1
# Chinese (China) translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-09-14 22:56+0000\n"
12
"Last-Translator: EAdam <liuannan@hotmail.com>\n"
13
"Language-Team: Chinese (China) <zh_CN@li.org>\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:47+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu 文档项目)"
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
28
#: serverguide/C/serverguide-C.omf:9(date)
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
36
#: serverguide/C/windows-networking.xml:15(para)
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
47
"计算机网络通常包含不同的系统,虽然管理全部由 Ubuntu 桌面计算机和服务器组成的网络会比较轻松,但某些网络环境会需要使 Ubuntu 和 "
48
"<trademark class=\"registered\">Microsoft</trademark> <trademark "
49
"class=\"registered\">Windows</trademark> 这两个系统协同工作。<phrase>Ubuntu</phrase> "
50
"服务器指南中的这部分内容将向你介绍 Ubuntu 服务器的原理及配置所用工具,以便同 Windows 计算机共享网络资源。"
52
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
56
#: serverguide/C/windows-networking.xml:27(para)
58
"Successfully networking your Ubuntu system with Windows clients involves "
59
"providing and integrating with services common to Windows environments. Such "
60
"services assist the sharing of data and information about the computers and "
61
"users involved in the network, and may be classified under three major "
62
"categories of functionality:"
64
"要想将您的 Ubuntu 系统与 Windows 客户机成功连网,则需要为 Windows "
65
"环境提供和整合常用服务。这些服务有助于网络中计算机和用户的数据和信息共享,它们按功能可划分为以下三大类:"
67
#: serverguide/C/windows-networking.xml:35(para)
69
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
70
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
71
"folders, volumes, and the sharing of printers throughout the network."
73
"<emphasis role=\"bold\">文件和打印机共享服务</emphasis>。SMB(Server Message "
74
"Block,服务器信息块) 协议可以使在网络上共享文件、文件夹、卷和打印机变得容易。"
76
#: serverguide/C/windows-networking.xml:41(para)
78
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
79
"information about the computers and users of the network with such "
80
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
81
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
83
"<emphasis role=\"bold\">目录服务</emphasis>。通过 LDAP(Lightweight Directory Access "
84
"Protocol,轻量目录访问协议) 和 Microsoft <trademark class=\"registered\">Active "
85
"Directory</trademark> 技术来共享网络计算机和用户的重要信息。"
87
#: serverguide/C/windows-networking.xml:48(para)
89
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
90
"the identity of a computer or user of the network and determining the "
91
"information the computer or user is authorized to access using such "
92
"principles and technologies as file permissions, group policies, and the "
93
"Kerberos authentication service."
95
"<emphasis role=\"bold\">认证和权限</emphasis>。建立网络计算机和用户的身份信息,并通过使用文件权限、组策略和 "
96
"Kerberos 认证服务等原理和技术来确定计算机或用户可以访问的信息。"
98
#: serverguide/C/windows-networking.xml:56(para)
100
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
101
"clients and share network resources among them. One of the principal pieces "
102
"of software your Ubuntu system includes for Windows networking is the Samba "
103
"suite of SMB server applications and tools."
105
"幸运的是您的 Ubuntu 系统可以为 Windows 客户端提供所有这样的便利,并在它们中共享网络资源。您的 Ubuntu为 Windows "
106
"网络提供的软件中主要部分之一是 SMB 服务器应用和工具的 Samba 套件。"
108
#: serverguide/C/windows-networking.xml:62(para)
110
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
111
"of the common Samba use cases, and how to install and configure the "
112
"necessary packages. Additional detailed documentation and information on "
113
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
116
"这部分<phrase>Ubuntu</phrase>服务器指南将介绍一些常用的 Samba 使用例子,以及如何安装和配置必要的软件包。关于 "
117
"Samba的附加详细文档和信息可以在 <ulink url=\"http://www.samba.org\">Samba 网站</ulink>找到。"
119
#: serverguide/C/windows-networking.xml:70(title)
120
msgid "Samba File Server"
123
#: serverguide/C/windows-networking.xml:72(para)
125
"One of the most common ways to network Ubuntu and Windows computers is to "
126
"configure Samba as a File Server. This section covers setting up a "
127
"<application>Samba</application> server to share files with Windows clients."
129
"最通用的连接 Ubuntu 和 Windows的方法之一是将 Samba 配置为文件服务器。本部分包括设置Samba>服务器以便同 Windows "
132
#: serverguide/C/windows-networking.xml:77(para)
134
"The server will be configured to share files with any client on the network "
135
"without prompting for a password. If your environment requires stricter "
136
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
138
"服务器将被配置为不需要密码即可与网络上任何客户端共享文件。如果您的环境要求更严格的访问控制,请看<xref linkend=\"samba-"
139
"fileprint-security\"/>"
141
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
145
#: serverguide/C/windows-networking.xml:85(para)
147
"The first step is to install the <application>samba</application> package. "
148
"From a terminal prompt enter:"
149
msgstr "第一步是安装samba软件包。在终端提示符键入:"
151
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
152
msgid "sudo apt-get install samba"
153
msgstr "sudo apt-get install samba"
155
#: serverguide/C/windows-networking.xml:93(para)
157
"That's all there is to it; you are now ready to configure Samba to share "
159
msgstr "这是唯一需要做的;现在您可以通过配置 Samba 来共享文件了。"
161
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
162
msgid "Configuration"
165
#: serverguide/C/windows-networking.xml:101(para)
167
"The main Samba configuration file is located in "
168
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
169
"a significant amount of comments in order to document various configuration "
173
"Samba配置文件置于<filename>/etc/samba/smb.conf</filename>。默认的配置文件包含了大量的的注解,描述了各种配置指"
176
#: serverguide/C/windows-networking.xml:106(para)
178
"Not all the available options are included in the default configuration "
179
"file. See the <filename>smb.conf</filename><application>man</application> "
180
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
181
"Collection/\">Samba HOWTO Collection</ulink> for more details."
183
"不是所有可行的选项都包括在默认配置文件中。请参见<filename>smb.conf</filename><application>man</applic"
184
"ation> 手册页,或者 <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
185
"Collection/\">Samba HOWTO 合集</ulink>"
187
#: serverguide/C/windows-networking.xml:116(para)
189
"First, edit the following key/value pairs in the "
190
"<emphasis>[global]</emphasis> section of "
191
"<filename>/etc/samba/smb.conf</filename>:"
193
"首先,编辑<filename>/etc/samba/smb.conf</filename>文件中的<emphasis>[global]</emphasis"
196
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
200
" workgroup = EXAMPLE\n"
209
#: serverguide/C/windows-networking.xml:127(para)
211
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
212
"section, and is commented by default. Also, change "
213
"<emphasis>EXAMPLE</emphasis> to better match your environment."
215
"<emphasis>security</emphasis>这个参数在[global]章节的下面,默认是被注释掉的。同样,根据你的环境改变<emphasis"
216
">EXAMPLE</emphasis>参数。"
218
#: serverguide/C/windows-networking.xml:135(para)
220
"Create a new section at the bottom of the file, or uncomment one of the "
221
"examples, for the directory to be shared:"
222
msgstr "在文件底部为要共享的目录创建一个新段落或将某一例子前#去掉,"
224
#: serverguide/C/windows-networking.xml:139(programlisting)
229
" comment = Ubuntu File Server Share\n"
230
" path = /srv/samba/share\n"
234
" create mask = 0755\n"
238
" 说明 = Ubuntu File Server Share\n"
239
" 路径 = /srv/samba/share\n"
243
" create mask = 0755\n"
245
#: serverguide/C/windows-networking.xml:151(para)
247
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
249
msgstr "<emphasis>comment:</emphasis> 一段简短的描述,根据你的需要进行调整。"
251
#: serverguide/C/windows-networking.xml:156(para)
252
msgid "<emphasis>path:</emphasis> the path to the directory to share."
253
msgstr "<emphasis>path:</emphasis>共享文件的路径"
255
#: serverguide/C/windows-networking.xml:159(para)
257
"This example uses <filename>/srv/samba/sharename</filename> because, "
258
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
259
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
260
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
261
"specific data should be served. Technically Samba shares can be placed "
262
"anywhere on the filesystem as long as the permissions are correct, but "
263
"adhering to standards is recommended."
265
"这个例子使用的文件是 <filename>/srv/samba/sharename</filename> 因为按照 "
266
"<emphasis>文件系统层次结构标准(FHS)</emphasis>\r\n"
267
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
268
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
269
"站点提供的数据。技术上来说Samba shares只要权限正确,可以在文件系统的任何位置,但是建议遵守规范。"
271
#: serverguide/C/windows-networking.xml:168(para)
273
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
274
"directory using <application>Windows Explorer</application>."
275
msgstr "<emphasis>browsable:</emphasis> 允许windows客户机使用资源管理器浏览共享目录。"
277
#: serverguide/C/windows-networking.xml:174(para)
279
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
280
"without supplying a password."
281
msgstr "<emphasis>guest ok:</emphasis>允许客户机连接共享目录不用提供密码。"
283
#: serverguide/C/windows-networking.xml:179(para)
285
"<emphasis>read only:</emphasis> determines if the share is read only or if "
286
"write privileges are granted. Write privileges are allowed only when the "
287
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
288
"is <emphasis>yes</emphasis>, then access to the share is read only."
290
"<emphasis>只读::</emphasis>决定共享是否为只读或已赋予写权限。只有当其值为<emphasis>no</emphasis>时才会赋予写"
291
"权限,就如此例中所看到的。如果值是<emphasis>yes</emphasis>,那么将只能以只读方式进入。"
293
#: serverguide/C/windows-networking.xml:184(para)
295
"<emphasis>create mask:</emphasis> determines the permissions new files will "
297
msgstr "<emphasis>create mask:</emphasis> 在文件被创建时确定新建文件的权限。"
299
#: serverguide/C/windows-networking.xml:193(para)
301
"Now that <application>Samba</application> is configured, the directory needs "
302
"to be created and the permissions changed. From a terminal enter:"
303
msgstr "既然<application>Samba</application>已经设置,您需要新建一个目录并更改授权。请从终端输入:"
305
#: serverguide/C/windows-networking.xml:199(command)
306
msgid "sudo mkdir -p /srv/samba/share"
307
msgstr "sudo mkdir -p /srv/samba/share"
309
#: serverguide/C/windows-networking.xml:200(command)
310
msgid "sudo chown nobody.nogroup /srv/samba/share/"
311
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
313
#: serverguide/C/windows-networking.xml:204(para)
315
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
316
"directory tree if it doesn't exist. Change the share name to fit your "
318
msgstr "如果它不存在,<emphasis>-p</emphasis> 这个参数允许mkdir命令创建全部的目录树,请按照你的环境修改共享名。"
320
#: serverguide/C/windows-networking.xml:213(para)
322
"Finally, restart the <application>samba</application> services to enable the "
324
msgstr "最后,为使新设定生效,请重启<application>samba</application>服务。"
326
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
327
msgid "sudo restart smbd"
330
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
331
msgid "sudo restart nmbd"
334
#: serverguide/C/windows-networking.xml:226(para)
336
"Once again, the above configuration gives all access to any client on the "
337
"local network. For a more secure configuration see <xref linkend=\"samba-"
338
"fileprint-security\"/>."
340
"再次地,上述设定使得所有用户可以接入本地网络。欲知更多安全设定方法请参阅<xref linkend=\"samba-fileprint-"
343
#: serverguide/C/windows-networking.xml:232(para)
345
"From a Windows client you should now be able to browse to the Ubuntu file "
346
"server and see the shared directory. To check that everything is working try "
347
"creating a directory from Windows."
348
msgstr "您现在应该可以从Windows客户端检索Ubuntu文件和共享文件夹。您可以试着在Windows系统下创建一个文件夹以确认一切正常工作。"
350
#: serverguide/C/windows-networking.xml:237(para)
352
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
353
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
354
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
355
"share actually exists and the permissions are correct."
357
"为了创建更多的共享只需在文件 <filename>/etc/samba/smb.conf</filename>中的章节下写入新的路径,并重新启动 "
358
"<emphasis>Samba</emphasis>。只需要确定该目录要共享和当前的权限是正确的。"
360
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
364
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
366
"For in depth Samba configurations see the <ulink "
367
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
370
"要更深入地了解Samba设定请参阅<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
371
"Collection/\">Samba HOWTO Collection</ulink>"
373
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
375
"The guide is also available in <ulink "
376
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
379
"您也可以在<ulink url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
380
"/0131882228\">printed format</ulink>查看帮助"
382
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
385
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
386
"another good reference."
389
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink>是另一篇"
392
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
394
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
398
#: serverguide/C/windows-networking.xml:275(title)
399
msgid "Samba Print Server"
402
#: serverguide/C/windows-networking.xml:277(para)
404
"Another common use of Samba is to configure it to share printers installed, "
405
"either locally or over the network, on an Ubuntu server. Similar to <xref "
406
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
407
"any client on the local network to use the installed printers without "
408
"prompting for a username and password."
410
"另一种较常见的Samba应用是在Ubuntu服务器上安装共享打印机,无论是本地还是共享的。比如 <xref linkend=\"samba-"
411
"fileserver\"/> 这一节将配置Samba允许任何客户机安装使用本地网络上的打印机而不提示的用户名和密码。"
413
#: serverguide/C/windows-networking.xml:283(para)
415
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
417
msgstr "欲知更多关于安全设定的内容请查看<xref linkend=\"samba-fileprint-security\"/>"
419
#: serverguide/C/windows-networking.xml:290(para)
421
"Before installing and configuring Samba it is best to already have a working "
422
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
425
"在安装和设定Samba之前最好安装一个能工作的<application>CUPS</application>。欲知详情请查看<xref "
426
"linkend=\"cups\"/>。"
428
#: serverguide/C/windows-networking.xml:295(para)
430
"To install the <application>samba</application> package, from a terminal "
432
msgstr "要安装<application>samba</application>软件包,请在中断输入:"
434
#: serverguide/C/windows-networking.xml:306(para)
436
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
437
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
438
"network, and change <emphasis>security</emphasis> to <emphasis "
439
"role=\"italic\">share</emphasis>:"
441
"在samba安装以后开始编辑 <filename>/etc/samba/smb.conf</filename> 按照你的网络情况改变 "
442
"<emphasis>workgroup</emphasis> 的属性。将 <emphasis>security</emphasis> 属性设置为 "
443
"<emphasis role=\"italic\">share</emphasis>:"
445
#: serverguide/C/windows-networking.xml:318(para)
447
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
448
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
450
"在 <emphasis>[printers]</emphasis> 一节中改变 <emphasis>guest ok</emphasis> 参数为 "
451
"<emphasis role=\"italic\">yes</emphasis>:"
453
#: serverguide/C/windows-networking.xml:322(programlisting)
464
#: serverguide/C/windows-networking.xml:327(para)
465
msgid "After editing <filename>smb.conf</filename> restart Samba:"
466
msgstr "编辑<filename>smb.conf</filename>后重启 Samba:"
468
#: serverguide/C/windows-networking.xml:336(para)
470
"The default Samba configuration will automatically share any printers "
471
"installed. Simply install the printer locally on your Windows clients."
472
msgstr "默认Samba设定将会自动共享安装的打印机。请在您的Windows客户端安装本地打印机。"
474
#: serverguide/C/windows-networking.xml:365(para)
476
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
477
"more information on configuring CUPS."
479
"欲知更多关于CUPS的设定,请您参阅<ulink url=\"http://www.cups.org/\">CUPS Website</ulink>"
481
#: serverguide/C/windows-networking.xml:379(title)
482
msgid "Securing a Samba File and Print Server"
483
msgstr "正在保护Samba文件和打印服务器"
485
#: serverguide/C/windows-networking.xml:382(title)
486
msgid "Samba Security Modes"
489
#: serverguide/C/windows-networking.xml:384(para)
491
"There are two security levels available to the Common Internet Filesystem "
492
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
493
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
494
"allows more flexibility, providing four ways of implementing user-level "
495
"security and one way to implement share-level:"
497
"有2种安全等级支持通用网络文件系统协议(CIFS), <emphasis>user-等级</emphasis> 和 <emphasis>share-"
498
"等级</emphasis> Samba的 <emphasis>security 模式</emphasis> 允许更灵活的执行方式,为user-"
499
"level安全等级提供了4种方式,为share-level等级提供了一种方式。"
501
#: serverguide/C/windows-networking.xml:393(para)
503
"<emphasis>security = user:</emphasis> requires clients to supply a username "
504
"and password to connect to shares. Samba user accounts are separate from "
505
"system accounts, but the <application>libpam-smbpass</application> package "
506
"will sync system users and passwords with the Samba user database."
508
"设置为 <emphasis>security = user:</emphasis> "
509
"就需要连接共享的客户机提供用户名和密码。虽然Samba的用户帐户区别于系统帐户,但是软件包 <application>libpam-"
510
"smbpass</application> 会同步系统用户名和密码与Samba用户数据库。"
512
#: serverguide/C/windows-networking.xml:400(para)
514
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
515
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
516
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
517
"linkend=\"samba-dc\"/> for further information."
519
"<emphasis>security = domain:</emphasis> 这个模式使得Samba 服务器作为 一个Windows "
520
"客户端的主域控制器 ( PDC ) , 备份域控制器(BDC) ,或者一个域成员服务器(DMS) ,了解更多信息参见 <xref "
521
"linkend=\"samba-dc\"/>。"
523
#: serverguide/C/windows-networking.xml:407(para)
525
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
526
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
527
"integration\"/> for details."
529
"<emphasis>security = ADS:</emphasis> 允许 Samba服务器作为一个本地成员加入活动目录域。详细内容参见 <xref "
530
"linkend=\"samba-ad-integration\"/>"
532
#: serverguide/C/windows-networking.xml:413(para)
534
"<emphasis>security = server:</emphasis> this mode is left over from before "
535
"Samba could become a member server, and due to some security issues should "
536
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
537
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
538
"of the Samba guide for more details."
540
"<emphasis>security = server:</emphasis> "
541
"这种模式是Samba作为一个成员服务器之前设置的。由于一些安全问题不应该使用。想了解更多信息,请查看 Samba 指南中<ulink "
542
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection "
543
"/ServerType.html#id349531\">Server Security</ulink>"
545
#: serverguide/C/windows-networking.xml:421(para)
547
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
548
"without supplying a username and password."
549
msgstr "参数 <emphasis>security = share:</emphasis> 允许客户机访问共享文件时不提供用户名和密码。"
551
#: serverguide/C/windows-networking.xml:428(para)
553
"The security mode you choose will depend on your environment and what you "
554
"need the Samba server to accomplish."
555
msgstr "您将选择的安全模式将取决与您的环境和您需要用Samba服务器完成的工作。"
557
#: serverguide/C/windows-networking.xml:434(title)
558
msgid "Security = User"
559
msgstr "Security = User"
561
#: serverguide/C/windows-networking.xml:436(para)
563
"This section will reconfigure the Samba file and print server, from <xref "
564
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
565
"require authentication."
567
"本节将根据 <xref linkend=\"samba-fileserver\"/> 和 <xref linkend=\"samba-"
568
"printserver\"/>重新配置 Samba 文件和打印服务器。"
570
#: serverguide/C/windows-networking.xml:441(para)
572
"First, install the <application>libpam-smbpass</application> package which "
573
"will sync the system users to the Samba user database:"
575
"首先安装软件包 <application>libpam-smbpass</application> 同步系统用户与 Samba 用户数据库:"
577
#: serverguide/C/windows-networking.xml:447(command)
578
msgid "sudo apt-get install libpam-smbpass"
579
msgstr "sudo apt-get install libpam-smbpass"
581
#: serverguide/C/windows-networking.xml:451(para)
583
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
584
"<application>libpam-smbpass</application> is already installed."
586
"如果你在安装过程中选择 <emphasis>Samba Server</emphasis> 任务则软件包 <application>libpam-"
587
"smbpass</application> 就已经安装在系统中。"
589
#: serverguide/C/windows-networking.xml:457(para)
591
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
592
"<emphasis>[share]</emphasis> section change:"
594
"编辑<filename>/etc/samba/smb.conf</filename>,并且在<emphasis>[share]</emphasis>区域更"
597
#: serverguide/C/windows-networking.xml:461(programlisting)
606
#: serverguide/C/windows-networking.xml:465(para)
607
msgid "Finally, restart Samba for the new settings to take effect:"
608
msgstr "最后,为使得新设定生效,请重启Samba"
610
#: serverguide/C/windows-networking.xml:474(para)
612
"Now when connecting to the shared directories or printers you should be "
613
"prompted for a username and password."
614
msgstr "当连接到共享的目录或打印机时,您需要一个用户名和密码。"
616
#: serverguide/C/windows-networking.xml:479(para)
618
"If you choose to map a network drive to the share you can check the "
619
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
620
"enter the username and password once, at least until the password changes."
622
"如果你选择要映射一个网络驱动器,那么你可以选择<quote>Reconnect at Logon</quote> "
623
"复选框,并且只需输入一次用户名和密码。至少在密码不变的情况下。"
625
#: serverguide/C/windows-networking.xml:487(title)
626
msgid "Share Security"
629
#: serverguide/C/windows-networking.xml:489(para)
631
"There are several options available to increase the security for each "
632
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
633
"this section will cover some common options."
634
msgstr "有几个选项可以为每个共享目录增强安全性。以 <emphasis>[share]</emphasis> 为例,这节中包括了一些常见的选项。"
636
#: serverguide/C/windows-networking.xml:495(title)
640
#: serverguide/C/windows-networking.xml:497(para)
642
"Groups define a collection of computers or users which have a common level "
643
"of access to particular network resources and offer a level of granularity "
644
"in controlling access to such resources. For example, if a group <emphasis "
645
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
646
"role=\"italic\">freda</emphasis>, <emphasis "
647
"role=\"italic\">danika</emphasis>, and <emphasis "
648
"role=\"italic\">rob</emphasis> and a second group <emphasis "
649
"role=\"italic\">support</emphasis> is defined and consists of users "
650
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
651
"role=\"italic\">jeremy</emphasis>, and <emphasis "
652
"role=\"italic\">vincent</emphasis> then certain network resources configured "
653
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
654
"subsequently enable access by freda, danika, and rob, but not jeremy or "
655
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
656
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
657
"role=\"italic\">support</emphasis> groups, she will be able to access "
658
"resources configured for access by both groups, whereas all other users will "
659
"have only access to resources explicitly allowing the group they are part of."
661
"组定义了对指定网络资源拥有共同访问级别的一组计算机或用户,并提供对这些资源的访问控制粒度级别。举个例子,如果定义一个 <emphasis "
662
"role=\"italic\">qa</emphasis> 组并包含用户 <emphasis "
663
"role=\"italic\">freda</emphasis>、<emphasis role=\"italic\">danika</emphasis> "
664
"和 <emphasis role=\"italic\">rob</emphasis>,再定义第二个组 <emphasis "
665
"role=\"italic\">support</emphasis> 并包含 <emphasis "
666
"role=\"italic\">danika</emphasis>、<emphasis "
667
"role=\"italic\">jeremy</emphasis> 和 <emphasis "
668
"role=\"italic\">vincent</emphasis>。那么某个网络资源被配置为允许 <emphasis "
669
"role=\"italic\">qa</emphasis> 组访问时,则其可以被 freda、danika 和 rob访问,而不是 jeremy 或 "
670
"vincent。因为用户 <emphasis role=\"italic\">danika</emphasis> 属于 <emphasis "
671
"role=\"italic\">qa</emphasis> 和 <emphasis role=\"italic\">support</emphasis> "
672
"两个组,所以她能够访问配置为两个组访问的资源,而所有其他用户则只能访问明确允许其所属组访问的资源。"
674
#: serverguide/C/windows-networking.xml:511(para)
676
"By default Samba looks for the local system groups defined in "
677
"<filename>/etc/group</filename> to determine which users belong to which "
678
"groups. For more information on adding and removing users from groups see "
679
"<xref linkend=\"adding-deleting-users\"/>."
681
"默认的 Samba 会查找本地系统组文件 <filename>/etc/group</filename> "
682
"以确定哪些用户属于哪些用户组。欲了解更多有关添加和删除用户组请访问 <xref linkend=\"adding-deleting-users\"/>."
684
#: serverguide/C/windows-networking.xml:517(para)
686
"When defining groups in the Samba configuration file, "
687
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
688
"preface the group name with an \"@\" symbol. For example, if you wished to "
689
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
690
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
691
"do so by entering the group name as <emphasis "
692
"role=\"bold\">@sysadmin</emphasis>."
694
"在Samba 设置文件 <filename>/etc/samba/smb.conf</filename> 中定义了组以后,公认的语法是以“ @ "
695
"”符号作为组名的开始。例如,如果你想定义一个组名 <emphasis role=\"italic\">sysadmin</emphasis> "
696
"你就需要在文件 <filename>/etc/samba/smb.conf</filename>中相关的章节下输入组的名字比如 <emphasis "
697
"role=\"bold\">@sysadmin</emphasis>。"
699
#: serverguide/C/windows-networking.xml:526(title)
700
msgid "File Permissions"
703
#: serverguide/C/windows-networking.xml:528(para)
705
"File Permissions define the explicit rights a computer or user has to a "
706
"particular directory, file, or set of files. Such permissions may be defined "
707
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
708
"the explicit permissions of a defined file share."
710
"文件权限清楚的表明了计算机或者用户对特定目录所拥有的权力。这种权限的定义可以通过编辑文件 "
711
"<filename>/etc/samba/smb.conf</filename>来确定一个共享文件的权限。"
713
#: serverguide/C/windows-networking.xml:534(para)
715
"For example, if you have defined a Samba share called "
716
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
717
"only</emphasis> permissions to the group of users known as <emphasis "
718
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
719
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
720
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
721
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
722
"under the <emphasis>[share]</emphasis> entry:"
724
"例如:如果你定义一个Samba的共享,命名为 <emphasis>share</emphasis>并且给予用户组<emphasis "
725
"role=\"italic\">qa</emphasis>, <emphasis role=\"italic\">只读</emphasis> 的权限, "
726
"。但是希望允许一个名为 <emphasis role=\"italic\">sysadmin</emphasis> 的组中一个<emphasis "
727
"role=\"italic\">vincent</emphasis> 用户可以写共享。这样的话你需要编辑文件 "
728
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis>下面添加:"
730
#: serverguide/C/windows-networking.xml:543(programlisting)
735
" write list = @sysadmin, vincent\n"
739
" write list = @sysadmin, vincent\n"
741
#: serverguide/C/windows-networking.xml:548(para)
743
"Another possible Samba permission is to declare "
744
"<emphasis>administrative</emphasis> permissions to a particular shared "
745
"resource. Users having administrative permissions may read, write, or modify "
746
"any information contained in the resource the user has been given explicit "
747
"administrative permissions to."
749
"另一种可能的Samba权限是为特定的共享资源声明一个管理权限。用户拥有管理权限后可以读,写或修改资源中的任何信息。用户被给予了明确的管理权限。"
751
#: serverguide/C/windows-networking.xml:554(para)
753
"For example, if you wanted to give the user <emphasis "
754
"role=\"italic\">melissa</emphasis> administrative permissions to the "
755
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
756
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
757
"under the <emphasis>[share]</emphasis> entry:"
759
"举个例子,如果你想给予用户<emphasis role=\"italic\">melissa</emphasis>管理权限,你可以编辑文件 "
760
"<filename>/etc/samba/smb.conf</filename> 在<emphasis>[share]</emphasis> "
763
#: serverguide/C/windows-networking.xml:561(programlisting)
767
" admin users = melissa\n"
772
#: serverguide/C/windows-networking.xml:565(para)
774
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
775
"the changes to take effect:"
776
msgstr "编辑<filename>/etc/samba/smb.conf</filename>以后请重启Samba使更改生效:"
778
#: serverguide/C/windows-networking.xml:575(para)
780
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
781
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
782
"<emphasis role=\"italic\">security = share</emphasis>"
784
"要想<emphasis>read list</emphasis>和<emphasis>write "
785
"list</emphasis>可以工作,Samba安全模式决不能设置成<emphasis role=\"italic\">security = "
788
#: serverguide/C/windows-networking.xml:581(para)
790
"Now that Samba has been configured to limit which groups have access to the "
791
"shared directory, the filesystem permissions need to be updated."
792
msgstr "Samba 已经配置为限定某些组对共享目录的访问,文件系统权限需要更新。"
794
#: serverguide/C/windows-networking.xml:586(para)
796
"Traditional Linux file permissions do not map well to Windows NT Access "
797
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
798
"providing more fine grained control. For example, to enable ACLs on "
799
"<filename>/srv</filename> an EXT3 filesystem, edit "
800
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
802
"传统 Linux 文件权限没有很好地映射到 Windows NT 访问控制表(ACLs),然而,Ubuntu 服务器可以使用 POSIX ACLs "
803
"以提供更细粒度的控制。例如,想要在 EXT3 文件系统中使用 ACLs <filename>/srv</filename>,只需编辑文件 "
804
"<filename>/etc/fstab</filename>,添加 <emphasis>acl</emphasis> 选项:"
806
#: serverguide/C/windows-networking.xml:593(programlisting)
810
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
814
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
817
#: serverguide/C/windows-networking.xml:597(para)
818
msgid "Then remount the partition:"
821
#: serverguide/C/windows-networking.xml:602(command)
822
msgid "sudo mount -v -o remount /srv"
823
msgstr "sudo mount -v -o remount /srv"
825
#: serverguide/C/windows-networking.xml:606(para)
827
"The above example assumes <filename>/srv</filename> on a separate partition. "
828
"If <filename>/srv</filename>, or wherever you have configured your share "
829
"path, is part of the <filename>/</filename> partition a reboot may be "
832
"以上示例假设 <filename>/srv</filename> 在单独的分区。无论您配置的共享目录 <filename>/srv</filename> "
833
"在什么位置,只要它属于 <filename>/</filename> 分区,都可能需要重启。"
835
#: serverguide/C/windows-networking.xml:613(para)
837
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
838
"group will be given read, write, and execute permissions to "
839
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
840
"will be given read and execute permissions, and the files will be owned by "
841
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
843
"为完成以上 Samba 设置,针对共享目录 "
844
"<filename>/srv/samba/share</filename>,<emphasis>sysadmin</emphasis> "
845
"组需要给出读、写、执行的权限,而 <emphasis>qa</emphasis> 需要给出读与执行的权限,并且其文件应隶属于用户 "
846
"<emphasis>melissa</emphasis>。在终端中输入:"
848
#: serverguide/C/windows-networking.xml:621(command)
849
msgid "sudo chown -R melissa /srv/samba/share/"
850
msgstr "sudo chown -R melissa /srv/samba/share/"
852
#: serverguide/C/windows-networking.xml:622(command)
853
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
854
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
856
#: serverguide/C/windows-networking.xml:623(command)
857
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
858
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
860
#: serverguide/C/windows-networking.xml:627(para)
862
"The <application>setfacl</application> command above gives "
863
"<emphasis>execute</emphasis> permissions to all files in the "
864
"<filename>/srv/samba/share</filename> directory, which you may or may not "
867
"如上命令 <application>setfacl</application> 会将目录 "
868
"<filename>/srv/samba/share</filename> 下所有文件给予 <emphasis>执行</emphasis> "
871
#: serverguide/C/windows-networking.xml:633(para)
873
"Now from a Windows client you should notice the new file permissions are "
874
"implemented. See the <application>acl</application> and "
875
"<application>setfacl</application> man pages for more information on POSIX "
878
"现在,通过使用Windows客户端,你应该注意到新的文件的权限开始应用了。想了解更多关于POSIX ACLs的信息请使用 man 命令查看 "
879
"<application>acl</application> 和 <application>setfacl</application>程序的帮助文档。"
881
#: serverguide/C/windows-networking.xml:641(title)
882
msgid "Samba AppArmor Profile"
883
msgstr "Samba AppArmor 策略"
885
#: serverguide/C/windows-networking.xml:643(para)
887
"Ubuntu comes with the <application>AppArmor</application> security module, "
888
"which provides mandatory access controls. The default AppArmor profile for "
889
"Samba will need to be adapted to your configuration. For more details on "
890
"using AppArmor see <xref linkend=\"apparmor\"/>."
892
"Ubuntu 带有 <application>AppArmor</application> "
893
"安全模块,提供必须的访问控制功能。为符合您的配置,需要对默认的 Samba AppArmor 策略做些修改。详情使用 AppArmor,请参考 "
894
"<xref linkend=\"apparmor\"/>。"
896
#: serverguide/C/windows-networking.xml:649(para)
898
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
899
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
900
"of the <application>apparmor-profiles</application> packages. To install the "
901
"package, from a terminal prompt enter:"
903
"<filename>/usr/sbin/smbd</filename> 和 <filename>/usr/sbin/nmbd</filename> 是 "
904
"Samba 守护进程的两个程序,它们默认的 AppArmor 策略,包含在 <application>apparmor-"
905
"profiles</application> 软件包,要安装这个包,在终端命令行中输入:"
907
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
908
msgid "sudo apt-get install apparmor-profiles"
909
msgstr "sudo apt-get install apparmor-profiles"
911
#: serverguide/C/windows-networking.xml:660(para)
912
msgid "This package contains profiles for several other binaries."
913
msgstr "这个软件包还带有其它一些程序的策略。"
915
#: serverguide/C/windows-networking.xml:665(para)
917
"By default the profiles for <application>smbd</application> and "
918
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
919
"allowing Samba to work without modifying the profile, and only logging "
920
"errors. To place the <application>smbd</application> profile into "
921
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
922
"profile will need to be modified to reflect any directories that are shared."
924
"默认情况下,<application>smbd</application> 和 <application>nmbd</application> 工作在 "
925
"<emphasis>complain</emphasis> 的策略模式,即无需修改默认的策略,Samba "
926
"就能工作,但在这种模式下,仅仅会记录错误到日志。 要让 <application>smbd</application> 切换到 "
927
"<emphasis>enforce</emphasis> 的策略模式,以使得 Samba "
928
"如期望地工作,则默认的策略需要进行修改,以反映到每一个共享的目录。"
930
#: serverguide/C/windows-networking.xml:672(para)
932
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
933
"for <emphasis>[share]</emphasis> from the file server example:"
935
"例如,在文件服务器上添加 <emphasis>[share]</emphasis> 的标识信息,编辑 "
936
"<filename>/etc/apparmor.d/usr.sbin.smbd</filename>:"
938
#: serverguide/C/windows-networking.xml:677(programlisting)
942
" /srv/samba/share/ r,\n"
943
" /srv/samba/share/** rwkix,\n"
946
" /srv/samba/share/ r,\n"
947
" /srv/samba/share/** rwkix,\n"
949
#: serverguide/C/windows-networking.xml:682(para)
951
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
952
msgstr "切换到 <emphasis>enforce</emphasis> 的策略模式,并重新加载:"
954
#: serverguide/C/windows-networking.xml:687(command)
955
msgid "sudo aa-enforce /usr/sbin/smbd"
956
msgstr "sudo aa-enforce /usr/sbin/smbd"
958
#: serverguide/C/windows-networking.xml:688(command)
959
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
960
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
962
#: serverguide/C/windows-networking.xml:691(para)
964
"You should now be able to read, write, and execute files in the shared "
965
"directory as normal, and the <application>smbd</application> binary will "
966
"have access to only the configured files and directories. Be sure to add "
967
"entries for each directory you configure Samba to share. Also, any errors "
968
"will be logged to <filename>/var/log/syslog</filename>."
970
"您现在可以正常地读取、写入和执行共享目录中的文件,<application>smbd</application> "
971
"程序将仅会访问配置文件和目录。请确定添加要让 Samba 共享的每个目录。同时,任何的错误会被记录在 "
972
"<filename>/var/log/syslog</filename>。"
974
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
977
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
978
"also a good reference."
981
"url=\"http://www.oreilly.com/catalog/9780596007690/\">使用Samba</ulink>也是一本不错的参"
984
#: serverguide/C/windows-networking.xml:722(para)
986
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
987
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
990
"Samba HOWTO集锦的<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
991
"Collection/securing-samba.html\">第18章</ulink>主要致力于安全问题。"
993
#: serverguide/C/windows-networking.xml:728(para)
995
"For more information on Samba and ACLs see the <ulink "
996
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
997
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
999
"有关Samba和ACL的更多信息请参看<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1000
"Collection/AccessControls.html#id397568\">Samba ACLs页面</ulink>。"
1002
#: serverguide/C/windows-networking.xml:744(title)
1003
msgid "Samba as a Domain Controller"
1004
msgstr "Samba作为域控制器"
1006
#: serverguide/C/windows-networking.xml:746(para)
1008
"Although it cannot act as an Active Directory Primary Domain Controller "
1009
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1010
"domain controller. A major advantage of this configuration is the ability to "
1011
"centralize user and machine credentials. Samba can also use multiple "
1012
"backends to store the user information."
1014
"虽然 Samba 服务器不能作为活动目录主域控制器( PDC),但可以配置为类似 Windows NT4 "
1015
"风格的域控制器,该配置的主要优势在于能够集中用户和计算机证书。 此外,Samba 可以使用多种后端用于存储用户信息。"
1017
#: serverguide/C/windows-networking.xml:753(title)
1018
msgid "Primary Domain Controller"
1021
#: serverguide/C/windows-networking.xml:755(para)
1023
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1024
"using the default smbpasswd backend."
1025
msgstr "本节内容涉及使用默认的 smbpasswd 后端配置 Samba 作为主域控制器(PDC)。"
1027
#: serverguide/C/windows-networking.xml:762(para)
1029
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1030
"the user accounts, by entering the following in a terminal prompt:"
1032
"首先,安装 Samba 和用于同步用户账号的软件包 <application>libpam-smbpass</application>。 "
1035
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1036
msgid "sudo apt-get install samba libpam-smbpass"
1037
msgstr "sudo apt-get install samba libpam-smbpass"
1039
#: serverguide/C/windows-networking.xml:774(para)
1041
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1042
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1043
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1044
"should relate to your organization:"
1046
"接下来,编辑 <filename>/etc/samba/smb.conf</filename> 以配置 Samba。 "
1047
"其中,<emphasis>security</emphasis> 模式需要设置为 <emphasis "
1048
"role=\"italic\">user</emphasis>; <emphasis>workgroup</emphasis> 设置为您的组织。"
1050
#: serverguide/C/windows-networking.xml:789(para)
1052
"In the commented <quote>Domains</quote> section add or uncomment the "
1054
msgstr "在 <quote>Domains</quote> 这个被注释掉的章节,添加内容或者取消注释,直至内容如下:"
1056
#: serverguide/C/windows-networking.xml:793(programlisting)
1060
" domain logons = yes\n"
1061
" logon path = \\\\%N\\%U\\profile\n"
1062
" logon drive = H:\n"
1063
" logon home = \\\\%N\\%U\n"
1064
" logon script = logon.cmd\n"
1065
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1066
"/var/lib/samba -s /bin/false %u\n"
1070
" 登录路径 = \\\\%N\\%U\\profile\n"
1072
" 登录的主目录 = \\\\%N\\%U\n"
1073
" 登录脚本 = logon.cmd\n"
1074
" 添加机器脚本 = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1075
"/var/lib/samba -s /bin/false %u\n"
1077
#: serverguide/C/windows-networking.xml:804(para)
1079
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1080
"Samba to act as a domain controller."
1082
"<emphasis>domain logons:</emphasis> 提供 netlogon 服务,使得 Samba 服务器成为域控制器。"
1084
#: serverguide/C/windows-networking.xml:809(para)
1086
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1087
"their home directory. It is also possible to configure a "
1088
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1091
"<emphasis>logon path:</emphasis> 存放用户的 Windows 配置文件到其主目录。 也可以创建一个 "
1092
"<emphasis>[profiles]</emphasis> 将所有用户的 Windows 配置文件存放到统一的目录。"
1094
#: serverguide/C/windows-networking.xml:815(para)
1096
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1097
msgstr "<emphasis>logon drive:</emphasis> 指定主目录本地路径。"
1099
#: serverguide/C/windows-networking.xml:820(para)
1101
"<emphasis>logon home:</emphasis> specifies the home directory location."
1102
msgstr "<emphasis>logon home:</emphasis> 指定主目录的位置。"
1104
#: serverguide/C/windows-networking.xml:825(para)
1106
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1107
"once a user has logged in. The script needs to be placed in the "
1108
"<emphasis>[netlogon]</emphasis> share."
1110
"<emphasis>logon script:</emphasis> 当用户登陆时,在其本地执行的脚本。 脚本必须存放在 "
1111
"<emphasis>[netlogon]</emphasis> 共享当中。"
1113
#: serverguide/C/windows-networking.xml:831(para)
1115
"<emphasis>add machine script:</emphasis> a script that will automatically "
1116
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1117
"workstation to join the domain."
1119
"<emphasis>add machine script:</emphasis> 为工作站加入域而自动创建 "
1120
"<emphasis>系统信任账户</emphasis> 的脚本。"
1122
#: serverguide/C/windows-networking.xml:835(para)
1124
"In this example the <emphasis>machines</emphasis> group will need to be "
1125
"created using the <application>addgroup</application> utility see <xref "
1126
"linkend=\"adding-deleting-users\"/> for details."
1128
"本示例中,需要使用 <application>addgroup</application> 工具创建 "
1129
"<emphasis>machines</emphasis> 组。 请参考 <xref linkend=\"adding-deleting-"
1132
#: serverguide/C/windows-networking.xml:839(para)
1134
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1135
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1136
"(and other admin functions) to work. This is achieved by executing:"
1139
#: serverguide/C/windows-networking.xml:844(command)
1141
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1142
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1143
"SeRemoteShutdownPrivilege"
1146
#: serverguide/C/windows-networking.xml:851(para)
1148
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1149
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1152
"如果您不想使用 <emphasis>漫游式的配置文件</emphasis>,将 <emphasis>logon home</emphasis> 和 "
1153
"<emphasis>logon path</emphasis> 选项注释掉即可。"
1155
#: serverguide/C/windows-networking.xml:860(para)
1157
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1158
"role=\"italic\">logon home</emphasis> to be mapped:"
1160
"为使得 <emphasis role=\"italic\">logon home</emphasis> 被正确映射到,需要对 "
1161
"<emphasis>[homes]</emphasis> 共享设置取消注释。"
1163
#: serverguide/C/windows-networking.xml:865(programlisting)
1168
" comment = Home Directories\n"
1169
" browseable = no\n"
1171
" create mask = 0700\n"
1172
" directory mask = 0700\n"
1173
" valid users = %S\n"
1177
" comment = Home Directories\n"
1178
" browseable = no\n"
1180
" create mask = 0700\n"
1181
" directory mask = 0700\n"
1182
" valid users = %S\n"
1184
#: serverguide/C/windows-networking.xml:878(para)
1186
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1187
"share needs to be configured. To enable the share, uncomment:"
1189
"当配置为域控制器时,<emphasis>[netlogon]</emphasis> 共享设置需要开启。 要开启该共享设置,则需要取消注释,使得其内容如下:"
1191
#: serverguide/C/windows-networking.xml:883(programlisting)
1196
" comment = Network Logon Service\n"
1197
" path = /srv/samba/netlogon\n"
1199
" read only = yes\n"
1200
" share modes = no\n"
1204
" comment = Network Logon Service\n"
1205
" path = /srv/samba/netlogon\n"
1207
" read only = yes\n"
1208
" share modes = no\n"
1210
#: serverguide/C/windows-networking.xml:893(para)
1212
"The original <emphasis>netlogon</emphasis> share path is "
1213
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1214
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1215
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1216
"location for site-specific data provided by the system."
1218
"最初的 <emphasis>netlogon</emphasis> 共享路径是 "
1219
"<filename>/home/samba/netlogon</filename>。 为符合文件系统层次结构规范(FHS),系统自带的 <ulink "
1220
"url=\"http://www.pathname.com/fhs/pub/fhs-"
1221
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> 是站点特定数据的合适位置。"
1223
#: serverguide/C/windows-networking.xml:904(para)
1225
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1226
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1228
"创建 <filename role=\"directory\">netlogon</filename> 目录和一个暂时为空的脚本文件 "
1229
"<filename>logon.cmd</filename>:"
1231
#: serverguide/C/windows-networking.xml:910(command)
1232
msgid "sudo mkdir -p /srv/samba/netlogon"
1233
msgstr "sudo mkdir -p /srv/samba/netlogon"
1235
#: serverguide/C/windows-networking.xml:911(command)
1236
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1237
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1239
#: serverguide/C/windows-networking.xml:914(para)
1241
"You can enter any normal Windows logon script commands in "
1242
"<filename>logon.cmd</filename> to customize the client's environment."
1244
"您可以在 <filename>logon.cmd</filename> 中输入任何 Windows 登陆的脚本命令,用以定制客户的工作环境。"
1246
#: serverguide/C/windows-networking.xml:922(para)
1248
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1249
"workstation to the domain, a system group needs to be mapped to the Windows "
1250
"<emphasis>Domain Admins</emphasis> group. Using the "
1251
"<application>net</application> utility, from a terminal enter:"
1253
"<emphasis>root</emphasis> 账户默认是被禁止的,为使工作站加入到域,需要将一个系统组映射到 Windows "
1254
"<emphasis>Domain Admins</emphasis> 组。 可以使用工具 "
1255
"<application>net</application>,在终端输入:"
1257
#: serverguide/C/windows-networking.xml:929(command)
1259
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1262
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1265
#: serverguide/C/windows-networking.xml:933(para)
1267
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1268
"prefer. Also, the user used to join the domain needs to be a member of the "
1269
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1270
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1271
"allows <application>sudo</application> use."
1273
"将 <emphasis role=\"italic\">sysadmin</emphasis> "
1274
"组修改为任何您喜欢的组,此外,曾经加入到域的用户,需设置为 <emphasis>sysadmin</emphasis> 组的成员,同样也要将其设置为 "
1275
"<emphasis>admin</emphasis> 组的成员,因为 <emphasis>admin</emphasis> 组可以使用 "
1276
"<application>sudo</application> 命令。"
1278
#: serverguide/C/windows-networking.xml:944(para)
1279
msgid "Finally, restart Samba to enable the new domain controller:"
1280
msgstr "最后,重启 Samba 服务以应用新的域控制器:"
1282
#: serverguide/C/windows-networking.xml:956(para)
1284
"You should now be able to join Windows clients to the Domain in the same "
1285
"manner as joining them to an NT4 domain running on a Windows server."
1286
msgstr "现在,您可以将 Windows 客户加入到域,正如将它们加入到运行在 Windows 服务器上的 NT4 域。"
1288
#: serverguide/C/windows-networking.xml:966(title)
1289
msgid "Backup Domain Controller"
1292
#: serverguide/C/windows-networking.xml:968(para)
1294
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1295
"Backup Domain Controller (BDC) as well. This will allow clients to "
1296
"authenticate in case the PDC becomes unavailable."
1297
msgstr "网络有了主域控制器(PDC),最好也有个备份的域控制器(BDC),这样,一旦 PDC 不可用,还可以使用 BDC 进行客户认证。"
1299
#: serverguide/C/windows-networking.xml:973(para)
1301
"When configuring Samba as a BDC you need a way to sync account information "
1302
"with the PDC. There are multiple ways of accomplishing this "
1303
"<application>scp</application>, <application>rsync</application>, or by "
1304
"using <application>LDAP</application> as the <emphasis>passdb "
1305
"backend</emphasis>."
1307
"将 Samba 配置为 BDC 时,您需要一种方法来实现与 PDC "
1308
"同步账户信息,而做到这点可以有多种途径:<application>scp</application>, "
1309
"<application>rsync</application> 或者使用 <application>LDAP</application> 作为 "
1310
"<emphasis>passdb 后端</emphasis>。"
1312
#: serverguide/C/windows-networking.xml:979(para)
1314
"Using LDAP is the most robust way to sync account information, because both "
1315
"domain controllers can use the same information in real time. However, "
1316
"setting up a LDAP server may be overly complicated for a small number of "
1317
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1319
"使用 LDAP 同步帐户信息是最稳健的做法,因为 PDC 和 BDC 都可以实时地使用相同的信息。然而,对于为数不多的用户和计算机帐户,配置 LDAP "
1322
#: serverguide/C/windows-networking.xml:988(para)
1324
"First, install <application>samba</application> and <application>libpam-"
1325
"smbpass</application>. From a terminal enter:"
1327
"首先,安装 <application>samba</application> 和 <application>libpam-"
1328
"smbpass</application>。 在终端中输入:"
1330
#: serverguide/C/windows-networking.xml:999(para)
1332
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1333
"following in the <emphasis>[global]</emphasis>:"
1335
"编辑 <filename>/etc/samba/smb.conf</filename>,取消注释 "
1336
"<emphasis>[global]</emphasis> 中如下项:"
1338
#: serverguide/C/windows-networking.xml:1012(para)
1339
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1340
msgstr "对被注释掉的 <emphasis>Domains</emphasis> 项进行取消注释,或者,如果没有该项则进行添加:"
1342
#: serverguide/C/windows-networking.xml:1016(programlisting)
1346
" domain logons = yes\n"
1347
" domain master = no\n"
1350
" domain logons = yes\n"
1351
" domain master = no\n"
1353
#: serverguide/C/windows-networking.xml:1024(para)
1355
"Make sure a user has rights to read the files in "
1356
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1357
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1360
"确保用户有权限读取 <filename>/var/lib/samba</filename> 中的文件。例如,为使得 "
1361
"<emphasis>admin</emphasis> 组的用户可以 <application>scp</application> "
1364
#: serverguide/C/windows-networking.xml:1030(command)
1365
msgid "sudo chgrp -R admin /var/lib/samba"
1366
msgstr "sudo chgrp -R admin /var/lib/samba"
1368
#: serverguide/C/windows-networking.xml:1036(para)
1370
"Next, sync the user accounts, using <application>scp</application> to copy "
1371
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1373
"接下来,同步用户帐号。 使用 <application>scp</application> 从 PDC 上拷贝 目录 "
1374
"<filename>/var/lib/samba</filename>:"
1376
#: serverguide/C/windows-networking.xml:1042(command)
1377
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1378
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1380
#: serverguide/C/windows-networking.xml:1046(para)
1382
"Replace <emphasis>username</emphasis> with a valid username and "
1383
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1385
"使用一个合法的用户名替换 <emphasis>username</emphasis>,并使用实际的 PDC 主机名或其 IP 地址替换 "
1386
"<emphasis>pdc</emphasis>。"
1388
#: serverguide/C/windows-networking.xml:1055(para)
1389
msgid "Finally, restart <application>samba</application>:"
1390
msgstr "最后, 重启 <application>samba</application>:"
1392
#: serverguide/C/windows-networking.xml:1067(para)
1394
"You can test that your Backup Domain controller is working by stopping the "
1395
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1397
msgstr "您可以这样来测试备份域控制器是否正确工作:在 PDC 上停止 Samba 守护进程,然后偿试登陆到一台加入域的 Windows 客户机。"
1399
#: serverguide/C/windows-networking.xml:1072(para)
1401
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1402
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1403
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1404
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1405
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1407
"另外需要牢记的一点是:如果您在 PDC 上将一个目录配置为 <emphasis>logon home</emphasis>,而 PDC "
1408
"无法访问时,则用户的 <emphasis>Home</emphasis> 位置也将无法访问。 出于这个原因,最好将 <emphasis>logon "
1409
"home</emphasis> 配置为驻留在 PDC 和 BDC 之外独立的文件服务器上。"
1411
#: serverguide/C/windows-networking.xml:1102(para)
1413
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1414
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1415
"up a Primary Domain Controller."
1417
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1418
"pdc.html\">第 4 章</ulink> 关于配置 Samba 为主域控制器的 HOWTO 收集。"
1420
#: serverguide/C/windows-networking.xml:1108(para)
1422
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1423
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1424
"explains setting up a Backup Domain Controller."
1426
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1427
"Collection/samba-bdc.html\">第 5 章</ulink> 关于配置 Samba 为备份域控制器的 HOWTO 收集。"
1429
#: serverguide/C/windows-networking.xml:1123(title)
1430
msgid "Samba Active Directory Integration"
1431
msgstr "Samba 活动目录集成"
1433
#: serverguide/C/windows-networking.xml:1126(title)
1434
msgid "Accessing a Samba Share"
1435
msgstr "访问 Samba 共享"
1437
#: serverguide/C/windows-networking.xml:1128(para)
1439
"Another, use for Samba is to integrate into an existing Windows network. "
1440
"Once part of an Active Directory domain, Samba can provide file and print "
1441
"services to AD users."
1443
"Samba 另一个用途是集成到一个现存的 Windows 网络。 一旦成为活动目录域的一部分,Samba 就可以为活动目录(AD)用户提供文件和打印服务。"
1445
#: serverguide/C/windows-networking.xml:1133(para)
1447
"The simplest way to join an AD domain is to use <application>Likewise-"
1448
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1451
"加入到活动目录(AD)域的最简单的方法就是使用 <application>Likewise-open</application>。 详情请参考 "
1452
"<xref linkend=\"likewise-open\"/>。"
1454
#: serverguide/C/windows-networking.xml:1138(para)
1456
"Once part of the domain, enter the following command in the terminal prompt:"
1459
#: serverguide/C/windows-networking.xml:1143(command)
1460
msgid "sudo apt-get install samba smbfs smbclient"
1461
msgstr "sudo apt-get install samba smbfs smbclient"
1463
#: serverguide/C/windows-networking.xml:1146(para)
1465
"Since the <application>likewise-open</application> and "
1466
"<application>samba</application> packages use separate "
1467
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1468
"<filename role=\"directory\">/var/lib/samba</filename>:"
1470
"从<application>likewise-"
1471
"open</application>和<application>samba</application>使用独立安装包<filename>secrets.t"
1472
"db</filename>文件起,符号连接必需创建在<filename "
1473
"role=\"directory\">/var/lib/samba</filename>:"
1475
#: serverguide/C/windows-networking.xml:1152(command)
1476
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1477
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1479
#: serverguide/C/windows-networking.xml:1153(command)
1480
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1481
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1483
#: serverguide/C/windows-networking.xml:1156(para)
1484
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1485
msgstr "下一步,编辑 <filename>/etc/samba/smb.conf</filename>,修改:"
1487
#: serverguide/C/windows-networking.xml:1160(programlisting)
1491
" workgroup = EXAMPLE\n"
1494
" realm = EXAMPLE.COM\n"
1496
" idmap backend = lwopen\n"
1497
" idmap uid = 50-9999999999\n"
1498
" idmap gid = 50-9999999999\n"
1501
" workgroup = EXAMPLE\n"
1504
" realm = EXAMPLE.COM\n"
1506
" idmap backend = lwopen\n"
1507
" idmap uid = 50-9999999999\n"
1508
" idmap gid = 50-9999999999\n"
1510
#: serverguide/C/windows-networking.xml:1171(para)
1512
"Restart <application>samba</application> for the new settings to take effect:"
1513
msgstr "重启<application>samba</application>为新的设置生效:"
1515
#: serverguide/C/windows-networking.xml:1180(para)
1517
"You should now be able to access any <application>Samba</application> shares "
1518
"from a Windows client. However, be sure to give the appropriate AD users or "
1519
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1520
"security\"/> for more details."
1522
"现在你应该能够从 Windows 客户端访问任何<application>Samba</application>共享了。但是,一定要给 AD "
1523
"用户或者组分配合适的共享目录。请参考<xref linkend=\"samba-fileprint-security\"/>获得更多详细信息。"
1525
#: serverguide/C/windows-networking.xml:1188(title)
1526
msgid "Accessing a Windows Share"
1527
msgstr "访问 Windows 共享文件"
1529
#: serverguide/C/windows-networking.xml:1190(para)
1531
"Now that the Samba server is part of the Active Directory domain you can "
1532
"access any Windows server shares:"
1533
msgstr "Samba 已经是活动目录域的一部分,您可以任意访问 Windows 的共享:"
1535
#: serverguide/C/windows-networking.xml:1197(para)
1537
"To mount a Windows file share enter the following in a terminal prompt:"
1538
msgstr "挂载 Windows 文件共享,在终端命令行中输入:"
1540
#: serverguide/C/windows-networking.xml:1201(command)
1541
msgid "mount.cifs //fs01.example.com/share mount_point"
1542
msgstr "mount.cifs //fs01.example.com/share mount_point"
1544
#: serverguide/C/windows-networking.xml:1204(para)
1546
"It is also possible to access shares on computers not part of an AD domain, "
1547
"but a username and password will need to be provided."
1548
msgstr "也可访问非活动域的计算机,不过,需要提供用户名和密码。"
1550
#: serverguide/C/windows-networking.xml:1212(para)
1552
"To mount the share during boot place an entry in "
1553
"<filename>/etc/fstab</filename>, for example:"
1554
msgstr "在系统启动时挂载共享,需要在 <filename>/etc/fstab</filename> 中添加相应项,例如:"
1556
#: serverguide/C/windows-networking.xml:1216(programlisting)
1560
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1564
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1567
#: serverguide/C/windows-networking.xml:1223(para)
1569
"Another way to copy files from a Windows server is to use the "
1570
"<application>smbclient</application> utility. To list the files in a Windows "
1573
"从 Windows 服务器拷贝文件的另一种方法是使用 <application>smbclient</application> 程序。 列出 "
1576
#: serverguide/C/windows-networking.xml:1229(command)
1577
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1578
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1580
#: serverguide/C/windows-networking.xml:1235(para)
1581
msgid "To copy a file from the share, enter:"
1582
msgstr "从共享中拷贝文件,输入:"
1584
#: serverguide/C/windows-networking.xml:1240(command)
1585
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1586
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1588
#: serverguide/C/windows-networking.xml:1243(para)
1590
"This will copy the <filename>file.txt</filename> into the current directory."
1591
msgstr "这将拷贝 <filename>file.txt</filename> 到当前目录。"
1593
#: serverguide/C/windows-networking.xml:1250(para)
1594
msgid "And to copy a file to the share:"
1595
msgstr "同时,拷贝文件到共享:"
1597
#: serverguide/C/windows-networking.xml:1255(command)
1598
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1599
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1601
#: serverguide/C/windows-networking.xml:1258(para)
1603
"This will copy the <filename>/etc/hosts</filename> to "
1604
"<filename>//fs01.example.com/share/hosts</filename>."
1606
"它会将<filename>/etc/hosts</filename>复制到<filename>//fs01.example.com/share/hosts"
1609
#: serverguide/C/windows-networking.xml:1265(para)
1611
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1612
"<application>smbclient</application> command all at once. This is useful for "
1613
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1614
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1615
"and directory commands, simply execute:"
1617
"以上使用到的 <emphasis>-c</emphasis> 选项允许您同时执行多个 "
1618
"<application>smbclient</application> 命令,这有利于使用脚本及少量的文件操作。 <emphasis>smb: \\"
1619
"></emphasis> 命令行类似于 FTP 命令行,您可以使用它进行普通的文件目录操作,要进入其命令行,只需执行:"
1621
#: serverguide/C/windows-networking.xml:1272(command)
1622
msgid "smbclient //fs01.example.com/share -k"
1623
msgstr "smbclient //fs01.example.com/share -k"
1625
#: serverguide/C/windows-networking.xml:1279(para)
1627
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1628
"<emphasis>//192.168.0.5/share</emphasis>, "
1629
"<emphasis>username=steve,password=secret</emphasis>, and "
1630
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1631
"file name, and an actual username and password with rights to the share."
1633
"使用您的服务器IP,主机名,共享名,文件名,以及一个有访问共享权限的真实用户名和密码,替换所有<emphasis>fs01.example.com/sha"
1634
"re</emphasis>,<emphasis>//192.168.0.5/share</emphasis>,<emphasis>username=ste"
1635
"ve,password=secret</emphasis> 和 <emphasis>file.txt</emphasis> 的实例。"
1637
#: serverguide/C/windows-networking.xml:1290(para)
1639
"For more <application>smbclient</application> options see the man page: "
1640
"<command>man smbclient</command>, also available <ulink "
1641
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1645
#: serverguide/C/windows-networking.xml:1295(para)
1647
"The <application>mount.cifs</application><ulink "
1648
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1649
"\">man page</ulink> is also useful for more detailed information."
1652
#: serverguide/C/windows-networking.xml:1308(title)
1653
msgid "Likewise Open"
1654
msgstr "Likewise Open"
1656
#: serverguide/C/windows-networking.xml:1310(para)
1658
"<application>Likewise Open</application> simplifies the necessary "
1659
"configuration needed to authenticate a Linux machine to an Active Directory "
1660
"domain. Based on <application>winbind</application>, the "
1661
"<application>likewise-open</application> package takes the pain out of "
1662
"integrating Ubuntu authentication into an existing Windows network."
1664
"<application>Likewise Open</application>简化了Linux机器获得授权登陆Active "
1665
"Directory域名所需必要的设置。基于<application>winbind</application>,<application>likewise"
1666
"-open</application>软件包省去了将Ubuntu授权认证整合到已有的Windows网络中的麻烦。"
1668
#: serverguide/C/windows-networking.xml:1319(para)
1670
"There are two ways to use Likewise Open, <application>likewise-"
1671
"open</application> the command line utility and <application>likewise-open-"
1672
"gui</application>. This section focuses on the command line utility."
1674
"使用Likewise Open有两种方法,<application>likewise-"
1675
"open</application>命令行工具和<application>likewise-open-gui</application>。 "
1678
#: serverguide/C/windows-networking.xml:1324(para)
1680
"To install the <application>likewise-open</application> package, open a "
1681
"terminal prompt and enter:"
1682
msgstr "要安装<application>likewise-open</application>软件包,打开一个终端模拟器并输入:"
1684
#: serverguide/C/windows-networking.xml:1329(command)
1685
msgid "sudo apt-get install likewise-open"
1686
msgstr "sudo apt-get install likewise-open"
1688
#: serverguide/C/windows-networking.xml:1334(title)
1689
msgid "Joining a Domain"
1692
#: serverguide/C/windows-networking.xml:1336(para)
1694
"The main executable file of the <application>likewise-open</application> "
1695
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1696
"join your computer to the domain. Before you join a domain you will need to "
1697
"make sure you have:"
1699
"<application>likewise-"
1700
"open</application>包的主要可执行文件是<filename>/usr/bin/domainjoin-"
1701
"cli</filename>,这是用来把你的电脑连接到域的。在连接到域之前,你需要确定具备:"
1703
#: serverguide/C/windows-networking.xml:1344(para)
1705
"Access to an Active Directory user with appropriate rights to join the "
1707
msgstr "进入到某Active Directory用户并有加入到域名的合适权限。"
1709
#: serverguide/C/windows-networking.xml:1349(para)
1711
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1712
"you want to join. If your AD domain does not match a valid domain such as "
1713
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1714
"the form of <emphasis>domainname.local</emphasis>."
1716
"您想加入的域的 <emphasis>完全限定域名</emphasis>(FQDN)。 如果您的活动目录域未能匹配一个合法的域,例如<emphasis "
1717
"role=\"italic\">example.com</emphasis>,可能是由于它是 "
1718
"<emphasis>domainname.local</emphasis> 形式的。"
1720
#: serverguide/C/windows-networking.xml:1356(para)
1722
"DNS for the domain setup properly. In a production AD environment this "
1723
"should be the case. Proper Microsoft DNS is needed so that client "
1724
"workstations can determine the Active Directory domain is available."
1726
"域的 DNS 设置正确。 在生产活动目录环境,应该是如此。 需要有正确的 Microsoft DNS,这样,客户端工作站可以确定活动目录域可用。"
1728
#: serverguide/C/windows-networking.xml:1360(para)
1730
"If you don't have a Windows DNS server on your network, see <xref "
1731
"linkend=\"likewise-open-ms-dns\"/> for details."
1733
"如果您的网络没有 Windows DNS 服务器,查看 <xref linkend=\"likewise-open-ms-dns\"/> 以了解更多。"
1735
#: serverguide/C/windows-networking.xml:1367(para)
1736
msgid "To join a domain, from a terminal prompt enter:"
1737
msgstr "要加入到一个域名,在终端里输入:"
1739
#: serverguide/C/windows-networking.xml:1372(command)
1740
msgid "sudo domainjoin-cli join example.com Administrator"
1741
msgstr "sudo domainjoin-cli join example.com Administrator"
1743
#: serverguide/C/windows-networking.xml:1376(para)
1745
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1746
"<emphasis>Administrator</emphasis> with the appropriate user name."
