21159
"in <application>PHP</application>, and accessed through a web browser, "
21160
"phpMyAdmin provides a graphical interface for database administration tasks."
21161
msgstr ""
21162
21163
#: serverguide/C/lamp-applications.xml:425(para)
21164
msgid ""
21165
"Before installing <application>phpMyAdmin</application> you will need access "
21166
"to a <application>MySQL</application> database either on the same host as "
21167
"that phpMyAdmin is installed on, or on a host accessible over the network. "
21168
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
21169
"enter:"
21170
msgstr ""
21171
21172
#: serverguide/C/lamp-applications.xml:432(command)
21173
msgid "sudo apt-get install phpmyadmin"
21174
msgstr ""
21175
21176
#: serverguide/C/lamp-applications.xml:435(para)
21177
msgid ""
21178
"At the prompt choose which web server to be configured for "
21179
"<application>phpMyAdmin</application>. The rest of this section will use "
21180
"<application>Apache2</application> for the web server."
21181
msgstr ""
21182
21183
#: serverguide/C/lamp-applications.xml:440(para)
21184
msgid ""
21185
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
21186
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
21187
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
21188
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
21189
"user if you any setup, and enter the <application>MySQL</application> user's "
21190
"password."
21191
msgstr ""
21192
21193
#: serverguide/C/lamp-applications.xml:447(para)
21194
msgid ""
21195
"Once logged in you can reset the <emphasis>root</emphasis> password if "
21196
"needed, create users, create/destroy databases and tables, etc."
21197
msgstr ""
21198
21199
#: serverguide/C/lamp-applications.xml:455(para)
21200
msgid ""
21201
"The configuration files for <application>phpMyAdmin</application> are "
21202
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
21203
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
21204
"configuration options that apply globally to "
21205
"<application>phpMyAdmin</application>."
21206
msgstr ""
21207
21208
#: serverguide/C/lamp-applications.xml:461(para)
21209
msgid ""
21210
"To use <application>phpMyAdmin</application> to administer a MySQL database "
21211
"hosted on another server, adjust the following in "
21212
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
21213
msgstr ""
21214
21215
#: serverguide/C/lamp-applications.xml:466(programlisting)
21216
#, no-wrap
21217
msgid ""
21218
"\n"
21219
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
21220
msgstr ""
21221
21222
#: serverguide/C/lamp-applications.xml:471(para)
21223
msgid ""
21224
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
21225
"remote database server name or IP address. Also, be sure that the "
21226
"<application>phpMyAdmin</application> host has permissions to access the "
21227
"remote database."
21228
msgstr ""
21229
21230
#: serverguide/C/lamp-applications.xml:477(para)
21231
msgid ""
21232
"Once configured, log out of <application>phpMyAdmin</application> and back "
21233
"in, and you should be accessing the new server."
21234
msgstr ""
21235
21236
#: serverguide/C/lamp-applications.xml:481(para)
21237
msgid ""
21238
"The <filename>config.header.inc.php</filename> and "
21239
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
21240
"header and footer to <application>phpMyAdmin</application>."
21241
msgstr ""
21242
21243
#: serverguide/C/lamp-applications.xml:486(para)
21244
msgid ""
21245
"Another important configuration file is "
21246
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
21247
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
21248
"configure <application>Apache2</application> to serve the "
21249
"<application>phpMyAdmin</application> site. The file contains directives for "
21250
"loading <application>PHP</application>, directory permissions, etc. For more "
21251
"information on configuring <application>Apache2</application> see <xref "
21252
"linkend=\"httpd\"/>."
21253
msgstr ""
21254
21255
#: serverguide/C/lamp-applications.xml:500(para)
21256
msgid ""
21257
"The <application>phpMyAdmin</application> documentation comes installed with "
21258
"the package and can be accessed from the <emphasis>phpMyAdmin "
21259
"Documentation</emphasis> link (a question mark with a box around it) under "
21260
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
21261
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
21262
msgstr ""
21263
21264
#: serverguide/C/lamp-applications.xml:507(para)
21265
msgid ""
21266
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
21267
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
21268
msgstr ""
21269
21270
#: serverguide/C/lamp-applications.xml:512(para)
21271
msgid ""
21272
"A third resource is the <ulink "
21273
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
21274
"Wiki</ulink> page."
21275
msgstr ""
21276
21277
#: serverguide/C/introduction.xml:14(para)
21278
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
21279
msgstr "欢迎来到 <emphasis>Ubuntu 服务器指南</emphasis>!"
21280
21281
#: serverguide/C/introduction.xml:15(para)
21282
msgid ""
21283
"Here you can find information on how to install and configure various server "
21284
"applications. It is a step-by-step, task-oriented guide for configuring and "
21285
"customizing your system."
21286
msgstr ""
21287
21288
#: serverguide/C/introduction.xml:19(para)
21289
msgid ""
21290
"This guide assumes you have a basic understanding of your Ubuntu system. "
21291
"Some installation details are covered in <xref linkend=\"installation\"/>, "
21292
"but if you need detailed instructions installing Ubuntu please refer to the "
21293
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
21294
"Installation Guide</ulink>."
21295
msgstr ""
21296
21297
#: serverguide/C/introduction.xml:25(para)
21298
msgid ""
21299
"A HTML version of the manual is available online at <ulink "
21300
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
21301
"HTML files are also available in the <application>ubuntu-"
21302
"serverguide</application> package. See <xref linkend=\"package-"
21303
"management\"/> for details on installing packages."
21304
msgstr ""
21305
21306
#: serverguide/C/introduction.xml:32(para)
21307
msgid ""
21308
"If you choose to install the <application>ubuntu-serverguide</application> "
21309
"you can view this document from a console by:"
21310
msgstr ""
21311
21312
#: serverguide/C/introduction.xml:36(command)
21313
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
21314
msgstr ""
21315
21316
#: serverguide/C/introduction.xml:39(para)
21317
msgid ""
21318
"If you are using a localized version of Ubuntu, replace "
21319
"<emphasis>C</emphasis> with your language localization (e.g. "
21320
"<emphasis>en_GB</emphasis>)."
21321
msgstr ""
21322
21323
#: serverguide/C/introduction.xml:53(title)
21324
msgid "Support"
21325
msgstr ""
21326
21327
#: serverguide/C/introduction.xml:55(para)
21328
msgid ""
21329
"There are a couple of different ways that Ubuntu Server Edition is "
21330
"supported, commercial support and community support. The main commercial "
21331
"support (and development funding) is available from Canonical Ltd. They "
21332
"supply reasonably priced support contracts on a per desktop or per server "
21333
"basis. For more information see the <ulink "
21334
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
21335
"page."
21336
msgstr ""
21337
21338
#: serverguide/C/introduction.xml:62(para)
21339
msgid ""
21340
"Community support is also provided by dedicated individuals, and companies, "
21341
"that wish to make Ubuntu the best distribution possible. Support is provided "
21342
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
21343
"large amount of information available can be overwhelming, but a good search "
21344
"engine query can usually provide an answer to your questions. See the <ulink "
21345
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
21346
"information."
21347
msgstr ""
21348
21349
#: serverguide/C/installation.xml:14(para)
21350
msgid ""
21351
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
21352
"Edition. For more detailed instructions, please refer to the <ulink "
21353
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
21354
"Installation Guide</ulink>."
21355
msgstr ""
21356
21357
#: serverguide/C/installation.xml:19(title)
21358
msgid "Preparing to Install"
21359
msgstr "准备安装"
21360
21361
#: serverguide/C/installation.xml:20(para)
21362
msgid ""
21363
"This section explains various aspects to consider before starting the "
21364
"installation."
21365
msgstr "本部分内容说明在开始安装之前要考虑的各个方面。"
21366
21367
#: serverguide/C/installation.xml:24(title)
21368
msgid "System Requirements"
21369
msgstr "系统要求"
21370
21371
#: serverguide/C/installation.xml:25(para)
21372
msgid ""
21373
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
21374
"and AMD64. The table below lists recommended hardware specifications. "
21375
"Depending on your needs, you might manage with less than this. However, most "
21376
"users risk being frustrated if they ignore these suggestions."
21377
msgstr ""
21378
21379
#: serverguide/C/installation.xml:27(title)
21380
msgid "Recommended Minimum Requirements"
21381
msgstr "最小建议配置"
21382
21383
#: serverguide/C/installation.xml:35(para)
21384
msgid "Install Type"
21385
msgstr "安装类型"
21386
21387
#: serverguide/C/installation.xml:36(para)
21388
msgid "RAM"
21389
msgstr "RAM"
21390
21391
#: serverguide/C/installation.xml:37(para)
21392
msgid "Hard Drive Space"
21393
msgstr "硬盘空间"
21394
21395
#: serverguide/C/installation.xml:40(para)
21396
msgid "Base System"
21397
msgstr "基础系统"
21398
21399
#: serverguide/C/installation.xml:41(para)
21400
msgid "All Tasks Installed"
21401
msgstr ""
21402
21403
#: serverguide/C/installation.xml:46(para)
21404
msgid "Server"
21405
msgstr "服务器"
21406
21407
#: serverguide/C/installation.xml:47(para)
21408
msgid "128 megabytes"
21409
msgstr ""
21410
21411
#: serverguide/C/installation.xml:48(para)
21412
msgid "500 megabytes"
21413
msgstr "500 MB"
21414
21415
#: serverguide/C/installation.xml:49(para)
21416
msgid "1 gigabyte"
21417
msgstr ""
21418
21419
#: serverguide/C/installation.xml:54(para)
21420
msgid ""
21421
"The Server Edition provides a common base for all sorts of server "
21422
"applications. It is a minimalist design providing a platform for the desired "
21423
"services, such as file/print services, web hosting, email hosting, etc."
21424
msgstr ""
21425
21426
#: serverguide/C/installation.xml:60(para)
21427
msgid ""
21428
"The requirements for UEC are slightly different for Front End requirements "
21429
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
21430
"requirements see <xref linkend=\"uec-node-requirements\"/>."
21431
msgstr ""
21432
21433
#: serverguide/C/installation.xml:68(title)
21434
msgid "Server and Desktop Differences"
21435
msgstr ""
21436
21437
#: serverguide/C/installation.xml:69(para)
21438
msgid ""
21439
"There are a few differences between the <emphasis>Ubuntu Server "
21440
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
21441
"should be noted that both editions use the same "
21442
"<application>apt</application> repositories. Making it just as easy to "
21443
"install a <emphasis role=\"italic\">server</emphasis> application on the "
21444
"Desktop Edition as it is on the Server Edition."
21445
msgstr ""
21446
21447
#: serverguide/C/installation.xml:75(para)
21448
msgid ""
21449
"The differences between the two editions are the lack of an X window "
21450
"environment in the Server Edition, the installation process, and different "
21451
"Kernel options."
21452
msgstr ""
21453
21454
#: serverguide/C/installation.xml:82(title)
21455
msgid "Kernel Differences:"
21456
msgstr ""
21457
21458
#: serverguide/C/installation.xml:85(para)
21459
msgid ""
21460
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
21461
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
21462
"Edition."
21463
msgstr ""
21464
21465
#: serverguide/C/installation.xml:91(para)
21466
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
21467
msgstr ""
21468
21469
#: serverguide/C/installation.xml:96(para)
21470
msgid ""
21471
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
21472
"Desktop Edition."
21473
msgstr ""
21474
21475
#: serverguide/C/installation.xml:102(para)
21476
msgid ""
21477
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
21478
"limited by memory addressing space."
21479
msgstr ""
21480
21481
#: serverguide/C/installation.xml:107(para)
21482
msgid ""
21483
"To see all kernel configuration options you can look through "
21484
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
21485
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
21486
"is a great resource on the options available."
21487
msgstr ""
21488
21489
#: serverguide/C/installation.xml:116(title)
21490
msgid "Backing Up"
21491
msgstr "备份"
21492
21493
#: serverguide/C/installation.xml:119(para)
21494
msgid ""
21495
"Before installing <application>Ubuntu Server Edition</application> you "
21496
"should make sure all data on the system is backed up. See <xref "
21497
"linkend=\"backups\"/> for backup options."
21498
msgstr ""
21499
21500
#: serverguide/C/installation.xml:123(para)
21501
msgid ""
21502
"If this is not the first time an operating system has been installed on your "
21503
"computer, it is likely you will need to re-partition your disk to make room "
21504
"for Ubuntu."
21505
msgstr ""
21506
21507
#: serverguide/C/installation.xml:127(para)
21508
msgid ""
21509
"Any time you partition your disk, you should be prepared to lose everything "
21510
"on the disk should you make a mistake or something goes wrong during "
21511
"partitioning. The programs used in installation are quite reliable, most "
21512
"have seen years of use, but they also perform destructive actions."
21513
msgstr ""
21514
21515
#: serverguide/C/installation.xml:139(title)
21516
msgid "Installing from CD"
21517
msgstr "从 CD 安装"
21518
21519
#: serverguide/C/installation.xml:140(para)
21520
msgid ""
21521
"The basic steps to install Ubuntu Server Edition from CD are the same for "
21522
"installing any operating system from CD. Unlike the <emphasis>Desktop "
21523
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
21524
"a graphical installation program. Instead the Server Edition uses a console "
21525
"menu based process."
21526
msgstr ""
21527
21528
#: serverguide/C/installation.xml:147(para)
21529
msgid ""
21530
"First, download and burn the appropriate ISO file from the <ulink "
21531
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
21532
msgstr ""
21533
21534
#: serverguide/C/installation.xml:153(para)
21535
msgid "Boot the system from the CD-ROM drive."
21536
msgstr ""
21537
21538
#: serverguide/C/installation.xml:158(para)
21539
msgid ""
21540
"At the boot prompt you will be asked to select the language. Afterwards the "
21541
"installation process begins by asking for your keyboard layout."
21542
msgstr ""
21543
21544
#: serverguide/C/installation.xml:164(para)
21545
msgid ""
21546
"From the main boot menu there are some additional options to install Ubuntu "
21547
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
21548
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
21549
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
21550
"will cover the basic Ubuntu Server install."
21551
msgstr ""
21552
21553
#: serverguide/C/installation.xml:172(para)
21554
msgid ""
21555
"The installer then discovers your hardware configuration, and configures the "
21556
"network settings using DHCP. If you do not wish to use DHCP at the next "
21557
"screen choose \"Go Back\", and you have the option to \"Configure the "
21558
"network manually\"."
21559
msgstr ""
21560
21561
#: serverguide/C/installation.xml:179(para)
21562
msgid "Next, the installer asks for the system's hostname and Time Zone."
21563
msgstr ""
21564
21565
#: serverguide/C/installation.xml:184(para)
21566
msgid ""
21567
"You can then choose from several options to configure the hard drive layout. "
21568
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
21569
msgstr ""
21570
21571
#: serverguide/C/installation.xml:190(para)
21572
msgid "The Ubuntu base system is then installed."
21573
msgstr ""
21574
21575
#: serverguide/C/installation.xml:195(para)
21576
msgid ""
21577
"A new user is setup, this user will have <emphasis>root</emphasis> access "
21578
"through the <application>sudo</application> utility."
21579
msgstr ""
21580
21581
#: serverguide/C/installation.xml:201(para)
21582
msgid ""
21583
"After the user is setup, you will be asked to encrypt your <filename "
21584
"role=\"directory\">home</filename> directory."
21585
msgstr ""
21586
21587
#: serverguide/C/installation.xml:207(para)
21588
msgid ""
21589
"The next step in the installation process is to decide how you want to "
21590
"update the system. There are three options:"
21591
msgstr ""
21592
21593
#: serverguide/C/installation.xml:213(para)
21594
msgid ""
21595
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
21596
"log into the machine and manually install updates."
21597
msgstr ""
21598
21599
#: serverguide/C/installation.xml:219(para)
21600
msgid ""
21601
"<emphasis>Install security updates Automatically</emphasis>: will install "
21602
"the <application>unattended-upgrades</application> package, which will "
21603
"install security updates without the intervention of an administrator. For "
21604
"more details see <xref linkend=\"automatic-updates\"/>."
21605
msgstr ""
21606
21607
#: serverguide/C/installation.xml:226(para)
21608
msgid ""
21609
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
21610
"service provided by Canonical to help manage your Ubuntu machines. See the "
21611
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
21612
"site for details."
21613
msgstr ""
21614
21615
#: serverguide/C/installation.xml:235(para)
21616
msgid ""
21617
"You now have the option to install, or not install, several package tasks. "
21618
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
21619
"to launch <application>aptitude</application> to choose specific packages to "
21620
"install. For more information see <xref linkend=\"aptitude\"/>."
21621
msgstr ""
21622
21623
#: serverguide/C/installation.xml:243(para)
21624
msgid "Finally, the last step before rebooting is to set the clock to UTC."
21625
msgstr ""
21626
21627
#: serverguide/C/installation.xml:249(para)
21628
msgid ""
21629
"If at any point during installation you are not satisfied by the default "
21630
"setting, use the \"Go Back\" function at any prompt to be brought to a "
21631
"detailed installation menu that will allow you to modify the default "
21632
"settings."
21633
msgstr ""
21634
21635
#: serverguide/C/installation.xml:254(para)
21636
msgid ""
21637
"At some point during the installation process you may want to read the help "
21638
"screen provided by the installation system. To do this, press F1."
21639
msgstr ""
21640
21641
#: serverguide/C/installation.xml:259(para)
21642
msgid ""
21643
"Once again, for detailed instructions see the <ulink "
21644
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
21645
"Installation Guide</ulink>."
21646
msgstr ""
21647
21648
#: serverguide/C/installation.xml:265(title)
21649
msgid "Package Tasks"
21650
msgstr ""
21651
21652
#: serverguide/C/installation.xml:266(para)
21653
msgid ""
21654
"During the Server Edition installation you have the option of installing "
21655
"additional packages from the CD. The packages are grouped by the type of "
21656
"service they provide."
21657
msgstr ""
21658
21659
#: serverguide/C/installation.xml:272(para)
21660
msgid "Cloud computing: Walrus storage service"
21661
msgstr ""
21662
21663
#: serverguide/C/installation.xml:277(para)
21664
msgid "Cloud computing: all-in-one cluster"
21665
msgstr ""
21666
21667
#: serverguide/C/installation.xml:282(para)
21668
msgid "Cloud computing: Cluster controller"
21669
msgstr ""
21670
21671
#: serverguide/C/installation.xml:287(para)
21672
msgid "Cloud computing: Node controller"
21673
msgstr ""
21674
21675
#: serverguide/C/installation.xml:292(para)
21676
msgid "Cloud computing: Storage controller"
21677
msgstr ""
21678
21679
#: serverguide/C/installation.xml:297(para)
21680
msgid "Cloud computing: top-level cloud controller"
21681
msgstr ""
21682
21683
#: serverguide/C/installation.xml:302(para)
21684
msgid "DNS server: Selects the BIND DNS server and its documentation."
21685
msgstr ""
21686
21687
#: serverguide/C/installation.xml:307(para)
21688
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
21689
msgstr ""
21690
21691
#: serverguide/C/installation.xml:312(para)
21692
msgid ""
21693
"Mail server: This task selects a variety of package useful for a general "
21694
"purpose mail server system."
21695
msgstr ""
21696
21697
#: serverguide/C/installation.xml:317(para)
21698
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
21699
msgstr ""
21700
21701
#: serverguide/C/installation.xml:322(para)
21702
msgid ""
21703
"PostgreSQL database: This task selects client and server packages for the "
21704
"PostgreSQL database."
21705
msgstr ""
21706
21707
#: serverguide/C/installation.xml:327(para)
21708
msgid "Print server: This task sets up your system to be a print server."
21709
msgstr ""
21710
21711
#: serverguide/C/installation.xml:332(para)
21712
msgid ""
21713
"Samba File server: This task sets up your system to be a Samba file server, "
21714
"which is especially suitable in networks with both Windows and Linux systems."
21715
msgstr ""
21716
21717
#: serverguide/C/installation.xml:338(para)
21718
msgid ""
21719
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
21720
"etc."
21721
msgstr ""
21722
21723
#: serverguide/C/installation.xml:343(para)
21724
msgid ""
21725
"Virtual machine host: Includes packages needed to run KVM virtual machines."
21726
msgstr ""
21727
21728
#: serverguide/C/installation.xml:348(para)
21729
msgid ""
21730
"Manually select packages: Executes <application>apptitude</application> "
21731
"allowing you to individually select packages."
21732
msgstr ""
21733
21734
#: serverguide/C/installation.xml:353(para)
21735
msgid ""
21736
"Installing the package groups is accomplished using the "
21737
"<application>tasksel</application> utility. One of the important difference "
21738
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
21739
"installed, a package is also configured to reasonable defaults, eventually "
21740
"prompting you for additional required information. Likewise, when installing "
21741
"a task, the packages are not only installed, but also configured to provided "
21742
"a fully integrated service."
21743
msgstr ""
21744
21745
#: serverguide/C/installation.xml:360(para)
21746
msgid ""
21747
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
21748
"<xref linkend=\"uec\"/>."
21749
msgstr ""
21750
21751
#: serverguide/C/installation.xml:363(para)
21752
msgid ""
21753
"Once the installation process has finished you can view a list of available "
21754
"tasks by entering the following from a terminal prompt:"
21755
msgstr ""
21756
21757
#: serverguide/C/installation.xml:368(command)
21758
msgid "tasksel --list-tasks"
21759
msgstr "tasksel --list-tasks"
21760
21761
#: serverguide/C/installation.xml:371(para)
21762
msgid ""
21763
"The output will list tasks from other Ubuntu based distributions such as "
21764
"Kubuntu and Edubuntu. Note that you can also invoke the "
21765
"<command>tasksel</command> command by itself, which will bring up a menu of "
21766
"the different tasks available."
21767
msgstr ""
21768
21769
#: serverguide/C/installation.xml:377(para)
21770
msgid ""
21771
"You can view a list of which packages are installed with each task using the "
21772
"<emphasis>--task-packages</emphasis> option. For example, to list the "
21773
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
21774
"following:"
21775
msgstr ""
21776
21777
#: serverguide/C/installation.xml:382(command)
21778
msgid "tasksel --task-packages dns-server"
21779
msgstr "tasksel --task-packages dns-server"
21780
21781
#: serverguide/C/installation.xml:384(para)
21782
msgid "The output of the command should list:"
21783
msgstr ""
21784
21785
#: serverguide/C/installation.xml:387(programlisting)
21786
#, no-wrap
21787
msgid ""
21788
"\n"
21789
"bind9-doc \n"
21790
"bind9utils \n"
21791
"bind9\n"
21792
msgstr ""
21793
21794
#: serverguide/C/installation.xml:392(para)
21795
msgid ""
21796
"Also, if you did not install one of the tasks during the installation "
21797
"process, but for example you decide to make your new LAMP server a DNS "
21798
"server as well. Simply insert the installation CD and from a terminal:"
21799
msgstr ""
21800
21801
#: serverguide/C/installation.xml:397(command)
21802
msgid "sudo tasksel install dns-server"
21803
msgstr "sudo tasksel install dns-server"
21804
21805
#: serverguide/C/installation.xml:402(title)
21806
msgid "Upgrading"
21807
msgstr "正在更新"
21808
21809
#: serverguide/C/installation.xml:403(para)
21810
msgid ""
21811
"There are several ways to upgrade from one Ubuntu release to another. This "
21812
"section gives an overview of the recommended upgrade method."
21813
msgstr ""
21814
21815
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
21816
msgid "do-release-upgrade"
21817
msgstr "do-release-upgrade"
21818
21819
#: serverguide/C/installation.xml:408(para)
21820
msgid ""
21821
"The recommended way to upgrade a Server Edition installation is to use the "
21822
"<application>do-release-upgrade</application> utility. Part of the "
21823
"<emphasis>update-manager-core</emphasis> package, it does not have any "
21824
"graphical dependencies and is installed by default."
21825
msgstr ""
21826
21827
#: serverguide/C/installation.xml:413(para)
21828
msgid ""
21829
"Debian based systems can also be upgraded by using <command>apt-get dist-"
21830
"upgrade</command>. However, using <application>do-release-"
21831
"upgrade</application> is recommended because it has the ability to handle "
21832
"system configuration changes sometimes needed between releases."
21833
msgstr ""
21834
21835
#: serverguide/C/installation.xml:418(para)
21836
msgid "To upgrade to a newer release, from a terminal prompt enter:"
21837
msgstr ""
21838
21839
#: serverguide/C/installation.xml:424(para)
21840
msgid ""
21841
"It is also possible to use <application>do-release-upgrade</application> to "
21842
"upgrade to a development version of Ubuntu. To accomplish this use the "
21843
"<emphasis>-d</emphasis> switch:"
21844
msgstr ""
21845
21846
#: serverguide/C/installation.xml:429(command)
21847
msgid "do-release-upgrade -d"
21848
msgstr "do-release-upgrade -d"
21849
21850
#: serverguide/C/installation.xml:432(para)
21851
msgid ""
21852
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
21853
"for production environments."