1748
"将 <emphasis>example.com</emphasis> 替换为您的域名,并将 "
1749
"<emphasis>Administrator</emphasis> 替换为合适的用户名。"
1751
#: serverguide/C/windows-networking.xml:1382(para)
1753
"You will then be prompted for the user's password. If all goes well a "
1754
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1755
msgstr "接下来你会收到提示让你输入用户密码。如果一切顺利,你会看到终端里打印出<emphasis>SUCCESS</emphasis>的消息。"
1757
#: serverguide/C/windows-networking.xml:1388(para)
1759
"After joining the domain, it is necessary to reboot before attempting to "
1760
"authenticate against the domain."
1761
msgstr "在加入到某个域名后,有必要在认证此域名前重启。"
1763
#: serverguide/C/windows-networking.xml:1394(para)
1765
"After successfully joining an Ubuntu machine to an Active Directory domain "
1766
"you can authenticate using any valid AD user. To login you will need to "
1767
"enter the user name as 'domain\\username'. For example to ssh to a server "
1768
"joined to the domain enter:"
1770
"成功将Ubuntu机器加入到Active Directory域名中后,你就可以使用任何有效的AD用户进行身份验证。要想登陆,可以以‘域名\\"
1771
"用户名’形式输入用户的名字。如你要ssh到一个连接到某域名的服务器,输入:"
1773
#: serverguide/C/windows-networking.xml:1401(command)
1774
msgid "ssh 'example\\steve'@hostname"
1775
msgstr "ssh 'example\\steve'@hostname"
1777
#: serverguide/C/windows-networking.xml:1405(para)
1779
"If configuring a Desktop the user name will need to be prefixed with "
1780
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1782
"如果是配置桌面,用户的名字也需要在图形登陆窗口以<emphasis role=\"italic\">domain\\</emphasis>为前缀。"
1784
#: serverguide/C/windows-networking.xml:1411(para)
1786
"To make likewise-open use a default domain, you can add the following "
1787
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1789
"要让 likewise-open 使用默认域,您可以在 <filename>/etc/samba/lwiauthd.conf</filename> "
1792
#: serverguide/C/windows-networking.xml:1415(programlisting)
1796
"winbind use default domain = yes\n"
1799
"winbind use default domain = yes\n"
1801
#: serverguide/C/windows-networking.xml:1419(para)
1802
msgid "Then restart the <application>likewise-open</application> daemons:"
1803
msgstr "然后,重启 <application>likewise-open</application> 守护进程:"
1805
#: serverguide/C/windows-networking.xml:1424(command)
1806
msgid "sudo /etc/init.d/likewise-open restart"
1807
msgstr "sudo /etc/init.d/likewise-open restart"
1809
#: serverguide/C/windows-networking.xml:1428(para)
1811
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1812
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1813
"using only their username."
1815
"一旦配置为使用 <emphasis>默认域</emphasis>,就不必使用 <emphasis role=\"italic\">'domain\\"
1816
"'</emphasis>,用户使用其用户名即可登陆。"
1818
#: serverguide/C/windows-networking.xml:1434(para)
1820
"The <application>domainjoin-cli</application> utility can also be used to "
1821
"leave the domain. From a terminal:"
1822
msgstr "<application>domainjoin-cli</application>工具可用来脱离某域名。在终端输入:"
1824
#: serverguide/C/windows-networking.xml:1439(command)
1825
msgid "sudo domainjoin-cli leave"
1826
msgstr "sudo domainjoin-cli leave"
1828
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1829
msgid "Other Utilities"
1832
#: serverguide/C/windows-networking.xml:1446(para)
1834
"The <application>likewise-open</application> package comes with a few other "
1835
"utilities that may be useful for gathering information about the Active "
1836
"Directory environment. These utilities are used to join the machine to the "
1837
"domain, and are the same as those available in the <application>samba-"
1838
"common</application> and <application>winbind</application> packages:"
1840
"<application>likewise-open</application>一些其它的工具一起对于收集Active "
1841
"Directory环境下的信息很有用处。这些工具可用来将机器加入到某域名中,和那些在<application>samba-"
1842
"common</application>和<application>winbind</application>中的工具相同:"
1844
#: serverguide/C/windows-networking.xml:1455(para)
1846
"<application>lwinet</application>: Returns information about the network and "
1848
msgstr "<application>lwinet</application>:返回有关网络和域名的信息。"
1850
#: serverguide/C/windows-networking.xml:1460(para)
1852
"<application>lwimsg</application>: Allows interaction with the "
1853
"<application>likewise-winbindd</application> daemon."
1855
"<application>lwimsg</application>:允许与<application>likewise-"
1856
"winbindd</application>程序进行交互操作。"
1858
#: serverguide/C/windows-networking.xml:1465(para)
1860
"<application>lwiinfo</application>: Displays information about various parts "
1862
msgstr "<application>lwiinfo</application>:显示关于域名的各个部分的信息。"
1864
#: serverguide/C/windows-networking.xml:1471(para)
1865
msgid "Please refer to each utility's man page specific for details."
1866
msgstr "详细信息请参见各个工具的帮助信息。"
1868
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1869
msgid "Troubleshooting"
1872
#: serverguide/C/windows-networking.xml:1481(para)
1874
"If the client has trouble joining the domain, double check that the "
1875
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1878
"如果客户端加入域时遇到困难,仔细检查 <filename>/etc/resolv.conf</filename>,确保 Microsoft DNS "
1881
#: serverguide/C/windows-networking.xml:1486(programlisting)
1885
"nameserver 192.168.0.1\n"
1888
"nameserver 192.168.0.1\n"
1890
#: serverguide/C/windows-networking.xml:1491(para)
1892
"For more information when joining a domain, use the <emphasis>--loglevel "
1893
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1894
"<application>domainjoin-cli</application> utility:"
1896
"要了解更多有关加入域的信息,在程序 <application>domainjoin-cli</application> 中使用 <emphasis>--"
1897
"loglevel verbose</emphasis> 或 <emphasis>--advanced</emphasis> 选项:"
1899
#: serverguide/C/windows-networking.xml:1497(command)
1900
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1902
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1904
#: serverguide/C/windows-networking.xml:1501(para)
1906
"If an Active Directory user has trouble logging in, check the "
1907
"<filename>/var/log/auth.log</filename> for details."
1908
msgstr "如果活动目录用户在登陆时遇到困难,查看 <filename>/var/log/auth.log</filename> 以了解详情。"
1910
#: serverguide/C/windows-networking.xml:1506(para)
1912
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1913
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1914
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1915
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1916
"<emphasis>hosts</emphasis> option. For example:"
1919
#: serverguide/C/windows-networking.xml:1512(programlisting)
1923
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1926
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1928
#: serverguide/C/windows-networking.xml:1516(para)
1929
msgid "Change the above to:"
1932
#: serverguide/C/windows-networking.xml:1520(programlisting)
1936
"hosts: files dns [NOTFOUND=return]\n"
1939
"hosts: files dns [NOTFOUND=return]\n"
1941
#: serverguide/C/windows-networking.xml:1524(para)
1942
msgid "Then restart networking by entering:"
1943
msgstr "然后,重启 networking 服务:"
1945
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1946
msgid "sudo /etc/init.d/networking restart"
1947
msgstr "sudo /etc/init.d/networking restart"
1949
#: serverguide/C/windows-networking.xml:1532(para)
1950
msgid "You should now be able to join the Active Directory domain."
1951
msgstr "现在您应该可以加入到活动目录域。"
1953
#: serverguide/C/windows-networking.xml:1540(title)
1954
msgid "Microsoft DNS"
1955
msgstr "Microsoft DNS"
1957
#: serverguide/C/windows-networking.xml:1542(para)
1959
"The following are instructions for installing DNS on an Active Directory "
1960
"domain controller running Windows Server 2003, but the instructions should "
1961
"be similar for other versions:"
1962
msgstr "如下操作步骤,是在运行 Windows Server 2003 的活动目录域控制器上安装 DNS。 在其它版本上,这些操作步骤大致相同:"
1964
#: serverguide/C/windows-networking.xml:1551(para)
1967
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1968
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1969
"This will open the <application>Server Role Mangement</application> utility."
1972
#: serverguide/C/windows-networking.xml:1559(para)
1973
msgid "Click <guilabel>Add or remove a role</guilabel>"
1976
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1980
#: serverguide/C/windows-networking.xml:1561(para)
1981
msgid "Select \"DNS Server\""
1982
msgstr "选择 ”DNS 服务器“"
1984
#: serverguide/C/windows-networking.xml:1563(para)
1985
msgid "Click Next again to proceed"
1988
#: serverguide/C/windows-networking.xml:1564(para)
1989
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1990
msgstr "如果 “创建正向查找区域” 项未被选取,则选取。"
1992
#: serverguide/C/windows-networking.xml:1566(para)
1994
"Make sure \"This server maintains the zone\" is selected and click Next."
1995
msgstr "确保 “这台服务器维护该区域” 项被选取,点击下一步。"
1997
#: serverguide/C/windows-networking.xml:1567(para)
1998
msgid "Enter your domain name and click Next"
2001
#: serverguide/C/windows-networking.xml:1568(para)
2002
msgid "Click Next to \"Allow only secure dynamic updates\""
2003
msgstr "选取 “只允许安全的动态更新”,点击下一步"
2005
#: serverguide/C/windows-networking.xml:1570(para)
2007
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2008
"should not forward queries\" and click Next."
2009
msgstr "输入 DNS 服务要转发查询的目的 IP 地址,或选择 “否,不向前转发查询”, 点击下一步。"
2011
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2012
msgid "Click Finish"
2015
#: serverguide/C/windows-networking.xml:1577(para)
2017
"DNS is now installed and can be further configured using the "
2018
"<application>Microsoft Management Console</application> DNS snap-in."
2020
"DNS 安装完成,并可以使用 <application>微软管理控制台(mmc)</application> DNS 管理单元作进一步配置。"
2022
#: serverguide/C/windows-networking.xml:1585(para)
2026
#: serverguide/C/windows-networking.xml:1586(para)
2027
msgid "Control Panel"
2030
#: serverguide/C/windows-networking.xml:1587(para)
2031
msgid "Network Connections"
2034
#: serverguide/C/windows-networking.xml:1588(para)
2035
msgid "Right Click \"Local Area Connection\""
2036
msgstr "右键点击 “本地连接”"
2038
#: serverguide/C/windows-networking.xml:1589(para)
2039
msgid "Click Properties"
2042
#: serverguide/C/windows-networking.xml:1590(para)
2043
msgid "Double click \"Internet Protocol (TCP/IP)\""
2044
msgstr "双击 \"Internet Protocol (TCP/IP)\""
2046
#: serverguide/C/windows-networking.xml:1591(para)
2047
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2048
msgstr "输入服务器 IP 地址作为 “首选 DNS 服务器”"
2050
#: serverguide/C/windows-networking.xml:1592(para)
2054
#: serverguide/C/windows-networking.xml:1593(para)
2055
msgid "Click Ok again to save the settings"
2056
msgstr "再次点击确定以保存设置"
2058
#: serverguide/C/windows-networking.xml:1582(para)
2060
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2061
msgstr "接下来,配置服务器使用自己的 DNS 查询:<placeholder-1/>"
2063
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2067
#: serverguide/C/windows-networking.xml:1602(para)
2069
"Please refer to the <ulink "
2070
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2071
"further information."
2073
"更多信息请参见<ulink url=\"http://www.likewisesoftware.com/\">Likewise</ulink>的主页。"
2075
#: serverguide/C/windows-networking.xml:1606(para)
2077
"For more <application>domainjoin-cli</application> options see the man page: "
2078
"<command>man domainjoin-cli</command>."
2080
"更多有关 <application>domainjoin-cli</application> 的选项,请查阅使用手册 <command>man "
2081
"domainjoin-cli</command>。"
2083
#: serverguide/C/windows-networking.xml:1610(para)
2085
"Also, see the <ulink "
2086
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2087
"LikewiseOpen</ulink> page."
2090
#: serverguide/C/web-servers.xml:13(title)
2094
#: serverguide/C/web-servers.xml:14(para)
2096
"A Web server is a software responsible for accepting HTTP requests from "
2097
"clients, which are known as Web browsers, and serving them HTTP responses "
2098
"along with optional data contents, which usually are Web pages such as HTML "
2099
"documents and linked objects (images, etc.)."
2101
"Web 服务器是一个负责接受来自客户端的 HTTP 请求的软件,并向它们返回 HTTP 应答与可选的数据内容,其中这些客户端称为 Web "
2102
"浏览器,而返回的数据通常是 Web 页面,如 HTML 文档和链接的对象 (图像等)。"
2104
#: serverguide/C/web-servers.xml:19(title)
2105
msgid "HTTPD - Apache2 Web Server"
2106
msgstr "HTTPD - Apache2 Web 服务器"
2108
#: serverguide/C/web-servers.xml:20(para)
2110
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2111
"are used to serve Web Pages requested by client computers. Clients typically "
2112
"request and view Web Pages using Web Browser applications such as "
2113
"<application>Firefox</application>, <application>Opera</application>, or "
2114
"<application>Mozilla</application>."
2116
"Apache 是在 Linux 系统中使用最为广泛的 Web 服务器。Web 服务器被用来提供客户计算机所请求的 Web 页。客户计算机通常使用 Web "
2117
"浏览器来请求和查看 Web 页,如 "
2118
"<application>Firefox</application>、<application>Opera</application>,或是 "
2119
"<application>Mozilla</application>。"
2121
#: serverguide/C/web-servers.xml:24(para)
2123
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2124
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2125
"resource. For example, to view the home page of the <ulink "
2126
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2127
"the FQDN. To request specific information about <ulink "
2128
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2129
"enter the FQDN followed by a path."
2131
"用户输入一个统一资源定位器 (Uniform Resource Locator, URL) 来通过全称域名 (Fully Qualified "
2132
"Domain Name, FQDN) 和到所需资源的路径指向一台 Web 服务器。例如,要查看 <ulink "
2133
"url=\"http://www.ubuntu.com\">Ubuntu 网站</ulink> 的主页,用户只需输入其 FQDN。而当要请求关于 "
2134
"<ulink url=\"http://www.ubuntu.com/support/paid\">收费支持</ulink> 的特定信息时,用户就要输入 "
2137
#: serverguide/C/web-servers.xml:29(para)
2139
"The most common protocol used to transfer Web pages is the Hyper Text "
2140
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2141
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2142
"protocol for uploading and downloading files, are also supported."
2144
"用于传输网页的最常用协议就是超文本传输协议 (HTTP)。也支持诸如基于安全套接层的超文本传输协议 (HTTPS) 以及用于上传和下载文件的文件传输协议 "
2147
#: serverguide/C/web-servers.xml:33(para)
2149
"Apache Web Servers are often used in combination with the "
2150
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2151
"(<application>PHP</application>) scripting language, and other popular "
2152
"scripting languages such as <application>Python</application> and "
2153
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2154
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2155
"for the development and deployment of Web-based applications."
2157
"Apache Web 服务器常与 <application>MySQL</application> 数据库引擎、超文本处理器 "
2158
"(<application>PHP</application>) "
2159
"脚本语言及其他流行的脚本语言如<application>Python</application> 和 "
2160
"<application>Perl</application> 组合在一起。这一组合被称为 LAMP (Linux, Apache, MySQL and "
2161
"Perl/Python/PHP) ,并形成一个强大健壮的开发基于 Web 应用程序的开发平台。"
2163
#: serverguide/C/web-servers.xml:42(para)
2165
"The <application>Apache2</application> web server is available in Ubuntu "
2166
"Linux. To install Apache2:"
2169
#: serverguide/C/web-servers.xml:48(para)
2170
msgid "At a terminal prompt enter the following command:"
2171
msgstr "在终端命令行输入如下命令:"
2173
#: serverguide/C/web-servers.xml:53(command)
2174
msgid "sudo apt-get install apache2"
2175
msgstr "sudo apt-get install apache2"
2177
#: serverguide/C/web-servers.xml:63(para)
2179
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2180
"text configuration files. These <emphasis>directives</emphasis> are "
2181
"separated between the following files and directories:"
2184
#: serverguide/C/web-servers.xml:71(para)
2186
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2187
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2189
"<emphasis>apache2.conf:</emphasis> Apache2 的主要配置文件。 包含了 Apache2 "
2190
"的<emphasis>全局</emphasis>的配置。"
2192
#: serverguide/C/web-servers.xml:77(para)
2194
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2195
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2196
"serve content may add files, or symlinks, to this directory."
2199
#: serverguide/C/web-servers.xml:83(para)
2201
"<emphasis>envvars:</emphasis> file where Apache2 "
2202
"<emphasis>environment</emphasis> variables are set."
2204
"<emphasis> 环境变量设置: </emphasis> 文件下的 Apache2 <emphasis> 环境 </emphasis> 变量设置。"
2206
#: serverguide/C/web-servers.xml:88(para)
2208
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2209
"file, named after the <application>httpd</application> daemon. The file can "
2210
"be used for <emphasis>user specific</emphasis> configuration options that "
2211
"globally effect Apache2."
2213
"<emphasis>httpd.conf:</emphasis>以往主要的 Apache2 "
2214
"配置文件,以<application>httpd</application>守护进程来命名。该文件可用于<emphasis>用户手册<emphasis>在"
2215
"全局有效范围内 Aphache2 的配置选项。"
2217
#: serverguide/C/web-servers.xml:95(para)
2219
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2220
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2221
"modules will have specific configuration files, however."
2223
"<emphasis> mods-available: </emphasis> 该目录包含的配置文件都装载 <emphasis> 模块 "
2224
"</emphasis> 和设置它们。不管怎样并非所有模块都会有具体的配置文件。"
2226
#: serverguide/C/web-servers.xml:101(para)
2228
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2229
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2230
"configuration file is symlinked it will be enabled the next time "
2231
"<application>apache2</application> is restarted."
2233
"<emphasis>mods-enabled:</emphasis>保持<emphasis>符号链接</emphasis>文件在 "
2234
"<filename>/etc/apache2/mods-"
2235
"available</filename>。当一模块配置文件被设为符号连接后会在下一次<application>apache2</application>重"
2238
#: serverguide/C/web-servers.xml:108(para)
2240
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2241
"TCP ports Apache2 is listening on."
2242
msgstr "<emphasis>ports.conf:</emphasis>房屋指示以确定 Apache2 正在监听哪些 TCP 端口。"
2244
#: serverguide/C/web-servers.xml:113(para)
2246
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2247
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2248
"to be configured for multiple sites that have separate configurations."
2251
#: serverguide/C/web-servers.xml:119(para)
2253
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2254
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2255
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2256
"a configuration file in sites-available is symlinked, the site configured by "
2257
"it will be active once Apache2 is restarted."
2260
#: serverguide/C/web-servers.xml:127(para)
2262
"In addition, other configuration files may be added using the "
2263
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2264
"many configuration files. Any directive may be placed in any of these "
2265
"configuration files. Changes to the main configuration files are only "
2266
"recognized by Apache2 when it is started or restarted."
2268
"除此之外,其他的配置文件可能会增加使用 <emphasis> 头文件 </emphasis> 指令, "
2269
"并和通配符用于包括许多配置文件。任何说明可放置于这些任意配置文件中。"
2271
#: serverguide/C/web-servers.xml:136(para)
2273
"The server also reads a file containing mime document types; the filename is "
2274
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2275
"<filename>/etc/mime.types</filename> by default."
2277
"服务器还能读取文件,包括 MIME 文件类型; 文件名由 <emphasis> TypesConfig </emphasis> 说明指定, 默认名为 "
2278
"<filename>/etc/mime.types</filename>"
2280
#: serverguide/C/web-servers.xml:141(title)
2281
msgid "Basic Settings"
2284
#: serverguide/C/web-servers.xml:142(para)
2286
"This section explains Apache2 server essential configuration parameters. "
2287
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2288
"Documentation</ulink> for more details."
2290
"这一节讲述了Apache2服务器的基本配置参数。更详细的资料请查阅<ulink "
2291
"url=\"http://httpd.apache.org/docs/2.2/\">Apache2文档</ulink>"
2293
#: serverguide/C/web-servers.xml:150(para)
2295
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2296
"it is configured with a single default virtual host (using the "
2297
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2298
"if you have a single site, or used as a template for additional virtual "
2299
"hosts if you have multiple sites. If left alone, the default virtual host "
2300
"will serve as your default site, or the site users will see if the URL they "
2301
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2302
"your custom sites. To modify the default virtual host, edit the file "
2303
"<filename>/etc/apache2/sites-available/default</filename>."
2305
"Apache2以一个“虚拟主机友好”的默认配置来部署。也就是说,它以一个默认的虚拟主机(用<emphasis>VirtualHost</emphasis>"
2306
"指令)来配置。如果你只有一个站点,这个配置可以修改,也可以直接使用;或者如果你有多个站点,也可以把它当作模板来添加新的虚拟主机。如果不做改变的话,默认的虚"
2307
"拟主机将作为你的默认站点,否则站点用户将会看到他们所输入的URL是否没有匹配任何你的客户站点的<emphasis>ServerName</emphasis"
2308
">指令。要修改默认的虚拟主机,请编辑文件<filename>/etc/apache2/sites-"
2309
"available/default</filename>。"
2311
#: serverguide/C/web-servers.xml:163(para)
2313
"The directives set for a virtual host only apply to that particular virtual "
2314
"host. If a directive is set server-wide and not defined within the virtual "
2315
"host settings, the default setting is used. For example, you can define a "
2316
"Webmaster email address and not define individual email addresses for each "
2319
"虚拟主机的语句设置仅应用于特定的虚拟主机。如果一个语句在服务器范围中设置而没有在虚拟主机设置中定义,那么将使用缺省设置。例如,您可以定义网络管理员的邮件地"
2320
"址而无需为每个虚拟主机都分别定义邮件地址。"
2322
#: serverguide/C/web-servers.xml:171(para)
2324
"If you wish to configure a new virtual host or site, copy that file into the "
2325
"same directory with a name you choose. For example:"
2326
msgstr "如果您想设定一个新的虚拟主机或站点,请复制该文件到以您选择名称的同一目录下。例如:"
2328
#: serverguide/C/web-servers.xml:177(command)
2330
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2331
"available/mynewsite"
2333
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2334
"available/mynewsite"
2336
#: serverguide/C/web-servers.xml:180(para)
2338
"Edit the new file to configure the new site using some of the directives "
2340
msgstr "编辑新文件配置新的站点就要使用下列的一些指示说明。"
2342
#: serverguide/C/web-servers.xml:187(para)
2344
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2345
"to be advertised for the server's administrator. The default value is "
2346
"webmaster@localhost. This should be changed to an email address that is "
2347
"delivered to you (if you are the server's administrator). If your website "
2348
"has a problem, Apache2 will display an error message containing this email "
2349
"address to report the problem to. Find this directive in your site's "
2350
"configuration file in /etc/apache2/sites-available."
2352
"<emphasis>ServerAdmin</emphasis> 语句指定服务器管理员的邮件地址,缺省值是 "
2353
"webmaster@localhost。应该改成您的邮件地址 (如果您是服务器管理员的话)。如果您的网站有问题,Apache2 "
2354
"将显示包含该邮件地址的错误信息以便报告该问题。在 /etc/apache2/sites-available 目录中您网站的配置文件里可以找到该语句。"
2356
#: serverguide/C/web-servers.xml:198(para)
2358
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2359
"the IP address, Apache2 should listen on. If the IP address is not "
2360
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2361
"it runs on. The default value for the Listen directive is 80. Change this to "
2362
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2363
"that it will not be available to the Internet, to (for example) 81 to change "
2364
"the port that it listens on, or leave it as is for normal operation. This "
2365
"directive can be found and changed in its own file, "
2366
"<filename>/etc/apache2/ports.conf</filename>"
2368
"<emphasis>Listen</emphasis> 语句指定端口以及可选的 IP 地址,Apache2 将在其上监听。如果 IP "
2369
"地址没有被指定,Apache2 将监听所有指向其所运行机器上的 IP 地址。Listen 语句的缺省值是 80。把其改成 127.0.0.1:80 将使 "
2370
"Apache2 只在您的环回接口上临听以致于它相对于 Internet "
2371
"不可用。也可改变其监听端口如81,或保持原样以便正常操作。该语句可以在它自己的文件 <filename>/etc/apache2/ports.conf</"
2374
#: serverguide/C/web-servers.xml:211(para)
2376
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2377
"FQDN your site should answer to. The default virtual host has no ServerName "
2378
"directive specified, so it will respond to all requests that do not match a "
2379
"ServerName directive in another virtual host. If you have just acquired the "
2380
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2381
"value of the ServerName directive in your virtual host configuration file "
2382
"should be ubunturocks.com. Add this directive to the new virtual host file "
2383
"you created earlier (<filename>/etc/apache2/sites-"
2384
"available/mynewsite</filename>)."
2386
"这<emphasis>服务器名</emphasis>指令是可选的,并且指定回答你站点的 FQDN "
2387
"。默认虚拟主机没有指定服务器指令。因此,它将会响应在另一虚拟主机不匹配服务器指令的所有请求。如果你仅取得 ubunturocks.com 域名并希望建立 "
2388
"Ubuntu 服务器,重要的是你要在虚拟主机配置文件里服务器指令应该设为 ubunturocks.com 。把这指令加到较早前你新创建的虚拟主机文件。"
2390
#: serverguide/C/web-servers.xml:223(para)
2392
"You may also want your site to respond to www.ubunturocks.com, since many "
2393
"users will assume the www prefix is appropriate. Use the "
2394
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2395
"wildcards in the ServerAlias directive."
2397
"可能还需要把您的站点来响应 www.ubunturocks.com ,因为许多用户会认定加上前缀 www "
2398
"是适当的。使用<emphasis>服务器别名</emphasis>指令来做这事。 可能需要在服务别名指令中使用通配符。"
2400
#: serverguide/C/web-servers.xml:230(para)
2402
"For example, the following configuration will cause your site to respond to "
2403
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2405
"比如,下一步的配置会引导您站点来响应在 <emphasis> .ubunturocks.com </emphasis> 的任意请求结束域。"
2407
#: serverguide/C/web-servers.xml:236(programlisting)
2411
"ServerAlias *.ubunturocks.com\n"
2414
"服务器别名 *.ubunturocks.com\n"
2416
#: serverguide/C/web-servers.xml:242(para)
2418
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2419
"should look for the files that make up the site. The default value is "
2420
"/var/www. No site is configured there, but if you uncomment the "
2421
"<emphasis>RedirectMatch</emphasis> directive in "
2422
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2423
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2424
"this value in your site's virtual host file, and remember to create that "
2425
"directory if necessary!"
2428
#: serverguide/C/web-servers.xml:254(para)
2430
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2431
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2432
"enabled point to \"available\" sites."
2434
"/etc/apache2/sites-availabl 此目录<emphasis role=\"bold\">不是</emphasis>由 "
2435
"Apache2 解析。在/etc/apache2/sites-enabled符号链接指向 \"有效\" 站点。"
2437
#: serverguide/C/web-servers.xml:260(para)
2439
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2440
"<application>a2ensite</application> utility and restart Apache2:"
2443
#: serverguide/C/web-servers.xml:266(command)
2444
msgid "sudo a2ensite mynewsite"
2445
msgstr "sudo a2ensite mynewsite"
2447
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2448
msgid "sudo /etc/init.d/apache2 restart"
2449
msgstr "sudo /etc/init.d/apache2 restart"
2451
#: serverguide/C/web-servers.xml:271(para)
2453
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2454
"name for the VirtualHost. One method is to name the file after the "
2455
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2456
msgstr "确定为虚拟主机用广泛的名字来代替新站点。一种方法是以虚拟主机的 <emphasis> 服务器名 </emphasis> 指令来命名。"
2458
#: serverguide/C/web-servers.xml:278(para)
2460
"Similarly, use the <application>a2dissite</application> utility to disable "
2461
"sites. This is can be useful when troubleshooting configuration problems "
2462
"with multiple VirtualHosts:"
2464
"同样,使用 <application> a2dissite </application> "
2465
"功能来关闭站点。使用多个虚拟主机来为故障排除配置问题是非常有用的。"
2467
#: serverguide/C/web-servers.xml:284(command)
2468
msgid "sudo a2dissite mynewsite"
2469
msgstr "sudo a2dissite mynewsite"
2471
#: serverguide/C/web-servers.xml:290(title)
2472
msgid "Default Settings"
2475
#: serverguide/C/web-servers.xml:292(para)
2477
"This section explains configuration of the Apache2 server default settings. "
2478
"For example, if you add a virtual host, the settings you configure for the "
2479
"virtual host take precedence for that virtual host. For a directive not "
2480
"defined within the virtual host settings, the default value is used."
2483
"服务器缺省设置的配置。举个例子,如果您添加一个虚拟主机,您为该虚拟主机配置的设置将优先于缺省虚拟主机。如果在该虚拟主机的设置中有个语句没有定义,那么将使用"
2486
#: serverguide/C/web-servers.xml:304(para)
2488
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2489
"server when a user requests an index of a directory by specifying a forward "
2490
"slash (/) at the end of the directory name."
2492
"当用户在目录名后使用斜杠 (/) 来请求一个目录索引时,The <emphasis>DirectoryIndex</emphasis> "
2495
#: serverguide/C/web-servers.xml:311(para)
2497
"For example, when a user requests the page "
2498
"http://www.example.com/this_directory/, he or she will get either the "
2499
"DirectoryIndex page if it exists, a server-generated directory list if it "
2500
"does not and the Indexes option is specified, or a Permission Denied page if "
2501
"neither is true. The server will try to find one of the files listed in the "
2502
"DirectoryIndex directive and will return the first one it finds. If it does "
2503
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2504
"set for that directory, the server will generate and return a list, in HTML "
2505
"format, of the subdirectories and files in the directory. The default value, "
2506
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2507
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2508
"Apache2 finds a file in a requested directory matching any of these names, "
2509
"the first will be displayed."
2512
#: serverguide/C/web-servers.xml:332(para)
2514
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2515
"file for Apache2 to use for specific error events. For example, if a user "
2516
"requests a resource that does not exist, a 404 error will occur, and per "
2517
"Apache2's default configuration, the file "
2518
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2519
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2520
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2521
"redirects requests to the /error directory to "
2522
"<filename>/usr/share/apache2/error/</filename>."
2525
#: serverguide/C/web-servers.xml:344(para)
2527
"To see a list of the default ErrorDocument directives, use this command:"
2528
msgstr "使用此命令,可以看到默认的错误文档指令列表:"
2530
#: serverguide/C/web-servers.xml:350(command)
2531
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2532
msgstr "grep ErrorDocument /etc/apache2/apache2.conf"
2534
#: serverguide/C/web-servers.xml:355(para)
2536
"By default, the server writes the transfer log to the file "
2537
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2538
"per-site basis in your virtual host configuration files with the "
2539
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2540
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2541
"specify the file to which errors are logged, via the "
2542
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2543
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2544
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2545
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2546
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2547
"/etc/apache2/apache2.conf</filename> for the default value)."
2549
"默认情况下,服务器写的传输日志到 <filename>/var/log/apache2/access.log</filename> "
2550
"文件中。您可以改变这种基于每个站点基本虚拟主机带有 <emphasis> 自定义日志 </emphasis> 指令的文件,或者省略它接受在 "
2551
"<filename> /etc/apache2/apache2.conf </filename> 的默认配置。同样您可以通过 <emphasis> "
2552
"错误日志 </emphasis> 指令指定已经登陆的错误文件,默认日志是 <filename> /var/log/apache2/error.log "
2553
"</filename>。这些都是从传输日志分开与您的 Apache2 来帮助解决的问题。"
2555
#: serverguide/C/web-servers.xml:370(para)
2557
"Some options are specified on a per-directory basis rather than per-server. "
2558
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2559
"is enclosed in XML-like tags, like so:"
2561
"由每个目录基础来决定一些选项,而不是每个服务器。<emphasis> 选项 </emphasis> 是这些指令的其中之一。一节目录就是封闭的 XML-"
2564
#: serverguide/C/web-servers.xml:376(programlisting)
2568
"<Directory /var/www/mynewsite>\n"
2570
"</Directory>\n"
2573
"<Directory /var/www/mynewsite>\n"
2575
"</Directory>\n"
2577
#: serverguide/C/web-servers.xml:382(para)
2579
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2580
"one or more of the following values (among others), separated by spaces:"
2581
msgstr "<emphasis> 选项 </emphasis> 指令在目录接收一个或多个值(除了其它之外),由空格所分隔:"
2583
#: serverguide/C/web-servers.xml:394(para)
2585
"Most files should not be executed as CGI scripts. This would be very "
2586
"dangerous. CGI scripts should kept in a directory separate from and outside "
2587
"your DocumentRoot, and only this directory should have the ExecCGI option "
2588
"set. This is the default, and the default location for CGI scripts is "
2589
"<filename>/usr/lib/cgi-bin</filename>."
2591
"许多文件都不应该做为 CGI 脚本所执行。这会非常危险。CGI 脚本应该单独保存在一目录里和你的外部启动文档所分开,只有这目录已经设置了 ExecCGI "
2592
"选项。CGI 脚本的默认位置是 <filename> /usr/lib/cgi-bin </filename>。"
2594
#: serverguide/C/web-servers.xml:389(para)
2596
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2597
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2599
"<emphasis role=\"bold\">ExecCGI</emphasis> - 允许执行 CGI 脚本。如果该选项没有设置,则 CGI "
2600
"脚本将不能执行。<placeholder-1/>"
2602
#: serverguide/C/web-servers.xml:405(para)
2604
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2605
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2606
"other files. This is not a common option. See <ulink "
2607
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2608
"HOWTO</ulink> for more information."
2610
"<emphasis role=\"bold\">Includes</emphasis> - 允许服务器端的包含。 服务器端包括允许 HTML 文件 "
2611
"<emphasis> 包含</emphasis> 其它文件,这并不是常用选项,详情请查看 <ulink "
2612
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2615
#: serverguide/C/web-servers.xml:414(para)
2617
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2618
"includes, but disable the <emphasis>#exec</emphasis> and "
2619
"<emphasis>#include</emphasis> commands in CGI scripts."
2621
"允许服务端包含 <emphasis role=\"bold\"> IncludesNOEXEC </emphasis>,但要在 CGI 脚本里禁用 "
2622
"<emphasis> #exec </emphasis> 和 <emphasis>#include</emphasis> 命令。"
2624
#: serverguide/C/web-servers.xml:426(para)
2626
"For security reasons, this should usually not be set, and certainly should "
2627
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2628
"per-directory basis only if you are certain you want users to see the entire "
2629
"contents of the directory."
2631
"出于安全考虑,这个通常不会设置,无疑也不应在您 DocumentRoot "
2632
"目录中设置。只有在您确定您希望用户看到目录的整个内容时请小心地基于每个目录启用该选项。"
2634
#: serverguide/C/web-servers.xml:421(para)
2636
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2637
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2638
"index.html) exists in the requested directory. <placeholder-1/>"
2640
"<emphasis role=\"bold\">Indexes</emphasis> - 显示一个按特定格式的文件目录,如果被请求的目录中 "
2641
"<emphasis>DirectoryIndex</emphasis> (比如index.html)不存在 。<placeholder-1/>"
2643
#: serverguide/C/web-servers.xml:436(para)
2645
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2646
"multiviews; this option is disabled by default for security reasons. See the "
2648
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2649
"Apache2 documentation on this option</ulink>."
2651
"<emphasis role=\"bold\">Multiview</emphasis> - 支持内容协商多视图,出于安全原因,该选项默认是被禁止的。 "
2653
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2654
"Apache2 关于该选项的文档</ulink>。"
2656
#: serverguide/C/web-servers.xml:444(para)
2658
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2659
"symbolic links if the target file or directory has the same owner as the "
2662
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - "
2663
"仅在软连接与其目的文件或目录拥有相同所有者时才使用。"
2665
#: serverguide/C/web-servers.xml:456(title)
2666
msgid "httpd Settings"
2669
#: serverguide/C/web-servers.xml:458(para)
2671
"This section explains some basic <application>httpd</application> daemon "
2672
"configuration settings."
2673
msgstr "本节说明了一些基本的 <application> httpd </application> 守护进程的配置设置。"
2675
#: serverguide/C/web-servers.xml:462(para)
2677
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2678
"the path to the lockfile used when the server is compiled with either "
2679
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2680
"stored on the local disk. It should be left to the default value unless the "
2681
"logs directory is located on an NFS share. If this is the case, the default "
2682
"value should be changed to a location on the local disk and to a directory "
2683
"that is readable only by root."
2685
"<emphasis role=\"bold\">LockFile</emphasis> - 当服务器编译时使用了 "
2686
"USE_FCNTL_SERIALIZED_ACCEPT 或 USE_FLOCK_SERIALIZED_ACCEPT 参数时,使用 LockFile "
2687
"语句来设置 lockfile 的路径。它必须保存在本地磁盘上,它应该设置成缺省值,除非日志目录被定位在 NFS "
2688
"共享上。如果是这种情况,缺省值应该被改为本地磁盘的位置并且其目录只对 root 用户可读。"
2690
#: serverguide/C/web-servers.xml:471(para)
2692
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2693
"file in which the server records its process ID (pid). This file should only "
2694
"be readable by root. In most cases, it should be left to the default value."
2696
"<emphasis role=\"bold\">PidFile</emphasis> - PidFile 语句设置服务器记录其进程 ID (pid) "
2697
"的文件。该文件只对 root 用户可读。在大多数情况下,应该保留其缺省值。"
2699
#: serverguide/C/web-servers.xml:477(para)
2701
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2702
"used by the server to answer requests. This setting determines the server's "
2703
"access. Any files inaccessible to this user will also be inaccessible to "
2704
"your website's visitors. The default value for User is www-data."
2706
"<emphasis role=\"bold\">User</emphasis> - User 语句设置被服务器用于回应请求的用户 "
2707
"ID。该设置决定服务器的权限。任何该用户无法访问的文件也无法被您网站的访问者访问。用户缺省值是 www-data。"
2709
#: serverguide/C/web-servers.xml:484(para)
2711
"Unless you know exactly what you are doing, do not set the User directive to "
2712
"root. Using root as the User will create large security holes for your Web "
2715
"除非您的确知道您在做什么,否则请不要将 User 设为 root 用户。用 root 作为 User 的值将会在您的 Web 服务器中产生极大的安全漏洞。"
2717
#: serverguide/C/web-servers.xml:490(para)
2719
"The Group directive is similar to the User directive. Group sets the group "
2720
"under which the server will answer requests. The default group is also www-"
2722
msgstr "Group 语句同 User 语句相似。Group 设置被服务器用于回应请求的用户组。缺省的组也是 www-data。"
2724
#: serverguide/C/web-servers.xml:496(title)
2725
msgid "Apache2 Modules"
2728
#: serverguide/C/web-servers.xml:498(para)
2730
"Apache2 is a modular server. This implies that only the most basic "
2731
"functionality is included in the core server. Extended features are "
2732
"available through modules which can be loaded into Apache2. By default, a "
2733
"base set of modules is included in the server at compile-time. If the server "
2734
"is compiled to use dynamically loaded modules, then modules can be compiled "
2735
"separately, and added at any time using the LoadModule directive. Otherwise, "
2736
"Apache2 must be recompiled to add or remove modules."
2739
#: serverguide/C/web-servers.xml:510(para)
2741
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2742
"Configuration directives may be conditionally included on the presence of a "
2743
"particular module by enclosing them in an "
2744
"<emphasis><IfModule></emphasis> block."
2746
"Ubuntu把Apache2编译成可以动态加载模块的形式。配置命令可以通过包含在<emphasis><IfModule></emphasis>"
2749
#: serverguide/C/web-servers.xml:517(para)
2751
"You can install additional Apache2 modules and use them with your Web "
2752
"server. For example, run the following command from a terminal prompt to "
2753
"install the <emphasis>MySQL Authentication</emphasis> module:"
2755
"您可以安装额外的 Apache2 模块,并和您的 Web 服务器使用这些模块。例如,运行以下终端提示的命令来安装 <emphasis>MySQL "
2758
#: serverguide/C/web-servers.xml:524(command)
2759
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2760
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2762
#: serverguide/C/web-servers.xml:527(para)
2764
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2765
"additional modules."
2766
msgstr "请浏览 <filename>/etc/apache2/mods-available</filename> 目录,能提供更多的模块。"
2768
#: serverguide/C/web-servers.xml:531(para)
2770
"Use the <application>a2enmod</application> utility to enable a module:"
2771
msgstr "使用 <application>a2enmod</application> 功能来激活模块:"
2773
#: serverguide/C/web-servers.xml:537(command)
2774
msgid "sudo a2enmod auth_mysql"
2775
msgstr "sudo a2enmod auth_mysql"
2777
#: serverguide/C/web-servers.xml:541(para)
2778
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2779
msgstr "同样的,<application>a2dismod</application> 将禁用模块。"
2781
#: serverguide/C/web-servers.xml:546(command)
2782
msgid "sudo a2dismod auth_mysql"
2783
msgstr "sudo a2dismod auth_mysql"
2785
#: serverguide/C/web-servers.xml:553(title)
2786
msgid "HTTPS Configuration"
2789
#: serverguide/C/web-servers.xml:555(para)
2791
"The <application>mod_ssl</application> module adds an important feature to "
2792
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2793
"browser is communicating using SSL, the https:// prefix is used at the "
2794
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2797
"<application>mod_ssl</application>模块为Apache2服务器提供了一个重要特性 - 对传送内容的加密功能。因此, "
2798
"当您使用SSL浏览信息的时候,即导航栏中有https:// 前缀的情况。"
2800
#: serverguide/C/web-servers.xml:564(para)
2802
"The <application>mod_ssl</application> module is available in "
2803
"<application>apache2-common</application> package. Execute the following "
2804
"command from a terminal prompt to enable the "
2805
"<application>mod_ssl</application> module:"
2807
"软件包 <application>apache2-common</application> 中包含了 "
2808
"<application>mod_ssl</application> 模块。 在终端命令行中输入如下命令以使用 "
2809
"<application>mod_ssl</application> 模块:"
2811
#: serverguide/C/web-servers.xml:571(command)
2812
msgid "sudo a2enmod ssl"
2813
msgstr "sudo a2enmod ssl"
2815
#: serverguide/C/web-servers.xml:574(para)
2817
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2818
"available/default-ssl</filename>. In order for "
2819
"<application>Apache2</application> to provide HTTPS, a "
2820
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2821
"needed. The default HTTPS configuration will use a certificate and key "
2822
"generated by the <application>ssl-cert</application> package. They are good "
2823
"for testing, but the auto-generated certificate and key should be replaced "
2824
"by a certificate specific to the site or server. For information on "
2825
"generating a key and obtaining a certificate see <xref "
2826
"linkend=\"certificates-and-security\"/>"
2829
#: serverguide/C/web-servers.xml:584(para)
2831
"To configure <application>Apache2</application> for HTTPS, enter the "
2835
#: serverguide/C/web-servers.xml:589(command)
2836
msgid "sudo a2ensite default-ssl"
2837
msgstr "sudo a2ensite default-ssl"
2839
#: serverguide/C/web-servers.xml:593(para)
2841
"The directories <filename>/etc/ssl/certs</filename> and "
2842
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2843
"install the certificate and key in another directory make sure to change "
2844
"<emphasis>SSLCertificateFile</emphasis> and "
2845
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2847
"目录 <filename>/etc/ssl/certs</filename> 和 "
2848
"<filename>/etc/ssl/private</filename> 是默认的安全区域.如果您要把证书和密钥安装到其他的目录下,请确认更改了 "
2849
"<emphasis>SSLCertificateFile</emphasis> 和 "
2850
"<emphasis>SSLCertificateKeyFile</emphasis> 的配置。"
2852
#: serverguide/C/web-servers.xml:600(para)
2854
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2858
#: serverguide/C/web-servers.xml:611(para)
2860
"Depending on how you obtained your certificate you may need to enter a "
2861
"passphrase when <application>Apache2</application> starts."
2864
#: serverguide/C/web-servers.xml:617(para)
2866
"You can access the secure server pages by typing https://your_hostname/url/ "
2867
"in your browser address bar."
2868
msgstr "你可通过在浏览器地址栏输入https://your_hostname/url/来进入安装服务器页面。"
2870
#: serverguide/C/web-servers.xml:628(para)
2872
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2873
"Documentation</ulink> contains in depth information on Apache2 configuration "
2874
"directives. Also, see the <application>apache2-doc</application> package for "
2875
"the official Apache2 docs."
2877
"<ulink url=\"http://httpd.apache.org/docs/2.2/\"> Apache2 文档</ulink>包含 "
2878
"Apache2 配置指令更深层的信息。同样也可参考官方 Apache2 docs 文档<application>apache2-"
2879
"doc</application>包。"
2881
#: serverguide/C/web-servers.xml:635(para)
2883
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2884
"Documentation</ulink> site for more SSL related information."
2886
"请浏览 <ulink url=\"http://www.modssl.org/docs/\">Mod SSL 文件</ulink>站点可以查到更多的 "
2889
#: serverguide/C/web-servers.xml:641(para)
2891
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2892
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2895
"奥赖利的 <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2896
"菜谱</ulink> 是个能完成特定 Apache2 配置的好资料。"
2898
#: serverguide/C/web-servers.xml:647(para)
2900
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2901
"server</emphasis> IRC channel on <ulink "
2902
"url=\"http://freenode.net/\">freenode.net</ulink>."
2904
"和 Ubuntu 有关 Apache2 的更多问题,请访问在 <ulink "
2905
"url=\"http://freenode.net/\">freenode.net</ulink> 的 <emphasis>#ubuntu-"
2906
"server</emphasis> IRC 频道。"
2908
#: serverguide/C/web-servers.xml:653(para)
2910
"Usually integrated with PHP and MySQL the <ulink "
2911
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2912
"Ubuntu Wiki </ulink> page is a good resource."
2915
#: serverguide/C/web-servers.xml:664(title)
2916
msgid "PHP5 - Scripting Language"
2917
msgstr "PHP5 - 脚本语言"
2919
#: serverguide/C/web-servers.xml:665(para)
2921
"PHP is a general-purpose scripting language suited for Web development. The "
2922
"PHP script can be embedded into HTML. This section explains how to install "
2923
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2925
"PHP 是一种适合 Web 开发的通用脚本语言。PHP 脚本可以被嵌入 HTML 之中。本节解释了如何在已有 Apache2 和 MySQL 的 "
2926
"Ubuntu 系统中安装和配置 PHP5。"
2928
#: serverguide/C/web-servers.xml:669(para)
2930
"This section assumes you have installed and configured Apache2 Web Server "
2931
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2932
"sections in this document to install and configure Apache2 and MySQL "
2936
#: serverguide/C/web-servers.xml:676(para)
2937
msgid "The PHP5 is available in Ubuntu Linux."
2938
msgstr "Ubuntu Linux 中可以使用 PHP5。"
2940
#: serverguide/C/web-servers.xml:678(para)
2942
"To install PHP5 you can enter the following command in the terminal prompt: "
2944
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2947
"您可以通过在终端中输入以下命令来安装PHP5: <screen>\n"
2948
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2951
#: serverguide/C/web-servers.xml:687(para)
2953
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2954
"line you should install <application>php5-cli</application> package. To "
2955
"install <application>php5-cli</application> you can enter the following "
2956
"command in the terminal prompt: <screen>\n"
2957
"<command>sudo apt-get install php5-cli</command>\n"
2960
"您可从命令行运行 PHP5 脚本。要在命令行下运行 PHP5 脚本,您应当安装 <application>php5-cli</application> "
2961
"软件包。要安装<application>php5-cli</application>您可在终端提示符中输入如下命令:<screen>\n"
2962
"<command>sudo apt-get install php5-cli</command>\n"
2965
#: serverguide/C/web-servers.xml:696(para)
2967
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2968
"accomplish this, you should install <application>php5-cgi</application> "
2969
"package. You can run the following command in a terminal prompt to install "
2970
"<application>php5-cgi</application> package: <screen>\n"
2971
"<command>sudo apt-get install php5-cgi</command>\n"
2974
"您也可以在不安装PHP5的Apache组件的前提下执行PHP5脚本。要实现这个,您应当安装 <application>php5-"
2975
"cgi</application> 软件包。您可您可在终端提示符中运行如下命令来安装 <application>php5-"
2976
"cgi</application> 软件包:<screen>\n"
2977
"<command>sudo apt-get install php5-cgi</command>\n"
2980
#: serverguide/C/web-servers.xml:706(para)
2982
"To use <application>MySQL</application> with PHP5 you should install "
2983
"<application>php5-mysql</application> package. To install <application>php5-"
2984
"mysql</application> you can enter the following command in the terminal "
2985
"prompt: <screen>\n"
2986
"<command>sudo apt-get install php5-mysql</command>\n"
2989
"若想通过 PHP5 使用 MySQL,您需要安装 <application>php5-mysql</application> "
2990
"包。您可以在终端输入如下命令来安装 <application>php5-mysql</application>:<screen>\n"
2991
"<command>sudo apt-get install php5-mysql</command>\n"
2994
#: serverguide/C/web-servers.xml:714(para)
2996
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2997
"install <application>php5-pgsql</application> package. To install "
2998
"<application>php5-pgsql</application> you can enter the following command in "
2999
"the terminal prompt: <screen>\n"
3000
"<command>sudo apt-get install php5-pgsql</command>\n"
3003
"类似的,若想通过 PHP5 使用 PostgreSQL,您需要安装 <application>php5-pgsql</application> "
3004
"包。您可以在终端输入如下命令来安装 <application>php5-pgsql</application>:<screen>\n"
3005
"<command>sudo apt-get install php5-pgsql</command>\n"
3008
#: serverguide/C/web-servers.xml:727(para)
3010
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3011
"you have installed <application>php5-cli</application> package, you can run "
3012
"PHP5 scripts from your command prompt."
3014
"当你安装了PHP5后,你就可以在你的浏览器里运行PHP5脚本了。而且,如果你也安装了<application>php5-"
3015
"cli</application>软件包,你就可以在命令提示符下运行PHP5脚本了。"
3017
#: serverguide/C/web-servers.xml:734(para)
3019
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3020
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3021
"when you install the module. Please verify if the files "
3022
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3023
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3024
"not exists, you can enable the module using <command>a2enmod</command> "
3027
"Apache 2 Web 服务器被默认配置为运行 PHP5 脚本。换句话说,在您安装了 PHP5 模块之后其就被自动在 Apache 2 Web "
3028
"服务器中加载了。请确认 <filename>/etc/apache2/mods-enabled/php5.conf</filename> 文件和 "
3029
"<filename>/etc/apache2/mods-enabled/php5.load</filename> "
3030
"文件是否存在。如果它们不存在的话,您可以使用 <command>a2enmod</command> 命令来加载模块。"
3032
#: serverguide/C/web-servers.xml:745(para)
3034
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3035
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3036
"following command at a terminal prompt to restart your web server: "
3037
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3039
"一旦您安装了 PHP5 相关的包并加载了 PHP5 的 Apache 2 模块,您应当重启 Apache2 Web 服务器以便运行 PHP5 "
3040
"脚本。您可以在终端输入以下命令来重启您的 web 服务器:<screen><command>sudo /etc/init.d/apache2 "
3041
"restart</command> </screen>"
3043
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3047
#: serverguide/C/web-servers.xml:754(para)
3049
"To verify your installation, you can run following PHP5 phpinfo script:"
3050
msgstr "您可以运行如下的 PHP5 phpinfo 脚本来验证您的安装:"
3052
#: serverguide/C/web-servers.xml:757(programlisting)
3065
#: serverguide/C/web-servers.xml:762(para)
3067
"You can save the content in a file <filename>phpinfo.php</filename> and "
3068
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3069
"server. When point your browser to "
3070
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3071
"various PHP5 configuration parameters."
3073
"您可以将此内容保存在一个 <filename>phpinfo.php</filename> 文件中并将其放在 Apache2 Web 服务器的 "
3074
"<command>DocumentRoot</command> 目录下。当把您的浏览器指向 "
3075
"<filename>http://hostname/phpinfo.php</filename> 后,将会显示 PHP5 的各种配置参数的值。"
3077
#: serverguide/C/web-servers.xml:776(para)
3079
"For more in depth information see <ulink "
3080
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3082
"更多的高级应用资料请访问<ulink url=\"http://www.php.net/docs.php\">php.net</ulink> 文档。"
3084
#: serverguide/C/web-servers.xml:781(para)
3086
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3087
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3088
"5</ulink> and the <ulink "
3089
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3091
"有很多关于 PHP 的书籍。推荐两本奥赖利的书是<ulink "
3092
"url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3093
"5</ulink>和<ulink url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook "
3096
#: serverguide/C/web-servers.xml:788(para)
3098
"Also, see the <ulink "
3099
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3100
"Ubuntu Wiki</ulink> page for more information."
3103
#: serverguide/C/web-servers.xml:799(title)
3104
msgid "Squid - Proxy Server"
3105
msgstr "Squid - 代理服务器"
3107
#: serverguide/C/web-servers.xml:800(para)
3109
"Squid is a full-featured web proxy cache server application which provides "
3110
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3111
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3112
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3113
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3114
"caching. Squid also supports a wide variety of caching protocols, such as "
3115
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3116
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3119
"Squid 是一个全功能的 web 代理与缓存服务器应用程序,它为超文本传输协议 (HTTP)、文件传输协议 (FTP) "
3120
"以及其他流行网络协议提供代理和缓存服务。Squid 可以实现安全套接层 (SSL) 请求的缓存和代理、域名服务器 (DNS) "
3121
"的缓存以及进行传输缓存。Squid 也支持大量不同的缓存协议,如 Internet 缓存协议 (ICP)、超文本缓存协议 (HTCP)、缓存阵列路由协议 "
3122
"(CARP) 以及 Web 缓存协同协议 (WCCP)。"
3124
#: serverguide/C/web-servers.xml:808(para)
3126
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3127
"and caching server needs, and scales from the branch office to enterprise "
3128
"level networks while providing extensive, granular access control mechanisms "
3129
"and monitoring of critical parameters via the Simple Network Management "
3130
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3131
"Squid proxy, or caching servers, ensure your system is configured with a "
3132
"large amount of physical memory, as Squid maintains an in-memory cache for "
3133
"increased performance."
3136
"代理缓存服务器对于不同的代理和缓存服务器需求来说是一个极好的解决方案,它适用于从分支机构到企业级的网络,访问控制机制的粒度以及通过简单网络管理协议 "
3137
"(SNMP) 对临界参数的监视。当选择计算机系统用于 Squid 代理或缓存服务器时,请确保您的系统配置大量的物理内存以便 Squid "
3140
#: serverguide/C/web-servers.xml:817(para)
3142
"At a terminal prompt, enter the following command to install the Squid "
3144
msgstr "在终端提示符后输入下列命令安装 Squid 服务器:"
3146
#: serverguide/C/web-servers.xml:822(command)
3147
msgid "sudo apt-get install squid"
3148
msgstr "sudo apt-get install squid"
3150
#: serverguide/C/web-servers.xml:828(para)
3152
"Squid is configured by editing the directives contained within the "
3153
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3154
"examples illustrate some of the directives which may be modified to affect "
3155
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3156
"see the References section."
3158
"Squid 可以通过编辑在 <filename>/etc/squid/squid.conf</filename> "
3159
"配置文件中的语句来进行配置。下面的范例说明一些语句的修改可能对 Squid 服务器的影响。更多 Squid 的配置可以参阅参考章节。"
3161
#: serverguide/C/web-servers.xml:834(para)
3163
"Prior to editing the configuration file, you should make a copy of the "
3164
"original file and protect it from writing so you will have the original "
3165
"settings as a reference, and to re-use as necessary."
3166
msgstr "在编辑配置文件之前,您应该生成一份原始文件副本并对其进行写保护,以便您可以将原始文件作为参考并在必要时重用它。"
3168
#: serverguide/C/web-servers.xml:837(para)
3170
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3171
"writing with the following commands entered at a terminal prompt:"
3173
"要拷贝 <filename>/etc/squid/squid.conf</filename> 文件并对其进行写保护,可以在终端提示符后使用以下命令:"
3175
#: serverguide/C/web-servers.xml:842(command)
3176
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3177
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3179
#: serverguide/C/web-servers.xml:843(command)
3180
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3181
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3183
#: serverguide/C/web-servers.xml:849(para)
3185
"To set your Squid server to listen on TCP port 8888 instead of the default "
3186
"TCP port 3128, change the http_port directive as such:"
3188
"要将您的 Squid 服务器监听 TCP 端口 8888 以代替缺省的 TCP 端口 3128,可以如下所示修改 http_port 语句:"
3190
#: serverguide/C/web-servers.xml:853(programlisting)
3199
#: serverguide/C/web-servers.xml:858(para)
3201
"Change the visible_hostname directive in order to give the Squid server a "
3202
"specific hostname. This hostname does not necessarily need to be the "
3203
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3205
"改变 visible_hostname 语句是为了给 Squid 服务器一个特定的主机名。该主机名并必是计算机的主机名。在本范例中它被设为 "
3206
"<emphasis>weezie</emphasis>。"
3208
#: serverguide/C/web-servers.xml:862(programlisting)
3212
"visible_hostname weezie\n"
3215
"visible_hostname weezie\n"
3217
#: serverguide/C/web-servers.xml:867(para)
3219
"Using Squid's access control, you may configure use of Internet services "
3220
"proxied by Squid to be available only users with certain Internet Protocol "
3221
"(IP) addresses. For example, we will illustrate access by users of the "
3222
"192.168.42.0/24 subnetwork only:"
3225
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3227
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3228
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3230
"将下列语句添加到您 <filename>/etc/squid/squid.conf</filename> 文件 ACL 部分的 <emphasis "
3231
"role=\"bold\">底部</emphasis>:"
3233
#: serverguide/C/web-servers.xml:875(programlisting)
3237
"acl fortytwo_network src 192.168.42.0/24\n"
3240
"acl fortytwo_network src 192.168.42.0/24\n"
3242
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3244
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3245
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3247
"然后添加下列语句到你 <filename>/etc/squid/squid.conf</filename> 文件 http_access 部分的 "
3248
"<emphasis role=\"bold\">顶部</emphasis>:"
3250
#: serverguide/C/web-servers.xml:882(programlisting)
3254
"http_access allow fortytwo_network\n"
3257
"http_access allow fortytwo_network\n"
3259
#: serverguide/C/web-servers.xml:887(para)
3261
"Using the excellent access control features of Squid, you may configure use "
3262
"of Internet services proxied by Squid to be available only during normal "
3263
"business hours. For example, we'll illustrate access by employees of a "
3264
"business which is operating between 9:00AM and 5:00PM, Monday through "
3265
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3267
"使用 Squid 卓越的访问控制功能,您可以通过 Squid 代理将 Internet "
3268
"服务配置成仅限于在正常商务时间使用。例如,我们将举例说明只允许来自 10.1.42.0/24 子网的商务雇员在周一到周五的上午 9:00 到 下午 "
3271
#: serverguide/C/web-servers.xml:895(programlisting)
3275
"acl biz_network src 10.1.42.0/24\n"
3276
"acl biz_hours time M T W T F 9:00-17:00\n"
3279
"acl biz_network src 10.1.42.0/24\n"
3280
"acl biz_hours time M T W T F 9:00-17:00\n"
3282
#: serverguide/C/web-servers.xml:903(programlisting)
3286
"http_access allow biz_network biz_hours\n"
3289
"http_access allow biz_network biz_hours\n"
3291
#: serverguide/C/web-servers.xml:910(para)
3293
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3294
"save the file and restart the <application>squid</application> server "
3295
"application to effect the changes using the following command entered at a "
3298
"在修改 <filename>/etc/squid/squid.conf</filename> 文件后,保存该文件并重启 "
3299
"<application>squid</application> 服务器应用程序以使改动生效。可以在终端提示符后使用下列命令:"
3301
#: serverguide/C/web-servers.xml:917(command)
3302
msgid "sudo /etc/init.d/squid restart"
3303
msgstr "sudo /etc/init.d/squid restart"
3305
#: serverguide/C/web-servers.xml:924(ulink)
3306
msgid "Squid Website"
3309
#: serverguide/C/web-servers.xml:926(para)
3311
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3312
"Squid</ulink> page."
3315
#: serverguide/C/web-servers.xml:933(title)
3316
msgid "Ruby on Rails"
3317
msgstr "Ruby on Rails"
3319
#: serverguide/C/web-servers.xml:934(para)
3321
"Ruby on Rails is an open source web framework for developing database backed "
3322
"web applications. It is optimized for sustainable productivity of the "
3323
"programmer since it lets the programmer to write code by favouring "
3324
"convention over configuration."
3326
"Ruby on Rails 是一个用于开发以数据库为后台的 web 应用程序的开源 web "
3327
"框架。其为发挥程序员持久的生产力而优化,因为它能让程序员通过有益的约定而不是配置来编写代码。"
3329
#: serverguide/C/web-servers.xml:941(para)
3331
"Before installing <application>Rails</application> you should install "
3332
"<application>Apache</application> and <application>MySQL</application>. To "
3333
"install the <application>Apache</application> package, please refer to <xref "
3334
"linkend=\"httpd\"/>. For instructions on installing "
3335
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3337
"在安装<application>Rails</application> 之前你应该安装<application>Apache</application> "
3338
"和 <application>MySQL</application>。关于<application>Apache</application> "
3339
"软件包的安装, 请参考<xref linkend=\"httpd\"/>。关于 <application>MySQL</application>则请参考 "
3340
"<xref linkend=\"mysql\"/>。"
3342
#: serverguide/C/web-servers.xml:949(para)
3344
"Once you have <application>Apache</application> and "
3345
"<application>MySQL</application> packages installed, you are ready to "
3346
"install <application>Ruby on Rails</application> package."
3348
"当你安装好了<application>Apache</application>和<application>MySQL</application>,你就可以"
3349
"安装<application>Ruby on Rails</application>软件包了。"
3351
#: serverguide/C/web-servers.xml:956(para)
3353
"To install the <application>Ruby</application> base packages and "
3354
"<application>Ruby on Rails</application>, you can enter the following "
3355
"command in the terminal prompt:"
3357
"要安装<application>Ruby</application>基础包和<application>Ruby on "
3358
"Rails</application>,你可以在终端输入如下命令:"
3360
#: serverguide/C/web-servers.xml:962(command)
3361
msgid "sudo apt-get install rails"
3362
msgstr "sudo apt-get install rails"
3364
#: serverguide/C/web-servers.xml:968(para)
3366
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3367
"configuration file to setup your domains."
3369
"修改配置文件<filename>/etc/apache2/sites-available/default</filename>以建立起你的域名。"
3371
#: serverguide/C/web-servers.xml:972(para)
3373
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3374
msgstr "首先改变的是<emphasis>DocumentRoot</emphasis>指令:"
3376
#: serverguide/C/web-servers.xml:976(programlisting)
3380
"DocumentRoot /path/to/rails/application/public\n"
3383
"DocumentRoot /path/to/rails/application/public\n"
3385
#: serverguide/C/web-servers.xml:979(para)
3387
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3389
msgstr "下一步,改变 <Directory \"/path/to/rails/application/public\"> 指令:"
3391
#: serverguide/C/web-servers.xml:983(programlisting)
3395
"<Directory \"/path/to/rails/application/public\">\n"
3396
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3397
" AllowOverride All\n"
3398
" Order allow,deny\n"
3400
" AddHandler cgi-script .cgi\n"
3401
"</Directory>\n"
3404
"<Directory \"/path/to/rails/application/public\">\n"
3405
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3406
" AllowOverride All\n"
3407
" Order allow,deny\n"
3409
" AddHandler cgi-script .cgi\n"
3410
"</Directory>\n"
3412
#: serverguide/C/web-servers.xml:993(para)
3414
"You should also enable the <application>mod_rewrite</application> module for "
3415
"Apache. To enable <application>mod_rewrite</application> module, please "
3416
"enter the following command in a terminal prompt:"
3418
"你也必须为Apache打开<application>mod_rewrite</application>模块。请在终端输入如下命令来打开<applicati"
3419
"on>mod_rewrite</application>模块:"
3421
#: serverguide/C/web-servers.xml:999(command)
3422
msgid "sudo a2enmod rewrite"
3423
msgstr "sudo a2enmod rewrite"
3425
#: serverguide/C/web-servers.xml:1002(para)
3427
"Finally you will need to change the ownership of the "
3428
"<filename>/path/to/rails/application/public</filename> and "
3429
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3430
"used to run the <application>Apache</application> process:"
3432
"最后,您将需要改变<filename>/path/to/rails/application/public</filename> 与 "
3433
"<filename>/path/to/rails/application/tmp</filename> "
3434
"目录的所有权到运行<application>Apache</application> 进程的用户:"
3436
#: serverguide/C/web-servers.xml:1008(command)
3437
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3438
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
3440
#: serverguide/C/web-servers.xml:1009(command)
3441
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3442
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3444
#: serverguide/C/web-servers.xml:1012(para)
3446
"That's it! Now you have your Server ready for your <application>Ruby on "
3447
"Rails</application> applications."