21854
msgstr ""
21855
21856
#: serverguide/C/installation.xml:439(title)
21857
msgid "Advanced Installation"
21858
msgstr ""
21859
21860
#: serverguide/C/installation.xml:442(title)
21861
msgid "Software RAID"
21862
msgstr ""
21863
21864
#: serverguide/C/installation.xml:444(para)
21865
msgid ""
21866
"RAID is a method of configuring multiple hard drives to act as one, reducing "
21867
"the probability of catastrophic data loss in case of drive failure. RAID is "
21868
"implemented in either software (where the operating system knows about both "
21869
"drives and actively maintains both of them) or hardware (where a special "
21870
"controller makes the OS think there's only one drive and maintains the "
21871
"drives 'invisibly')."
21872
msgstr ""
21873
21874
#: serverguide/C/installation.xml:451(para)
21875
msgid ""
21876
"The RAID software included with current versions of Linux (and Ubuntu) is "
21877
"based on the <application>'mdadm'</application> driver and works very well, "
21878
"better even than many so-called 'hardware' RAID controllers. This section "
21879
"will guide you through installing Ubuntu Server Edition using two RAID1 "
21880
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
21881
"another for <emphasis>swap</emphasis>."
21882
msgstr ""
21883
21884
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
21885
msgid ""
21886
"Follow the installation steps until you get to the <emphasis>Partition "
21887
"disks</emphasis> step, then:"
21888
msgstr ""
21889
21890
#: serverguide/C/installation.xml:468(para)
21891
msgid "Select <emphasis>Manual</emphasis> as the partition method."
21892
msgstr ""
21893
21894
#: serverguide/C/installation.xml:475(para)
21895
msgid ""
21896
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
21897
"partition table on this device?\"</emphasis>."
21898
msgstr ""
21899
21900
#: serverguide/C/installation.xml:479(para)
21901
msgid ""
21902
"Repeat this step for each drive you wish to be part of the RAID array."
21903
msgstr ""
21904
21905
#: serverguide/C/installation.xml:486(para)
21906
msgid ""
21907
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
21908
"select <emphasis>\"Create a new partition\"</emphasis>."
21909
msgstr ""
21910
21911
#: serverguide/C/installation.xml:493(para)
21912
msgid ""
21913
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
21914
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
21915
"size is twice that of RAM. Enter the partition size, then choose "
21916
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
21917
msgstr ""
21918
21919
#: serverguide/C/installation.xml:502(para)
21920
msgid ""
21921
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
21922
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
21923
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
21924
"<emphasis>\"Done setting up partition\"</emphasis>."
21925
msgstr ""
21926
21927
#: serverguide/C/installation.xml:511(para)
21928
msgid ""
21929
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
21930
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
21931
"partition\"</emphasis>."
21932
msgstr ""
21933
21934
#: serverguide/C/installation.xml:519(para)
21935
msgid ""
21936
"Use the rest of the free space on the drive and choose "
21937
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
21938
msgstr ""
21939
21940
#: serverguide/C/installation.xml:526(para)
21941
msgid ""
21942
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
21943
"at the top, changing it to <emphasis>\"physical volume for "
21944
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
21945
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
21946
"<emphasis>\"Done setting up partition\"</emphasis>."
21947
msgstr ""
21948
21949
#: serverguide/C/installation.xml:536(para)
21950
msgid "Repeat steps three through eight for the other disk and partitions."
21951
msgstr ""
21952
21953
#: serverguide/C/installation.xml:545(title)
21954
msgid "RAID Configuration"
21955
msgstr ""
21956
21957
#: serverguide/C/installation.xml:547(para)
21958
msgid "With the partitions setup the arrays are ready to be configured:"
21959
msgstr ""
21960
21961
#: serverguide/C/installation.xml:554(para)
21962
msgid ""
21963
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
21964
"Software RAID\"</emphasis> at the top."
21965
msgstr ""
21966
21967
#: serverguide/C/installation.xml:561(para)
21968
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
21969
msgstr ""
21970
21971
#: serverguide/C/installation.xml:568(para)
21972
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
21973
msgstr ""
21974
21975
#: serverguide/C/installation.xml:575(para)
21976
msgid ""
21977
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
21978
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
21979
msgstr ""
21980
21981
#: serverguide/C/installation.xml:581(para)
21982
msgid ""
21983
"In order to use <emphasis>RAID5</emphasis> you need at least "
21984
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
21985
"<emphasis>two</emphasis> drives are required."
21986
msgstr ""
21987
21988
#: serverguide/C/installation.xml:590(para)
21989
msgid ""
21990
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
21991
"of hard drives you have, for the array. Then select "
21992
"<emphasis>\"Continue\"</emphasis>."
21993
msgstr ""
21994
21995
#: serverguide/C/installation.xml:598(para)
21996
msgid ""
21997
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
21998
"default, then choose <emphasis>\"Continue\"</emphasis>."
21999
msgstr ""
22000
22001
#: serverguide/C/installation.xml:605(para)
22002
msgid ""
22003
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22004
"etc. The numbers will usually match and the different letters correspond to "
22005
"different hard drives."
22006
msgstr ""
22007
22008
#: serverguide/C/installation.xml:610(para)
22009
msgid ""
22010
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22011
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22012
"go to the next step."
22013
msgstr ""
22014
22015
#: serverguide/C/installation.xml:618(para)
22016
msgid ""
22017
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22018
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22019
"and <emphasis>sdb2</emphasis>."
22020
msgstr ""
22021
22022
#: serverguide/C/installation.xml:626(para)
22023
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22024
msgstr ""
22025
22026
#: serverguide/C/installation.xml:636(title)
22027
msgid "Formatting"
22028
msgstr ""
22029
22030
#: serverguide/C/installation.xml:638(para)
22031
msgid ""
22032
"There should now be a list of hard drives and RAID devices. The next step is "
22033
"to format and set the mount point for the RAID devices. Treat the RAID "
22034
"device as a local hard drive, format and mount accordingly."
22035
msgstr ""
22036
22037
#: serverguide/C/installation.xml:646(para)
22038
msgid ""
22039
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22040
"#0\"</emphasis> partition."
22041
msgstr ""
22042
22043
#: serverguide/C/installation.xml:653(para)
22044
msgid ""
22045
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22046
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22047
msgstr ""
22048
22049
#: serverguide/C/installation.xml:661(para)
22050
msgid ""
22051
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22052
"#1\"</emphasis> partition."
22053
msgstr ""
22054
22055
#: serverguide/C/installation.xml:668(para)
22056
msgid ""
22057
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22058
"journaling file system\"</emphasis>."
22059
msgstr ""
22060
22061
#: serverguide/C/installation.xml:675(para)
22062
msgid ""
22063
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22064
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22065
"options as appropriate, then select <emphasis>\"Done setting up "
22066
"partition\"</emphasis>."
22067
msgstr ""
22068
22069
#: serverguide/C/installation.xml:683(para)
22070
msgid ""
22071
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22072
"disk\"</emphasis>."
22073
msgstr ""
22074
22075
#: serverguide/C/installation.xml:690(para)
22076
msgid ""
22077
"If you choose to place the root partition on a RAID array, the installer "
22078
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
22079
"state. See <xref linkend=\"raid-degraded\"/> for further details."
22080
msgstr ""
22081
22082
#: serverguide/C/installation.xml:695(para)
22083
msgid "The installation process will then continue normally."
22084
msgstr ""
22085
22086
#: serverguide/C/installation.xml:701(title)
22087
msgid "Degraded RAID"
22088
msgstr ""
22089
22090
#: serverguide/C/installation.xml:703(para)
22091
msgid ""
22092
"At some point in the life of the computer a disk failure event may occur. "
22093
"When this happens, using Software RAID, the operating system will place the "
22094
"array into what is known as a <emphasis>degraded</emphasis> state."
22095
msgstr ""
22096
22097
#: serverguide/C/installation.xml:708(para)
22098
msgid ""
22099
"If the array has become degraded, due to the chance of data corruption, by "
22100
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
22101
"after thirty seconds. Once the initramfs has booted there is a fifteen "
22102
"second prompt giving you the option to go ahead and boot the system, or "
22103
"attempt manual recover. Booting to the initramfs prompt may or may not be "
22104
"the desired behavior, especially if the machine is in a remote location. "
22105
"Booting to a degraded array can be configured several ways:"
22106
msgstr ""
22107
22108
#: serverguide/C/installation.xml:719(para)
22109
msgid ""
22110
"The <application>dpkg-reconfigure</application> utility can be used to "
22111
"configure the default behavior, and during the process you will be queried "
22112
"about additional settings related to the array. Such as monitoring, email "
22113
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
22114
"following:"
22115
msgstr ""
22116
22117
#: serverguide/C/installation.xml:726(command)
22118
msgid "sudo dpkg-reconfigure mdadm"
22119
msgstr ""
22120
22121
#: serverguide/C/installation.xml:732(para)
22122
msgid ""
22123
"The <command>dpkg-reconfigure mdadm</command> process will change the "
22124
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
22125
"The file has the advantage of being able to pre-configure the system's "
22126
"behavior, and can also be manually edited:"
22127
msgstr ""
22128
22129
#: serverguide/C/installation.xml:738(programlisting)
22130
#, no-wrap
22131
msgid ""
22132
"\n"
22133
"BOOT_DEGRADED=true\n"
22134
msgstr ""
22135
22136
#: serverguide/C/installation.xml:743(para)
22137
msgid "The configuration file can be overridden by using a Kernel argument."
22138
msgstr ""
22139
22140
#: serverguide/C/installation.xml:751(para)
22141
msgid ""
22142
"Using a Kernel argument will allow the system to boot to a degraded array as "
22143
"well:"
22144
msgstr ""
22145
22146
#: serverguide/C/installation.xml:757(para)
22147
msgid ""
22148
"When the server is booting press <keycap>Shift</keycap> to open the "
22149
"<application>Grub</application> menu."
22150
msgstr ""
22151
22152
#: serverguide/C/installation.xml:762(para)
22153
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22154
msgstr ""
22155
22156
#: serverguide/C/installation.xml:767(para)
22157
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22158
msgstr ""
22159
22160
#: serverguide/C/installation.xml:772(para)
22161
msgid ""
22162
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22163
"end of the line."
22164
msgstr ""
22165
22166
#: serverguide/C/installation.xml:777(para)
22167
msgid ""
22168
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22169
"the system."
22170
msgstr ""
22171
22172
#: serverguide/C/installation.xml:786(para)
22173
msgid ""
22174
"Once the system has booted you can either repair the array see <xref "
22175
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22176
"another machine due to major hardware failure."
22177
msgstr ""
22178
22179
#: serverguide/C/installation.xml:793(title)
22180
msgid "RAID Maintenance"
22181
msgstr ""
22182
22183
#: serverguide/C/installation.xml:795(para)
22184
msgid ""
22185
"The <application>mdadm</application> utility can be used to view the status "
22186
"of an array, add disks to an array, remove disks, etc:"
22187
msgstr ""
22188
22189
#: serverguide/C/installation.xml:802(para)
22190
msgid "To view the status of an array, from a terminal prompt enter:"
22191
msgstr ""
22192
22193
#: serverguide/C/installation.xml:806(command)
22194
msgid "sudo mdadm -D /dev/md0"
22195
msgstr ""
22196
22197
#: serverguide/C/installation.xml:809(para)
22198
msgid ""
22199
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22200
"display <emphasis>detailed</emphasis> information about the "
22201
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
22202
"with the appropriate RAID device."
22203
msgstr ""
22204
22205
#: serverguide/C/installation.xml:815(para)
22206
msgid "To view the status of a disk in an array:"
22207
msgstr ""
22208
22209
#: serverguide/C/installation.xml:819(command)
22210
msgid "sudo mdadm -E /dev/sda1"
22211
msgstr ""
22212
22213
#: serverguide/C/installation.xml:821(para)
22214
msgid ""
22215
"The output if very similar to the <command>mdadm -D</command> command, "
22216
"adjust <filename>/dev/sda1</filename> for each disk."
22217
msgstr ""
22218
22219
#: serverguide/C/installation.xml:826(para)
22220
msgid "If a disk fails and needs to be removed from an array enter:"
22221
msgstr ""
22222
22223
#: serverguide/C/installation.xml:830(command)
22224
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
22225
msgstr ""
22226
22227
#: serverguide/C/installation.xml:832(para)
22228
msgid ""
22229
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
22230
"the appropriate RAID device and disk."
22231
msgstr ""
22232
22233
#: serverguide/C/installation.xml:837(para)
22234
msgid "Similarly, to add a new disk:"
22235
msgstr ""
22236
22237
#: serverguide/C/installation.xml:841(command)
22238
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
22239
msgstr ""
22240
22241
#: serverguide/C/installation.xml:846(para)
22242
msgid ""
22243
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
22244
"though there is nothing physically wrong with the drive. It is usually "
22245
"worthwhile to remove the drive from the array then re-add it. This will "
22246
"cause the drive to re-sync with the array. If the drive will not sync with "
22247
"the array, it is a good indication of hardware failure."
22248
msgstr ""
22249
22250
#: serverguide/C/installation.xml:852(para)
22251
msgid ""
22252
"The <filename>/proc/mdstat</filename> file also contains useful information "
22253
"about the system's RAID devices:"
22254
msgstr ""
22255
22256
#: serverguide/C/installation.xml:857(command)
22257
msgid "cat /proc/mdstat"
22258
msgstr ""
22259
22260
#: serverguide/C/installation.xml:858(computeroutput)
22261
#, no-wrap
22262
msgid ""
22263
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
22264
"[raid10] \n"
22265
"md0 : active raid1 sda1[0] sdb1[1]\n"
22266
" 10016384 blocks [2/2] [UU]\n"
22267
" \n"
22268
"unused devices: <none>"
22269
msgstr ""
22270
22271
#: serverguide/C/installation.xml:865(para)
22272
msgid ""
22273
"The following command is great for watching the status of a syncing drive:"
22274
msgstr ""
22275
22276
#: serverguide/C/installation.xml:870(command)
22277
msgid "watch -n1 cat /proc/mdstat"
22278
msgstr ""
22279
22280
#: serverguide/C/installation.xml:873(para)
22281
msgid ""
22282
"Press <emphasis>Ctrl+c</emphasis> to stop the "
22283
"<application>watch</application> command."
22284
msgstr ""
22285
22286
#: serverguide/C/installation.xml:877(para)
22287
msgid ""
22288
"If you do need to replace a faulty drive, after the drive has been replaced "
22289
"and synced, <application>grub</application> will need to be installed. To "
22290
"install <application>grub</application> on the new drive, enter the "
22291
"following:"
22292
msgstr ""
22293
22294
#: serverguide/C/installation.xml:883(command)
22295
msgid "sudo grub-install /dev/md0"
22296
msgstr ""
22297
22298
#: serverguide/C/installation.xml:886(para)
22299
msgid ""
22300
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
22301
msgstr ""
22302
22303
#: serverguide/C/installation.xml:894(para)
22304
msgid ""
22305
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
22306
"can be configured. Please see the following links for more information:"
22307
msgstr ""
22308
22309
#: serverguide/C/installation.xml:901(para)
22310
msgid ""
22311
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
22312
"Wiki Articles on RAID</ulink>."
22313
msgstr ""
22314
22315
#: serverguide/C/installation.xml:907(ulink)
22316
msgid "Software RAID HOWTO"
22317
msgstr ""
22318
22319
#: serverguide/C/installation.xml:912(ulink)
22320
msgid "Managing RAID on Linux"
22321
msgstr ""
22322
22323
#: serverguide/C/installation.xml:919(title)
22324
msgid "Logical Volume Manager (LVM)"
22325
msgstr ""
22326
22327
#: serverguide/C/installation.xml:921(para)
22328
msgid ""
22329
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
22330
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
22331
"hard disks. LVM volumes can be created on both software RAID partitions and "
22332
"standard partitions residing on a single disk. Volumes can also be extended, "
22333
"giving greater flexibility to systems as requirements change."
22334
msgstr ""
22335
22336
#: serverguide/C/installation.xml:930(para)
22337
msgid ""
22338
"A side effect of LVM's power and flexibility is a greater degree of "
22339
"complication. Before diving into the LVM installation process, it is best to "
22340
"get familiar with some terms."
22341
msgstr ""
22342
22343
#: serverguide/C/installation.xml:937(para)
22344
msgid ""
22345
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
22346
"Volumes (LV)."
22347
msgstr ""
22348
22349
#: serverguide/C/installation.xml:942(para)
22350
msgid ""
22351
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
22352
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
22353
"which resides the actual EXT3, XFS, JFS, etc filesystem."
22354
msgstr ""
22355
22356
#: serverguide/C/installation.xml:948(para)
22357
msgid ""
22358
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
22359
"RAID partition. The Volume Group can be extended by adding more PVs."
22360
msgstr ""
22361
22362
#: serverguide/C/installation.xml:959(para)
22363
msgid ""
22364
"As an example this section covers installing Ubuntu Server Edition with "
22365
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
22366
"the initial install only one Physical Volume (PV) will be part of the Volume "
22367
"Group (VG). Another PV will be added after install to demonstrate how a VG "
22368
"can be extended."
22369
msgstr ""
22370
22371
#: serverguide/C/installation.xml:965(para)
22372
msgid ""
22373
"There are several installation options for LVM, <emphasis>\"Guided - use the "
22374
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
22375
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
22376
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
22377
"partitions and configure LVM. At this time the only way to configure a "
22378
"system with both LVM and standard partitions, during installation, is to use "
22379
"the Manual approach."
22380
msgstr ""
22381
22382
#: serverguide/C/installation.xml:982(para)
22383
msgid ""
22384
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
22385
"<emphasis>\"Manual\"</emphasis>."
22386
msgstr ""
22387
22388
#: serverguide/C/installation.xml:989(para)
22389
msgid ""
22390
"Select the hard disk and on the next screen choose \"yes\" to "
22391
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
22392
msgstr ""
22393
22394
#: serverguide/C/installation.xml:996(para)
22395
msgid ""
22396
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
22397
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
22398
msgstr ""
22399
22400
#: serverguide/C/installation.xml:1004(para)
22401
msgid ""
22402
"For the LVM <emphasis>/srv</emphasis>, create a new "
22403
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
22404
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
22405
"<emphasis>\"Done setting up the partition\"</emphasis>."
22406
msgstr ""
22407
22408
#: serverguide/C/installation.xml:1012(para)
22409
msgid ""
22410
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
22411
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
22412
"disk."
22413
msgstr ""
22414
22415
#: serverguide/C/installation.xml:1020(para)
22416
msgid ""
22417
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
22418
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
22419
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
22420
"After entering a name, select the partition configured for LVM, and choose "
22421
"<emphasis>\"Continue\"</emphasis>."
22422
msgstr ""
22423
22424
#: serverguide/C/installation.xml:1029(para)
22425
msgid ""
22426
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
22427
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
22428
"volume group, and enter a name for the new LV, for example "
22429
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
22430
"a size, which may be the full partition because it can always be extended "
22431
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
22432
"main <emphasis>\"Partition Disks\"</emphasis> screen."
22433
msgstr ""
22434
22435
#: serverguide/C/installation.xml:1039(para)
22436
msgid ""
22437
"Now add a filesystem to the new LVM. Select the partition under "
22438
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
22439
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
22440
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
22441
"select <emphasis>\"Done setting up the partition\"</emphasis>."
22442
msgstr ""
22443
22444
#: serverguide/C/installation.xml:1048(para)
22445
msgid ""
22446
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22447
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
22448
"the installation."
22449
msgstr ""
22450
22451
#: serverguide/C/installation.xml:1056(para)
22452
msgid "There are some useful utilities to view information about LVM:"
22453
msgstr ""
22454
22455
#: serverguide/C/installation.xml:1061(para)
22456
msgid ""
22457
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
22458
msgstr ""
22459
22460
#: serverguide/C/installation.xml:1062(para)
22461
msgid ""
22462
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
22463
msgstr ""
22464
22465
#: serverguide/C/installation.xml:1063(para)
22466
msgid ""
22467
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
22468
"Physical Volumes."
22469
msgstr ""
22470
22471
#: serverguide/C/installation.xml:1068(title)
22472
msgid "Extending Volume Groups"
22473
msgstr ""
22474
22475
#: serverguide/C/installation.xml:1070(para)
22476
msgid ""
22477
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
22478
"section covers adding a second hard disk, creating a Physical Volume (PV), "
22479
"adding it to the volume group (VG), extending the logical volume <filename "
22480
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
22481
"example assumes a second hard disk has been added to the system. This hard "
22482
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
22483
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
22484
"before issuing the commands below. You could lose some data if you issue "
22485
"those commands on a non-empty disk. In our example we will use the entire "
22486
"disk as a physical volume (you could choose to create partitions and use "
22487
"them as different physical volumes)"
22488
msgstr ""
22489
22490
#: serverguide/C/installation.xml:1082(para)
22491
msgid "First, create the physical volume, in a terminal execute:"
22492
msgstr ""
22493
22494
#: serverguide/C/installation.xml:1087(command)
22495
msgid "sudo pvcreate /dev/sdb"
22496
msgstr ""
22497
22498
#: serverguide/C/installation.xml:1093(para)
22499
msgid "Now extend the Volume Group (VG):"
22500
msgstr ""
22501
22502
#: serverguide/C/installation.xml:1098(command)
22503
msgid "sudo vgextend vg01 /dev/sdb"
22504
msgstr ""
22505
22506
#: serverguide/C/installation.xml:1104(para)
22507
msgid ""
22508
"Use <application>vgdisplay</application> to find out the free physical "
22509
"extents - Free PE / size (the size you can allocate). We will assume a free "
22510
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
22511
"whole free space available. Use your own PE and/or free space."
22512
msgstr ""
22513
22514
#: serverguide/C/installation.xml:1110(para)
22515
msgid ""
22516
"The Logical Volume (LV) can now be extended by different methods, we will "
22517
"only see how to use the PE to extend the LV:"
22518
msgstr ""
22519
22520
#: serverguide/C/installation.xml:1115(command)
22521
msgid "sudo lvextend /dev/vg01/srv -l +511"
22522
msgstr ""
22523
22524
#: serverguide/C/installation.xml:1118(para)
22525
msgid ""
22526
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
22527
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
22528
"Gig, Tera, etc bytes."
22529
msgstr ""
22530
22531
#: serverguide/C/installation.xml:1126(para)
22532
msgid ""
22533
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
22534
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
22535
"practice to unmount it anyway and check the filesystem, so that you don't "
22536
"mess up the day you want to reduce a logical volume (in that case unmounting "
22537
"first is compulsory)."
22538
msgstr ""
22539
22540
#: serverguide/C/installation.xml:1132(para)
22541
msgid ""
22542
"The following commands are for an <emphasis>EXT3</emphasis> or "
22543
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
22544
"there may be other utilities available."
22545
msgstr ""
22546
22547
#: serverguide/C/installation.xml:1139(command)
22548
msgid "sudo e2fsck -f /dev/vg01/srv"
22549
msgstr ""
22550
22551
#: serverguide/C/installation.xml:1142(para)
22552
msgid ""
22553
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
22554
"forces checking even if the system seems clean."
22555
msgstr ""
22556
22557
#: serverguide/C/installation.xml:1149(para)
22558
msgid "Finally, resize the filesystem:"
22559
msgstr ""
22560
22561
#: serverguide/C/installation.xml:1154(command)
22562
msgid "sudo resize2fs /dev/vg01/srv"
22563
msgstr ""
22564
22565
#: serverguide/C/installation.xml:1160(para)
22566
msgid "Now mount the partition and check its size."
22567
msgstr ""
22568
22569
#: serverguide/C/installation.xml:1165(command)
22570
msgid "mount /dev/vg01/srv /srv && df -h /srv"
22571
msgstr ""
22572
22573
#: serverguide/C/installation.xml:1177(para)
22574
msgid ""
22575
"See the <ulink "
22576
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
22577
"Articles</ulink>."
22578
msgstr ""
22579
22580
#: serverguide/C/installation.xml:1182(para)
22581
msgid ""
22582
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
22583
"HOWTO</ulink> for more information."
22584
msgstr ""
22585
22586
#: serverguide/C/installation.xml:1187(para)
22587
msgid ""
22588
"Another good article is <ulink "
22589
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
22590
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
22591
"linuxdevcenter.com site."
22592
msgstr ""
22593
22594
#: serverguide/C/installation.xml:1194(para)
22595
msgid ""
22596
"For more information on <application>fdisk</application> see the <ulink "
22597
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
22598
"sk man page</ulink>."