3448
msgstr "搞定!现在您的服务器已经可以运行 <application>Ruby on Rails</application> 应用程序。"
3450
#: serverguide/C/web-servers.xml:1021(para)
3452
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3453
"for more information."
3455
"查看更多信息请浏览<ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink>站点。"
3457
#: serverguide/C/web-servers.xml:1026(para)
3459
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3460
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3463
"同样,<ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-with-"
3464
"rails-third-edition\">Agile Development with Rails</ulink>是个不错的学习材料。"
3466
#: serverguide/C/web-servers.xml:1032(para)
3468
"Another place for more information is the <ulink "
3469
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3470
"Wiki</ulink> page."
3473
#: serverguide/C/web-servers.xml:1043(title)
3474
msgid "Apache Tomcat"
3475
msgstr "Apache Tomcat"
3477
#: serverguide/C/web-servers.xml:1044(para)
3479
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3480
"JSP (Java Server Pages) web applications."
3482
"Apache Tomcat 是一个 Web 容器,允许您为 Java Serlets 和 JSP(Java 服务器页面) 的 Web 应用提供服务。"
3484
#: serverguide/C/web-servers.xml:1046(para)
3486
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3487
"different ways of running Tomcat. You can install them as a classic unique "
3488
"system-wide instance, that will be started at boot time and will run as the "
3489
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3490
"will run with your own user rights, and that you should start and stop by "
3491
"yourself. This second way is particularly useful in a development server "
3492
"context where multiple users need to test on their own private Tomcat "
3495
"Ubuntu 中的 <application>Tomcat 6.0</application> 可以有两种不同的方式来运行 Tomcat。 "
3496
"您可以将它安装成经典的系统级的单一实例,在系统启动时就开启,并作为 tomcat6 未授权的用户运行。 "
3497
"您也可以部署私有实例,以您自己的用户权限来运行,这样,就需要您自己手动开启或停止。 在多个用户需要测试它们自己单独的 Tomcat "
3498
"实例的服务器开发场合,后一种方式特别有用。"
3500
#: serverguide/C/web-servers.xml:1056(title)
3501
msgid "System-wide installation"
3504
#: serverguide/C/web-servers.xml:1057(para)
3506
"To install the <application>Tomcat</application> server, you can enter the "
3507
"following command in the terminal prompt:"
3508
msgstr "要安装 <application>Tomcat</application> 服务器,您可在终端命令行中输入:"
3510
#: serverguide/C/web-servers.xml:1060(command)
3511
msgid "sudo apt-get install tomcat6"
3512
msgstr "sudo apt-get install tomcat6"
3514
#: serverguide/C/web-servers.xml:1062(para)
3516
"This will install a Tomcat server with just a default ROOT webapp that "
3517
"displays a minimal \"It works\" page by default."
3518
msgstr "这将安装只带有一个默认的 ROOT Web 应用程序的 Tomcat 服务器,该 Web 应用程序默认仅显示 “正常工作” 的页面。"
3520
#: serverguide/C/web-servers.xml:1068(para)
3522
"Tomcat configuration files can be found in "
3523
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3524
"will be described here, please see <ulink "
3525
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3526
"documentation</ulink> for more."
3528
"Tomcat 配置文件可以在 <filename>/etc/tomcat6</filename> 中找到,这里仅简述一些常用的配置要点,请查看 "
3529
"<ulink url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3530
"documentation</ulink> 以了解更多。"
3532
#: serverguide/C/web-servers.xml:1074(title)
3533
msgid "Changing default ports"
3536
#: serverguide/C/web-servers.xml:1075(para)
3538
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3539
"connector on port 8009. You might want to change those default ports to "
3540
"avoid conflict with another server on the system. This is done by changing "
3541
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3543
"默认情况下,Tomcat 6.0 在 8080 端口上运行一个 HTTP 连接器,并在 8009 端口上运行 AJP 连接器。 "
3544
"为避免与系统中其它服务器发生冲突,您可能需要修改这些默认的端口。 可以通过修改 "
3545
"<filename>/etc/tomcat6/server.xml</filename> 中如下行来实现:"
3547
#: serverguide/C/web-servers.xml:1080(programlisting)
3551
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3552
" connectionTimeout=\"20000\" \n"
3553
" redirectPort=\"8443\" />\n"
3555
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3559
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3560
" connectionTimeout=\"20000\" \n"
3561
" redirectPort=\"8443\" />\n"
3563
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3566
#: serverguide/C/web-servers.xml:1089(title)
3567
msgid "Changing JVM used"
3570
#: serverguide/C/web-servers.xml:1090(para)
3572
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3573
"then try some other JVMs. If you have various JVMs installed, you can set "
3574
"which should be used by setting JAVA_HOME in "
3575
"<filename>/etc/default/tomcat6</filename>:"
3577
"默认情况下,Tomcat 优先使用 OpenJDK-6,然后偿试使用 Sun 公司的 JVM,最后再偿试使用其它的 JVM。 如果您安装了多个 "
3578
"JVM,您可以在 <filename>/etc/default/tomcat6</filename> 中设置 JAVA_HOME 以确定哪个 JVM:"
3580
#: serverguide/C/web-servers.xml:1094(programlisting)
3584
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3587
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3589
#: serverguide/C/web-servers.xml:1099(title)
3590
msgid "Declaring users and roles"
3593
#: serverguide/C/web-servers.xml:1100(para)
3595
"Usernames, passwords and roles (groups) can be defined centrally in a "
3596
"Servlet container. In Tomcat 6.0 this is done in the "
3597
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3599
"用户名、密码以及角色(组)可以在 Servlet 容器中集中定义。 Tomcat 6.0 使用 "
3600
"<filename>/etc/tomcat6/tomcat-users.xml</filename> 来完成:"
3602
#: serverguide/C/web-servers.xml:1103(programlisting)
3606
"<role rolename=\"admin\"/>\n"
3607
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3610
"<role rolename=\"admin\"/>\n"
3611
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3613
#: serverguide/C/web-servers.xml:1111(title)
3614
msgid "Using Tomcat standard webapps"
3615
msgstr "使用 Tomcat 标准应用程序"
3617
#: serverguide/C/web-servers.xml:1112(para)
3619
"Tomcat is shipped with webapps that you can install for documentation, "
3620
"administration or demo purposes."
3621
msgstr "Tomcat 捆绑了一些应用程序,您可以安装作为文档、管理和演示之用。"
3623
#: serverguide/C/web-servers.xml:1115(title)
3624
msgid "Tomcat documentation"
3627
#: serverguide/C/web-servers.xml:1116(para)
3629
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3630
"documentation, packaged as a webapp that you can access by default at "
3631
"http://yourserver:8080/docs. You can install it by entering the following "
3632
"command in the terminal prompt:"
3634
"tomcat6-docs 软件包带有 Tomcat 6.0 文档,该文档打包成应用程序,您可以使用默认的地址 "
3635
"http://yourserver:8080/docs 访问。 您可以在终端命令行中输入如下命令来安装该软件包:"
3637
#: serverguide/C/web-servers.xml:1121(command)
3638
msgid "sudo apt-get install tomcat6-docs"
3639
msgstr "sudo apt-get install tomcat6-docs"
3641
#: serverguide/C/web-servers.xml:1125(title)
3642
msgid "Tomcat administration webapps"
3643
msgstr "Tomcat 管理应用程序"
3645
#: serverguide/C/web-servers.xml:1126(para)
3647
"The <application>tomcat6-admin</application> package contains two webapps "
3648
"that can be used to administer the Tomcat server using a web interface. You "
3649
"can install them by entering the following command in the terminal prompt:"
3651
"tomcat6-admin 软件包包含两个应用程序,可以通过 Web 页面对 Tomcat "
3652
"服务器进行管理。您可以在终端命令行中输入如下命令来安装该软件包:"
3654
#: serverguide/C/web-servers.xml:1131(command)
3655
msgid "sudo apt-get install tomcat6-admin"
3656
msgstr "sudo apt-get install tomcat6-admin"
3658
#: serverguide/C/web-servers.xml:1133(para)
3660
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3661
"access by default at http://yourserver:8080/manager/html. It is primarily "
3662
"used to get server status and restart webapps."
3664
"第一个应用程序是 manager,您可以在默认的地址 http://yourserver:8080/manager/html "
3665
"进行访问。它主要用于获取服务器状态以及重启应用程序。"
3667
#: serverguide/C/web-servers.xml:1136(para)
3669
"Access to the <emphasis>manager</emphasis> application is protected by "
3670
"default: you need to define a user with the role \"manager\" in "
3671
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3673
"默认情况下,对 manager 应用程序的访问是被保护的。在访问之前,您需要在 <filename>/etc/tomcat6/tomcat-"
3674
"users.xml</filename> 中定义一个“manager“角色的用户。"
3676
#: serverguide/C/web-servers.xml:1140(para)
3678
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3679
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3680
"used to create virtual hosts dynamically."
3682
"第二个应用程序是 host-manager,您可以在默认的地址 http://yourserver:8080/host-manager/html "
3683
"进行访问。它可以用于动态创建虚拟主机。"
3685
#: serverguide/C/web-servers.xml:1144(para)
3687
"Access to the <emphasis>host-manager</emphasis> application is also "
3688
"protected by default: you need to define a user with the role \"admin\" in "
3689
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3691
"默认情况下,对 host-manager 应用程序的访问也是被保护的。在访问之前,您需要在 <filename>/etc/tomcat6/tomcat-"
3692
"users.xml</filename> 中定义一个“admin“角色的用户。"
3694
#: serverguide/C/web-servers.xml:1149(para)
3696
"For security reasons, the tomcat6 user cannot write to the "
3697
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3698
"these admin webapps (application deployment, virtual host creation) need "
3699
"write access to that directory. If you want to use these features execute "
3700
"the following, to give users in the tomcat6 group the necessary rights:"
3702
"出于安全考虑,默认情况下,Tomcat6 用户对 <filename>/etc/tomcat6</filename> "
3703
"目录是不可写的,但这些管理应用程序中的某些功能(部署应用、创建虚拟主机)需要访问该目录,如果您需要使用这些功能,执行如下命令,以对 tomcat6 "
3706
#: serverguide/C/web-servers.xml:1156(command)
3707
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3708
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3710
#: serverguide/C/web-servers.xml:1157(command)
3711
msgid "sudo chmod -R g+w /etc/tomcat6"
3712
msgstr "sudo chmod -R g+w /etc/tomcat6"
3714
#: serverguide/C/web-servers.xml:1162(title)
3715
msgid "Tomcat examples webapps"
3716
msgstr "Tomcat 示例应用程序"
3718
#: serverguide/C/web-servers.xml:1163(para)
3720
"The <application>tomcat6-examples</application> package contains two webapps "
3721
"that can be used to test or demonstrate Servlets and JSP features, which you "
3722
"can access them by default at http://yourserver:8080/examples. You can "
3723
"install them by entering the following command in the terminal prompt:"
3725
"tomcat6-examples 软件包包含两个应用程序,可以用于测试和演示 Servlets 和 JSP 功能,您可以在默认的地址 "
3726
"http://yourserver:8080/examples 进行访问。您可以在终端命令行中输入如下命令来安装:"
3728
#: serverguide/C/web-servers.xml:1169(command)
3729
msgid "sudo apt-get install tomcat6-examples"
3730
msgstr "sudo apt-get install tomcat6-examples"
3732
#: serverguide/C/web-servers.xml:1175(title)
3733
msgid "Using private instances"
3736
#: serverguide/C/web-servers.xml:1176(para)
3738
"Tomcat is heavily used in development and testing scenarios where using a "
3739
"single system-wide instance doesn't meet the requirements of multiple users "
3740
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3741
"help deploy your own user-oriented instances, allowing every user on a "
3742
"system to run (without root rights) separate private instances while still "
3743
"using the system-installed libraries."
3745
"Tomcat被广泛的应用于使用单一系统范围实例不需要考虑单一系统下多用户需求情景下的开发和测试方案。Ubuntu里的Tomcat6.0的包和相关工具可以帮"
3746
"助你部署你自己的面向用户的实例、允许每个系统用户运行(非root权限的)彼此分隔的私有实例,虽然这仍然是在使用以系统权限安装的库。"
3748
#: serverguide/C/web-servers.xml:1183(para)
3750
"It is possible to run the system-wide instance and the private instances in "
3751
"parallel, as long as they do not use the same TCP ports."
3752
msgstr "只要他们不使用同样的 TCP 端口,有可能并行运行全系统例子和人例子。"
3754
#: serverguide/C/web-servers.xml:1187(title)
3755
msgid "Installing private instance support"
3758
#: serverguide/C/web-servers.xml:1188(para)
3760
"You can install everything necessary to run private instances by entering "
3761
"the following command in the terminal prompt:"
3762
msgstr "您可以安装所必需的和在终端提示上键入以下命令来运行个人事例:"
3764
#: serverguide/C/web-servers.xml:1191(command)
3765
msgid "sudo apt-get install tomcat6-user"
3766
msgstr "sudo apt-get install tomcat6-user"
3768
#: serverguide/C/web-servers.xml:1195(title)
3769
msgid "Creating a private instance"
3772
#: serverguide/C/web-servers.xml:1196(para)
3774
"You can create a private instance directory by entering the following "
3775
"command in the terminal prompt:"
3776
msgstr "你可以在终端处键入以下命令来建立个人文档目录:"
3778
#: serverguide/C/web-servers.xml:1199(command)
3779
msgid "tomcat6-instance-create my-instance"
3780
msgstr "tomcat6-instance-create my-instance"
3782
#: serverguide/C/web-servers.xml:1201(para)
3784
"This will create a new <filename>my-instance</filename> directory with all "
3785
"the necessary subdirectories and scripts. You can for example install your "
3786
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3787
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3788
"are deployed by default."
3790
"这将会创建新的<filename>my-"
3791
"instance</filename>目录以提供一切必需子目录和脚本。例如,您也可以共同安装库在<filename>lib/</filename>子目录里"
3792
"来布置 webapps 在您的<filename>webapps/</filename>子目录里。默认下是没有布置 webapps 的。"
3794
#: serverguide/C/web-servers.xml:1209(title)
3795
msgid "Configuring your private instance"
3798
#: serverguide/C/web-servers.xml:1210(para)
3800
"You will find the classic Tomcat configuration files for your private "
3801
"instance in the <filename>conf/</filename> subdirectory. You should for "
3802
"example certainly edit the <filename>conf/server.xml</filename> file to "
3803
"change the default ports used by your private Tomcat instance to avoid "
3804
"conflict with other instances that might be running."
3806
"您会在您个人示范 <filename>conf/</filename> 子目录里找到典型的 Tomcat 配置文件。你应该个人 Tomcat 示范编辑 "
3807
"<filename>conf/server.xml</filename> 文件来改变默认端口的使用,以避免运行时和其它的示范有冲突。"
3809
#: serverguide/C/web-servers.xml:1218(title)
3810
msgid "Starting/stopping your private instance"
3811
msgstr "开始/停止 您的个人事例"
3813
#: serverguide/C/web-servers.xml:1219(para)
3815
"You can start your private instance by entering the following command in the "
3816
"terminal prompt (supposing your instance is located in the <filename>my-"
3817
"instance</filename> directory):"
3818
msgstr "您可以键入以下终端提示命令来启动你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
3820
#: serverguide/C/web-servers.xml:1223(command)
3821
msgid "my-instance/bin/startup.sh"
3822
msgstr "my-instance/bin/startup.sh"
3824
#: serverguide/C/web-servers.xml:1225(para)
3826
"You should check the <filename>logs/</filename> subdirectory for any error. "
3827
"If you have a <emphasis>java.net.BindException: Address already in "
3828
"use<null>:8080</emphasis> error, it means that the port you're using "
3829
"is already taken and that you should change it."
3831
"您应该检查<filename>logs/</filename>子目录里的任何错误。如果出现 "
3832
"<emphasis>java.net.BindException: 地址已经在使用<null>:8080</emphasis> "
3833
"的错误,这意味着你您使用的端口已经被标记,您应该要使用另一端口。"
3835
#: serverguide/C/web-servers.xml:1230(para)
3837
"You can stop your instance by entering the following command in the terminal "
3838
"prompt (supposing your instance is located in the <filename>my-"
3839
"instance</filename> directory):"
3840
msgstr "您可以键入以下终端提示命令来停止你个人事例(认定您的事例已锁在<filename>my-instance</filename>目录里):"
3842
#: serverguide/C/web-servers.xml:1234(command)
3843
msgid "my-instance/bin/shutdown.sh"
3844
msgstr "my-instance/bin/shutdown.sh"
3846
#: serverguide/C/web-servers.xml:1243(para)
3848
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3849
"website for more information."
3851
"请浏览<ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink>站点查看更多信息。"
3853
#: serverguide/C/web-servers.xml:1248(para)
3855
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3856
"Definitive Guide</ulink> is a good resource for building web applications "
3859
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3860
"Definitive Guide</ulink> 是一份很好的关于使用Tomcat搭建Web应用程序的资源"
3862
#: serverguide/C/web-servers.xml:1254(para)
3864
"For additional books see the <ulink "
3865
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3868
"更多的书籍请浏览<ulink url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat "
3869
"Books</ulink>清单页面。"
3871
#: serverguide/C/web-servers.xml:1259(para)
3873
"Also, see the<ulink "
3874
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3875
"Tomcat</ulink> page."
3878
#: serverguide/C/vpn.xml:13(title)
3882
#: serverguide/C/vpn.xml:15(para)
3884
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3885
"network connection between two or more networks. There are several ways to "
3886
"create a VPN using software as well as dedicated hardware appliances. This "
3887
"chapter will cover installing and configuring "
3888
"<application>OpenVPN</application> to create a VPN between two servers."
3890
"虚拟私有网络,即<emphasis>VPN</emphasis>,是两个或多个网络之间的加密网络连接。 "
3891
"有几种使用软件或专有硬件来创建VPN。本章会讲解如何通过安装和配置<application>OpenVPN</application>来在两个服务器之间创"
3894
#: serverguide/C/vpn.xml:23(title)
3898
#: serverguide/C/vpn.xml:25(para)
3900
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3901
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3902
"clients through a bridge interface on the VPN server. This guide will assume "
3903
"that one VPN node, the server in this case, has a bridge interface "
3904
"configured. For more information on setting up a bridge see <xref "
3905
"linkend=\"bridging\"/>."
3907
"OpenVPN 使用公开密钥(PKI)来加密两个节点间的 VPN 通讯,用 OpenVPN 简单建立一个 VPN 连接的方法是使客户端通过 VPN "
3908
"服务器上的网桥接口建设连接。这个向导将假设一个 VPN 节点提供以上这种服务,已经配置好了一个网桥接口。更多关于如何建立网桥的信息请查看<xref "
3909
"linkend=\"bridging\"/>。"
3911
#: serverguide/C/vpn.xml:35(para)
3912
msgid "To install <application>openvpn</application> in a terminal enter:"
3913
msgstr "要安装<application>openvpn</application>,请在终端输入:"
3915
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3916
msgid "sudo apt-get install openvpn"
3917
msgstr "sudo apt-get install openvpn"
3919
#: serverguide/C/vpn.xml:45(title)
3920
msgid "Server Certificates"
3923
#: serverguide/C/vpn.xml:47(para)
3925
"Now that the <application>openvpn</application> package is installed, the "
3926
"certificates for the VPN server need to be created."
3927
msgstr "现在<application>openvpn</application>包已安装,接下来要为VPN服务器创建证书。"
3929
#: serverguide/C/vpn.xml:52(para)
3931
"First, copy the <filename>easy-rsa</filename> directory to "
3932
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3933
"scripts will not be lost when the package is updated. You will also need to "
3934
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3935
"the current user permission to create files. From a terminal enter:"
3938
#: serverguide/C/vpn.xml:59(command)
3939
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3940
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
3942
#: serverguide/C/vpn.xml:60(command)
3944
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3948
#: serverguide/C/vpn.xml:61(command)
3949
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3952
#: serverguide/C/vpn.xml:64(para)
3954
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3955
"following to your environment:"
3956
msgstr "接下来,编辑<filename>/etc/openvpn/easy-rsa/vars</filename>调整到适合您的环境:"
3958
#: serverguide/C/vpn.xml:68(programlisting)
3962
"export KEY_COUNTRY=\"US\"\n"
3963
"export KEY_PROVINCE=\"NC\"\n"
3964
"export KEY_CITY=\"Winston-Salem\"\n"
3965
"export KEY_ORG=\"Example Company\"\n"
3966
"export KEY_EMAIL=\"steve@example.com\"\n"
3969
"export KEY_COUNTRY=\"US\"\n"
3970
"export KEY_PROVINCE=\"NC\"\n"
3971
"export KEY_CITY=\"Winston-Salem\"\n"
3972
"export KEY_ORG=\"Example Company\"\n"
3973
"export KEY_EMAIL=\"steve@example.com\"\n"
3975
#: serverguide/C/vpn.xml:76(para)
3976
msgid "Enter the following to create the server certificates:"
3977
msgstr "输入以下命令来创建服务器证书:"
3979
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3980
msgid "cd /etc/openvpn/easy-rsa/"
3981
msgstr "cd /etc/openvpn/easy-rsa/"
3983
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3987
#: serverguide/C/vpn.xml:83(command)
3989
msgstr "./clean-all"
3991
#: serverguide/C/vpn.xml:84(command)
3995
#: serverguide/C/vpn.xml:85(command)
3996
msgid "./pkitool --initca"
3997
msgstr "./pkitool --initca"
3999
#: serverguide/C/vpn.xml:86(command)
4000
msgid "./pkitool --server server"
4001
msgstr "./pkitool --server server"
4003
#: serverguide/C/vpn.xml:87(command)
4007
#: serverguide/C/vpn.xml:88(command)
4008
msgid "openvpn --genkey --secret ta.key"
4009
msgstr "openvpn --genkey --secret ta.key"
4011
#: serverguide/C/vpn.xml:89(command)
4012
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4013
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4015
#: serverguide/C/vpn.xml:94(title)
4016
msgid "Client Certificates"
4019
#: serverguide/C/vpn.xml:96(para)
4021
"The VPN client will also need a certificate to authenticate itself to the "
4022
"server. To create the certificate, enter the following in a terminal:"
4023
msgstr "VPN客户端也需要一个证书用来向服务器认证自己。要创建证书,请在终端输入:"
4025
#: serverguide/C/vpn.xml:104(command)
4026
msgid "./pkitool hostname"
4027
msgstr "./pkitool hostname"
4029
#: serverguide/C/vpn.xml:108(para)
4031
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4032
"machine connecting to the VPN."
4033
msgstr "将<emphasis>hostname</emphasis>替换成要连接到VPN的实际主机名。"
4035
#: serverguide/C/vpn.xml:113(para)
4036
msgid "Copy the following files to the client:"
4037
msgstr "将如下文件复制到客户端:"
4039
#: serverguide/C/vpn.xml:118(para)
4040
msgid "/etc/openvpn/ca.crt"
4043
#: serverguide/C/vpn.xml:119(para)
4044
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4047
#: serverguide/C/vpn.xml:120(para)
4048
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4051
#: serverguide/C/vpn.xml:121(para)
4052
msgid "/etc/openvpn/ta.key"
4055
#: serverguide/C/vpn.xml:125(para)
4057
"Remember to adjust the above file names for your client machine's "
4058
"<emphasis>hostname</emphasis>."
4059
msgstr "记得要将你的客户端机器的<emphasis>主机名</emphasis>的以上文件做相应调整。"
4061
#: serverguide/C/vpn.xml:130(para)
4063
"It is best to use a secure method to copy the certificate and key files. The "
4064
"<application>scp</application> utility is a good choice, but copying the "
4065
"files to removable media then to the client, also works well."
4067
"最好是使用安全的方法来复制证书和钥匙文件。<application>scp</application>工具是个不错的选择,但将文件复制到可移除介质再复制到"
4070
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4071
msgid "Server Configuration"
4074
#: serverguide/C/vpn.xml:143(para)
4076
"Now configure the <application>openvpn</application> server by creating "
4077
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4080
"现在可以通过编辑示例文件中的<filename>/etc/openvpn/server.conf</filename>来配置<application>op"
4081
"envpn</application>。在终端中输入:"
4083
#: serverguide/C/vpn.xml:149(command)
4085
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4088
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4091
#: serverguide/C/vpn.xml:150(command)
4092
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4093
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
4095
#: serverguide/C/vpn.xml:153(para)
4097
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4101
#: serverguide/C/vpn.xml:157(programlisting)
4105
"local 172.18.100.101\n"
4107
"up \"/etc/openvpn/up.sh br0\"\n"
4108
"down \"/etc/openvpn/down.sh br0\"\n"
4109
";server 10.8.0.0 255.255.255.0\n"
4110
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4111
"push \"route 172.18.100.1 255.255.255.0\"\n"
4112
"push \"dhcp-option DNS 172.18.100.20\"\n"
4113
"push \"dhcp-option DOMAIN example.com\"\n"
4114
"tls-auth ta.key 0 # This file is secret\n"
4119
#: serverguide/C/vpn.xml:174(para)
4121
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4122
msgstr "<emphasis>local</emphasis>:是桥接界面的IP地址。"
4124
#: serverguide/C/vpn.xml:179(para)
4126
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4127
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4128
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4129
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4132
"<emphasis>server-bridge</emphasis>:在配置用户桥接时需要此项。<emphasis>172.18.100.101 "
4133
"255.255.255.0</emphasis>是桥接界面和掩码。IP范围<emphasis>172.18.100.105 "
4134
"172.18.100.200</emphasis>是将分配给客户端的IP地址范围。"
4136
#: serverguide/C/vpn.xml:186(para)
4138
"<emphasis>push</emphasis>: are directives to add networking options for "
4140
msgstr "<emphasis>push</emphasis>: 是为客户端添加网络选项的命令。"
4142
#: serverguide/C/vpn.xml:191(para)
4144
"<emphasis>user and group</emphasis>: configure which user and group the "
4145
"<application>openvpn</application> daemon executes as."
4147
"<emphasis>user and group</emphasis>: "
4148
"配置<application>openvpn</application>程序执行时所使用的用户名和组名。"
4150
#: serverguide/C/vpn.xml:198(para)
4152
"Replace all IP addresses and domain names above with those of your network."
4153
msgstr "用你自己网络相应的IP地址和域名来做替换。"
4155
#: serverguide/C/vpn.xml:203(para)
4157
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4158
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4160
"接下来,创建两个帮助脚本将<emphasis>tap</emphasis>界面添加至桥接。创建<filename>/etc/openvpn/up.sh</"
4163
#: serverguide/C/vpn.xml:207(programlisting)
4172
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4173
"/usr/sbin/brctl addif $BR $DEV\n"
4181
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4182
"/usr/sbin/brctl addif $BR $DEV\n"
4184
#: serverguide/C/vpn.xml:217(para)
4185
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4186
msgstr "和<filename>/etc/openvpn/down.sh</filename>:"
4188
#: serverguide/C/vpn.xml:221(programlisting)
4197
"/usr/sbin/brctl delif $BR $DEV\n"
4198
"/sbin/ifconfig $DEV down\n"
4206
"/usr/sbin/brctl delif $BR $DEV\n"
4207
"/sbin/ifconfig $DEV down\n"
4209
#: serverguide/C/vpn.xml:231(para)
4210
msgid "Then make them executable:"
4213
#: serverguide/C/vpn.xml:236(command)
4214
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4215
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
4217
#: serverguide/C/vpn.xml:237(command)
4218
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4219
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
4221
#: serverguide/C/vpn.xml:240(para)
4223
"After configuring the server, restart <application>openvpn</application> by "
4225
msgstr "配置完服务器之后,使用以下命令来重启<application>openvpn</application>:"
4227
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4228
msgid "sudo /etc/init.d/openvpn restart"
4229
msgstr "sudo /etc/init.d/openvpn restart"
4231
#: serverguide/C/vpn.xml:250(title)
4232
msgid "Client Configuration"
4235
#: serverguide/C/vpn.xml:252(para)
4236
msgid "First, install <application>openvpn</application> on the client:"
4239
#: serverguide/C/vpn.xml:260(para)
4241
"Then with the server configured and the client certificates copied to the "
4242
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4243
"file by copying the example. In a terminal on the client machine enter:"
4246
#: serverguide/C/vpn.xml:266(command)
4248
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4251
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4254
#: serverguide/C/vpn.xml:269(para)
4256
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4257
"following options:"
4258
msgstr "现在编辑<filename>/etc/openvpn/client.conf</filename>,更改以下选项:"
4260
#: serverguide/C/vpn.xml:273(programlisting)
4265
"remote vpn.example.com 1194\n"
4266
"cert hostname.crt\n"
4267
"key hostname.key\n"
4268
"tls-auth ta.key 1\n"
4272
"remote vpn.example.com 1194\n"
4273
"cert hostname.crt\n"
4274
"key hostname.key\n"
4275
"tls-auth ta.key 1\n"
4277
#: serverguide/C/vpn.xml:282(para)
4279
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4280
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4283
"用您的VPN服务器的主机名替换<emphasis>vpn.example.com</emphasis>,并用实际的证书和钥匙文件名替换<emphasis>"
4284
"hostname.*</emphasis>。"
4286
#: serverguide/C/vpn.xml:288(para)
4287
msgid "Finally, restart <application>openvpn</application>:"
4288
msgstr "最后,重启<application>openvpn</application>:"
4290
#: serverguide/C/vpn.xml:296(para)
4291
msgid "You should now be able to connect to the remote LAN through the VPN."
4292
msgstr "您现在应该可以通过VPN连接到远程LAN。"
4294
#: serverguide/C/vpn.xml:307(para)
4296
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4297
"additional information."
4298
msgstr "请查看<ulink url=\"http://openvpn.net/\">OpenVPN</ulink>网站以获取更多信息。"
4300
#: serverguide/C/vpn.xml:312(para)
4302
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4303
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4305
"还有,Pakt的<ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4306
"Building and Integrating Virtual Private Networks</ulink>也是个不错的信息源。"
4308
#: serverguide/C/vpn.xml:318(para)
4310
"Another source of further information is the <ulink "
4311
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4312
"OpenVPN</ulink> page."
4315
#: serverguide/C/virtualization.xml:13(title)
4316
msgid "Virtualization"
4319
#: serverguide/C/virtualization.xml:14(para)
4321
"Virtualization is being adopted in many different environments and "
4322
"situations. If you are a developer, virtualization can provide you with a "
4323
"contained environment where you can safely do almost any sort of development "
4324
"safe from messing up your main working environment. If you are a systems "
4325
"administrator, you can use virtualization to more easily separate your "
4326
"services and move them around based on demand."
4328
"虚拟化正被广泛地使用于各种不同的环境之中。如果您是一位开发者,虚拟化可以为您提供一个虚拟的环境,在这个环境你可以做几乎所有的工作而不必更改你主要的工作环境"
4329
"。如果您是一位系统管理员,您可以使用虚拟化以满足不同的服务需求同时使他们依不同的需求而任意改变。"
4331
#: serverguide/C/virtualization.xml:20(para)
4333
"The default virtualization technology supported in Ubuntu is "
4334
"<application>KVM</application>, a technology that takes advantage of "
4335
"virtualization extensions built into Intel and AMD hardware. For hardware "
4336
"without virtualization extensions <application>Xen</application> and "
4337
"<application>Qemu</application> are popular solutions."
4339
"Ubuntu中支持的默认虚拟化技术是<application>KVM</application>,这种技术得利于Intel与AMD硬件内建的虚拟化扩展。在"
4340
"没有硬件支持的虚拟化扩展中,<application>Xen</application> 和 "
4341
"<application>Qemu</application> 是流行的解决方案。"
4343
#: serverguide/C/virtualization.xml:27(title)
4347
#: serverguide/C/virtualization.xml:28(para)
4349
"The <application>libvirt</application> library is used to interface with "
4350
"different virtualization technologies. Before getting started with "
4351
"<application>libvirt</application> it is best to make sure your hardware "
4352
"supports the necessary virtualization extensions for "
4353
"<application>KVM</application>. Enter the following from a terminal prompt:"
4355
"库 <application>libvirt</application> "
4356
"是支持不同的虚拟化技术的统一接口。在开始使用<application>libvirt</application> "
4357
"之前,最好确认您的硬件是否支持<application>KVM</application>所必须的虚拟化扩展。在终端提示符下输入如下内容:"
4359
#: serverguide/C/virtualization.xml:35(command)
4363
#: serverguide/C/virtualization.xml:37(para)
4365
"A message will be printed informing you if your CPU "
4366
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4370
#: serverguide/C/virtualization.xml:41(para)
4372
"On most computer whose processor supports virtualization, it is necessary to "
4373
"activate an option in the BIOS to enable it."
4376
#: serverguide/C/virtualization.xml:47(title)
4377
msgid "Virtual Networking"
4380
#: serverguide/C/virtualization.xml:49(para)
4382
"There are a few different ways to allow a virtual machine access to the "
4383
"external network. The default virtual network configuration is "
4384
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4385
"traffic is NATed through the host interface to the outside network."
4387
"有一些不同的方式使一个虚拟机进入到外部网络。默认的虚拟网络配置是<emphasis>用户模式</emphasis>网络,它使用SLIRP协议,网络通过主机"
4390
#: serverguide/C/virtualization.xml:54(para)
4392
"To enable external hosts to directly access services on virtual machines a "
4393
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4394
"interfaces to connect to the outside network through the physical interface, "
4395
"making them appear as normal hosts to the rest of the network. For "
4396
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4398
"为了使外部主机能直接访问虚拟主机的服务需要设置<emphasis>网桥</emphasis>。这使得虚拟接口通过物理接口来连接到外部网络,把它们显示为正常"
4399
"主机网络的其它部分。关于建立网桥的更多信息请浏览<xref linkend=\"bridging\"/>。"
4401
#: serverguide/C/virtualization.xml:63(para)
4402
msgid "To install the necessary packages, from a terminal prompt enter:"
4403
msgstr "要安装必要的软件包,从终端中输入:"
4405
#: serverguide/C/virtualization.xml:67(command)
4406
msgid "sudo apt-get install kvm libvirt-bin"
4407
msgstr "sudo apt-get install kvm libvirt-bin"
4409
#: serverguide/C/virtualization.xml:69(para)
4411
"After installing <application>libvirt-bin</application>, the user used to "
4412
"manage virtual machines will need to be added to the "
4413
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4414
"the advanced networking options."
4416
"在安装了<application>libvirt-"
4417
"bin</application>后,用于管理虚拟机的用户需要被添加到<emphasis>libvirtd</emphasis>组。这样做会赋予这个用户进"
4420
#: serverguide/C/virtualization.xml:73(para)
4421
msgid "In a terminal enter:"
4424
#: serverguide/C/virtualization.xml:77(command)
4425
msgid "sudo adduser $USER libvirtd"
4426
msgstr "sudo adduser $USER libvirtd"
4428
#: serverguide/C/virtualization.xml:80(para)
4430
"If the user chosen is the current user, you will need to log out and back in "
4431
"for the new group membership to take effect."
4432
msgstr "如果用户是当前用户,你需要登出再登陆回来以使新的组成员设置生效。"
4434
#: serverguide/C/virtualization.xml:84(para)
4436
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4437
"Installing a virtual machine follows the same process as installing the "
4438
"operating system directly on the hardware. You either need a way to automate "
4439
"the installation, or a keyboard and monitor will need to be attached to the "
4442
"您现在已准备好安装一个 <emphasis>Guest</emphasis> "
4443
"操作系统。按照在真实硬件上直接安装操作系统的步骤来安装虚拟机。您也需要一个自动化安装的方法,否则一套键盘和显示器需要连接到物理机器上。"
4445
#: serverguide/C/virtualization.xml:89(para)
4447
"In the case of virtual machines a Graphical User Interface (GUI) is "
4448
"analogous to using a physical keyboard and mouse. Instead of installing a "
4449
"GUI the <application>virt-viewer</application> application can be used to "
4450
"connect to a virtual machine's console using <application>VNC</application>. "
4451
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4453
"在使用虚拟机的情况下,图形用户接口(GUI)模拟使用物理的键盘和鼠标。代替安装一个使用<application>VNC</application>GUI的"
4454
" <application>virt-viewer</application> 应用程序,能被用来连接虚拟机的控制台。要获取更多信息,请看 <xref "
4455
"linkend=\"libvirt-virt-viewer\"/> 。"
4457
#: serverguide/C/virtualization.xml:94(para)
4459
"There are several ways to automate the Ubuntu installation process, for "
4460
"example using preseeds, kickstart, etc. Refer to the <ulink "
4461
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4462
"Installation Guide</ulink> for details."
4465
#: serverguide/C/virtualization.xml:98(para)
4467
"Yet another way to install an Ubuntu virtual machine is to use "
4468
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4469
"builder</application> allows you to setup advanced partitions, execute "
4470
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4473
"然而,另一种安装 Ubuntu 虚拟机来使用 <application>ubuntu-vm-"
4474
"builder</application>。<application>ubuntu-vm-"
4475
"builder</application>允许你高级分区安装,执行安装后的自定义脚本等等。更多细节请查看<xref linkend=\"jeos-and-"
4478
#: serverguide/C/virtualization.xml:104(title)
4479
msgid "virt-install"
4480
msgstr "virt-install"
4482
#: serverguide/C/virtualization.xml:105(para)
4484
"<application>virt-install</application> is part of the <application>python-"
4485
"virtinst</application> package. To install it, from a terminal prompt enter:"
4487
"<application>virt-install</application> 是<application>python-"
4488
"virtinst</application>软件包的一部分。要安装它,在终端中输入:"
4490
#: serverguide/C/virtualization.xml:109(command)
4491
msgid "sudo apt-get install python-virtinst"
4492
msgstr "sudo apt-get install python-virtinst"
4494
#: serverguide/C/virtualization.xml:111(para)
4496
"There are several options available when using <application>virt-"
4497
"install</application>. For example:"
4498
msgstr "在使用<application>virt-install</application>时,有几个选项可供选择。例如:"
4500
#: serverguide/C/virtualization.xml:115(command)
4502
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4503
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4505
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4506
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4508
#: serverguide/C/virtualization.xml:122(para)
4510
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4511
"be <emphasis>web_devel</emphasis> in this example."
4514
"web_devel:</emphasis>本例中的新虚拟机的名字将是<emphasis>web_devel</emphasis>。"
4516
#: serverguide/C/virtualization.xml:127(para)
4518
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4520
msgstr "<emphasis>-r 256:</emphasis>指定虚拟机将使用的内存大小。"
4522
#: serverguide/C/virtualization.xml:132(para)
4524
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4525
"disk which can be a file, partition, or logical volume. In this example a "
4526
"file named <filename>web_devel.img</filename>."
4529
"web_devel.img:</emphasis>虚拟盘显示出来的路径可以看成一个文件,分区或者为逻辑卷。在这例子中文件命名为<filename>web_"
4530
"devel.img</filename>。"
4532
#: serverguide/C/virtualization.xml:138(para)
4533
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4534
msgstr "<emphasis>-s 4:</emphasis>虚拟磁盘的大小。"
4536
#: serverguide/C/virtualization.xml:143(para)
4538
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4539
"file can be either an ISO file or the path to the host's CDROM device."
4541
"<emphasis>-c jeos.iso:</emphasis>文件将被当作虚拟的CDROM。此文件可以是一个ISO文件或是通往主机的CDROM设备。"
4543
#: serverguide/C/virtualization.xml:149(para)
4545
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4547
msgstr "<emphasis>--accelerate:</emphasis>应用内核加速技术。"
4549
#: serverguide/C/virtualization.xml:154(para)
4551
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4552
msgstr "<emphasis>--vnc:</emphasis>用VNC输出客机的虚拟控制台。"
4554
#: serverguide/C/virtualization.xml:159(para)
4556
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4557
"virtual machine's console."
4558
msgstr "<emphasis>--noautoconsole:</emphasis>将不会自动连接到虚拟机的控制台。"
4560
#: serverguide/C/virtualization.xml:164(para)
4561
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4562
msgstr "<emphasis>-v:</emphasis>创建完全虚拟化的客户端。"
4564
#: serverguide/C/virtualization.xml:169(para)
4566
"After launching <application>virt-install</application> you can connect to "
4567
"the virtual machine's console either locally using a GUI or with the "
4568
"<application>virt-viewer</application> utility."
4570
"当启动<application>virt-"
4571
"install</application>后,你可以通过使用GUI进行本地或者使用<application>virt-"
4572
"viewer</application>工具来连接到虚拟机。"
4574
#: serverguide/C/virtualization.xml:175(title)
4578
#: serverguide/C/virtualization.xml:176(para)
4580
"The <application>virt-clone</application> application can be used to copy "
4581
"one virtual machine to another. For example:"
4582
msgstr "<application>virt-clone</application>程序可从一个虚拟机复制成另一个。例如:"
4584
#: serverguide/C/virtualization.xml:180(command)
4586
"sudo virt-clone -o web_devel -n database_devel -f "
4587
"/path/to/database_devel.img --connect=qemu:///system"
4589
"sudo virt-clone -o web_devel -n database_devel -f "
4590
"/path/to/database_devel.img --connect=qemu:///system"
4592
#: serverguide/C/virtualization.xml:184(para)
4593
msgid "<emphasis>-o:</emphasis> original virtual machine."
4594
msgstr "<emphasis>-o:</emphasis>原始虚拟机。"
4596
#: serverguide/C/virtualization.xml:189(para)
4597
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4598
msgstr "<emphasis>-n:</emphasis>新的虚拟机的名字。"
4600
#: serverguide/C/virtualization.xml:194(para)
4602
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4603
"be used by the new virtual machine."
4604
msgstr "<emphasis>-f:</emphasis>文件、逻辑卷或新虚拟机使用的分区的路径。"
4606
#: serverguide/C/virtualization.xml:199(para)
4608
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4609
msgstr "<emphasis>--connect:</emphasis>指定要连接的管理程序。"
4611
#: serverguide/C/virtualization.xml:204(para)
4613
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4614
"help troubleshoot problems with <application>virt-clone</application>."
4616
"还有,用<emphasis>-d</emphasis>或<emphasis>--"
4617
"debug</emphasis>选项来为<application>virt-clone</application>寻找故障。"
4619
#: serverguide/C/virtualization.xml:209(para)
4621
"Replace <emphasis>web_devel</emphasis> and "
4622
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4624
"用相应的虚拟机名称来替代<emphasis>web_devel</emphasis>和<emphasis>database_devel</emphasis"
4627
#: serverguide/C/virtualization.xml:215(title)
4628
msgid "Virtual Machine Management"
4631
#: serverguide/C/virtualization.xml:217(title)
4635
#: serverguide/C/virtualization.xml:218(para)
4637
"There are several utilities available to manage virtual machines and "
4638
"<application>libvirt</application>. The <application>virsh</application> "
4639
"utility can be used from the command line. Some examples:"
4641
"有几个工具可以用来管理虚拟机和<application>libvirt</application>。<application>virsh</applica"
4642
"tion>工具要顺命令行下使用。一些例子:"
4644
#: serverguide/C/virtualization.xml:224(para)
4645
msgid "To list running virtual machines:"
4648
#: serverguide/C/virtualization.xml:228(command)
4649
msgid "virsh -c qemu:///system list"
4650
msgstr "virsh -c qemu:///system list"
4652
#: serverguide/C/virtualization.xml:232(para)
4653
msgid "To start a virtual machine:"
4656
#: serverguide/C/virtualization.xml:236(command)
4657
msgid "virsh -c qemu:///system start web_devel"
4658
msgstr "virsh -c qemu:///system start web_devel"
4660
#: serverguide/C/virtualization.xml:240(para)
4661
msgid "Similarly, to start a virtual machine at boot:"
4662
msgstr "类似地,在启动时开始一个虚拟机:"
4664
#: serverguide/C/virtualization.xml:244(command)
4665
msgid "virsh -c qemu:///system autostart web_devel"
4666
msgstr "virsh -c qemu:///system autostart web_devel"
4668
#: serverguide/C/virtualization.xml:248(para)
4669
msgid "Reboot a virtual machine with:"
4672
#: serverguide/C/virtualization.xml:252(command)
4673
msgid "virsh -c qemu:///system reboot web_devel"
4674
msgstr "virsh -c qemu:///system reboot web_devel"
4676
#: serverguide/C/virtualization.xml:256(para)
4678
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4679
"order to be restored later. The following will save the virtual machine "
4680
"state into a file named according to the date:"
4682
"虚拟机的<emphasis>状态</emphasis>可被保存到一个文件中以方便稍后恢复。如下命令会将虚拟机的状态保存到一个以日期命名的文件中:"
4684
#: serverguide/C/virtualization.xml:261(command)
4685
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4686
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
4688
#: serverguide/C/virtualization.xml:263(para)
4689
msgid "Once saved the virtual machine will no longer be running."
4690
msgstr "一旦保存,虚拟机将不再运行。"
4692
#: serverguide/C/virtualization.xml:268(para)
4693
msgid "A saved virtual machine can be restored using:"
4694
msgstr "一个经保存后的虚拟机可以用如下命令唤醒:"
4696
#: serverguide/C/virtualization.xml:272(command)
4697
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4698
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
4700
#: serverguide/C/virtualization.xml:276(para)
4701
msgid "To shutdown a virtual machine do:"
4702
msgstr "要关闭一个虚拟机,输入:"
4704
#: serverguide/C/virtualization.xml:280(command)
4705
msgid "virsh -c qemu:///system shutdown web_devel"
4706
msgstr "virsh -c qemu:///system shutdown web_devel"
4708
#: serverguide/C/virtualization.xml:284(para)
4709
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4710
msgstr "CDROM设备可以通过如下命令挂载到虚拟机上:"
4712
#: serverguide/C/virtualization.xml:288(command)
4713
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4715
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4717
#: serverguide/C/virtualization.xml:293(para)
4719
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4720
"appropriate virtual machine name, and <filename>web_devel-"
4721
"022708.state</filename> with a descriptive file name."
4723
"在上面例子中把合适的虚拟主机名代替为<emphasis>web_devel</emphasis>,并和<filename>web_devel-"
4724
"022708.state</filename>带有详细描述的文件名。"
4726
#: serverguide/C/virtualization.xml:300(title)
4727
msgid "Virtual Machine Manager"
4730
#: serverguide/C/virtualization.xml:301(para)
4732
"The <application>virt-manager</application> package contains a graphical "
4733
"utility to manage local and remote virtual machines. To install virt-manager "
4736
"<application>virt-manager</application> 软件包含了一组图形化的程序用以管理本地和远程的虚拟机。要安装virt-"
4739
#: serverguide/C/virtualization.xml:306(command)
4740
msgid "sudo apt-get install virt-manager"
4741
msgstr "sudo apt-get install virt-manager"
4743
#: serverguide/C/virtualization.xml:308(para)
4745
"Since <application>virt-manager</application> requires a Graphical User "
4746
"Interface (GUI) environment it is recommended to be installed on a "
4747
"workstation or test machine instead of a production server. To connect to "
4748
"the local <application>libvirt</application> service enter:"
4750
"既然<application>virt-"
4751
"manager</application>需要图形操作界面(GUI)环境,那么推荐将其安装在工作站或测试机器上,而不是生产用的服务器上。要连接到本地<ap"
4752
"plication>libvirt</application>服务,输入:"
4754
#: serverguide/C/virtualization.xml:314(command)
4755
msgid "virt-manager -c qemu:///system"
4756
msgstr "virt-manager -c qemu:///system"
4758
#: serverguide/C/virtualization.xml:316(para)
4760
"You can connect to the <application>libvirt</application> service running on "
4761
"another host by entering the following in a terminal prompt:"
4762
msgstr "你可以通过在命令行输入命令来连接到在另一台主机上运行的<application>libvirt</application>服务:"
4764
#: serverguide/C/virtualization.xml:320(command)
4765
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4766
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4768
#: serverguide/C/virtualization.xml:323(para)
4770
"The above example assumes that <application>SSH</application> connectivity "
4771
"between the management system and virtnode1.mydomain.com has already been "
4772
"configured, and uses SSH keys for authentication. SSH "
4773
"<emphasis>keys</emphasis> are needed because "
4774
"<application>libvirt</application> sends the password prompt to another "
4775
"process. For details on configuring <application>SSH</application> see <xref "
4776
"linkend=\"openssh-server\"/>"
4778
"上面的例子假设已经配置<application>SSH</application>在系统管理和 virtnode1.mydomain.com 的连通。使用"
4780
"<emphasis>密钥</emphasis>是必需的,因为<application>libvirt</application>是发送密码提示到另一进程里"
4781
"。更多细节在设置<application>SSH</application>时请浏览<xref linkend=\"openssh-server\"/>"
4783
#: serverguide/C/virtualization.xml:333(title)
4784
msgid "Virtual Machine Viewer"
4787
#: serverguide/C/virtualization.xml:334(para)
4789
"The <application>virt-viewer</application> application allows you to connect "
4790
"to a virtual machine's console. <application>virt-viewer</application> does "
4791
"require a Graphical User Interface (GUI) to interface with the virtual "
4794
"<application>virt-viewer</application> 程序使您能够连接到虚拟机。 运行<application>virt-"
4795
"viewer</application>需要您的虚拟机具备图形(GUI)支持。"
4797
#: serverguide/C/virtualization.xml:338(para)
4799
"To install <application>virt-viewer</application> from a terminal enter:"
4800
msgstr "要从命令行安装<application>virt-viewer</application>,输入:"
4802
#: serverguide/C/virtualization.xml:342(command)
4803
msgid "sudo apt-get install virt-viewer"
4804
msgstr "sudo apt-get install virt-viewer"
4806
#: serverguide/C/virtualization.xml:344(para)
4808
"Once a virtual machine is installed and running you can connect to the "
4809
"virtual machine's console by using:"
4810
msgstr "当虚拟机安装并运行后,你可以通过如下命令连接到虚拟机的控制台:"
4812
#: serverguide/C/virtualization.xml:348(command)
4813
msgid "virt-viewer -c qemu:///system web_devel"
4814
msgstr "virt-viewer -c qemu:///system web_devel"
4816
#: serverguide/C/virtualization.xml:350(para)
4818
"Similar to <application>virt-manager</application>, <application>virt-"
4819
"viewer</application> can connect to a remote host using "
4820
"<emphasis>SSH</emphasis> with key authentication, as well:"
4822
"和<application>virt-manager</application>相似,<application>virt-"
4823
"viewer</application>也可以通过键授权的<emphasis>SSH</emphasis>连接到远方主机:"
4825
#: serverguide/C/virtualization.xml:355(command)
4826
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4827
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4829
#: serverguide/C/virtualization.xml:357(para)
4831
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4832
"appropriate virtual machine name."
4833
msgstr "一定要用相应的虚拟机名字替换<emphasis role=\"italic\">web_devel</emphasis>。"
4835
#: serverguide/C/virtualization.xml:360(para)
4837
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4838
"can also setup <application>SSH</application> access to the virtual machine. "
4839
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4842
"如果设为使用<emphasis>网桥</emphasis>网络接口,同样你也可以安装<application>SSH</application>访问虚拟主"
4843
"机。更多细节请浏览<xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/>。"
4845
#: serverguide/C/virtualization.xml:369(para)
4847
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4849
msgstr "详情请参见 <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM 主页</ulink>。"
4851
#: serverguide/C/virtualization.xml:374(para)
4853
"For more information on <application>libvirt</application> see the <ulink "
4854
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4856
"关于<application>libvirt</application>的更多信息请参见<ulink "
4857
"url=\"http://libvirt.org/\">libvirt 主页</ulink>。"
4859
#: serverguide/C/virtualization.xml:379(para)
4861
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4862
"Manager</ulink> site has more information on <application>virt-"
4863
"manager</application> development."
4865
"<ulink url=\"http://virt-"
4866
"manager.et.redhat.com/\">虚拟机管理器网站</ulink>有上更多关于<application>virt-"
4867
"manager</application> 开发的信息。"
4869
#: serverguide/C/virtualization.xml:385(para)
4871
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4872
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4873
"technology in Ubuntu."
4875
"您还可以看看 <emphasis>#ubuntu-virt</emphasis>这个IRC频道 <ulink "
4876
"url=\"http://freenode.net/\">freenode</ulink> 来讨论关于Ubuntu中的虚拟化技术。"
4878
#: serverguide/C/virtualization.xml:391(para)
4880
"Another good resource is the <ulink "
4881
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4884
#: serverguide/C/virtualization.xml:399(title)
4885
msgid "JeOS and vmbuilder"
4886
msgstr "JeOS 和 vmbuilder"
4888
#: serverguide/C/virtualization.xml:405(title)
4889
msgid "What is JeOS"
4892
#: serverguide/C/virtualization.xml:407(para)
4894
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4895
"variant of the Ubuntu Server operating system, configured specifically for "
4896
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4897
"only as an option either:"
4899
"Ubuntu <emphasis>JeOS</emphasis>(发音为 \"朱丝\")是个高效率 Ubuntu "
4900
"服务器操作系统的不同版本,专门为虚拟设备所设置。不再做为 CD-ROM ISO 提供下载,但只能做为一种选择:"
4902
#: serverguide/C/virtualization.xml:414(para)
4904
"While installing from the Server Edition ISO (pressing "
4905
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4906
"installation\", which is the package selection equivalent to JeOS)."
4908
"在安装 ISO 的服务器版本时(在第一个画面请按<emphasis>F4</emphasis>将会允许你选择“最小安装”,这个选择的安装包相当于 "
4911
#: serverguide/C/virtualization.xml:420(para)
4912
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4913
msgstr "否则采用所描述 Ubuntu 的 vmbuilder 。"
4915
#: serverguide/C/virtualization.xml:426(para)
4917
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4918
"kernel that only contains the base elements needed to run within a "
4919
"virtualized environment."
4920
msgstr "JeOS 是专门安装 Ubuntu 服务器版本以调整内核,包含的基本功能需要运行在虚拟环境里。"
4922
#: serverguide/C/virtualization.xml:431(para)
4924
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4925
"in the latest virtualization products from VMware. This combination of "
4926
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4927
"delivers a highly efficient use of server resources in large virtual "
4930
"Ubuntu JeOS 已从 VMware 最新虚拟产品利用关键性能技术来调整。这种减少尺寸和优化性能的绑定保证了 Ubuntu JeOS "
4931
"版本在大型虚拟部署中提供高效的服务器资源使用。"
4933
#: serverguide/C/virtualization.xml:437(para)
4935
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4936
"can configure their supporting OS exactly as they require. They have the "
4937
"peace of mind that updates, whether for security or enhancement reasons, "
4938
"will be limited to the bare minimum of what is required in their specific "
4939
"environment. In turn, users deploying virtual appliances built on top of "
4940
"JeOS will have to go through fewer updates and therefore less maintenance "
4941
"than they would have had to with a standard full installation of a server."
4943
"基本不用驱动,只需最小安装包, ISVs "
4944
"完全可以设定自己所需支持的系统。他们正常安装时,无论出于安全还是增强原因,仅限定于在自己所需最低要求的环境中。相反,用户部署虚拟设备基础上的 JeOS "
4945
"将不得不通过少量更新,从而减少他们服务器标准完全安装的维护。"
4947
#: serverguide/C/virtualization.xml:446(title)
4948
msgid "What is vmbuilder"
4949
msgstr "什么是 vmbuilder"
4951
#: serverguide/C/virtualization.xml:448(para)
4953
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4954
"will fetch the various package and build a virtual machine tailored for your "
4955
"needs in about a minute. vmbuilder is a script that automates the process of "
4956
"creating a ready to use Linux based VM. The currently supported hypervisors "
4960
#: serverguide/C/virtualization.xml:454(para)
4962
"You can pass command line options to add extra packages, remove packages, "
4963
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4964
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4965
"a local mirror, you can bootstrap a VM in less than a minute."
4967
"您可通过命令行选项来添加额外安装包,移除安装包,选择 Ubuntu "
4968
"版本的镜像等等。会列出最近大量内存的硬件,临时目录在<filename>/dev/shm</filename>或者使用 tmpfs 和 "
4969
"本地镜像,您可在一分钟内启动 VM。"
4971
#: serverguide/C/virtualization.xml:460(para)
4973
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4974
"vm-builder</application> started with little emphasis as a hack to help "
4975
"developers test their new code in a virtual machine without having to "
4976
"restart from scratch each time. As a few Ubuntu administrators started to "
4977
"notice this script, a few of them went on improving it and adapting it for "
4978
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4979
"virtualization specialist, not the golf player) decided to rewrite it from "
4980
"scratch for Intrepid as a python script with a few new design goals:"
4983
#: serverguide/C/virtualization.xml:470(para)
4984
msgid "Develop it so that it can be reused by other distributions."
4985
msgstr "使之流传开发能由其它发布版本重复使用。"
4987
#: serverguide/C/virtualization.xml:475(para)
4989
"Use a plugin mechanisms for all virtualization interactions so that others "
4990
"can easily add logic for other virtualization environments."
4991
msgstr "为所有虚拟化的互动使用插件途径,使其他人能方便添加逻辑虚拟环境。"
4993
#: serverguide/C/virtualization.xml:480(para)
4995
"Provide an easy to maintain web interface as an option to the command line "
4997
msgstr "提供作为个命令行界面的选项能简单维护 web 的界面。"
4999
#: serverguide/C/virtualization.xml:486(para)
5000
msgid "But the general principles and commands remain the same."
5001
msgstr "但一般原则和命令仍保持不变。"
5003
#: serverguide/C/virtualization.xml:493(title)
5004
msgid "Initial Setup"
5007
#: serverguide/C/virtualization.xml:495(para)
5009
"It is assumed that you have installed and configured "
5010
"<application>libvirt</application> and <application>KVM</application> "
5011
"locally on the machine you are using. For details on how to perform this, "
5014
"假如您已经安装并配置<application>libvirt</application>和<application>KVM</application>在本"
5015
"地的机器上。关于如何执行的更多细节请浏览:"
5017
#: serverguide/C/virtualization.xml:507(para)
5019
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5022
"<ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki 页面。"
5024
#: serverguide/C/virtualization.xml:513(para)
5026
"We also assume that you know how to use a text based text editor such as "
5027
"nano or vi. If you have not used any of them before, you can get an overview "
5028
"of the various text editors available by reading the <ulink "
5029
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5030
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5031
"principle should remain on other virtualization technologies."
5033
"我们同样设定您知道怎样使用基于文本格式文本编辑器,例如nano或者vi。如果您之前没有使用过其中任何一个,可以通过阅读<ulink "
5034
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5035
"tEditors</ulink>页面来获得对各种文本编辑器的大致了解。这指南是针对 KVM 完成的,但一般原则应该对其他的虚拟化技术做保留。"
5037
#: serverguide/C/virtualization.xml:521(title)
5038
msgid "Install vmbuilder"
5039
msgstr "安装l vmbuilder"
5041
#: serverguide/C/virtualization.xml:523(para)
5043
"The name of the package that we need to install is <application>python-vm-"
5044
"builder</application>. In a terminal prompt enter:"
5045
msgstr "我们必需要安装的安装包名字是<application>python-vm-builder</application>。在终端提示里键入:"
5047
#: serverguide/C/virtualization.xml:528(command)
5048
msgid "sudo apt-get install python-vm-builder"
5049
msgstr "sudo apt-get install python-vm-builder"
5051
#: serverguide/C/virtualization.xml:532(para)
5053
"If you are running Hardy, you can still perform most of this using the older "
5054
"version of the package named <application>ubuntu-vm-builder</application>, "
5055
"there are only a few changes to the syntax of the tool."
5057
"如果您在运行 Hardy,你仍可以执行大多数使用的是旧版本且命名为<application>ubuntu-vm-"
5058
"builder</application>的老版本,只有少数语法变化的工具。"
5060
#: serverguide/C/virtualization.xml:541(title)
5061
msgid "Defining Your Virtual Machine"
5064
#: serverguide/C/virtualization.xml:543(para)
5066
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5067
"are a few thing to consider:"
5068
msgstr "定义 Ubuntu 的 vmbuilder 虚拟机非常简单,但这里有几点是要考虑的:"
5070
#: serverguide/C/virtualization.xml:549(para)
5072
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5073
"will know how to extend disk size to fit their need, so either plan for a "
5074
"large virtual disk to allow for your appliance to grow, or explain fairly "
5075
"well in your documentation how to allocate more space. It might actually be "
5076
"a good idea to store data on some separate external storage."
5078
"如果你想部署一个虚拟应用,不要假设终端用户会知道如何扩展磁盘空间以使之适合他们的需要。因此,要么预留一个大的虚拟磁盘来允许你的应用的增长,要么在你的文档里"
5079
"详细的说明如何获取更多的空间。把数据分别存放在不同的扩展存储器上是再好不过的主意了。"
5081
#: serverguide/C/virtualization.xml:556(para)
5083
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5084
"whatever you think is a safe minimum for your appliance."
5085
msgstr "内存在虚拟机中的分配比较容易一些,内存大小应该被设置为你想要的装置所需的最小安全值。"
5087
#: serverguide/C/virtualization.xml:562(para)
5089
"The <application>vmbuilder</application> command has 2 main parameters: the "
5090
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5091
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5092
"and can be found using the following command:"
5094
"<application>vmbuilder</application>命令有 2 "
5095
"个主要参数:<emphasis>虚拟化技术(hypervisor)</emphasis>和<emphasis>发布</emphasis>目标。可选参数可是"
5098
#: serverguide/C/virtualization.xml:568(command)
5099
msgid "vmbuilder --help"
5100
msgstr "vmbuilder --help"
5102
#: serverguide/C/virtualization.xml:572(title)
5103
msgid "Base Parameters"
5106
#: serverguide/C/virtualization.xml:574(para)
5108
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5109
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5110
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5113
#: serverguide/C/virtualization.xml:580(command)
5115
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5116
"-libvirt qemu:///system"
5119
#: serverguide/C/virtualization.xml:583(para)
5121
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5122
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5123
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5124
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5125
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5126
"libvirt</emphasis> tells to inform the local virtualization environment to "
5127
"add the resulting VM to the list of available machines."
5129
"The <emphasis>--suite</emphasis>定义 Ubuntu 版本,<emphasis>--"
5130
"flavour</emphasis>规定,我们要使用的虚拟内核(这是用来建立一个 JeOS 图像),<emphasis>--"
5131
"arch</emphasis>告诉我们要使用 32 位的机器,<emphasis>-o</emphasis> 告诉 vmbuilder "
5132
"覆盖虚拟机的上个版本和 <emphasis>--libvirt</emphasis>通知本地虚拟化环境增加导致虚拟机的名单上可用机器。"
5134
#: serverguide/C/virtualization.xml:591(para)
5138
#: serverguide/C/virtualization.xml:597(para)
5140
"Because of the nature of operations performed by vmbuilder, it needs to have "
5141
"root privilege, hence the use of sudo."
5142
msgstr "由于 vmbuilder 所要执行的任务,它需要有 root 权限,因此请使用命令 sudo 。"
5144
#: serverguide/C/virtualization.xml:602(para)
5146
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5147
"a 64 bit machine (--arch amd64)."
5148
msgstr "如果您的虚拟机需要使用超过 3Gb 的内存,应该建立64位虚拟机(--arch amd64)。"
5150
#: serverguide/C/virtualization.xml:607(para)
5152
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5153
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5154
"use <emphasis>--flavour</emphasis> server instead."