22599
msgstr ""
22600
22601
#: serverguide/C/file-server.xml:13(title)
22602
msgid "File Servers"
22603
msgstr "文件服务器"
22604
22605
#: serverguide/C/file-server.xml:15(para)
22606
msgid ""
22607
"If you have more than one computer on a single network. At some point you "
22608
"will probably need to share files between them. In this section we cover "
22609
"installing and configuring FTP, NFS, and CUPS."
22610
msgstr ""
22611
22612
#: serverguide/C/file-server.xml:22(title)
22613
msgid "FTP Server"
22614
msgstr "FTP 服务器"
22615
22616
#: serverguide/C/file-server.xml:24(para)
22617
msgid ""
22618
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
22619
"files between computers. FTP works on a client/server model. The server "
22620
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
22621
"listens for FTP requests from remote clients. When a request is received, it "
22622
"manages the login and sets up the connection. For the duration of the "
22623
"session it executes any of commands sent by the FTP client."
22624
msgstr ""
22625
"FTP (文件传输协议) 是一个用来在计算机之间上传和下载文件的 TCP 协议。FTP 以 客户端/服务器 模式工作。服务端被称作 "
22626
"<emphasis>FTP 守护进程</emphasis>。它持续监听来自远程客户端的 FTP "
22627
"请求。当接收到一个请求时,它会管理登录并建立连接。在会话过程中它会执行由 FTP 客户端发出的任何命令。"
22628
22629
#: serverguide/C/file-server.xml:33(para)
22630
msgid "Access to an FTP server can be managed in two ways:"
22631
msgstr "可以通过两种方式来管理 FTP 服务器的访问:"
22632
22633
#: serverguide/C/file-server.xml:37(para)
22634
msgid "Anonymous"
22635
msgstr "匿名"
22636
22637
#: serverguide/C/file-server.xml:40(para)
22638
msgid "Authenticated"
22639
msgstr "授权"
22640
22641
#: serverguide/C/file-server.xml:43(para)
22642
msgid ""
22643
"In the Anonymous mode, remote clients can access the FTP server by using the "
22644
"default user account called \"anonymous\" or \"ftp\" and sending an email "
22645
"address as the password. In the Authenticated mode a user must have an "
22646
"account and a password. User access to the FTP server directories and files "
22647
"is dependent on the permissions defined for the account used at login. As a "
22648
"general rule, the FTP daemon will hide the root directory of the FTP server "
22649
"and change it to the FTP Home directory. This hides the rest of the file "
22650
"system from remote sessions."
22651
msgstr ""
22652
22653
#: serverguide/C/file-server.xml:55(title)
22654
msgid "vsftpd - FTP Server Installation"
22655
msgstr "vsftpd - FTP 服务器安装"
22656
22657
#: serverguide/C/file-server.xml:57(para)
22658
msgid ""
22659
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
22660
"and maintain. To install <application>vsftpd</application> you can run the "
22661
"following command:"
22662
msgstr ""
22663
22664
#: serverguide/C/file-server.xml:65(command)
22665
msgid "sudo apt-get install vsftpd"
22666
msgstr ""
22667
22668
#: serverguide/C/file-server.xml:71(title)
22669
msgid "Anonymous FTP Configuration"
22670
msgstr ""
22671
22672
#: serverguide/C/file-server.xml:73(para)
22673
msgid ""
22674
"By default <application>vsftpd</application> is configured to only allow "
22675
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
22676
"created with a home directory of <filename>/home/ftp</filename>. This is the "
22677
"default FTP directory."
22678
msgstr ""
22679
22680
#: serverguide/C/file-server.xml:80(para)
22681
msgid ""
22682
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
22683
"example, simply create a directory in another location and change the "
22684
"<emphasis>ftp</emphasis> user's home directory:"
22685
msgstr ""
22686
22687
#: serverguide/C/file-server.xml:87(command)
22688
msgid "sudo mkdir /srv/ftp"
22689
msgstr ""
22690
22691
#: serverguide/C/file-server.xml:88(command)
22692
msgid "sudo usermod -d /srv/ftp ftp"
22693
msgstr ""
22694
22695
#: serverguide/C/file-server.xml:91(para)
22696
msgid "After making the change restart <application>vsftpd</application>:"
22697
msgstr ""
22698
22699
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
22700
msgid "sudo /etc/init.d/vsftpd restart"
22701
msgstr ""
22702
22703
#: serverguide/C/file-server.xml:99(para)
22704
msgid ""
22705
"Finally, copy any files and directories you would like to make available "
22706
"through anonymous FTP to <filename>/srv/ftp</filename>."
22707
msgstr ""
22708
22709
#: serverguide/C/file-server.xml:106(title)
22710
msgid "User Authenticated FTP Configuration"
22711
msgstr ""
22712
22713
#: serverguide/C/file-server.xml:108(para)
22714
msgid ""
22715
"To configure <application>vsftpd</application> to authenticate system users "
22716
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
22717
msgstr ""
22718
22719
#: serverguide/C/file-server.xml:114(programlisting)
22720
#, no-wrap
22721
msgid ""
22722
"\n"
22723
"local_enable=YES\n"
22724
"write_enable=YES\n"
22725
msgstr ""
22726
22727
#: serverguide/C/file-server.xml:119(para)
22728
msgid "Now restart <application>vsftpd</application>:"
22729
msgstr ""
22730
22731
#: serverguide/C/file-server.xml:127(para)
22732
msgid ""
22733
"Now when system users login to FTP they will start in their "
22734
"<emphasis>home</emphasis> directories where they can download, upload, "
22735
"create directories, etc."
22736
msgstr ""
22737
22738
#: serverguide/C/file-server.xml:133(para)
22739
msgid ""
22740
"Similarly, by default, the anonymous users are not allowed to upload files "
22741
"to FTP server. To change this setting, you should uncomment the following "
22742
"line, and restart <application>vsftpd</application>:"
22743
msgstr ""
22744
22745
#: serverguide/C/file-server.xml:140(programlisting)
22746
#, no-wrap
22747
msgid ""
22748
"\n"
22749
"anon_upload_enable=YES\n"
22750
msgstr ""
22751
22752
#: serverguide/C/file-server.xml:145(para)
22753
msgid ""
22754
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
22755
"not enable anonymous upload on servers accessed directly from the Internet."
22756
msgstr ""
22757
22758
#: serverguide/C/file-server.xml:151(para)
22759
msgid ""
22760
"The configuration file consists of many configuration parameters. The "
22761
"information about each parameter is available in the configuration file. "
22762
"Alternatively, you can refer to the man page, <command>man 5 "
22763
"vsftpd.conf</command> for details of each parameter."
22764
msgstr ""
22765
22766
#: serverguide/C/file-server.xml:162(title)
22767
msgid "Securing FTP"
22768
msgstr ""
22769
22770
#: serverguide/C/file-server.xml:164(para)
22771
msgid ""
22772
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
22773
"<application>vsftpd</application> more secure. For example users can be "
22774
"limited to their home directories by uncommenting:"
22775
msgstr ""
22776
22777
#: serverguide/C/file-server.xml:170(programlisting)
22778
#, no-wrap
22779
msgid ""
22780
"\n"
22781
"chroot_local_user=YES\n"
22782
msgstr ""
22783
22784
#: serverguide/C/file-server.xml:174(para)
22785
msgid ""
22786
"You can also limit a specific list of users to just their home directories:"
22787
msgstr ""
22788
22789
#: serverguide/C/file-server.xml:178(programlisting)
22790
#, no-wrap
22791
msgid ""
22792
"\n"
22793
"chroot_list_enable=YES\n"
22794
"chroot_list_file=/etc/vsftpd.chroot_list\n"
22795
msgstr ""
22796
22797
#: serverguide/C/file-server.xml:183(para)
22798
msgid ""
22799
"After uncommenting the above options, create a "
22800
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
22801
"per line. Then restart <application>vsftpd</application>:"
22802
msgstr ""
22803
22804
#: serverguide/C/file-server.xml:192(para)
22805
msgid ""
22806
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
22807
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
22808
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
22809
"add them to the list."
22810
msgstr ""
22811
22812
#: serverguide/C/file-server.xml:199(para)
22813
msgid ""
22814
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
22815
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
22816
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
22817
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
22818
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
22819
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
22820
"with a shell may not be ideal for some environments, such as a shared web "
22821
"host."
22822
msgstr ""
22823
22824
#: serverguide/C/file-server.xml:208(para)
22825
msgid ""
22826
"To configure <emphasis>FTPS</emphasis>, edit "
22827
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
22828
msgstr ""
22829
22830
#: serverguide/C/file-server.xml:212(programlisting)
22831
#, no-wrap
22832
msgid ""
22833
"\n"
22834
"ssl_enable=Yes\n"
22835
msgstr ""
22836
22837
#: serverguide/C/file-server.xml:216(para)
22838
msgid "Also, notice the certificate and key related options:"
22839
msgstr ""
22840
22841
#: serverguide/C/file-server.xml:220(programlisting)
22842
#, no-wrap
22843
msgid ""
22844
"\n"
22845
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
22846
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
22847
msgstr ""
22848
22849
#: serverguide/C/file-server.xml:225(para)
22850
msgid ""
22851
"By default these options are set the certificate and key provided by the "
22852
"<application>ssl-cert</application> package. In a production environment "
22853
"these should be replaced with a certificate and key generated for the "
22854
"specific host. For more information on certificates see <xref "
22855
"linkend=\"certificates-and-security\"/>."
22856
msgstr ""
22857
22858
#: serverguide/C/file-server.xml:231(para)
22859
msgid ""
22860
"Now restart <application>vsftpd</application>, and non-anonymous users will "
22861
"be forced to use <emphasis>FTPS</emphasis>:"
22862
msgstr ""
22863
22864
#: serverguide/C/file-server.xml:240(para)
22865
msgid ""
22866
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
22867
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
22868
"adding the <emphasis>nologin</emphasis> shell:"
22869
msgstr ""
22870
22871
#: serverguide/C/file-server.xml:245(programlisting)
22872
#, no-wrap
22873
msgid ""
22874
"\n"
22875
"# /etc/shells: valid login shells\n"
22876
"/bin/csh\n"
22877
"/bin/sh\n"
22878
"/usr/bin/es\n"
22879
"/usr/bin/ksh\n"
22880
"/bin/ksh\n"
22881
"/usr/bin/rc\n"
22882
"/usr/bin/tcsh\n"
22883
"/bin/tcsh\n"
22884
"/usr/bin/esh\n"
22885
"/bin/dash\n"
22886
"/bin/bash\n"
22887
"/bin/rbash\n"
22888
"/usr/bin/screen\n"
22889
"/usr/sbin/nologin\n"
22890
msgstr ""
22891
22892
#: serverguide/C/file-server.xml:263(para)
22893
msgid ""
22894
"This is necessary because, by default <application>vsftpd</application> uses "
22895
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
22896
"configuration file contains:"
22897
msgstr ""
22898
22899
#: serverguide/C/file-server.xml:268(programlisting)
22900
#, no-wrap
22901
msgid ""
22902
"\n"
22903
"auth required pam_shells.so\n"
22904
msgstr ""
22905
22906
#: serverguide/C/file-server.xml:272(para)
22907
msgid ""
22908
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
22909
"in the <filename>/etc/shells</filename> file."
22910
msgstr ""
22911
22912
#: serverguide/C/file-server.xml:277(para)
22913
msgid ""
22914
"Most popular FTP clients can be configured connect using FTPS. The "
22915
"<application>lftp</application> command line FTP client has the ability to "
22916
"use FTPS as well."
22917
msgstr ""
22918
22919
#: serverguide/C/file-server.xml:288(para)
22920
msgid ""
22921
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
22922
"website</ulink> for more information."
22923
msgstr ""
22924
22925
#: serverguide/C/file-server.xml:293(para)
22926
msgid ""
22927
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
22928
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
22929
"\">vsftpd.conf man page</ulink>."
22930
msgstr ""
22931
22932
#: serverguide/C/file-server.xml:299(para)
22933
msgid ""
22934
"The CodeGurus article <ulink "
22935
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
22936
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
22937
"contrasting FTPS and SFTP."
22938
msgstr ""
22939
22940
#: serverguide/C/file-server.xml:305(para)
22941
msgid ""
22942
"Also, for more information see the <ulink "
22943
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
22944
"page."
22945
msgstr ""
22946
22947
#: serverguide/C/file-server.xml:315(title)
22948
msgid "Network File System (NFS)"
22949
msgstr "网络文件系统 (NFS)"
22950
22951
#: serverguide/C/file-server.xml:316(para)
22952
msgid ""
22953
"NFS allows a system to share directories and files with others over a "
22954
"network. By using NFS, users and programs can access files on remote systems "
22955
"almost as if they were local files."
22956
msgstr "NFS 允许系统将其目录和文件共享给网络上的其他系统。通过 NFS,用户和应用程序可以访问远程系统上的文件,就象它们是本地文件一样。"
22957
22958
#: serverguide/C/file-server.xml:322(para)
22959
msgid "Some of the most notable benefits that NFS can provide are:"
22960
msgstr "NFS 最值得注意的优点有:"
22961
22962
#: serverguide/C/file-server.xml:328(para)
22963
msgid ""
22964
"Local workstations use less disk space because commonly used data can be "
22965
"stored on a single machine and still remain accessible to others over the "
22966
"network."
22967
msgstr "本地工作站可以使用更少的磁盘空间,因为常用数据可以被保存在一台机器上,并让网络上的其他机器可以访问它。"
22968
22969
#: serverguide/C/file-server.xml:333(para)
22970
msgid ""
22971
"There is no need for users to have separate home directories on every "
22972
"network machine. Home directories could be set up on the NFS server and made "
22973
"available throughout the network."
22974
msgstr "不需要为用户在每台网络机器上放一个用户目录。用户目录可以在 NFS 服务器上设置并使其在整个网络上可用。"
22975
22976
#: serverguide/C/file-server.xml:339(para)
22977
msgid ""
22978
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
22979
"be used by other machines on the network. This may reduce the number of "
22980
"removable media drives throughout the network."
22981
msgstr "存储设备如软盘、光驱及 USB 设备可以被网络上其它机器使用。这可能可以减少网络上移动设备的数量。"
22982
22983
#: serverguide/C/file-server.xml:349(para)
22984
msgid ""
22985
"At a terminal prompt enter the following command to install the NFS Server:"
22986
msgstr "在终端提示符后键入以下命令安装 NFS 服务器:"
22987
22988
#: serverguide/C/file-server.xml:355(command)
22989
msgid "sudo apt-get install nfs-kernel-server"
22990
msgstr "sudo apt-get install nfs-kernel-server"
22991
22992
#: serverguide/C/file-server.xml:361(para)
22993
msgid ""
22994
"You can configure the directories to be exported by adding them to the "
22995
"<filename>/etc/exports</filename> file. For example:"
22996
msgstr "您可以配置要输出的目录,您可以在 <filename>/etc/exports</filename> 文件中添加该目录。例如:"
22997
22998
#: serverguide/C/file-server.xml:366(screen)
22999
#, no-wrap
23000
msgid ""
23001
"\n"
23002
"/ubuntu *(ro,sync,no_root_squash)\n"
23003
"/home *(rw,sync,no_root_squash)\n"
23004
msgstr ""
23005
"\n"
23006
"/ubuntu *(ro,sync,no_root_squash)\n"
23007
"/home *(rw,sync,no_root_squash)\n"
23008
23009
#: serverguide/C/file-server.xml:372(para)
23010
msgid ""
23011
"You can replace * with one of the hostname formats. Make the hostname "
23012
"declaration as specific as possible so unwanted systems cannot access the "
23013
"NFS mount."
23014
msgstr "您可以用主机名来代替 *。尽量指定主机名以便使那些不想其访问的系统访问 NFS 挂载的资源。"
23015
23016
#: serverguide/C/file-server.xml:378(para)
23017
msgid ""
23018
"To start the NFS server, you can run the following command at a terminal "
23019
"prompt:"
23020
msgstr "您可以在终端提示符后运行以下命令来启动 NFS 服务器:"
23021
23022
#: serverguide/C/file-server.xml:383(command)
23023
msgid "sudo /etc/init.d/nfs-kernel-server start"
23024
msgstr "sudo /etc/init.d/nfs-kernel-server start"
23025
23026
#: serverguide/C/file-server.xml:388(title)
23027
msgid "NFS Client Configuration"
23028
msgstr "NFS 客户端配置"
23029
23030
#: serverguide/C/file-server.xml:389(para)
23031
msgid ""
23032
"Use the <application>mount</application> command to mount a shared NFS "
23033
"directory from another machine, by typing a command line similar to the "
23034
"following at a terminal prompt:"
23035
msgstr ""
23036
"使用 <application>mount</application> 命令来挂载其他机器共享的 NFS 目录。可以在终端提示符后输入以下类似的命令:"
23037
23038
#: serverguide/C/file-server.xml:395(command)
23039
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
23040
msgstr "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
23041
23042
#: serverguide/C/file-server.xml:399(para)
23043
msgid ""
23044
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
23045
"There should be no files or subdirectories in the "
23046
"<filename>/local/ubuntu</filename> directory."
23047
msgstr ""
23048
"挂载点 <filename>/local/ubuntu</filename> 目录必须已经存在。而且在 "
23049
"<filename>/local/ubuntu</filename> 目录中没有文件或子目录。"
23050
23051
#: serverguide/C/file-server.xml:406(para)
23052
msgid ""
23053
"An alternate way to mount an NFS share from another machine is to add a line "
23054
"to the <filename>/etc/fstab</filename> file. The line must state the "
23055
"hostname of the NFS server, the directory on the server being exported, and "
23056
"the directory on the local machine where the NFS share is to be mounted."
23057
msgstr ""
23058
"另一个挂载其他机器的 NFS 共享的方式就是在 <filename>/etc/fstab</filename> 文件中添加一行。该行必须指明 NFS "
23059
"服务器的主机名、服务器输出的目录名以及挂载 NFS 共享的本机目录。"
23060
23061
#: serverguide/C/file-server.xml:414(para)
23062
msgid ""
23063
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
23064
"as follows:"
23065
msgstr "以下是在 <filename>/etc/fstab</filename> 中的常用语法:"
23066
23067
#: serverguide/C/file-server.xml:420(programlisting)
23068
#, no-wrap
23069
msgid ""
23070
"\n"
23071
"example.hostname.com:/ubuntu /local/ubuntu nfs "
23072
"rsize=8192,wsize=8192,timeo=14,intr\n"
23073
msgstr ""
23074
"\n"
23075
"example.hostname.com:/ubuntu /local/ubuntu nfs "
23076
"rsize=8192,wsize=8192,timeo=14,intr\n"
23077
23078
#: serverguide/C/file-server.xml:424(para)
23079
msgid ""
23080
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
23081
"common</application> package is installed on your client. To install "
23082
"<application>nfs-common</application> enter the following command at the "
23083
"terminal prompt: <screen>\n"
23084
"<command>sudo apt-get install nfs-common</command>\n"
23085
"</screen>"
23086
msgstr ""
23087
23088
#: serverguide/C/file-server.xml:437(ulink)
23089
msgid "Linux NFS faq"
23090
msgstr "Linux NFS 常见问答"
23091
23092
#: serverguide/C/file-server.xml:439(ulink)
23093
msgid "Ubuntu Wiki NFS Howto"
23094
msgstr ""
23095
23096
#: serverguide/C/file-server.xml:445(title)
23097
msgid "CUPS - Print Server"
23098
msgstr "CUPS - 打印服务器"
23099
23100
#: serverguide/C/file-server.xml:446(para)
23101
msgid ""
23102
"The primary mechanism for Ubuntu printing and print services is the "
23103
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
23104
"printing system is a freely available, portable printing layer which has "
23105
"become the new standard for printing in most Linux distributions."
23106
msgstr ""
23107
"Ubuntu 印刷和打印服务的主要机制是 <emphasis role=\"bold\">CUPS</emphasis> (Common UNIX "
23108
"Printing System,通用 UNIX 打印系统)。这个打印系统是一个免费可用的、可移植的打印虚拟层,并已成为大多数 Linux "
23109
"发行版的新打印标准。"
23110
23111
#: serverguide/C/file-server.xml:453(para)
23112
msgid ""
23113
"CUPS manages print jobs and queues and provides network printing using the "
23114
"standard Internet Printing Protocol (IPP), while offering support for a very "
23115
"large range of printers, from dot-matrix to laser and many in between. CUPS "
23116
"also supports PostScript Printer Description (PPD) and auto-detection of "
23117
"network printers, and features a simple web-based configuration and "
23118
"administration tool."
23119
msgstr ""
23120
"CUPS 管理打印作业和队列,并使用标准的 Internet 打印协议 (IPP) "
23121
"提供网络打印,该协议提供最大范围的打印机支持,从点阵打印机到激光打印机以及位于两者之间的许多打印机。CUPS 也支持 PostScript "
23122
"Printer Description (PPD) 和网络打印机的自动检测,以及提供基于 Web 的简单配置和管理工具。"
23123
23124
#: serverguide/C/file-server.xml:463(para)
23125
msgid ""
23126
"To install CUPS on your Ubuntu computer, simply use "
23127
"<application>sudo</application> with the <application>apt-get</application> "
23128
"command and give the packages to install as the first parameter. A complete "
23129
"CUPS install has many package dependencies, but they may all be specified on "
23130
"the same command line. Enter the following at a terminal prompt to install "
23131
"CUPS:"
23132
msgstr ""
23133
"若想在您的 Ubuntu 计算机中安装 CUPS,只需通过 <application>sudo</application> 运行 "
23134
"<application>apt-get</application> 命令并将要安装的包作为第一个参数即可。一个完整的 CUPS "
23135
"安装有很多包依赖关系,但它们都可以在同一行上给出。在终端输入以下命令来安装 CUPS:"
23136
23137
#: serverguide/C/file-server.xml:468(command)
23138
msgid "sudo apt-get install cups"
23139
msgstr ""
23140
23141
#: serverguide/C/file-server.xml:471(para)
23142
msgid ""
23143
"Upon authenticating with your user password, the packages should be "
23144
"downloaded and installed without error. Upon the conclusion of installation, "
23145
"the CUPS server will be started automatically."
23146
msgstr ""
23147
23148
#: serverguide/C/file-server.xml:476(para)
23149
msgid ""
23150
"For troubleshooting purposes, you can access CUPS server errors via the "
23151
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
23152
"error log does not show enough information to troubleshoot any problems you "
23153
"encounter, the verbosity of the CUPS log can be increased by changing the "
23154
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
23155
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
23156
"everything, from the default of \"info\". If you make this change, remember "
23157
"to change it back once you've solved your problem, to prevent the log file "
23158
"from becoming overly large."
23159
msgstr ""
23160
23161
#: serverguide/C/file-server.xml:489(para)
23162
msgid ""
23163
"The Common UNIX Printing System server's behavior is configured through the "
23164
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
23165
"The CUPS configuration file follows the same syntax as the primary "
23166
"configuration file for the Apache HTTP server, so users familiar with "
23167
"editing Apache's configuration file should feel at ease when editing the "
23168
"CUPS configuration file. Some examples of settings you may wish to change "
23169
"initially will be presented here."
23170
msgstr ""
23171
"可以通过 <filename>/etc/cups/cupsd.conf</filename> 文件中的指令来配置通用 UNIX "
23172
"打印系统服务器的行为的。CUPS 配置文件与 Apache HTTP 服务器的主配置文件语法相同,因此熟悉编辑 Apache 配置文件的用户在编辑 "
23173
"CUPS 配置文件时会感到相当容易。在这里将显示一些您可能想要改变初始值的设置范例。"
23174
23175
#: serverguide/C/file-server.xml:499(para)
23176
msgid ""
23177
"Prior to editing the configuration file, you should make a copy of the "
23178
"original file and protect it from writing, so you will have the original "
23179
"settings as a reference, and to reuse as necessary."