5156
"直到 Ubuntu 8.10 版本虚拟内核技术仅建立在 32 位结构,如果您想在 amd64 机器上安装 Hardy,您应使用<emphasis>--"
5157
"flavour</emphasis>服务器来代替使用。"
5159
#: serverguide/C/virtualization.xml:615(title)
5160
msgid "JeOS Installation Parameters"
5163
#: serverguide/C/virtualization.xml:618(title)
5164
msgid "JeOS Networking"
5167
#: serverguide/C/virtualization.xml:621(title)
5168
msgid "Assigning a fixed IP address"
5169
msgstr "分配一个规定 IP 地址"
5171
#: serverguide/C/virtualization.xml:623(para)
5173
"As a virtual appliance that may be deployed on various very different "
5174
"networks, it is very difficult to know what the actual network will look "
5175
"like. In order to simplify configuration, it is a good idea to take an "
5176
"approach similar to what network hardware vendors usually do, namely "
5177
"assigning an initial fixed IP address to the appliance in a private class "
5178
"network that you will provide in your documentation. An address in the range "
5179
"192.168.0.0/255 is usually a good choice."
5181
"对于一个可能被部署到大不相同的各种网络上的虚拟装备来说,很难了解实际的网络是什么样的。为了简化配置,好的办法就是采取网络硬件供应商通常采取的办法,也就是在"
5182
"一个你要在文档中提供的私有级别的网络里,给装置分配一个初始的固定IP地址。地址范围为192.168.0.0/255通常是个好选择。"
5184
#: serverguide/C/virtualization.xml:630(para)
5185
msgid "To do this we'll use the following parameters:"
5186
msgstr "做这种我们会使用下面的参数:"
5188
#: serverguide/C/virtualization.xml:636(para)
5190
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5191
"dhcp if not specified)"
5192
msgstr "<emphasis>--ip ADDRESS</emphasis>:IP 地址的指派(如没指定默认为 dhcp )"
5194
#: serverguide/C/virtualization.xml:641(para)
5196
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5198
msgstr "<emphasis>--net VALUE</emphasis>:IP 子网俺码的指派(默认:255.255.255.0)"
5200
#: serverguide/C/virtualization.xml:646(para)
5201
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5202
msgstr "<emphasis>--net VALUE</emphasis>:IP 网络地址(默认:X.X.X.0)"
5204
#: serverguide/C/virtualization.xml:651(para)
5205
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5206
msgstr "<emphasis>--bcast VALUE</emphasis>:IP 广播地址(默认:X.X.X.255)"
5208
#: serverguide/C/virtualization.xml:656(para)
5209
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5210
msgstr "<emphasis>--gw ADDRESS</emphasis>:网关地址(默认:X.X.X.1)"
5212
#: serverguide/C/virtualization.xml:661(para)
5214
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5215
msgstr "<emphasis>--dns ADDRESS</emphasis>:DNS 服务器地址:(默认:X.X.X.1)"
5217
#: serverguide/C/virtualization.xml:667(para)
5219
"We assume for now that default values are good enough, so the resulting "
5220
"invocation becomes:"
5221
msgstr "我们承认目前默认值不够好,所以导致调用变成:"
5223
#: serverguide/C/virtualization.xml:672(command)
5225
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5226
"-libvirt qemu:///system --ip 192.168.0.100"
5229
#: serverguide/C/virtualization.xml:677(title)
5230
msgid "Modifying the libvirt Template to use Bridging"
5231
msgstr "修改 libvirt 模板来使用桥接"
5233
#: serverguide/C/virtualization.xml:679(para)
5235
"Because our appliance will be likely to need to be accessed by remote hosts, "
5236
"we need to configure libvirt so that the appliance uses bridge networking. "
5237
"To do this we use vmbuilder template mechanism to modify the default one."
5239
"因为我们设备有可能将会需要由远程主机来访问,需要设置 libvirt 使设备使用到网桥。为了做到这点我们使用 vmbuilder "
5242
#: serverguide/C/virtualization.xml:684(para)
5244
"In our working directory we create the template hierarchy and copy the "
5246
msgstr "我们创建的模板等级和复制默认模板在活动目录中:"
5248
#: serverguide/C/virtualization.xml:689(command)
5249
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5250
msgstr "mkdir -p VMBuilder/plugins/libvirt/templates"
5252
#: serverguide/C/virtualization.xml:690(command)
5253
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5254
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5256
#: serverguide/C/virtualization.xml:693(para)
5259
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5262
"我们可以编辑<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename"
5265
#: serverguide/C/virtualization.xml:697(programlisting)
5269
" <interface type='network'>\n"
5270
" <source network='default'/>\n"
5271
" </interface>\n"
5274
" <interface type='network'>\n"
5275
" <source network='default'/>\n"
5276
" </interface>\n"
5278
#: serverguide/C/virtualization.xml:703(para)
5282
#: serverguide/C/virtualization.xml:707(programlisting)
5286
" <interface type='bridge'>\n"
5287
" <source bridge='br0'/>\n"
5288
" </interface>\n"
5291
" <interface type='bridge'>\n"
5292
" <source bridge='br0'/>\n"
5293
" </interface>\n"
5295
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5296
msgid "Partitioning"
5299
#: serverguide/C/virtualization.xml:719(para)
5301
"Partitioning of the virtual appliance will have to take into consideration "
5302
"what you are planning to do with is. Because most appliances want to have a "
5303
"separate storage for data, having a separate <filename>/var</filename> would "
5306
"您必须认真考虑计划去做虚拟设备的分区的事。因为大多数设备只单独为数据存储,有个独立的<filename>/var</filename>分区是个明智的选择。"
5308
#: serverguide/C/virtualization.xml:724(para)
5310
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5311
msgstr "vmbuilder 为我们提供<emphasis>--part</emphasis>来做到这点:"
5313
#: serverguide/C/virtualization.xml:728(programlisting)
5318
" Allows you to specify a partition table in a partition file, located at "
5319
"PATH. Each line of the partition file should specify\n"
5321
" mountpoint size\n"
5322
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5323
"disk starts on a\n"
5324
" line with ’---’. ie :\n"
5333
#: serverguide/C/virtualization.xml:743(para)
5335
"In our case we will define a text file name "
5336
"<filename>vmbuilder.partition</filename> which will contain the following:"
5337
msgstr "就我们而言,我们会定义文本文件命名为<filename>vmbuilder.partition</filename>,这包含以下内容:"
5339
#: serverguide/C/virtualization.xml:747(programlisting)
5354
#: serverguide/C/virtualization.xml:755(para)
5356
"Note that as we are using virtual disk images, the actual sizes that we put "
5357
"here are maximum sizes for these volumes."
5358
msgstr "注意的是我们正使用虚拟镜像盘,把这些卷的最大值设为实际大小值。"
5360
#: serverguide/C/virtualization.xml:760(para)
5361
msgid "Our command line now looks like:"
5362
msgstr "现在我们使用的命令行看起来像:"
5364
#: serverguide/C/virtualization.xml:765(command)
5366
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5367
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5370
#: serverguide/C/virtualization.xml:770(para)
5372
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5374
msgstr "在命令里使用 “\\” 将允许换行时截断长字符串的命令。"
5376
#: serverguide/C/virtualization.xml:777(title)
5377
msgid "User and Password"
5380
#: serverguide/C/virtualization.xml:779(para)
5382
"Again setting up a virtual appliance, you will need to provide a default "
5383
"user and password that is generic so that you can include it in your "
5384
"documentation. We will see later on in this tutorial how we will provide "
5385
"some security by defining a script that will be run the first time a user "
5386
"actually logs in the appliance, that will, among other things, ask him to "
5387
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5388
"as my user name, and <emphasis>'default'</emphasis> as the password."
5390
"再次建立个虚拟设置,您需要提供通用的默认用户名和密码,让它可以包含在您的文档中。我们将看到后来的指南中将如何提供一些由脚本定义的安全性,该脚本将实际记录用"
5391
"户首次运行设备上,除此之外,会询问是否改变密码。在这例子中将会使用<emphasis>'user'</emphasis>来做为用户名和<emphasis>"
5392
"'default'</emphasis>做来密码。"
5394
#: serverguide/C/virtualization.xml:787(para)
5395
msgid "To do this we use the following optional parameters:"
5396
msgstr "采用这步骤要使用以下可选参数:"
5398
#: serverguide/C/virtualization.xml:793(para)
5400
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5402
msgstr "<emphasis>--user USERNAME:</emphasis>添加新的用户名。默认名为:ubuntu。"
5404
#: serverguide/C/virtualization.xml:798(para)
5406
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5407
"added. Default: Ubuntu."
5408
msgstr "<emphasis>--name FULLNAME:</emphasis>添加新的用户全名。默认名为:Ubuntu。"
5410
#: serverguide/C/virtualization.xml:803(para)
5412
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5414
msgstr "<emphasis>--pass PASSWORD:</emphasis>为用户名设置密码。默认值为:ubuntu。"
5416
#: serverguide/C/virtualization.xml:809(para)
5417
msgid "Our resulting command line becomes:"
5418
msgstr "我们的生效命令行成为:"
5420
#: serverguide/C/virtualization.xml:814(command)
5422
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5423
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
5424
"-user user --name user --pass default"
5427
#: serverguide/C/virtualization.xml:822(title)
5428
msgid "Installing Required Packages"
5431
#: serverguide/C/virtualization.xml:824(para)
5433
"In this example we will be installing a package "
5434
"<application>(Limesurvey)</application> that accesses a "
5435
"<application>MySQL</application> database and has a web interface. We will "
5436
"therefore require our OS to provide us with:"
5438
"在这样例中我们将安装<application>(Limesurvey)</application>软件包以能够访问有 web "
5439
"接面的<application>MySQL</application>数据库。因此需要操作系统为我们提供:"
5441
#: serverguide/C/virtualization.xml:831(para)
5445
#: serverguide/C/virtualization.xml:832(para)
5449
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5453
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5454
msgid "OpenSSH Server"
5455
msgstr "OpenSSH 服务器"
5457
#: serverguide/C/virtualization.xml:835(para)
5458
msgid "Limesurvey (as an example application that we have packaged)"
5459
msgstr "Limesurvey (做为样例我们应打包应用程序)"
5461
#: serverguide/C/virtualization.xml:838(para)
5463
"This is done using vmbuilder by specifying the --addpkg option multiple "
5467
#: serverguide/C/virtualization.xml:842(programlisting)
5472
" Install PKG into the guest (can be specfied multiple times)\n"
5476
" 安装 PKG 在 guest 帐号里 (能指定安装时间)\n"
5478
#: serverguide/C/virtualization.xml:847(para)
5480
"However, due to the way vmbuilder operates, packages that have to ask "
5481
"questions to the user during the post install phase are not supported and "
5482
"should instead be installed while interactivity can occur. This is the case "
5483
"of Limesurvey, which we will have to install later, once the user logs in."
5485
"然而,由于vmbuilder的操作方式,报在安装过程步骤中向用户提出问题的功能并不被支持,作为替代,在可以交互的时候才被安装。举例来说,Limesurve"
5486
"y就是这样的,这个软件将在随后登录之后安装。"
5488
#: serverguide/C/virtualization.xml:853(para)
5490
"Other packages that ask simple debconf question, such as <application>mysql-"
5491
"server</application> asking to set a password, the package can be installed "
5492
"immediately, but we will have to reconfigure it the first time the user logs "
5495
"其它软件包会要求简单的 debconf 问题,例如<application>mysql-"
5496
"server</application>询问是否设置密码,软件包可以立即安装,但我们不得不将重设置在用户首次登陆上。"
5498
#: serverguide/C/virtualization.xml:859(para)
5500
"If some packages that we need to install are not in main, we need to enable "
5501
"the additional repositories using --comp and --ppa:"
5502
msgstr "如果安装的些软件包不是主要的,那我们需要使额外的库来使用 --comp 和 --ppa:"
5504
#: serverguide/C/virtualization.xml:863(programlisting)
5508
"--components COMP1,COMP2,...,COMPN\n"
5509
" A comma separated list of distro components to include (e.g. "
5510
"main,universe). This defaults\n"
5512
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5515
"--components COMP1,COMP2,...,COMPN\n"
5516
" 包括以逗号分隔的发行组件清单(e.g. main,universe)。 默认为\n"
5518
"--ppa=PPA 加入 ppa 属于 PPA 虚拟的 sources.list。\n"
5520
#: serverguide/C/virtualization.xml:870(para)
5522
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5523
"PPA (personal package archive) address so that it is added to the VM "
5524
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5525
"to the command line:"
5527
"此刻 Limesurvey 不是做为存档的一部分,我们将指定它的 "
5528
"PPA(个人软件包存档)地址以便加入到虚拟机<filename>/etc/apt/source.list</filename>,所以我们把以下选项加到命令"
5531
#: serverguide/C/virtualization.xml:876(command)
5533
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5534
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5535
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5536
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5537
"server --ppa nijaba"
5539
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5540
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5541
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5542
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5543
"server --ppa nijaba"
5545
#: serverguide/C/virtualization.xml:883(title)
5549
#: serverguide/C/virtualization.xml:885(para)
5551
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5552
"it will allow our admins to access the appliance remotely. However, pushing "
5553
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5554
"security risk as all these server will share the same secret key, making it "
5555
"very easy for hackers to target our appliance with all the tools they need "
5556
"to crack it open in a breeze. As for the user password, we will instead rely "
5557
"on a script that will install OpenSSH the first time a user logs in so that "
5558
"the key generated will be different for each appliance. For this we'll use a "
5559
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5562
"另一种我们希望在我们的设备上使用的方便的工具是OpenSSH "
5563
",它能让我们的管理员远程访问设备。然而,在实际环境中推广的预先安装OpenSSH的服务器设置方法是一个很大的安全风险,因为所有服务器将共享相同的密钥,使黑"
5564
"客很容易的找到我们的设备然后轻而易举的破解它。至于用户的密码,我们将转而依赖一个脚本,该脚本在用户第一次登陆时将安装OpenSSH,这样生成的密钥对于不同"
5565
"的设备是不同的。为此,我们要使用<emphasis> - firstboot “ /emphasis”的脚本,因为它不需要任何用户交互。"
5567
#: serverguide/C/virtualization.xml:897(title)
5568
msgid "Speed Considerations"
5571
#: serverguide/C/virtualization.xml:900(title)
5572
msgid "Package Caching"
5575
#: serverguide/C/virtualization.xml:902(para)
5577
"When vmbuilder creates builds your system, it has to go fetch each one of "
5578
"the packages that composes it over the network to one of the official "
5579
"repositories, which, depending on your internet connection speed and the "
5580
"load of the mirror, can have a big impact on the actual build time. In order "
5581
"to reduce this, it is recommended to either have a local repository (which "
5582
"can be created using <application>apt-mirror</application>) or using a "
5583
"caching proxy such as <application>apt-proxy</application>. The later option "
5584
"being much simpler to implement and requiring less disk space, it is the one "
5585
"we will pick in this tutorial. To install it, simply type:"
5588
#: serverguide/C/virtualization.xml:912(command)
5589
msgid "sudo apt-get install apt-proxy"
5590
msgstr "sudo apt-get install apt-proxy"
5592
#: serverguide/C/virtualization.xml:915(para)
5594
"Once this is complete, your (empty) proxy is ready for use on "
5595
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5596
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5599
"一旦这完成后,您的(空)代理准备用于 http://mirroraddress:9999 和找到在存放在 /ubuntu 目录下的 ubuntu "
5600
"。为了能让 vmbuilder 能使用它,我们必须使用<emphasis>--mirror</emphasis>选项:"
5602
#: serverguide/C/virtualization.xml:920(programlisting)
5606
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5607
" is http://archive.ubuntu.com/ubuntu for official\n"
5608
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5612
"--mirror=使用 Ubuntu 镜像 URL 来代替,URL\n"
5613
" 官方网是 http://archive.ubuntu.com/ubuntu\n"
5614
" 主站和 http://ports.ubuntu.com/ubuntu-ports\n"
5617
#: serverguide/C/virtualization.xml:927(para)
5618
msgid "So we add to the command line:"
5621
#: serverguide/C/virtualization.xml:932(command)
5622
msgid "--mirror http://mirroraddress:9999/ubuntu"
5623
msgstr "--mirror http://mirroraddress:9999/ubuntu"
5625
#: serverguide/C/virtualization.xml:936(para)
5627
"The mirror address specified here will also be used in the "
5628
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5629
"is useful to specify here an address that can be resolved by the guest or to "
5630
"plan on reseting this address later on, such as in a <emphasis>--"
5631
"firstboot</emphasis> script."
5634
#: serverguide/C/virtualization.xml:945(title)
5635
msgid "Install a Local Mirror"
5638
#: serverguide/C/virtualization.xml:947(para)
5640
"If we are in a larger environment, it may make sense to setup a local mirror "
5641
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5642
"script that will handle the mirroring for you. You should plan on having "
5643
"about 20 gigabyte of free space per supported release and architecture."
5645
"如果我们在一个大环境中,建立一个Ubuntu的本地源是有意义的。apt-"
5646
"mirror使用脚本提供给你的包将处理您的镜像问题。您应该针对每个发行版和架构计划保留20GB的自由空间。"
5648
#: serverguide/C/virtualization.xml:953(para)
5650
"By default, <application>apt-mirror</application> uses the configuration "
5651
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5652
"replicate only the architecture of the local machine. If you would like to "
5653
"support other architectures on your mirror, simply duplicate the lines "
5654
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5655
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5656
"archives as well, you will have:"
5658
"默认情况下,<application>apt-"
5659
"mirror</application>使用在<filename>/etc/apt/mirror.list</filename>文件中包含的设置。一般设置"
5660
",它将只支持本地机器的结构。如果你需要在您的镜像上需要支持其他架构,只需要复制那些以\"deb\"开头的行,然后把deb用/deb-"
5661
"{arch}来代替,这里的arch可以是i386,amd64或者其他。举例来说,在一个amd64的机器上为了使用i386包,您将拥有:"
5663
#: serverguide/C/virtualization.xml:960(programlisting)
5667
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5669
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5670
"universe multiverse\n"
5672
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5673
"universe multiverse \n"
5674
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5675
"universe multiverse \n"
5677
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5678
"universe multiverse \n"
5679
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5680
"restricted universe multiverse \n"
5682
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5683
"universe multiverse \n"
5684
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5685
"restricted universe multiverse \n"
5687
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5688
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5690
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5691
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5695
#: serverguide/C/virtualization.xml:977(para)
5697
"Notice that the source packages are not mirrored as they are seldom used "
5698
"compared to the binaries and they do take a lot more space, but they can be "
5699
"easily added to the list."
5700
msgstr "注意,源码包并没有被镜像,因为和二进制包相比它们使用的很少,但是却占用更多的空间。不过它们可以很容易的添加到列表。"
5702
#: serverguide/C/virtualization.xml:982(para)
5704
"Once the mirror has finished replicating (and this can be quite long), you "
5705
"need to configure Apache so that your mirror files (in "
5706
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5707
"default), are published by your Apache server. For more information on "
5708
"Apache see <xref linkend=\"httpd\"/>."
5710
"一旦镜像完成复制(这可能需要很长时间),你需要设置Apache,因为您的镜像文件(没有修改的话,默认在<filename>/var/spool/apt-"
5711
"mirror</filename>)是通过您的Apache服务器来发布的。关于Apache的更多信息,请参见<xref "
5712
"linkend=\"httpd\"/>"
5714
#: serverguide/C/virtualization.xml:991(title)
5715
msgid "Installing in a RAM Disk"
5718
#: serverguide/C/virtualization.xml:993(para)
5720
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5721
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5722
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5723
"-tmpfs</emphasis> will help you do just that:"
5725
"很容易就可以想到,写到RAM中是一个比写到磁盘中<emphasis>快得多</emphasis>的方法。如果您有一些空的内存,让vmbuilder把它的操"
5726
"作放到RAM中将会有很大改观。选项<emphasis>--tmpfs</emphasis>可以实现这个功能,您只需要:"
5728
#: serverguide/C/virtualization.xml:999(programlisting)
5732
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5733
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5736
"--tmpfs OPTS 使用 tmpfs 做为工作目录,指定它的\n"
5737
" 尺寸或者使用 \"-\" 来使用 tmpfs 默认值 (suid,dev,size=1G).\n"
5739
#: serverguide/C/virtualization.xml:1004(para)
5741
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5742
"have 1G of free ram."
5743
msgstr "因此,增加<command>--tmpfs -</command>看起来是个很好的主意,如果您有 1G 的闲置内存。"
5745
#: serverguide/C/virtualization.xml:1011(title)
5746
msgid "Package the Application"
5749
#: serverguide/C/virtualization.xml:1013(para)
5750
msgid "Two option are available to us:"
5753
#: serverguide/C/virtualization.xml:1019(para)
5755
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5756
"package. Since this is outside of the scope of this tutorial, we will not "
5757
"perform this here and invite the reader to read the documentation on how to "
5758
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5759
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5760
"repository for your package so that updates can be conveniently pulled from "
5761
"it. See the <ulink url=\"http://www.debian-"
5762
"administration.org/articles/286\">Debian Administration</ulink> article for "
5763
"a tutorial on this."
5765
"达成此目的建议方法是制作一个<emphasis>Debian</emphasis>包。因为这已经超出了我们这个向导的范围,我们将不再在这里介绍,读者可以到"
5766
"网址<ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu Packaging "
5767
"Guide</ulink>来阅读如何达到这个目的的文档。在这种情况下,建立一个源是一个好主意,因为这样您可以随后方便的从它升级。关于这个的介绍,请参阅<u"
5768
"link url=\"http://www.debian-administration.org/articles/286\">Debian "
5769
"Administration</ulink>相关文章。"
5771
#: serverguide/C/virtualization.xml:1028(para)
5773
"Manually install the application under <filename>/opt</filename> as "
5774
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5775
"guidelines</ulink>."
5777
"在<filename>/opt</filename>下手动安装程序是<ulink "
5778
"url=\"http://www.pathname.com/fhs/\">FHS 指南</ulink>所推荐的方式."
5780
#: serverguide/C/virtualization.xml:1035(para)
5782
"In our case we'll use <application>Limesurvey</application> as example web "
5783
"application for which we wish to provide a virtual appliance. As noted "
5784
"before, we've made a version of the package available in a PPA (Personal "
5787
"在这里,我们将使用<application>Limesurvey</application>作为示例程序来展示我们如何提供一个虚拟装置。如前所述,我们制作"
5788
"了一个可以在一个PPA中(个人包获取)使用的版本的包。"
5790
#: serverguide/C/virtualization.xml:1042(title)
5791
msgid "Finishing Install"
5794
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5798
#: serverguide/C/virtualization.xml:1047(para)
5800
"As we mentioned earlier, the first time the machine boots we'll need to "
5801
"install <application>openssh-server</application> so that the key generated "
5802
"for it is unique for each machine. To do this, we'll write a script called "
5803
"<filename>boot.sh</filename> as follows:"
5805
"如前所述,机器第一期启动的时候我们需要安装<application>openssh-"
5806
"server</application>,这样的话就可以为每一个机器生成一个唯一的键。为达到此目的,我们需要像下面这样编写一个叫做<filename>bo"
5807
"ot.sh</filename>的脚本:"
5809
#: serverguide/C/virtualization.xml:1053(programlisting)
5813
"# This script will run the first time the virtual machine boots\n"
5814
"# It is ran as root.\n"
5817
"apt-get install -qqy --force-yes openssh-server\n"
5820
"# 这个脚本将在虚拟机第一次启动时运行\n"
5824
"apt-get install -qqy --force-yes openssh-server\n"
5826
#: serverguide/C/virtualization.xml:1061(para)
5828
"And we add the <command>--firstboot boot.sh</command> option to our command "
5830
msgstr "我们也要把<command>--firstboot boot.sh</command>选项命令加进命令行里。"
5832
#: serverguide/C/virtualization.xml:1067(title)
5836
#: serverguide/C/virtualization.xml:1069(para)
5838
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5839
"set them up the first time a user logs in using a script named login.sh. "
5840
"We'll also use this script to let the user specify:"
5842
"Mysql和Limesuevey在他们的安装过程中需要一些用户交互,我们将在用户第一次登录的时候使用一个叫做login.sh的脚本来设置它们。我们同样适用"
5845
#: serverguide/C/virtualization.xml:1075(para)
5846
msgid "His own password"
5849
#: serverguide/C/virtualization.xml:1076(para)
5850
msgid "Define the keyboard and other locale info he wants to use"
5851
msgstr "定义键盘和所想要使用的其它地区信息"
5853
#: serverguide/C/virtualization.xml:1079(para)
5854
msgid "So we'll define <filename>login.sh</filename> as follows:"
5855
msgstr "因此我们将定义<filename>login.sh</filename>做为以下内容:"
5857
#: serverguide/C/virtualization.xml:1083(programlisting)
5861
"# This script is ran the first time a user logs in\n"
5863
"echo \"Your appliance is about to be finished to be set up.\"\n"
5864
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5865
"echo \"starting by changing your user password.\"\n"
5869
"#give the opportunity to change the keyboard\n"
5870
"sudo dpkg-reconfigure console-setup\n"
5872
"#configure the mysql server root password\n"
5873
"sudo dpkg-reconfigure mysql-server-5.0\n"
5875
"#install limesurvey\n"
5876
"sudo apt-get install -qqy --force-yes limesurvey\n"
5878
"echo \"Your appliance is now configured. To use it point your\"\n"
5879
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5882
"# This script is ran the first time a user logs in\n"
5884
"echo \"Your appliance is about to be finished to be set up.\"\n"
5885
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5886
"echo \"starting by changing your user password.\"\n"
5890
"#give the opportunity to change the keyboard\n"
5891
"sudo dpkg-reconfigure console-setup\n"
5893
"#configure the mysql server root password\n"
5894
"sudo dpkg-reconfigure mysql-server-5.0\n"
5896
"#install limesurvey\n"
5897
"sudo apt-get install -qqy --force-yes limesurvey\n"
5899
"echo \"Your appliance is now configured. To use it point your\"\n"
5900
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5902
#: serverguide/C/virtualization.xml:1105(para)
5904
"And we add the <command>--firstlogin login.sh</command> option to our "
5906
msgstr "我们也要把<command>--firstlogin login.sh</command>选项命令加进命令行里。"
5908
#: serverguide/C/virtualization.xml:1112(title)
5909
msgid "Useful Additions"
5912
#: serverguide/C/virtualization.xml:1115(title)
5913
msgid "Configuring Automatic Updates"
5916
#: serverguide/C/virtualization.xml:1117(para)
5918
"To have your system be configured to update itself on a regular basis, we "
5919
"will just install <application>unattended-upgrades</application>, so we add "
5920
"the following option to our command line:"
5922
"想要将你的系统配置为定期自动更新,只需安装<application>unattended-upgrades</application>. "
5925
#: serverguide/C/virtualization.xml:1123(command)
5926
msgid "--addpkg unattended-upgrades"
5927
msgstr "--addpkg unattended-upgrades"
5929
#: serverguide/C/virtualization.xml:1126(para)
5931
"As we have put our application package in a PPA, the process will update not "
5932
"only the system, but also the application each time we update the version in "
5934
msgstr "正如我们已经把应用包加入到了PPA, 我们在PPA中更新版本的时候,不仅会更新系统,应用程序也会更新."
5936
#: serverguide/C/virtualization.xml:1133(title)
5937
msgid "ACPI Event Handling"
5940
#: serverguide/C/virtualization.xml:1135(para)
5942
"For your virtual machine to be able to handle restart and shutdown events it "
5943
"is being sent, it is a good idea to install the acpid package as well. To do "
5944
"this we just add the following option:"
5945
msgstr "为了您的虚拟机发送信息能够处理重启和关闭事件,这也是个安装 acpid 软件包的好方法。为了做到这点我们只需加进以下选项即可:"
5947
#: serverguide/C/virtualization.xml:1141(command)
5948
msgid "--addpkg acpid"
5949
msgstr "--addpkg acpid"
5951
#: serverguide/C/virtualization.xml:1147(title)
5952
msgid "Final Command"
5955
#: serverguide/C/virtualization.xml:1149(para)
5956
msgid "Here is the command with all the options discussed above:"
5957
msgstr "这是使用了上面所有涉及到选项的命令:"
5959
#: serverguide/C/virtualization.xml:1154(command)
5961
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5962
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5963
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5964
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5965
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5966
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5967
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5968
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5969
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5970
"firstlogin login.sh"
5973
#: serverguide/C/virtualization.xml:1169(para)
5975
"If you are interested in learning more, have questions or suggestions, "
5976
"please contact the Ubuntu Server Team at:"
5977
msgstr "如果您有兴趣了解更多,有问题或建议,请联系 Ubuntu 服务团队:"
5979
#: serverguide/C/virtualization.xml:1174(para)
5980
msgid "IRC: #ubuntu-server on freenode"
5981
msgstr "IRC: #ubuntu-server on freenode"
5983
#: serverguide/C/virtualization.xml:1179(para)
5985
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5986
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5988
"邮件列表: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5989
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5991
#: serverguide/C/virtualization.xml:1184(para)
5993
"Also, see the <ulink "
5994
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5995
"Wiki</ulink> page."
5998
#: serverguide/C/virtualization.xml:1192(title)
6002
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
6006
#: serverguide/C/virtualization.xml:1197(para)
6008
"This tutorial covers <application>UEC</application> installation from the "
6009
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
6010
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
6011
"and one or more nodes attached."
6014
#: serverguide/C/virtualization.xml:1202(para)
6016
"From this Tutorial you will learn how to install, configure, register and "
6017
"perform several operations on a basic <application>UEC</application> setup "
6018
"that results in a cloud with a one controller <emphasis>\"front-"
6019
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6020
"instances. You will also use examples to help get you started using your own "
6021
"private compute cloud."
6024
#: serverguide/C/virtualization.xml:1210(title)
6025
msgid "Prerequisites"
6028
#: serverguide/C/virtualization.xml:1212(para)
6030
"To deploy a minimal cloud infrastructure, you’ll need at least "
6031
"<emphasis>two</emphasis> dedicated systems:"
6034
#: serverguide/C/virtualization.xml:1218(para)
6035
msgid "A front end."
6038
#: serverguide/C/virtualization.xml:1223(para)
6039
msgid "One or more node(s)."
6042
#: serverguide/C/virtualization.xml:1229(para)
6044
"The following are recommendations, rather than fixed requirements. However, "
6045
"our experience in developing this documentation indicated the following "
6049
#: serverguide/C/virtualization.xml:1234(title)
6050
msgid "Front End Requirements"
6053
#: serverguide/C/virtualization.xml:1236(para)
6054
msgid "Use the following table for a system that will run one or more of:"
6057
#: serverguide/C/virtualization.xml:1241(para)
6058
msgid "Cloud Controller (CLC)"
6061
#: serverguide/C/virtualization.xml:1242(para)
6062
msgid "Cluster Controller (CC)"
6065
#: serverguide/C/virtualization.xml:1243(para)
6066
msgid "Walrus (the S3-like storage service)"
6069
#: serverguide/C/virtualization.xml:1244(para)
6070
msgid "Storage Controller (SC)"
6073
#: serverguide/C/virtualization.xml:1248(title)
6074
msgid "UEC Front End Requirements"
6077
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
6081
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
6085
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
6089
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
6093
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
6097
#: serverguide/C/virtualization.xml:1265(para)
6101
#: serverguide/C/virtualization.xml:1266(para)
6105
#: serverguide/C/virtualization.xml:1267(para)
6107
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
6108
"a dual core processor."
6111
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
6115
#: serverguide/C/virtualization.xml:1271(para)
6119
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
6123
#: serverguide/C/virtualization.xml:1273(para)
6124
msgid "The Java web front end benefits from lots of available memory."
6127
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
6131
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
6132
msgid "5400 RPM IDE"
6135
#: serverguide/C/virtualization.xml:1278(para)
6136
msgid "7200 RPM SATA"
6139
#: serverguide/C/virtualization.xml:1279(para)
6141
"Slower disks will work, but will yield much longer instance startup times."
6144
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
6148
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
6152
#: serverguide/C/virtualization.xml:1284(para)
6156
#: serverguide/C/virtualization.xml:1285(para)
6158
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
6159
"does not like to run out of disk space."
6162
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
6166
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
6170
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
6174
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
6176
"Machine images are hundreds of MB, and need to be copied over the network to "
6180
#: serverguide/C/virtualization.xml:1299(title)
6181
msgid "Node Requirements"
6184
#: serverguide/C/virtualization.xml:1301(para)
6185
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
6188
#: serverguide/C/virtualization.xml:1306(para)
6189
msgid "the Node Controller (NC)"
6192
#: serverguide/C/virtualization.xml:1310(title)
6193
msgid "UEC Node Requirements"
6196
#: serverguide/C/virtualization.xml:1327(para)
6197
msgid "VT Extensions"
6200
#: serverguide/C/virtualization.xml:1328(para)
6201
msgid "VT, 64-bit, Multicore"
6204
#: serverguide/C/virtualization.xml:1329(para)
6206
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
6207
"only run 1 VM per CPU core on a Node."
6210
#: serverguide/C/virtualization.xml:1333(para)
6214
#: serverguide/C/virtualization.xml:1335(para)
6215
msgid "Additional memory means more, and larger guests."
6218
#: serverguide/C/virtualization.xml:1340(para)
6219
msgid "7200 RPM SATA or SCSI"
6222
#: serverguide/C/virtualization.xml:1341(para)
6224
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
6228
#: serverguide/C/virtualization.xml:1346(para)
6232
#: serverguide/C/virtualization.xml:1347(para)
6234
"Images will be cached locally, Eucalyptus does not like to run out of disk "
6238
#: serverguide/C/virtualization.xml:1363(title)
6239
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
6242
#: serverguide/C/virtualization.xml:1367(para)
6243
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
6246
#: serverguide/C/virtualization.xml:1372(para)
6248
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
6249
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
6250
"components are present."
6253
#: serverguide/C/virtualization.xml:1377(para)
6255
"You can then choose which components to install, based on your chosen <ulink "
6256
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
6259
#: serverguide/C/virtualization.xml:1382(para)
6261
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
6262
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
6265
#: serverguide/C/virtualization.xml:1388(para)
6267
"It will ask two other cloud-specific questions during the course of the "
6271
#: serverguide/C/virtualization.xml:1393(para)
6272
msgid "Name of your cluster."
6275
#: serverguide/C/virtualization.xml:1396(para)
6276
msgid "e.g. <emphasis>cluster1</emphasis>."
6279
#: serverguide/C/virtualization.xml:1399(para)
6281
"A range of public IP addresses on the LAN that the cloud can allocate to "
6285
#: serverguide/C/virtualization.xml:1402(para)
6286
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6289
#: serverguide/C/virtualization.xml:1410(title)
6290
msgid "Installing the Node Controller(s)"
6293
#: serverguide/C/virtualization.xml:1412(para)
6295
"The node controller install is even simpler. Just make sure that you are "
6296
"connected to the network on which the cloud/cluster controller is already "
6300
#: serverguide/C/virtualization.xml:1418(para)
6301
msgid "Boot from the same ISO on the node(s)."
6304
#: serverguide/C/virtualization.xml:1423(para)
6306
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6309
#: serverguide/C/virtualization.xml:1428(para)
6310
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6313
#: serverguide/C/virtualization.xml:1433(para)
6315
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6319
#: serverguide/C/virtualization.xml:1438(para)
6320
msgid "Confirm the partitioning scheme."
6323
#: serverguide/C/virtualization.xml:1443(para)
6325
"The rest of the installation should proceed uninterrupted; complete the "
6326
"installation and reboot the node."
6329
#: serverguide/C/virtualization.xml:1451(title)
6330
msgid "Register the Node(s)"
6333
#: serverguide/C/virtualization.xml:1456(para)
6335
"Nodes are the physical systems within <application>UEC</application> that "
6336
"actually run the virtual machine instances of the cloud."
6339
#: serverguide/C/virtualization.xml:1460(para)
6340
msgid "All component registration should be automatic, assuming:"
6343
#: serverguide/C/virtualization.xml:1466(para)
6344
msgid "Public SSH keys have been exchanged properly."
6347
#: serverguide/C/virtualization.xml:1471(para)
6348
msgid "The services are configured properly."
6351
#: serverguide/C/virtualization.xml:1476(para)
6353
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
6356
#: serverguide/C/virtualization.xml:1481(para)
6357
msgid "Verify Registration."
6360
#: serverguide/C/virtualization.xml:1487(para)
6362
"Steps a to e should only be required if you're using the <ulink "
6363
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
6364
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
6365
"should already be completed automatically for you, and therefore you can "
6366
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
6369
#: serverguide/C/virtualization.xml:1495(para)
6370
msgid "Exchange Public Keys"
6373
#: serverguide/C/virtualization.xml:1497(para)
6375
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
6376
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
6377
"Controller as the eucalyptus user."
6380
#: serverguide/C/virtualization.xml:1502(para)
6382
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
6386
#: serverguide/C/virtualization.xml:1508(para)
6388
"On the target controller, temporarily set a password for the eucalyptus user:"
6391
#: serverguide/C/virtualization.xml:1512(command)
6392
msgid "sudo passwd eucalyptus"
6395
#: serverguide/C/virtualization.xml:1516(para)
6396
msgid "Then, on the Cloud Controller:"
6399
#: serverguide/C/virtualization.xml:1520(command)
6401
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
6402
"eucalyptus@<IP_OF_NODE>"
6405
#: serverguide/C/virtualization.xml:1524(para)
6407
"You can now remove the password of the eucalyptus account on the target "
6408
"controller, if you wish:"
6411
#: serverguide/C/virtualization.xml:1528(command)
6412
msgid "sudo passwd -d eucalyptus"
6415
#: serverguide/C/virtualization.xml:1535(para)
6416
msgid "Configuring the Services"
6419
#: serverguide/C/virtualization.xml:1537(para)
6420
msgid "On the <emphasis>Cloud Controller</emphasis>:"
6423
#: serverguide/C/virtualization.xml:1543(para)
6424
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
6427
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
6429
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
6430
"cc.conf</filename>"
6433
#: serverguide/C/virtualization.xml:1549(para)
6435
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6436
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6440
#: serverguide/C/virtualization.xml:1556(para)
6441
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
6444
#: serverguide/C/virtualization.xml:1560(para)
6446
"Define the shell variable WALRUS_IP_ADDR in "
6447
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
6451
#: serverguide/C/virtualization.xml:1565(para)
6452
msgid "On the <emphasis>Cluster Controller</emphasis>:"
6455
#: serverguide/C/virtualization.xml:1571(para)
6456
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
6459
#: serverguide/C/virtualization.xml:1577(para)
6461
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6462
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6466
#: serverguide/C/virtualization.xml:1587(para)
6470
#: serverguide/C/virtualization.xml:1589(para)
6471
msgid "Now start the publication services."
6474
#: serverguide/C/virtualization.xml:1595(emphasis)
6475
msgid "Walrus Controller:"
6478
#: serverguide/C/virtualization.xml:1597(command)
6479
msgid "sudo start eucalyptus-walrus-publication"
6482
#: serverguide/C/virtualization.xml:1601(emphasis)
6483
msgid "Cluster Controller:"
6486
#: serverguide/C/virtualization.xml:1603(command)
6487
msgid "sudo start eucalyptus-cc-publication"
6490
#: serverguide/C/virtualization.xml:1607(emphasis)
6491
msgid "Storage Controller:"
6494
#: serverguide/C/virtualization.xml:1609(command)
6495
msgid "sudo start eucalyptus-sc-publication"
6498
#: serverguide/C/virtualization.xml:1613(emphasis)
6499
msgid "Node Controller:"
6502
#: serverguide/C/virtualization.xml:1615(command)
6503
msgid "sudo start eucalyptus-nc-publication"
6506
#: serverguide/C/virtualization.xml:1622(para)
6507
msgid "Start the Listener"
6510
#: serverguide/C/virtualization.xml:1624(para)
6512
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
6513
"Controller(s)</emphasis>, run:"
6516
#: serverguide/C/virtualization.xml:1629(command)
6517
msgid "sudo start uec-component-listener"
6520
#: serverguide/C/virtualization.xml:1634(para)
6521
msgid "Verify Registration"
6524
#: serverguide/C/virtualization.xml:1637(command)
6525
msgid "cat /var/log/eucalyptus/registration.log"
6528
#: serverguide/C/virtualization.xml:1638(computeroutput)
6531
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
6533
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
6535
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
6536
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
6538
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
6539
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
6541
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
6543
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
6546
#: serverguide/C/virtualization.xml:1649(para)
6547
msgid "The output on your machine will vary from the example above."
6550
#: serverguide/C/virtualization.xml:1659(title)
6551
msgid "Obtain Credentials"
6554
#: serverguide/C/virtualization.xml:1661(para)
6556
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6557
"users of the cloud will need to retrieve their credentials. This can be done "
6558
"either through a web browser, or at the command line."
6561
#: serverguide/C/virtualization.xml:1667(title)
6562
msgid "From a Web Browser"
6565
#: serverguide/C/virtualization.xml:1671(para)
6567
"From your web browser (either remotely or on your Ubuntu server) access the "
6571
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6575
"https://<cloud-controller-ip-address>:8443/\n"
6578
#: serverguide/C/virtualization.xml:1679(para)
6580
"You must use a secure connection, so make sure you use \"https\" not "
6581
"\"http\" in your URL. You will get a security certificate warning. You will "
6582
"have to add an exception to view the page. If you do not accept it you will "
6583
"not be able to view the Eucalyptus configuration page."
6586
#: serverguide/C/virtualization.xml:1687(para)
6588
"Use username <emphasis>'admin'</emphasis> and password "
6589
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6590
"to change your password)."
6593
#: serverguide/C/virtualization.xml:1693(para)
6595
"Then follow the on-screen instructions to update the admin password and "
6599
#: serverguide/C/virtualization.xml:1698(para)
6601
"Once the first time configuration process is completed, click the "
6602
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6606
#: serverguide/C/virtualization.xml:1704(para)
6608
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6612
#: serverguide/C/virtualization.xml:1709(para)
6613
msgid "Save them to <filename>~/.euca</filename>."
6616
#: serverguide/C/virtualization.xml:1714(para)
6618
"Unzip the downloaded zip file into a safe location "
6619
"(<filename>~/.euca</filename>)."
6622
#: serverguide/C/virtualization.xml:1718(command)
6623
msgid "unzip -d ~/.euca mycreds.zip"
6626
#: serverguide/C/virtualization.xml:1725(title)
6627
msgid "From a Command Line"
6630
#: serverguide/C/virtualization.xml:1729(para)
6632
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6633
"Controller</emphasis>, you can run:"
6636
#: serverguide/C/virtualization.xml:1733(command)
6637
msgid "mkdir -p ~/.euca"
6640
#: serverguide/C/virtualization.xml:1734(command)
6641
msgid "chmod 700 ~/.euca"
6644
#: serverguide/C/virtualization.xml:1735(command)
6648
#: serverguide/C/virtualization.xml:1736(command)
6649
msgid "sudo euca_conf --get-credentials mycreds.zip"
6652
#: serverguide/C/virtualization.xml:1737(command)
6653
msgid "unzip mycreds.zip"
6656
#: serverguide/C/virtualization.xml:1738(command)
6657
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6660
#: serverguide/C/virtualization.xml:1739(command)
6664
#: serverguide/C/virtualization.xml:1746(title)
6665
msgid "Extracting and Using Your Credentials"
6668
#: serverguide/C/virtualization.xml:1748(para)
6670
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6674
#: serverguide/C/virtualization.xml:1754(para)
6675
msgid "Install the required cloud user tools:"
6678
#: serverguide/C/virtualization.xml:1758(command)
6679
msgid "sudo apt-get install euca2ools"
6682
#: serverguide/C/virtualization.xml:1762(para)
6684
"To validate that everything is working correctly, get the local cluster "
6685
"availability details:"
6688
#: serverguide/C/virtualization.xml:1766(command)
6689
msgid ". ~/.euca/eucarc"
6692
#: serverguide/C/virtualization.xml:1767(command)
6693
msgid "euca-describe-availability-zones verbose"
6696
#: serverguide/C/virtualization.xml:1768(computeroutput)
6699
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6700
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6701
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6702
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6703
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6704
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6705
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6708
#: serverguide/C/virtualization.xml:1778(para)
6709
msgid "Your output from the above command will vary."
6712
#: serverguide/C/virtualization.xml:1788(title)
6713
msgid "Install an Image from the Store"
6716
#: serverguide/C/virtualization.xml:1790(para)
6718
"The following is by far the simplest way to install an image. However, "
6719
"advanced users may be interested in learning how to <ulink "
6720
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6721
"own image</ulink>."
6724
#: serverguide/C/virtualization.xml:1795(para)
6726
"The simplest way to add an image to <application>UEC</application> is to "
6727
"install it from the Image Store on the UEC web interface."
6730
#: serverguide/C/virtualization.xml:1801(para)
6732
"Access the web interface at the following URL (Make sure you specify https):"
6735
#: serverguide/C/virtualization.xml:1809(para)
6737
"Enter your login and password (if requested, as you may still be logged in "
6741
#: serverguide/C/virtualization.xml:1814(para)
6742
msgid "Click on the <emphasis>Store</emphasis> tab."
6745
#: serverguide/C/virtualization.xml:1819(para)
6746
msgid "Browse available images."
6749
#: serverguide/C/virtualization.xml:1824(para)
6750
msgid "Click on <emphasis>install</emphasis> for the image you want."
6753
#: serverguide/C/virtualization.xml:1830(para)
6755
"Once the image has been downloaded and installed, you can click on "
6756
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6757
"button to view the command to execute to instantiate (start) this image. The "
6758
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6762
#: serverguide/C/virtualization.xml:1838(title)
6763
msgid "Run an Image"
6766
#: serverguide/C/virtualization.xml:1840(para)
6767
msgid "There are multiple ways to instantiate an image in UEC:"
6770
#: serverguide/C/virtualization.xml:1845(para)
6771
msgid "Use the command line."
6774
#: serverguide/C/virtualization.xml:1846(para)
6776
"Use one of the UEC compatible management tools such as "
6777
"<emphasis>Landscape</emphasis>."
6780
#: serverguide/C/virtualization.xml:1848(para)
6783
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6784
"extension to Firefox."
6787
#: serverguide/C/virtualization.xml:1854(para)
6788
msgid "Here we will describe the process from the command line:"
6791
#: serverguide/C/virtualization.xml:1860(para)
6793
"Before running an instance of your image, you should first create a "
6794
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6795
"instance as root, once it boots. The key is stored, so you will only have to "
6799
#: serverguide/C/virtualization.xml:1864(para)
6800
msgid "Run the following command:"
6803
#: serverguide/C/virtualization.xml:1867(programlisting)
6807
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6808
" mkdir -p -m 700 ~/.euca\n"
6809
" touch ~/.euca/mykey.priv\n"
6810
" chmod 0600 ~/.euca/mykey.priv\n"
6811
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6815
#: serverguide/C/virtualization.xml:1876(para)
6817
"You can call your key whatever you like (in this example, the key is called "
6818
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6819
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6820
"a list of created keys stored in the system."
6823
#: serverguide/C/virtualization.xml:1883(para)
6824
msgid "You must also allow access to port 22 in your instances:"
6827
#: serverguide/C/virtualization.xml:1887(command)
6828
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6831
#: serverguide/C/virtualization.xml:1891(para)
6832
msgid "Next, you can create instances of your registered image:"
6835
#: serverguide/C/virtualization.xml:1895(command)
6836
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6839
#: serverguide/C/virtualization.xml:1898(para)
6841
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6842
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6843
"on the <emphasis>Store</emphasis> page to see the sample command."
6846
#: serverguide/C/virtualization.xml:1905(para)
6848
"The first time you run an instance, the system will be setting up caches for "
6849
"the image from which it will be created. This can often take some time the "
6850
"first time an instance is run given that VM images are usually quite large."
6853
#: serverguide/C/virtualization.xml:1909(para)
6854
msgid "To monitor the state of your instance, run:"
6857
#: serverguide/C/virtualization.xml:1913(command)
6858
msgid "watch -n5 euca-describe-instances"
6861
#: serverguide/C/virtualization.xml:1915(para)
6863
"In the output, you should see information about the instance, including its "
6864
"state. While first-time caching is being performed, the instance's state "
6865
"will be <emphasis>'pending'</emphasis>."
6868
#: serverguide/C/virtualization.xml:1921(para)
6870
"When the instance is fully started, the above state will become "
6871
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6872
"instance in the output, then connect to it:"
6875
#: serverguide/C/virtualization.xml:1926(command)
6877
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6881
#: serverguide/C/virtualization.xml:1927(command)
6882
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6885
#: serverguide/C/virtualization.xml:1931(para)
6887
"And when you are done with this instance, exit your SSH connection, then "
6888
"terminate your instance:"
6891
#: serverguide/C/virtualization.xml:1935(command)
6893
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6897
#: serverguide/C/virtualization.xml:1936(command)
6898
msgid "euca-terminate-instances $INSTANCEID"
6901
#: serverguide/C/virtualization.xml:1944(para)
6903
"The <application>cloud-init</application> package provides \"first boot\" "
6904
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6905
"generic filesystem image that is booting and customizing it for this "
6906
"particular instance. That includes things like:"
6909
#: serverguide/C/virtualization.xml:1952(para)
6910
msgid "Setting the hostname."
6913
#: serverguide/C/virtualization.xml:1957(para)
6915
"Putting the provided ssh public keys into "
6916
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6919
#: serverguide/C/virtualization.xml:1962(para)
6920
msgid "Running a user provided script, or otherwise modifying the image."
6923
#: serverguide/C/virtualization.xml:1968(para)
6925
"Setting hostname and configuring a system so the person who launched it can "
6926
"actually log into it are not terribly interesting. The interesting things "
6927
"that can be done with <application>cloud-init</application> are made "
6928
"possible by data provided at launch time called <ulink "
6929
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6930
"85\">user-data</ulink>."
6933
#: serverguide/C/virtualization.xml:1974(para)
6934
msgid "First, install the <application>cloud-init</application> package:"
6937
#: serverguide/C/virtualization.xml:1979(command)
6938
msgid "sudo apt-get install cloud-init"
6941
#: serverguide/C/virtualization.xml:1982(para)
6943
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6944
"stored and executed as root late in the boot process of the instance's first "
6945
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6946
"directed to the console."
6949
#: serverguide/C/virtualization.xml:1987(para)
6951
"For example, create a file named <filename>ud.txt</filename> containing:"
6954
#: serverguide/C/virtualization.xml:1991(programlisting)
6959
"echo ========== Hello World: $(date) ==========\n"
6960
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6963
#: serverguide/C/virtualization.xml:1997(para)
6965
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6968
#: serverguide/C/virtualization.xml:2002(command)
6969
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6972
#: serverguide/C/virtualization.xml:2005(para)
6974
"Wait now for the system to come up and console to be available. To see the "
6975
"result of the data file commands enter:"
6978
#: serverguide/C/virtualization.xml:2010(command)
6979
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6982
#: serverguide/C/virtualization.xml:2011(computeroutput)
6985
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6986
"I have been up for 28.26 sec"
6989
#: serverguide/C/virtualization.xml:2016(para)
6990
msgid "Your output may vary."
6993
#: serverguide/C/virtualization.xml:2021(para)
6995
"The simple approach shown above gives a great deal of power. The user-data "
6996
"can contain a script in any language where an interpreter already exists in "
6997
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
7001
#: serverguide/C/virtualization.xml:2026(para)
7003
"For many cases, the user may not be interested in writing a program. For "
7004
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
7005
"configuration based approach towards customization. To utilize the cloud-"
7006
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
7007
"config'</emphasis>."
7010
#: serverguide/C/virtualization.xml:2031(para)
7012
"For example, create a text file named <filename>clout-config.txt</filename> "
7016
#: serverguide/C/virtualization.xml:2035(programlisting)
7021
"apt_upgrade: true\n"
7023
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
7026
"- build-essential\n"
7030
"- echo ======= Hello World =====\n"
7031
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
7034
#: serverguide/C/virtualization.xml:2050(para)
7035
msgid "Create a new instance:"
7038
#: serverguide/C/virtualization.xml:2055(command)
7040
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
7044
#: serverguide/C/virtualization.xml:2058(para)
7045
msgid "Now, when the above system is booted, it will have:"
7048
#: serverguide/C/virtualization.xml:2063(para)
7049
msgid "Added the Apache Edgers PPA."
7052
#: serverguide/C/virtualization.xml:2064(para)
7053
msgid "Run an upgrade to get all updates available"
7056
#: serverguide/C/virtualization.xml:2065(para)
7057
msgid "Installed the 'build-essential' and 'pastebinit' packages"
7060
#: serverguide/C/virtualization.xml:2066(para)
7061
msgid "Printed a similar message to the script above"
7064
#: serverguide/C/virtualization.xml:2070(para)
7066
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
7067
"the latest version of Apache from upstream source repositories. Package "
7068
"versions in the PPA are unsupported, and depending on your situation, this "
7069
"may or may not be desirable. See the <ulink "
7070
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
7071
"Edgers</ulink> web page for more details."
7074
#: serverguide/C/virtualization.xml:2077(para)
7076
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
7077
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
7078
"It is present to allow you to get the full power of a scripting language if "
7079
"you need it without abandoning <emphasis>cloud-config</emphasis>."
7082
#: serverguide/C/virtualization.xml:2082(para)
7084
"For more information on what kinds of things can be done with "
7085
"<application>cloud-config</application>, see <ulink "
7086
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
7087
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
7090
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
7091
msgid "More Information"
7094
#: serverguide/C/virtualization.xml:2093(para)
7096
"How to use the <ulink "
7097
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
7098
"Controller</ulink>"
7101
#: serverguide/C/virtualization.xml:2097(para)
7102
msgid "Controlling eucalyptus services:"
7105
#: serverguide/C/virtualization.xml:2102(para)
7107
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
7110
#: serverguide/C/virtualization.xml:2103(para)
7111
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
7114
#: serverguide/C/virtualization.xml:2106(para)
7115
msgid "Locations of some important files:"
7118
#: serverguide/C/virtualization.xml:2113(emphasis)
7122
#: serverguide/C/virtualization.xml:2116(para)
7123
msgid "/var/log/eucalyptus"
7126
#: serverguide/C/virtualization.xml:2121(emphasis)
7127
msgid "Configuration files:"
7130
#: serverguide/C/virtualization.xml:2124(para)
7131
msgid "/etc/eucalyptus"
7134
#: serverguide/C/virtualization.xml:2129(emphasis)
7138
#: serverguide/C/virtualization.xml:2132(para)
7139
msgid "/var/lib/eucalyptus/db"
7142
#: serverguide/C/virtualization.xml:2137(emphasis)
7146
#: serverguide/C/virtualization.xml:2140(para)
7147
msgid "/var/lib/eucalyptus"
7150
#: serverguide/C/virtualization.xml:2141(para)
7151
msgid "/var/lib/eucalyptus/.ssh"
7154
#: serverguide/C/virtualization.xml:2147(para)
7156
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
7157
"running the client tools."
7160
#: serverguide/C/virtualization.xml:2158(para)
7162
"For information on loading instances see the <ulink "
7163
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
7166
"关于加载的例子的信息,请参见网页<ulink "
7167
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink>。"
7169
#: serverguide/C/virtualization.xml:2163(para)
7171
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
7172
"documentation, downloads)</ulink>."
7175
#: serverguide/C/virtualization.xml:2168(para)
7177
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
7178
"(bugs, code)</ulink>."
7181
#: serverguide/C/virtualization.xml:2173(para)
7184
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
7185
"ptus Troubleshooting (1.5)</ulink>."
7188
#: serverguide/C/virtualization.xml:2178(para)
7190
"<ulink url=\"http://support.rightscale.com/2._References/02-"
7191
"Cloud_Infrastructures/Eucalyptus/03-"
7192
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
7193
"RightScale</ulink>."
7196
#: serverguide/C/virtualization.xml:2184(para)
7198
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
7199
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7200
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7202
"您也可以在以下地方得到帮助: <emphasis>#ubuntu-virt</emphasis>, "
7203
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7204
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7206
#: serverguide/C/virtualization.xml:2193(title)
7210
#: serverguide/C/virtualization.xml:2195(para)
7212
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
7213
"unfamiliar to some readers. This page is intended to provide a glossary of "
7214
"such terms and acronyms."
7217
#: serverguide/C/virtualization.xml:2202(para)
7219
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
7220
"computing resources through virtual machines, provisioned and recollected "
7224
#: serverguide/C/virtualization.xml:2208(para)
7226
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
7227
"provides the web UI (an https server on port 8443), and implements the "
7228
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
7229
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
7230
"cloud</application> package."
7233
#: serverguide/C/virtualization.xml:2215(para)
7235
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
7236
"Cluster Controller. There can be more than one Cluster in an installation of "
7237
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
7241
#: serverguide/C/virtualization.xml:2221(para)
7243
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
7244
"manages collections of node resources. This service is provided by the "
7245
"Ubuntu <application>eucalyptus-cc</application> package."
7248
#: serverguide/C/virtualization.xml:2227(para)
7249
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
7252
#: serverguide/C/virtualization.xml:2232(para)
7254
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
7255
"pay-by-the-gigabyte public cloud computing offering."
7258
#: serverguide/C/virtualization.xml:2237(para)
7259
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
7262
#: serverguide/C/virtualization.xml:2242(para)
7263
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
7266
#: serverguide/C/virtualization.xml:2247(para)
7267
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
7270
#: serverguide/C/virtualization.xml:2252(para)
7272
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
7273
"Linking Your Programs To Useful Systems. An open source project originally "
7274
"from the University of California at Santa Barbara, now supported by "
7275
"Eucalyptus Systems, a Canonical Partner."
7278
#: serverguide/C/virtualization.xml:2259(para)
7280
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
7281
"the high level Eucalyptus components (cloud, walrus, storage controller, "
7282
"cluster controller)."
7285
#: serverguide/C/virtualization.xml:2265(para)
7287
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
7288
"running virtual machines, running a node controller. Within Ubuntu, this "
7289
"generally means that the CPU has VT extensions, and can run the KVM "
7293
#: serverguide/C/virtualization.xml:2271(para)
7295
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
7296
"on nodes which host the virtual machines that comprise the cloud. This "
7297
"service is provided by the Ubuntu package <application>eucalyptus-"
7301
#: serverguide/C/virtualization.xml:2277(para)
7303
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
7304
"gigabyte persistent storage solution for EC2."
7307
#: serverguide/C/virtualization.xml:2282(para)
7309
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
7310
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
7311
"installation can have its own Storage Controller. This component is provided "
7312
"by the <application>eucalyptus-sc</application> package."
7315
#: serverguide/C/virtualization.xml:2289(para)
7317
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
7318
"solution, based on Eucalyptus."
7321
#: serverguide/C/virtualization.xml:2294(para)
7322
msgid "<emphasis>VM</emphasis> - Virtual Machine."
7325
#: serverguide/C/virtualization.xml:2299(para)
7327
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7328
"some modern CPUs, allowing for accelerated virtual machine hosting."
7331
#: serverguide/C/virtualization.xml:2304(para)
7333
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7334
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7335
"put/get abstractions."
7338
#: serverguide/C/vcs.xml:13(title)
7339
msgid "Version Control System"
7342
#: serverguide/C/vcs.xml:14(para)
7344
"Version control is the art of managing changes to information. It has long "
7345
"been a critical tool for programmers, who typically spend their time making "
7346
"small changes to software and then undoing those changes the next day. But "
7347
"the usefulness of version control software extends far beyond the bounds of "
7348
"the software development world. Anywhere you can find people using computers "
7349
"to manage information that changes often, there is room for version control."
7351
"版本控制是管理改动信息的技术。它对于程序员而言一直是重要的工具,他们经常花时间对程序进行小改动之后又在第二天改回来。但版本控制软件的用途却远远超出了软件开"
7352
"发的界线。无论何处您可以发现人们使用计算机去管理那些经常变动的信息,那里都有使用版本控制的空间。"
7354
#: serverguide/C/vcs.xml:17(title)
7358
#: serverguide/C/vcs.xml:18(para)
7360
"Bazaar is a new version control system sponsored by Canonical, the "
7361
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7362
"support a central repository model, Bazaar also supports "
7363
"<emphasis>distributed version control</emphasis>, giving people the ability "
7364
"to collaborate more efficiently. In particular, Bazaar is designed to "
7365
"maximize the level of community participation in open source projects."
7367
"Bazaar是由Canonical,发行Ubuntu的商业公司,发起的一种新的版本控制系统。不像Subversion和CVS只支持中心存储库模式,Baza"
7368
"ar还支持<emphasis>分布式版本控制</emphasis>,让人们能够有效地协作。尤其是,Bazaar的设计意图就是让社区能在开源项目上尽最大可能"
7371
#: serverguide/C/vcs.xml:29(para)
7373
"At a terminal prompt, enter the following command to install "
7374
"<application>bzr</application>: <screen>\n"
7375
"<command>sudo apt-get install bzr</command>\n"
7378
"在一个终端提示符下,输入以下命令来安装<application>bzr</application>:<screen><command>sudo apt-"
7379
"get install bzr</command>"
7381
#: serverguide/C/vcs.xml:40(para)
7383
"To introduce yourself to <application>bzr</application>, use the "
7384
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7385
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7388
"要将您自己介绍给<application>bzr</application>可以按如下方式使用<emphasis>whoami</emphasis>命令:"
7390
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7393
#: serverguide/C/vcs.xml:49(title)
7394
msgid "Learning Bazaar"
7397
#: serverguide/C/vcs.xml:50(para)
7399
"Bazaar comes with bundled documentation installed into "
7400
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7401
"is a good place to start. The <application>bzr</application> command also "
7402
"comes with built-in help: <screen>\n"
7403
"<command>$ bzr help</command>\n"
7406
"Bazaar配备有默认安装在<application>/usr/share/doc/bzr/html</application>的绑定文档. "
7407
"这份教程是一个开始学习的好地方. <application>bzr</application>命令同时也有内建帮助:\n"
7408
"<command>$ bzr help</command>\n"
7411
#: serverguide/C/vcs.xml:60(para)
7413
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7414
"<command>$ bzr help foo</command>\n"
7417
"了解更多关于<emphasis>foo</emphasis> 命令,请使用: <screen>\n"
7418
"<command>$ bzr help foo</command>\n"
7421
#: serverguide/C/vcs.xml:68(title)
7422
msgid "Launchpad Integration"
7423
msgstr "Launchpad 集成"
7425
#: serverguide/C/vcs.xml:69(para)
7427
"While highly useful as a stand-alone system, Bazaar has good, optional "
7428
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7429
"the collaborative development system used by Canonical and the broader open "
7430
"source community to manage and extend Ubuntu itself. For information on how "
7431
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7432
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7433
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7435
"相对于非常有用的独立系统,Bazaar与<ulink "
7436
"url=\"https://launchpad.net/\">Launchpad</ulink>有着良好的、可选的集成,Canonical与国外的开源社区"
7437
"使用合作开发系统来管理和扩展ubuntu。要得到有关怎样使用Bazaar和Launchpad来合作开发开源项目的信息,参见<ulink "
7438
"url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> http://bazaar-"
7439
"vcs.org/LaunchpadIntegration</ulink>。"
7441
#: serverguide/C/vcs.xml:81(title)
7445
#: serverguide/C/vcs.xml:82(para)
7447
"Subversion is an open source version control system. Using Subversion, you "
7448
"can record the history of source files and documents. It manages files and "
7449
"directories over time. A tree of files is placed into a central repository. "
7450
"The repository is much like an ordinary file server, except that it "
7451
"remembers every change ever made to files and directories."
7453
"Subversion 是一个开源的版本控制系统。使用 "
7454
"Subversion,您可以记录源文件和文档的历史。它管理文件和目录。文件树被放入了中心库中。库更象是一个普通的文件服务器,除了它可以记住对文件和目录的每"
7457
#: serverguide/C/vcs.xml:87(para)
7459
"To access Subversion repository using the HTTP protocol, you must install "
7460
"and configure a web server. Apache2 is proven to work with Subversion. "
7461
"Please refer to the HTTP subsection in the Apache2 section to install and "
7462
"configure Apache2. To access the Subversion repository using the HTTPS "
7463
"protocol, you must install and configure a digital certificate in your "
7464
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7465
"section to install and configure the digital certificate."