23180
msgstr "在编辑配置文件之前,您应该将原始文件做个副本并将其写保护,以便您可以将原始文件作为参考并在必要时重用它。"
23181
23182
#: serverguide/C/file-server.xml:503(para)
23183
msgid ""
23184
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
23185
"writing with the following commands, issued at a terminal prompt:"
23186
msgstr ""
23187
"拷贝 <filename>/etc/cups/cupsd.conf</filename> 文件并对其写保护,可以在终端提示符后执行以下命令:"
23188
23189
#: serverguide/C/file-server.xml:509(command)
23190
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
23191
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
23192
23193
#: serverguide/C/file-server.xml:510(command)
23194
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
23195
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
23196
23197
#: serverguide/C/file-server.xml:515(para)
23198
msgid ""
23199
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
23200
"address of the designated administrator of the CUPS server, simply edit the "
23201
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
23202
"preferred text editor, and add or modify the <emphasis "
23203
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
23204
"you are the Administrator for the CUPS server, and your e-mail address is "
23205
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
23206
"as such:"
23207
msgstr ""
23208
23209
#: serverguide/C/file-server.xml:526(screen)
23210
#, no-wrap
23211
msgid ""
23212
"\n"
23213
"ServerAdmin bjoy@somebigco.com\n"
23214
msgstr ""
23215
"\n"
23216
"ServerAdmin bjoy@somebigco.com\n"
23217
23218
#: serverguide/C/file-server.xml:532(para)
23219
msgid ""
23220
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
23221
"server installation listens only on the loopback interface at IP address "
23222
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
23223
"listen on an actual network adapter's IP address, you must specify either a "
23224
"hostname, the IP address, or optionally, an IP address/port pairing via the "
23225
"addition of a Listen directive. For example, if your CUPS server resides on "
23226
"a local network at the IP address <emphasis "
23227
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
23228
"accessible to the other systems on this subnetwork, you would edit the "
23229
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
23230
"such:"
23231
msgstr ""
23232
23233
#: serverguide/C/file-server.xml:546(screen)
23234
#, no-wrap
23235
msgid ""
23236
"\n"
23237
"Listen 127.0.0.1:631 # existing loopback Listen\n"
23238
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
23239
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
23240
"(IPP)\n"
23241
msgstr ""
23242
"\n"
23243
"Listen 127.0.0.1:631 # existing loopback Listen\n"
23244
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
23245
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 (IPP)\n"
23246
23247
#: serverguide/C/file-server.xml:552(para)
23248
msgid ""
23249
"In the example above, you may comment out or remove the reference to the "
23250
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
23251
"</application> to listen on that interface, but would rather have it only "
23252
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
23253
"listening for all network interfaces for which a certain hostname is bound, "
23254
"including the Loopback, you could create a Listen entry for the hostname "
23255
"<emphasis>socrates</emphasis> as such:"
23256
msgstr ""
23257
"在上面的例子里,如果您不想 <application>cupsd </application> 监听环回地址 (127.0.0.1) "
23258
",您可能注释或删除了相关语句。但最好保留它以监听局域网 (LAN) 的以太网接口。为了能监听一个特定主机名所绑定的所有的网络接口,您可以为 "
23259
"<emphasis>socrates</emphasis> 主机名创建一个 Listen 条目,如下所示:"
23260
23261
#: serverguide/C/file-server.xml:562(screen)
23262
#, no-wrap
23263
msgid ""
23264
"\n"
23265
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
23266
msgstr ""
23267
"\n"
23268
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
23269
23270
#: serverguide/C/file-server.xml:566(para)
23271
msgid ""
23272
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
23273
"instead, as in:"
23274
msgstr "或者忽略 Listen 语句并使用 <emphasis>Port</emphasis> 来代替,如:"
23275
23276
#: serverguide/C/file-server.xml:568(screen)
23277
#, no-wrap
23278
msgid ""
23279
"\n"
23280
"Port 631 # Listen on port 631 on all interfaces\n"
23281
msgstr ""
23282
"\n"
23283
"Port 631 # Listen on port 631 on all interfaces\n"
23284
23285
#: serverguide/C/file-server.xml:575(para)
23286
msgid ""
23287
"For more examples of configuration directives in the CUPS server "
23288
"configuration file, view the associated system manual page by entering the "
23289
"following command at a terminal prompt:"
23290
msgstr "关于 CUPS 服务器配置文件中配置语句的更多范例,通过在终端提示符后输入以下命令可以查阅相关的系统手册页:"
23291
23292
#: serverguide/C/file-server.xml:582(command)
23293
msgid "man cupsd.conf"
23294
msgstr "man cupsd.conf"
23295
23296
#: serverguide/C/file-server.xml:586(para)
23297
msgid ""
23298
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
23299
"configuration file, you'll need to restart the CUPS server by typing the "
23300
"following command at a terminal prompt:"
23301
msgstr ""
23302
"无论您在什么时间修改了 <filename>/etc/cups/cupsd.conf</filename> 配置文件,您都需要重启 CUPS "
23303
"服务,在终端提示符后键入以下命令:"
23304
23305
#: serverguide/C/file-server.xml:592(command)
23306
msgid "sudo /etc/init.d/cups restart"
23307
msgstr ""
23308
23309
#: serverguide/C/file-server.xml:598(title)
23310
msgid "Web Interface"
23311
msgstr ""
23312
23313
#: serverguide/C/file-server.xml:600(para)
23314
msgid ""
23315
"CUPS can be configured and monitored using a web interface, which by default "
23316
"is available at <ulink "
23317
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
23318
"web interface can be used to perform all printer management tasks."
23319
msgstr ""
23320
23321
#: serverguide/C/file-server.xml:604(para)
23322
msgid ""
23323
"In order to perform administrative tasks via the web interface, you must "
23324
"either have the root account enabled on your server, or authenticate as a "
23325
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
23326
"reasons, CUPS won't authenticate a user that doesn't have a password."
23327
msgstr ""
23328
23329
#: serverguide/C/file-server.xml:607(para)
23330
msgid ""
23331
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
23332
"at the terminal prompt: <screen>\n"
23333
"<command>sudo usermod -aG lpadmin username</command>\n"
23334
"</screen>"
23335
msgstr ""
23336
23337
#: serverguide/C/file-server.xml:613(para)
23338
msgid ""
23339
"Further documentation is available in the <emphasis "
23340
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
23341
msgstr ""
23342
23343
#: serverguide/C/file-server.xml:621(ulink)
23344
msgid "CUPS Website"
23345
msgstr "CUPS 网络"
23346
23347
#: serverguide/C/file-server.xml:624(ulink)
23348
msgid "Ubuntu Wiki CUPS page"
23349
msgstr ""
23350
23351
#: serverguide/C/dns.xml:13(title)
23352
msgid "Domain Name Service (DNS)"
23353
msgstr "域名解析服务 (DNS)"
23354
23355
#: serverguide/C/dns.xml:14(para)
23356
msgid ""
23357
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
23358
"fully qualified domain names (FQDN) to one another. In this way, DNS "
23359
"alleviates the need to remember IP addresses. Computers that run DNS are "
23360
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
23361
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
23362
"common program used for maintaining a name server on Linux."
23363
msgstr ""
23364
"DNS (域名解析服务) 是将 IP 地址与 FQDN(fully qualified domain name,全称域名) 相互转换的一种 "
23365
"Internet 服务。通过DNS,人们可以无需记忆 IP 地址。运行 DNS 的计算机称作 <emphasis>域名服务器</emphasis>。 "
23366
"Ubuntu 自带了 <application>BIND</application>(Berkley Internet Naming "
23367
"Daemon),它是用来在 Linux 上维护一个域名服务器最常用的程序。"
23368
23369
#: serverguide/C/dns.xml:24(para)
23370
msgid ""
23371
"At a terminal prompt, enter the following command to install "
23372
"<application>dns</application>:"
23373
msgstr "在终端提示符后输入以下命令来安装 <application>dns</application>:"
23374
23375
#: serverguide/C/dns.xml:28(command)
23376
msgid "sudo apt-get install bind9"
23377
msgstr "sudo apt-get install bind9"
23378
23379
#: serverguide/C/dns.xml:30(para)
23380
msgid ""
23381
"A very useful package for testing and troubleshooting DNS issues is the "
23382
"dnsutils package. To install <application>dnsutils</application> enter the "
23383
"following:"
23384
msgstr ""
23385
23386
#: serverguide/C/dns.xml:35(command)
23387
msgid "sudo apt-get install dnsutils"
23388
msgstr "sudo apt-get install dnsutils"
23389
23390
#: serverguide/C/dns.xml:40(para)
23391
msgid ""
23392
"There are many ways to configure <application>BIND9</application>. Some of "
23393
"the most common configurations are a caching nameserver, primary master, and "
23394
"as a secondary master."
23395
msgstr ""
23396
23397
#: serverguide/C/dns.xml:46(para)
23398
msgid ""
23399
"When configured as a caching nameserver BIND9 will find the answer to name "
23400
"queries and remember the answer when the domain is queried again."
23401
msgstr ""
23402
23403
#: serverguide/C/dns.xml:52(para)
23404
msgid ""
23405
"As a primary master server BIND9 reads the data for a zone from a file on "
23406
"it's host and is authoritative for that zone."
23407
msgstr ""
23408
23409
#: serverguide/C/dns.xml:57(para)
23410
msgid ""
23411
"In a secondary master configuration BIND9 gets the zone data from another "
23412
"nameserver authoritative for the zone."
23413
msgstr ""
23414
23415
#: serverguide/C/dns.xml:65(para)
23416
msgid ""
23417
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
23418
"directory. The primary configuration file is "
23419
"<filename>/etc/bind/named.conf</filename>."
23420
msgstr ""
23421
23422
#: serverguide/C/dns.xml:72(para)
23423
msgid ""
23424
"The <emphasis>include</emphasis> line specifies the filename which contains "
23425
"the DNS options. The <emphasis>directory</emphasis> line in the "
23426
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
23427
"look for files. All files BIND uses will be relative to this directory."
23428
msgstr ""
23429
23430
#: serverguide/C/dns.xml:80(para)
23431
msgid ""
23432
"The file named <filename>/etc/bind/db.root</filename> describes the root "
23433
"nameservers in the world. The servers change over time, so the "
23434
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
23435
"This is usually done as updates to the <application>bind9</application> "
23436
"package. The <emphasis>zone</emphasis> section defines a master server, and "
23437
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
23438
msgstr ""
23439
23440
#: serverguide/C/dns.xml:90(para)
23441
msgid ""
23442
"It is possible to configure the same server to be a caching name server, "
23443
"primary master, and secondary master. A server can be the Start of Authority "
23444
"(SOA) for one zone, while providing secondary service for another zone. All "
23445
"the while providing caching services for hosts on the local LAN."
23446
msgstr ""
23447
23448
#: serverguide/C/dns.xml:98(title)
23449
msgid "Caching Nameserver"
23450
msgstr ""
23451
23452
#: serverguide/C/dns.xml:99(para)
23453
msgid ""
23454
"The default configuration is setup to act as a caching server. All that is "
23455
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
23456
"uncomment and edit the following in "
23457
"<filename>/etc/bind/named.conf.options</filename>:"
23458
msgstr ""
23459
23460
#: serverguide/C/dns.xml:103(programlisting)
23461
#, no-wrap
23462
msgid ""
23463
"\n"
23464
"forwarders {\n"
23465
" 1.2.3.4;\n"
23466
" 5.6.7.8;\n"
23467
" };\n"
23468
msgstr ""
23469
23470
#: serverguide/C/dns.xml:110(para)
23471
msgid ""
23472
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
23473
"the IP Adresses of actual nameservers."
23474
msgstr ""
23475
23476
#: serverguide/C/dns.xml:114(para)
23477
msgid ""
23478
"Now restart the DNS server, to enable the new configuration. From a terminal "
23479
"prompt:"
23480
msgstr ""
23481
23482
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
23483
msgid "sudo /etc/init.d/bind9 restart"
23484
msgstr "sudo /etc/init.d/bind9 restart"
23485
23486
#: serverguide/C/dns.xml:120(para)
23487
msgid ""
23488
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
23489
"DNS server."
23490
msgstr ""
23491
23492
#: serverguide/C/dns.xml:125(title)
23493
msgid "Primary Master"
23494
msgstr ""
23495
23496
#: serverguide/C/dns.xml:126(para)
23497
msgid ""
23498
"In this section <application>BIND9</application> will be configured as the "
23499
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
23500
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
23501
"(Fully Qualified Domain Name)."
23502
msgstr ""
23503
23504
#: serverguide/C/dns.xml:132(title)
23505
msgid "Forward Zone File"
23506
msgstr ""
23507
23508
#: serverguide/C/dns.xml:133(para)
23509
msgid ""
23510
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
23511
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
23512
msgstr ""
23513
23514
#: serverguide/C/dns.xml:137(programlisting)
23515
#, no-wrap
23516
msgid ""
23517
"\n"
23518
"zone \"example.com\" {\n"
23519
"\ttype master;\n"
23520
" file \"/etc/bind/db.example.com\";\n"
23521
"};\n"
23522
msgstr ""
23523
23524
#: serverguide/C/dns.xml:143(para)
23525
msgid ""
23526
"Now use an existing zone file as a template to create the "
23527
"<filename>/etc/bind/db.example.com</filename> file:"
23528
msgstr ""
23529
23530
#: serverguide/C/dns.xml:147(command)
23531
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
23532
msgstr ""
23533
23534
#: serverguide/C/dns.xml:149(para)
23535
msgid ""
23536
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
23537
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
23538
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
23539
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
23540
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
23541
"leaving the \".\" at the end."
23542
msgstr ""
23543
23544
#: serverguide/C/dns.xml:155(para)
23545
msgid ""
23546
"Also, create an <emphasis>A record</emphasis> for <emphasis "
23547
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
23548
msgstr ""
23549
23550
#: serverguide/C/dns.xml:159(programlisting)
23551
#, no-wrap
23552
msgid ""
23553
"\n"
23554
";\n"
23555
"; BIND data file for local loopback interface\n"
23556
";\n"
23557
"$TTL 604800\n"
23558
"@ IN SOA ns.example.com. root.example.com. (\n"
23559
" 2 ; Serial\n"
23560
" 604800 ; Refresh\n"
23561
" 86400 ; Retry\n"
23562
" 2419200 ; Expire\n"
23563
" 604800 ) ; Negative Cache TTL\n"
23564
";\n"
23565
"@ IN NS ns.example.com.\n"
23566
"@ IN A 127.0.0.1\n"
23567
"@ IN AAAA ::1\n"
23568
"ns IN A 192.168.1.10\n"
23569
msgstr ""
23570
23571
#: serverguide/C/dns.xml:176(para)
23572
msgid ""
23573
"You must increment the <emphasis>Serial Number</emphasis> every time you "
23574
"make changes to the zone file. If you make multiple changes before "
23575
"restarting BIND9, simply increment the Serial once."
23576
msgstr ""
23577
23578
#: serverguide/C/dns.xml:180(para)
23579
msgid ""
23580
"Now, you can add DNS records to the bottom of the zone file. See <xref "
23581
"linkend=\"dns-record-types\"/> for details."
23582
msgstr ""
23583
23584
#: serverguide/C/dns.xml:184(para)
23585
msgid ""
23586
"Many admins like to use the last date edited as the serial of a zone, such "
23587
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
23588
"<emphasis>ss</emphasis> is the Serial Number)"
23589
msgstr ""
23590
23591
#: serverguide/C/dns.xml:189(para)
23592
msgid ""
23593
"Once you have made a change to the zone file "
23594
"<application>BIND9</application> will need to be restarted for the changes "
23595
"to take effect:"
23596
msgstr ""
23597
23598
#: serverguide/C/dns.xml:198(title)
23599
msgid "Reverse Zone File"
23600
msgstr ""
23601
23602
#: serverguide/C/dns.xml:199(para)
23603
msgid ""
23604
"Now that the zone is setup and resolving names to IP Adresses a "
23605
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
23606
"DNS to resolve an address to a name."
23607
msgstr ""
23608
23609
#: serverguide/C/dns.xml:203(para)
23610
msgid "Edit /etc/bind/named.conf.local and add the following:"
23611
msgstr ""
23612
23613
#: serverguide/C/dns.xml:206(programlisting)
23614
#, no-wrap
23615
msgid ""
23616
"\n"
23617
"zone \"1.168.192.in-addr.arpa\" {\n"
23618
" type master;\n"
23619
" notify no;\n"
23620
" file \"/etc/bind/db.192\";\n"
23621
"};\n"
23622
msgstr ""
23623
23624
#: serverguide/C/dns.xml:214(para)
23625
msgid ""
23626
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
23627
"whatever network you are using. Also, name the zone file "
23628
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
23629
"first octet of your network."
23630
msgstr ""
23631
23632
#: serverguide/C/dns.xml:219(para)
23633
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
23634
msgstr ""
23635
23636
#: serverguide/C/dns.xml:223(command)
23637
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
23638
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
23639
23640
#: serverguide/C/dns.xml:225(para)
23641
msgid ""
23642
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
23643
"same options as <filename>/etc/bind/db.example.com</filename>:"
23644
msgstr ""
23645
23646
#: serverguide/C/dns.xml:229(programlisting)
23647
#, no-wrap
23648
msgid ""
23649
"\n"
23650
";\n"
23651
"; BIND reverse data file for local loopback interface\n"
23652
";\n"
23653
"$TTL 604800\n"
23654
"@ IN SOA ns.example.com. root.example.com. (\n"
23655
" 2 ; Serial\n"
23656
" 604800 ; Refresh\n"
23657
" 86400 ; Retry\n"
23658
" 2419200 ; Expire\n"
23659
" 604800 ) ; Negative Cache TTL\n"
23660
";\n"
23661
"@ IN NS ns.\n"
23662
"10 IN PTR ns.example.com.\n"
23663
msgstr ""
23664
23665
#: serverguide/C/dns.xml:244(para)
23666
msgid ""
23667
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
23668
"incremented on each change as well. For each <emphasis>A record</emphasis> "
23669
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
23670
"create a <emphasis>PTR record</emphasis> in "
23671
"<filename>/etc/bind/db.192</filename>."
23672
msgstr ""
23673
23674
#: serverguide/C/dns.xml:249(para)
23675
msgid ""
23676
"After creating the reverse zone file restart "
23677
"<application>BIND9</application>:"
23678
msgstr ""
23679
23680
#: serverguide/C/dns.xml:258(title)
23681
msgid "Secondary Master"
23682
msgstr ""
23683
23684
#: serverguide/C/dns.xml:259(para)
23685
msgid ""
23686
"Once a <emphasis>Primary Master</emphasis> has been configured a "
23687
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
23688
"availability of the domain should the Primary become unavailable."
23689
msgstr ""
23690
23691
#: serverguide/C/dns.xml:263(para)
23692
msgid ""
23693
"First, on the Primary Master server, the zone transfer needs to be allowed. "
23694
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
23695
"and Reverse zone definitions in "
23696
"<filename>/etc/bind/named.conf.local</filename>:"
23697
msgstr ""
23698
23699
#: serverguide/C/dns.xml:267(programlisting)
23700
#, no-wrap
23701
msgid ""
23702
"\n"
23703
"zone \"example.com\" {\n"
23704
" type master;\n"
23705
"\tfile \"/etc/bind/db.example.com\";\n"
23706
" allow-transfer { 192.168.1.11; };\n"
23707
"};\n"
23708
"\n"
23709
"zone \"1.168.192.in-addr.arpa\" {\n"
23710
" type master;\n"
23711
" notify no;\n"
23712
" file \"/etc/bind/db.192\";\n"
23713
"\tallow-transfer { 192.168.1.11; };\n"
23714
"};\n"
23715
msgstr ""
23716
23717
#: serverguide/C/dns.xml:282(para)
23718
msgid ""
23719
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
23720
"Secondary nameserver."
23721
msgstr ""
23722
23723
#: serverguide/C/dns.xml:286(para)
23724
msgid ""
23725
"Next, on the Secondary Master, install the <application>bind9</application> "
23726
"package the same way as on the Primary. Then edit the "
23727
"<filename>/etc/bind/named.conf.local</filename> and add the following "
23728
"declarations for the Forward and Reverse zones:"
23729
msgstr ""
23730
23731
#: serverguide/C/dns.xml:290(programlisting)
23732
#, no-wrap
23733
msgid ""
23734
"\n"
23735
"zone \"example.com\" {\n"
23736
"\ttype slave;\n"
23737
" file \"/var/cache/bind/db.example.com\";\n"
23738
" masters { 192.168.1.10; };\n"
23739
"}; \n"
23740
" \n"
23741
"zone \"1.168.192.in-addr.arpa\" {\n"
23742
"\ttype slave;\n"
23743
" file \"/var/cache/bind/db.192\";\n"
23744
" masters { 192.168.1.10; };\n"
23745
"};\n"
23746
msgstr ""
23747
23748
#: serverguide/C/dns.xml:304(para)
23749
msgid ""
23750
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
23751
"Primary nameserver."
23752
msgstr ""
23753
23754
#: serverguide/C/dns.xml:308(para)
23755
msgid "Restart <application>BIND9</application> on the Secondary Master:"
23756
msgstr ""
23757
23758
#: serverguide/C/dns.xml:314(para)
23759
msgid ""
23760
"In <filename>/var/log/syslog</filename> you should see something similar to:"
23761
msgstr ""
23762
23763
#: serverguide/C/dns.xml:317(programlisting)
23764
#, no-wrap
23765
msgid ""
23766
"\n"
23767
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
23768
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
23769
msgstr ""
23770
23771
#: serverguide/C/dns.xml:322(para)
23772
msgid ""
23773
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
23774
"on the Primary is larger than the one on the Secondary."
23775
msgstr ""
23776
23777
#: serverguide/C/dns.xml:328(para)
23778
msgid ""
23779
"The default directory for non-authoritative zone files is "
23780
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
23781
"<application>AppArmor</application> to allow the "
23782
"<application>named</application> daemon to write to it. For more information "
23783
"on AppArmor see <xref linkend=\"apparmor\"/>."
23784
msgstr ""
23785
23786
#: serverguide/C/dns.xml:339(para)
23787
msgid ""
23788
"This section covers ways to help determine the cause when problems happen "
23789
"with DNS and <application>BIND9</application>."
23790
msgstr ""
23791
23792
#: serverguide/C/dns.xml:345(title)
23793
msgid "resolv.conf"
23794
msgstr "resolv.conf"
23795
23796
#: serverguide/C/dns.xml:346(para)
23797
msgid ""
23798
"The first step in testing <application>BIND9</application> is to add the "
23799
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
23800
"be configured as well as another host to double check things. Simply edit "
23801
"<filename>/etc/resolv.conf</filename> and add the following:"
23802
msgstr ""
23803
23804
#: serverguide/C/dns.xml:351(programlisting)
23805
#, no-wrap
23806
msgid ""
23807
"\n"
23808
"nameserver\t192.168.1.10\n"
23809
"nameserver\t192.168.1.11\n"
23810
msgstr ""
23811
23812
#: serverguide/C/dns.xml:356(para)
23813
msgid ""
23814
"You should also add the IP Address of the Secondary nameserver in case the "
23815
"Primary becomes unavailable."
23816
msgstr ""
23817
23818
#: serverguide/C/dns.xml:362(title)
23819
msgid "dig"
23820
msgstr "dig"
23821
23822
#: serverguide/C/dns.xml:363(para)
23823
msgid ""
23824
"If you installed the <application>dnsutils</application> package you can "
23825
"test your setup using the DNS lookup utility <application>dig</application>:"
23826
msgstr ""
23827
23828
#: serverguide/C/dns.xml:369(para)
23829
msgid ""
23830
"After installing <application>BIND9</application> use "
23831
"<application>dig</application> against the loopback interface to make sure "
23832
"it is listening on port 53. From a terminal prompt:"
23833
msgstr ""
23834
23835
#: serverguide/C/dns.xml:374(command)
23836
msgid "dig -x 127.0.0.1"
23837
msgstr "dig -x 127.0.0.1"
23838
23839
#: serverguide/C/dns.xml:376(para)
23840
msgid "You should see lines similar to the following in the command output:"
23841
msgstr ""
23842
23843
#: serverguide/C/dns.xml:379(programlisting)
23844
#, no-wrap
23845
msgid ""
23846
"\n"
23847
";; Query time: 1 msec\n"
23848
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
23849
msgstr ""
23850
23851
#: serverguide/C/dns.xml:385(para)
23852
msgid ""
23853
"If you have configured <application>BIND9</application> as a "
23854
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
23855
"the query time:"
23856
msgstr ""
23857
23858
#: serverguide/C/dns.xml:390(command)
23859
msgid "dig ubuntu.com"
23860
msgstr "dig ubuntu.com"
23861
23862
#: serverguide/C/dns.xml:392(para)
23863
msgid "Note the query time toward the end of the command output:"
23864
msgstr ""
23865
23866
#: serverguide/C/dns.xml:395(programlisting)
23867
#, no-wrap
23868
msgid ""
23869
"\n"
23870
";; Query time: 49 msec\n"
23871
msgstr ""
23872
23873
#: serverguide/C/dns.xml:398(para)
23874
msgid "After a second dig there should be improvement:"
23875
msgstr ""
23876
23877
#: serverguide/C/dns.xml:401(programlisting)
23878
#, no-wrap
23879
msgid ""
23880
"\n"
23881
";; Query time: 1 msec\n"
23882
msgstr ""
23883
23884
#: serverguide/C/dns.xml:408(title)
23885
msgid "ping"
23886
msgstr "ping"
23887
23888
#: serverguide/C/dns.xml:410(para)
23889
msgid ""
23890
"Now to demonstrate how applications make use of DNS to resolve a host name "
23891
"use the <application>ping</application> utility to send an ICMP echo "
23892
"request. From a terminal prompt enter:"
23893
msgstr ""
23894
23895
#: serverguide/C/dns.xml:416(command)
23896
msgid "ping example.com"
23897
msgstr "ping example.com"
23898
23899
#: serverguide/C/dns.xml:418(para)
23900
msgid ""
23901
"This tests if the nameserver can resolve the name "
23902
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
23903
"should resemble:"
23904
msgstr ""
23905
23906
#: serverguide/C/dns.xml:422(programlisting)
23907
#, no-wrap
23908
msgid ""
23909
"\n"
23910
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
23911
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
23912
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
23913
msgstr ""
23914
23915
#: serverguide/C/dns.xml:429(title)
23916
msgid "named-checkzone"
23917
msgstr "named-checkzone"
23918
23919
#: serverguide/C/dns.xml:430(para)
23920
msgid ""
23921
"A great way to test your zone files is by using the <application>named-"
23922
"checkzone</application> utility installed with the "
23923
"<application>bind9</application> package. This utility allows you to make "
23924
"sure the configuration is correct before restarting "
23925
"<application>BIND9</application> and making the changes live."
23926
msgstr ""
23927
23928
#: serverguide/C/dns.xml:437(para)
23929
msgid ""
23930
"To test our example Forward zone file enter the following from a command "
23931
"prompt:"
23932
msgstr ""
23933
23934
#: serverguide/C/dns.xml:441(command)
23935
msgid "named-checkzone example.com /etc/bind/db.example.com"
23936
msgstr "named-checkzone example.com /etc/bind/db.example.com"
23937
23938
#: serverguide/C/dns.xml:443(para)
23939
msgid ""
23940
"If everything is configured correctly you should see output similar to:"
23941
msgstr ""
23942
23943
#: serverguide/C/dns.xml:446(programlisting)
23944
#, no-wrap
23945
msgid ""
23946
"\n"
23947
"zone example.com/IN: loaded serial 6\n"
23948
"OK\n"
23949
msgstr ""
23950
23951
#: serverguide/C/dns.xml:452(para)
23952
msgid "Similarly, to test the Reverse zone file enter the following:"
23953
msgstr ""
23954
23955
#: serverguide/C/dns.xml:456(command)
23956
msgid "named-checkzone example.com /etc/bind/db.192"
23957
msgstr "named-checkzone example.com /etc/bind/db.192"
23958
23959
#: serverguide/C/dns.xml:458(para)
23960
msgid "The output should be similar to:"
23961
msgstr ""
23962
23963
#: serverguide/C/dns.xml:461(programlisting)
23964
#, no-wrap
23965
msgid ""
23966
"\n"
23967
"zone example.com/IN: loaded serial 3\n"
23968
"OK\n"
23969
msgstr ""
23970
23971
#: serverguide/C/dns.xml:468(para)
23972
msgid ""
23973
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
23974
"different."
23975
msgstr ""
23976
23977
#: serverguide/C/dns.xml:475(title)
23978
msgid "Logging"
23979
msgstr ""
23980
23981
#: serverguide/C/dns.xml:476(para)
23982
msgid ""
23983
"<application>BIND9</application> has a wide variety of logging configuration "
23984
"options available. There are two main options. The "
23985
"<emphasis>channel</emphasis> option configures where logs go, and the "
23986
"<emphasis>category</emphasis> option determines what information to log."
23987
msgstr ""
23988
23989
#: serverguide/C/dns.xml:480(para)
23990
msgid "If no logging option is configured the default option is:"
23991
msgstr ""
23992
23993
#: serverguide/C/dns.xml:483(programlisting)
23994
#, no-wrap
23995
msgid ""
23996
"\n"
23997
"logging {\n"
23998
" category default { default_syslog; default_debug; };\n"
23999
" category unmatched { null; };\n"
24000
"};\n"
24001
msgstr ""
24002
24003
#: serverguide/C/dns.xml:489(para)
24004
msgid ""
24005
"This section covers configuring <application>BIND9</application> to send "
24006
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
24007
"file."
24008
msgstr ""
24009
24010
#: serverguide/C/dns.xml:494(para)
24011
msgid ""
24012
"First, we need to configure a channel to specify which file to send the "
24013
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
24014
"the following:"
24015
msgstr ""
24016
24017
#: serverguide/C/dns.xml:498(programlisting)
24018
#, no-wrap
24019
msgid ""
24020
"\n"
24021
"logging {\n"
24022
" channel query.log { \n"
24023
" file \"/var/log/query.log\";\n"
24024
" severity debug 3; \n"
24025
" }; \n"
24026
"};\n"
24027
msgstr ""
24028
24029
#: serverguide/C/dns.xml:508(para)
24030
msgid "Next, configure a category to send all DNS queries to the query file:"
24031
msgstr ""
24032
24033
#: serverguide/C/dns.xml:511(programlisting)
24034
#, no-wrap
24035
msgid ""
24036
"\n"
24037
"logging {\n"
24038
" channel query.log { \n"
24039
" file \"/var/log/query.log\"; \n"
24040
" severity debug 3; \n"
24041
" }; \n"
24042
" <emphasis>category queries { query.log; };</emphasis> \n"
24043
"};\n"
24044
msgstr ""
24045
24046
#: serverguide/C/dns.xml:523(para)
24047
msgid ""
24048
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
24049
"level isn't specified level 1 is the default."
24050
msgstr ""
24051
24052
#: serverguide/C/dns.xml:529(para)
24053
msgid ""
24054
"Since the <emphasis>named daemon</emphasis> runs as the "
24055
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
24056
"file must be created and the ownership changed:"
24057
msgstr ""
24058
24059
#: serverguide/C/dns.xml:534(command)
24060
msgid "sudo touch /var/log/query.log"
24061
msgstr "sudo touch /var/log/query.log"
24062
24063
#: serverguide/C/dns.xml:535(command)
24064
msgid "sudo chown bind /var/log/query.log"
24065
msgstr "sudo chown bind /var/log/query.log"
24066
24067
#: serverguide/C/dns.xml:539(para)
24068
msgid ""
24069
"Before <application>named</application> daemon can write to the new log file "
24070
"the <application>AppArmor</application> profile must be updated. First, edit "
24071
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
24072
msgstr ""
24073
24074
#: serverguide/C/dns.xml:543(programlisting)
24075
#, no-wrap
24076
msgid ""
24077
"\n"
24078
"/var/log/query.log w,\n"
24079
msgstr ""
24080
24081
#: serverguide/C/dns.xml:546(para)
24082
msgid "Next, reload the profile:"
24083
msgstr ""
24084
24085
#: serverguide/C/dns.xml:550(command)
24086
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
24087
msgstr ""
24088
24089
#: serverguide/C/dns.xml:552(para)
24090
msgid ""
24091
"For more information on <application>AppArmor</application> see <xref "
24092
"linkend=\"apparmor\"/>"
24093
msgstr ""
24094
24095
#: serverguide/C/dns.xml:557(para)
24096
msgid ""
24097
"Now restart <application>BIND9</application> for the changes to take effect:"
24098
msgstr ""
24099
24100
#: serverguide/C/dns.xml:565(para)
24101
msgid ""
24102
"You should see the file <filename>/var/log/query.log</filename> fill with "
24103
"query information. This is a simple example of the "
24104
"<application>BIND9</application> logging options. For coverage of advanced "
24105
"options see <xref linkend=\"dns-more-info\"/>."
24106
msgstr ""
24107
24108
#: serverguide/C/dns.xml:574(title)
24109
msgid "Common Record Types"
24110
msgstr ""
24111
24112
#: serverguide/C/dns.xml:575(para)
24113
msgid "This section covers some of the most common DNS record types."
24114
msgstr ""
24115
24116
#: serverguide/C/dns.xml:580(para)
24117
msgid ""
24118
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
24119
msgstr ""
24120
24121
#: serverguide/C/dns.xml:583(programlisting)
24122
#, no-wrap
24123
msgid ""
24124
"\n"
24125
"www IN A 192.168.1.12\n"
24126
msgstr ""
24127
"\n"
24128
"www IN A 192.168.1.12\n"
24129
24130
#: serverguide/C/dns.xml:588(para)
24131
msgid ""
24132
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
24133
"record. You cannot create a CNAME record pointing to another CNAME record."
24134
msgstr ""
24135
24136
#: serverguide/C/dns.xml:591(programlisting)
24137
#, no-wrap
24138
msgid ""
24139
"\n"
24140
"web IN CNAME www\n"
24141
msgstr ""
24142
"\n"
24143
"web IN CNAME www\n"
24144
24145
#: serverguide/C/dns.xml:596(para)
24146
msgid ""
24147
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
24148
"to. Must point to an A record, not a CNAME."
24149
msgstr ""
24150
24151
#: serverguide/C/dns.xml:599(programlisting)
24152
#, no-wrap
24153
msgid ""
24154
"\n"
24155
" IN MX 1 mail.example.com.\n"
24156
"mail IN A 192.168.1.13\n"
24157
msgstr ""
24158
24159
#: serverguide/C/dns.xml:605(para)
24160
msgid ""
24161
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
24162
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
24163
"Secondary servers are defined."
24164
msgstr ""
24165
24166
#: serverguide/C/dns.xml:609(programlisting)
24167
#, no-wrap
24168
msgid ""
24169
"\n"
24170
" IN NS ns.example.com.\n"
24171
"\tIN NS ns2.example.com.\n"
24172
"ns IN A 192.168.1.10\n"
24173
"ns2\tIN A\t 192.168.1.11\n"
24174
msgstr ""
24175
24176
#: serverguide/C/dns.xml:622(para)
24177
msgid ""
24178
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
24179
"HOWTO</ulink> explains more advanced options for configuring BIND9."
24180
msgstr ""
24181
24182
#: serverguide/C/dns.xml:627(para)
24183
msgid ""
24184
"For in depth coverage of <emphasis>DNS</emphasis> and "
24185
"<application>BIND9</application> see <ulink "
24186
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
24187
msgstr ""
24188
24189
#: serverguide/C/dns.xml:632(para)
24190
msgid ""
24191
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
24192
"BIND</ulink> is a popular book now in it's fifth edition."
24193
msgstr ""
24194
24195
#: serverguide/C/dns.xml:637(para)
24196
msgid ""
24197
"A great place to ask for <application>BIND9</application> assistance, and "
24198
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
24199
"server</emphasis> IRC channel on <ulink "
24200
"url=\"http://freenode.net\">freenode</ulink>."
24201
msgstr ""
24202
24203
#: serverguide/C/dns.xml:643(para)
24204
msgid ""
24205
"Also, see the <ulink "
24206
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
24207
"HOWTO</ulink> in the Ubuntu Wiki."
24208
msgstr ""
24209
24210
#: serverguide/C/databases.xml:13(title)
24211
msgid "Databases"
24212
msgstr "数据库"
24213
24214
#: serverguide/C/databases.xml:14(para)
24215
msgid "Ubuntu provides two popular database servers. They are:"
24216
msgstr ""
24217
24218
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
24219
msgid "PostgreSQL"
24220
msgstr "PostgreSQL"
24221
24222
#: serverguide/C/databases.xml:25(para)
24223
msgid ""
24224
"They are available in the main repository. This section explains how to "
24225
"install and configure these database servers."
24226
msgstr ""
24227
24228
#: serverguide/C/databases.xml:32(para)
24229
msgid ""
24230
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
24231
"It is intended for mission-critical, heavy-load production systems as well "
24232
"as for embedding into mass-deployed software."
24233
msgstr "MySQL 是一个快速、多线程、多用户、强大的 SQL 数据库服务器。它旨在成为能用于大型应用、高负载的生产系统以及大规模部署的软件。"
24234
24235
#: serverguide/C/databases.xml:41(para)
24236
msgid "To install MySQL, run the following command from a terminal prompt:"
24237
msgstr "要安装 MySQL,可以在终端提示符后运行下列命令:"
24238
24239
#: serverguide/C/databases.xml:46(command)
24240
msgid "sudo apt-get install mysql-server"
24241
msgstr ""
24242
24243
#: serverguide/C/databases.xml:48(para)
24244
msgid ""
24245
"During the installation process you will be prompted to enter a password for "
24246
"the <application>MySQL</application> root user."
24247
msgstr ""
24248
24249
#: serverguide/C/databases.xml:53(para)
24250
msgid ""
24251
"Once the installation is complete, the MySQL server should be started "
24252
"automatically. You can run the following command from a terminal prompt to "
24253
"check whether the MySQL server is running:"
24254
msgstr "一旦安装完成,MySQL 服务器应该自动启动。您可以在终端提示符后运行以下命令来检查 MySQL 服务器是否正在运行:"
24255
24256
#: serverguide/C/databases.xml:61(command)
24257
msgid "sudo netstat -tap | grep mysql"
24258
msgstr "sudo netstat -tap | grep mysql"
24259
24260
#: serverguide/C/databases.xml:70(programlisting)
24261
#, no-wrap
24262
msgid ""
24263
"\n"
24264
"tcp 0 0 localhost:mysql *:* LISTEN "
24265
" 2556/mysqld\n"
24266
msgstr ""
24267
24268
#: serverguide/C/databases.xml:74(para)
24269
msgid ""
24270
"If the server is not running correctly, you can type the following command "
24271
"to start it:"
24272
msgstr "如果服务器不能正常运行,您可以通过下列命令启动它:"
24273
24274
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
24275
msgid "sudo /etc/init.d/mysql restart"
24276
msgstr "sudo /etc/init.d/mysql restart"
24277
24278
#: serverguide/C/databases.xml:85(para)
24279
msgid ""
24280
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
24281
"the basic settings -- log file, port number, etc. For example, to configure "
24282
"<application>MySQL</application> to listen for connections from network "
24283
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
24284
"server's IP address:"
24285
msgstr ""
24286
24287
#: serverguide/C/databases.xml:91(programlisting)
24288
#, no-wrap
24289
msgid ""
24290
"\n"
24291
"bind-address = 192.168.0.5\n"
24292
msgstr ""
24293
24294
#: serverguide/C/databases.xml:95(para)
24295
msgid "Replace 192.168.0.5 with the appropriate address."
24296
msgstr ""
24297
24298
#: serverguide/C/databases.xml:99(para)
24299
msgid ""
24300
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
24301
"<application>mysql</application> daemon will need to be restarted:"
24302
msgstr ""
24303
24304
#: serverguide/C/databases.xml:107(para)
24305
msgid ""
24306
"If you would like to change the "
24307
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
24308
"terminal enter:"
24309
msgstr ""
24310
24311
#: serverguide/C/databases.xml:113(command)
24312
msgid "sudo dpkg-reconfigure mysql-server-5.1"
24313
msgstr ""
24314
24315
#: serverguide/C/databases.xml:116(para)
24316
msgid ""
24317
"The <application>mysql</application> daemon will be stopped, and you will be "
24318
"prompted to enter a new password."
24319
msgstr ""
24320
24321
#: serverguide/C/databases.xml:125(para)
24322
msgid ""
24323
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
24324
"more information."
24325
msgstr ""
24326
24327
#: serverguide/C/databases.xml:130(para)
24328
msgid ""
24329
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
24330
"<application>mysql-doc-5.0</application> package. To install the package "
24331
"enter the following in a terminal:"
24332
msgstr ""
24333
24334
#: serverguide/C/databases.xml:135(command)
24335
msgid "sudo apt-get install mysql-doc-5.0"
24336
msgstr ""
24337
24338
#: serverguide/C/databases.xml:137(para)
24339
msgid ""
24340
"The documentation is in HTML format, to view them enter "
24341
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
24342
"chapter/index.html</command> in your browser's address bar."
24343
msgstr ""
24344
24345
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
24346
msgid ""
24347
"For general SQL information see <ulink "
24348
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
24349
"Special Edition</ulink> by Rafe Colburn."
24350
msgstr ""
24351
24352
#: serverguide/C/databases.xml:149(para)
24353
msgid ""
24354
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
24355
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
24356
msgstr ""
24357
24358
#: serverguide/C/databases.xml:158(para)
24359
msgid ""
24360
"PostgreSQL is an object-relational database system that has the features of "
24361
"traditional commercial database systems with enhancements to be found in "
24362
"next-generation DBMS systems."
24363
msgstr "PostgreSQL 是一个面向对象的数据库系统,它有着传统商业数据库系统和下一代 DBMS 系统所增进的功能。"
24364
24365
#: serverguide/C/databases.xml:165(para)
24366
msgid ""
24367
"To install PostgreSQL, run the following command in the command prompt:"
24368
msgstr "要安装 PostgreSQL,可以在命令提示符后运行下列命令:"
24369
24370
#: serverguide/C/databases.xml:172(command)
24371
msgid "sudo apt-get install postgresql"
24372
msgstr "sudo apt-get install postgresql"
24373
24374
#: serverguide/C/databases.xml:176(para)
24375
msgid ""
24376
"Once the installation is complete, you should configure the PostgreSQL "
24377
"server based on your needs, although the default configuration is viable."
24378
msgstr "一旦安装完成,您就要按您的需要配置 PostgreSQL 服务器,尽管缺省配置已经可以使它可以正常运行了。"
24379
24380
#: serverguide/C/databases.xml:184(para)
24381
msgid ""
24382
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
24383
"client authentication methods. By default, IDENT authentication method is "
24384
"used for <application>postgres</application> and local users. Please refer "
24385
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
24386
"PostgreSQL Administrator's Guide</ulink>."
24387
msgstr ""
24388
24389
#: serverguide/C/databases.xml:191(para)
24390
msgid ""
24391
"The following discussion assumes that you wish to enable TCP/IP connections "
24392
"and use the MD5 method for client authentication. PostgreSQL configuration "
24393
"files are stored in the "
24394
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
24395
"example, if you install PostgreSQL 8.4, the configuration files are stored "
24396
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
24397
msgstr ""
24398
24399
#: serverguide/C/databases.xml:201(para)
24400
msgid ""
24401
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
24402
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
24403
msgstr ""
24404
24405
#: serverguide/C/databases.xml:208(para)
24406
msgid ""
24407
"To enable TCP/IP connections, edit the file "
24408
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
24409
msgstr ""
24410
24411
#: serverguide/C/databases.xml:210(para)
24412
msgid ""
24413
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
24414
"change it to:"
24415
msgstr ""
24416
24417
#: serverguide/C/databases.xml:213(programlisting)
24418
#, no-wrap
24419
msgid ""
24420
"\n"
24421
"listen_addresses = 'localhost'\n"
24422
msgstr ""
24423
"\n"
24424
"listen_addresses = 'localhost'\n"
24425
24426
#: serverguide/C/databases.xml:217(para)
24427
msgid ""
24428
"To allow other computers to connect to your "
24429
"<application>PostgreSQL</application> server replace 'localhost' with the "
24430
"<emphasis>IP Address</emphasis> of your server."
24431
msgstr ""
24432
24433
#: serverguide/C/databases.xml:222(para)
24434
msgid ""
24435
"You may also edit all other parameters, if you know what you are doing! For "
24436
"details, refer to the configuration file or to the PostgreSQL documentation."
24437
msgstr ""
24438
24439
#: serverguide/C/databases.xml:227(para)
24440
msgid ""
24441
"Now that we can connect to our <application>PostgreSQL</application> server, "
24442
"the next step is to set a password for the <emphasis>postgres</emphasis> "
24443
"user. Run the following command at a terminal prompt to connect to the "
24444
"default PostgreSQL template database:"
24445
msgstr ""
24446
24447
#: serverguide/C/databases.xml:234(command)
24448
msgid "sudo -u postgres psql template1"
24449
msgstr "sudo -u postgres psql template1"
24450
24451
#: serverguide/C/databases.xml:236(para)
24452
msgid ""
24453
"The above command connects to PostgreSQL database "
24454
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
24455
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
24456
"run the following SQL command at the <application>psql</application> prompt "
24457
"to configure the password for the user <emphasis "
24458
"role=\"italics\">postgres</emphasis>."
24459
msgstr ""
24460
"上面的命令是以用户 <emphasis>postgres</emphasis> 的身份连接 PostgreSQL 的 "
24461
"<emphasis>template1</emphasis> 数据库。一旦您连到 PostgreSQL 服务器,您将会在 SQL 提示符下。您可以在 "
24462
"<application>psql</application> 提示符中运行下列命令来为用户 <emphasis "
24463
"role=\"italics\">postgres</emphasis> 配置密码。"
24464
24465
#: serverguide/C/databases.xml:244(command)
24466
msgid "ALTER USER postgres with encrypted password 'your_password';"
24467
msgstr ""
24468
24469
#: serverguide/C/databases.xml:246(para)
24470
msgid ""
24471
"After configuring the password, edit the file "
24472
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
24473
"<emphasis>MD5</emphasis> authentication with the "
24474
"<emphasis>postgres</emphasis> user:"
24475
msgstr ""
24476
24477
#: serverguide/C/databases.xml:252(programlisting)
24478
#, no-wrap
24479
msgid ""
24480
"\n"
24481
"local all postgres md5\n"
24482
msgstr ""
24483
24484
#: serverguide/C/databases.xml:256(para)
24485
msgid ""
24486
"Finally, you should restart the <application>PostgreSQL</application> "
24487
"service to initialize the new configuration. From a terminal prompt enter "
24488
"the following to restart <application>PostgreSQL</application>:"
24489
msgstr ""
24490
24491
#: serverguide/C/databases.xml:262(command)
24492
msgid "sudo /etc/init.d/postgresql-8.4 restart"
24493
msgstr ""
24494
24495
#: serverguide/C/databases.xml:265(para)
24496
msgid ""
24497
"The above configuration is not complete by any means. Please refer <ulink "
24498
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
24499
"Administrator's Guide</ulink> to configure more parameters."
24500
msgstr ""
24501
24502
#: serverguide/C/databases.xml:276(para)
24503
msgid ""
24504
"As mentioned above the <ulink "
24505
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
24506
"Guide</ulink> is an excellent resource. The guide is also available in the "
24507
"<application>postgresql-doc-8.4</application> package. Execute the following "
24508
"in a terminal to install the package:"
24509
msgstr ""
24510
24511
#: serverguide/C/databases.xml:282(command)
24512
msgid "sudo apt-get install postgresql-doc-8.4"
24513
msgstr ""
24514
24515
#: serverguide/C/databases.xml:284(para)
24516
msgid ""
24517
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
24518
"8.4/html/index.html</command> into the address bar of your browser."
24519
msgstr ""
24520
24521
#: serverguide/C/databases.xml:296(para)
24522
msgid ""
24523
"Also, see the <ulink "
24524
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
24525
"Wiki</ulink> page for more information."
24526
msgstr ""
24527
24528
#: serverguide/C/clustering.xml:13(title)
24529
msgid "Clustering"
24530
msgstr ""
24531
24532
#: serverguide/C/clustering.xml:16(title)
24533
msgid "DRBD"
24534
msgstr ""
24535
24536
#: serverguide/C/clustering.xml:18(para)
24537
msgid ""
24538
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
24539
"multiple hosts. The replication is transparent to other applications on the "
24540
"host systems. Any block device hard disks, partitions, RAID devices, logical "
24541
"volumes, etc can be mirrored."
24542
msgstr ""
24543
24544
#: serverguide/C/clustering.xml:24(para)
24545
msgid ""
24546
"To get started using <application>drbd</application>, first install the "
24547
"necessary packages. From a terminal enter:"
24548
msgstr ""
24549
24550
#: serverguide/C/clustering.xml:29(command)
24551
msgid "sudo apt-get install drbd8-utils"
24552
msgstr ""
24553
24554
#: serverguide/C/clustering.xml:33(para)
24555
msgid ""
24556
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
24557
"virtual machine you will need to manually compile the "
24558
"<application>drbd</application> module. It may be easier to install the "
24559
"<application>linux-server</application> package inside the virtual machine."
24560
msgstr ""
24561
24562
#: serverguide/C/clustering.xml:40(para)
24563
msgid ""
24564
"This section covers setting up a <application>drbd</application> to "
24565
"replicate a separate <filename>/srv</filename> partition, with an "
24566
"<application>ext3</application> filesystem between two hosts. The partition "
24567
"size is not particularly relevant, but both partitions need to be the same "
24568
"size."
24569
msgstr ""
24570
24571
#: serverguide/C/clustering.xml:49(para)
24572
msgid ""
24573
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
24574
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
24575
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
24576
"See <xref linkend=\"dns\"/> for details."