7467
"要通过 HTTP 协议来访问 Subversion 库,您必须安装和配置一个 web 服务器。Apache2 被证明可以和 Subversion "
7468
"一起工作。请参考 Apache2 章节的 HTTP 小节以安装和配置 Apache2。要使用 HTTPS 协议访问 Subversion "
7469
"库,您必须在您的 Apache2 web 服务器上安装和配置数字证书。请参考 Apache2 章节的 HTTPS 小节以安装和配置数据证书。"
7471
#: serverguide/C/vcs.xml:96(para)
7473
"To install Subversion, run the following command from a terminal prompt:"
7474
msgstr "要安装 Subversion,可以在终端提示符后运行以下命令:"
7476
#: serverguide/C/vcs.xml:101(command)
7477
msgid "sudo apt-get install subversion libapache2-svn"
7478
msgstr "sudo apt-get install subversion libapache2-svn"
7480
#: serverguide/C/vcs.xml:108(para)
7482
"This step assumes you have installed above mentioned packages on your "
7483
"system. This section explains how to create a Subversion repository and "
7484
"access the project."
7485
msgstr "这一步假定您已经在您的系统上安装了上面提及的包。本部分内容说明如何创建一个 Subversion 库和访问项目。"
7487
#: serverguide/C/vcs.xml:111(title)
7488
msgid "Create Subversion Repository"
7489
msgstr "创建 Subversion 库"
7491
#: serverguide/C/vcs.xml:112(para)
7493
"The Subversion repository can be created using the following command from a "
7495
msgstr "Subversion 库可以在终端提示符后使用以下命令创建:"
7497
#: serverguide/C/vcs.xml:116(command)
7498
msgid "svnadmin create /path/to/repos/project"
7499
msgstr "svnadmin create /path/to/repos/project"
7501
#: serverguide/C/vcs.xml:121(title)
7502
msgid "Importing Files"
7505
#: serverguide/C/vcs.xml:122(para)
7507
"Once you create the repository you can <emphasis>import</emphasis> files "
7508
"into the repository. To import a directory, enter the following from a "
7509
"terminal prompt: <screen>\n"
7510
"<command>svn import /path/to/import/directory "
7511
"file:///path/to/repos/project</command>\n"
7514
"创建库后,你可以将文件<emphasis>导入</emphasis>到库中. 要导入文件夹, 在终端命令行中输入下面命令\n"
7515
"<command>svn import /path/to/import/directory "
7516
"file:///path/to/repos/project</command>\n"
7519
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7520
msgid "Access Methods"
7523
#: serverguide/C/vcs.xml:135(para)
7525
"Subversion repositories can be accessed (checked out) through many different "
7526
"methods --on local disk, or through various network protocols. A repository "
7527
"location, however, is always a URL. The table describes how different URL "
7528
"schemes map to the available access methods."
7530
"版本库可以通过很多方式来存取(签出)--在本地磁盘,或者通过各种各样的网络协议。然而一个库的位置始终是个URL。表里描述了不同存取方法下的不同URL样子。"
7532
#: serverguide/C/vcs.xml:146(para)
7536
#: serverguide/C/vcs.xml:147(para)
7537
msgid "Access Method"
7540
#: serverguide/C/vcs.xml:152(para)
7544
#: serverguide/C/vcs.xml:153(para)
7545
msgid "direct repository access (on local disk)"
7546
msgstr "直接访问库 (在本地磁盘)"
7548
#: serverguide/C/vcs.xml:156(para)
7552
#: serverguide/C/vcs.xml:157(para)
7553
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7554
msgstr "通过 WebDAV 协议访问带有 Subversion 的 Apache2 web 服务器。"
7556
#: serverguide/C/vcs.xml:160(para)
7560
#: serverguide/C/vcs.xml:161(para)
7561
msgid "Same as http://, but with SSL encryption"
7562
msgstr "与 http:// 相同,但有 SSL 加密"
7564
#: serverguide/C/vcs.xml:164(para)
7568
#: serverguide/C/vcs.xml:165(para)
7569
msgid "Access via custom protocol to an svnserve server"
7570
msgstr "通过自身协议访问 svnserve 服务"
7572
#: serverguide/C/vcs.xml:168(para)
7576
#: serverguide/C/vcs.xml:169(para)
7577
msgid "Same as svn://, but through an SSH tunnel"
7578
msgstr "与 svn:// 一样,但使用 SSH 遂道"
7580
#: serverguide/C/vcs.xml:175(para)
7582
"In this section, we will see how to configure Subversion for all these "
7583
"access methods. Here, we cover the basics. For more advanced usage details, "
7584
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7586
"在本部分,我们将看到如何为所有这些访问方式来配置 Subversion。这里,我们只介绍基本用法。更多详细、高级用法请参阅<ulink "
7587
"url=\"http://svnbook.red-bean.com/\">svn 书</ulink>"
7589
#: serverguide/C/vcs.xml:182(title)
7590
msgid "Direct repository access (file://)"
7591
msgstr "直接访问库 (file://)"
7593
#: serverguide/C/vcs.xml:183(para)
7595
"This is the simplest of all access methods. It does not require any "
7596
"Subversion server process to be running. This access method is used to "
7597
"access Subversion from the same machine. The syntax of the command, entered "
7598
"at a terminal prompt, is as follows:"
7600
"这是所有访问方式中最简单的。它不要求运行任何 Subversion 服务器进程。该访问方式用于在同一台机器上访问 "
7601
"Subversion。在终端提示符后输入的命令如下所示:"
7603
#: serverguide/C/vcs.xml:190(command)
7604
msgid "svn co file:///path/to/repos/project"
7605
msgstr "svn co file:///path/to/repos/project"
7607
#: serverguide/C/vcs.xml:193(para)
7611
#: serverguide/C/vcs.xml:196(command)
7612
msgid "svn co file://localhost/path/to/repos/project"
7613
msgstr "svn co file://localhost/path/to/repos/project"
7615
#: serverguide/C/vcs.xml:200(para)
7617
"If you do not specify the hostname, there are three forward slashes (///) -- "
7618
"two for the protocol (file, in this case) plus the leading slash in the "
7619
"path. If you specify the hostname, you must use two forward slashes (//)."
7621
"如果您没有指定主机名,则需要三个斜杠 (///) -- 其中两个是协议的 (这里是 "
7622
"file),另一个是路径前的。如果您指定了主机名,那么您必须使用双个斜杠 (//)。"
7624
#: serverguide/C/vcs.xml:202(para)
7626
"The repository permissions depend on filesystem permissions. If the user has "
7627
"read/write permission, he can checkout from and commit to the repository."
7628
msgstr "库权限依赖于文件系统的权限。如果用户有读/写权限,他可以从库中检出或者提交到库。"
7630
#: serverguide/C/vcs.xml:205(title)
7631
msgid "Access via WebDAV protocol (http://)"
7632
msgstr "通过 WebDAV 协议 (http://) 访问"
7634
#: serverguide/C/vcs.xml:206(para)
7636
"To access the Subversion repository via WebDAV protocol, you must configure "
7637
"your Apache 2 web server. Add the following snippet between the "
7638
"<emphasis><VirtualHost></emphasis> and "
7639
"<emphasis></VirtualHost></emphasis> elements in "
7640
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7644
#: serverguide/C/vcs.xml:212(programlisting)
7648
" <Location /svn>\n"
7650
" SVNPath /home/svn\n"
7652
" AuthName \"Your repository name\"\n"
7653
" AuthUserFile /etc/subversion/passwd\n"
7654
" Require valid-user\n"
7655
" </Location> \n"
7658
#: serverguide/C/vcs.xml:223(para)
7660
"The above configuration snippet assumes that Subversion repositories are "
7661
"created under <filename>/home/svn/</filename> directory using "
7662
"<command>svnadmin</command> command. They can be accessible using "
7663
"<command>http://hostname/svn/repos_name</command> url."
7666
#: serverguide/C/vcs.xml:229(para)
7668
"To import or commit files to your Subversion repository over HTTP, the "
7669
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7670
"HTTP user is <command>www-data</command>. To change the ownership of the "
7671
"repository files enter the following command from terminal prompt:"
7673
"要通过HTTP导出或提交你的版本库,库必须由HTTP用户拥有。 在UBUNTU系统里,通常HTTP用户就是<command>www-"
7674
"data</command>。 要修改库文件的所有者,可以从终端命令提示符下输入以下命令:"
7676
#: serverguide/C/vcs.xml:238(command)
7677
msgid "sudo chown -R www-data:www-data /path/to/repos"
7678
msgstr "sudo chown -R www-data:www-data /path/to/repos"
7680
#: serverguide/C/vcs.xml:241(para)
7682
"By changing the ownership of repository as <command>www-data</command> you "
7683
"will not be able to import or commit files into the repository by running "
7684
"<command>svn import file:///</command> command as any user other than "
7685
"<command>www-data</command>."
7687
"将版本库的所有者修改为<command>www-data</command>后,你不能用除<command>www-"
7688
"data</command>以外的用户运行<command>svn import file:///</command>命令来导出或提交文件。"
7690
#: serverguide/C/vcs.xml:250(para)
7692
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7693
"that will contain user authentication details. To create a file issue the "
7694
"following command at a command prompt (which will create the file and add "
7697
"然后, 你必须创建文件<filename>/etc/subversion/passwd</filename>来存放用户验证的详细信息. "
7700
#: serverguide/C/vcs.xml:256(command)
7701
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7702
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
7704
#: serverguide/C/vcs.xml:259(para)
7706
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7707
"option replaces the old file. Instead use this form:"
7709
"添加附加的用户时请省略<emphasis>\"-c\"</emphasis>选项,因为这个选项将用来替换旧的文件。应该使用这个形式来代替:"
7711
#: serverguide/C/vcs.xml:264(command)
7712
msgid "sudo htpasswd /etc/subversion/password user_name"
7713
msgstr "sudo htpasswd /etc/subversion/password user_name"
7715
#: serverguide/C/vcs.xml:268(para)
7717
"This command will prompt you to enter the password. Once you enter the "
7718
"password, the user is added. Now, to access the repository you can run the "
7719
"following command:"
7720
msgstr "该命令将提示您输入密码。一旦您输入密码。该用户将被添加。现在您可以运行下列命令来访问库:"
7722
#: serverguide/C/vcs.xml:269(command)
7723
msgid "svn co http://servername/svn"
7724
msgstr "svn co http://servername/svn"
7726
#: serverguide/C/vcs.xml:271(para)
7728
"The password is transmitted as plain text. If you are worried about password "
7729
"snooping, you are advised to use SSL encryption. For details, please refer "
7731
msgstr "该密码是以纯文本传输的。如果您担心密码被截取,建议您使用 SSL 加密。相关细节,请参考下一章节。"
7733
#: serverguide/C/vcs.xml:277(title)
7734
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7735
msgstr "通过带有 SSL 加密的 WebDAV 协议来访问 (https://)"
7737
#: serverguide/C/vcs.xml:278(para)
7739
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7740
"(https://) is similar to http:// except that you must install and configure "
7741
"the digital certificate in your Apache2 web server. To use SSL with "
7742
"Subversion add the above Apache2 configuration to "
7743
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7744
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7745
"configuration\"/>."
7747
"使用带有SSL加密的(https://)WebDAV协议访问Subversion仓库跟 http://... "
7748
"的方式相似,除了你必须在你的Apache2中安装配置数字证书。 你可以向<filename>/etc/apache2/sites-"
7749
"available/default-"
7750
"ssl</filename>文件添加以上Apache2配置来使用带有SSL的Subversion。关于配置Apache2 SSL的更多信息请看<xref "
7751
"linkend=\"https-configuration\"/>。"
7753
#: serverguide/C/vcs.xml:287(para)
7755
"You can install a digital certificate issued by a signing authority. "
7756
"Alternatively, you can install your own self-signed certificate."
7757
msgstr "您可以安装一个权威机构发行的数字证书。当然,您也可以安装一个自定义的证书。"
7759
#: serverguide/C/vcs.xml:292(para)
7761
"This step assumes you have installed and configured a digital certificate in "
7762
"your Apache 2 web server. Now, to access the Subversion repository, please "
7763
"refer to the above section! The access methods are exactly the same, except "
7764
"the protocol. You must use https:// to access the Subversion repository."
7766
"这一步假设您已经在您的 Apache2 web 服务器中安装和配置了数字证书。现在要访问 Subversion "
7767
"库,请参考上一章节!除了所用协议之外访问方式完全相同。您必须使用 https:// 来访问 Subversion 库。"
7769
#: serverguide/C/vcs.xml:302(title)
7770
msgid "Access via custom protocol (svn://)"
7771
msgstr "通过自身协议访问 (svn://)"
7773
#: serverguide/C/vcs.xml:303(para)
7775
"Once the Subversion repository is created, you can configure the access "
7776
"control. You can edit the <filename> "
7777
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7778
"access control. For example, to set up authentication, you can uncomment the "
7779
"following lines in the configuration file:"
7781
"一旦 Subversion 库被创建,您就可以配置访问控制了。您可以通过编辑 <filename> "
7782
"/path/to/repos/project/conf/svnserve.conf</filename> "
7783
"文件来配置访问控制了。例如,要设置认证,您可以在配置文件中反注释下列行:"
7785
#: serverguide/C/vcs.xml:310(programlisting)
7789
"# password-db = passwd"
7792
"# password-db = passwd"
7794
#: serverguide/C/vcs.xml:313(para)
7796
"After uncommenting the above lines, you can maintain the user list in the "
7797
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7798
"directory and add the new user. The syntax is as follows:"
7800
"在反注释上面几行之后,您可以在 passwd 文件中维护用户列表。因此编辑同一目录中的文件 <filename>passwd "
7801
"</filename>并添加新用户。其语法如下:"
7803
#: serverguide/C/vcs.xml:319(programlisting)
7805
msgid "username = password"
7806
msgstr "username = password"
7808
#: serverguide/C/vcs.xml:320(para)
7809
msgid "For more details, please refer to the file."
7810
msgstr "更多细节,请参考该文件。"
7812
#: serverguide/C/vcs.xml:324(para)
7814
"Now, to access Subversion via the svn:// custom protocol, either from the "
7815
"same machine or a different machine, you can run svnserver using svnserve "
7816
"command. The syntax is as follows:"
7818
"现在要从本机或不同机器通过 svn:// 自身协议来访问 Subversion,您可以使用 svnserve 命令来运行 svnserver。其语法如下:"
7820
#: serverguide/C/vcs.xml:329(programlisting)
7823
"$ svnserve -d --foreground -r /path/to/repos\n"
7824
"# -d -- daemon mode\n"
7825
"# --foreground -- run in foreground (useful for debugging)\n"
7826
"# -r -- root of directory to serve\n"
7828
"For more usage details, please refer to:\n"
7831
"$ svnserve -d --foreground -r /path/to/repos\n"
7832
"# -d -- daemon mode\n"
7833
"# --foreground -- run in foreground (useful for debugging)\n"
7834
"# -r -- root of directory to serve\n"
7836
"For more usage details, please refer to:\n"
7839
#: serverguide/C/vcs.xml:337(para)
7841
"Once you run this command, Subversion starts listening on default port "
7842
"(3690). To access the project repository, you must run the following command "
7843
"from a terminal prompt:"
7844
msgstr "一旦您运行该命令,将启动 Subversion 并在缺省端口 (3690) 监听。要访问项目库,您必须在终端提示符后运行下列命令:"
7846
#: serverguide/C/vcs.xml:340(command)
7847
msgid "svn co svn://hostname/project project --username user_name"
7848
msgstr "svn co svn://hostname/project project --username user_name"
7850
#: serverguide/C/vcs.xml:343(para)
7852
"Based on server configuration, it prompts for password. Once you are "
7853
"authenticated, it checks out the code from Subversion repository. To "
7854
"synchronize the project repository with the local copy, you can run the "
7855
"<command>update</command> sub-command. The syntax of the command, entered at "
7856
"a terminal prompt, is as follows:"
7858
"根据服务器的配置,出现密码提示。一旦您认证通过,将从 Subversion 库检出代码。要让本地副本同步项目库,您可以运行 "
7859
"<command>update</command> 子命令。在终端提示符后的命令语法如下所示:"
7861
#: serverguide/C/vcs.xml:351(command)
7862
msgid "cd project_dir ; svn update"
7863
msgstr "cd project_dir ; svn update"
7865
#: serverguide/C/vcs.xml:354(para)
7867
"For more details about using each Subversion sub-command, you can refer to "
7868
"the manual. For example, to learn more about the co (checkout) command, "
7869
"please run the following command from a terminal prompt:"
7871
"关于 Subversion 子命令的更多细节,您可以参考手册。如为了学到关于 co (checkout) 命令的细节,请在终端提示符后运行下列命令:"
7873
#: serverguide/C/vcs.xml:358(command)
7875
msgstr "svn co help"
7877
#: serverguide/C/vcs.xml:362(title)
7878
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7879
msgstr "通过带有 SSL 加密的自身协议 (svn+ssh://) 访问"
7881
#: serverguide/C/vcs.xml:363(para)
7883
"The configuration and server process is same as in the svn:// method. For "
7884
"details, please refer to the above section. This step assumes you have "
7885
"followed the above step and started the Subversion server using "
7886
"<application>svnserve</application> command."
7888
"配置和服务器处理与用 svn:// 方式是相同的。详情请参考上面的章节。这一步假定您已经完成了上面的步骤并用 "
7889
"<application>svnserve</application> 命令启动了 Subversion 服务器。"
7891
#: serverguide/C/vcs.xml:369(para)
7893
"It is also assumed that the ssh server is running on that machine and that "
7894
"it is allowing incoming connections. To confirm, please try to login to that "
7895
"machine using ssh. If you can login, everything is perfect. If you cannot "
7896
"login, please address it before continuing further."
7898
"它也假定 ssh 服务器已经在该机上运行并允许连接。为了确认,请尝试使用 ssh 登录该机器。如果您可以登录,一切就绪。如果不能登录,请在继续之前解决它。"
7900
#: serverguide/C/vcs.xml:375(para)
7902
"The svn+ssh:// protocol is used to access the Subversion repository using "
7903
"SSL encryption. The data transfer is encrypted using this method. To access "
7904
"the project repository (for example with a checkout), you must use the "
7905
"following command syntax:"
7907
"svn+ssh:// 协议使用 SSL 加密来访问 Subversion 库。使用这种方式进行的数据传输是加密的。要访问项目库 (如 "
7908
"checkout),您必须使用下面的命令语法:"
7910
#: serverguide/C/vcs.xml:382(command)
7911
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7912
msgstr "svn co svn+ssh://hostname/var/svn/repos/project"
7914
#: serverguide/C/vcs.xml:386(para)
7916
"You must use the full path (/path/to/repos/project) to access the Subversion "
7917
"repository using this access method."
7918
msgstr "使用这种访问方式您必须使用全路径 (/path/to/repos/project) 来访问 Subversion 库。"
7920
#: serverguide/C/vcs.xml:389(para)
7922
"Based on server configuration, it prompts for password. You must enter the "
7923
"password you use to login via ssh. Once you are authenticated, it checks out "
7924
"the code from the Subversion repository."
7926
"根据服务器配置,它将提示输入密码。在使用 ssh 登录时您必须输入密码。一旦您被认证通过之后,它将从 Subversion 库中检出代码。"
7928
#: serverguide/C/vcs.xml:399(title)
7932
#: serverguide/C/vcs.xml:400(para)
7934
"CVS is a version control system. You can use it to record the history of "
7936
msgstr "CVS 是一个版本控制系统。您可以使用它来记录源文件的历史。"
7938
#: serverguide/C/vcs.xml:406(para)
7940
"To install <application>CVS</application>, run the following command from a "
7941
"terminal prompt: <screen>\n"
7942
"<command>sudo apt-get install cvs</command>\n"
7943
"</screen> After you install <application>cvs</application>, you should "
7944
"install <application>xinetd</application> to start/stop the cvs server. At "
7945
"the prompt, enter the following command to install "
7946
"<application>xinetd</application>: <screen>\n"
7947
"<command>sudo apt-get install xinetd</command>\n"
7950
"安装<application>CVS</application>,从终端提示上运行以下命令:<screen>\n"
7951
"<command>sudo apt-get install cvs</command>\n"
7953
"<application>cvs</application>完毕后,应该安装<application>xinetd</application>来启动/停止"
7954
" cvs 服务器。在提示符上,键入以下命令来安装<application>xinetd</application>: <screen>\n"
7955
"<command>sudo apt-get install xinetd</command>\n"
7958
#: serverguide/C/vcs.xml:439(programlisting)
7962
"service cvspserver\n"
7965
" socket_type = stream\n"
7969
" type = UNLISTED\n"
7970
" server = /usr/bin/cvs\n"
7971
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7976
"service cvspserver\n"
7979
" socket_type = stream\n"
7983
" type = UNLISTED\n"
7984
" server = /usr/bin/cvs\n"
7985
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7989
#: serverguide/C/vcs.xml:455(para)
7991
"Be sure to edit the repository if you have changed the default repository "
7992
"(<application>/var/lib/cvs</application>) directory."
7993
msgstr "如果你改变缺省的库目录 (<application>/var/lib/cvs</application>) 那么您必须要编辑库。"
7995
#: serverguide/C/vcs.xml:424(para)
7997
"Once you install cvs, the repository will be automatically initialized. By "
7998
"default, the repository resides under the "
7999
"<application>/var/lib/cvs</application> directory. You can change this path "
8000
"by running following command: <screen>\n"
8001
"<command>cvs -d /your/new/cvs/repo init</command>\n"
8002
"</screen> Once the initial repository is set up, you can configure "
8003
"<application>xinetd</application> to start the CVS server. You can copy the "
8004
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
8005
"<placeholder-1/><placeholder-2/> Once you have configured "
8006
"<application>xinetd</application> you can start the cvs server by running "
8007
"following command: <screen>\n"
8008
"<command>sudo /etc/init.d/xinetd restart</command>\n"
8011
"一旦你安装了CVS,库就会自动初始化. 默认情况下, 库在<application>/var/lib/cvs</application>目录下. "
8012
"你可以通过下面的命令来修改路径.<screen>\n"
8013
"<command>cvs -d /your/new/cvs/repo init</command>\n"
8014
"</screen>当初始化结束后,就可以配置<application>xinetd</application>来启动CVS服务器. "
8015
"你可以把下面的命令复制到文件<filename> /etc/xinetd.d/cvspserver</filename>中. <placeholder-"
8016
"1/><placeholder-2/> 配置好<application>xinetd</application>后,运行下面的命令来启动CVS服务器: "
8018
"<command>sudo /etc/init.d/xinetd restart</command>\n"
8021
#: serverguide/C/vcs.xml:468(para)
8023
"You can confirm that the CVS server is running by issuing the following "
8025
msgstr "您可以执行以下命令来确定 CVS 服务器正在运行:"
8027
#: serverguide/C/vcs.xml:475(command)
8028
msgid "sudo netstat -tap | grep cvs"
8029
msgstr "sudo netstat -tap | grep cvs"
8031
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
8033
"When you run this command, you should see the following line or something "
8035
msgstr "当您运行该命令时,您可以看到类似下面的行:"
8037
#: serverguide/C/vcs.xml:484(programlisting)
8041
"tcp 0 0 *:cvspserver *:* LISTEN \n"
8044
"tcp 0 0 *:cvspserver *:* LISTEN \n"
8046
#: serverguide/C/vcs.xml:488(para)
8048
"From here you can continue to add users, add new projects, and manage the "
8050
msgstr "在这里您可以继续添加用户,添加新的项目以及管理 CVS 服务器"
8052
#: serverguide/C/vcs.xml:493(para)
8054
"CVS allows the user to add users independently of the underlying OS "
8055
"installation. Probably the easiest way is to use the Linux Users for CVS, "
8056
"although it has potential security issues. Please refer to the CVS manual "
8059
"CVS 允许用户添加独立于 OS 安装的用户。也许最容易的方式就是让 CVS 使用 Linux 的用户,虽然它有潜在的安全隐患。详细请参考 CVS 手册。"
8061
#: serverguide/C/vcs.xml:503(title)
8062
msgid "Add Projects"
8065
#: serverguide/C/vcs.xml:515(para)
8067
"You can use the CVSROOT environment variable to store the CVS root "
8068
"directory. Once you export the CVSROOT environment variable, you can avoid "
8069
"using -d option in the above cvs command."
8070
msgstr "你可以使用CVSROOT环境变量来储存CVS的根目录。你输出CVSROOT环境变量后,在上面的命令里就可以不使用-d这个选项。"
8072
#: serverguide/C/vcs.xml:527(para)
8074
"When you add a new project, the CVS user you use must have write access to "
8075
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
8076
"the <application>src</application> group has write access to the CVS "
8077
"repository. So, you can add the user to this group, and he can then add and "
8078
"manage projects in the CVS repository."
8080
"当您新添项目时,您所用的 CVS 用户必须对 CVS 库 (<application>/var/lib/cvs</application>) "
8081
"有写权限。缺省状态下,<application>src</application> 组有对 CVS "
8082
"库的写权限,因此,您可以添加用户到该组,然后就该用户就可以在 CVS 库中添加和管理项目了。"
8084
#: serverguide/C/vcs.xml:504(para)
8086
"This section explains how to add new project to the CVS repository. Create "
8087
"the directory and add necessary document and source files to the directory. "
8088
"Now, run the following command to add this project to CVS repository: "
8090
"<command>cd your/project</command>\n"
8091
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
8092
"\"Importing my project to CVS repository\" . new_project start</command>\n"
8093
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
8094
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
8095
"purpose in this context, but since CVS requires them, they must be present. "
8098
"这部分介绍如何在CVS版本库里增加新项目。创建一个文件夹,放入必需的文档和源文件。然后运行以下命令来把此项目加入到CVS版本库中:<screen>\n"
8099
"<command>cd your/project</command>\n"
8100
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
8101
"\"Importing my project to CVS repository\" . new_project start</command>\n"
8102
"</screen><placeholder-1/> 字符串 <emphasis>new_project</emphasis>是计算机销售商的标签,然后 "
8103
"<emphasis>start</emphasis> 是一个发行版标签。 "
8104
"它们在这里并没有什么用,但是因为CVS需要它们,所以这里必须出现。<placeholder-2/>"
8106
#: serverguide/C/vcs.xml:540(ulink)
8107
msgid "Bazaar Home Page"
8110
#: serverguide/C/vcs.xml:541(ulink)
8114
#: serverguide/C/vcs.xml:542(ulink)
8115
msgid "Subversion Home Page"
8116
msgstr "Subversion 主页"
8118
#: serverguide/C/vcs.xml:543(ulink)
8119
msgid "Subversion Book"
8120
msgstr "Subversion 书 (使用Subversion进行版本控制)"
8122
#: serverguide/C/vcs.xml:545(ulink)
8126
#: serverguide/C/vcs.xml:546(ulink)
8127
msgid "Easy Bazaar Ubuntu Wiki page"
8130
#: serverguide/C/vcs.xml:547(ulink)
8131
msgid "Ubuntu Wiki Subversion page"
8134
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
8135
msgid "Credits and License"
8138
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
8140
"This document is maintained by the Ubuntu documentation team "
8141
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
8142
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
8144
"本文档由Ubuntu文档团队(https://wiki.ubuntu.com/DocumentationTeam)维护。贡献者名单详见<ulink "
8145
"url=\"../../libs/C/contributors.xml\">贡献者页面</ulink>"
8147
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
8149
"This document is made available under the Creative Commons ShareAlike 2.5 "
8150
"License (CC-BY-SA)."
8151
msgstr "本文档在 Creative Commons ShareAlike 2.5 授权许可 (CC-BY-SA) 的条款下发布。"
8153
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
8155
"You are free to modify, extend, and improve the Ubuntu documentation source "
8156
"code under the terms of this license. All derivative works must be released "
8157
"under this license."
8158
msgstr "您可以在该许可的条款下自由地修改、扩展,以及改进本 Ubuntu 文档的源码。所有的衍生作品必须在本许可下发布。"
8160
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
8162
"This documentation is distributed in the hope that it will be useful, but "
8163
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
8164
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
8165
msgstr "本文档发布的目的是期望它有所用途,但不提供任何担保;对免责声明里提及的适销性和用于某一特定目的适用性,也不承担任何默示的担保。"
8167
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
8169
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
8170
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
8172
"该授权许可的副本可以在这里找到:<ulink url=\"/usr/share/ubuntu-"
8173
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>。"
8175
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
8179
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
8180
msgid "Ubuntu Documentation Project"
8181
msgstr "Ubuntu 文档项目"
8183
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
8184
msgid "Canonical Ltd. and members of the <placeholder-1/>"
8185
msgstr "Canonical公司和<placeholder-1/>的成员"
8187
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
8188
msgid "The Ubuntu Documentation Project"
8189
msgstr "Ubuntu 文档项目"
8191
#: serverguide/C/serverguide.xml:17(para)
8193
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
8194
"information on how to install and configure various server applications on "
8195
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
8196
"guide for configuring and customizing your system."
8198
"欢迎来到 <emphasis>Ubuntu 服务器指南</emphasis>!本指南中的信息包括如何在您的 Ubuntu "
8199
"系统中安装和配置各种服务器应用程序来满足您的需求。这是一个配置和自定义您的系统的循序渐进、面向任务的指南。"
8201
#: serverguide/C/security.xml:13(title)
8205
#: serverguide/C/security.xml:14(para)
8207
"Security should always be considered when installing, deploying, and using "
8208
"any type of computer system. Although a fresh installation of Ubuntu is "
8209
"relatively safe for immediate use on the Internet, it is important to have a "
8210
"balanced understanding of your systems security posture based on how it will "
8211
"be used after deployment."
8213
"安全问题在任何类型的计算机系统的安装,发布和使用过程都需要考虑的。虽然一个全新安装的Ubuntu系统在互联网上直接使用相对而言是安全的,对于系统发布后怎么"
8214
"处理系统安全的问题有个全面的了解还是很重要的。"
8216
#: serverguide/C/security.xml:17(para)
8218
"This chapter provides an overview of security related topics as they pertain "
8219
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
8220
"protect your server and network from any number of potential security "
8224
#: serverguide/C/security.xml:21(title)
8225
msgid "User Management"
8228
#: serverguide/C/security.xml:22(para)
8230
"User management is a critical part of maintaining a secure system. "
8231
"Ineffective user and privilege management often lead many systems into being "
8232
"compromised. Therefore, it is important that you understand how you can "
8233
"protect your server through simple and effective user account management "
8236
"用户管理是维护一个安全的系统中至关重要一个环节。在用户和权限管理方面跟不上步伐常常会导致其系统处在危险之中。因此,对于理解如何通过简单面有效的用户管理技术"
8239
#: serverguide/C/security.xml:26(title)
8240
msgid "Where is root?"
8243
#: serverguide/C/security.xml:27(para)
8245
"Ubuntu developers made a conscientious decision to disable the "
8246
"administrative root account by default in all Ubuntu installations. This "
8247
"does not mean that the root account has been deleted or that it may not be "
8248
"accessed. It merely has been given a password which matches no possible "
8249
"encrypted value, therefore may not log in directly by itself."
8251
"Ubuntu的开发者们作出了一个出于真诚的决定,即在默认的Ubuntu安装中禁止root用户。这并不意味着root用户被删除了或者您的系统无法被管理了。r"
8252
"oot用户被赋予了一个没有实际口令与之对应的加密口令,因为设定之后Ubuntu并没有将那个随机口令记录下来。"
8254
#: serverguide/C/security.xml:30(para)
8256
"Instead, users are encouraged to make use of a tool by the name of "
8257
"<application>sudo</application> to carry out system administrative duties. "
8258
"<application>Sudo</application> allows an authorized user to temporarily "
8259
"elevate their privileges using their own password instead of having to know "
8260
"the password belonging to the root account. This simple yet effective "
8261
"methodology provides accountability for all user actions, and gives the "
8262
"administrator granular control over which actions a user can perform with "
8265
"相反地,我们鼓励用户使用一个名为<application>sudo</application>的恒许来完成系统管理任务。<application>Sudo"
8266
"</application>允许用户使用自己设定的密码来管理而不需要root用户的密码。这个特性使得对各个雍和的各种权限的管理可以细化,并且将系统管理的部"
8269
#: serverguide/C/security.xml:35(para)
8271
"If for some reason you wish to enable the root account, simply give it a "
8273
msgstr "如果出于某些原因想启用root帐户,只要为它设置一个密码就可以了:"
8275
#: serverguide/C/security.xml:39(command)
8277
msgstr "sudo passwd"
8279
#: serverguide/C/security.xml:41(para)
8281
"Sudo will prompt you for your password, and then ask you to supply a new "
8282
"password for root as shown below:"
8283
msgstr "Sudo会让你输入你的密码,接着会让你为root设置新密码:"
8285
#: serverguide/C/security.xml:44(userinput)
8287
msgid "(enter your own password)"
8290
#: serverguide/C/security.xml:45(userinput)
8292
msgid "(enter a new password for root)"
8293
msgstr "(为 root 输入一个新密码)"
8295
#: serverguide/C/security.xml:46(userinput)
8297
msgid "(repeat new password for root)"
8298
msgstr "(重复为 root 输入一个新密码)"
8300
#: serverguide/C/security.xml:44(computeroutput)
8303
"[sudo] password for username: <placeholder-1/>\n"
8304
"Enter new UNIX password: <placeholder-2/>\n"
8305
"Retype new UNIX password: <placeholder-3/>\n"
8306
"passwd: password updated successfully"
8308
"[sudo]用户名的密码:<placeholder-1/>\n"
8309
"输入新的UNIX密码:<placeholder-2/>\n"
8310
"确认输入新的UNIX密码:<placeholder-3/>\n"
8313
#: serverguide/C/security.xml:51(para)
8314
msgid "To disable the root account, use the following passwd syntax:"
8315
msgstr "要禁用根用户,使用下面这个passwd命令:"
8317
#: serverguide/C/security.xml:55(command)
8318
msgid "sudo passwd -l root"
8319
msgstr "sudo passwd -l root"
8321
#: serverguide/C/security.xml:59(para)
8323
"You should read more on <application>Sudo</application> by checking out it's "
8325
msgstr "你应该到<application>Sudo</application>的man帮助信息里阅读更多有关信息:"
8327
#: serverguide/C/security.xml:63(command)
8331
#: serverguide/C/security.xml:67(para)
8333
"By default, the initial user created by the Ubuntu installer is a member of "
8334
"the group \"admin\" which is added to the file "
8335
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
8336
"give any other account full root access through "
8337
"<application>sudo</application>, simply add them to the admin group."
8339
"一般地,Ubuntu安装程序会把admin组的用户加入到<filename>/etc/sudoers</filename>使其成为授权的sudo用户。如果"
8340
"您需要允许其他用户使用sudo来获取root的特权,最简单的办法就是将他加入admin组。"
8342
#: serverguide/C/security.xml:73(title)
8343
msgid "Adding and Deleting Users"
8346
#: serverguide/C/security.xml:74(para)
8348
"The process for managing local users and groups is straight forward and "
8349
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
8350
"other Debian based distributions, encourage the use of the \"adduser\" "
8351
"package for account management."
8353
"管理本地用户和组的过程是很直接的,对于大多数其他GNU/Linux操作系统而言差异很小。Ubuntu和其他基于Debian的发行版,都鼓励使用\"addu"
8356
#: serverguide/C/security.xml:79(para)
8358
"To add a user account, use the following syntax, and follow the prompts to "
8359
"give the account a password and identifiable characteristics such as a full "
8360
"name, phone number, etc."
8361
msgstr "如需添加帐户,请使用下述语句,并根据提示给帐户设置密码以及可识别的特征(如全名,电话等)。"
8363
#: serverguide/C/security.xml:83(command)
8364
msgid "sudo adduser username"
8365
msgstr "sudo adduser username"
8367
#: serverguide/C/security.xml:87(para)
8369
"To delete a user account and its primary group, use the following syntax:"
8370
msgstr "要删除一个用户及其主要组别,使用如下命令:"
8372
#: serverguide/C/security.xml:91(command)
8373
msgid "sudo deluser username"
8374
msgstr "sudo deluser username"
8376
#: serverguide/C/security.xml:93(para)
8378
"Deleting an account does not remove their respective home folder. It is up "
8379
"to you whether or not you wish to delete the folder manually or keep it "
8380
"according to your desired retention policies."
8381
msgstr "删除一个帐号并不会同时删除其相应的home文件夹。要你自己决定性是手动把它删掉还是根据你的保留政策而将其留下来。"
8383
#: serverguide/C/security.xml:96(para)
8385
"Remember, any user added later on with the same UID/GID as the previous "
8386
"owner will now have access to this folder if you have not taken the "
8387
"necessary precautions."
8388
msgstr "请记住,如果不采取预防措施,将来添加的任何与以前拥有者相同UID/GID的用户都能够进入到此文件夹。"
8390
#: serverguide/C/security.xml:99(para)
8392
"You may want to change these UID/GID values to something more appropriate, "
8393
"such as the root account, and perhaps even relocate the folder to avoid "
8395
msgstr "你可以将这些UID/GID改成比较合适的值,如根帐户,或许将文件夹也移至新位置以避免将来发生的冲突。"
8397
#: serverguide/C/security.xml:103(command)
8398
msgid "sudo chown -R root:root /home/username/"
8399
msgstr "sudo chown -R root:root /home/username/"
8401
#: serverguide/C/security.xml:104(command)
8402
msgid "sudo mkdir /home/archived_users/"
8403
msgstr "sudo mkdir /home/archived_users/"
8405
#: serverguide/C/security.xml:105(command)
8406
msgid "sudo mv /home/username /home/archived_users/"
8407
msgstr "sudo mv /home/username /home/archived_users/"
8409
#: serverguide/C/security.xml:109(para)
8411
"To temporarily lock or unlock a user account, use the following syntax, "
8413
msgstr "要暂时锁住或解锁一个用户帐户,请相应地使用如下命令语句:"
8415
#: serverguide/C/security.xml:113(command)
8416
msgid "sudo passwd -l username"
8417
msgstr "sudo passwd -l 用户名"
8419
#: serverguide/C/security.xml:114(command)
8420
msgid "sudo passwd -u username"
8421
msgstr "sudo passwd -u 用户名"
8423
#: serverguide/C/security.xml:118(para)
8425
"To add or delete a personalized group, use the following syntax, "
8427
msgstr "要添加或删除一个个性化组,请相应地使用如下命令语句:"
8429
#: serverguide/C/security.xml:122(command)
8430
msgid "sudo addgroup groupname"
8431
msgstr "sudo addgroup groupname"
8433
#: serverguide/C/security.xml:123(command)
8434
msgid "sudo delgroup groupname"
8435
msgstr "sudo delgroup 组名称"
8437
#: serverguide/C/security.xml:127(para)
8438
msgid "To add a user to a group, use the following syntax:"
8439
msgstr "要将一个用户加入到某个组,请使用如下命令语句:"
8441
#: serverguide/C/security.xml:131(command)
8442
msgid "sudo adduser username groupname"
8443
msgstr "sudo adduser username groupname"
8445
#: serverguide/C/security.xml:138(title)
8446
msgid "User Profile Security"
8449
#: serverguide/C/security.xml:139(para)
8451
"When a new user is created, the adduser utility creates a brand new home "
8452
"directory named <filename class=\"directory\">/home/username</filename>, "
8453
"respectively. The default profile is modeled after the contents found in the "
8454
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
8455
"includes all profile basics."
8457
"当新用户被创建时,adduser工具会为其相应地创建一个指向<filename "
8458
"class=\"directory\">/home/username</filename>的home目录。默认的资料是复制目录<filename "
8459
"class=\"directory\">/etc/skel</filename>中发现的内容,里面包含所有的基本信息。"
8461
#: serverguide/C/security.xml:142(para)
8463
"If your server will be home to multiple users, you should pay close "
8464
"attention to the user home directory permissions to ensure confidentiality. "
8465
"By default, user home directories in Ubuntu are created with world "
8466
"read/execute permissions. This means that all users can browse and access "
8467
"the contents of other users home directories. This may not be suitable for "
8470
"如果你的服务器是供多人使用,那你就应该注意一下用户主目录的权限问题,以保安全。默认情况下,Ubuntu用户的主目录在创建时是被赋予写/执行权限。这意味着所"
8471
"有的用户都能够进入并浏览到其他用户的主目录里的内容。这对你的现状可能并不适用。"
8473
#: serverguide/C/security.xml:147(para)
8475
"To verify your current users home directory permissions, use the following "
8477
msgstr "要查验你的当前用户home目录权限,请使用如下命令语句:"
8479
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8480
msgid "ls -ld /home/username"
8481
msgstr "ls -ld /home/username"
8483
#: serverguide/C/security.xml:153(para)
8485
"The following output shows that the directory <filename "
8486
"class=\"directory\">/home/username</filename> has world readable permissions:"
8488
"下列输出显示目录<filename class=\"directory\">/home/username</filename>拥有普遍读权限:"
8490
#: serverguide/C/security.xml:156(computeroutput)
8492
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8493
msgstr "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8495
#: serverguide/C/security.xml:160(para)
8497
"You can remove the world readable permissions using the following syntax:"
8498
msgstr "你可以使用如下命令语句移除普遍读权限:"
8500
#: serverguide/C/security.xml:164(command)
8501
msgid "sudo chmod 0750 /home/username"
8502
msgstr "sudo chmod 0750 /home/username"
8504
#: serverguide/C/security.xml:167(para)
8506
"Some people tend to use the recursive option (-R) indiscriminately which "
8507
"modifies all child folders and files, but this is not necessary, and may "
8508
"yield other undesirable results. The parent directory alone is sufficient "
8509
"for preventing unauthorized access to anything below the parent."
8511
"有些人喜欢不分青红皂白地对子文件夹和文件使用递归选项(-"
8512
"R),其实这并没有必要,有时甚至会产生不必要的麻烦。仅使用父目录会阻止任何对父目录下的非经授权的闯入。"
8514
#: serverguide/C/security.xml:171(para)
8516
"A much more efficient approach to the matter would be to modify the "
8517
"<application>adduser</application> global default permissions when creating "
8518
"user home folders. Simply edit the file "
8519
"<filename>/etc/adduser.conf</filename> and modify the "
8520
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8521
"new home directories will receive the correct permissions."
8523
"解决这件事一个更高效的方法是在创建一个新的用户主目录时修改<application>adduser</application>的公共默认权限。恰当地编辑<"
8524
"filename>/etc/adduser.conf</filename>文件和修改<varname>DIR_MODE</varname>变量,这样新用户"
8527
#: serverguide/C/security.xml:174(programlisting)
8536
#: serverguide/C/security.xml:179(para)
8538
"After correcting the directory permissions using any of the previously "
8539
"mentioned techniques, verify the results using the following syntax:"
8540
msgstr "在用了之前提到的技术更改过目录的权限后,使用如下命令语句来验证结果:"
8542
#: serverguide/C/security.xml:185(para)
8544
"The results below show that world readable permissions have been removed:"
8545
msgstr "结果显示普遍权限已被移除:"
8547
#: serverguide/C/security.xml:188(computeroutput)
8549
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8550
msgstr "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8552
#: serverguide/C/security.xml:195(title)
8553
msgid "Password Policy"
8556
#: serverguide/C/security.xml:196(para)
8558
"A strong password policy is one of the most important aspects of your "
8559
"security posture. Many successful security breaches involve simple brute "
8560
"force and dictionary attacks against weak passwords. If you intend to offer "
8561
"any form of remote access involving your local password system, make sure "
8562
"you adequately address minimum password complexity requirements, maximum "
8563
"password lifetimes, and frequent audits of your authentication systems."
8565
"在您的安全状态中一个强大的密码策略是其中一个最重要的方面。许多成功的安全漏洞涉及穷举和字典攻击弱密码。如果您打算提供任何形式的远程访问涉及您当地的密码系统"
8566
",确保您充分解决最低密码复杂性的要求,密码最长寿命,和频繁发生的审计您的系统验证。"
8568
#: serverguide/C/security.xml:200(title)
8569
msgid "Minimum Password Length"
8572
#: serverguide/C/security.xml:201(para)
8574
"By default, Ubuntu requires a minimum password length of 6 characters, as "
8575
"well as some basic entropy checks. These values are controlled in the file "
8576
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8579
#: serverguide/C/security.xml:204(programlisting)
8583
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
8586
#: serverguide/C/security.xml:207(para)
8588
"If you would like to adjust the minimum length to 8 characters, change the "
8589
"appropriate variable to min=8. The modification is outlined below."
8592
#: serverguide/C/security.xml:210(programlisting)
8596
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
8600
#: serverguide/C/security.xml:215(title)
8601
msgid "Password Expiration"
8604
#: serverguide/C/security.xml:216(para)
8606
"When creating user accounts, you should make it a policy to have a minimum "
8607
"and maximum password age forcing users to change their passwords when they "
8609
msgstr "当创建用户帐户时,你应该使用最短和最长密码期效来强迫用户在密码过期时改变他们的密码。"
8611
#: serverguide/C/security.xml:221(para)
8613
"To easily view the current status of a user account, use the following "
8615
msgstr "要简易地查看某用户的当前状态,使用如下命令语句:"
8617
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
8618
msgid "sudo chage -l username"
8619
msgstr "sudo chage -l username"
8621
#: serverguide/C/security.xml:227(para)
8623
"The output below shows interesting facts about the user account, namely that "
8624
"there are no policies applied:"
8625
msgstr "下面输出显示了有关这个用户帐户的有趣事实,即其未应用任何策略:"
8627
#: serverguide/C/security.xml:230(computeroutput)
8630
"Last password change : Jan 20, 2008\n"
8631
"Password expires : never\n"
8632
"Password inactive : never\n"
8633
"Account expires : never\n"
8634
"Minimum number of days between password change : 0\n"
8635
"Maximum number of days between password change : 99999\n"
8636
"Number of days of warning before password expires : 7"
8638
"上次密码改变日期 : 2008年1月20日\n"
8642
"两次密码改变这间最少天数 : 0\n"
8643
"两次密码改变这间最多天数 : 99999\n"
8646
#: serverguide/C/security.xml:240(para)
8648
"To set any of these values, simply use the following syntax, and follow the "
8649
"interactive prompts:"
8650
msgstr "要设置其中任何一个值,使用以下语法,并跟随交互的提示:"
8652
#: serverguide/C/security.xml:244(command)
8653
msgid "sudo chage username"
8654
msgstr "sudo chage username"
8656
#: serverguide/C/security.xml:246(para)
8658
"The following is also an example of how you can manually change the explicit "
8659
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8660
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8661
"password expiration, and a warning time period (-W) of 14 days before "
8662
"password expiration."
8664
"下面也是一个关于让你如何手动更改明确过期日期(-E)到01/31/2008,5天的最短密码寿命(-m),90天的最长密码寿命(-"
8665
"M),密码过期后5天的不活动期(-I),以及密码过期前14天的警告时段(-W)。"
8667
#: serverguide/C/security.xml:250(command)
8668
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
8671
#: serverguide/C/security.xml:254(para)
8672
msgid "To verify changes, use the same syntax as mentioned previously:"
8673
msgstr "要确认更改,请使用前面提到的相同命令语句:"
8675
#: serverguide/C/security.xml:260(para)
8677
"The output below shows the new policies that have been established for the "
8679
msgstr "以下的输出显示对帐号的新策略已建立:"
8681
#: serverguide/C/security.xml:263(computeroutput)
8684
"Last password change : Jan 20, 2008\n"
8685
"Password expires : Apr 19, 2008\n"
8686
"Password inactive : May 19, 2008\n"
8687
"Account expires : Jan 31, 2008\n"
8688
"Minimum number of days between password change : 5\n"
8689
"Maximum number of days between password change : 90\n"
8690
"Number of days of warning before password expires : 14"
8692
"上次更改密码日期 : 1月20日, 2008年\n"
8693
"密码过期日期 : 4月19日, 2008年\n"
8694
"密码失效日期 : 5月19日, 2008年\n"
8695
"帐号过期日期 : 1月31日, 2008年\n"
8696
"两次密码更改之间最少天数 : 5\n"
8697
"两次密码更改之间最多天数 : 90\n"
8700
#: serverguide/C/security.xml:279(title)
8701
msgid "Other Security Considerations"
8704
#: serverguide/C/security.xml:280(para)
8706
"Many applications use alternate authentication mechanisms that can be easily "
8707
"overlooked by even experienced system administrators. Therefore, it is "
8708
"important to understand and control how users authenticate and gain access "
8709
"to services and applications on your server."
8710
msgstr "许多程序使用交替谁机制,即使是有经验的系统管理员也很容易对其忽视。因此,理解并控制用户获得认证和并进入你的服务器上的服务和程序就很重要。"
8712
#: serverguide/C/security.xml:285(title)
8713
msgid "SSH Access by Disabled Users"
8714
msgstr "已禁用用户试图通过SSH连入"
8716
#: serverguide/C/security.xml:286(para)
8718
"Simply disabling/locking a user account will not prevent a user from logging "
8719
"into your server remotely if they have previously set up RSA public key "
8720
"authentication. They will still be able to gain shell access to the server, "
8721
"without the need for any password. Remember to check the users home "
8722
"directory for files that will allow for this type of authenticated SSH "
8723
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8725
"如果有用户之前设置了 RSA 公钥认证,简单地停用或锁定一个用户帐户并不能防止用户远程登录您的服务器。他们仍然能够得到服务器上 shell "
8726
"的访问权,并且不需要任何密码。记住检查用户的 home 目录,查看是否有允许这类 SSH "
8727
"访问验证的文件。例如:<filename>/home/username/.ssh/authorized_keys</filename>"
8729
#: serverguide/C/security.xml:289(para)
8731
"Remove or rename the directory <filename "
8732
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8733
"further SSH authentication capabilities."
8735
"将用户home文件夹下面的目录<filename "
8736
"class=\"directory\">.ssh/</filename>删除或改名,以防止将来自动获得SSH认证权限。"
8738
#: serverguide/C/security.xml:292(para)
8740
"Be sure to check for any established SSH connections by the disabled user, "
8741
"as it is possible they may have existing inbound or outbound connections. "
8742
"Kill any that are found."
8743
msgstr "一定要检查禁用用户创建的SSH连接,因为他们可能会有存在的入站或出站连接。发现一个取消一个。"
8745
#: serverguide/C/security.xml:295(para)
8747
"Restrict SSH access to only user accounts that should have it. For example, "
8748
"you may create a group called \"sshlogin\" and add the group name as the "
8749
"value associated with the <varname>AllowGroups</varname> variable located in "
8750
"the file <filename>/etc/ssh/sshd_config</filename>."
8752
"限制只有适当的用户拥有SSH的读取权限。例如,您可以生成一个叫做\"sshlogin\"的用户组,然后把和文件<filename>/etc/ssh/ssh"
8753
"d_config</filename>中的<varname>AllowGroups</varname>变量关联起来。"
8755
#: serverguide/C/security.xml:298(programlisting)
8759
"AllowGroups sshlogin\n"
8764
#: serverguide/C/security.xml:301(para)
8766
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8768
msgstr "然后将你允许的SSH用户添加到\"sshlogin\"组,并重启SSH服务。"
8770
#: serverguide/C/security.xml:305(command)
8771
msgid "sudo adduser username sshlogin"
8772
msgstr "sudo adduser 用户名 sshlogin"
8774
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8775
msgid "sudo /etc/init.d/ssh restart"
8776
msgstr "sudo /etc/init.d/ssh restart"
8778
#: serverguide/C/security.xml:310(title)
8779
msgid "External User Database Authentication"
8782
#: serverguide/C/security.xml:311(para)
8784
"Most enterprise networks require centralized authentication and access "
8785
"controls for all system resources. If you have configured your server to "
8786
"authenticate users against external databases, be sure to disable the user "
8787
"accounts both externally and locally, this way you ensure that local "
8788
"fallback authentication is not possible."
8790
"绝大多数企业网络对所有系统资源实行中心认证和准入控制。如果你配置你的服务来授权用户使用外部数据库,一定要将用户的帐号于外部和本地都予以禁用,以免其获得本地"
8793
#: serverguide/C/security.xml:320(title)
8794
msgid "Console Security"
8797
#: serverguide/C/security.xml:321(para)
8799
"As with any other security barrier you put in place to protect your server, "
8800
"it is pretty tough to defend against untold damage caused by someone with "
8801
"physical access to your environment, for example, theft of hard drives, "
8802
"power or service disruption and so on. Therefore, console security should be "
8803
"addressed merely as one component of your overall physical security "
8804
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8805
"very least slow down a determined one, so it is still advisable to perform "
8806
"basic precautions with regard to console security."
8808
"即使您使用了很多方法来保护您的服务器,还是很难防止未经告知的使用物理方法进入您的环境所造成的损失。举例来说,硬件的丢失,电源或服务的损坏等等。因此,控制台"
8809
"安全应该成为您的物理安全策略中压倒一切的一个方面。一个“screen "
8810
"door”就能够制止一个漫不经心的犯罪,或者至少可以阻挠一个犯罪,因此仍然建议对于操作台安全有几个基本的警戒。"
8812
#: serverguide/C/security.xml:324(para)
8814
"The following instructions will help defend your server against issues that "
8815
"could otherwise yield very serious consequences."
8816
msgstr "以下建议会帮你避开那些会让你遭受严重后果的事件。"
8818
#: serverguide/C/security.xml:329(title)
8819
msgid "Disable Ctrl+Alt+Delete"
8820
msgstr "禁用 Ctrl+Alt+Delete"
8822
#: serverguide/C/security.xml:330(para)
8824
"First and foremost, anyone that has physical access to the keyboard can "
8826
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8827
"eycombo> key combination to reboot the server without having to log on. "
8828
"Sure, someone could simply unplug the power source, but you should still "
8829
"prevent the use of this key combination on a production server. This forces "
8830
"an attacker to take more drastic measures to reboot the server, and will "
8831
"prevent accidental reboots at the same time."
8833
"首先的也是最初的,任何一个可以使用键盘的人可以简单的使用<keycombo><keycap>Ctrl</keycap><keycap>Alt</keyca"
8834
"p><keycap>Delete</keycap></keycombo>的组合键来重启服务器,而不需要登录。而且,任何人都可以很轻易的拔掉电源,不过您应该"
8835
"防止在一个生产用的服务器上使用这个组合键。这将导致攻击者使用更加激烈的方式来重启服务器或者在某些时候防止意外的重启。"
8837
#: serverguide/C/security.xml:335(para)
8839
"To disable the reboot action taken by pressing the "
8840
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8841
"eycombo> key combination, comment out the following line in the file "
8842
"<filename>/etc/init/control-alt-delete.conf</filename>."
8845
#: serverguide/C/security.xml:338(programlisting)
8849
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8852
#: serverguide/C/security.xml:347(title)
8856
#: serverguide/C/security.xml:350(para)
8858
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8859
"which is used to manipulate or decide the fate of network traffic headed "
8860
"into or through your server. All modern Linux firewall solutions use this "
8861
"system for packet filtering."
8863
"Linux 内核包括 <emphasis>Netfilter</emphasis> 子系统,用来处理或决定网络传输头部进入或穿过你的服务器,目前所有的 "
8864
"Linux 防火墙都用该系统来做包过滤。"
8866
#: serverguide/C/security.xml:355(para)
8868
"The kernel's packet filtering system would be of little use to "
8869
"administrators without a userspace interface to manage it. This is the "
8870
"purpose of iptables. When a packet reaches your server, it will be handed "
8871
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8872
"based on the rules supplied to it from userspace via iptables. Thus, "
8873
"iptables is all you need to manage your firewall if you're familiar with it, "
8874
"but many frontends are available to simplify the task."
8876
"内核的包过滤系统如果没有一个用户态 (userspace) 界面来管理它的话对管理员来说几乎没有用。这正是 iptables "
8877
"的目的。当一个包到达您的服务器,它从用户态 (userspace) 通过 iptables 传给 Netfilter "
8878
"子系统,然后基于提供的规则去接受、操作或拒绝。因此,如果你能熟悉它的话,那么 iptables 就是您管理您防火墙所需的全部。"
8880
#: serverguide/C/security.xml:365(title)
8881
msgid "ufw - Uncomplicated Firewall"
8882
msgstr "ufw - 不复杂的防火墙"
8884
#: serverguide/C/security.xml:366(para)
8886
"The default firewall configuration tool for Ubuntu is "
8887
"<application>ufw</application>. Developed to ease iptables firewall "
8888
"configuration, <application>ufw</application> provides a user friendly way "
8889
"to create an IPv4 or IPv6 host-based firewall."
8891
"Ubuntu默认的防火墙配置工具是<application>ufw</application>。为了使得iptables防火墙的配置轻松而开发的<appl"
8892
"ication>ufw</application>为用户提供了一种友好的方式来创建基于主机的IPv4或IPv6防火墙。"
8894
#: serverguide/C/security.xml:370(para)
8896
"<application>ufw</application> by default is initially disabled. From the "
8897
"<application>ufw</application> man page:"
8899
"默认情况下,<application>ufw</application>处于禁用状态. <application>ufw</application> "
8902
#: serverguide/C/security.xml:374(quote)
8904
"ufw is not intended to provide complete firewall functionality via its "
8905
"command interface, but instead provides an easy way to add or remove simple "
8906
"rules. It is currently mainly used for host-based firewalls."
8907
msgstr "ufw并非意于通过其命令行界面提供完备的防火墙功能,而是为添加或删除简单规则提供了简易的方法。目前主要用于基于主机的防火墙。"
8909
#: serverguide/C/security.xml:378(para)
8911
"The following are some examples of how to use <application>ufw</application>:"
8912
msgstr "下面是几个关于如何使用<application>ufw</application>的例子:"
8914
#: serverguide/C/security.xml:383(para)
8916
"First, <application>ufw</application> needs to be enabled. From a terminal "
8918
msgstr "首先,<application>ufw</application>要被激活。在终端里输入:"
8920
#: serverguide/C/security.xml:387(command)
8921
msgid "sudo ufw enable"
8922
msgstr "sudo ufw enable"
8924
#: serverguide/C/security.xml:391(para)
8925
msgid "To open a port (ssh in this example):"
8926
msgstr "打开一个通信端口(本例中是ssh):"
8928
#: serverguide/C/security.xml:395(command)
8929
msgid "sudo ufw allow 22"
8930
msgstr "sudo ufw allow 22"
8932
#: serverguide/C/security.xml:399(para)
8933
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8934
msgstr "规则同样可以使用一个<emphasis>numbered</emphais>格式来添加:"
8936
#: serverguide/C/security.xml:403(command)
8937
msgid "sudo ufw insert 1 allow 80"
8938
msgstr "sudo ufw insert 1 allow 80"
8940
#: serverguide/C/security.xml:407(para)
8941
msgid "Similarly, to close an opened port:"
8942
msgstr "相应地,关闭一个打开的通信端口:"
8944
#: serverguide/C/security.xml:411(command)
8945
msgid "sudo ufw deny 22"
8946
msgstr "sudo ufw deny 22"
8948
#: serverguide/C/security.xml:415(para)
8949
msgid "To remove a rule, use delete followed by the rule:"
8950
msgstr "要删除一条规则,使用delete加上要删的规则:"
8952
#: serverguide/C/security.xml:419(command)
8953
msgid "sudo ufw delete deny 22"
8954
msgstr "sudo ufw delete deny 22"
8956
#: serverguide/C/security.xml:423(para)
8958
"It is also possible to allow access from specific hosts or networks to a "
8959
"port. The following example allows ssh access from host 192.168.0.2 to any "
8960
"ip address on this host:"
8961
msgstr "也可以允许从某些特定的主机或网络进入某通信口。下面的例子可用允许主机192.168.0.2通过ssh进入到本主机的任何ip地址:"
8963
#: serverguide/C/security.xml:428(command)
8964
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8965
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8967
#: serverguide/C/security.xml:430(para)
8969
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8971
msgstr "用192.168.0.0/24替换掉192.168.0.2就可以允许ssh到整个子网。"
8973
#: serverguide/C/security.xml:436(para)
8975
"Adding the <emphasis>--dry-run</emphasis> option to a "
8976
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8977
"apply them. For example, the following is what would be applied if opening "
8980
"在<emphasis>ufw</emphasis>命令中添加<emphasis>--dry-"
8981
"run</emphasis>选项将输出结果规则,但并不添加它们。举例来说,下面是将在打开HTTP端口的时候添加的内容:"
8983
#: serverguide/C/security.xml:442(command)
8984
msgid "sudo ufw --dry-run allow http"
8985
msgstr "sudo ufw --dry-run allow http"
8987
#: serverguide/C/security.xml:446(computeroutput)
8991
":ufw-user-input - [0:0]\n"
8992
":ufw-user-output - [0:0]\n"
8993
":ufw-user-forward - [0:0]\n"
8994
":ufw-user-limit - [0:0]\n"
8995
":ufw-user-limit-accept - [0:0]\n"
8998
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8999
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
9001
"### END RULES ###\n"
9002
"-A ufw-user-input -j RETURN\n"
9003
"-A ufw-user-output -j RETURN\n"
9004
"-A ufw-user-forward -j RETURN\n"
9005
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
9007
"-A ufw-user-limit -j REJECT\n"
9008
"-A ufw-user-limit-accept -j ACCEPT\n"
9013
":ufw-user-input - [0:0]\n"
9014
":ufw-user-output - [0:0]\n"
9015
":ufw-user-forward - [0:0]\n"
9016
":ufw-user-limit - [0:0]\n"
9017
":ufw-user-limit-accept - [0:0]\n"
9020
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
9021
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
9023
"### END RULES ###\n"
9024
"-A ufw-user-input -j RETURN\n"
9025
"-A ufw-user-output -j RETURN\n"
9026
"-A ufw-user-forward -j RETURN\n"
9027
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
9029
"-A ufw-user-limit -j REJECT\n"
9030
"-A ufw-user-limit-accept -j ACCEPT\n"
9034
#: serverguide/C/security.xml:470(para)
9035
msgid "<application>ufw</application> can be disabled by:"
9036
msgstr "<application>ufw</application>可以通过下列命令来禁用:"
9038
#: serverguide/C/security.xml:474(command)
9039
msgid "sudo ufw disable"
9040
msgstr "sudo ufw disable"
9042
#: serverguide/C/security.xml:478(para)
9043
msgid "To see the firewall status, enter:"
9044
msgstr "查看防火墙状态,键入:"
9046
#: serverguide/C/security.xml:482(command)
9047
msgid "sudo ufw status"
9048
msgstr "sudo ufw status"
9050
#: serverguide/C/security.xml:486(para)
9051
msgid "And for more verbose status information use:"
9052
msgstr "以及更详细的状态信息请使用:"
9054
#: serverguide/C/security.xml:490(command)
9055
msgid "sudo ufw status verbose"
9056
msgstr "sudo ufw status verbose"
9058
#: serverguide/C/security.xml:494(para)
9059
msgid "To view the <emphasis>numbered</emphasis> format:"
9060
msgstr "要查看<emphasis>numbered</emphasis>格式:"
9062
#: serverguide/C/security.xml:498(command)
9063
msgid "sudo ufw status numbered"
9064
msgstr "sudo ufw status numbered"
9066
#: serverguide/C/security.xml:503(para)
9068
"If the port you want to open or close is defined in "
9069
"<filename>/etc/services</filename>, you can use the port name instead of the "
9070
"number. In the above examples, replace <emphasis>22</emphasis> with "
9071
"<emphasis>ssh</emphasis>."
9073
"如果你要打开或关闭的端口在<filename>/etc/services</filename>中已经定义了,你可以使用端口名称代替端口号。在上面的例子中,"
9074
"将<emphasis>22</emphasis>用<emphasis>ssh</emphasis>代替。"
9076
#: serverguide/C/security.xml:509(para)
9078
"This is a quick introduction to using <application>ufw</application>. Please "
9079
"refer to the <application>ufw</application> man page for more information."
9081
"这是一个使用<application>ufw</application>的快速介绍。请参阅<application>ufw</application>的m"
9084
#: serverguide/C/security.xml:515(title)
9085
msgid "ufw Application Integration"
9088
#: serverguide/C/security.xml:517(para)
9090
"Applications that open ports can include an <application>ufw</application> "
9091
"profile, which details the ports needed for the application to function "
9092
"properly. The profiles are kept in <filename "
9093
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
9094
"the default ports have been changed."