24577
msgstr ""
24578
24579
#: serverguide/C/clustering.xml:57(para)
24580
msgid ""
24581
"To configure <application>drbd</application>, on the first host edit "
24582
"<filename>/etc/drbd.conf</filename>:"
24583
msgstr ""
24584
24585
#: serverguide/C/clustering.xml:61(programlisting)
24586
#, no-wrap
24587
msgid ""
24588
"\n"
24589
"global { usage-count no; }\n"
24590
"common { syncer { rate 100M; } }\n"
24591
"resource r0 {\n"
24592
" protocol C;\n"
24593
" startup {\n"
24594
" wfc-timeout 15;\n"
24595
" degr-wfc-timeout 60;\n"
24596
" }\n"
24597
" net {\n"
24598
" cram-hmac-alg sha1;\n"
24599
" shared-secret \"secret\";\n"
24600
" }\n"
24601
" on drbd01 {\n"
24602
" device /dev/drbd0;\n"
24603
" disk /dev/sdb1;\n"
24604
" address 192.168.0.1:7788;\n"
24605
" meta-disk internal;\n"
24606
" }\n"
24607
" on drbd02 {\n"
24608
" device /dev/drbd0;\n"
24609
" disk /dev/sdb1;\n"
24610
" address 192.168.0.2:7788;\n"
24611
" meta-disk internal;\n"
24612
" }\n"
24613
"} \n"
24614
msgstr ""
24615
24616
#: serverguide/C/clustering.xml:90(para)
24617
msgid ""
24618
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
24619
"this example their default values are fine."
24620
msgstr ""
24621
24622
#: serverguide/C/clustering.xml:98(para)
24623
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
24624
msgstr ""
24625
24626
#: serverguide/C/clustering.xml:103(command)
24627
msgid "scp /etc/drbd.conf drbd02:~"
24628
msgstr ""
24629
24630
#: serverguide/C/clustering.xml:109(para)
24631
msgid ""
24632
"And, on <emphasis>drbd02</emphasis> move the file to "
24633
"<filename>/etc</filename>:"
24634
msgstr ""
24635
24636
#: serverguide/C/clustering.xml:114(command)
24637
msgid "sudo mv drbd.conf /etc/"
24638
msgstr ""
24639
24640
#: serverguide/C/clustering.xml:120(para)
24641
msgid ""
24642
"Next, on both hosts, start the <application>drbd</application> daemon:"
24643
msgstr ""
24644
24645
#: serverguide/C/clustering.xml:125(command)
24646
msgid "sudo /etc/init.d/drbd start"
24647
msgstr ""
24648
24649
#: serverguide/C/clustering.xml:131(para)
24650
msgid ""
24651
"Now using the <application>drbdadm</application> utility initialize the meta "
24652
"data storage. On each server execute:"
24653
msgstr ""
24654
24655
#: serverguide/C/clustering.xml:137(command)
24656
msgid "sudo drbdadm create-md r0"
24657
msgstr ""
24658
24659
#: serverguide/C/clustering.xml:143(para)
24660
msgid ""
24661
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
24662
"primary, enter the following:"
24663
msgstr ""
24664
24665
#: serverguide/C/clustering.xml:148(command)
24666
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
24667
msgstr ""
24668
24669
#: serverguide/C/clustering.xml:154(para)
24670
msgid ""
24671
"After executing the above command, the data will start syncing with the "
24672
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
24673
"the following:"
24674
msgstr ""
24675
24676
#: serverguide/C/clustering.xml:160(command)
24677
msgid "watch -n1 cat /proc/drbd"
24678
msgstr ""
24679
24680
#: serverguide/C/clustering.xml:163(para)
24681
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
24682
msgstr ""
24683
24684
#: serverguide/C/clustering.xml:170(para)
24685
msgid ""
24686
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
24687
msgstr ""
24688
24689
#: serverguide/C/clustering.xml:175(command)
24690
msgid "sudo mkfs.ext3 /dev/drbd0"
24691
msgstr ""
24692
24693
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
24694
msgid "sudo mount /dev/drbd0 /srv"
24695
msgstr ""
24696
24697
#: serverguide/C/clustering.xml:186(para)
24698
msgid ""
24699
"To test that the data is actually syncing between the hosts copy some files "
24700
"on the <emphasis>drbd01</emphasis>, the primary, to "
24701
"<filename>/srv</filename>:"
24702
msgstr ""
24703
24704
#: serverguide/C/clustering.xml:195(para)
24705
msgid "Next, unmount <filename>/srv</filename>:"
24706
msgstr ""
24707
24708
#: serverguide/C/clustering.xml:203(para)
24709
msgid ""
24710
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
24711
"<emphasis>secondary</emphasis> role:"
24712
msgstr ""
24713
24714
#: serverguide/C/clustering.xml:208(command)
24715
msgid "sudo drbdadm secondary r0"
24716
msgstr ""
24717
24718
#: serverguide/C/clustering.xml:211(para)
24719
msgid ""
24720
"Now on the <emphasis>secondary</emphasis> server "
24721
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
24722
msgstr ""
24723
24724
#: serverguide/C/clustering.xml:216(command)
24725
msgid "sudo drbdadm primary r0"
24726
msgstr ""
24727
24728
#: serverguide/C/clustering.xml:219(para)
24729
msgid "Lastly, mount the partition:"
24730
msgstr ""
24731
24732
#: serverguide/C/clustering.xml:227(para)
24733
msgid ""
24734
"Using <emphasis>ls</emphasis> you should see "
24735
"<filename>/srv/default</filename> copied from the former "
24736
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
24737
msgstr ""
24738
24739
#: serverguide/C/clustering.xml:238(para)
24740
msgid ""
24741
"For more information on <application>DRBD</application> see the <ulink "
24742
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
24743
msgstr ""
24744
24745
#: serverguide/C/clustering.xml:243(para)
24746
msgid ""
24747
"The <ulink "
24748
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
24749
">drbd.conf man page</ulink> contains details on the options not covered in "
24750
"this guide."
24751
msgstr ""
24752
24753
#: serverguide/C/clustering.xml:249(para)
24754
msgid ""
24755
"Also, see the <ulink "
24756
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
24757
"rbdadm man page</ulink>."
24758
msgstr ""
24759
24760
#: serverguide/C/clustering.xml:254(para)
24761
msgid ""
24762
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
24763
"Wiki</ulink> page also has more information."
24764
msgstr ""
24765
24766
#: serverguide/C/chat.xml:13(title)
24767
msgid "Chat Applications"
24768
msgstr ""
24769
24770
#: serverguide/C/chat.xml:19(para)
24771
msgid ""
24772
"In this section, we will discuss how to install and configure a IRC server, "
24773
"<application>ircd-irc2</application>. We will also discuss how to install "
24774
"and configure Jabber, an instance messaging server."
24775
msgstr ""
24776
24777
#: serverguide/C/chat.xml:28(title)
24778
msgid "IRC Server"
24779
msgstr ""
24780
24781
#: serverguide/C/chat.xml:30(para)
24782
msgid ""
24783
"The Ubuntu repository has many Internet Relay Chat servers. This section "
24784
"explains how to install and configure the original IRC server "
24785
"<application>ircd-irc2</application>."
24786
msgstr ""
24787
24788
#: serverguide/C/chat.xml:39(para)
24789
msgid ""
24790
"To install <application>ircd-irc2</application>, run the following command "
24791
"in the command prompt:"
24792
msgstr ""
24793
24794
#: serverguide/C/chat.xml:45(command)
24795
msgid "sudo apt-get install ircd-irc2"
24796
msgstr ""
24797
24798
#: serverguide/C/chat.xml:48(para)
24799
msgid ""
24800
"The configuration files are stored in <filename>/etc/ircd</filename> "
24801
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
24802
"irc2</filename> directory."
24803
msgstr ""
24804
24805
#: serverguide/C/chat.xml:59(para)
24806
msgid ""
24807
"The IRC settings can be done in the configuration file "
24808
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
24809
"this file by editing the following line:"
24810
msgstr ""
24811
24812
#: serverguide/C/chat.xml:64(programlisting)
24813
#, no-wrap
24814
msgid ""
24815
"\n"
24816
"M:irc.localhost::Debian ircd default configuration::000A\n"
24817
msgstr ""
24818
24819
#: serverguide/C/chat.xml:68(para)
24820
msgid ""
24821
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
24822
"you set irc.livecipher.com as IRC host name, please make sure "
24823
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
24824
"name should not be same as the host name."
24825
msgstr ""
24826
24827
#: serverguide/C/chat.xml:75(para)
24828
msgid ""
24829
"The IRC admin details can be configured by editing the following line:"
24830
msgstr ""
24831
24832
#: serverguide/C/chat.xml:80(programlisting)
24833
#, no-wrap
24834
msgid ""
24835
"\n"
24836
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
24837
"Server::IRCnet:\n"
24838
msgstr ""
24839
24840
#: serverguide/C/chat.xml:84(para)
24841
msgid ""
24842
"You should add specific lines to configure the list of IRC ports to listen "
24843
"on, to configure Operator credentials, to configure client authentication, "
24844
"etc. For details, please refer to the example configuration file "
24845
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
24846
msgstr ""
24847
24848
#: serverguide/C/chat.xml:92(para)
24849
msgid ""
24850
"The IRC banner to be displayed in the IRC client, when the user connects to "
24851
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
24852
msgstr ""
24853
24854
#: serverguide/C/chat.xml:97(para)
24855
msgid ""
24856
"After making necessary changes to the configuration file, you can restart "
24857
"the IRC server using following command:"
24858
msgstr ""
24859
24860
#: serverguide/C/chat.xml:101(programlisting)
24861
#, no-wrap
24862
msgid ""
24863
"\n"
24864
"sudo /etc/init.d/ircd-irc2 restart\n"
24865
msgstr ""
24866
24867
#: serverguide/C/chat.xml:109(para)
24868
msgid ""
24869
"You may also be interested to take a look at other IRC servers available in "
24870
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
24871
"<application>ircd-hybrid</application>."
24872
msgstr ""
24873
24874
#: serverguide/C/chat.xml:117(para)
24875
msgid ""
24876
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
24877
"FAQ</ulink> for more details about the IRC Server."
24878
msgstr ""
24879
24880
#: serverguide/C/chat.xml:124(para)
24881
msgid ""
24882
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
24883
"IRCD</ulink> page has more information."
24884
msgstr ""
24885
24886
#: serverguide/C/chat.xml:132(title)
24887
msgid "Jabber Instant Messaging Server"
24888
msgstr ""
24889
24890
#: serverguide/C/chat.xml:134(para)
24891
msgid ""
24892
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
24893
"XMPP, an open standard for instant messaging, and used by many popular "
24894
"applications. This section covers setting up a <emphasis>Jabberd "
24895
"2</emphasis> server on a local LAN. This configuration can also be adapted "
24896
"to providing messaging services to users over the Internet."
24897
msgstr ""
24898
24899
#: serverguide/C/chat.xml:143(para)
24900
msgid "To install <application>jabberd2</application>, in a terminal enter:"
24901
msgstr ""
24902
24903
#: serverguide/C/chat.xml:148(command)
24904
msgid "sudo apt-get install jabberd2"
24905
msgstr ""
24906
24907
#: serverguide/C/chat.xml:155(para)
24908
msgid ""
24909
"A couple of XML configuration files will be used to configure "
24910
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
24911
"authentication. This is a very simple form of authentication. However, "
24912
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
24913
"Postgresql, etc for for user authentication."
24914
msgstr ""
24915
24916
#: serverguide/C/chat.xml:162(para)
24917
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
24918
msgstr ""
24919
24920
#: serverguide/C/chat.xml:166(programlisting)
24921
#, no-wrap
24922
msgid ""
24923
"\n"
24924
" <id>jabber.example.com</id>\n"
24925
msgstr ""
24926
24927
#: serverguide/C/chat.xml:171(para)
24928
msgid ""
24929
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
24930
"id, of your server."
24931
msgstr ""
24932
24933
#: serverguide/C/chat.xml:176(para)
24934
msgid "Now in the <storage> section change the <driver> to:"
24935
msgstr ""
24936
24937
#: serverguide/C/chat.xml:180(programlisting)
24938
#, no-wrap
24939
msgid ""
24940
"\n"
24941
" <driver>db</driver>\n"
24942
msgstr ""
24943
24944
#: serverguide/C/chat.xml:184(para)
24945
msgid ""
24946
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
24947
"<emphasis><local></emphasis> section change:"
24948
msgstr ""
24949
24950
#: serverguide/C/chat.xml:188(programlisting)
24951
#, no-wrap
24952
msgid ""
24953
"\n"
24954
" <id>jabber.example.com</id>\n"
24955
msgstr ""
24956
24957
#: serverguide/C/chat.xml:192(para)
24958
msgid ""
24959
"And in the <authreg> section adjust the <module> section to:"
24960
msgstr ""
24961
24962
#: serverguide/C/chat.xml:196(programlisting)
24963
#, no-wrap
24964
msgid ""
24965
"\n"
24966
" <module>db</module>\n"
24967
msgstr ""
24968
24969
#: serverguide/C/chat.xml:200(para)
24970
msgid ""
24971
"Finally, restart <application>jabberd2</application> to enable the new "
24972
"settings:"
24973
msgstr ""
24974
24975
#: serverguide/C/chat.xml:205(command)
24976
msgid "sudo /etc/init.d/jabberd2 restart"
24977
msgstr ""
24978
24979
#: serverguide/C/chat.xml:208(para)
24980
msgid ""
24981
"You should now be able to connect to the server using a Jabber client like "
24982
"<application>Pidgin</application> for example."
24983
msgstr ""
24984
24985
#: serverguide/C/chat.xml:213(para)
24986
msgid ""
24987
"The advantage of using Berkeley DB for user data is that after being "
24988
"configured no additional maintenance is required. If you need more control "
24989
"over user accounts and credentials another authentication method is "
24990
"recommended."
24991
msgstr ""
24992
24993
#: serverguide/C/chat.xml:225(para)
24994
msgid ""
24995
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
24996
"Site</ulink> contains more details on configuring "
24997
"<application>Jabberd2</application>."
24998
msgstr ""
24999
25000
#: serverguide/C/chat.xml:231(para)
25001
msgid ""
25002
"For more authentication options see the <ulink "
25003
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
25004
"Guide</ulink>."
25005
msgstr ""
25006
25007
#: serverguide/C/chat.xml:236(para)
25008
msgid ""
25009
"Also, the <ulink "
25010
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
25011
"Jabber Server Ubuntu Wiki</ulink> page has more information."
25012
msgstr ""
25013
25014
#: serverguide/C/backups.xml:13(title)
25015
msgid "Backups"
25016
msgstr "备份"
25017
25018
#: serverguide/C/backups.xml:14(para)
25019
msgid ""
25020
"There are many ways to backup an Ubuntu installation. The most important "
25021
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
25022
"consisting of what to backup, where to back it up to, and how to restore it."
25023
msgstr ""
25024
25025
#: serverguide/C/backups.xml:18(para)
25026
msgid ""
25027
"The following sections discuss various ways of accomplishing these tasks."
25028
msgstr ""
25029
25030
#: serverguide/C/backups.xml:22(title)
25031
msgid "Shell Scripts"
25032
msgstr ""
25033
25034
#: serverguide/C/backups.xml:23(para)
25035
msgid ""
25036
"One of the simplest ways to backup a system is using a <emphasis>shell "
25037
"script</emphasis>. For example, a script can be used to configure which "
25038
"directories to backup, and use those directories as arguments to the "
25039
"<application>tar</application> utility creating an archive file. The archive "
25040
"file can then be moved or copied to another location. The archive can also "
25041
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
25042
msgstr ""
25043
25044
#: serverguide/C/backups.xml:29(para)
25045
msgid ""
25046
"The <application>tar</application> utility creates one archive file out of "
25047
"many files or directories. <application>tar</application> can also filter "
25048
"the files through compression utilities reducing the size of the archive "
25049
"file."
25050
msgstr ""
25051
25052
#: serverguide/C/backups.xml:35(title)
25053
msgid "Simple Shell Script"
25054
msgstr ""
25055
25056
#: serverguide/C/backups.xml:36(para)
25057
msgid ""
25058
"The following shell script uses <application>tar</application> to create an "
25059
"archive file on a remotely mounted NFS file system. The archive filename is "
25060
"determined using additional command line utilities."
25061
msgstr ""
25062
25063
#: serverguide/C/backups.xml:40(programlisting)
25064
#, no-wrap
25065
msgid ""
25066
"\n"
25067
"#!/bin/sh\n"
25068
"####################################\n"
25069
"#\n"
25070
"# Backup to NFS mount script.\n"
25071
"#\n"
25072
"####################################\n"
25073
"\n"
25074
"# What to backup. \n"
25075
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25076
"\n"
25077
"# Where to backup to.\n"
25078
"dest=\"/mnt/backup\"\n"
25079
"\n"
25080
"# Create archive filename.\n"
25081
"day=$(date +%A)\n"
25082
"hostname=$(hostname -s)\n"
25083
"archive_file=\"$hostname-$day.tgz\"\n"
25084
"\n"
25085
"# Print start status message.\n"
25086
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
25087
"date\n"
25088
"echo\n"
25089
"\n"
25090
"# Backup the files using tar.\n"
25091
"tar czf $dest/$archive_file $backup_files\n"
25092
"\n"
25093
"# Print end status message.\n"
25094
"echo\n"
25095
"echo \"Backup finished\"\n"
25096
"date\n"
25097
"\n"
25098
"# Long listing of files in $dest to check file sizes.\n"
25099
"ls -lh $dest\n"
25100
msgstr ""
25101
25102
#: serverguide/C/backups.xml:77(para)
25103
msgid ""
25104
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
25105
"would like to backup. The list should be customized to fit your needs."
25106
msgstr ""
25107
25108
#: serverguide/C/backups.xml:83(para)
25109
msgid ""
25110
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
25111
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
25112
"day of the week, giving a backup history of seven days. There are other ways "
25113
"to accomplish this including other ways using the "
25114
"<application>date</application> utility."
25115
msgstr ""
25116
25117
#: serverguide/C/backups.xml:90(para)
25118
msgid ""
25119
"<emphasis>$hostname:</emphasis> variable containing the "
25120
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
25121
"archive filename gives you the option of placing daily archive files from "
25122
"multiple systems in the same directory."
25123
msgstr ""
25124
25125
#: serverguide/C/backups.xml:97(para)
25126
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
25127
msgstr ""
25128
25129
#: serverguide/C/backups.xml:102(para)
25130
msgid ""
25131
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
25132
"needs to be created and in this case <emphasis>mounted</emphasis> before "
25133
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
25134
"details using <emphasis>NFS</emphasis>."
25135
msgstr ""
25136
25137
#: serverguide/C/backups.xml:109(para)
25138
msgid ""
25139
"<emphasis>status messages:</emphasis> optional messages printed to the "
25140
"console using the <application>echo</application> utility."
25141
msgstr ""
25142
25143
#: serverguide/C/backups.xml:115(para)
25144
msgid ""
25145
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
25146
"<application>tar</application> command used to create the archive file."
25147
msgstr ""
25148
25149
#: serverguide/C/backups.xml:121(para)
25150
msgid "<emphasis>c:</emphasis> creates an archive."
25151
msgstr ""
25152
25153
#: serverguide/C/backups.xml:126(para)
25154
msgid ""
25155
"<emphasis>z:</emphasis> filter the archive through the "
25156
"<application>gzip</application> utility compressing the archive."
25157
msgstr ""
25158
25159
#: serverguide/C/backups.xml:131(para)
25160
msgid ""
25161
"<emphasis>f:</emphasis> use archive file. Otherwise the "
25162
"<application>tar</application> output will be sent to STDOUT."
25163
msgstr ""
25164
25165
#: serverguide/C/backups.xml:138(para)
25166
msgid ""
25167
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
25168
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
25169
"of the destination directory. This is useful for a quick file size check of "
25170
"the archive file. This check should not replace testing the archive file."
25171
msgstr ""
25172
25173
#: serverguide/C/backups.xml:145(para)
25174
msgid ""
25175
"This is a simple example of a backup shell script. There are large amount of "
25176
"options that can be included in a backup script. See <xref linkend=\"backup-"
25177
"shellscript-references\"/> for links to resources providing more in depth "
25178
"shell scripting information."
25179
msgstr ""
25180
25181
#: serverguide/C/backups.xml:152(title)
25182
msgid "Executing the Script"
25183
msgstr ""
25184
25185
#: serverguide/C/backups.xml:154(title)
25186
msgid "Executing from a Terminal"
25187
msgstr ""
25188
25189
#: serverguide/C/backups.xml:155(para)
25190
msgid ""
25191
"The simplest way of executing the above backup script is to copy and paste "
25192
"the contents into a file. <filename>backup.sh</filename> for example. Then "
25193
"from a terminal prompt:"
25194
msgstr ""
25195
25196
#: serverguide/C/backups.xml:160(command)
25197
msgid "sudo bash backup.sh"
25198
msgstr "sudo bash backup.sh"
25199
25200
#: serverguide/C/backups.xml:162(para)
25201
msgid ""
25202
"This is a great way to test the script to make sure everything works as "
25203
"expected."
25204
msgstr ""
25205
25206
#: serverguide/C/backups.xml:167(title)
25207
msgid "Executing with cron"
25208
msgstr ""
25209
25210
#: serverguide/C/backups.xml:168(para)
25211
msgid ""
25212
"The <application>cron</application> utility can be used to automate the "
25213
"script execution. The <application>cron</application> daemon allows the "
25214
"execution of scripts, or commands, at a specified time and date."
25215
msgstr ""
25216
25217
#: serverguide/C/backups.xml:172(para)
25218
msgid ""
25219
"<application>cron</application> is configured through entries in a "
25220
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
25221
"separated into fields:"
25222
msgstr ""
25223
25224
#: serverguide/C/backups.xml:176(programlisting)
25225
#, no-wrap
25226
msgid ""
25227
"\n"
25228
"# m h dom mon dow command\n"
25229
msgstr ""
25230
"\n"
25231
"# m h dom mon dow command\n"
25232
25233
#: serverguide/C/backups.xml:181(para)
25234
msgid ""
25235
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
25236
msgstr ""
25237
25238
#: serverguide/C/backups.xml:186(para)
25239
msgid ""
25240
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
25241
msgstr ""
25242
25243
#: serverguide/C/backups.xml:191(para)
25244
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
25245
msgstr ""
25246
25247
#: serverguide/C/backups.xml:196(para)
25248
msgid ""
25249
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
25250
msgstr ""
25251
25252
#: serverguide/C/backups.xml:201(para)
25253
msgid ""
25254
"<emphasis>dow:</emphasis> the day of the week the command executes on "
25255
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
25256
"valid."
25257
msgstr ""
25258
25259
#: serverguide/C/backups.xml:206(para)
25260
msgid "<emphasis>command:</emphasis> the command to execute."
25261
msgstr ""
25262
25263
#: serverguide/C/backups.xml:211(para)
25264
msgid ""
25265
"To add or change entries in a <filename>crontab</filename> file the "
25266
"<application>crontab -e</application> command should be used. Also, the "
25267
"contents of a <filename>crontab</filename> file can be viewed using the "
25268
"<application>crontab -l</application> command."
25269
msgstr ""
25270
25271
#: serverguide/C/backups.xml:215(para)
25272
msgid ""
25273
"To execute the <application>backup.sh</application> script listed above "
25274
"using <application>cron</application>. Enter the following from a terminal "
25275
"prompt:"
25276
msgstr ""
25277
25278
#: serverguide/C/backups.xml:220(command)
25279
msgid "sudo crontab -e"
25280
msgstr "sudo crontab -e"
25281
25282
#: serverguide/C/backups.xml:223(para)
25283
msgid ""
25284
"Using <application>sudo</application> with the <application>crontab -"
25285
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
25286
"This is necessary if you are backing up directories only the root user has "
25287
"access to."
25288
msgstr ""
25289
25290
#: serverguide/C/backups.xml:228(para)
25291
msgid "Add the following entry to the <filename>crontab</filename> file:"
25292
msgstr ""
25293
25294
#: serverguide/C/backups.xml:231(programlisting)
25295
#, no-wrap
25296
msgid ""
25297
"\n"
25298
"# m h dom mon dow command\n"
25299
"0 0 * * * bash /usr/local/bin/backup.sh\n"
25300
msgstr ""
25301
25302
#: serverguide/C/backups.xml:235(para)
25303
msgid ""
25304
"The <application>backup.sh</application> script will now be executed every "
25305
"day at 12:00 am."
25306
msgstr ""
25307
25308
#: serverguide/C/backups.xml:239(para)
25309
msgid ""
25310
"The <application>backup.sh</application> script will need to be copied to "
25311
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
25312
"to execute properly. The script can reside anywhere on the file system "
25313
"simply change the script path appropriately."
25314
msgstr ""
25315
25316
#: serverguide/C/backups.xml:244(para)
25317
msgid ""
25318
"For more in depth <application>crontab</application> options see <xref "
25319
"linkend=\"backup-shellscript-references\"/>."
25320
msgstr ""
25321
25322
#: serverguide/C/backups.xml:250(title)
25323
msgid "Restoring from the Archive"
25324
msgstr ""
25325
25326
#: serverguide/C/backups.xml:251(para)
25327
msgid ""
25328
"Once an archive has been created it is important to test the archive. The "
25329
"archive can be tested by listing the files it contains, but the best test is "
25330
"to <emphasis>restore</emphasis> a file from the archive."
25331
msgstr ""
25332
25333
#: serverguide/C/backups.xml:257(para)
25334
msgid "To see a listing of the archive contents. From a terminal prompt:"
25335
msgstr ""
25336
25337
#: serverguide/C/backups.xml:261(command)
25338
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
25339
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
25340
25341
#: serverguide/C/backups.xml:265(para)
25342
msgid "To restore a file from the archive to a different directory enter:"
25343
msgstr ""
25344
25345
#: serverguide/C/backups.xml:269(command)
25346
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
25347
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
25348
25349
#: serverguide/C/backups.xml:271(para)
25350
msgid ""
25351
"The <emphasis>-C</emphasis> option to <application>tar</application> "
25352
"redirects the extracted files to the specified directory. The above example "
25353
"will extract the <filename>/etc/hosts</filename> file to "
25354
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
25355
"recreates the directory structure that it contains."
25356
msgstr ""
25357
25358
#: serverguide/C/backups.xml:276(para)
25359
msgid ""
25360
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
25361
"the file to restore."
25362
msgstr ""
25363
25364
#: serverguide/C/backups.xml:281(para)
25365
msgid "To restore all files in the archive enter the following:"
25366
msgstr ""
25367
25368
#: serverguide/C/backups.xml:285(command)
25369
msgid "cd /"
25370
msgstr "cd /"
25371
25372
#: serverguide/C/backups.xml:286(command)
25373
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
25374
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
25375
25376
#: serverguide/C/backups.xml:291(para)
25377
msgid "This will overwrite the files currently on the file system."
25378
msgstr ""
25379
25380
#: serverguide/C/backups.xml:300(para)
25381
msgid ""
25382
"For more information on shell scripting see the <ulink "
25383
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
25384
msgstr ""
25385
25386
#: serverguide/C/backups.xml:305(para)
25387
msgid ""
25388
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
25389
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
25390
"great resource for shell scripting."
25391
msgstr ""
25392
25393
#: serverguide/C/backups.xml:311(para)
25394
msgid ""
25395
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
25396
"Wiki Page</ulink> contains details on advanced "
25397
"<application>cron</application> options."
25398
msgstr ""
25399
25400
#: serverguide/C/backups.xml:318(para)
25401
msgid ""
25402
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
25403
"tar Manual</ulink> for more <application>tar</application> options."
25404
msgstr ""
25405
25406
#: serverguide/C/backups.xml:324(para)
25407
msgid ""
25408
"The Wikipedia <ulink "
25409
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
25410
"Scheme</ulink> article contains information on other backup rotation schemes."
25411
msgstr ""
25412
25413
#: serverguide/C/backups.xml:330(para)
25414
msgid ""
25415
"The shell script uses <application>tar</application> to create the archive, "
25416
"but there many other command line utilities that can be used. For example:"
25417
msgstr ""
25418
25419
#: serverguide/C/backups.xml:336(para)
25420
msgid ""
25421
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
25422
"files to and from archives."
25423
msgstr ""
25424
25425
#: serverguide/C/backups.xml:341(para)
25426
msgid ""
25427
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
25428
"the <application>coreutils</application> package. A low level utility that "
25429
"can copy data from one format to another"
25430
msgstr ""
25431
25432
#: serverguide/C/backups.xml:347(para)
25433
msgid ""
25434
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
25435
"snap shot utility used to create copies of an entire file system."
25436
msgstr ""
25437
25438
#: serverguide/C/backups.xml:358(title)
25439
msgid "Archive Rotation"
25440
msgstr ""
25441
25442
#: serverguide/C/backups.xml:359(para)
25443
msgid ""
25444
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
25445
"allows for seven different archives. For a server whose data doesn't change "
25446
"often this may be enough. If the server has a large amount of data a more "
25447
"robust rotation scheme should be used."
25448
msgstr ""
25449
25450
#: serverguide/C/backups.xml:365(title)
25451
msgid "Rotating NFS Archives"
25452
msgstr ""
25453
25454
#: serverguide/C/backups.xml:366(para)
25455
msgid ""
25456
"In this section the shell script will be slightly modified to implement a "
25457
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
25458
msgstr ""
25459
25460
#: serverguide/C/backups.xml:372(para)
25461
msgid ""
25462
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
25463
"Friday."
25464
msgstr ""
25465
25466
#: serverguide/C/backups.xml:377(para)
25467
msgid ""
25468
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
25469
"weekly backups a month."
25470
msgstr ""
25471
25472
#: serverguide/C/backups.xml:382(para)
25473
msgid ""
25474
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
25475
"rotating two monthly backups based on if the month is odd or even."
25476
msgstr ""
25477
25478
#: serverguide/C/backups.xml:388(para)
25479
msgid "Here is the new script:"
25480
msgstr ""
25481
25482
#: serverguide/C/backups.xml:391(programlisting)
25483
#, no-wrap
25484
msgid ""
25485
"\n"
25486
"#!/bin/bash\n"
25487
"####################################\n"
25488
"#\n"
25489
"# Backup to NFS mount script with\n"
25490
"# grandfather-father-son rotation.\n"
25491
"#\n"
25492
"####################################\n"
25493
"\n"
25494
"# What to backup. \n"
25495
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25496
"\n"
25497
"# Where to backup to.\n"
25498
"dest=\"/mnt/backup\"\n"
25499
"\n"
25500
"# Setup variables for the archive filename.\n"
25501
"day=$(date +%A)\n"
25502
"hostname=$(hostname -s)\n"
25503
"\n"
25504
"# Find which week of the month 1-4 it is.\n"
25505
"day_num=$(date +%d)\n"
25506
"if (( $day_num <= 7 )); then\n"
25507
" week_file=\"$hostname-week1.tgz\"\n"
25508
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
25509
" week_file=\"$hostname-week2.tgz\"\n"
25510
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
25511
" week_file=\"$hostname-week3.tgz\"\n"
25512
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
25513
" week_file=\"$hostname-week4.tgz\"\n"
25514
"fi\n"
25515
"\n"
25516
"# Find if the Month is odd or even.\n"
25517
"month_num=$(date +%m)\n"
25518
"month=$(expr $month_num % 2)\n"
25519
"if [ $month -eq 0 ]; then\n"
25520
" month_file=\"$hostname-month2.tgz\"\n"
25521
"else\n"
25522
" month_file=\"$hostname-month1.tgz\"\n"
25523
"fi\n"
25524
"\n"
25525
"# Create archive filename.\n"
25526
"if [ $day_num == 1 ]; then\n"
25527
"\tarchive_file=$month_file\n"
25528
"elif [ $day != \"Saturday\" ]; then\n"
25529
" archive_file=\"$hostname-$day.tgz\"\n"
25530
"else \n"
25531
"\tarchive_file=$week_file\n"
25532
"fi\n"
25533
"\n"
25534
"# Print start status message.\n"
25535
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
25536
"date\n"
25537
"echo\n"
25538
"\n"
25539
"# Backup the files using tar.\n"
25540
"tar czf $dest/$archive_file $backup_files\n"
25541
"\n"
25542
"# Print end status message.\n"
25543
"echo\n"
25544
"echo \"Backup finished\"\n"
25545
"date\n"
25546
"\n"
25547
"# Long listing of files in $dest to check file sizes.\n"
25548
"ls -lh $dest/\n"
25549
msgstr ""
25550
25551
#: serverguide/C/backups.xml:456(para)
25552
msgid ""
25553
"The script can be executed using the same methods as in <xref "
25554
"linkend=\"backup-executing-shellscript\"/>."
25555
msgstr ""
25556
25557
#: serverguide/C/backups.xml:459(para)
25558
msgid ""
25559
"It is good practice to take backup media off site in case of a disaster. In "
25560
"the shell script example the backup media is another server providing an NFS "
25561
"share. In all likelihood taking the NFS server to another location would not "
25562
"be practical. Depending upon connection speeds it may be an option to copy "
25563
"the archive file over a WAN link to a server in another location."
25564
msgstr ""
25565
25566
#: serverguide/C/backups.xml:465(para)
25567
msgid ""
25568
"Another option is to copy the archive file to an external hard drive which "
25569
"can then be taken off site. Since the price of external hard drives continue "
25570
"to decrease it may be cost-effective to use two drives for each archive "
25571
"level. This would allow you to have one external drive attached to the "
25572
"backup server and one in another location."
25573
msgstr ""
25574
25575
#: serverguide/C/backups.xml:472(title)
25576
msgid "Tape Drives"
25577
msgstr ""
25578
25579
#: serverguide/C/backups.xml:473(para)
25580
msgid ""
25581
"A tape drive attached to the server can be used instead of a NFS share. "
25582
"Using a tape drive simplifies archive rotation, and taking the media off "
25583
"site as well."
25584
msgstr ""
25585
25586
#: serverguide/C/backups.xml:477(para)
25587
msgid ""
25588
"When using a tape drive the filename portions of the script aren't needed "
25589
"because the date is sent directly to the tape device. Some commands to "
25590
"manipulate the tape are needed. This is accomplished using "
25591
"<application>mt</application>, a magnetic tape control utility part of the "
25592
"<application>cpio</application> package."
25593
msgstr ""
25594
25595
#: serverguide/C/backups.xml:482(para)
25596
msgid "Here is the shell script modified to use a tape drive:"
25597
msgstr "这是一个为磁带机而修改的外壳文稿程序:"
25598
25599
#: serverguide/C/backups.xml:485(programlisting)
25600
#, no-wrap
25601
msgid ""
25602
"\n"
25603
"#!/bin/bash\n"
25604
"####################################\n"
25605
"#\n"
25606
"# Backup to tape drive script.\n"
25607
"#\n"
25608
"####################################\n"
25609
"\n"
25610
"# What to backup. \n"
25611
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25612
"\n"
25613
"# Where to backup to.\n"
25614
"dest=\"/dev/st0\"\n"
25615
"\n"
25616
"# Print start status message.\n"
25617
"echo \"Backing up $backup_files to $dest\"\n"
25618
"date\n"
25619
"echo\n"
25620
"\n"
25621
"# Make sure the tape is rewound.\n"
25622
"mt -f $dest rewind\n"
25623
"\n"
25624
"# Backup the files using tar.\n"
25625
"tar czf $dest $backup_files\n"
25626
"\n"
25627
"# Rewind and eject the tape.\n"
25628
"mt -f $dest rewoffl\n"
25629
"\n"
25630
"# Print end status message.\n"
25631
"echo\n"
25632
"echo \"Backup finished\"\n"
25633
"date\n"
25634
msgstr ""
25635
25636
#: serverguide/C/backups.xml:519(para)
25637
msgid ""
25638
"The default device name for a SCSI tape drive is "
25639
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
25640
"system."
25641
msgstr ""
25642
25643
#: serverguide/C/backups.xml:524(para)
25644
msgid ""
25645
"Restoring from a tape drive is basically the same as restoring from a file. "
25646
"Simply rewind the tape and use the device path instead of a file path. For "
25647
"example to restore the <filename>/etc/hosts</filename> file to "
25648
"<filename>/tmp/etc/hosts</filename>:"
25649
msgstr ""
25650
25651
#: serverguide/C/backups.xml:529(command)
25652
msgid "mt -f /dev/st0 rewind"
25653
msgstr "mt -f /dev/st0 rewind"
25654
25655
#: serverguide/C/backups.xml:530(command)
25656
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
25657
msgstr "tar -xzf /dev/st0 -C /tmp etc/hosts"
25658
25659
#: serverguide/C/backups.xml:535(title)
25660
msgid "Bacula"
25661
msgstr ""
25662
25663
#: serverguide/C/backups.xml:536(para)
25664
msgid ""
25665
"<application>Bacula</application> is a backup program enabling you to "
25666
"backup, restore, and verify data across your network. There are Bacula "
25667
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
25668
"wide solution."
25669
msgstr ""
25670
25671
#: serverguide/C/backups.xml:542(para)
25672
msgid ""
25673
"<application>Bacula</application> is made up of several components and "
25674
"services used to manage which files to backup and where to back them up to:"
25675
msgstr ""
25676
25677
#: serverguide/C/backups.xml:548(para)
25678
msgid ""
25679
"<application>Bacula Director:</application> a service that controls all "
25680
"backup, restore, verify, and archive operations."
25681
msgstr ""
25682
25683
#: serverguide/C/backups.xml:553(para)
25684
msgid ""
25685
"<application>Bacula Console:</application> an application allowing "
25686
"communication with the Director. There are three versions of the Console:"
25687
msgstr ""
25688
25689
#: serverguide/C/backups.xml:558(para)
25690
msgid "Text based command line version."
25691
msgstr ""
25692
25693
#: serverguide/C/backups.xml:559(para)
25694
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
25695
msgstr ""
25696
25697
#: serverguide/C/backups.xml:560(para)
25698
msgid "wxWidgets GUI interface."
25699
msgstr ""
25700
25701
#: serverguide/C/backups.xml:564(para)
25702
msgid ""
25703
"<application>Bacula File:</application> also known as the "
25704
"<application>Bacula Client</application> program. This application is "
25705
"installed on machines to be backed up, and is responsible for the data "
25706
"requested by the Director."
25707
msgstr ""
25708
25709
#: serverguide/C/backups.xml:570(para)
25710
msgid ""
25711
"<application>Bacula Storage:</application> the programs that perform the "
25712
"storage and recovery of data to the physical media."
25713
msgstr ""
25714
25715
#: serverguide/C/backups.xml:575(para)
25716
msgid ""
25717
"<application>Bacula Catalog:</application> is responsible for maintaining "
25718
"the file indexes and volume databases for all files backed up, enabling "
25719
"quick location and restoration of archived files. The Catalog supports three "
25720
"different databases MySQL, PostgreSQL, and SQLite."
25721
msgstr ""
25722
25723
#: serverguide/C/backups.xml:581(para)
25724
msgid ""
25725
"<application>Bacula Monitor:</application> allows the monitoring of the "
25726
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
25727
"available as a GTK+ GUI application."
25728
msgstr ""
25729
25730
#: serverguide/C/backups.xml:587(para)
25731
msgid ""
25732
"These services and applications can be run on multiple servers and clients, "
25733
"or they can be installed on one machine if backing up a single disk or "
25734
"volume."
25735
msgstr ""
25736
25737
#: serverguide/C/backups.xml:594(para)
25738
msgid ""
25739
"There are multiple packages containing the different "
25740
"<application>Bacula</application> components. To install Bacula, from a "
25741
"terminal prompt enter:"
25742
msgstr ""
25743
25744
#: serverguide/C/backups.xml:599(command)
25745
msgid "sudo apt-get install bacula"
25746
msgstr ""
25747
25748
#: serverguide/C/backups.xml:601(para)
25749
msgid ""
25750
"By default installing the <application>bacula</application> package will use "
25751
"a <application>MySQL</application> database for the Catalog. If you want to "
25752
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
25753
"director-sqlite3</application> or <application>bacula-director-"
25754
"pgsql</application> respectively."
25755
msgstr ""
25756
25757
#: serverguide/C/backups.xml:607(para)
25758
msgid ""
25759
"During the install process you will be asked to supply credentials for the "
25760
"database <emphasis>administrator</emphasis> and the "
25761
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
25762
"database administrator will need to have the appropriate rights to create a "
25763
"database, see <xref linkend=\"mysql\"/> for more information."
25764
msgstr ""
25765
25766
#: serverguide/C/backups.xml:617(para)
25767
msgid ""
25768
"<application>Bacula</application> configuration files are formatted based on "
25769
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
25770
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
25771
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
25772
"directory."
25773
msgstr ""
25774
25775
#: serverguide/C/backups.xml:622(para)
25776
msgid ""
25777
"The various <application>Bacula</application> components must authorize "
25778
"themselves to each other. This is accomplished using the "
25779
"<emphasis>password</emphasis> directive. For example, the "
25780
"<emphasis>Storage</emphasis> resource password in the "
25781
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
25782
"<emphasis>Director</emphasis> resource password in "
25783
"<filename>/etc/bacula/bacula-sd.conf</filename>."
25784
msgstr ""
25785
25786
#: serverguide/C/backups.xml:628(para)
25787
msgid ""
25788
"By default the backup job named <emphasis>Client1</emphasis> is configured "
25789
"to archive the <application>Bacula</application> Catalog. If you plan on "
25790
"using the server to backup more than one client you should change the name "
25791
"of this job to something more descriptive. To change the name edit "
25792
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
25793
msgstr ""
25794
25795
#: serverguide/C/backups.xml:633(programlisting)
25796
#, no-wrap
25797
msgid ""
25798
"\n"
25799
"#\n"
25800
"# Define the main nightly save backup job\n"
25801
"# By default, this job will back up to disk in \n"
25802
"Job {\n"
25803
" Name = \"BackupServer\"\n"
25804
" JobDefs = \"DefaultJob\"\n"
25805
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
25806
"}\n"
25807
msgstr ""
25808
25809
#: serverguide/C/backups.xml:644(para)
25810
msgid ""
25811
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
25812
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
25813
"your appropriate hostname, or other descriptive name."
25814
msgstr ""
25815
25816
#: serverguide/C/backups.xml:649(para)
25817
msgid ""
25818
"The <emphasis>Console</emphasis> can be used to query the "
25819
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
25820
"<emphasis>non-root</emphasis> user, the user needs to be in the "
25821
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
25822
"the following from a terminal:"
25823
msgstr ""
25824
25825
#: serverguide/C/backups.xml:655(command)
25826
msgid "sudo adduser $username bacula"
25827
msgstr ""
25828
25829
#: serverguide/C/backups.xml:658(para)
25830
msgid ""
25831
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
25832
"you are adding the current user to the group you should log out and back in "
25833
"for the new permissions to take effect."
25834
msgstr ""
25835
25836
#: serverguide/C/backups.xml:665(title)
25837
msgid "Localhost Backup"
25838
msgstr ""
25839
25840
#: serverguide/C/backups.xml:666(para)
25841
msgid ""
25842
"This section describes how to backup specified directories on a single host "
25843
"to a local tape drive."
25844
msgstr "这部分描述了怎样从一台单独的主机到一个本地磁带驱动器备份指定的目录。"
25845
25846
#: serverguide/C/backups.xml:671(para)
25847
msgid ""
25848
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
25849
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
25850
msgstr ""
25851
25852
#: serverguide/C/backups.xml:674(programlisting)
25853
#, no-wrap
25854
msgid ""
25855
"\n"
25856
"Device {\n"
25857
" Name = \"Tape Drive\"\n"
25858
" Device Type = tape\n"
25859
" Media Type = DDS-4\n"
25860
" Archive Device = /dev/st0\n"
25861
" Hardware end of medium = No;\n"
25862
" AutomaticMount = yes; # when device opened, read it\n"
25863
" AlwaysOpen = Yes;\n"
25864
" RemovableMedia = yes;\n"
25865
" RandomAccess = no;\n"
25866
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
25867
"}\n"
25868
msgstr ""
25869
25870
#: serverguide/C/backups.xml:688(para)
25871
msgid ""
25872
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
25873
"Type and Archive Device to match your hardware."
25874
msgstr ""
25875
25876
#: serverguide/C/backups.xml:691(para)
25877
msgid "You could also uncomment one of the other examples in the file."
25878
msgstr ""
25879
25880
#: serverguide/C/backups.xml:696(para)
25881
msgid ""
25882
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
25883
"<application>Storage</application> daemon will need to be restarted:"
25884
msgstr ""
25885
25886
#: serverguide/C/backups.xml:701(command)
25887
msgid "sudo /etc/init.d/bacula-sd restart"
25888
msgstr ""
25889
25890
#: serverguide/C/backups.xml:705(para)
25891
msgid ""
25892
"Now add a <emphasis>Storage</emphasis> resource in "
25893
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
25894
msgstr ""
25895
25896
#: serverguide/C/backups.xml:708(programlisting)
25897
#, no-wrap
25898
msgid ""
25899
"\n"
25900
"# Definition of \"Tape Drive\" storage device\n"
25901
"Storage {\n"
25902
" Name = TapeDrive\n"
25903
" # Do not use \"localhost\" here \n"
25904
" Address = backupserver # N.B. Use a fully qualified name "
25905
"here\n"
25906
" SDPort = 9103\n"
25907
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
25908
" Device = \"Tape Drive\"\n"
25909
" Media Type = tape\n"
25910
"}\n"
25911
msgstr ""
25912
25913
#: serverguide/C/backups.xml:720(para)
25914
msgid ""
25915
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
25916
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
25917
"to the actual host name."
25918
msgstr ""
25919
25920
#: serverguide/C/backups.xml:724(para)
25921
msgid ""
25922
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
25923
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
25924
msgstr ""
25925
"也要确保<emphasis>密码</emphasis> 和<filename>/etc/bacula/bacula-"
25926
"sd.conf</filename>里的密码字符串想匹配。"
25927
25928
#: serverguide/C/backups.xml:730(para)
25929
msgid ""
25930
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
25931
"directories to backup, by adding:"
25932
msgstr "创建一个新的<emphasis>FileSet</emphasis>, 这将决定哪些目录备份"
25933
25934
#: serverguide/C/backups.xml:733(programlisting)
25935
#, no-wrap
25936
msgid ""
25937
"\n"
25938
"# LocalhostBacup FileSet.\n"
25939
"FileSet {\n"
25940
" Name = \"LocalhostFiles\"\n"
25941
" Include {\n"
25942
" Options {\n"
25943
" signature = MD5\n"
25944
" compression=GZIP\n"
25945
" }\n"
25946
" File = /etc\n"
25947
" File = /home\n"
25948
" }\n"
25949
"}\n"
25950
msgstr ""
25951
25952
#: serverguide/C/backups.xml:747(para)
25953
msgid ""
25954
"This <emphasis>FileSet</emphasis> will backup the <filename "
25955
"role=\"directory\">/etc</filename> and <filename "
25956
"role=\"directory\">/home</filename> directories. The "
25957
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
25958
"create a MD5 signature for each file backed up, and to compress the files "
25959
"using GZIP."
25960
msgstr ""
25961
"这个<emphasis>文件集</emphasis>将会备份<filename role=\"目录\">/etc</filename> 和 "
25962
"<filename role=\"目录\">/home</filename> 目录. 可用的<emphasis>选项</emphasis> "
25963
"指导你创建备份和为每一个备份的文件创建MD5码,并且使用GZIP来对这些文件进行压缩。"
25964
25965
#: serverguide/C/backups.xml:754(para)
25966
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
25967
msgstr "接下来,为每备份任务创建一个新的<emphasis>计划</emphasis>:"
25968
25969
#: serverguide/C/backups.xml:757(programlisting)
25970
#, no-wrap
25971
msgid ""
25972
"\n"
25973
"# LocalhostBackup Schedule -- Daily.\n"
25974
"Schedule {\n"
25975
" Name = \"LocalhostDaily\"\n"
25976
" Run = Full daily at 00:01\n"
25977
"}\n"
25978
msgstr ""
25979
25980
#: serverguide/C/backups.xml:764(para)
25981
msgid ""
25982
"The job will run every day at 00:01 or 12:01 am. There are many other "
25983
"scheduling options available."
25984
msgstr "这项工作会在每天凌晨00:01或者上午12:01开始运行。并会有许多其它的调度选项可供使用。"
25985
25986
#: serverguide/C/backups.xml:769(para)
25987
msgid "Finally create the <emphasis>Job</emphasis>:"
25988
msgstr "最后创建<emphasis>工作</emphasis>:"
25989
25990
#: serverguide/C/backups.xml:772(programlisting)
25991
#, no-wrap
25992
msgid ""
25993
"\n"
25994
"# Localhost backup.\n"
25995
"Job {\n"
25996
" Name = \"LocalhostBackup\"\n"
25997
" JobDefs = \"DefaultJob\"\n"
25998
" Enabled = yes\n"
25999
" Level = Full\n"
26000
" FileSet = \"LocalhostFiles\"\n"
26001
" Schedule = \"LocalhostDaily\"\n"
26002
" Storage = TapeDrive\n"
26003
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
26004
"} \n"
26005
msgstr ""
26006
"\n"
26007
"# 本地主机(Localhost) 备份\n"
26008
"Job { \n"
26009
" Name = \"LocalhostBackup\"\n"
26010
" JobDefs = \"DefaultJob\"\n"
26011
" Enabled = yes Level = Full\n"
26012
" FileSet = \"LocalhostFiles\"\n"
26013
" Schedule = \"LocalhostDaily\"\n"
26014
" Storage = TapeDrive\n"
26015
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
26016
"} \n"
26017
26018
#: serverguide/C/backups.xml:785(para)
26019
msgid ""
26020
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
26021
"drive."