9096
"可以打开端口的应用程序可以被包含在<application>ufw</application>的预设文件中,这里根据功能适当的包含了应用程序所需的端口。这"
9097
"个预设文件包含在<filename "
9098
"role=\"directory\">/etc/ufw/applications.d</filename>,在默认端口发生改变的时候可以进行编辑。"
9100
#: serverguide/C/security.xml:526(para)
9102
"To view which applications have installed a profile, enter the following in "
9104
msgstr "要查看已安装程序的配置文件,请在终端里键入以下内容:"
9106
#: serverguide/C/security.xml:531(command)
9107
msgid "sudo ufw app list"
9108
msgstr "sudo ufw app list"
9110
#: serverguide/C/security.xml:537(para)
9112
"Similar to allowing traffic to a port, using an application profile is "
9113
"accomplished by entering:"
9114
msgstr "就像允许车辆到一个路口,可以通过输入下面的内容来使用一个应用程序预设文件。"
9116
#: serverguide/C/security.xml:542(command)
9117
msgid "sudo ufw allow Samba"
9118
msgstr "sudo ufw allow Samba"
9120
#: serverguide/C/security.xml:548(para)
9121
msgid "An extended syntax is available as well:"
9122
msgstr "一种扩展语法也是可用的:"
9124
#: serverguide/C/security.xml:553(command)
9125
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
9126
msgstr "ufw allow from 192.168.0.0/24 to any app Samba"
9128
#: serverguide/C/security.xml:556(para)
9130
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
9131
"with the application profile you are using and the IP range for your network."
9133
"使用您所使用的主机名和您的网络的IP地址范围代替应用程序预预设文件中的<emphasis>Samba</emphasis>和<emphasis>192.1"
9134
"68.0.0/24</emphasis>。"
9136
#: serverguide/C/security.xml:562(para)
9138
"There is no need to specify the <emphasis>protocol</emphasis> for the "
9139
"application, because that information is detailed in the profile. Also, note "
9140
"that the <emphasis>app</emphasis> name replaces the "
9141
"<emphasis>port</emphasis> number."
9143
"对于应用程序来说,<emphasis>protocol</emphasis>并不需要特地的设置,因为信息被定义到了文件中。然后,注意我们使用<emphas"
9144
"is>app</emphahsis>替换了<emphasis>port</emphasis>。"
9146
#: serverguide/C/security.xml:571(para)
9148
"To view details about which ports, protocols, etc are defined for an "
9149
"application, enter:"
9150
msgstr "要查看关于端品,协议等细节来定义程序,键入:"
9152
#: serverguide/C/security.xml:576(command)
9153
msgid "sudo ufw app info Samba"
9154
msgstr "sudo ufw app info Samba"
9156
#: serverguide/C/security.xml:582(para)
9158
"Not all applications that require opening a network port come with "
9159
"<application>ufw</application> profiles, but if you have profiled an "
9160
"application and want the file to be included with the package, please file a "
9161
"bug against the package in <ulink "
9162
"url=\"https://launchpad.net/\">Launchpad</ulink>."
9164
"不是所有的应用程序都需要在 <application>ufw</application> "
9165
"中配置一个网络端口,但是如果你已经配置了一个应用程序并且希望这个配置能被包含在软件包中,请提交 <ulink "
9166
"url=\"https://launchpad.net/\">Launchpad</ulink>的BUG/建议。"
9168
#: serverguide/C/security.xml:591(title)
9169
msgid "IP Masquerading"
9172
#: serverguide/C/security.xml:592(para)
9174
"The purpose of IP Masquerading is to allow machines with private, non-"
9175
"routable IP addresses on your network to access the Internet through the "
9176
"machine doing the masquerading. Traffic from your private network destined "
9177
"for the Internet must be manipulated for replies to be routable back to the "
9178
"machine that made the request. To do this, the kernel must modify the "
9179
"<emphasis>source</emphasis> IP address of each packet so that replies will "
9180
"be routed back to it, rather than to the private IP address that made the "
9181
"request, which is impossible over the Internet. Linux uses "
9182
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
9183
"connections belong to which machines and reroute each return packet "
9184
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
9185
"having originated from your Ubuntu gateway machine. This process is referred "
9186
"to in Microsoft documentation as Internet Connection Sharing."
9188
"IP 伪装的目的是为了允许您网络上那些有着私有的、不可路由的 IP 地址的机器可以通过做伪装的机器访问 Internet。来自您私有网络并要访问 "
9189
"Internet 的传输必须是可以操作的,也就是说回复要可以被路由回来以送到发出请求的机器上。要做到这一点,内核必须修改每个包 "
9190
"<emphasis>源</emphasis> IP 地址以便回复能被路由回它这里,而不是发出请求的私有 IP 地址,因为它们对于 Internet "
9191
"来说是不存在的。Linux 使用 <emphasis>Connection Tracking</emphasis> (conntrack) "
9192
"来保持那个连接是属于哪个机器的,并相应地对每个返回包重新做路由。发自您私有网络的流量就这样被伪装成源于您的网关机器。这一过程在 Microsoft "
9193
"文档中被称为 Internet 连接共享。"
9195
#: serverguide/C/security.xml:608(title)
9196
msgid "ufw Masquerading"
9197
msgstr "ufw Masquerading"
9199
#: serverguide/C/security.xml:609(para)
9201
"IP Masquerading can be achieved using custom <application>ufw</application> "
9202
"rules. This is possible because the current back-end for "
9203
"<application>ufw</application> is <application>iptables-"
9204
"restore</application> with the rules files located in "
9205
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
9206
"legacy iptables rules used without <application>ufw</application>, and rules "
9207
"that are more network gateway or bridge related."
9209
"IP伪装可以通过定制 <application>ufw</application> 的规则来实现,因为当前 "
9210
"<application>ufw</application> 的后端是 <application>iptables-"
9211
"restore</application>,其规则存储在 <filename>/etc/ufw/*.rules</filename> "
9212
"里。用户可以在这些文件中添加遗留 iptables 规则和与网关或网桥相关的规则,其中遗留 iptables 规则在没有 "
9213
"<application>ufw</application> 的情况下也会被使用。"
9215
#: serverguide/C/security.xml:615(para)
9217
"The rules are split into two different files, rules that should be executed "
9218
"before <application>ufw</application> command line rules, and rules that are "
9219
"executed after <application>ufw</application> command line rules."
9220
msgstr "规则被分割为两个不同的文件,并且分别在<application>ufw</application>的命令行规则的前后被执行。"
9222
#: serverguide/C/security.xml:621(para)
9224
"First, packet forwarding needs to be enabled in "
9225
"<application>ufw</application>. Two configuration files will need to be "
9226
"adjusted, in <filename>/etc/default/ufw</filename> change the "
9227
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
9229
"首先, <application>ufw</application> 需要先启用封包转发。其次,在配置文件: "
9230
"<filename>/etc/default/ufw</filename> "
9231
"中需要调整<emphasis>DEFAULT_FORWARD_POLICY</emphasis> 为 <quote>ACCEPT</quote>"
9233
#: serverguide/C/security.xml:625(programlisting)
9237
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
9240
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
9242
#: serverguide/C/security.xml:628(para)
9243
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
9244
msgstr "然后修改<filename>/etc/ufw/sysctl.conf</filename>,并注释掉:"
9246
#: serverguide/C/security.xml:631(programlisting)
9250
"net/ipv4/ip_forward=1\n"
9253
"net/ipv4/ip_forward=1\n"
9255
#: serverguide/C/security.xml:634(para)
9256
msgid "Similarly, for IPv6 forwarding uncomment:"
9257
msgstr "类似地,对IPv6的投递,注释掉:"
9259
#: serverguide/C/security.xml:637(programlisting)
9263
"net/ipv6/conf/default/forwarding=1\n"
9266
"net/ipv6/conf/default/forwarding=1\n"
9268
#: serverguide/C/security.xml:642(para)
9270
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
9271
"file. The default rules only configure the <emphasis>filter</emphasis> "
9272
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
9273
"need to be configured. Add the following to the top of the file just after "
9274
"the header comments:"
9276
"现在我们将添加规则到文件:<filename>/etc/ufw/before.rules</filename>。默认的规则仅配置了<emphasis>fi"
9277
"lter</emphasis>表,如果需要启用伪装则需要配置<emphasis>nat</emphasis>表。请添加一下信息到配置文件紧跟在最头部注释的"
9280
#: serverguide/C/security.xml:647(programlisting)
9284
"# nat Table rules\n"
9286
":POSTROUTING ACCEPT [0:0]\n"
9288
"# Forward traffic from eth1 through eth0.\n"
9289
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
9291
"# don't delete the 'COMMIT' line or these nat table rules won't be "
9296
"# nat Table rules\n"
9298
":POSTROUTING ACCEPT [0:0]\n"
9300
"# Forward traffic from eth1 through eth0.\n"
9301
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
9303
"# don't delete the 'COMMIT' line or these nat table rules won't be "
9307
#: serverguide/C/security.xml:658(para)
9309
"The comments are not strictly necessary, but it is considered good practice "
9310
"to document your configuration. Also, when modifying any of the "
9311
"<emphasis>rules</emphasis> files in <filename "
9312
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
9313
"line for each table modified:"
9315
"书写注释是很好的习惯,虽然它不是必须的。并且当你在修改<filename "
9316
"class=\"directory\">/etc/ufw</filename>文件任何<emphasis>rules</emphasis>的时候,确保这些"
9319
#: serverguide/C/security.xml:664(programlisting)
9323
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
9327
"#不要删除'COMMIT'行,否则这些规则将不被处理\n"
9328
"表示一个换行。在翻译的相应位置开始新的行\n"
9330
#: serverguide/C/security.xml:669(para)
9332
"For each <emphasis>Table</emphasis> a corresponding "
9333
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
9334
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
9335
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
9336
"<emphasis>mangle</emphasis> tables."
9338
"每个 <emphasis>Table</emphasis> 都要有一个对应的 <emphasis>COMMIT</emphasis> 声明。本例只展示了 "
9339
"<emphasis>nat</emphasis> 和 <emphasis>filter</emphasis> 表,但您也可以为 "
9340
"<emphasis>raw</emphasis> 和 <emphasis>mangle</emphasis> 表添加规则。"
9342
#: serverguide/C/security.xml:676(para)
9344
"In the above example replace <emphasis>eth0</emphasis>, "
9345
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
9346
"appropriate interfaces and IP range for your network."
9348
"在上面的例子中将<emphasis>eth0</emphasis>, <emphasis>eth1</emphasis>, 和 "
9349
"<emphasis>192.168.0.0/24</emphasis>替换为你的网络的正确的设备和IP范围。"
9351
#: serverguide/C/security.xml:684(para)
9353
"Finally, disable and re-enable <application>ufw</application> to apply the "
9355
msgstr "最后,禁止并重新激活<application>ufw</application>来运用修改"
9357
#: serverguide/C/security.xml:688(command)
9358
msgid "sudo ufw disable && sudo ufw enable"
9359
msgstr "sudo ufw disable && sudo ufw enable"
9361
#: serverguide/C/security.xml:692(para)
9363
"IP Masquerading should now be enabled. You can also add any additional "
9364
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
9365
"recommended that these additional rules be added to the <emphasis>ufw-before-"
9366
"forward</emphasis> chain."
9368
"现在应该启用IP伪装。你还可以添加额外的更早的规则到<filename>/etc/ufw/before.rules</filename>。推荐将这些规则添"
9369
"加到<emphasis>ufw-before-forward</emphasis>节点。"
9371
#: serverguide/C/security.xml:699(title)
9372
msgid "iptables Masquerading"
9373
msgstr "iptables 伪装"
9375
#: serverguide/C/security.xml:700(para)
9377
"<application>iptables</application> can also be used to enable masquerading."
9378
msgstr "<application>iptables</application> 同样可以用来开启伪装。"
9380
#: serverguide/C/security.xml:705(para)
9382
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
9383
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
9384
"uncomment the following line"
9386
"类似于<application>ufw</application>,激活IPv4包投递的第一步是编辑<filename>/etc/sysctl.conf<"
9387
"/filename>并注释掉以下行:"
9389
#: serverguide/C/security.xml:709(programlisting)
9393
"net.ipv4.ip_forward=1\n"
9396
"net.ipv4.ip_forward=1\n"
9398
#: serverguide/C/security.xml:712(para)
9399
msgid "If you wish to enable IPv6 forwarding also uncomment:"
9400
msgstr "如果你想激活IPv6投递,还要注释掉:"
9402
#: serverguide/C/security.xml:715(programlisting)
9406
"net.ipv6.conf.default.forwarding=1\n"
9409
"net.ipv6.conf.default.forwarding=1\n"
9411
#: serverguide/C/security.xml:720(para)
9413
"Next, execute the <application>sysctl</application> command to enable the "
9414
"new settings in the configuration file:"
9415
msgstr "接下来,执行<application>sysctl</application>命令来激活配置文件中的新设置。"
9417
#: serverguide/C/security.xml:724(command)
9418
msgid "sudo sysctl -p"
9419
msgstr "sudo sysctl -p"
9421
#: serverguide/C/security.xml:728(para)
9423
"IP Masquerading can now be accomplished with a single iptables rule, which "
9424
"may differ slightly based on your network configuration:"
9425
msgstr "如今根据一条iptables规则即可完成IP伪装,视您的网络而定,其配置可能略有不同。"
9427
#: serverguide/C/security.xml:731(screen)
9431
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9434
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9436
#: serverguide/C/security.xml:734(para)
9438
"The above command assumes that your private address space is 192.168.0.0/16 "
9439
"and that your Internet-facing device is ppp0. The syntax is broken down as "
9441
msgstr "上面的命令假定您的个人地址空间是 192.168.0.0/16,同时您的网络连接设备是 ppp0。这个语法失效,如下所示:"
9443
#: serverguide/C/security.xml:739(para)
9444
msgid "-t nat -- the rule is to go into the nat table"
9445
msgstr "-t nat -- 该规则将进入 nat 表"
9447
#: serverguide/C/security.xml:740(para)
9449
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
9450
msgstr "-A POSTROUTING -- 该规则将被追加 (-A) 到 POSTROUTING 链"
9452
#: serverguide/C/security.xml:741(para)
9454
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
9455
"specified address space"
9456
msgstr "-s 192.168.0.0/16 -- 该规则将被应用在源自指定地址空间的流量上"
9458
#: serverguide/C/security.xml:742(para)
9460
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
9461
"specified network device"
9462
msgstr "-o ppp0 -- 该规则应用于计划通过指定网络设备的流量。"
9464
#: serverguide/C/security.xml:744(para)
9466
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
9467
"MASQUERADE target to be manipulated as described above"
9468
msgstr "-j MASQUERADE -- 匹配该规则的流量将如上所述 \"跳转\" (-j) 到 MASQUERADE (伪装) 目标。"
9470
#: serverguide/C/security.xml:752(para)
9472
"Also, each chain in the filter table (the default table, and where most or "
9473
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
9474
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
9475
"you may have set the policies to DROP or REJECT, in which case your "
9476
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
9477
"above rule to work:"
9479
"过滤表中的每个处理链都有一个默认的 ACCEPT "
9480
"<emphasis>策略(policy)</emphasis>,但如果您是为网关设备添加防火墙,那么您可能会将这些策略设置为 DROP 或 "
9481
"REJECT。在这种情况下您伪装过的数据流需要允许通过 FORWARD 链,以使得上述规则正确执行。"
9483
#: serverguide/C/security.xml:759(screen)
9487
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9488
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9489
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9492
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9493
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9494
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9496
#: serverguide/C/security.xml:763(para)
9498
"The above commands will allow all connections from your local network to the "
9499
"Internet and all traffic related to those connections to return to the "
9500
"machine that initiated them."
9501
msgstr "上面的命令将允许从你的本地网络到互联网的所有连接,以及和这些连接相关的、返回产生它们的计算机的所有流量。"
9503
#: serverguide/C/security.xml:770(para)
9505
"If you want masquerading to be enabled on reboot, which you probably do, "
9506
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
9507
"example add the first command with no filtering:"
9509
"如果您想在重启以后应用IP伪装,您可能需要编辑<filename>/etc/rc.local</filename>并加入上面使用的任一命令。例如加入没有过"
9512
#: serverguide/C/security.xml:774(screen)
9516
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9519
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9521
#: serverguide/C/security.xml:782(title)
9525
#: serverguide/C/security.xml:783(para)
9527
"Firewall logs are essential for recognizing attacks, troubleshooting your "
9528
"firewall rules, and noticing unusual activity on your network. You must "
9529
"include logging rules in your firewall for them to be generated, though, and "
9530
"logging rules must come before any applicable terminating rule (a rule with "
9531
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
9534
"防火墙日志对于识别攻击、调试防火墙规则和发现你网络上不正常活动方面非常重要。一定要在防火墙里包含日志生成规则并且日志规则一定是在任何终结性规则之前使用(用"
9535
"来觉得字节包裹命运:如ACCEPT, DROP 或者 REJECT)。"
9537
#: serverguide/C/security.xml:790(para)
9539
"If you are using <application>ufw</application>, you can turn on logging by "
9540
"entering the following in a terminal:"
9541
msgstr "如果你在使用<application>ufw</application>,你可以在终端输入以下内容以开启登录:"
9543
#: serverguide/C/security.xml:794(command)
9544
msgid "sudo ufw logging on"
9545
msgstr "sudo ufw logging on"
9547
#: serverguide/C/security.xml:796(para)
9549
"To turn logging off in <application>ufw</application>, simply replace "
9550
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
9551
"role=\"italic\">off</emphasis> in the above command."
9553
"为退出登录<application>ufw</application>,在以上命令中用<emphasis "
9554
"role=\"italic\">off</emphasis>替换<emphasis role=\"italic\">on</emphasis>即可。"
9556
#: serverguide/C/security.xml:799(para)
9558
"If using <application>iptables</application> instead of "
9559
"<application>ufw</application>, enter:"
9561
"如果您要使用<application>ufw</application>来代替<application>iptables</application>,请输"
9564
#: serverguide/C/security.xml:802(screen)
9568
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9569
"prefix \"NEW_HTTP_CONN: \"\n"
9572
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9573
"prefix \"NEW_HTTP_CONN: \"\n"
9575
#: serverguide/C/security.xml:805(para)
9577
"A request on port 80 from the local machine, then, would generate a log in "
9578
"dmesg that looks like this:"
9579
msgstr "一个来自本地计算机的80端口请求,将在dmesg中产生一个log如下:"
9581
#: serverguide/C/security.xml:810(programlisting)
9584
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9585
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9586
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9587
"WINDOW=32767 RES=0x00 SYN URGP=0"
9589
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9590
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9591
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9592
"WINDOW=32767 RES=0x00 SYN URGP=0"
9594
#: serverguide/C/security.xml:812(para)
9596
"The above log will also appear in <filename>/var/log/messages</filename>, "
9597
"<filename>/var/log/syslog</filename>, and "
9598
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
9599
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
9600
"and configuring <application>ulogd</application> and using the ULOG target "
9601
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
9602
"server that listens for logging instructions from the kernel specifically "
9603
"for firewalls, and can log to any file you like, or even to a "
9604
"<application>PostgreSQL</application> or <application>MySQL</application> "
9605
"database. Making sense of your firewall logs can be simplified by using a "
9606
"log analyzing tool such as <application>fwanalog</application>, "
9607
"<application> fwlogwatch</application>, or <application>lire</application>."
9609
"上面的日志也会出现在<filename>/var/log/messages</filename>、<filename>/var/log/syslog</f"
9610
"ilename> 和 <filename>/var/log/kern.log</filename> 中。这一过程可以通过适当编辑 "
9611
"<filename>/etc/syslog.conf</filename> 或安装配置 <application>ulogd</application> "
9612
"并用 ULOG 代替 LOG 来进行改变。<application>ulogd</application> "
9613
"守护程序是一种用户态服务器可以监听来自内核的防火墙日志指令,并且能够将其写到任何您希望的文件中,甚至是 "
9614
"<application>PostgreSQL</application> 或 <application>MySQL</application> "
9616
"<application>fwanalog</application>、<application>fwlogwatch</application> 或 "
9617
"<application>lire</application> 日志分析工具将会很轻松地弄懂您的防火墙日志。"
9619
#: serverguide/C/security.xml:827(title)
9623
#: serverguide/C/security.xml:828(para)
9625
"There are many tools available to help you construct a complete firewall "
9626
"without intimate knowledge of iptables. For the GUI-inclined:"
9627
msgstr "有许多工具可以帮助你不用深奥的iptables的知识就创建一个完整的防火墙。图形操作界面的有:"
9629
#: serverguide/C/security.xml:834(para)
9631
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
9632
"popular and easy to use."
9634
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink>很流行,使用起来很简单。"
9636
#: serverguide/C/security.xml:839(para)
9638
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
9639
"and will look familiar to an administrator who has used a commercial "
9640
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9643
"url=\"http://www.fwbuilder.org/\">fwbuilder</ulink>功能很强大,使用过类似于<application>C"
9644
"heckpoint FireWall-1</application>等商业防火墙软件的管理员会对它很面熟。"
9646
#: serverguide/C/security.xml:845(para)
9648
"If you prefer a command-line tool with plain-text configuration files:"
9649
msgstr "如果你更倾向于使用有纯文本配置文件的命令行工具:"
9651
#: serverguide/C/security.xml:850(para)
9653
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9654
"powerful solution to help you configure an advanced firewall for any network."
9657
"url=\"http://www.shorewall.net/\">Shorewall</ulink>是一个非常强大的帮助你配置高级防火墙的解决方案,它适"
9660
#: serverguide/C/security.xml:856(para)
9662
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9663
"a working firewall \"out of the box\" with zero configuration, and will "
9664
"allow you to easily set up a more advanced firewall by editing simple, well-"
9665
"documented configuration files."
9668
"url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink>可以给你一个不用配置、拿来就用的防火墙,也允许你轻"
9669
"松通过编辑简单的、有完整说明的配置文件而创建一个更高级的防火墙。"
9671
#: serverguide/C/security.xml:863(para)
9673
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9674
"designed to be a desktop firewall application. It is made up of a server "
9675
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9676
"like many popular interactive firewall applications for Windows."
9679
"url=\"http://fireflier.sourceforge.net/\">fireflier</ulink>是一个桌面防火墙软件。由一个服务器("
9680
"fireflier-server)和图形操作界面客户端(GTK或QT)组成,很像许多流行的Windows交互式防火墙软件。"
9682
#: serverguide/C/security.xml:875(para)
9684
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9685
"Firewall</ulink> wiki page contains information on the development of "
9686
"<application>ufw</application>."
9688
"<ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9689
"Firewall</ulink>的维基百科页面包含了有关<application>ufw</application>的开发信息。"
9691
#: serverguide/C/security.xml:881(para)
9693
"Also, the <application>ufw</application> manual page contains some very "
9694
"useful information: <command>man ufw</command>."
9696
"同时,<application>ufw</application>的使用手册包含了一些非常有用的内容:<command>man ufw</command>"
9698
#: serverguide/C/security.xml:886(para)
9700
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9701
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9702
"on using <application>iptables</application>."
9704
"更多有关如何使用<application>iptables</application>的信息请参看<ulink "
9705
"url=\"http://www.netfilter.org/documentation/HOWTO/packet-filtering-"
9706
"HOWTO.html\">packet-filtering-HOWTO</ulink>。"
9708
#: serverguide/C/security.xml:892(para)
9710
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9711
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9713
"<ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9714
"HOWTO.html\">nat-HOWTO</ulink>包含了有关伪装地址的更多细节。"
9716
#: serverguide/C/security.xml:898(para)
9718
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9719
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9722
#: serverguide/C/security.xml:906(title)
9726
#: serverguide/C/security.xml:907(para)
9728
"<application>AppArmor</application> is a Linux Security Module "
9729
"implementation of name-based mandatory access controls. AppArmor confines "
9730
"individual programs to a set of listed files and posix 1003.1e draft "
9733
"<application>AppArmor</application> 是一个实施了基于名称强制存取控制的Linux安全模组。AppArmor "
9734
"界定了单个程序进入一组文件列表的权限并遵循posix 1003.1e 草稿的能力。"
9736
#: serverguide/C/security.xml:911(para)
9738
"<application>AppArmor</application> is installed and loaded by default. It "
9739
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9740
"and permissions the application requires. Some packages will install their "
9741
"own profiles, and additional profiles can be found in the "
9742
"<application>apparmor-profiles</application> package."
9744
"默认情况下<application>AppArmor</application>已安装并载入。它使用每个程序的<emphasis>profiles</em"
9745
"phasis>来确定这个程序需要什么文件和权限。有些包会安装它们自己的profiles,额外的profiles可以在<application>apparm"
9746
"or-profiles</application>包里找到。"
9748
#: serverguide/C/security.xml:916(para)
9750
"To install the <application>apparmor-profiles</application> package from a "
9752
msgstr "要安装<application>apparmor-profiles</application>软件包,在终端输入:"
9754
#: serverguide/C/security.xml:922(para)
9755
msgid "AppArmor profiles have two modes of execution:"
9756
msgstr "AppArmor配置文件有两种执行模式:"
9758
#: serverguide/C/security.xml:927(para)
9760
"Complaining/Learning: profile violations are permitted and logged. Useful "
9761
"for testing and developing new profiles."
9762
msgstr "投诉/学习: 允许并记录配置文件的冲突。对于测试并开发新的配置文件有用途。"
9764
#: serverguide/C/security.xml:932(para)
9766
"Enforced/Confined: enforces profile policy as well as logging the violation."
9767
msgstr "强制/受限:强制配置策略及违规记录。"
9769
#: serverguide/C/security.xml:938(title)
9770
msgid "Using AppArmor"
9771
msgstr "使用 AppArmor"
9773
#: serverguide/C/security.xml:939(para)
9775
"The <application>apparmor-utils</application> package contains command line "
9776
"utilities that you can use to change the <application>AppArmor</application> "
9777
"execution mode, find the status of a profile, create new profiles, etc."
9779
"<application>apparmor-"
9780
"utils</application>软件包包含一些命令行工具,使用它们您可以更改<application>AppArmor</application>的"
9781
"执行模式、查看配置文件的状态、创建新的配置文件等等。"
9783
#: serverguide/C/security.xml:945(para)
9785
"<application>apparmor_status</application> is used to view the current "
9786
"status of AppArmor profiles."
9787
msgstr "<application>apparmor_status</application>是用来查看AppArmor配置文件的当前状态的。"
9789
#: serverguide/C/security.xml:949(command)
9790
msgid "sudo apparmor_status"
9791
msgstr "sudo apparmor_status"
9793
#: serverguide/C/security.xml:953(para)
9795
"<application>aa-complain</application> places a profile into "
9796
"<emphasis>complain</emphasis> mode."
9799
"complain</application>将一个配置文件置入<emphasis>complain</emphasis>模式。"
9801
#: serverguide/C/security.xml:957(command)
9802
msgid "sudo aa-complain /path/to/bin"
9803
msgstr "sudo aa-complain /path/to/bin"
9805
#: serverguide/C/security.xml:961(para)
9807
"<application>aa-enforce</application> places a profile into "
9808
"<emphasis>enforce</emphasis> mode."
9810
"<application>aa-enforce</application>将一个配置文件置入<emphasis>enforce</emphasis>模式。"
9812
#: serverguide/C/security.xml:965(command)
9813
msgid "sudo aa-enforce /path/to/bin"
9814
msgstr "sudo aa-enforce /path/to/bin"
9816
#: serverguide/C/security.xml:969(para)
9818
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9819
"profiles are located. It can be used to manipulate the "
9820
"<emphasis>mode</emphasis> of all profiles."
9822
"<filename>/etc/apparmor.d</filename>目录是AppArmor配置文件的所在之处。可用来操作所有配置文件的<emphasi"
9823
"s>模式mode</emphasis>。"
9825
#: serverguide/C/security.xml:973(para)
9826
msgid "Enter the following to place all profiles into complain mode:"
9827
msgstr "要将所有配置文件置入complain模式,输入:"
9829
#: serverguide/C/security.xml:977(command)
9830
msgid "sudo aa-complain /etc/apparmor.d/*"
9831
msgstr "sudo aa-complain /etc/apparmor.d/*"
9833
#: serverguide/C/security.xml:979(para)
9834
msgid "To place all profiles in enforce mode:"
9835
msgstr "要将所有配置文件置入enforce模式:"
9837
#: serverguide/C/security.xml:983(command)
9838
msgid "sudo aa-enforce /etc/apparmor.d/*"
9839
msgstr "sudo aa-enforce /etc/apparmor.d/*"
9841
#: serverguide/C/security.xml:987(para)
9843
"<application>apparmor_parser</application> is used to load a profile into "
9844
"the kernel. It can also be used to reload a currently loaded profile using "
9845
"the <emphasis>-r</emphasis> option. To load a profile:"
9847
"<application>apparmor_parser</application>用来将一个配置文件载入内核。它也可以通过使用<emphasis>-"
9848
"r</emphasis>选项来重新载入当前已载入的配置文件。要载入一个配置文件:"
9850
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
9851
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9852
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9854
#: serverguide/C/security.xml:994(para)
9855
msgid "To reload a profile:"
9856
msgstr "要重新载入一个配置文件:"
9858
#: serverguide/C/security.xml:998(command)
9859
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9860
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9862
#: serverguide/C/security.xml:1002(para)
9864
"<filename>/etc/init.d/apparmor</filename> can be used to "
9865
"<emphasis>reload</emphasis> all profiles:"
9867
"<filename>/etc/init.d/apparmor</filename>可用来<emphasis>重新载入</emphasis>所有配置文件:"
9869
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
9870
msgid "sudo /etc/init.d/apparmor reload"
9871
msgstr "sudo /etc/init.d/apparmor reload"
9873
#: serverguide/C/security.xml:1010(para)
9875
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9876
"with the <application>apparmor_parser -R</application> option to "
9877
"<emphasis>disable</emphasis> a profile."
9880
"<filename>/etc/apparmor.d/disable</filename>目录可以和<application>apparmor_parser"
9881
" -R</application>选项一起使用以<emphasis>禁用</emphasis>一个配置文件。"
9883
#: serverguide/C/security.xml:1015(command)
9884
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9885
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9887
#: serverguide/C/security.xml:1016(command)
9888
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9889
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9891
#: serverguide/C/security.xml:1018(para)
9893
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9894
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9895
"load the profile using the <emphasis>-a</emphasis> option."
9897
"要<emphasis>重新激活</emphasis> 一个已禁用的配置文件,请在 "
9898
"<filename>/etc/apparmor.d/disable/</filename>里删除到其配置文件的软链接。然后使用选项 <emphasis>-"
9899
"a</emphasis>载入配置文件。"
9901
#: serverguide/C/security.xml:1023(command)
9902
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9903
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
9905
#: serverguide/C/security.xml:1028(para)
9907
"<application>AppArmor</application> can be disabled, and the kernel module "
9908
"unloaded by entering the following:"
9909
msgstr "<application>AppArmor</application>可以被禁用,其内核模块可以通过输入以下命令卸载:"
9911
#: serverguide/C/security.xml:1032(command)
9912
msgid "sudo /etc/init.d/apparmor stop"
9913
msgstr "sudo /etc/init.d/apparmor stop"
9915
#: serverguide/C/security.xml:1033(command)
9916
msgid "sudo update-rc.d -f apparmor remove"
9917
msgstr "sudo update-rc.d -f apparmor remove"
9919
#: serverguide/C/security.xml:1037(para)
9920
msgid "To re-enable <application>AppArmor</application> enter:"
9921
msgstr "要重新启用<application>AppArmor</application>,输入:"
9923
#: serverguide/C/security.xml:1041(command)
9924
msgid "sudo /etc/init.d/apparmor start"
9925
msgstr "sudo /etc/init.d/apparmor start"
9927
#: serverguide/C/security.xml:1042(command)
9928
msgid "sudo update-rc.d apparmor defaults"
9929
msgstr "sudo update-rc.d apparmor defaults"
9931
#: serverguide/C/security.xml:1047(para)
9933
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9934
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9935
"the actual executable file path. For example for the "
9936
"<application>ping</application> command use <filename>/bin/ping</filename>"
9938
"用你操作的profile名称来替代<emphasis>profile.name</emphasis>。再有,用实际的执行文件的路径来代替<filename"
9939
">/path/to/bin/</filename>。例如,使用<filename>/bin/ping</filename>来替代<application>"
9940
"ping</application>"
9942
#: serverguide/C/security.xml:1055(title)
9946
#: serverguide/C/security.xml:1056(para)
9948
"<application>AppArmor</application> profiles are simple text files located "
9949
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9950
"path to the executable they profile replacing the \"/\" with \".\". For "
9951
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9952
"profile for the <filename>/bin/ping</filename> command."
9955
#: serverguide/C/security.xml:1062(para)
9956
msgid "There are two main type of rules used in profiles:"
9957
msgstr "在配置文件中,主要有两种类型的规则"
9959
#: serverguide/C/security.xml:1067(para)
9961
"<emphasis>Path entries:</emphasis> which detail which files an application "
9962
"can access in the file system."
9963
msgstr "<emphasis>路径 项:</emphasis> 指定文件系统中哪些文件是一个应用程序可以访问的。"
9965
#: serverguide/C/security.xml:1072(para)
9967
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9968
"confined process is allowed to use."
9971
#: serverguide/C/security.xml:1077(para)
9973
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9974
msgstr "作为一个例子来看看<filename>/etc/apparmor.d/bin.ping</filename>:"
9976
#: serverguide/C/security.xml:1080(programlisting)
9980
"#include <tunables/global>\n"
9981
"/bin/ping flags=(complain) {\n"
9982
" #include <abstractions/base>\n"
9983
" #include <abstractions/consoles>\n"
9984
" #include <abstractions/nameservice>\n"
9986
" capability net_raw,\n"
9987
" capability setuid,\n"
9988
" network inet raw,\n"
9990
" /bin/ping mixr,\n"
9991
" /etc/modules.conf r,\n"
9995
"#include <tunables/global>\n"
9996
"/bin/ping flags=(complain) {\n"
9997
" #include <abstractions/base>\n"
9998
" #include <abstractions/consoles>\n"
9999
" #include <abstractions/nameservice>\n"
10001
" capability net_raw,\n"
10002
" capability setuid,\n"
10003
" network inet raw,\n"
10005
" /bin/ping mixr,\n"
10006
" /etc/modules.conf r,\n"
10009
#: serverguide/C/security.xml:1097(para)
10011
"<emphasis>#include <tunables/global>:</emphasis> include statements "
10012
"from other files. This allows statements pertaining to multiple applications "
10013
"to be placed in a common file."
10015
"<emphasis>#include "
10016
"<tunables/global>:</emphasis>包含了来自另外文件的声明。这样做使得来自不同应用程序的相关声明都被放置在同一个文件中"
10019
#: serverguide/C/security.xml:1103(para)
10021
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
10022
"program, also setting the mode to <emphasis>complain</emphasis>."
10025
#: serverguide/C/security.xml:1109(para)
10027
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
10028
"the CAP_NET_RAW Posix.1e capability."
10030
"<emphasis>capability net_raw,:</emphasis> 允许程序拥有连接 CAP_NET_RAW Posix.1e 的能力。"
10032
#: serverguide/C/security.xml:1114(para)
10034
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
10035
"execute access to the file."
10036
msgstr "<emphasis>/bin/ping mixr,:</emphasis> 允许应用程序读取和执行该文件。"
10038
#: serverguide/C/security.xml:1120(para)
10040
"After editing a profile file the profile must be reloaded. See <xref "
10041
"linkend=\"apparmor-usage\"/> for details."
10042
msgstr "编辑配置文件后必须重新载入配置文件。参看<xref linkend=\"apparmor-usage\"/> 获取详情"
10044
#: serverguide/C/security.xml:1125(title)
10045
msgid "Creating a Profile"
10048
#: serverguide/C/security.xml:1128(para)
10050
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
10051
"application should be exercised. The test plan should be divided into small "
10052
"test cases. Each test case should have a small description and list the "
10055
"<emphasis>设计测试计划:</emphasis> "
10056
"试着思考应用程序会怎样运行。测试计划可以分解为小的测试用例。对每个测试用例,应该有个简短的描述,并列出应该执行的步骤。"
10058
#: serverguide/C/security.xml:1132(para)
10059
msgid "Some standard test cases are:"
10060
msgstr "一些标准的测试情况是:"
10062
#: serverguide/C/security.xml:1137(para)
10063
msgid "Starting the program."
10066
#: serverguide/C/security.xml:1142(para)
10067
msgid "Stopping the program."
10070
#: serverguide/C/security.xml:1147(para)
10071
msgid "Reloading the program."
10074
#: serverguide/C/security.xml:1152(para)
10075
msgid "Testing all the commands supported by the init script."
10076
msgstr "测试所有init脚本支持的命令。"
10078
#: serverguide/C/security.xml:1159(para)
10080
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
10081
"genprof</application> to generate a new profile. From a terminal:"
10083
"<emphasis>生成新配置文件:</emphasis> 使用 <application>aa-genprof</application> "
10086
#: serverguide/C/security.xml:1164(command)
10087
msgid "sudo aa-genprof executable"
10088
msgstr "sudo aa-genprof executable"
10090
#: serverguide/C/security.xml:1166(para)
10091
msgid "For example:"
10094
#: serverguide/C/security.xml:1170(command)
10095
msgid "sudo aa-genprof slapd"
10096
msgstr "sudo aa-genprof slapd"
10098
#: serverguide/C/security.xml:1174(para)
10100
"To get your new profile included in the <application>apparmor-"
10101
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
10102
"against the <ulink "
10103
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
10106
"要想让你的配置文件被包含于 <application>apparmor-profiles</application> "
10107
"包内,在<emphasis>Launchpad</emphasis>上向<ulink "
10108
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
10111
#: serverguide/C/security.xml:1181(para)
10112
msgid "Include your test plan and test cases."
10113
msgstr "包含您的测试计划和测试用例。"
10115
#: serverguide/C/security.xml:1186(para)
10116
msgid "Attach your new profile to the bug."
10117
msgstr "在bug报告里附上你的新配置文件。"
10119
#: serverguide/C/security.xml:1195(title)
10120
msgid "Updating Profiles"
10123
#: serverguide/C/security.xml:1196(para)
10125
"When the program is misbehaving, audit messages are sent to the log files. "
10126
"The program <application>aa-logprof</application> can be used to scan log "
10127
"files for <application>AppArmor</application> audit messages, review them "
10128
"and update the profiles. From a terminal:"
10131
#: serverguide/C/security.xml:1201(command)
10132
msgid "sudo aa-logprof"
10133
msgstr "sudo aa-logprof"
10135
#: serverguide/C/security.xml:1209(para)
10138
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
10139
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
10140
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
10141
"configuration options."
10144
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
10145
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
10146
"r_admin.html\">AppArmor 管理指南</ulink>找到高级配置选项。"
10148
#: serverguide/C/security.xml:1216(para)
10150
"For details using AppArmor with other Ubuntu releases see the <ulink "
10151
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
10152
"Wiki</ulink> page."
10154
"关于AppArmor在其他Ubuntu发行版的详细用法请看<ulink "
10155
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
10158
#: serverguide/C/security.xml:1224(para)
10160
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
10161
"page is another introduction to AppArmor."
10163
"<ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
10164
"是另一个对AppArmor的介绍。"
10166
#: serverguide/C/security.xml:1231(para)
10168
"A great place to ask for <application>AppArmor</application> assistance, and "
10169
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
10170
"server</emphasis> IRC channel on <ulink "
10171
"url=\"http://freenode.net\">freenode</ulink>."
10173
"在 <ulink url=\"http://freenode.net\">freenode</ulink> 上的 <emphasis>#ubuntu-"
10174
"server</emphasis> IRC 聊天频道是一个寻求AppArmor帮助和参与Ubuntu Server社区的一个好地方。"
10176
#: serverguide/C/security.xml:1241(title)
10177
msgid "Certificates"
10180
#: serverguide/C/security.xml:1242(para)
10182
"One of the most common forms of cryptography today is <emphasis>public-"
10183
"key</emphasis> cryptography. Public-key cryptography utilizes a "
10184
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
10185
"system works by <emphasis>encrypting</emphasis> information using the public "
10186
"key. The information can then only be <emphasis>decrypted</emphasis> using "
10189
"<emphasis>公开密钥加密</emphasis>是当今使用最普遍的加密方式之一。公开密钥加密利用一个<emphasis>公钥</emphasis>和"
10190
"一个<emphasis>私钥</emphasis>来完成加解密。系统使用公钥来<emphasis>加密</emphasis>信息,加密后的信息只有用<em"
10191
"phasis>私钥</emphasis>才可以解密。"
10193
#: serverguide/C/security.xml:1248(para)
10195
"A common use for public-key cryptography is encrypting application traffic "
10196
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
10197
"connection. For example, configuring Apache to provide "
10198
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
10199
"encrypt traffic using a protocol that does not itself provide encryption."
10201
"一个公开密钥加密的普遍用法是使用SSL或者TLS加密应用程序传输的数据。例如,配置Apache提供HTTPS(HTTP over "
10202
"SSL)。这样可以提供一种方式来加密不自己实现加密机制的协议产生的流量。"
10204
#: serverguide/C/security.xml:1253(para)
10206
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
10207
"<emphasis>public key</emphasis> and other information about a server and the "
10208
"organization who is responsible for it. Certificates can be digitally signed "
10209
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
10210
"third party that has confirmed that the information contained in the "
10211
"certificate is accurate."
10213
"<emphasis>数字证书</emphasis>是一种传播公钥和关于服务器以及对其负责的组织的信息的一种方式。数字证书可以被<emphasis>证书认证"
10214
"机构(CA)</emphasis>签名。CA是一个被信任的第三方机构,用来保证被签名的数字证书内所包含的信息是准确有效的。"
10216
#: serverguide/C/security.xml:1260(title)
10217
msgid "Types of Certificates"
10220
#: serverguide/C/security.xml:1261(para)
10222
"To set up a secure server using public-key cryptography, in most cases, you "
10223
"send your certificate request (including your public key), proof of your "
10224
"company's identity, and payment to a CA. The CA verifies the certificate "
10225
"request and your identity, and then sends back a certificate for your secure "
10226
"server. Alternatively, you can create your own <emphasis>self-"
10227
"signed</emphasis> certificate."
10229
"大多数情况下,要配置一个使用公开密钥加密的安全服务器,你需要:(1)向CA发送你的证书请求(CSR,里面包含你的公钥),证明你的公司的身份,并且付给CA一"
10231
"(2)CA验证你的证书请求和身份,并且使用它的私钥签名,制作成证书发回来。或者,你可以自己创建一个<emphasis>自签名<emphasis>的证书。"
10233
#: serverguide/C/security.xml:1271(para)
10235
"Note, that self-signed certificates should not be used in most production "
10237
msgstr "注意, 自签名的证书不应当被用在生产环境上。"
10239
#: serverguide/C/security.xml:1275(para)
10241
"Continuing the HTTPS example, a CA-signed certificate provides two important "
10242
"capabilities that a self-signed certificate does not:"
10243
msgstr "继续HTTPS的例子,一个CA签署的证书可以提供两个自签名证书不能提供的重要的能力:"
10245
#: serverguide/C/security.xml:1282(para)
10247
"Browsers (usually) automatically recognize the certificate and allow a "
10248
"secure connection to be made without prompting the user."
10249
msgstr "浏览器 (通常) 会自动地识别证书并且在不提示用户的情况下允许创建一个安全连接。"
10251
#: serverguide/C/security.xml:1289(para)
10253
"When a CA issues a signed certificate, it is guaranteeing the identity of "
10254
"the organization that is providing the web pages to the browser."
10255
msgstr "当一个 CA 生成一个签署过的证书,它为提供网页给浏览器的组织提供身份担保。"
10257
#: serverguide/C/security.xml:1297(para)
10259
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
10260
"certificates they automatically accept. If a browser encounters a "
10261
"certificate whose authorizing CA is not in the list, the browser asks the "
10262
"user to either accept or decline the connection. Also, other applications "
10263
"may generate an error message when using a self-singed certificate."
10265
"大部分支持SSL的Web浏览器和操作系统都有一个CA列表,被这些CA签署的证书会被自动接受。如果浏览器遇到了一个被不在信任列表内的CA签署的证书时,会询问"
10266
"用户接受或者拒绝连接。同样,其他的程序可能会在遇到自签名证书是提示错误。"
10268
#: serverguide/C/security.xml:1305(para)
10270
"The process of getting a certificate from a CA is fairly easy. A quick "
10271
"overview is as follows:"
10272
msgstr "从CA获得一个数字证书相当简单。下面是简要步骤:"
10274
#: serverguide/C/security.xml:1312(para)
10275
msgid "Create a private and public encryption key pair."
10276
msgstr "创建一个私有和公共密钥对"
10278
#: serverguide/C/security.xml:1315(para)
10280
"Create a certificate request based on the public key. The certificate "
10281
"request contains information about your server and the company hosting it."
10282
msgstr "基于公钥创建一个证书请求。证书请求包含您服务器及公司信息。"
10284
#: serverguide/C/security.xml:1320(para)
10286
"Send the certificate request, along with documents proving your identity, to "
10287
"a CA. We cannot tell you which certificate authority to choose. Your "
10288
"decision may be based on your past experiences, or on the experiences of "
10289
"your friends or colleagues, or purely on monetary factors."
10291
"发送证书请求,并随之提供您的身份文档到一个 CA。我们不能告诉您选择哪个证书颁发机构。您可以基于您以往的经验或您朋友或同事的经验或纯粹基于经济因素来决定。"
10293
#: serverguide/C/security.xml:1326(para)
10295
"Once you have decided upon a CA, you need to follow the instructions they "
10296
"provide on how to obtain a certificate from them."
10297
msgstr "一旦您选定一家 CA,您需要根据他们所提供的规程来从他们那里获得证书。"
10299
#: serverguide/C/security.xml:1331(para)
10301
"When the CA is satisfied that you are indeed who you claim to be, they send "
10302
"you a digital certificate."
10303
msgstr "当 CA 确定您确实如您所声称的那样时,他们将发给您一个数字证书。"
10305
#: serverguide/C/security.xml:1335(para)
10307
"Install this certificate on your secure server, and configure the "
10308
"appropriate applications to use the certificate."
10309
msgstr "将此证书安装到您的安全服务器,并使用证书配置相应的程序。"
10311
#: serverguide/C/security.xml:1344(title)
10312
msgid "Generating a Certificate Signing Request (CSR)"
10313
msgstr "生成一个证书签署请求 (CSR)"
10315
#: serverguide/C/security.xml:1346(para)
10317
"Whether you are getting a certificate from a CA or generating your own self-"
10318
"signed certificate, the first step is to generate a key."
10319
msgstr "无论您是从一家 CA 那儿获得证书或是生成您自己签署的证书,第一步就是生成钥匙。"
10321
#: serverguide/C/security.xml:1351(para)
10323
"If the certificate will be used by service daemons, such as Apache, Postfix, "
10324
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
10325
"passphrase allows the services to start without manual intervention, usually "
10326
"the preferred way to start a daemon."
10328
"如果数字证书被服务进程使用(比如Apache,Postfix,Dovecot等等),一个没有密码保护的私钥是适用的。私钥没有密码保护可以让服务在没有人工干"
10329
"预的情况下启动,通常这是启动服务的首选方式。"
10331
#: serverguide/C/security.xml:1357(para)
10333
"This section will cover generating a key with a passphrase, and one without. "
10334
"The non-passphrase key will then be used to generate a certificate that can "
10335
"be used with various service daemons."
10336
msgstr "这一节的内容包括生成有密码保护和没有密码保护的密钥。没有密码保护的密钥将被用做生成一个可被各种服务使用的数字证书。"
10338
#: serverguide/C/security.xml:1363(para)
10340
"Running your secure service without a passphrase is convenient because you "
10341
"will not need to enter the passphrase every time you start your secure "
10342
"service. But it is insecure and a compromise of the key means a compromise "
10343
"of the server as well."
10345
"使用没有密码保护的私钥来运行服务很方便,因为你不需要在每次启动服务的时候输入密码。但是这是不安全的,而且对私钥的威胁同样也是对服务器的威胁。"
10347
#: serverguide/C/security.xml:1370(para)
10349
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
10350
"Request (CSR) run the following command from a terminal prompt:"
10351
msgstr "在终端提示符下运行以下命令来为这个证书签名请求(CSR)生成<emphasis>keys</emphasis>:"
10353
#: serverguide/C/security.xml:1376(command)
10354
msgid "openssl genrsa -des3 -out server.key 1024"
10355
msgstr "openssl genrsa -des3 -out server.key 1024"
10357
#: serverguide/C/security.xml:1379(programlisting)
10361
"Generating RSA private key, 1024 bit long modulus\n"
10362
".....................++++++\n"
10363
".................++++++\n"
10364
"unable to write 'random state'\n"
10365
"e is 65537 (0x10001)\n"
10366
"Enter pass phrase for server.key:\n"
10369
"Generating RSA private key, 1024 bit long modulus\n"
10370
".....................++++++\n"
10371
".................++++++\n"
10372
"unable to write 'random state'\n"
10373
"e is 65537 (0x10001)\n"
10374
"Enter pass phrase for server.key:\n"
10376
#: serverguide/C/security.xml:1388(para)
10378
"You can now enter your passphrase. For best security, it should at least "
10379
"contain eight characters. The minimum length when specifying -des3 is four "
10380
"characters. It should include numbers and/or punctuation and not be a word "
10381
"in a dictionary. Also remember that your passphrase is case-sensitive."
10383
"您现在可以输入您的 passphrase。为了最大程度的安全,它至少应该包含八个字符。当指定 -des3 "
10384
"时最小长度为四个字符。它应该包含数字和/或标点符号,并且不应该是字典中的单词。也请记住您的 passphrase 是大小写敏感的。"
10386
#: serverguide/C/security.xml:1396(para)
10388
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
10389
"server key is generated and stored in the <filename>server.key</filename> "
10393
#: serverguide/C/security.xml:1402(para)
10395
"Now create the insecure key, the one without a passphrase, and shuffle the "
10399
#: serverguide/C/security.xml:1408(command)
10400
msgid "openssl rsa -in server.key -out server.key.insecure"
10401
msgstr "openssl rsa -in server.key -out server.key.insecure"
10403
#: serverguide/C/security.xml:1409(command)
10404
msgid "mv server.key server.key.secure"
10405
msgstr "mv server.key server.key.secure"
10407
#: serverguide/C/security.xml:1410(command)
10408
msgid "mv server.key.insecure server.key"
10409
msgstr "mv server.key.insecure server.key"
10411
#: serverguide/C/security.xml:1413(para)
10413
"The insecure key is now named <filename>server.key</filename>, and you can "
10414
"use this file to generate the CSR without passphrase."
10417
#: serverguide/C/security.xml:1418(para)
10418
msgid "To create the CSR, run the following command at a terminal prompt:"
10419
msgstr "要创建 CSR,可以在终端提示符后运行以下命令:"
10421
#: serverguide/C/security.xml:1423(command)
10422
msgid "openssl req -new -key server.key -out server.csr"
10423
msgstr "openssl req -new -key server.key -out server.csr"
10425
#: serverguide/C/security.xml:1426(para)
10427
"It will prompt you enter the passphrase. If you enter the correct "
10428
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
10429
"etc. Once you enter all these details, your CSR will be created and it will "
10430
"be stored in the <filename>server.csr</filename> file."
10433
#: serverguide/C/security.xml:1434(para)
10435
"You can now submit this CSR file to a CA for processing. The CA will use "
10436
"this CSR file and issue the certificate. On the other hand, you can create "
10437
"self-signed certificate using this CSR."
10440
#: serverguide/C/security.xml:1442(title)
10441
msgid "Creating a Self-Signed Certificate"
10442
msgstr "创建一个自己签署的证书"
10444
#: serverguide/C/security.xml:1443(para)
10446
"To create the self-signed certificate, run the following command at a "
10448
msgstr "要创建自己签署的证书,在终端提示符下运行以下命令:"
10450
#: serverguide/C/security.xml:1448(command)
10452
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
10455
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
10458
#: serverguide/C/security.xml:1451(para)
10460
"The above command will prompt you to enter the passphrase. Once you enter "
10461
"the correct passphrase, your certificate will be created and it will be "
10462
"stored in the <filename>server.crt</filename> file."
10464
"上述命令将提示您输入 passphrase。一旦您输入正确的 passphrase,您的证书将被创建并将保存在 "
10465
"<filename>server.crt</filename> 文件中。"
10467
#: serverguide/C/security.xml:1456(para)
10469
"If your secure server is to be used in a production environment, you "
10470
"probably need a CA-signed certificate. It is not recommended to use self-"
10471
"signed certificate."
10472
msgstr "如果您的安全服务器被用在生产环境中,你也许需要 CA 签署的证书。并不推荐使用自己签署的证书。"
10474
#: serverguide/C/security.xml:1464(title)
10475
msgid "Installing the Certificate"
10478
#: serverguide/C/security.xml:1466(para)
10480
"You can install the key file <filename>server.key</filename> and certificate "
10481
"file <filename>server.crt</filename>, or the certificate file issued by your "
10482
"CA, by running following commands at a terminal prompt:"
10484
"您可以通过在终端提示符下运行以下命令来安装密钥文件<filename>server.key</filename>和证书文件<filename>server"
10485
".crt</filename>,或是由您的CA签发的证书文件。"
10487
#: serverguide/C/security.xml:1472(command)
10488
msgid "sudo cp server.crt /etc/ssl/certs"
10489
msgstr "sudo cp server.crt /etc/ssl/certs"
10491
#: serverguide/C/security.xml:1473(command)
10492
msgid "sudo cp server.key /etc/ssl/private"
10493
msgstr "sudo cp server.key /etc/ssl/private"
10495
#: serverguide/C/security.xml:1475(para)
10497
"Now simply configure any applications, with the ability to use public-key "
10498
"cryptography, to use the <emphasis>certificate</emphasis> and "
10499
"<emphasis>key</emphasis> files. For example, "
10500
"<application>Apache</application> can provide HTTPS, "
10501
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
10504
#: serverguide/C/security.xml:1482(title)
10505
msgid "Certification Authority"
10508
#: serverguide/C/security.xml:1484(para)
10510
"If the services on your network require more than a few self-signed "
10511
"certificates it may be worth the additional effort to setup your own "
10512
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
10513
"certificates signed by your own CA, allows the various services using the "
10514
"certificates to easily trust other services using certificates issued from "
10518
#: serverguide/C/security.xml:1494(para)
10520
"First, create the directories to hold the CA certificate and related files:"
10521
msgstr "首先,创建一个目录,用来存放CA证书及其相关文件:"
10523
#: serverguide/C/security.xml:1499(command)
10524
msgid "sudo mkdir /etc/ssl/CA"
10525
msgstr "sudo mkdir /etc/ssl/CA"
10527
#: serverguide/C/security.xml:1500(command)
10528
msgid "sudo mkdir /etc/ssl/newcerts"
10529
msgstr "sudo mkdir /etc/ssl/newcerts"
10531
#: serverguide/C/security.xml:1506(para)
10533
"The CA needs a few additional files to operate, one to keep track of the "
10534
"last serial number used by the CA, each certificate must have a unique "
10535
"serial number, and another file to record which certificates have been "
10539
#: serverguide/C/security.xml:1513(command)
10540
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10541
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10543
#: serverguide/C/security.xml:1514(command)
10544
msgid "sudo touch /etc/ssl/CA/index.txt"
10545
msgstr "sudo touch /etc/ssl/CA/index.txt"
10547
#: serverguide/C/security.xml:1520(para)
10549
"The third file is a CA configuration file. Though not strictly necessary, it "
10550
"is very convenient when issuing multiple certificates. Edit "
10551
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
10552
"]</emphasis> change:"
10555
#: serverguide/C/security.xml:1526(programlisting)
10559
"dir = /etc/ssl/ # Where everything is kept\n"
10560
"database = $dir/CA/index.txt # database index file.\n"
10561
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10562
"serial = $dir/CA/serial # The current serial number\n"
10563
"private_key = $dir/private/cakey.pem# The private key\n"
10566
"dir = /etc/ssl/ # Where everything is kept\n"
10567
"database = $dir/CA/index.txt # database index file.\n"
10568
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10569
"serial = $dir/CA/serial # The current serial number\n"
10570
"private_key = $dir/private/cakey.pem# The private key\n"
10572
#: serverguide/C/security.xml:1537(para)
10573
msgid "Next, create the self-singed root certificate:"
10574
msgstr "接下来,创建自签根证书:"
10576
#: serverguide/C/security.xml:1542(command)
10578
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10581
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10584
#: serverguide/C/security.xml:1545(para)
10585
msgid "You will then be asked to enter the details about the certificate."
10586
msgstr "您将被要求输入关于证书的详情。"
10588
#: serverguide/C/security.xml:1552(para)
10589
msgid "Now install the root certificate and key:"
10590
msgstr "现在安装根证书和钥匙:"
10592
#: serverguide/C/security.xml:1557(command)
10593
msgid "sudo mv cakey.pem /etc/ssl/private/"
10594
msgstr "sudo mv cakey.pem /etc/ssl/private/"
10596
#: serverguide/C/security.xml:1558(command)
10597
msgid "sudo mv cacert.pem /etc/ssl/certs/"
10598
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
10600
#: serverguide/C/security.xml:1564(para)
10602
"You are now ready to start signing certificates. The first item needed is a "
10603
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
10604
"for details. Once you have a CSR, enter the following to generate a "
10605
"certificate signed by the CA:"
10608
#: serverguide/C/security.xml:1571(command)
10609
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10610
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10612
#: serverguide/C/security.xml:1574(para)
10614
"After entering the password for the CA key, you will be prompted to sign the "
10615
"certificate, and again to commit the new certificate. You should then see a "
10616
"somewhat large amount of output related to the certificate creation."
10619
#: serverguide/C/security.xml:1583(para)
10621
"There should now be a new file, "
10622
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
10623
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
10624
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
10625
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
10626
"the server where the certificate will be installed. For example "
10627
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
10630
#: serverguide/C/security.xml:1591(para)
10632
"Subsequent certificates will be named <filename>02.pem</filename>, "
10633
"<filename>03.pem</filename>, etc."
10635
"随后产生的证书将被命名为<filename>02.pem</filename>, <filename>03.pem</filename>,等等。"
10637
#: serverguide/C/security.xml:1596(para)
10639
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
10641
msgstr "用你自己具有描述性的名字来替代<emphasis>mail.example.com.crt</emphasis>。"
10643
#: serverguide/C/security.xml:1604(para)
10645
"Finally, copy the new certificate to the host that needs it, and configure "
10646
"the appropriate applications to use it. The default location to install "
10647
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
10648
"enables multiple services to use the same certificate without overly "
10649
"complicated file permissions."
10652
#: serverguide/C/security.xml:1610(para)
10654
"For applications that can be configured to use a CA certificate, you should "
10655
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
10656
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
10660
#: serverguide/C/security.xml:1624(para)
10662
"For more detailed instructions on using cryptography see the <ulink "
10663
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
10664
"Certificates HOWTO</ulink> by tlpd.org"
10666
"要得到更多关于加密的指导,请参阅由tlpd.org编写的<ulink url=\"http://tldp.org/HOWTO/SSL-"
10667
"Certificates-HOWTO/index.html\">SSL Certificates HOWTO</ulink>。"
10669
#: serverguide/C/security.xml:1630(para)
10671
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
10672
"of Certificate Authorities."
10675
#: serverguide/C/security.xml:1635(para)
10677
"The Wikipedia <ulink "
10678
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
10679
"information regarding HTTPS."
10682
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink>的页面有更多关于HTTPS的信息。"
10684
#: serverguide/C/security.xml:1640(para)
10686
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
10687
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
10689
"更多关于 <emphasis>OpenSSL</emphasis> 的信息,请参阅 <ulink "
10690
"url=\"http://www.openssl.org/\">OpenSSL 主页</ulink>。"
10692
#: serverguide/C/security.xml:1645(para)
10694
"Also, O'Reilly's <ulink "
10695
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
10696
"OpenSSL</ulink> is a good in depth reference."
10699
#: serverguide/C/security.xml:1654(title)
10703
#: serverguide/C/security.xml:1656(para)
10705
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
10706
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
10707
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
10708
"filesystem, partition type, etc."
10711
#: serverguide/C/security.xml:1662(para)
10713
"During installation there is an option to encrypt the <filename "
10714
"role=\"directory\">/home</filename> partition. This will automatically "
10715
"configure everything needed to encrypt and mount the partition."
10717
"在安装过程中有一个加密 <filename role=\"directory\">/home</filename> "
10718
"分区的选项,该选项会自动完成有关加密及挂载该分区的所有配置。"
10720
#: serverguide/C/security.xml:1667(para)
10722
"As an example, this section will cover configuring <filename "
10723
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
10725
"作为一个例子,本节将涵盖如何使用 eCryptfs 来加密 <filename role=\"directory\">/srv</filename> "
10728
#: serverguide/C/security.xml:1672(title)
10729
msgid "Using eCryptfs"
10730
msgstr "使用 eCryptfs"
10732
#: serverguide/C/security.xml:1674(para)
10733
msgid "First, install the necessary packages. From a terminal prompt enter:"
10734
msgstr "首先,安装必要的软件包。在终端输入:"
10736
#: serverguide/C/security.xml:1679(command)
10737
msgid "sudo apt-get install ecryptfs-utils"
10738
msgstr "sudo apt-get install ecryptfs-utils"
10740
#: serverguide/C/security.xml:1682(para)
10741
msgid "Now mount the partition to be encrypted:"
10742
msgstr "现在挂载要加密的分区:"
10744
#: serverguide/C/security.xml:1687(command)
10745
msgid "sudo mount -t ecryptfs /srv /srv"
10746
msgstr "sudo mount -t ecryptfs /srv /srv"
10748
#: serverguide/C/security.xml:1690(para)
10750
"You will then be prompted for some details on how "
10751
"<application>ecryptfs</application> should encrypt the data."
10752
msgstr "你接下来会看到有关<application>ecryptfs</application>如何加密数据的详细信息。"
10754
#: serverguide/C/security.xml:1694(para)
10756
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
10757
"copy the <filename>/etc/default</filename> folder to "
10758
"<filename>/srv</filename>:"
10760
"要测试<filename>/srv</filename>内的文件是否确实已加密,将文件夹<filename>/etc/default</filename>"
10761
"复制到<filename>/srv</filename>:"
10763
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
10764
msgid "sudo cp -r /etc/default /srv"
10765
msgstr "sudo cp -r /etc/default /srv"
10767
#: serverguide/C/security.xml:1703(para)
10768
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
10769
msgstr "现在卸载<filename>/srv</filename>,并尝试查看一个文件:"
10771
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
10772
msgid "sudo umount /srv"
10773
msgstr "sudo umount /srv"
10775
#: serverguide/C/security.xml:1709(command)
10776
msgid "cat /srv/default/cron"
10777
msgstr "cat /srv/default/cron"
10779
#: serverguide/C/security.xml:1712(para)
10781
"Remounting <filename>/srv</filename> using "
10782
"<application>ecryptfs</application> will make the data viewable once again."
10784
"再次使用<application>ecryptfs</application>挂载<filename>/srv</filename>将会让数据再次可查看。"
10786
#: serverguide/C/security.xml:1718(title)
10787
msgid "Automatically Mounting Encrypted Partitions"
10790
#: serverguide/C/security.xml:1720(para)
10792
"There are a couple of ways to automatically mount an "
10793
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10794
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10795
"mount options, along with a passphrase file residing on a USB key."
10797
"要在启动时加载 <application>ecryptfs</application> "
10798
"加密文件系统,有几种不同的方式。在本例中,我们将使用一个包含挂载选项的 <filename>/root/.ecryptfsrc</filename> "
10799
"文件,和一个保存在 USB 设备上的密码文件。"
10801
#: serverguide/C/security.xml:1726(para)
10802
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10803
msgstr "首先,创建<filename>/root/.ecryptfsrc</filename>,并加入:"
10805
#: serverguide/C/security.xml:1730(programlisting)
10809
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10810
"ecryptfs_sig=5826dd62cf81c615\n"
10811
"ecryptfs_cipher=aes\n"
10812
"ecryptfs_key_bytes=16\n"
10813
"ecryptfs_passthrough=n\n"
10814
"ecryptfs_enable_filename_crypto=n\n"
10817
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10818
"ecryptfs_sig=5826dd62cf81c615\n"
10819
"ecryptfs_cipher=aes\n"
10820
"ecryptfs_key_bytes=16\n"
10821
"ecryptfs_passthrough=n\n"
10822
"ecryptfs_enable_filename_crypto=n\n"
10824
#: serverguide/C/security.xml:1740(para)
10826
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10827
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10830
#: serverguide/C/security.xml:1745(para)
10832
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10836
#: serverguide/C/security.xml:1749(programlisting)
10840
"passphrase_passwd=[secrets]\n"
10843
"passphrase_passwd=[secrets]\n"
10845
#: serverguide/C/security.xml:1753(para)
10846
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10847
msgstr "现在将相应字段加入到<filename>/etc/fstab</filename>:"
10849
#: serverguide/C/security.xml:1757(programlisting)
10853
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10854
"/srv /srv ecryptfs defaults 0 0\n"
10857
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10858
"/srv /srv ecryptfs defaults 0 0\n"
10860
#: serverguide/C/security.xml:1762(para)
10861
msgid "Make sure the USB drive is mounted before the encrypted partition."
10862
msgstr "确信USB驱动器在加密分区之前得到挂载。"
10864
#: serverguide/C/security.xml:1766(para)
10866
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10868
msgstr "最后,重启,<filename>/srv</filename>应该已经使用ecryptfs挂载了。"
10870
#: serverguide/C/security.xml:1774(para)
10872
"The <application>ecryptfs-utils</application> package includes several other "
10873
"useful utilities:"
10874
msgstr "<application>ecryptfs-utils</application>软件包包含几个其它的有用工具:"
10876
#: serverguide/C/security.xml:1780(para)
10878
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10879
"<filename>~/Private</filename> directory to contain encrypted information. "
10880
"This utility can be run by unprivileged users to keep data private from "
10881
"other users on the system."
10884
#: serverguide/C/security.xml:1787(para)
10886
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10887
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10891
#: serverguide/C/security.xml:1793(para)
10893
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10897
#: serverguide/C/security.xml:1798(para)
10899
"<emphasis>ecryptfs-manager:</emphasis> manages "
10900
"<application>eCryptfs</application> objects such as keys."
10903
#: serverguide/C/security.xml:1803(para)
10905
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10906
"<application>ecryptfs</application> meta information for a file."
10909
#: serverguide/C/security.xml:1816(para)
10911
"For more information on eCryptfs see the <ulink "
10912
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10915
#: serverguide/C/security.xml:1821(para)
10917
"There is also a <ulink "
10918
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10919
"article covering eCryptfs."
10921
"在<ulink url=\"http://www.linuxjournal.com/article/9400\">Linux "
10922
"Journal</ulink> 上也有关于eCryptfs的文章。"
10924
#: serverguide/C/security.xml:1826(para)
10926
"Also, for more <application>ecryptfs</application> options see the <ulink "
10927
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
10928
"ecryptfs man page</ulink>."
10931
#: serverguide/C/security.xml:1832(para)
10933
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10934
"Ubuntu Wiki</ulink> page also has more details."
10937
#: serverguide/C/reporting-bugs.xml:13(title)
10941
#: serverguide/C/reporting-bugs.xml:16(title)
10942
msgid "Reporting Bugs in Ubuntu Server Edition"
10945
#: serverguide/C/reporting-bugs.xml:18(para)
10947
"While the Ubuntu Project attempts to release software with as few bugs as "
10948
"possible, they do occur. You can help fix these bugs by reporting ones that "
10949
"you find to the project. The Ubuntu Project uses <ulink "
10950
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10951
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10952
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10956
#: serverguide/C/reporting-bugs.xml:30(title)
10957
msgid "Reporting Bugs With ubuntu-bug"
10960
#: serverguide/C/reporting-bugs.xml:32(para)
10962
"The preferred way to report a bug is with the <application>ubuntu-"
10963
"bug</application> command. The ubuntu-bug tool gathers information about the "
10964
"system useful to developers in diagnosing the reported problem that will "
10965
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10966
"need to be filed against a specific software package, thus the name of the "
10967
"package that the bug occurs in needs to be given to ubuntu-bug:"
10970
#: serverguide/C/reporting-bugs.xml:43(command)
10971
msgid "ubuntu-bug PACKAGENAME"
10974
#: serverguide/C/reporting-bugs.xml:46(para)
10976
"For example, to file a bug against the openssh-server package, you would do:"
10979
#: serverguide/C/reporting-bugs.xml:51(command)
10980
msgid "ubuntu-bug openssh-server"
10983
#: serverguide/C/reporting-bugs.xml:54(para)
10985
"You can specify either a binary package or the source package for ubuntu-"
10986
"bug. Again using openssh-server as an example, you could also generate the "
10987
"report against the source package for openssh-server, openssh:"
10990
#: serverguide/C/reporting-bugs.xml:62(command)
10991
msgid "ubuntu-bug openssh"
10994
#: serverguide/C/reporting-bugs.xml:66(para)
10996
"See <xref linkend=\"package-management\"/> for more information about "
10997
"packages in Ubuntu."
11000
#: serverguide/C/reporting-bugs.xml:72(para)
11002
"The ubuntu-bug command will gather information about the system in question, "
11003
"possibly including information specific to the specified package, and then "
11004
"ask you what you would like to do with collected information:"
11007
#: serverguide/C/reporting-bugs.xml:80(command)
11008
msgid "ubuntu-bug postgresql"
11011
#: serverguide/C/reporting-bugs.xml:79(screen)
11015
"<placeholder-1/>\n"
11017
"*** Collecting problem information\n"
11019
"The collected information can be sent to the developers to improve the\n"
11020
"application. This might take a few minutes.\n"
11023
"*** Send problem report to the developers?\n"
11025
"After the problem report has been sent, please fill out the form in the\n"
11026
"automatically opened web browser.\n"
11028
"What would you like to do? Your options are:\n"
11029
" S: Send report (1.7 KiB)\n"
11030
" V: View report\n"
11031
" K: Keep report file for sending later or copying to somewhere else\n"
11033
"Please choose (S/V/K/C):\n"
11036
#: serverguide/C/reporting-bugs.xml:101(para)
11037
msgid "The options available are:"
11040
#: serverguide/C/reporting-bugs.xml:108(para)
11042
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
11043
"the collected information to Launchpad as part of the the process of filing "
11044
"a bug report. You will be given the opportunity to describe the situation "
11045
"that led up to the occurrence of the bug."
11048
#: serverguide/C/reporting-bugs.xml:115(screen)
11052
"*** Uploading problem information\n"
11054
"The collected information is being sent to the bug tracking system.\n"
11055
"This might take a few minutes.\n"
11058
"*** To continue, you must visit the following URL:\n"
11060
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
11061
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
11063
"You can launch a browser now, or copy this URL into a browser on another\n"
11067
" 1: Launch a browser now\n"
11069
"Please choose (1/C):\n"
11072
#: serverguide/C/reporting-bugs.xml:135(para)
11074
"If you choose to start a browser, by default the text based web browser "
11075
"<application>w3m</application> will be used to finish filing the bug report. "
11076
"Alternately, you can copy the given URL to a currently running web browser."
11079
#: serverguide/C/reporting-bugs.xml:144(para)
11081
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
11082
"the collected information to be displayed to the terminal for review."
11085
#: serverguide/C/reporting-bugs.xml:150(screen)
11089
"Package: postgresql 8.4.2-2\n"
11090
"PackageArchitecture: all\n"
11092
"ProblemType: Bug\n"
11094
" LANG=en_US.UTF-8\n"
11095
" SHELL=/bin/bash\n"
11096
"Uname: Linux 2.6.32-16-server x86_64\n"
11098
" adduser 3.112ubuntu1\n"
11099
" base-files 5.0.0ubuntu10\n"
11100
" base-passwd 3.5.22\n"
11101
" coreutils 7.4-2ubuntu2\n"
11105
#: serverguide/C/reporting-bugs.xml:167(para)
11107
"After viewing the report, you will be brought back to the same menu asking "
11108
"what you would like to do with the report."
11111
#: serverguide/C/reporting-bugs.xml:174(para)
11113
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
11114
"File causes the gathered information to be written to a file. This file can "
11115
"then be used to later file a bug report or transferred to a different Ubuntu "
11116
"system for reporting. To submit the report file, simply give it as an "
11117
"argument to the ubuntu-bug command:"
11120
#: serverguide/C/reporting-bugs.xml:189(userinput)
11125
#: serverguide/C/reporting-bugs.xml:192(command)
11126
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
11129
#: serverguide/C/reporting-bugs.xml:183(screen)
11133
"What would you like to do? Your options are:\n"
11134
" S: Send report (1.7 KiB)\n"
11135
" V: View report\n"
11136
" K: Keep report file for sending later or copying to somewhere else\n"
11138
"Please choose (S/V/K/C): <placeholder-1/>\n"
11139
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
11141
"<placeholder-2/>\n"
11143
"*** Send problem report to the developers?\n"
11147
#: serverguide/C/reporting-bugs.xml:200(para)
11149
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
11150
"collected information to be discarded."
11153
#: serverguide/C/reporting-bugs.xml:210(title)
11154
msgid "Reporting Application Crashes"
11157
#: serverguide/C/reporting-bugs.xml:212(para)
11159
"The software package that provides the ubuntu-bug utility, "
11160
"<application>apport</application>, can be configured to trigger when "
11161
"applications crash. This is disabled by default, as capturing a crash can be "
11162
"resource intensive depending on how much memory the application that crashed "
11163
"was using as apport captures and processes the core dump."
11166
#: serverguide/C/reporting-bugs.xml:221(para)
11168
"Configuring apport to capture information about crashing applications "
11169
"requires a couple of steps. First, <application>gdb</application> needs to "
11170
"be installed; it is not installed by default in Ubuntu Server Edition."
11173
#: serverguide/C/reporting-bugs.xml:229(command)
11174
msgid "sudo apt-get install gdb"
11177
#: serverguide/C/reporting-bugs.xml:232(para)
11179
"See <xref linkend=\"package-management\"/> for more information about "
11180
"managing packages in Ubuntu."
11183
#: serverguide/C/reporting-bugs.xml:237(para)
11185
"Once you have ensured that gdb is installed, open the file "
11186
"<filename>/etc/default/apport</filename> in your text editor, and change the "
11187
"<emphasis>enabled</emphasis> setting to be <emphasis "
11188
"role=\"bold\">1</emphasis> like so:"
11191
#: serverguide/C/reporting-bugs.xml:244(programlisting)
11195
"# set this to 0 to disable apport, or to 1 to enable it\n"
11196
"# you can temporarily override this with\n"
11197
"# sudo service apport start force_start=1\n"
11198
"enabled=<userinput>1</userinput>\n"
11200
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
11201
"maxsize=209715200\n"
11204
#: serverguide/C/reporting-bugs.xml:254(para)
11206
"Once you have completed editing <filename>/etc/default/apport</filename>, "
11207
"start the apport service:"
11210
#: serverguide/C/reporting-bugs.xml:261(command)
11211
msgid "sudo start apport"
11214
#: serverguide/C/reporting-bugs.xml:264(para)
11216
"After an application crashes, use the <application>apport-cli</application> "
11217
"command to search for the existing saved crash report information:"
11220
#: serverguide/C/reporting-bugs.xml:271(command)
11224
#: serverguide/C/reporting-bugs.xml:270(screen)
11228
"<placeholder-1/>\n"
11230
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
11232
"If you were not doing anything confidential (entering passwords or other\n"
11233
"private information), you can help to improve the application by\n"
11237
"What would you like to do? Your options are:\n"
11238
" R: Report Problem...\n"
11239
" I: Cancel and ignore future crashes of this program version\n"
11241
"Please choose (R/I/C):\n"
11244
#: serverguide/C/reporting-bugs.xml:287(para)
11246
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
11247
"steps as when using ubuntu-bug. One important difference is that a crash "
11248
"report will be marked as private when filed on Launchpad, meaning that it "
11249
"will be visible to only a limited set of bug triagers. These triagers will "
11250
"review the gathered data for private information before making the bug "
11251
"report publicly visible."
11254
#: serverguide/C/reporting-bugs.xml:307(para)
11257
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
11258
"Bugs</ulink> Ubuntu wiki page."
11261
#: serverguide/C/reporting-bugs.xml:313(para)
11263
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
11264
"has some useful information. Though some of it pertains to using a GUI."
11267
#: serverguide/C/remote-administration.xml:13(title)
11268
msgid "Remote Administration"
11271
#: serverguide/C/remote-administration.xml:14(para)
11273
"There are many ways to remotely administer a Linux server. This chapter will "
11274
"cover one of the most popular <application>OpenSSH</application>."
11277
#: serverguide/C/remote-administration.xml:22(para)
11279
"This section of the Ubuntu Server Guide introduces a powerful collection of "
11280
"tools for the remote control of networked computers and transfer of data "
11281
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
11282
"also learn about some of the configuration settings possible with the "
11283
"OpenSSH server application and how to change them on your Ubuntu system."
11285
"Ubuntu 服务器指南中的本节内容将介绍一个用于远程控制联网计算机及在联网计算机之间传输数据的功能强大的工具集合,称为 "
11286
"<emphasis>OpenSSH</emphasis>。您还会学到一些可用于 OpenSSH 服务器应用程序的配置设置,以及如何在您的 Ubuntu "
11289
#: serverguide/C/remote-administration.xml:29(para)
11291
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
11292
"family of tools for remotely controlling a computer or transferring files "
11293
"between computers. Traditional tools used to accomplish these functions, "
11294
"such as <application>telnet</application> or <application>rcp</application>, "
11295
"are insecure and transmit the user's password in cleartext when used. "
11296
"OpenSSH provides a server daemon and client tools to facilitate secure, "
11297
"encrypted remote control and file transfer operations, effectively replacing "
11298
"the legacy tools."
11300
"OpenSSH 是Secure Shell (SSH) "
11301
"协议工具集中的一个自由可用的版本,用以远程控制一台计算机或在计算机之间传输文件。完成这些功能的传统工具,如 "
11302
"<application>telnet</application> 或 <application>rcp</application> "
11303
"等,是不安全的,它们在使用时用明文来传输用户的密码。OpenSSH "
11304
"提供一个服务器守护程序和客户端工具来保障安全、加密的远程控制和文件传输操作,以有效地取代传统的工具。"
11306
#: serverguide/C/remote-administration.xml:38(para)
11308
"The OpenSSH server component, <application>sshd</application>, listens "
11309
"continuously for client connections from any of the client tools. When a "
11310
"connection request occurs, <application>sshd</application> sets up the "
11311
"correct connection depending on the type of client tool connecting. For "
11312
"example, if the remote computer is connecting with the "
11313
"<application>ssh</application> client application, the OpenSSH server sets "
11314
"up a remote control session after authentication. If a remote user connects "
11315
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
11316
"daemon initiates a secure copy of files between the server and client after "
11317
"authentication. OpenSSH can use many authentication methods, including plain "
11318
"password, public key, and <application>Kerberos</application> tickets."
11320
"OpenSSH 服务器组组件 <application>sshd</application> "
11321
"持续监听来自任何客户端工具的连接请求。当一个连接请求发生时,<application>sshd</application> "
11322
"根据客户端连接的类型来设置当前连接。例如,如果远程计算机是通过 <application>ssh</application> "
11323
"客户端应用程序来连接的话,OpenSSH 服务器将在认证之后设置一个远程控制会话。如果一个远程用户通过 "
11324
"<application>scp</application> 来连接 OpenSSH 服务器,OpenSSH "
11325
"服务器将在认证之后开始服务器和客户机之间的安全文件拷贝。OpenSSH "
11326
"可以支持多种认证模式,包括纯密码、公钥以及<application>Kerberos</application> 票据。"
11328
#: serverguide/C/remote-administration.xml:52(para)
11330
"Installation of the OpenSSH client and server applications is simple. To "
11331
"install the OpenSSH client applications on your Ubuntu system, use this "
11332
"command at a terminal prompt:"
11334
"OpenSSH 客户端及服务器应用程序的安装是简单的。要在您 Ubuntu 系统中安装 OpenSSH 客户端应用程序,可以在终端提示符后使用以下命令:"
11336
#: serverguide/C/remote-administration.xml:58(command)
11337
msgid "sudo apt-get install openssh-client"
11338
msgstr "sudo apt-get install openssh-client"
11340
#: serverguide/C/remote-administration.xml:60(para)
11342
"To install the OpenSSH server application, and related support files, use "
11343
"this command at a terminal prompt:"
11344
msgstr "要安装 OpenSSH 服务器应用程序及相关的支持文件,可以在终端提示符后使用以下命令:"
11346
#: serverguide/C/remote-administration.xml:65(command)
11347
msgid "sudo apt-get install openssh-server"
11348
msgstr "sudo apt-get install openssh-server"
11350
#: serverguide/C/remote-administration.xml:67(para)
11352
"The <application>openssh-server</application> package can also be selected "
11353
"to install during the Server Edition installation process."
11356
#: serverguide/C/remote-administration.xml:74(para)
11358
"You may configure the default behavior of the OpenSSH server application, "
11359
"<application>sshd</application>, by editing the file "
11360
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
11361
"configuration directives used in this file, you may view the appropriate "
11362
"manual page with the following command, issued at a terminal prompt:"
11364
"您可以通过编辑 <filename>/etc/ssh/sshd_config</filename> 文件来配置 OpenSSH "
11365
"服务器应用程序的缺省过程。关于该文件中使用的配置语句信息,您可以在终端提示符后运行下列命令来查阅相应的手册页:"
11367
#: serverguide/C/remote-administration.xml:82(command)
11368
msgid "man sshd_config"
11369
msgstr "man sshd_config"
11371
#: serverguide/C/remote-administration.xml:84(para)
11373
"There are many directives in the <application>sshd</application> "
11374
"configuration file controlling such things as communication settings and "
11375
"authentication modes. The following are examples of configuration directives "
11376
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
11380
#: serverguide/C/remote-administration.xml:91(para)
11382
"Prior to editing the configuration file, you should make a copy of the "
11383
"original file and protect it from writing so you will have the original "
11384
"settings as a reference and to reuse as necessary."
11385
msgstr "在编辑配置文件之前,您应该生成一个原始文件的拷贝并对其写保护,以便您可以参考原始文件并在必要时重用它。"
11387
#: serverguide/C/remote-administration.xml:95(para)
11389
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
11390
"writing with the following commands, issued at a terminal prompt:"
11392
"拷贝 <filename>/etc/ssh/sshd_config</filename> 文件并对其写保护可以通过在终端提示符后运行下列命令:"
11394
#: serverguide/C/remote-administration.xml:100(command)
11395
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
11396
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
11398
#: serverguide/C/remote-administration.xml:101(command)
11399
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
11400
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
11402
#: serverguide/C/remote-administration.xml:103(para)
11404
"The following are examples of configuration directives you may change:"
11405
msgstr "以下是您可能更改配置语句的范例:"
11407
#: serverguide/C/remote-administration.xml:108(para)
11409
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
11410
"port 22, change the Port directive as such:"
11411
msgstr "要设置您 OpenSSH 在 TCP 2222 端口而不是缺省的 TCP 20 端口监听,可以如下使用改变 Port 语句:"
11413
#: serverguide/C/remote-administration.xml:112(para)
11417
#: serverguide/C/remote-administration.xml:117(para)
11419
"To have <application>sshd</application> allow public key-based login "
11420
"credentials, simply add or modify the line:"
11421
msgstr "要让 <application>sshd</application> 允许基于公钥登录证书,可以简单添加或修改该行语句:"
11423
#: serverguide/C/remote-administration.xml:121(para)
11424
msgid "PubkeyAuthentication yes"
11425
msgstr "PubkeyAuthentication yes"
11427
#: serverguide/C/remote-administration.xml:124(para)
11429
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
11430
"present, ensure the line is not commented out."
11433
#: serverguide/C/remote-administration.xml:130(para)
11435
"To make your OpenSSH server display the contents of the "
11436
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
11437
"or modify the line:"
11439
"要使您的 OpenSSH 服务器显示 <filename>/etc/issue.net</filename> 文件的内容以作为预登录 "
11440
"Banner,只需简单地将下行添加或修改:"
11442
#: serverguide/C/remote-administration.xml:135(para)
11443
msgid "Banner /etc/issue.net"
11444
msgstr "Banner /etc/issue.net"
11446
#: serverguide/C/remote-administration.xml:138(para)
11447
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
11448
msgstr "在 <filename>/etc/ssh/sshd_config</filename> 文件中。"
11450
#: serverguide/C/remote-administration.xml:143(para)
11452
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
11453
"save the file, and restart the <application>sshd</application> server "
11454
"application to effect the changes using the following command at a terminal "
11457
"在修改 <filename>/etc/ssh/sshd_config</filename> 文件之后,保存该文件并重启 "
11458
"<application>sshd</application> 服务器应用程序以使之生效。可以在终端提示符后使用下列命令:"
11460
#: serverguide/C/remote-administration.xml:152(para)
11462
"Many other configuration directives for <application>sshd</application> are "
11463
"available for changing the server application's behavior to fit your needs. "
11464
"Be advised, however, if your only method of access to a server is "
11465
"<application>ssh</application>, and you make a mistake in configuring "
11466
"<application>sshd</application> via the "
11467
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
11468
"out of the server upon restarting it, or that the "
11469
"<application>sshd</application> server refuses to start due to an incorrect "
11470
"configuration directive, so be extra careful when editing this file on a "
11473
"许多其他的 <application>sshd</application> "
11474
"配置语句可以使服务器应用程序按您的要求运行。然而,给您一个忠告,如果您访问服务器的唯一方法就是使用 "
11475
"<application>ssh</application>,而且您在通过 "
11476
"<filename>/etc/ssh/sshd_config</filename> 文件来配置 "
11477
"<application>sshd</application> 时犯了一个错误,那么在重启该服务之后您可能会发现您被锁在服务器外面了,或者是 "
11478
"<application>sshd</application> 服务在处理一个不正确的配置语句时拒绝启用。因此当在远程服务器上编辑该文件时要格外的小心。"
11480
#: serverguide/C/remote-administration.xml:167(title)
11484
#: serverguide/C/remote-administration.xml:168(para)
11486
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
11487
"the need of a password. SSH key authentication uses two keys a "
11488
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
11491
#: serverguide/C/remote-administration.xml:172(para)
11492
msgid "To generate the keys, from a terminal prompt enter:"
11493
msgstr "要生成一个密钥,在终端提示符下输入:"
11495
#: serverguide/C/remote-administration.xml:176(command)
11496
msgid "ssh-keygen -t dsa"
11497
msgstr "ssh-keygen -t dsa"
11499
#: serverguide/C/remote-administration.xml:178(para)
11501
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
11502
"identity of the user. During the process you will be prompted for a "
11503
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
11507
#: serverguide/C/remote-administration.xml:182(para)
11509
"By default the <emphasis>public</emphasis> key is saved in the file "
11510
"<filename>~/.ssh/id_dsa.pub</filename>, while "
11511
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
11512
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
11513
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
11516
#: serverguide/C/remote-administration.xml:188(command)
11517
msgid "ssh-copy-id username@remotehost"
11518
msgstr "ssh-copy-id username@remotehost"
11520
#: serverguide/C/remote-administration.xml:190(para)
11522
"Finally, double check the permissions on the "
11523
"<filename>authorized_keys</filename> file, only the authenticated user "
11524
"should have read and write permissions. If the permissions are not correct "
11528
#: serverguide/C/remote-administration.xml:195(command)
11529
msgid "chmod 600 .ssh/authorized_keys"
11532
#: serverguide/C/remote-administration.xml:197(para)
11534
"You should now be able to SSH to the host without being prompted for a "
11536
msgstr "您现在应该可以通过 SSH 接入主机而不会被询问密码。"
11538
#: serverguide/C/remote-administration.xml:206(para)
11540
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
11544
#: serverguide/C/remote-administration.xml:212(ulink)
11545
msgid "OpenSSH Website"
11546
msgstr "OpenSSH 网站"
11548
#: serverguide/C/remote-administration.xml:217(ulink)
11549
msgid "Advanced OpenSSH Wiki Page"
11550
msgstr "高级 OpenSSH 维基页"
11552
#: serverguide/C/package-management.xml:13(title)
11553
msgid "Package Management"
11556
#: serverguide/C/package-management.xml:14(para)
11558
"Ubuntu features a comprehensive package management system for the "
11559
"installation, upgrade, configuration, and removal of software. In addition "
11560
"to providing access to an organized base of over 24,000 software packages "
11561
"for your Ubuntu computer, the package management facilities also feature "
11562
"dependency resolution capabilities and software update checking."
11565
#: serverguide/C/package-management.xml:16(para)
11567
"Several tools are available for interacting with Ubuntu's package management "
11568
"system, from simple command-line utilities which may be easily automated by "
11569
"system administrators, to a simple graphical interface which is easy to use "
11570
"by those new to Ubuntu."
11572
"一些工具可以和 Ubuntu 包管理系统进行交互,从便于系统管理员做自动化处理的简单命令行工具到便于 Ubuntu 新手使用的简单图形界面。"
11574
#: serverguide/C/package-management.xml:21(para)
11576
"Ubuntu's package management system is derived from the same system used by "
11577
"the Debian GNU/Linux distribution. The package files contain all of the "
11578
"necessary files, meta-data, and instructions to implement a particular "
11579
"functionality or software application on your Ubuntu computer."
11581
"Ubuntu 的包管理系统是从 Debian GNU/Linux 发行版中洐生出来的。包文件包括在您 Ubuntu "
11582
"系统中实现特定功能或软件所必需的文件、元数据和指令。"
11584
#: serverguide/C/package-management.xml:24(para)
11586
"Debian package files typically have the extension '.deb', and typically "
11587
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
11588
"collections of packages found on various media, such as CD-ROM discs, or "
11589
"online. Packages are normally of the pre-compiled binary format; thus "
11590
"installation is quick and requires no compiling of software."
11592
"Debian 包文件一般用 '.deb' 作后缀,而且位于建立在不同介质上由包组成的 <emphasis "
11593
"role=\"italics\">软件库</emphasis> 中,这些介质包括 CD-ROM "
11594
"光盘和网站。包通常是预编译的二进制形式,因此安装速度快而且软件也无需编译。"
11596
#: serverguide/C/package-management.xml:27(para)
11598
"Many complex packages use the concept of <emphasis "
11599
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
11600
"packages required by the principal package in order to function properly. "
11601
"For example, the speech synthesis package "
11602
"<application>Festival</application> depends upon the package "
11603
"<application>libasound2</application>, which is a package supplying the "
11604
"<application>ALSA</application> sound library needed for audio playback. In "
11605
"order for <application>Festival</application> to function, it and all of its "
11606
"dependencies must be installed. The software management tools in Ubuntu will "
11607
"do this automatically."
11610
#: serverguide/C/package-management.xml:32(title)
11614
#: serverguide/C/package-management.xml:34(para)
11616
"<application>dpkg</application> is a package manager for "
11617
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
11618
"packages, but unlike other package management system's it can not "
11619
"automatically download and install packages and their dependencies. This "
11620
"section covers using <application>dpkg</application> to manage locally "
11621
"installed packages:"
11624
#: serverguide/C/package-management.xml:43(para)
11626
"To list all packages installed on the system, from a terminal prompt enter:"
11627
msgstr "要列出系统安装的所有软件包,请在终端提示符下输入:"
11629
#: serverguide/C/package-management.xml:48(command)
11633
#: serverguide/C/package-management.xml:54(para)
11635
"Depending on the amount of packages on your system, this can generate a "
11636
"large amount of output. Pipe the output through "
11637
"<application>grep</application> to see if a specific package is installed:"
11639
"根据您系统中安装的软件包数量,该命令可能会输出大量内容。要查询特定的软件包是否已经被安装,您应该将输出通过管道输送给 "
11640
"<application>grep</application> 命令。"
11642
#: serverguide/C/package-management.xml:60(command)
11643
msgid "dpkg -l | grep apache2"
11644
msgstr "dpkg -l | grep apache2"
11646
#: serverguide/C/package-management.xml:63(para)
11648
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
11649
"package name, or other regular expression."
11652
#: serverguide/C/package-management.xml:70(para)
11654
"To list the files installed by a package, in this case the "
11655
"<application>ufw</application> package, enter:"
11658
#: serverguide/C/package-management.xml:75(command)
11659
msgid "dpkg -L ufw"
11660
msgstr "dpkg -L ufw"
11662
#: serverguide/C/package-management.xml:81(para)
11664
"If you are not sure which package installed a file, <application>dpkg -"
11665
"S</application> may be able to tell you. For example:"
11668
#: serverguide/C/package-management.xml:87(command)
11669
msgid "dpkg -S /etc/host.conf"
11670
msgstr "dpkg -S /etc/host.conf"
11672
#: serverguide/C/package-management.xml:88(computeroutput)
11674
msgid "base-files: /etc/host.conf"
11675
msgstr "base-files: /etc/host.conf"
11677
#: serverguide/C/package-management.xml:91(para)
11679
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
11680
"<application>base-files</application> package."
11682
"输出内容显示 <filename>/etc/host.conf</filename> 属于 <application>base-"
11683
"files</application> 软件包"
11685
#: serverguide/C/package-management.xml:96(para)
11687
"Many files are automatically generated during the package install process, "
11688
"and even though they are on the filesystem <command>dpkg -S</command> may "
11689
"not know which package they belong to."
11692
#: serverguide/C/package-management.xml:105(para)
11693
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
11694
msgstr "安装一个本地的 <emphasis>.deb</emphasis> 文件,您可以输入:"
11696
#: serverguide/C/package-management.xml:110(command)
11697
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
11698
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
11700
#: serverguide/C/package-management.xml:113(para)
11702
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
11703
"the local .deb file."
11706
#: serverguide/C/package-management.xml:120(para)
11707
msgid "Uninstalling a package can be accomplished by:"
11710
#: serverguide/C/package-management.xml:125(command)
11711
msgid "sudo dpkg -r zip"
11712
msgstr "sudo dpkg -r zip"
11714
#: serverguide/C/package-management.xml:129(para)
11716
"Uninstalling packages using <application>dpkg</application>, in most cases, "
11717
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
11718
"manager that handles dependencies, to ensure that the system is in a "
11719
"consistent state. For example using <command>dpkg -r</command> you can "
11720
"remove the <application>zip</application> package, but any packages that "
11721
"depend on it will still be installed and may no longer function correctly."
11724
#: serverguide/C/package-management.xml:140(para)
11726
"For more <application>dpkg</application> options see the man page: "
11727
"<command>man dpkg</command>."
11730
#: serverguide/C/package-management.xml:146(title)
11734
#: serverguide/C/package-management.xml:147(para)
11736
"The <application>apt-get</application> command is a powerful command-line "
11737
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
11738
"(APT) performing such functions as installation of new software packages, "
11739
"upgrade of existing software packages, updating of the package list index, "
11740
"and even upgrading the entire Ubuntu system."
11742
"<application>apt-get</application> 命令是一个强大的命令行工具,用于同 Ubuntu 的 "
11743
"<emphasis>Advanced Packaging Tool</emphasis> (APT) "
11744
"一起执行诸如安装新软件包、升级已有软件包、更新包列表索引,甚至是升级整个 Ubuntu 系统等功能。"
11746
#: serverguide/C/package-management.xml:150(para)
11748
"Being a simple command-line tool, <application>apt-get</application> has "
11749
"numerous advantages over other package management tools available in Ubuntu "
11750
"for server administrators. Some of these advantages include ease of use over "
11751
"simple terminal connections (SSH) and the ability to be used in system "
11752
"administration scripts, which can in turn be automated by the "
11753
"<application>cron</application> scheduling utility."
11755
"作为一个简单的命令行工具,<application>apt-get</application> 对于服务器管理员来说比 Ubuntu "
11756
"中的其他软件包管理工具有着相当多的优点。这些优点包括便于在简单终端连接 (SSH) "
11757
"中使用,同时能够用于系统管理脚本中,以便能被<application>cron</application> 动作计划工具自动运行。"
11759
#: serverguide/C/package-management.xml:157(para)
11761
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
11762
"packages using the <application>apt-get</application> tool is quite simple. "
11763
"For example, to install the network scanner <emphasis "
11764
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
11765
"<command>sudo apt-get install nmap</command>\n"
11768
"<emphasis role=\"bold\">安装软件包</emphasis>:使用 <application>apt-"
11769
"get</application> 工具安装软件包非常简单。举个例子,要安装网络扫描器 <emphasis "
11770
"role=\"italics\">nmap</emphasis>,可以输入下面命令: <screen>\n"
11771
"<command>sudo apt-get install nmap</command>\n"
11774
#: serverguide/C/package-management.xml:165(para)
11776
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
11777
"packages is also a straightforward and simple process. To remove the nmap "
11778
"package installed in the previous example, type the following: <screen>\n"
11779
"<command>sudo apt-get remove nmap</command>\n"
11782
"<emphasis role=\"bold\">卸载软件包</emphasis>:卸载一个或多个软件包也很简单直接。要卸载在上个例子中安装的 nmap "
11783
"软件包,可以输入下面命令:<screen>\n"
11784
"<command>sudo apt-get remove nmap</command>\n"
11787
#: serverguide/C/package-management.xml:172(para)
11789
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
11790
"multiple packages to be installed or removed, separated by spaces."
11791
msgstr "<emphasis role=\"bold\">多个软件包</emphasis>:你可以安装和卸载用空格分隔的多个软件包。"
11793
#: serverguide/C/package-management.xml:175(para)
11795
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
11796
"remove</command> will remove the package configuration files as well. This "
11797
"may or may not be the desired effect so use with caution."
11800
#: serverguide/C/package-management.xml:181(para)
11802
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
11803
"index is essentially a database of available packages from the repositories "
11804
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
11805
"the local package index with the latest changes made in repositories, type "
11806
"the following: <screen>\n"
11807
"<command>sudo apt-get update</command>\n"
11810
"<emphasis role=\"bold\">更新软件包索引</emphasis>:APT "
11811
"软件包索引从本质上来说是一个可用软件包数据库,这些可用软件包来自 <filename>/etc/apt/sources.list</filename> "
11812
"文件中定义的软件库。要更新由软件库的最新变动而生成的本地软件索引,输入下面的语句:<screen>\n"
11813
"<command>sudo apt-get update</command>\n"
11816
#: serverguide/C/package-management.xml:189(para)
11818
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
11819
"versions of packages currently installed on your computer may become "
11820
"available from the package repositories (for example security updates). To "
11821
"upgrade your system, first update your package index as outlined above, and "
11822
"then type: <screen>\n"
11823
"<command>sudo apt-get upgrade</command>\n"
11827
"role=\"bold\">升级软件包</emphasis>:经过一段时间,您计算机上安装的软件的更新版本可能会在软件源中可用(例如安全更新等)。要升级您"
11828
"的系统,请先按照上述更新您的软件包索引,然后输入:<screen>\n"
11829
"<command>sudo apt-get upgrade</command>\n"
11832
#: serverguide/C/package-management.xml:195(para)
11834
"For information on upgrading to a new Ubuntu release see <xref "
11835
"linkend=\"installing-upgrading\"/>."
11838
#: serverguide/C/package-management.xml:153(para)
11840
"Some examples of popular uses for the <application>apt-get</application> "
11841
"utility: <placeholder-1/>"
11842
msgstr "<application>apt-get</application> 工具的一些常见用法示例:"
11844
#: serverguide/C/package-management.xml:201(para)
11846
"Actions of the <application>apt-get</application> command, such as "
11847
"installation and removal of packages, are logged in the /var/log/dpkg.log "
11850
"<application>apt-get</application> 命令所做操作,如包的安装和卸载,都被记录在 /var/log/dpkg.log "
11853
#: serverguide/C/package-management.xml:204(para)
11855
"For further information about the use of <application>APT</application>, "
11856
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
11857
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11860
"关于 <application>APT</application> 用法的更多信息,可阅读全面的<ulink "
11861
"url=\"http://www.debian.org/doc/user-manuals#apt-howto\">Debian APT "
11862
"用户手册</ulink> 或输入:<screen>apt-get help</screen>"
11864
#: serverguide/C/package-management.xml:208(title)
11868
#: serverguide/C/package-management.xml:209(para)
11870
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11871
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11872
"the common package management functions, such as installation, removal, and "
11873
"upgrade, are performed in <application>Aptitude</application> with single-"
11874
"key commands, which are typically lowercase letters."
11876
"<application>Aptitude</application> 是一个菜单驱动,基于文本的 <emphasis>Advanced "
11877
"Packaging Tool</emphasis> (APT) "
11878
"系统前端。包管理的许多常用功能,如安装,卸载和升级,可以在<application>Aptitude</application> "
11879
"中单键执行命令,它通常是小写字母。"
11881
#: serverguide/C/package-management.xml:212(para)
11883
"<application>Aptitude</application> is best suited for use in a non-"
11884
"graphical terminal environment to ensure proper functioning of the command "
11885
"keys. You may start <application>Aptitude</application> as a normal user "
11886
"with the following command at a terminal prompt: <screen>\n"
11887
"<command>sudo aptitude</command>\n"
11890
"<application>Aptitude</application> "
11891
"最适合在非图形界面的终端环境中使用,以此来确保命令键的正常工作。您可以作为一个普通用户在终端提示中输入以下命令来启动 "
11892
"<application>Aptitude</application>:<screen>\n"
11893
"<command>sudo aptitude</command>\n"
11896
#: serverguide/C/package-management.xml:219(para)
11898
"When <application>Aptitude</application> starts, you will see a menu bar at "
11899
"the top of the screen and two panes below the menu bar. The top pane "
11900
"contains package categories, such as <emphasis role=\"italics\">New "
11901
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11902
"Packages</emphasis>. The bottom pane contains information related to the "
11903
"packages and package categories."
11905
"当 <application>Aptitude</application> 开始之后,你将看在屏幕顶部的一个菜单条,其下有两个窗,顶窗包含包的类别,如 "
11906
"<emphasis role=\"italics\">新软件包</emphasis> 和 <emphasis role=\"italics\"> "
11907
"未安装软件包 </emphasis>。底窗包含包和包类别的相关信息。"
11909
#: serverguide/C/package-management.xml:222(para)
11911
"Using <application>Aptitude</application> for package management is "
11912
"relatively straightforward, and the user interface makes common tasks simple "
11913
"to perform. The following are examples of common package management "
11914
"functions as performed in <application>Aptitude</application>:"
11916
"使用 <application>Aptitude</application> "
11917
"来进行软件包的管理相对来说比较直观,并且其用户界面使得执行一般任务变得简单。以下是可在 "
11918
"<application>Aptitude</application> 中进行的一般软件包管理功能的例子:"
11920
#: serverguide/C/package-management.xml:226(para)
11922
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11923
"locate the package via the Not Installed Packages package category, for "
11924
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11925
"key, and highlight the package you wish to install. After highlighting the "
11926
"package you wish to install, press the <keycap>+</keycap> key, and the "
11927
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11928
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11929
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11930
"again, and you will be prompted to become root to complete the installation. "
11931
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11932
"your user password to become root. Finally, press <keycap>g</keycap> once "
11933
"more and you'll be prompted to download the package. Press "
11934
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11935
"prompt, and downloading and installation of the package will commence."
11937
"<emphasis role=\"bold\">安装软件包</emphasis>:要安装包,通过未安装软件包包类别找到该软件包,如通过键盘箭头键和 "
11938
"<keycap>ENTER</keycap> 键定位并高亮你想安装的软件包。在高亮你要安装的软件包之后,将其标示为安装。现在按 "
11939
"<keycap>g</keycap> 键显示软件包的操作提示。再按 <keycap>g</keycap> 键,您将被提示要成为 root "
11940
"用户以完成安装。按 <keycap>ENTER</keycap> 键将显示 Password: 提示。输入您的用户密码成为 root "
11941
"用户。最后,再一次按 <keycap>g</keycap> 键,您将被提示下载软件包。在<emphasis "
11942
"role=\"italics\">Continue</emphasis> 提示上按 <keycap>ENTER</keycap> "
11945
#: serverguide/C/package-management.xml:230(para)
11947
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11948
"locate the package via the Installed Packages package category, for example, "
11949
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11950
"highlight the package you wish to remove. After highlighting the package you "
11951
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11952
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11953
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11954
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11955
"prompted to become root to complete the installation. Press "
11956
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11957
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11958
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11959
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11960
"the package will commence."
11962
"<emphasis role=\"bold\">卸载软件包</emphasis>:要卸载软件包,通过已安装软件包包类别找到该软件包,如通过键盘箭头键和 "
11963
"<keycap>ENTER</keycap> 键定位并高亮你想卸载的软件包。在高亮你要卸载的软件包之后,按 <keycap>-</keycap> "
11964
"键,文件包条目将变成 <emphasis role=\"italics\">pink</emphasis>,标示其为卸载。现在按 "
11965
"<keycap>g</keycap> 键显示软件包的操作提示。再按 <keycap>g</keycap> 键,您将被提示要成为 root "
11966
"用户以完成卸载。按 <keycap>ENTER</keycap> 键将显示 Password: 提示。输入您的用户密码成为 root "
11967
"用户。最后,再一次按 <keycap>g</keycap> 键,您将被提示下载软件包。在<emphasis "
11968
"role=\"italics\">Continue</emphasis> 提示上按 <keycap>ENTER</keycap> 键,开始卸载软件包。"
11970
#: serverguide/C/package-management.xml:234(para)
11972
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11973
"package index, simply press the <keycap>u</keycap> key and you will be "
11974
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11975
"which will result in a Password: prompt. Enter your user password to become "
11976
"root. Updating of the package index will commence. Press "
11977
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11978
"presented to complete the process."
11980
"<emphasis role=\"bold\">升级软件包索引</emphasis>: 要升级软件包索引,只需按 <keycap>u</keycap> "
11981
"键,您会被提示要成为 root 来完成升级。按下 <keycap>ENTER</keycap> 将出现 Password: 提示。输入您的用户密码以成为 "
11982
"root。软件包索引的升级就会实行。当出现下载对话框时在 OK 提示上按下 <keycap>ENTER</keycap> 来完成该过程。"
11984
#: serverguide/C/package-management.xml:238(para)
11986
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11987
"perform the update of the package index as detailed above, and then press "
11988
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11989
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11990
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11991
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11992
"result in a Password: prompt. Enter your user password to become root. "
11993
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11994
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11995
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11998
"<emphasis role=\"bold\">升级软件包</emphasis>:要升级软件包,如上述执行软件包索引的升级,然后按下 "
11999
"<keycap>U</keycap> 键来标记所有能升级的软件包。现在按下 <keycap>g</keycap> 您会看到一个包动作的概要。再次按下 "
12000
"<keycap>g</keycap>,您会被提示成为 root 来完成安装。按下 <keycap>ENTER</keycap> 会出现 "
12001
"Password: 提示。输入您的用户密码以成为 root。最后,再次按下 <keycap>g</keycap>,您会被提示下载软件包。在 "
12002
"<emphasis role=\"italics\">Continue</emphasis> 提示上按下 "
12003
"<keycap>ENTER</keycap>,软件包的升级就会被实行。"
12005
#: serverguide/C/package-management.xml:245(para)
12006
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
12007
msgstr "<emphasis role=\"bold\">i</emphasis>: 已安装的软件包"
12009
#: serverguide/C/package-management.xml:250(para)
12011
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
12012
"configuration remains on system"
12013
msgstr "<emphasis role=\"bold\">c</emphasis>: 软件包没有安装,但在系统中有软件包的残留配置"
12015
#: serverguide/C/package-management.xml:254(para)
12016
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
12017
msgstr "<emphasis role=\"bold\">p</emphasis>: 从系统彻底删除"
12019
#: serverguide/C/package-management.xml:258(para)
12020
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
12021
msgstr "<emphasis role=\"bold\">v</emphasis>: 虚拟软件包"
12023
#: serverguide/C/package-management.xml:262(para)
12024
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
12025
msgstr "<emphasis role=\"bold\">B</emphasis>: 已损坏的软件包"
12027
#: serverguide/C/package-management.xml:266(para)
12029
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
12031
msgstr "<emphasis role=\"bold\">u</emphasis>: 文件已解压,但尚未配置软件包"
12033
#: serverguide/C/package-management.xml:270(para)
12035
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
12037
msgstr "<emphasis role=\"bold\">C</emphasis>: 半配置的 - 配置失败并需要修复"
12039
#: serverguide/C/package-management.xml:274(para)
12041
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
12043
msgstr "<emphasis role=\"bold\">H</emphasis>: 半安装的 - 移除失败并需要修复"
12045
#: serverguide/C/package-management.xml:242(para)
12047
"The first column of information displayed in the package list in the top "
12048
"pane, when actually viewing packages lists the current state of the package, "
12049
"and uses the following key to describe the state of the package: "
12051
msgstr "当实际查看软件时列出软件包当前状态,在顶窗软件包列表中显示信息的第一列使用下列关键字来描述软件包状态:<placeholder-1/>"
12053
#: serverguide/C/package-management.xml:280(para)
12055
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
12056
"wish to exit. Many other functions are available from the Aptitude menu by "
12057
"pressing the <keycap>F10</keycap> key."
12059
"要退出 Aptitude,只需简单按 <keycap>q</keycap> 键并确认您想退出即可。在 Aptitude 菜单中按 "
12060
"<keycap>F10</keycap> 键可以列出其他许多功能。"
12062
#: serverguide/C/package-management.xml:285(title)
12063
msgid "Automatic Updates"
12066
#: serverguide/C/package-management.xml:287(para)
12068
"The <application>unattended-upgrades</application> package can be used to "
12069
"automatically install updated packages, and can be configured to update all "
12070
"packages or just install security updates. First, install the package by "
12071
"entering the following in a terminal:"
12074
#: serverguide/C/package-management.xml:293(command)
12075
msgid "sudo apt-get install unattended-upgrades"
12076
msgstr "sudo apt-get install unattended-upgrades"
12078
#: serverguide/C/package-management.xml:296(para)
12080
"To configure <application>unattended-upgrades</application>, edit "
12081
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
12082
"the following to fit your needs:"
12085
#: serverguide/C/package-management.xml:301(programlisting)
12089
"Unattended-Upgrade::Allowed-Origins {\n"
12090
" \"Ubuntu maverick-security\";\n"
12091
"// \"Ubuntu maverick-updates\";\n"
12095
#: serverguide/C/package-management.xml:308(para)
12097
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
12098
"will not be automatically updated. To blacklist a package, add it to the "
12102
#: serverguide/C/package-management.xml:313(programlisting)
12106
"Unattended-Upgrade::Package-Blacklist {\n"
12109
"// \"libc6-dev\";\n"
12110
"// \"libc6-i686\";\n"
12114
#: serverguide/C/package-management.xml:323(para)
12116
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
12117
"whatever follows \"//\" will not be evaluated."
12120
#: serverguide/C/package-management.xml:328(para)
12122
"To enable automatic updates, edit "
12123
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
12124
"<application>apt</application> configuration options:"
12127
#: serverguide/C/package-management.xml:332(programlisting)
12131
"APT::Periodic::Update-Package-Lists \"1\";\n"
12132
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
12133
"APT::Periodic::AutocleanInterval \"7\";\n"
12134
"APT::Periodic::Unattended-Upgrade \"1\";\n"
12137
#: serverguide/C/package-management.xml:339(para)
12139
"The above configuration updates the package list, downloads, and installs "
12140
"available upgrades every day. The local download archive is cleaned every "
12144
#: serverguide/C/package-management.xml:345(para)
12146
"You can read more about <application>apt</application> Periodic "
12147
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
12151
#: serverguide/C/package-management.xml:350(para)
12153
"The results of <application>unattended-upgrades</application> will be logged "
12154
"to <filename>/var/log/unattended-upgrades</filename>."
12157
#: serverguide/C/package-management.xml:355(title)
12158
msgid "Notifications"
12161
#: serverguide/C/package-management.xml:357(para)
12163
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
12164
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
12165
"<application>unattended-upgrades</application> to email an administrator "
12166
"detailing any packages that need upgrading or have problems."
12169
#: serverguide/C/package-management.xml:362(para)
12171
"Another useful package is <application>apticron</application>. "
12172
"<application>apticron</application> will configure a "
12173
"<application>cron</application> job to email an administrator information "
12174
"about any packages on the system that have updates available, as well as a "
12175
"summary of changes in each package."
12178
#: serverguide/C/package-management.xml:368(para)
12180
"To install the <application>apticron</application> package, in a terminal "
12182
msgstr "要安装 <application>apticron</application> 软件包,在终端中输入:"
12184
#: serverguide/C/package-management.xml:373(command)
12185
msgid "sudo apt-get install apticron"
12186
msgstr "sudo apt-get install apticron"
12188
#: serverguide/C/package-management.xml:376(para)
12190
"Once the package is installed edit "
12191
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
12192
"and other options:"
12194
"软件包安装后,编辑 <filename>/etc/apticron/apticron.conf</filename> 来设置电子邮件地址和其他选项:"
12196
#: serverguide/C/package-management.xml:380(programlisting)
12200
"EMAIL=\"root@example.com\"\n"
12203
#: serverguide/C/package-management.xml:389(para)
12205
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
12206
"system repositories is stored in the /etc/apt/sources.list configuration "
12207
"file. An example of this file is referenced here, along with information on "
12208
"adding or removing repository references from the file."
12210
"<emphasis>Advanced Packaging Tool</emphasis> (APT) 系统软件库的配置被保存在 "
12211
"/etc/apt/sources.list 文件中。这儿有个该文件的示例,"
12213
#: serverguide/C/package-management.xml:395(para)
12215
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
12216
"typical <filename>/etc/apt/sources.list</filename> file."
12218
"<ulink url=\"../sample/sources.list\">这里</ulink> 是一个典型的 "
12219
"<filename>/etc/apt/sources.list</filename> 文件范例。"
12221
#: serverguide/C/package-management.xml:399(para)
12223
"You may edit the file to enable repositories or disable them. For example, "
12224
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
12225
"operations occur, simply comment out the appropriate line for the CD-ROM, "
12226
"which appears at the top of the file:"
12228
"您可以编辑该文件来使软件库生效或失效。举个例子,要不想无论何时在发生文件包操作都会引起要求插入 Ubuntu CD-ROM ,只需要简单地将在文件顶部的 "
12231
#: serverguide/C/package-management.xml:404(screen)
12235
"# no more prompting for CD-ROM please\n"
12236
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
12237
"main restricted\n"
12240
#: serverguide/C/package-management.xml:410(title)
12241
msgid "Extra Repositories"
12244
#: serverguide/C/package-management.xml:411(para)
12246
"In addition to the officially supported package repositories available for "
12247
"Ubuntu, there exist additional community-maintained repositories which add "
12248
"thousands more potential packages for installation. Two of the most popular "
12249
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
12250
"repositories. These repositories are not officially supported by Ubuntu, but "
12251
"because they are maintained by the community they generally provide packages "
12252
"which are safe for use with your Ubuntu computer."
12254
"Ubuntu 除了官方支持的软件库外,还有额外的社区维护的软件库,能提供数千个可供安装的额外软件。其中最流行的两个软件库是 "
12255
"<emphasis>Universe</emphasis> 和 <emphasis>Multiverse</emphasis> 软件库。这些软件库不被 "
12256
"Ubuntu 官方支持,但是因为它们是由社区维护的,因此它们提供的软件通常可以在您的 Ubuntu 计算机中被安全地使用。"
12258
#: serverguide/C/package-management.xml:414(para)
12260
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
12261
"licensing issues that prevent them from being distributed with a free "
12262
"operating system, and they may be illegal in your locality."
12264
"在 <emphasis>Multiverse</emphasis> "
12265
"软件库中的软件包通常有授权问题,这阻碍了它们随同一个自由操作系统一起发布,并且它们在您所处的地域中可能是非法的。"
12267
#: serverguide/C/package-management.xml:416(para)
12269
"Be advised that neither the <emphasis>Universe</emphasis> or "
12270
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
12271
"packages. In particular, there may not be security updates for these "
12274
"提醒您在 <emphasis>Universe</emphasis> 或 <emphasis>Multiverse</emphasis> "
12275
"软件库中均没有官方支持的软件包。特别是这些软件包可能没有安全更新。"
12277
#: serverguide/C/package-management.xml:420(para)
12279
"Many other package sources are available, sometimes even offering only one "
12280
"package, as in the case of package sources provided by the developer of a "
12281
"single application. You should always be very careful and cautious when "
12282
"using non-standard package sources, however. Research the source and "
12283
"packages carefully before performing any installation, as some package "
12284
"sources and their packages could render your system unstable or non-"
12285
"functional in some respects."
12287
"许多其他软件包源也是可用的,有时甚至只提供一个软件包,这种情况主要发生在由单个应用程序的开发人员所提供软件包源上。然而当您在使用非标准软件包源时您应该非常"
12288
"小心谨慎,在执行任何安装之前仔细考查源和软件包,因为有些软件包源和其中的软件包可能会使您的系统在某些方面运行不稳定或不正常。"
12290
#: serverguide/C/package-management.xml:423(para)
12292
"By default, the <emphasis>Universe</emphasis> and "
12293
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
12294
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
12295
"comment the following lines:"
12298
#: serverguide/C/package-management.xml:430(programlisting)
12302
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
12303
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
12305
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
12306
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
12307
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
12308
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
12310
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
12311
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
12312
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
12313
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
12315
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
12316
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
12317
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
12318
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
12321
#: serverguide/C/package-management.xml:456(para)
12323
"Most of the material covered in this chapter is available in "
12324
"<application>man</application> pages, many of which are available online."
12327
#: serverguide/C/package-management.xml:463(para)
12330
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
12331
"re</ulink> Ubuntu wiki page has more information."
12334
#: serverguide/C/package-management.xml:468(para)
12336
"For more <application>dpkg</application> details see the <ulink "
12337
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
12338
" man page</ulink>."
12341
#: serverguide/C/package-management.xml:474(para)
12343
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
12344
"HOWTO</ulink> and <ulink "
12345
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
12346
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
12347
"<application>apt-get</application> usage."
12350
#: serverguide/C/package-management.xml:481(para)
12353
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
12354
"itude man page</ulink> for more <application>aptitude</application> options."
12357
#: serverguide/C/package-management.xml:487(para)
12360
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
12361
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
12362
"adding repositories."
12365
#: serverguide/C/other-apps.xml:13(title)
12366
msgid "Other Useful Applications"
12369
#: serverguide/C/other-apps.xml:15(para)
12371
"There are many very useful applications developed by the Ubuntu Server Team, "
12372
"and others that are well integrated with Ubuntu Server Edition, that might "
12373
"not be well known. This chapter will showcase some useful applications that "
12374
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
12378
#: serverguide/C/other-apps.xml:23(title)
12382
#: serverguide/C/other-apps.xml:25(para)
12384
"When logging into an Ubuntu server you may have noticed the informative "
12385
"Message Of The Day (MOTD). This information is obtained and displayed using "
12386
"a couple of packages:"
12389
#: serverguide/C/other-apps.xml:32(para)
12391
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
12392
"<application>landscape-client</application>, which can be used to manage "
12393
"systems using the web based <emphasis>Landscape</emphasis> application. The "
12394
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
12395
"utility which is used to gather the information displayed in the MOTD."
12398
#: serverguide/C/other-apps.xml:40(para)
12400
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
12401
"the MOTD via <application>pam_motd</application> module."
12404
#: serverguide/C/other-apps.xml:46(para)
12406
"<application>pam_motd</application> executes the scripts in "
12407
"<filename>/etc/update-motd.d</filename> in order based on the number "
12408
"prepended to the script. The output of the scripts is written to "
12409
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
12410
"concatenated with <filename>/etc/motd.tail</filename>."
12413
#: serverguide/C/other-apps.xml:52(para)
12415
"You can add your own dynamic information to the MOTD. For example, to add "
12416
"local weather information:"
12417
msgstr "您可以往MOTD上添加您自己的动态信息。比如,要添加当地的气象信息,您可以:"
12419
#: serverguide/C/other-apps.xml:58(para)
12420
msgid "First, install the <application>weather-util</application> package:"
12421
msgstr "首先,安装 <application>weather-util</application> 软件包:"
12423
#: serverguide/C/other-apps.xml:63(command)
12424
msgid "sudo apt-get install weather-util"
12427
#: serverguide/C/other-apps.xml:68(para)
12429
"The <application>weather</application> utility uses METAR data from the "
12430
"National Oceanic and Atmospheric Administration and forecasts from the "
12431
"National Weather Service. In order to find local information you will need "
12432
"the 4-character ICAO location indicator. This can be determined by browsing "
12433
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
12434
"Weather Service</ulink> site."
12437
#: serverguide/C/other-apps.xml:75(para)
12439
"Although the National Weather Service is a United States government agency "
12440
"there are weather stations available world wide. However, local weather "
12441
"information for all locations outside the U.S. may not be available."
12444
#: serverguide/C/other-apps.xml:81(para)
12446
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
12447
"script to use <application>weather</application> with your local ICAO "
12451
#: serverguide/C/other-apps.xml:86(programlisting)
12458
"# Prints the local weather information for the MOTD.\n"
12462
"# Replace KINT with your local weather station.\n"
12463
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
12466
"weather -i KINT\n"
12471
#: serverguide/C/other-apps.xml:104(para)
12472
msgid "Make the script executable:"
12475
#: serverguide/C/other-apps.xml:109(command)
12476
msgid "sudo chmod 755 /usr/local/bin/local-weather"
12479
#: serverguide/C/other-apps.xml:113(para)
12481
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
12482
"weather</filename>:"
12485
#: serverguide/C/other-apps.xml:118(command)
12487
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
12490
#: serverguide/C/other-apps.xml:122(para)
12491
msgid "Finally, exit the server and re-login to view the new MOTD."
12494
#: serverguide/C/other-apps.xml:128(para)
12496
"You should now be greeted with some useful information, and some information "
12497
"about the local weather that may not be quite so useful. Hopefully the "
12498
"<application>local-weather</application> example demonstrates the "
12499
"flexibility of <application>pam_motd</application>."
12502
#: serverguide/C/other-apps.xml:136(title)
12506
#: serverguide/C/other-apps.xml:138(para)
12508
"<application>etckeeper</application> allows the contents of <filename "
12509
"role=\"directory\">/etc</filename> be easily stored in Version Control "
12510
"System (VCS) repository. It hooks into <application>apt</application> to "
12511
"automatically commit changes to <filename>/etc</filename> when packages are "
12512
"installed or upgraded. Placing <filename>/etc</filename> under version "
12513
"control is considered an industry best practice, and the goal of "
12514
"<application>etckeeper</application> is to make this process as painless as "
12518
#: serverguide/C/other-apps.xml:146(para)
12520
"Install <application>etckeeper</application> by entering the following in a "
12524
#: serverguide/C/other-apps.xml:151(command)
12525
msgid "sudo apt-get install etckeeper"
12528
#: serverguide/C/other-apps.xml:154(para)
12530
"The main configuration file, "
12531
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
12532
"main option is which VCS to use. By default "
12533
"<application>etckeeper</application> is configured to use "
12534
"<application>bzr</application> for version control. The repository is "
12535
"automatically initialized (and committed for the first time) during package "
12536
"installation. It is possible to undo this by entering the following command:"
12539
#: serverguide/C/other-apps.xml:164(command)
12540
msgid "sudo etckeeper uninit"
12543
#: serverguide/C/other-apps.xml:167(para)
12545
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
12546
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
12547
"It will also automatically commit changes before and after package "
12548
"installation. For a more precise tracking of changes, it is recommended to "
12549
"commit your changes manually, together with a commit message, using:"
12552
#: serverguide/C/other-apps.xml:176(command)
12553
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
12556
#: serverguide/C/other-apps.xml:179(para)
12558
"Using the VCS commands you can view log information about files in "
12559
"<filename>/etc</filename>:"
12562
#: serverguide/C/other-apps.xml:184(command)
12563
msgid "sudo bzr log /etc/passwd"
12566
#: serverguide/C/other-apps.xml:187(para)
12568
"To demonstrate the integration with the package management system, install "
12569
"<application>postfix</application>:"
12572
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
12573
msgid "sudo apt-get install postfix"
12576
#: serverguide/C/other-apps.xml:195(para)
12578
"When the installation is finished, all the "
12579
"<application>postfix</application> configuration files should be committed "
12580
"to the repository:"
12583
#: serverguide/C/other-apps.xml:201(computeroutput)
12586
"Committing to: /etc/\n"
12587
"added aliases.db\n"
12589
"modified group-\n"
12590
"modified gshadow\n"
12591
"modified gshadow-\n"
12592
"modified passwd\n"
12593
"modified passwd-\n"
12595
"added resolvconf\n"
12596
"added rsyslog.d\n"
12597
"modified shadow\n"
12598
"modified shadow-\n"
12599
"added init.d/postfix\n"
12600
"added network/if-down.d/postfix\n"
12601
"added network/if-up.d/postfix\n"
12602
"added postfix/dynamicmaps.cf\n"
12603
"added postfix/main.cf\n"
12604
"added postfix/master.cf\n"
12605
"added postfix/post-install\n"
12606
"added postfix/postfix-files\n"
12607
"added postfix/postfix-script\n"
12608
"added postfix/sasl\n"
12609
"added ppp/ip-down.d\n"
12610
"added ppp/ip-down.d/postfix\n"
12611
"added ppp/ip-up.d/postfix\n"
12612
"added rc0.d/K20postfix\n"
12613
"added rc1.d/K20postfix\n"
12614
"added rc2.d/S20postfix\n"
12615
"added rc3.d/S20postfix\n"
12616
"added rc4.d/S20postfix\n"
12617
"added rc5.d/S20postfix\n"
12618
"added rc6.d/K20postfix\n"
12619
"added resolvconf/update-libc.d\n"
12620
"added resolvconf/update-libc.d/postfix\n"
12621
"added rsyslog.d/postfix.conf\n"
12622
"added ufw/applications.d/postfix\n"
12623
"Committed revision 2."
12626
#: serverguide/C/other-apps.xml:241(para)
12628
"For an example of how <application>etckeeper</application> tracks manual "
12629
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12630
"<application>bzr</application> you can see which files have been modified:"
12633
#: serverguide/C/other-apps.xml:247(command)
12634
msgid "sudo bzr status /etc/"
12637
#: serverguide/C/other-apps.xml:248(computeroutput)
12644
#: serverguide/C/other-apps.xml:252(para)
12645
msgid "Now commit the changes:"
12648
#: serverguide/C/other-apps.xml:257(command)
12649
msgid "sudo etckeeper commit \"new host\""
12652
#: serverguide/C/other-apps.xml:260(para)
12654
"For more information on <application>bzr</application> see <xref "
12655
"linkend=\"bazaar\"/>."
12658
#: serverguide/C/other-apps.xml:266(title)
12662
#: serverguide/C/other-apps.xml:268(para)
12664
"One of the most useful applications for any system administrator is "
12665
"<application>screen</application>. It allows the execution of multiple "
12666
"shells in one terminal. To make some of the advanced "
12667
"<application>screen</application> features more user friendly, and provide "
12668
"some useful information about the system, the "
12669
"<application>byobu</application> package was created."
12672
#: serverguide/C/other-apps.xml:275(para)
12674
"When executing <application>byobu</application> pressing the "
12675
"<emphasis>F9</emphasis> key will bring up the "
12676
"<application>Configuration</application> menu. This menu will allow you to:"
12679
#: serverguide/C/other-apps.xml:281(para)
12680
msgid "View the Help menu"
12683
#: serverguide/C/other-apps.xml:282(para)
12684
msgid "Change Byobu's background color"
12687
#: serverguide/C/other-apps.xml:283(para)
12688
msgid "Change Byobu's foreground color"
12691
#: serverguide/C/other-apps.xml:284(para)
12692
msgid "Toggle status notifications"
12695
#: serverguide/C/other-apps.xml:285(para)
12696
msgid "Change the key binding set"
12699
#: serverguide/C/other-apps.xml:286(para)
12700
msgid "Change the escape sequence"
12703
#: serverguide/C/other-apps.xml:287(para)
12704
msgid "Create new windows"
12707
#: serverguide/C/other-apps.xml:288(para)
12708
msgid "Manage the default windows"
12711
#: serverguide/C/other-apps.xml:289(para)
12712
msgid "Byobu currently does not launch at login (toggle on)"
12715
#: serverguide/C/other-apps.xml:292(para)
12717
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12718
"sequence, new window, change window, etc. There are two key binding sets to "
12719
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
12720
"keys</emphasis>. If you wish to use the original key bindings choose the "
12721
"<emphasis>none</emphasis> set."