26022
msgstr "此任务将每天进行到磁带驱动器的 <emphasis>完全</emphasis> 备份。"
26023
26024
#: serverguide/C/backups.xml:790(para)
26025
msgid ""
26026
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
26027
"current tape does not have a label <application>Bacula</application> will "
26028
"send an email letting you know. To label a tape using the "
26029
"<application>Console</application> enter the following from a terminal:"
26030
msgstr ""
26031
26032
#: serverguide/C/backups.xml:796(command)
26033
msgid "bconsole"
26034
msgstr ""
26035
26036
#: serverguide/C/backups.xml:800(para)
26037
msgid "At the Bacula Console prompt enter:"
26038
msgstr ""
26039
26040
#: serverguide/C/backups.xml:804(command)
26041
msgid "label"
26042
msgstr "标签"
26043
26044
#: serverguide/C/backups.xml:808(para)
26045
msgid ""
26046
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
26047
msgstr "你将会被提示<emphasis>存储</emphasis> 资源:"
26048
26049
#: serverguide/C/backups.xml:818(userinput)
26050
#, no-wrap
26051
msgid "2"
26052
msgstr "2"
26053
26054
#: serverguide/C/backups.xml:812(computeroutput)
26055
#, no-wrap
26056
msgid ""
26057
"\n"
26058
"Automatically selected Catalog: MyCatalog\n"
26059
"Using Catalog \"MyCatalog\"\n"
26060
"The defined Storage resources are:\n"
26061
" 1: File\n"
26062
" 2: TapeDrive\n"
26063
"Select Storage resource (1-2):<placeholder-1/>\n"
26064
msgstr ""
26065
26066
#: serverguide/C/backups.xml:823(para)
26067
msgid "Enter the new <emphasis>Volume</emphasis> name:"
26068
msgstr "输入新的<emphasis>卷标</emphasis>名字"
26069
26070
#: serverguide/C/backups.xml:828(userinput)
26071
#, no-wrap
26072
msgid "Sunday"
26073
msgstr "星期日"
26074
26075
#: serverguide/C/backups.xml:827(computeroutput)
26076
#, no-wrap
26077
msgid ""
26078
"\n"
26079
"Enter new Volume name: <placeholder-1/>\n"
26080
"Defined Pools:\n"
26081
" 1: Default\n"
26082
" 2: Scratch"
26083
msgstr ""
26084
26085
#: serverguide/C/backups.xml:833(para)
26086
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
26087
msgstr "使用新的标签来替换<emphasis>星期日</emphasis>"
26088
26089
#: serverguide/C/backups.xml:838(para)
26090
msgid "Now, select the <emphasis>Pool</emphasis>:"
26091
msgstr "现在,选择 <emphasis>Pool</emphasis>:"
26092
26093
#: serverguide/C/backups.xml:843(userinput)
26094
#, no-wrap
26095
msgid "1"
26096
msgstr "1"
26097
26098
#: serverguide/C/backups.xml:842(computeroutput)
26099
#, no-wrap
26100
msgid ""
26101
"\n"
26102
"Select the Pool (1-2): <placeholder-1/>\n"
26103
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
26104
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
26105
msgstr ""
26106
26107
#: serverguide/C/backups.xml:850(para)
26108
msgid ""
26109
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
26110
"backup the localhost to an attached tape drive."
26111
msgstr "祝贺,你现在已经配置好<emphasis>Bacula</emphasis>备份本地主机,并附带磁带驱动"
26112
26113
#: serverguide/C/backups.xml:858(para)
26114
msgid ""
26115
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
26116
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
26117
"Manual</ulink>"
26118
msgstr ""
26119
"要获得更多<emphasis>Bacula</emphasis>设置选项请参考<ulink "
26120
"url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula用户手册</ulink>"
26121
26122
#: serverguide/C/backups.xml:864(para)
26123
msgid ""
26124
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
26125
"the latest Bacula news and developments."
26126
msgstr ""
26127
"<ulink url=\"http://www.bacula.org/\">Bacula Home "
26128
"Page</ulink>包含了最新的Bacula的新闻和开发进展。"
26129
26130
#: serverguide/C/backups.xml:869(para)
26131
msgid ""
26132
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
26133
"Ubuntu Wiki</ulink> page."
26134
msgstr ""
26135
26136
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
26137
#: serverguide/C/backups.xml:0(None)
26138
msgid "translator-credits"
26139
msgstr ""
26140
"Launchpad Contributions:\n"
26141
" Aron Xu https://launchpad.net/~happyaron\n"
26142
" Azrael Green https://launchpad.net/~azrael-green\n"
26143
" Congping Hao https://launchpad.net/~cqhcp\n"
26144
" Devin https://launchpad.net/~gnujava\n"
26145
" Hugh https://launchpad.net/~box.xoq\n"
26146
" Jun CHEN https://launchpad.net/~morning.nju\n"
26147
" Justin Yang https://launchpad.net/~yzmsq\n"
26148
" Lain https://launchpad.net/~lain\n"
26149
" Magicnight https://launchpad.net/~magicnight\n"
26150
" Miaobo Yao https://launchpad.net/~ubuntu-firehare\n"
26151
" Proton https://launchpad.net/~feisuzhu\n"
26152
" Tao Wei https://launchpad.net/~weitao1979\n"
26153
" USSR https://launchpad.net/~samuel-lee-1991\n"
26154
" Xu Hejie https://launchpad.net/~xuhejie\n"
26155
" Yiding He https://launchpad.net/~yiding-he\n"
26156
" bailiang https://launchpad.net/~bailiangcn\n"
26157
" hunhun https://launchpad.net/~gmljkl\n"
26158
" jinxin16897123 https://launchpad.net/~jinxin16897123\n"
26159
" king_li https://launchpad.net/~lzldc987\n"
26160
" linuxwj https://launchpad.net/~linuxwj\n"
26161
" saber https://launchpad.net/~saber-lover\n"
26162
" sdxianchao https://launchpad.net/~sdxianchao\n"
26163
" snowwhite https://launchpad.net/~yuxin6147\n"
26164
" wangajing https://launchpad.net/~yifan-870829\n"
26165
" wsw https://launchpad.net/~imskyee\n"
26166
" xiajiebuhui https://launchpad.net/~xiajiebuhui\n"
26167
" yugq https://launchpad.net/~yuguoqiang\n"
26168
" zhangmiao https://launchpad.net/~mymzhang\n"
26169
" zhongxin https://launchpad.net/~zhongxin0826\n"
26170
" 英华 https://launchpad.net/~wantinghard\n"
26171
" 龚韬 https://launchpad.net/~gongtao0607"
26172
26173
#~ msgid ""
26174
#~ "The <varname>max=8</varname> variable does not represent the maximum length "
26175
#~ "of a password. It only means that complexity requirements will not be "
26176
#~ "checked on passwords over 8 characters. You may want to look at the "
26177
#~ "<application>libpam-cracklib</application> package for additional password "
26178
#~ "entropy assistance."
26179
#~ msgstr ""
26180
#~ "变量<varname>max=8</varname>不代表是密码的最大长度。它只是表示当密码超过八位时就不会检查其复杂程度。你可以查看<applicati"
26181
#~ "on>libpam-cracklib</application>包里关于密码规则帮助。"
26182
26183
#~ msgid ""
26184
#~ "If you would like to adjust the minimum length to 6 characters, change the "
26185
#~ "appropriate variable to min=6. The modification is outlined below."
26186
#~ msgstr "如果你想要将最小密码长度改成六位,将相应的变量改成min=6。如下是对于更改的描述。"
26187
26188
#~ msgid "sudo /etc/init.d/samba restart"
26189
#~ msgstr "sudo /etc/init.d/samba restart"
26190
26191
#~ msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
26192
#~ msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
26193
26194
#~ msgid ""
26195
#~ "By default, Ubuntu requires a minimum password length of 4 characters, as "
26196
#~ "well as some basic entropy checks. These values are controlled in the file "
26197
#~ "<filename>/etc/pam.d/common-password</filename>, which is outlined below."
26198
#~ msgstr ""
26199
#~ "默认地,Ubuntu对最小密码长度是四位,另加一位基本的熵值检查。这些值由<filename>/etc/pam.d/common-"
26200
#~ "password</filename>文件控制,要点在下面有描述。"
26201
26202
#~ msgid "2008"
26203
#~ msgstr "2008"
26204
26205
#, no-wrap
26206
#~ msgid ""
26207
#~ "\n"
26208
#~ "password required pam_unix.so nullok obscure min=4 max=8 md5\n"
26209
#~ msgstr ""
26210
#~ "\n"
26211
#~ "密码需要 pam_unix.so nullok obscure min=4 max=8 md5\n"
26212
26213
#, no-wrap
26214
#~ msgid ""
26215
#~ "\n"
26216
#~ "password required pam_unix.so nullok obscure min=6 max=8 md5\n"
26217
#~ msgstr ""
26218
#~ "\n"
26219
#~ "密码需要 pam_unix.so nullok obscure min=6 max=8 md5\n"
26220
26221
#~ msgid ""
26222
#~ "<application>OpenNebula</application> allows virtual machines to be placed "
26223
#~ "and re-placed dynamically on a pool of physical resources. This allows a "
26224
#~ "virtual machine to be hosted from any location available."
26225
#~ msgstr ""
26226
#~ "<application>OpenNebula</application>允许虚拟机被动态的在一个物理资源池里面替换或者重置。这就允许一个虚拟机被从任何位"
26227
#~ "置访问。"
26228
26229
#~ msgid "OpenNebula"
26230
#~ msgstr "OpenNebula"
26231
26232
#~ msgid ""
26233
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26234
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
26235
#~ msgstr ""
26236
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26237
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
26238
26239
#~ msgid ""
26240
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26241
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
26242
#~ msgstr ""
26243
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26244
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
26245
26246
#~ msgid "sudo passwd oneadmin"
26247
#~ msgstr "sudo passwd oneadmin"
26248
26249
#~ msgid ""
26250
#~ "Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
26251
#~ "Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
26252
#~ msgstr ""
26253
#~ "接下来,拷贝<emphasis>oneadmin</emphasis>用户的SSH键到计算节点,然后拷贝到Front-"
26254
#~ "End的<filename>authorized_keys</filename>文件:"
26255
26256
#~ msgid "sudo apt-get install opennebula-node"
26257
#~ msgstr "sudo apt-get install opennebula-node"
26258
26259
#~ msgid ""
26260
#~ "In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
26261
#~ "to have a password. On each machine execute:"
26262
#~ msgstr "为了拷贝SSH 键,<emphasis>oneadmin</emphasis>用户需要一个密码。在每个机器上执行:"
26263
26264
#~ msgid "sudo apt-get install opennebula"
26265
#~ msgstr "sudo apt-get install opennebula"
26266
26267
#~ msgid "On each Compute Node install:"
26268
#~ msgstr "在每一个计算节点输入:"
26269
26270
#~ msgid "First, from a terminal on the Front-End enter:"
26271
#~ msgstr "首先,在一个Front-End的终端中输入:"
26272
26273
#~ msgid "sudo mkdir /var/lib/one/images"
26274
#~ msgstr "sudo mkdir /var/lib/one/images"
26275
26276
#~ msgid ""
26277
#~ "Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
26278
#~ "appropriate host names."
26279
#~ msgstr "使用适当的主机名来替换<emphasis>node01</emphasis>和<emphasis>node02</emphasis>。"
26280
26281
#~ msgid ""
26282
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
26283
#~ "/etc/ssh/ssh_known_hosts\""
26284
#~ msgstr ""
26285
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
26286
#~ "/etc/ssh/ssh_known_hosts\""
26287
26288
#~ msgid ""
26289
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
26290
#~ "/etc/ssh/ssh_known_hosts\""
26291
#~ msgstr ""
26292
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
26293
#~ "/etc/ssh/ssh_known_hosts\""
26294
26295
#~ msgid ""
26296
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
26297
#~ "/var/lib/one/.ssh/authorized_keys\""
26298
#~ msgstr ""
26299
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
26300
#~ "/var/lib/one/.ssh/authorized_keys\""
26301
26302
#~ msgid "sudo chown oneadmin /var/lib/one/images/"
26303
#~ msgstr "sudo chown oneadmin /var/lib/one/images/"
26304
26305
#~ msgid "onevnet create vnet01.template"
26306
#~ msgstr "onevnet create vnet01.template"
26307
26308
#~ msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
26309
#~ msgstr "onehost create node01 im_kvm vmm_kvm tm_ssh"
26310
26311
#~ msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
26312
#~ msgstr "onehost create node02 im_kvm vmm_kvm tm_ssh"
26313
26314
#, no-wrap
26315
#~ msgid ""
26316
#~ "\n"
26317
#~ "NAME = \"LAN\"\n"
26318
#~ "TYPE = RANGED\n"
26319
#~ "BRIDGE = br0\n"
26320
#~ "NETWORK_SIZE = C\n"
26321
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
26322
#~ msgstr ""
26323
#~ "\n"
26324
#~ "NAME = \"LAN\"\n"
26325
#~ "TYPE = RANGED\n"
26326
#~ "BRIDGE = br0\n"
26327
#~ "NETWORK_SIZE = C\n"
26328
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
26329
26330
#, no-wrap
26331
#~ msgid ""
26332
#~ "\n"
26333
#~ "NAME = vm01\n"
26334
#~ "CPU = 0.5\n"
26335
#~ "MEMORY = 512\n"
26336
#~ "\n"
26337
#~ "OS = [ BOOT = hd ]\n"
26338
#~ "\n"
26339
#~ "DISK = [\n"
26340
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
26341
#~ " target = \"hda\",\n"
26342
#~ " readonly = \"no\" ]\n"
26343
#~ "\n"
26344
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
26345
#~ "\n"
26346
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
26347
#~ msgstr ""
26348
#~ "\n"
26349
#~ "NAME = vm01\n"
26350
#~ "CPU = 0.5\n"
26351
#~ "MEMORY = 512\n"
26352
#~ "\n"
26353
#~ "OS = [ BOOT = hd ]\n"
26354
#~ "\n"
26355
#~ "DISK = [\n"
26356
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
26357
#~ " target = \"hda\",\n"
26358
#~ " readonly = \"no\" ]\n"
26359
#~ "\n"
26360
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
26361
#~ "\n"
26362
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
26363
26364
#~ msgid "onevm submit vm01.template"
26365
#~ msgstr "onevm submit vm01.template"
26366
26367
#~ msgid ""
26368
#~ "On the Front-End create a directory to store the VM images, giving the "
26369
#~ "<emphasis>oneadmin</emphasis> user access to the directory:"
26370
#~ msgstr ""
26371
#~ "在Front-End上创建一个文件夹来保存虚拟机映像,给予用户<emphasis>oneadmin</emphasis>这个文件夹的读取权限。"
26372
26373
#~ msgid ""
26374
#~ "This allows the <emphasis>oneadmin</emphasis> to use "
26375
#~ "<application>scp</application>, without a password or manual intervention, "
26376
#~ "to deploy an image to the Compute Nodes."
26377
#~ msgstr ""
26378
#~ "这样就允许<emphasis>oneadmin</emphasis>来使用<application>scp</application>去部署一个映像到计算"
26379
#~ "节点上,而不需要一个密码或者人工干涉。"
26380
26381
#~ msgid ""
26382
#~ "Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
26383
#~ msgstr "确保把本地网络修改成<emphasis>192.168.0.0</emphasis>"
26384
26385
#~ msgid ""
26386
#~ "The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
26387
#~ "and virtual machines added to the cluster."
26388
#~ msgstr "<emphasis>OpenNebula簇</emphasis>已经可以被配置,虚拟机也被加入到了簇中。"
26389
26390
#~ msgid "From a terminal prompt enter:"
26391
#~ msgstr "在一个终端提示中输入:"
26392
26393
#~ msgid ""
26394
#~ "Next, create a <emphasis>Virtual Network</emphasis> template file named "
26395
#~ "<filename>vnet01.template</filename>:"
26396
#~ msgstr ""
26397
#~ "接下来,创建一个叫做<filename>vnet01.template</filename>的<emphasis>虚拟网络</emphasis>模板文件:"
26398
26399
#~ msgid ""
26400
#~ "Using the <application>onevnet</application> utility, add the virtual "
26401
#~ "network to OpenNebula:"
26402
#~ msgstr "使用<application>onevnet</application>工具来把一个虚拟网络添加到OpenNebula"
26403
26404
#~ msgid ""
26405
#~ "Now create a <emphasis>VM Template</emphasis> file named "
26406
#~ "<filename>vm01.template</filename>:"
26407
#~ msgstr ""
26408
#~ "现在创建一个叫做<filename>vm01.template</filename>的<emphasis>VM "
26409
#~ "Template</emphasis>文件。"
26410
26411
#~ msgid "Start the virtual machine using <application>onevm</application>:"
26412
#~ msgstr "使用<application>onevm</application>来开始虚拟机。"
26413
26414
#~ msgid ""
26415
#~ "Use the <application>onevm list</application> option to view information "
26416
#~ "about virtual machines. Also, the <application>onevm show vm01</application> "
26417
#~ "option will display more details about a specific virtual machine."
26418
#~ msgstr ""
26419
#~ "使用<application>onevm list</application>选项来查看关于虚拟机的信息。同样<application>onevm "
26420
#~ "show vm01</application>选项会显示某个特定虚拟机的信息。"
26421
26422
#~ msgid ""
26423
#~ "See the <ulink "
26424
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
26425
#~ "> for more information."
26426
#~ msgstr ""
26427
#~ "更多信息,请参见<ulink "
26428
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
26429
#~ ">。"
26430
26431
#~ msgid ""
26432
#~ "You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
26433
#~ "<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
26434
#~ "url=\"http://freenode.net\">Freenode</ulink>."
26435
#~ msgstr ""
26436
#~ "您同样可以在<ulink url=\"http://freenode.net\">Freenode</ulink>的<emphasis>#ubuntu-"
26437
#~ "virt</emphasis>和<emphasis>#ubuntu-server</emphasis>的IRC频道得到帮助。"
26438
26439
#~ msgid ""
26440
#~ "The SSH key for the Compute Nodes needs to be added to the "
26441
#~ "<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
26442
#~ "accomplish this <application>ssh</application> to each Compute Node as a "
26443
#~ "user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
26444
#~ "session, and execute the following to copy the SSH key from "
26445
#~ "<filename>~/.ssh/known_hosts</filename> to "
26446
#~ "<filename>/etc/ssh/ssh_known_hosts</filename>:"
26447
#~ msgstr ""
26448
#~ "计算节点的SSH键需要被添加到Front-"
26449
#~ "End主机的<filename>/etc/ssh/ssh_known_hosts</filename>文件中。为了完成这个,<application>ss"
26450
#~ "h</application>对每一个计算节点来说更像一个用户而不是一个<emphasis>oneadmin</emphasis>。然后从SSH "
26451
#~ "session中退出,然后执行下面的内容,来把SSH键从<filename>~/.ssh/known_hosts</filename>拷贝到<filena"
26452
#~ "me>/etc/ssh/ssh_known_hosts</filename>。"
26453
26454
#~ msgid "eBox"
26455
#~ msgstr "eBox"
26456
26457
#~ msgid "sudo apt-get install ebox"
26458
#~ msgstr "sudo apt-get install ebox"
26459
26460
#~ msgid "apt-cache rdepends ebox | uniq"
26461
#~ msgstr "apt-cache rdepends ebox | uniq"
26462
26463
#~ msgid ""
26464
#~ "Once you make a change that requires a Save, the link will change from green "
26465
#~ "to red."
26466
#~ msgstr "一旦您做了需要保存的改动,链接将会由绿色变成红色。"
26467
26468
#~ msgid ""
26469
#~ "This section will detail configuring an OpenNebula cluster using three "
26470
#~ "machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
26471
#~ "Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
26472
#~ "also need a bridge configured to allow the virtual machines access to the "
26473
#~ "local network. For details see <xref linkend=\"bridging\"/>."
26474
#~ msgstr ""
26475
#~ "这一节将介绍使用三个机器来配置一个OpenNebula簇的方法:一个<emphasis>Front-"
26476
#~ "End</emphasis>主机和两个<emphasis>计算节点</emphasis>用来运行虚拟机。那些计算节点同样需要配置一个桥来允许虚拟机读取本地"
26477
#~ "网络。更多细节,请参阅<xref linkend=\"bridging\"/>"
26478
26479
#~ msgid ""
26480
#~ "Finally, copy a virtual machine disk file into "
26481
#~ "<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
26482
#~ "machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
26483
#~ "and-vmbuilder\"/> for details."
26484
#~ msgstr ""
26485
#~ "最后,把一个虚拟机的磁盘镜像拷贝到<filename>/var/lib/one/images</filename>。你可以使用<application>v"
26486
#~ "mbuilder</application>来生成一个Ubuntu虚拟机镜像,更多细节,请参阅<xref linkend=\"jeos-and-"
26487
#~ "vmbuilder\"/>"
26488
26489
#~ msgid "eBox Modules"
26490
#~ msgstr "eBox模块"
26491
26492
#~ msgid ""
26493
#~ "<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
26494
#~ "server configuration options."
26495
#~ msgstr ""
26496
#~ "<emphasis>DNS:</emphasis> 提供 <application>BIND9</application> DNS 服务器设置选项"
26497
26498
#~ msgid ""
26499
#~ "<application>eBox</application> is a web framework used to manage server "
26500
#~ "application configuration. The modular design of eBox allows you to pick and "
26501
#~ "choose which services you want to configure using eBox."
26502
#~ msgstr ""
26503
#~ "<application>eBox</application> 是一个服务器应用设置管理 Web 框架。eBox "
26504
#~ "模块化的设计使您可以用它来选择您需要设置的服务。"
26505
26506
#~ msgid ""
26507
#~ "During the installation you will be asked to supply a password for the ebox "
26508
#~ "user. After installing eBox the web interface can be accessed from: "
26509
#~ "<emphasis>https://yourserver/ebox</emphasis>."
26510
#~ msgstr ""
26511
#~ "在安装过程中,您将会被要求提供一个 ebox 用户密码。安装 ebox 之后,您将可以访问 eBox 的 web "
26512
#~ "界面:<emphasis>https://yourserver/ebox</emphasis>。"
26513
26514
#~ msgid ""
26515
#~ "<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
26516
#~ "Objects</emphasis>, which allow you to assign a name to an IP address or "
26517
#~ "group of IPs."
26518
#~ msgstr ""
26519
#~ "<emphasis>Objects:</emphasis> 允许配置 eBox "
26520
#~ "<emphasis>网络对象</emphasis>,这意味着允许您为指定的一个或一组 IP 地址命名。"
26521
26522
#~ msgid "Default Modules"
26523
#~ msgstr "默认模块"
26524
26525
#~ msgid ""
26526
#~ "This section provides a quick summary of the default "
26527
#~ "<application>eBox</application> modules."
26528
#~ msgstr "这里给出了默认的<application>ebox</application>模块的简介。"
26529
26530
#~ msgid "Additional Modules"
26531
#~ msgstr "额外模块"
26532
26533
#~ msgid ""
26534
#~ "Here is a quick description of other available "
26535
#~ "<application>eBox</application> modules:"
26536
#~ msgstr "这里给出了其它可用的ebox模块的简介。"
26537
26538
#~ msgid ""
26539
#~ "To install the <application>ebox</application> package, which contains the "
26540
#~ "default modules, enter the following:"
26541
#~ msgstr "要安装包含了默认模块的 <application>ebox</application> 软件包,输入下面的内容:"
26542
26543
#~ msgid ""
26544
#~ "This section will cover integrating <application>Amavisd-new</application>, "
26545
#~ "<application>Spamassassin</application>, and "
26546
#~ "<application>ClamAV</application> with the "
26547
#~ "<application>Postfix</application> Mail Transport Agent (MTA). "
26548
#~ "<application>Postfix</application> can also check email validity by passing "
26549
#~ "it through external content filters. These filters can sometimes determine "
26550
#~ "if a message is spam without needing to process it with more resource "
26551
#~ "intensive applications. Two common filters are <application>dkim-"
26552
#~ "filter</application> and <application>python-policyd-spf</application>."
26553
#~ msgstr ""
26554
#~ "此章节会阐述<application>Amavisd-new</application>, "
26555
#~ "<application>Spamassassin</application>和 <application>ClamAV</application> "
26556
#~ "与<application>Postfix</application> "
26557
#~ "邮件传送代理(MTA)的整合。<application>Postfix</application>也可以将邮件交由外部内容过滤器来检查。这些过滤器可以在不"
26558
#~ "需要使用更占内存的软件情况来判断一个邮件是否为垃圾邮件。两个常见的过滤器<application>dkim-"
26559
#~ "filter</application>和<application>python-policyd-spf</application>。"
26560
26561
#~ msgid ""
26562
#~ "By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
26563
#~ "new module is installed it will not be automatically enabled."
26564
#~ msgstr "默认情况下 eBox <emphasis>模块</emphasis> 没有全部启用,新模块安装后也不会自动启用。"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1