12724
#: serverguide/C/other-apps.xml:298(para)
12726
"<application>byobu</application> provides a menu which displays the Ubuntu "
12727
"release, processor information, memory information, and the time and date. "
12728
"The effect is similar to a desktop menu."
12731
#: serverguide/C/other-apps.xml:303(para)
12733
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12734
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12735
"executed any time a terminal is opened. Changes made to "
12736
"<application>byobu</application> are on a per user basis, and will not "
12737
"affect other users on the system."
12740
#: serverguide/C/other-apps.xml:309(para)
12742
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12743
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12744
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
12745
"commands. Here is a quick list of movement commands:"
12748
#: serverguide/C/other-apps.xml:316(para)
12749
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12752
#: serverguide/C/other-apps.xml:317(para)
12753
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12756
#: serverguide/C/other-apps.xml:318(para)
12757
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12760
#: serverguide/C/other-apps.xml:319(para)
12761
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12764
#: serverguide/C/other-apps.xml:320(para)
12765
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12768
#: serverguide/C/other-apps.xml:321(para)
12769
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12772
#: serverguide/C/other-apps.xml:322(para)
12774
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12778
#: serverguide/C/other-apps.xml:323(para)
12779
msgid "<emphasis>/</emphasis> - Search forward"
12782
#: serverguide/C/other-apps.xml:324(para)
12783
msgid "<emphasis>?</emphasis> - Search backward"
12786
#: serverguide/C/other-apps.xml:325(para)
12788
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
12791
#: serverguide/C/other-apps.xml:334(para)
12794
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
12795
"motd.1.html\">update-motd man page</ulink> for more options available to "
12796
"<application>update-motd</application>."
12799
#: serverguide/C/other-apps.xml:340(para)
12801
"The Debian Package of the Day <ulink "
12802
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12803
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12804
"details about using the <application>weather</application>utility."
12807
#: serverguide/C/other-apps.xml:347(para)
12810
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12811
"more details on using <application>etckeeper</application>."
12814
#: serverguide/C/other-apps.xml:353(para)
12816
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12817
"Ubuntu Wiki</ulink> page."
12820
#: serverguide/C/other-apps.xml:358(para)
12822
"For the latest news and information about <application>bzr</application> see "
12823
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12826
#: serverguide/C/other-apps.xml:363(para)
12828
"For more information on <application>screen</application> see the <ulink "
12829
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12832
#: serverguide/C/other-apps.xml:368(para)
12834
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12835
"screen</ulink> page."
12838
#: serverguide/C/other-apps.xml:373(para)
12840
"Also, see the <application>byobu</application><ulink "
12841
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12845
#: serverguide/C/network-config.xml:14(para)
12847
"Networks consist of two or more devices, such as computer systems, printers, "
12848
"and related equipment which are connected by either physical cabling or "
12849
"wireless links for the purpose of sharing and distributing information among "
12850
"the connected devices."
12851
msgstr "网络由两个或多个设备组成,例如计算机系统、打印机,以及用物理线缆或是无线链接连接起来的相关设备,用来在其中共享和分发信息。"
12853
#: serverguide/C/network-config.xml:20(para)
12855
"This section provides general and specific information pertaining to "
12856
"networking, including an overview of network concepts and detailed "
12857
"discussion of popular network protocols."
12858
msgstr "本节提供属于联网范畴的一般和特定信息,包括网络概念的概览以及对于流行网络协议的详细讨论。"
12860
#: serverguide/C/network-config.xml:27(title)
12861
msgid "Network Configuration"
12864
#: serverguide/C/network-config.xml:28(para)
12866
"Ubuntu ships with a number of graphical utilities to configure your network "
12867
"devices. This document is geared toward server administrators and will focus "
12868
"on managing your network on the command line."
12869
msgstr "Ubuntu 提供了许多图形化工具来配制您的网络设备。本文适用于服务器管理员并聚焦在命令行中管理您的网络。"
12871
#: serverguide/C/network-config.xml:35(title)
12872
msgid "Ethernet Interfaces"
12875
#: serverguide/C/network-config.xml:36(para)
12877
"Ethernet interfaces are identified by the system using the naming convention "
12878
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
12879
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
12880
"interface is typically identified as <emphasis "
12881
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
12882
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
12886
#: serverguide/C/network-config.xml:46(title)
12887
msgid "Identify Ethernet Interfaces"
12890
#: serverguide/C/network-config.xml:47(para)
12892
"To quickly identify all available Ethernet interfaces, you can use the "
12893
"<application>ifconfig</application> command as shown below."
12896
#: serverguide/C/network-config.xml:52(userinput)
12898
msgid "ifconfig -a | grep eth"
12901
#: serverguide/C/network-config.xml:51(screen)
12905
"<placeholder-1/>\n"
12906
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
12909
#: serverguide/C/network-config.xml:55(para)
12911
"Another application that can help identify all network interfaces available "
12912
"to your system is the <application>lshw</application> command. In the "
12913
"example below, <application>lshw</application> shows a single Ethernet "
12914
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
12915
"along with bus information, driver details and all supported capabilities."
12918
#: serverguide/C/network-config.xml:62(userinput)
12920
msgid "sudo lshw -class network"
12923
#: serverguide/C/network-config.xml:61(screen)
12927
"<placeholder-1/>\n"
12929
" description: Ethernet interface\n"
12930
" product: BCM4401-B0 100Base-TX\n"
12931
" vendor: Broadcom Corporation\n"
12932
" physical id: 0\n"
12933
" bus info: pci@0000:03:00.0\n"
12934
" logical name: eth0\n"
12936
" serial: 00:15:c5:4a:16:5a\n"
12938
" capacity: 100MB/s\n"
12939
" width: 32 bits\n"
12941
" capabilities: (snipped for brevity)\n"
12942
" configuration: (snipped for brevity)\n"
12943
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12946
#: serverguide/C/network-config.xml:83(title)
12947
msgid "Ethernet Interface Logical Names"
12950
#: serverguide/C/network-config.xml:84(para)
12952
"Interface logical names are configured in the file "
12953
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12954
"like control which interface receives a particular logical name, find the "
12955
"line matching the interfaces physical MAC address and modify the value of "
12956
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12957
"Reboot the system to commit your changes."
12960
#: serverguide/C/network-config.xml:92(programlisting)
12964
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12965
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12966
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12967
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12968
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12969
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12972
#: serverguide/C/network-config.xml:99(title)
12973
msgid "Ethernet Interface Settings"
12976
#: serverguide/C/network-config.xml:100(para)
12978
"<application>ethtool</application> is a program that displays and changes "
12979
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12980
"and Wake-on-LAN. It is not installed by default, but is available for "
12981
"installation in the repositories."
12984
#: serverguide/C/network-config.xml:106(userinput)
12986
msgid "sudo apt-get install ethtool"
12989
#: serverguide/C/network-config.xml:108(para)
12991
"The following is an example of how to view supported features and configured "
12992
"settings of an Ethernet interface."
12995
#: serverguide/C/network-config.xml:113(userinput)
12997
msgid "sudo ethtool eth0"
13000
#: serverguide/C/network-config.xml:112(screen)
13004
"<placeholder-1/>\n"
13005
"Settings for eth0:\n"
13006
" Supported ports: [ TP ]\n"
13007
" Supported link modes: 10baseT/Half 10baseT/Full \n"
13008
" 100baseT/Half 100baseT/Full \n"
13009
" 1000baseT/Half 1000baseT/Full \n"
13010
" Supports auto-negotiation: Yes\n"
13011
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
13012
" 100baseT/Half 100baseT/Full \n"
13013
" 1000baseT/Half 1000baseT/Full \n"
13014
" Advertised auto-negotiation: Yes\n"
13015
" Speed: 1000Mb/s\n"
13017
" Port: Twisted Pair\n"
13019
" Transceiver: internal\n"
13020
" Auto-negotiation: on\n"
13021
" Supports Wake-on: g\n"
13023
" Current message level: 0x000000ff (255)\n"
13024
" Link detected: yes\n"
13027
#: serverguide/C/network-config.xml:135(para)
13029
"Changes made with the <application>ethtool</application> command are "
13030
"temporary and will be lost after a reboot. If you would like to retain "
13031
"settings, simply add the desired <application>ethtool</application> command "
13032
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
13033
"configuration file <filename>/etc/network/interfaces</filename>."
13036
#: serverguide/C/network-config.xml:141(para)
13038
"The following is an example of how the interface identified as <emphasis "
13039
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
13040
"speed of 1000Mb/s running in full duplex mode."
13043
#: serverguide/C/network-config.xml:145(programlisting)
13048
"iface eth0 inet static\n"
13049
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
13052
#: serverguide/C/network-config.xml:151(para)
13054
"Although the example above shows the interface configured to use the "
13055
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
13056
"other methods as well, such as DHCP. The example is meant to demonstrate "
13057
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
13058
"statement in relation to the rest of the interface configuration."
13061
#: serverguide/C/network-config.xml:163(title)
13062
msgid "IP Addressing"
13065
#: serverguide/C/network-config.xml:164(para)
13067
"The following section describes the process of configuring your systems IP "
13068
"address and default gateway needed for communicating on a local area network "
13069
"and the Internet."
13072
#: serverguide/C/network-config.xml:171(title)
13073
msgid "Temporary IP Address Assignment"
13076
#: serverguide/C/network-config.xml:172(para)
13078
"For temporary network configurations, you can use standard commands such as "
13079
"<application>ip</application>, <application>ifconfig</application> and "
13080
"<application>route</application>, which are also found on most other "
13081
"GNU/Linux operating systems. These commands allow you to configure settings "
13082
"which take effect immediately, however they are not persistent and will be "
13083
"lost after a reboot."
13086
#: serverguide/C/network-config.xml:180(para)
13088
"To temporarily configure an IP address, you can use the "
13089
"<application>ifconfig</application> command in the following manner. Just "
13090
"modify the IP address and subnet mask to match your network requirements."
13093
#: serverguide/C/network-config.xml:186(userinput)
13095
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
13098
#: serverguide/C/network-config.xml:188(para)
13100
"To verify the IP address configuration of <application>eth0</application>, "
13101
"you can use the <application>ifconfig</application> command in the following "
13105
#: serverguide/C/network-config.xml:193(userinput)
13107
msgid "ifconfig eth0"
13110
#: serverguide/C/network-config.xml:192(screen)
13114
"<placeholder-1/>\n"
13115
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
13116
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
13117
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
13118
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
13119
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
13120
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
13121
" collisions:0 txqueuelen:1000 \n"
13122
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
13126
#: serverguide/C/network-config.xml:204(para)
13128
"To configure a default gateway, you can use the "
13129
"<application>route</application> command in the following manner. Modify the "
13130
"default gateway address to match your network requirements."
13133
#: serverguide/C/network-config.xml:210(userinput)
13135
msgid "sudo route add default gw 10.0.0.1 eth0"
13138
#: serverguide/C/network-config.xml:212(para)
13140
"To verify your default gateway configuration, you can use the "
13141
"<application>route</application> command in the following manner."
13144
#: serverguide/C/network-config.xml:217(userinput)
13149
#: serverguide/C/network-config.xml:216(screen)
13153
"<placeholder-1/>\n"
13154
"Kernel IP routing table\n"
13155
"Destination Gateway Genmask Flags Metric Ref Use "
13157
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
13159
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
13163
#: serverguide/C/network-config.xml:223(para)
13165
"If you require DNS for your temporary network configuration, you can add DNS "
13166
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
13167
"example below shows how to enter two DNS servers to "
13168
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
13169
"appropriate for your network. A more lengthy description of DNS client "
13170
"configuration is in a following section."
13173
#: serverguide/C/network-config.xml:230(programlisting)
13177
"nameserver 8.8.8.8\n"
13178
"nameserver 8.8.4.4\n"
13181
#: serverguide/C/network-config.xml:234(para)
13183
"If you no longer need this configuration and wish to purge all IP "
13184
"configuration from an interface, you can use the "
13185
"<application>ip</application> command with the flush option as shown below."
13188
#: serverguide/C/network-config.xml:240(userinput)
13190
msgid "ip addr flush eth0"
13193
#: serverguide/C/network-config.xml:243(para)
13195
"Flushing the IP configuration using the <application>ip</application> "
13196
"command does not clear the contents of "
13197
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
13198
"entries manually."
13201
#: serverguide/C/network-config.xml:251(title)
13202
msgid "Dynamic IP Address Assignment (DHCP Client)"
13205
#: serverguide/C/network-config.xml:252(para)
13207
"To configure your server to use DHCP for dynamic address assignment, add the "
13208
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
13209
"statement for the appropriate interface in the file "
13210
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
13211
"are configuring your first Ethernet interface identified as <emphasis "
13212
"role=\"italic\">eth0</emphasis>."
13215
#: serverguide/C/network-config.xml:259(programlisting)
13220
"iface eth0 inet dhcp\n"
13223
#: serverguide/C/network-config.xml:263(para)
13225
"By adding an interface configuration as shown above, you can manually enable "
13226
"the interface through the <application>ifup</application> command which "
13227
"initiates the DHCP process via <application>dhclient</application>."
13230
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
13232
msgid "sudo ifup eth0"
13235
#: serverguide/C/network-config.xml:271(para)
13237
"To manually disable the interface, you can use the "
13238
"<application>ifdown</application> command, which in turn will initiate the "
13239
"DHCP release process and shut down the interface."
13242
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
13244
msgid "sudo ifdown eth0"
13247
#: serverguide/C/network-config.xml:282(title)
13248
msgid "Static IP Address Assignment"
13251
#: serverguide/C/network-config.xml:283(para)
13253
"To configure your system to use a static IP address assignment, add the "
13254
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
13255
"family statement for the appropriate interface in the file "
13256
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
13257
"are configuring your first Ethernet interface identified as <emphasis "
13258
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
13259
"role=\"italic\">address</emphasis>, <emphasis "
13260
"role=\"italic\">netmask</emphasis>, and <emphasis "
13261
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
13265
#: serverguide/C/network-config.xml:292(programlisting)
13270
"iface eth0 inet static\n"
13271
"address 10.0.0.100\n"
13272
"netmask 255.255.255.0\n"
13273
"gateway 10.0.0.1\n"
13276
#: serverguide/C/network-config.xml:299(para)
13278
"By adding an interface configuration as shown above, you can manually enable "
13279
"the interface through the <application>ifup</application> command."
13282
#: serverguide/C/network-config.xml:306(para)
13284
"To manually disable the interface, you can use the "
13285
"<application>ifdown</application> command."
13288
#: serverguide/C/network-config.xml:316(title)
13289
msgid "Loopback Interface"
13292
#: serverguide/C/network-config.xml:317(para)
13294
"The loopback interface is identified by the system as <emphasis "
13295
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
13296
"can be viewed using the ifconfig command."
13299
#: serverguide/C/network-config.xml:322(userinput)
13301
msgid "ifconfig lo"
13304
#: serverguide/C/network-config.xml:321(screen)
13308
"<placeholder-1/>\n"
13309
"lo Link encap:Local Loopback \n"
13310
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
13311
" inet6 addr: ::1/128 Scope:Host\n"
13312
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
13313
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
13314
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
13315
" collisions:0 txqueuelen:0 \n"
13316
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
13319
#: serverguide/C/network-config.xml:332(para)
13321
"By default, there should be two lines in "
13322
"<filename>/etc/network/interfaces</filename> responsible for automatically "
13323
"configuring your loopback interface. It is recommended that you keep the "
13324
"default settings unless you have a specific purpose for changing them. An "
13325
"example of the two default lines are shown below."
13328
#: serverguide/C/network-config.xml:338(programlisting)
13333
"iface lo inet loopback\n"
13336
#: serverguide/C/network-config.xml:347(title)
13337
msgid "Name Resolution"
13340
#: serverguide/C/network-config.xml:348(para)
13342
"Name resolution as it relates to IP networking is the process of mapping IP "
13343
"addresses to hostnames, making it easier to identify resources on a network. "
13344
"The following section will explain how to properly configure your system for "
13345
"name resolution using DNS and static hostname records."
13348
#: serverguide/C/network-config.xml:356(title)
13349
msgid "DNS Client Configuration"
13352
#: serverguide/C/network-config.xml:357(para)
13354
"To configure your system to use DNS for name resolution, add the IP "
13355
"addresses of the DNS servers that are appropriate for your network in the "
13356
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
13357
"suffix search-lists to match your network domain names."
13360
#: serverguide/C/network-config.xml:362(para)
13362
"Below is an example of a typical configuration of "
13363
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
13364
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
13367
#: serverguide/C/network-config.xml:367(programlisting)
13371
"search example.com\n"
13372
"nameserver 8.8.8.8\n"
13373
"nameserver 8.8.4.4\n"
13376
#: serverguide/C/network-config.xml:372(para)
13378
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
13379
"multiple domain names so that DNS queries will be appended in the order in "
13380
"which they are entered. For example, your network may have multiple sub-"
13381
"domains to search; a parent domain of <emphasis "
13382
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
13383
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
13384
"role=\"italic\">dev.example.com</emphasis>."
13387
#: serverguide/C/network-config.xml:380(para)
13389
"If you have multiple domains you wish to search, your configuration might "
13390
"look like the following."
13393
#: serverguide/C/network-config.xml:383(programlisting)
13397
"search example.com sales.example.com dev.example.com\n"
13398
"nameserver 8.8.8.8\n"
13399
"nameserver 8.8.4.4\n"
13402
#: serverguide/C/network-config.xml:388(para)
13404
"If you try to ping a host with the name of <emphasis "
13405
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
13406
"for its Fully Qualified Domain Name (FQDN) in the following order:"
13409
#: serverguide/C/network-config.xml:394(para)
13410
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
13413
#: serverguide/C/network-config.xml:399(para)
13414
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
13417
#: serverguide/C/network-config.xml:404(para)
13418
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
13421
#: serverguide/C/network-config.xml:409(para)
13423
"If no matches are found, the DNS server will provide a result of <emphasis "
13424
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
13427
#: serverguide/C/network-config.xml:416(title)
13428
msgid "Static Hostnames"
13431
#: serverguide/C/network-config.xml:417(para)
13433
"Static hostnames are locally defined hostname-to-IP mappings located in the "
13434
"file <filename>/etc/hosts</filename>. Entries in the "
13435
"<filename>hosts</filename> file will have precedence over DNS by default. "
13436
"This means that if your system tries to resolve a hostname and it matches an "
13437
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
13438
"some configurations, especially when Internet access is not required, "
13439
"servers that communicate with a limited number of resources can be "
13440
"conveniently set to use static hostnames instead of DNS."
13443
#: serverguide/C/network-config.xml:424(para)
13445
"The following is an example of a <filename>hosts</filename> file where a "
13446
"number of local servers have been identified by simple hostnames, aliases "
13447
"and their equivalent Fully Qualified Domain Names (FQDN's)."
13450
#: serverguide/C/network-config.xml:428(programlisting)
13454
"127.0.0.1\tlocalhost\n"
13455
"127.0.1.1\tubuntu-server\n"
13456
"10.0.0.11\tserver1 vpn server1.example.com\n"
13457
"10.0.0.12\tserver2 mail server2.example.com\n"
13458
"10.0.0.13\tserver3 www server3.example.com\n"
13459
"10.0.0.14\tserver4 file server4.example.com\n"
13462
#: serverguide/C/network-config.xml:437(para)
13464
"In the above example, notice that each of the servers have been given "
13465
"aliases in addition to their proper names and FQDN's. <emphasis "
13466
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
13467
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
13468
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
13469
"role=\"italic\">server3</emphasis> as <emphasis "
13470
"role=\"italic\">www</emphasis>, and <emphasis "
13471
"role=\"italic\">server4</emphasis> as <emphasis "
13472
"role=\"italic\">file</emphasis>."
13475
#: serverguide/C/network-config.xml:449(title)
13476
msgid "Name Service Switch Configuration"
13479
#: serverguide/C/network-config.xml:450(para)
13481
"The order in which your system selects a method of resolving hostnames to IP "
13482
"addresses is controlled by the Name Service Switch (NSS) configuration file "
13483
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
13484
"section, typically static hostnames defined in the systems "
13485
"<filename>/etc/hosts</filename> file have precedence over names resolved "
13486
"from DNS. The following is an example of the line responsible for this order "
13487
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
13490
#: serverguide/C/network-config.xml:458(programlisting)
13494
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
13497
#: serverguide/C/network-config.xml:464(para)
13499
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
13500
"hostnames located in <filename>/etc/hosts</filename>."
13503
#: serverguide/C/network-config.xml:470(para)
13505
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
13506
"name using Multicast DNS."
13509
#: serverguide/C/network-config.xml:475(para)
13511
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
13512
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
13513
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
13514
"authoritative and that the system should not try to continue hunting for an "
13518
#: serverguide/C/network-config.xml:483(para)
13520
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
13523
#: serverguide/C/network-config.xml:488(para)
13525
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
13528
#: serverguide/C/network-config.xml:494(para)
13530
"To modify the order of the above mentioned name resolution methods, you can "
13531
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
13532
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
13533
"versus Multicast DNS, you can change the string in "
13534
"<filename>/etc/nsswitch.conf</filename> as shown below."
13537
#: serverguide/C/network-config.xml:501(programlisting)
13541
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
13544
#: serverguide/C/network-config.xml:508(title)
13548
#: serverguide/C/network-config.xml:510(para)
13550
"Bridging multiple interfaces is a more advanced configuration, but is very "
13551
"useful in multiple scenarios. One scenario is setting up a bridge with "
13552
"multiple network interfaces, then using a firewall to filter traffic between "
13553
"two network segments. Another scenario is using bridge on a system with one "
13554
"interface to allow virtual machines direct access to the outside network. "
13555
"The following example covers the latter scenario."
13558
#: serverguide/C/network-config.xml:517(para)
13560
"Before configuring a bridge you will need to install the <application>bridge-"
13561
"utils</application> package. To install the package, in a terminal enter:"
13564
#: serverguide/C/network-config.xml:523(command)
13565
msgid "sudo apt-get install bridge-utils"
13568
#: serverguide/C/network-config.xml:526(para)
13570
"Next, configure the bridge by editing "
13571
"<filename>/etc/network/interfaces</filename>:"
13574
#: serverguide/C/network-config.xml:530(programlisting)
13579
"iface lo inet loopback\n"
13582
"iface br0 inet static\n"
13583
" address 192.168.0.10\n"
13584
" network 192.168.0.0\n"
13585
" netmask 255.255.255.0\n"
13586
" broadcast 192.168.0.255\n"
13587
" gateway 192.168.0.1\n"
13588
" bridge_ports eth0\n"
13590
" bridge_hello 2\n"
13591
" bridge_maxage 12\n"
13592
" bridge_stp off\n"
13596
"iface lo inet loopback\n"
13599
"iface br0 inet static\n"
13600
" address 192.168.0.10\n"
13601
" network 192.168.0.0\n"
13602
" netmask 255.255.255.0\n"
13603
" broadcast 192.168.0.255\n"
13604
" gateway 192.168.0.1\n"
13605
" bridge_ports eth0\n"
13607
" bridge_hello 2\n"
13608
" bridge_maxage 12\n"
13609
" bridge_stp off\n"
13611
#: serverguide/C/network-config.xml:549(para)
13612
msgid "Enter the appropriate values for your physical interface and network."
13613
msgstr "为你的物理接口和网络输入相应的值。"
13615
#: serverguide/C/network-config.xml:554(para)
13616
msgid "Now restart networking to enable the bridge interface:"
13619
#: serverguide/C/network-config.xml:561(para)
13621
"The new bridge interface should now be up and running. The "
13622
"<application>brctl</application> provides useful information about the state "
13623
"of the bridge, controls which interfaces are part of the bridge, etc. See "
13624
"<command>man brctl</command> for more information."
13627
#: serverguide/C/network-config.xml:577(para)
13629
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
13630
"Network page</ulink> has links to articles covering more advanced network "
13634
#: serverguide/C/network-config.xml:583(para)
13637
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
13638
"\">interfaces man page</ulink> has details on more options for "
13639
"<filename>/etc/network/interfaces</filename>."
13642
#: serverguide/C/network-config.xml:589(para)
13645
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
13646
"dhclient man page</ulink> has details on more options for configuring DHCP "
13650
#: serverguide/C/network-config.xml:595(para)
13652
"For more information on DNS client configuration see the <ulink "
13653
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
13654
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
13655
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
13656
"Administrator's Guide</ulink> is a good source of resolver and name service "
13657
"configuration information."
13660
#: serverguide/C/network-config.xml:603(para)
13662
"For more information on <emphasis>bridging</emphasis> see the <ulink "
13663
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
13664
"tl man page</ulink> and the Linux Foundation's <ulink "
13665
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
13668
#: serverguide/C/network-config.xml:614(title)
13672
#: serverguide/C/network-config.xml:615(para)
13674
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13675
"standard set of protocols developed in the late 1970s by the Defense "
13676
"Advanced Research Projects Agency (DARPA) as a means of communication "
13677
"between different types of computers and computer networks. TCP/IP is the "
13678
"driving force of the Internet, and thus it is the most popular set of "
13679
"network protocols on Earth."
13681
"传输控制协议和网际协议 (TCP/IP) 是在 20世纪70年代被美国国防部高级研究规划局 "
13682
"(DARPA)作为在不同类型计算机及计算机网络之间的通信手段而被开发的一个标准协议簇。TCP/IP 是 Internet "
13683
"的驱动力,因此它是全球最流行的网络协议簇。"
13685
#: serverguide/C/network-config.xml:623(title)
13686
msgid "TCP/IP Introduction"
13689
#: serverguide/C/network-config.xml:624(para)
13691
"The two protocol components of TCP/IP deal with different aspects of "
13692
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13693
"TCP/IP is a connectionless protocol which deals only with network packet "
13694
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
13695
"basic unit of networking information. The IP Datagram consists of a header "
13696
"followed by a message. The <emphasis> Transmission Control "
13697
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
13698
"establish connections which may be used to exchange data streams. TCP also "
13699
"guarantees that the data between connections is delivered and that it "
13700
"arrives at one network host in the same order as sent from another network "
13704
#: serverguide/C/network-config.xml:637(title)
13705
msgid "TCP/IP Configuration"
13708
#: serverguide/C/network-config.xml:638(para)
13710
"The TCP/IP protocol configuration consists of several elements which must be "
13711
"set by editing the appropriate configuration files, or deploying solutions "
13712
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
13713
"can be configured to provide the proper TCP/IP configuration settings to "
13714
"network clients automatically. These configuration values must be set "
13715
"correctly in order to facilitate the proper network operation of your Ubuntu "
13718
"TCP/IP 协议配置由必须设置的几个元素组成,可以通过编辑相应的配置文件或配置方案如动态主机配置协议 (DHCP) 来设置,它可以配置成提供适当的 "
13719
"TCP/IP 配置来自动设置网络客户机。这些配置值必须正确设置,以便于您的 Ubuntu 系统进行相应网络操作。"
13721
#: serverguide/C/network-config.xml:650(para)
13723
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13724
"identifying string expressed as four decimal numbers ranging from zero (0) "
13725
"to two-hundred and fifty-five (255), separated by periods, with each of the "
13726
"four numbers representing eight (8) bits of the address for a total length "
13727
"of thirty-two (32) bits for the whole address. This format is called "
13728
"<emphasis>dotted quad notation</emphasis>."
13730
"<emphasis role=\"bold\">IP 地址</emphasis> IP 地址是唯一标识字符串,它由四部分由点号分隔的,范围从 0 到 "
13731
"255 的十进制数组成。 每部分由8个比特表示,整个地址总长为32个比特。这种格式被称为 <emphasis>dotted quad "
13732
"notation</emphasis>。"
13734
#: serverguide/C/network-config.xml:660(para)
13736
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13737
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13738
"separate the portions of an IP address significant to the network from the "
13739
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
13740
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
13741
"three bytes of the IP address and allows the last byte of the IP address to "
13742
"remain available for specifying hosts on the subnetwork."
13744
"<emphasis role=\"bold\">掩码</emphasis> 子网掩码 (或简称<emphasis>掩码</emphasis>) "
13745
"是一个局部位掩码,或用指定的 <emphasis>子网掩码</emphasis> 来将IP 地址中的网络分隔出来的一组标识。举个例子,在 C "
13746
"类网络中,标准的掩码是 255.255.255.0 屏蔽了 IP 地址的前三个字节,并允许 IP 地址的最后一个字节指定子网中的主机。"
13748
#: serverguide/C/network-config.xml:671(para)
13750
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13751
"represents the bytes comprising the network portion of an IP address. For "
13752
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
13753
"network address, where twelve (12) represents the first byte of the IP "
13754
"address, (the network part) and zeroes (0) in all of the remaining three "
13755
"bytes to represent the potential host values. A network host using the "
13756
"private IP address 192.168.1.100 would in turn use a Network Address of "
13757
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
13758
"network and a zero (0) for all the possible hosts on the network."
13760
"<emphasis role=\"bold\">网络地址</emphasis> 网络地址表示包括IP 地址网络部分的字节。 例如, 一个 A "
13761
"类网络的主机 12.128.1.2 将使用 12.0.0.0 作为网络地址,使用 12 来表示 IP 地址的第一个字节 (网络部分), 余下的三个为 0 "
13762
"的字节表示可能的主机值的。网络主机使用象 192.168.1.100 这样的私有 IP 地址将使用 192.168.1.0 "
13763
"作为网络地址,其用前三个字节来指定 C 类 192.168.1 网络,而用一个 0 来表示网络上所有可能的主机。"
13765
#: serverguide/C/network-config.xml:684(para)
13767
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13768
"is an IP address which allows network data to be sent simultaneously to all "
13769
"hosts on a given subnetwork rather than specifying a particular host. The "
13770
"standard general broadcast address for IP networks is 255.255.255.255, but "
13771
"this broadcast address cannot be used to send a broadcast message to every "
13772
"host on the Internet because routers block it. A more appropriate broadcast "
13773
"address is set to match a specific subnetwork. For example, on the private "
13774
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
13775
"Broadcast messages are typically produced by network protocols such as the "
13776
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13778
"<emphasis role=\"bold\">广播地址</emphasis> "
13779
"广播地址是一个允许向给定子网中的所有主机而不是一台特定的网络主机同时发送网络数据的 IP 地址。IP 网络的标准通用广播地址是 "
13780
"255.255.255.255,但这个广播地址不能用来为 Internet "
13781
"上的每台主机发送一个广播消息,因为路由器会阻止它。更特定的广播地址被设置成匹配特定的子网。例如,在私有 C 类 IP 网 192.168.1.0 "
13782
"中,广播地址为 192.168.1.255。广播消息一般都是由网络协议产生的,如地址解析协议 (ARP) 和路由信息协议 (RIP)。"
13784
#: serverguide/C/network-config.xml:697(para)
13786
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13787
"IP address through which a particular network, or host on a network, may be "
13788
"reached. If one network host wishes to communicate with another network "
13789
"host, and that host is not located on the same network, then a "
13790
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
13791
"Address will be that of a router on the same network, which will in turn "
13792
"pass traffic on to other networks or hosts, such as Internet hosts. The "
13793
"value of the Gateway Address setting must be correct, or your system will "
13794
"not be able to reach any hosts beyond those on the same network."
13796
"<emphasis role=\"bold\">网关地址</emphasis> 网关地址是一个通过该地址可能会到达指定网络或网络主机的 IP "
13797
"地址。如果一台网络主机希望与另一台网络主机通讯,而该机并不在同一网络中,就必须使用 "
13798
"<emphasis>网关</emphasis>。在很多情况下,网关地址会是同一个网络中的某台路由器,其会接着将网络流量输送到其它的网络或主机,如 "
13799
"Internet 主机。网关地址设置必须正确,否则您的系统将除了在同一个网络中的主机外不能到达任何其它主机。"
13801
#: serverguide/C/network-config.xml:708(para)
13803
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13804
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13805
"resolve network hostnames into IP addresses. There are three levels of "
13806
"Nameserver Addresses, which may be specified in order of precedence: The "
13807
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
13808
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
13809
"your system to be able to resolve network hostnames into their corresponding "
13810
"IP addresses, you must specify valid Nameserver Addresses which you are "
13811
"authorized to use in your system's TCP/IP configuration. In many cases these "
13812
"addresses can and will be provided by your network service provider, but "
13813
"many free and publicly accessible nameservers are available for use, such as "
13814
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
13817
#: serverguide/C/network-config.xml:722(para)
13819
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
13820
"Address are typically specified via the appropriate directives in the file "
13821
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
13822
"typically specified via <emphasis>nameserver</emphasis> directives in the "
13823
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
13824
"system manual page for <filename>interfaces</filename> or "
13825
"<filename>resolv.conf</filename> respectively, with the following commands "
13826
"typed at a terminal prompt:"
13828
"IP 地址、掩码、网络地址、广播地址以及网关地址一般都是在文件 <filename>/etc/network/interfaces</filename> "
13829
"中通过相应的语句来指定的。名称服务器地址一般是在文件 <filename>/etc/resolv.conf</filename> 中通过 "
13830
"<emphasis>nameserver</emphasis> 语句来指定的。更多详情,请分别查阅 "
13831
"<filename>interfaces</filename> 或 <filename>resolv.conf</filename> 的系统手册页。"
13833
#: serverguide/C/network-config.xml:729(para)
13835
"Access the system manual page for <filename>interfaces</filename> with the "
13836
"following command:"
13837
msgstr "查阅 <filename>interfaces</filename> 系统手册页,可用以下命令:"
13839
#: serverguide/C/network-config.xml:734(command)
13840
msgid "man interfaces"
13841
msgstr "man interfaces"
13843
#: serverguide/C/network-config.xml:737(para)
13845
"Access the system manual page for <filename>resolv.conf</filename> with the "
13846
"following command:"
13847
msgstr "查阅 <filename>resolv.conf</filename> 系统手册页,用以下命令:"
13849
#: serverguide/C/network-config.xml:741(command)
13850
msgid "man resolv.conf"
13851
msgstr "man resolv.conf"
13853
#: serverguide/C/network-config.xml:646(para)
13855
"The common configuration elements of TCP/IP and their purposes are as "
13856
"follows: <placeholder-1/>"
13857
msgstr "TCP/IP 常用配置元素及其作用如下所示:<placeholder-1/>"
13859
#: serverguide/C/network-config.xml:748(title)
13863
#: serverguide/C/network-config.xml:749(para)
13865
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13866
"network along which network data may be sent. Routing uses a set of "
13867
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
13868
"packets from their source to the destination, often via many intermediary "
13869
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
13870
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
13871
"<emphasis>Dynamic Routing.</emphasis>"
13873
"IP 路由是在 TCP/IP 网络上为发送的网络数据指定或发现路径的一种方法。路由使用一组 <emphasis>路由表</emphasis> "
13874
"来指示网络数据包从源地址转发到目的地,经常是通过许多叫做 <emphasis>路由器</emphasis> 的网络节点做中转。IP "
13875
"路由分为两种主要形式:<emphasis>静态</emphasis> 和 <emphasis>动态路由。</emphasis>"
13877
#: serverguide/C/network-config.xml:758(para)
13879
"Static routing involves manually adding IP routes to the system's routing "
13880
"table, and this is usually done by manipulating the routing table with the "
13881
"<application>route</application> command. Static routing enjoys many "
13882
"advantages over dynamic routing, such as simplicity of implementation on "
13883
"smaller networks, predictability (the routing table is always computed in "
13884
"advance, and thus the route is precisely the same each time it is used), and "
13885
"low overhead on other routers and network links due to the lack of a dynamic "
13886
"routing protocol. However, static routing does present some disadvantages as "
13887
"well. For example, static routing is limited to small networks and does not "
13888
"scale well. Static routing also fails completely to adapt to network outages "
13889
"and failures along the route due to the fixed nature of the route."
13891
"静态路由牵涉到手工往系统的路由表中添加 IP 路由,这通常是通过使用 <application>route</application> "
13892
"命令操作路由表来完成的。静态路由与动态路由相比有许多优势,例如在小型网络中实现简单,可预测(路由表总是事先计算得到的,因此路由在每次使用时都是精确一致的)"
13893
",以及在连接其它的路由器和网络时由于无需动态路由协议所带来的低开销。然而,静态路由同样也存在一些缺点。例如,静态路由仅限于在小型网络中使用,没有很好的递增"
13894
"适应性。而由于其路由固定的本质,静态路由在遇到沿路由的网络失效时也会完全失效。"
13896
#: serverguide/C/network-config.xml:768(para)
13898
"Dynamic routing depends on large networks with multiple possible IP routes "
13899
"from a source to a destination and makes use of special routing protocols, "
13900
"such as the Router Information Protocol (RIP), which handle the automatic "
13901
"adjustments in routing tables that make dynamic routing possible. Dynamic "
13902
"routing has several advantages over static routing, such as superior "
13903
"scalability and the ability to adapt to failures and outages along network "
13904
"routes. Additionally, there is less manual configuration of the routing "
13905
"tables, since routers learn from one another about their existence and "
13906
"available routes. This trait also eliminates the possibility of introducing "
13907
"mistakes in the routing tables via human error. Dynamic routing is not "
13908
"perfect, however, and presents disadvantages such as heightened complexity "
13909
"and additional network overhead from router communications, which does not "
13910
"immediately benefit the end users, but still consumes network bandwidth."
13912
"动态路由有赖于从一个源到目的有多条 IP 路由可用的大型网络,利用特定的路由协议,如路由信息协议 "
13913
"(RIP),其可以自动调整路由表以使动态路由成为可能。动态路由相对静态路由有一些优势,如超强的可伸缩性及能适应网络路由沿线的网络中断和故障。此外,几乎无须"
13914
"手工配置路由表,因为路由器可以相互学到其他已有并且可用的路由器。这一特性也消除了由于人为错误而在路由表中引入错误的可能。然而,动态路由也并不完美,其表现出"
13915
"来的缺点如相当复杂以及由于路由器通信所带来的额外的网络开销,后者并不能使最终用户由此获益,却仍旧会消耗网络带宽。"
13917
#: serverguide/C/network-config.xml:782(title)
13918
msgid "TCP and UDP"
13921
#: serverguide/C/network-config.xml:783(para)
13923
"TCP is a connection-based protocol, offering error correction and guaranteed "
13924
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13925
"Flow control determines when the flow of a data stream needs to be stopped, "
13926
"and previously sent data packets should to be re-sent due to problems such "
13927
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
13928
"accurate delivery of the data. TCP is typically used in the exchange of "
13929
"important information such as database transactions."
13931
"TCP 是一个基于连接的协议,提供纠错并通过 <emphasis>流量控制</emphasis> "
13932
"来确保数据的送达。流量控制决定像什么时候需要停止一个数据流,以及在出现诸如 <emphasis>冲突</emphasis> "
13933
"等问题时重发先前发送的数据包,以确保完整和准确的数据传输。TCP 常用于重要信息的交换,如数据库事务。"
13935
#: serverguide/C/network-config.xml:791(para)
13937
"The User Datagram Protocol (UDP), on the other hand, is a "
13938
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13939
"transmission of important data because it lacks flow control or any other "
13940
"method to ensure reliable delivery of the data. UDP is commonly used in such "
13941
"applications as audio and video streaming, where it is considerably faster "
13942
"than TCP due to the lack of error correction and flow control, and where the "
13943
"loss of a few packets is not generally catastrophic."
13945
"另一方面,用户数据报协议 (UDP) 是一个 <emphasis>无连接</emphasis> "
13946
"协议,很少用于重要数据的传输,因为缺乏流量控制或其他一些确保可靠数据传输的方法。UDP 常用在如音视频流这样的应用程序,由于它缺少纠错和流控,因此相对于 "
13947
"TCP 来说更快,而且丢失少量包通常也不会造成灾难性的后果。"
13949
#: serverguide/C/network-config.xml:801(title)
13953
#: serverguide/C/network-config.xml:802(para)
13955
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13956
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13957
"supports network packets containing control, error, and informational "
13958
"messages. ICMP is used by such network applications as the "
13959
"<application>ping</application> utility, which can determine the "
13960
"availability of a network host or device. Examples of some error messages "
13961
"returned by ICMP which are useful to both network hosts and devices such as "
13962
"routers, include <emphasis>Destination Unreachable</emphasis> and "
13963
"<emphasis>Time Exceeded</emphasis>."
13965
"Internet 控制消息协议是在Request For Comments (RFC) #792 中定义的,是对网际协议 (IP) "
13966
"的一个扩充。支持的网络包包括控制、错误和信息的消息。ICMP 常被用在诸如判断一台网络主机或设备可用性的 "
13967
"<application>ping</application> 工具这样的网络应用程序。在网络主机和设备如路由器之间使用 ICMP "
13968
"所返回的错误消息示例包括 <emphasis>Destination Unreachable</emphasis> 和 <emphasis>Time "
13969
"Exceeded</emphasis>。"
13971
#: serverguide/C/network-config.xml:812(title)
13975
#: serverguide/C/network-config.xml:813(para)
13977
"Daemons are special system applications which typically execute continuously "
13978
"in the background and await requests for the functions they provide from "
13979
"other applications. Many daemons are network-centric; that is, a large "
13980
"number of daemons executing in the background on an Ubuntu system may "
13981
"provide network-related functionality. Some examples of such network daemons "
13982
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13983
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13984
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13985
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13986
"Daemon</emphasis> (imapd), which provides E-Mail services."
13988
"守护程序是特殊的系统应用程序,一般常驻在后台并等待来自其他应用程序请求其所提供的功能。许多守护程序都是面向网络的;也就是说,在 Ubuntu "
13989
"系统后台执行的许多守护程序都可以提供网络的相关功能。这些网络守护程序包括 <emphasis>超文本传输协议守护程序</emphasis> "
13990
"(httpd),用于提供web服务器功能;<emphasis>Secure SHell 守护程序</emphasis> "
13991
"(sshd),用于提供安全远程登录 shell 和文件传输功能;<emphasis>Internet Message Access Protocol "
13992
"守护程序</emphasis> (imapd),用于提供 E-Mail 服务。"
13994
#: serverguide/C/network-config.xml:828(para)
13996
"There are man pages for <ulink "
13997
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
13998
"ulink> and <ulink "
13999
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
14000
"> that contain more useful information."
14003
#: serverguide/C/network-config.xml:834(para)
14005
"Also, see the <ulink "
14006
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
14007
"and Technical Overview</ulink> IBM Redbook."
14010
#: serverguide/C/network-config.xml:840(para)
14012
"Another resource is O'Reilly's <ulink "
14013
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
14014
"Administration</ulink>."
14017
#: serverguide/C/network-config.xml:849(title)
14018
msgid "Dynamic Host Configuration Protocol (DHCP)"
14019
msgstr "动态主机配置协议 (DHCP)"
14021
#: serverguide/C/network-config.xml:850(para)
14023
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
14024
"enables host computers to be automatically assigned settings from a server "
14025
"as opposed to manually configuring each network host. Computers configured "
14026
"to be DHCP clients have no control over the settings they receive from the "
14027
"DHCP server, and the configuration is transparent to the computer's user."
14029
"动态主机配置协议 (DHCP) 是一种网络服务,相对于手工为每台网络主机配置,它使网络主机可能自动被服务器指定设置。被配置成 DHCP "
14030
"客户端的计算机并不能控制其从 DHCP 服务器得到的设置,且该配置对于计算机用户来说是透明的。"
14032
#: serverguide/C/network-config.xml:857(para)
14034
"The most common settings provided by a DHCP server to DHCP clients include:"
14035
msgstr "由 DHCP 服务器提供给 DHCP 客户端最常用的设置包括:"
14037
#: serverguide/C/network-config.xml:862(para)
14038
msgid "IP-Address and Netmask"
14041
#: serverguide/C/network-config.xml:865(para)
14045
#: serverguide/C/network-config.xml:868(para)
14049
#: serverguide/C/network-config.xml:871(para)
14051
"However, a DHCP server can also supply configuration properties such as:"
14052
msgstr "然而,一个 DHCP 服务器也支持配置如下属性,如:"
14054
#: serverguide/C/network-config.xml:876(para)
14058
#: serverguide/C/network-config.xml:879(para)
14059
msgid "Domain Name"
14062
#: serverguide/C/network-config.xml:882(para)
14063
msgid "Default Gateway"
14066
#: serverguide/C/network-config.xml:885(para)
14067
msgid "Time Server"
14070
#: serverguide/C/network-config.xml:888(para)
14071
msgid "Print Server"
14074
#: serverguide/C/network-config.xml:891(para)
14076
"The advantage of using DHCP is that changes to the network, for example a "
14077
"change in the address of the DNS server, need only be changed at the DHCP "
14078
"server, and all network hosts will be reconfigured the next time their DHCP "
14079
"clients poll the DHCP server. As an added advantage, it is also easier to "
14080
"integrate new computers into the network, as there is no need to check for "
14081
"the availability of an IP address. Conflicts in IP address allocation are "
14084
"使用 DHCP 的好处在于当网络发生改变如 DNS 服务器地址改变时,只需要在 DHCP 服务器中改变即可,所有网络主机将在其 DHCP "
14085
"客户端下一次轮询 DHCP 服务器时被重新配置。另一个好处就是,它在将新计算机整合到网络时也更容易,因为不需要再检查 IP 地址的有效性。同时也减少 "
14088
#: serverguide/C/network-config.xml:899(para)
14089
msgid "A DHCP server can provide configuration settings using two methods:"
14090
msgstr "一个 DHCP 服务器可以用两个模式来提供配置设置"
14092
#: serverguide/C/network-config.xml:904(term)
14093
msgid "MAC Address"
14096
#: serverguide/C/network-config.xml:906(para)
14098
"This method entails using DHCP to identify the unique hardware address of "
14099
"each network card connected to the network and then continually supplying a "
14100
"constant configuration each time the DHCP client makes a request to the DHCP "
14101
"server using that network device."
14103
"该模式需要用 DHCP 去标明连接到网上的每块网卡唯一的硬件地址,然后在 DHCP 客户端每次使用该网络设备发送给 DHCP "
14104
"服务器请求时提供给它一个固定的配置。"
14106
#: serverguide/C/network-config.xml:915(term)
14107
msgid "Address Pool"
14110
#: serverguide/C/network-config.xml:917(para)
14112
"This method entails defining a pool (sometimes also called a range or scope) "
14113
"of IP addresses from which DHCP clients are supplied their configuration "
14114
"properties dynamically and on a \"first come, first served\" basis. When a "
14115
"DHCP client is no longer on the network for a specified period, the "
14116
"configuration is expired and released back to the address pool for use by "
14117
"other DHCP Clients."
14120
#: serverguide/C/network-config.xml:928(para)
14122
"Ubuntu is shipped with both DHCP server and client. The server is "
14123
"<application>dhcpd</application> (dynamic host configuration protocol "
14124
"daemon). The client provided with Ubuntu is "
14125
"<application>dhclient</application> and should be installed on all computers "
14126
"required to be automatically configured. Both programs are easy to install "
14127
"and configure and will be automatically started at system boot."
14129
"Ubuntu 提供 DHCP 服务器及其客户端。服务器叫 <application>dhcpd</application> "
14130
"(动态主机配置协议守护程序)。Ubuntu 提供的客户端叫 "
14131
"<application>dhclient</application>,应该安装在所有自动配置的计算机上。这两个程序很容易安装和配置,并可在系统引导时自动"
14134
#: serverguide/C/network-config.xml:938(para)
14136
"At a terminal prompt, enter the following command to install "
14137
"<application>dhcpd</application>:"
14138
msgstr "要安装 <application>dhcpd</application>,可以在终端提示符后输入以下命令:"
14140
#: serverguide/C/network-config.xml:943(command)
14141
msgid "sudo apt-get install dhcp3-server"
14142
msgstr "sudo apt-get install dhcp3-server"
14144
#: serverguide/C/network-config.xml:945(para)
14146
"You will probably need to change the default configuration by editing "
14147
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
14148
msgstr "您可能需要通过编辑 /etc/dhcp3/dhcpd.conf 来改变其默认配置,以使其满足您的需要和特定配置。"
14150
#: serverguide/C/network-config.xml:949(para)
14152
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
14153
"dhcpd should listen to. By default it listens to eth0."
14154
msgstr "您还需要编辑 /etc/default/dhcp3-server 来指定 dhcpd 要监听的网络接口。其默认会监听 eth0。"
14156
#: serverguide/C/network-config.xml:953(para)
14158
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
14160
msgstr "注意:dhcpd 的消息会被发往 syslog。可以在那里寻找诊断信息。"
14162
#: serverguide/C/network-config.xml:960(para)
14164
"The error message the installation ends with might be a little confusing, "
14165
"but the following steps will help you configure the service:"
14166
msgstr "安装结束后的错误消息可能会带来小小的困惑,不过下面几步将帮助您配置服务:"
14168
#: serverguide/C/network-config.xml:964(para)
14170
"Most commonly, what you want to do is assign an IP address randomly. This "
14171
"can be done with settings as follows:"
14172
msgstr "通常,您想做的是随机指定一个 IP 地址。这可以通过以下设置来实现:"
14174
#: serverguide/C/network-config.xml:968(programlisting)
14178
"# Sample /etc/dhcpd.conf\n"
14179
"# (add your comments here) \n"
14180
"default-lease-time 600;\n"
14181
"max-lease-time 7200;\n"
14182
"option subnet-mask 255.255.255.0;\n"
14183
"option broadcast-address 192.168.1.255;\n"
14184
"option routers 192.168.1.254;\n"
14185
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
14186
"option domain-name \"mydomain.example\";\n"
14188
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
14189
"range 192.168.1.10 192.168.1.100;\n"
14190
"range 192.168.1.150 192.168.1.200;\n"
14194
#: serverguide/C/network-config.xml:984(para)
14196
"This will result in the DHCP server giving a client an IP address from the "
14197
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
14198
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
14199
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
14200
"server will also \"advise\" the client that it should use 255.255.255.0 as "
14201
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
14202
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
14204
"这将导致 DHCP 服务器从 192.168.1.10-192.168.1.100 或 192.168.1.150-192.168.1.200 "
14205
"范围中分配客户端一个 IP 地址。如果客户端没有要求一个特定的时间帧的话它将租用 600秒的 IP 地址。否则最大 (允许) 租用时间为 7200 "
14206
"秒。服务器也 \"建议\" 客户端使用 255.255.255.0 做为它的子网掩码,192.168.1.255 "
14207
"作为它的广播地址,192.168.1.254 作为路由器/网关,同时将 192.168.1.1 和 192.168.1.2 作为它的 DNS 服务器。"
14209
#: serverguide/C/network-config.xml:993(para)
14211
"If you need to specify a WINS server for your Windows clients, you will need "
14212
"to include the netbios-name-servers option, e.g."
14213
msgstr "如果您需要为您的 Windows 客户机指定一个 WINS 服务器,您需要包含 netbios-name-servers 选项,如:"
14215
#: serverguide/C/network-config.xml:997(programlisting)
14219
"option netbios-name-servers 192.168.1.1; \n"
14222
#: serverguide/C/network-config.xml:1000(para)
14224
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
14226
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
14228
"Dhcpd 配置设置可以从 DHCP 快速指南中得到,该指南可以在 <ulink "
14229
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">这里</ulink> 找到。"
14231
#: serverguide/C/network-config.xml:1010(para)
14233
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
14234
"server Ubuntu Wiki</ulink> page has more information."
14237
#: serverguide/C/network-config.xml:1015(para)
14239
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
14240
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
14241
"\">dhcpd.conf man page</ulink>."
14244
#: serverguide/C/network-config.xml:1021(para)
14246
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
14250
#: serverguide/C/network-config.xml:1031(title)
14251
msgid "Time Synchronisation with NTP"
14252
msgstr "使用 NTP 进行时间同步"
14254
#: serverguide/C/network-config.xml:1032(para)
14256
"This page describes methods for keeping your computer's time accurate. This "
14257
"is useful for servers, but is not necessary (or desirable) for desktop "
14259
msgstr "本页描述了使您计算机的时间保持准确的方法。这对于服务器来说很有用,但对于桌面计算机来说则不是必需的(或可取的)。"
14261
#: serverguide/C/network-config.xml:1035(para)
14263
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
14264
"client requests the current time from a server, and uses it to set its own "
14266
msgstr "NTP 是通过网络来同步时间的一种 TCP/IP 协议。通常客户端向服务器请求当前的时间,并根据结果来设置其时钟。"
14268
#: serverguide/C/network-config.xml:1038(para)
14270
"Behind this simple description, there is a lot of complexity - there are "
14271
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
14272
"clocks (often via GPS), and tier two and three servers spreading the load of "
14273
"actually handling requests across the Internet. Also the client software is "
14274
"a lot more complex than you might think - it has to factor out communication "
14275
"delays, and adjust the time in a way that does not upset all the other "
14276
"processes that run on the server. But luckily all that complexity is hidden "
14280
#: serverguide/C/network-config.xml:1041(para)
14282
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
14283
msgstr "Ubuntu 有两种方式可以自动设置您的时间:ntpdate 和 ntpd。"
14285
#: serverguide/C/network-config.xml:1046(title)
14289
#: serverguide/C/network-config.xml:1047(para)
14291
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
14292
"set up your time according to Ubuntu's NTP server. However, a server's clock "
14293
"is likely to drift considerably between reboots, so it makes sense to "
14294
"correct the time occasionally. The easiest way to do this is to get cron to "
14295
"run ntpdate every day. With your favorite editor, as root, create a file "
14296
"<code>/etc/cron.daily/ntpdate</code> containing:"
14299
#: serverguide/C/network-config.xml:1052(screen)
14301
msgid "ntpdate ntp.ubuntu.com\n"
14302
msgstr "ntpdate ntp.ubuntu.com\n"
14304
#: serverguide/C/network-config.xml:1054(para)
14306
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
14307
msgstr "<code>/etc/cron.daily/ntpdate</code> 文件还必须是可执行的。"
14309
#: serverguide/C/network-config.xml:1057(screen)
14311
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
14312
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
14314
#: serverguide/C/network-config.xml:1061(title)
14318
#: serverguide/C/network-config.xml:1062(para)
14320
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
14321
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
14322
"calculates the drift of your system clock and continuously adjusts it, so "
14323
"there are no large corrections that could lead to inconsistent logs for "
14324
"instance. The cost is a little processing power and memory, but for a modern "
14325
"server this is negligible."
14327
"ntpdate 有些迟钝 - 它只能一天调整一次时间,每次都是一个大改动。而 ntp 守护进程 ntpd "
14328
"就很灵巧。它会计算您系统时钟的偏差并持续不断地调整时间,这样就不至于因为调整过大而引起像日志不一致这样的问题。其代价是消耗一点处理能力和内存,但对于现代服"
14331
#: serverguide/C/network-config.xml:1065(para)
14332
msgid "To set up ntpd:"
14333
msgstr "若想设置 ntpd:"
14335
#: serverguide/C/network-config.xml:1066(screen)
14337
msgid "sudo apt-get install ntp\n"
14340
#: serverguide/C/network-config.xml:1071(title)
14341
msgid "Changing Time Servers"
14344
#: serverguide/C/network-config.xml:1072(para)
14346
"In both cases above, your system will use Ubuntu's NTP server at "
14347
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
14348
"use several servers to increase accuracy and resilience, and you may want to "
14349
"use time servers that are geographically closer to you. to do this for "
14350
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
14352
"在上述的两种情况中,您的系统会默认使用位于 <code>ntp.ubuntu.com</code> 的 Ubuntu NTP "
14353
"服务器。这没有问题,但您可以会想使用多个服务器来增加准确性和弹性,并且使用在地理位置上更接近您的时间服务器。若要对 ntpdate 这样做,请将 "
14354
"<code>/etc/cron.daily/ntpdate</code> 的内容修改为:"
14356
#: serverguide/C/network-config.xml:1079(screen)
14358
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
14359
msgstr "ntpdate ntp.ubuntu.com pool.ntp.org \n"
14361
#: serverguide/C/network-config.xml:1081(para)
14363
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
14365
msgstr "对于 ntpd,请编辑 <code>/etc/ntp.conf</code> 以加入额外的服务器:"
14367
#: serverguide/C/network-config.xml:1086(screen)
14370
"server ntp.ubuntu.com\n"
14371
"server pool.ntp.org\n"
14373
"server ntp.ubuntu.com\n"
14374
"server pool.ntp.org\n"
14376
#: serverguide/C/network-config.xml:1089(para)
14378
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
14379
"really good idea which uses round-robin DNS to return an NTP server from a "
14380
"pool, spreading the load between several different servers. Even better, "
14381
"they have pools for different regions - for instance, if you are in New "
14382
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
14383
"<code>pool.ntp.org</code> . Look at <ulink "
14384
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
14387
"您可能注意到了上面例子中的 <code>pool.ntp.org</code>。通过一个使用转轮法的 DNS 来从服务器池中返回一个 NTP "
14388
"服务器实在是个好主意,这样可以在不同的服务器之间平摊负载。更好的是,对于不同的区域有不同的服务器池 - 例如,假如您在新西兰的话,您就可以使用 "
14389
"<code>nz.pool.ntp.org</code> 取代 <code>pool.ntp.org</code>。参见 <ulink "
14390
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> 以获得更多信息。"
14392
#: serverguide/C/network-config.xml:1100(para)
14394
"You can also Google for NTP servers in your region, and add these to your "
14395
"configuration. To test that a server works, just type <code>sudo ntpdate "
14396
"ntp.server.name</code> and see what happens."
14398
"您也可以使用 Google 搜索您所在区域中的 NTP 服务器,再将其加入您的配置中。若想测试该服务器是否工作,只需键入 <code>sudo "
14399
"ntpdate ntp.server.name</code> 然后看结果。"
14401
#: serverguide/C/network-config.xml:1111(para)
14403
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
14404
"Time</ulink> wiki page for more information."
14407
#: serverguide/C/network-config.xml:1117(ulink)
14408
msgid "NTP Support"
14411
#: serverguide/C/network-config.xml:1122(ulink)
14412
msgid "The NTP FAQ and HOWTO"
14413
msgstr "NTP FAQ 和 HOWTO"
14415
#: serverguide/C/network-auth.xml:13(title)
14416
msgid "Network Authentication"
14419
#: serverguide/C/network-auth.xml:15(para)
14420
msgid "This section explains various Network Authentication protocols."
14421
msgstr "本节解释各种网络认证协议"
14423
#: serverguide/C/network-auth.xml:19(title)
14424
msgid "OpenLDAP Server"
14425
msgstr "OpenLDAP 服务器"
14427
#: serverguide/C/network-auth.xml:20(para)
14429
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
14430
"simplified version of the X.500 protocol. The directory setup in this "
14431
"section will be used for authentication. Nevertheless, LDAP can be used in "
14432
"numerous ways: authentication, shared directory (for mail clients), address "
14436
#: serverguide/C/network-auth.xml:28(para)
14438
"To describe LDAP quickly, all information is stored in a tree structure. "
14439
"With <application>OpenLDAP</application> you have freedom to determine the "
14440
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
14441
"We will begin with a basic tree containing two nodes below the root:"
14444
#: serverguide/C/network-auth.xml:37(para)
14445
msgid "\"People\" node where your users will be stored"
14446
msgstr "\"People\" 节点,将存储您的用户"
14448
#: serverguide/C/network-auth.xml:40(para)
14449
msgid "\"Groups\" node where your groups will be stored"
14450
msgstr "\"Groups\" 节点,将存储您的组"
14452
#: serverguide/C/network-auth.xml:44(para)
14454
"Before beginning, you should determine what the root of your LDAP directory "
14455
"will be. By default, your tree will be determined by your Fully Qualified "
14456
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
14457
"example), your root node will be dc=example,dc=com."
14460
#: serverguide/C/network-auth.xml:54(para)
14462
"First, install the <application>OpenLDAP</application> server daemon "
14463
"<application>slapd</application> and <application>ldap-utils</application>, "
14464
"a package containing LDAP management utilities:"
14467
#: serverguide/C/network-auth.xml:60(command)
14468
msgid "sudo apt-get install slapd ldap-utils"
14471
#: serverguide/C/network-auth.xml:63(para)
14473
"By default <application>slapd</application> is configured with minimal "
14474
"options needed to run the <application>slapd</application> daemon."
14477
#: serverguide/C/network-auth.xml:68(para)
14479
"The configuration example in the following sections will match the domain "
14480
"name of the server. For example, if the machine's Fully Qualified Domain "
14481
"Name (FQDN) is ldap.example.com, the default suffix will be "
14482
"<emphasis>dc=example,dc=com</emphasis>."
14485
#: serverguide/C/network-auth.xml:76(title)
14486
msgid "Populating LDAP"
14489
#: serverguide/C/network-auth.xml:78(para)
14491
"<application>OpenLDAP</application> uses a separate directory which contains "
14492
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
14493
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
14494
"<application>slapd</application> daemon, allowing the modification of schema "
14495
"definitions, indexes, ACLs, etc without stopping the service."
14498
#: serverguide/C/network-auth.xml:86(para)
14500
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
14501
"configuration and will need additional configuration options in order to "
14502
"populate the frontend directory. The frontend will be populated with a "
14503
"\"classical\" scheme that will be compatible with address book applications "
14504
"and with Unix Posix accounts. Posix accounts will allow authentication to "
14505
"various applications, such as web applications, email Mail Transfer Agent "
14506
"(MTA) applications, etc."
14509
#: serverguide/C/network-auth.xml:95(para)
14511
"For external applications to authenticate using LDAP they will each need to "
14512
"be specifically configured to do so. Refer to the individual application "
14513
"documentation for details."
14516
#: serverguide/C/network-auth.xml:103(para)
14518
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
14519
"examples to match your LDAP configuration."
14522
#: serverguide/C/network-auth.xml:108(para)
14524
"First, some additional schema files need to be loaded. In a terminal enter:"
14527
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
14528
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
14531
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
14532
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
14535
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
14537
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
14540
#: serverguide/C/network-auth.xml:118(para)
14542
"Next, copy the following example LDIF file, naming it "
14543
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
14546
#: serverguide/C/network-auth.xml:123(programlisting)
14550
"# Load dynamic backend modules\n"
14551
"dn: cn=module,cn=config\n"
14552
"objectClass: olcModuleList\n"
14554
"olcModulepath: /usr/lib/ldap\n"
14555
"olcModuleload: back_hdb\n"
14557
"# Database settings\n"
14558
"dn: olcDatabase=hdb,cn=config\n"
14559
"objectClass: olcDatabaseConfig\n"
14560
"objectClass: olcHdbConfig\n"
14561
"olcDatabase: {1}hdb\n"
14562
"olcSuffix: dc=example,dc=com\n"
14563
"olcDbDirectory: /var/lib/ldap\n"
14564
"olcRootDN: cn=admin,dc=example,dc=com\n"
14565
"olcRootPW: secret\n"
14566
"olcDbConfig: set_cachesize 0 2097152 0\n"
14567
"olcDbConfig: set_lk_max_objects 1500\n"
14568
"olcDbConfig: set_lk_max_locks 1500\n"
14569
"olcDbConfig: set_lk_max_lockers 1500\n"
14570
"olcDbIndex: objectClass eq\n"
14571
"olcLastMod: TRUE\n"
14572
"olcDbCheckpoint: 512 30\n"
14573
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14574
"by anonymous auth by self write by * none\n"
14575
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14576
"olcAccess: to dn.base=\"\" by * read\n"
14577
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14581
#: serverguide/C/network-auth.xml:155(para)
14583
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
14586
#: serverguide/C/network-auth.xml:160(para)
14587
msgid "Now add the LDIF to the directory:"
14590
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
14591
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
14594
#: serverguide/C/network-auth.xml:168(para)
14596
"The frontend directory is now ready to be populated. Create a "
14597
"<filename>frontend.example.com.ldif</filename> with the following contents:"
14600
#: serverguide/C/network-auth.xml:173(programlisting)
14604
"# Create top-level object in domain\n"
14605
"dn: dc=example,dc=com\n"
14606
"objectClass: top\n"
14607
"objectClass: dcObject\n"
14608
"objectclass: organization\n"
14609
"o: Example Organization\n"
14611
"description: LDAP Example \n"
14614
"dn: cn=admin,dc=example,dc=com\n"
14615
"objectClass: simpleSecurityObject\n"
14616
"objectClass: organizationalRole\n"
14618
"description: LDAP administrator\n"
14619
"userPassword: secret\n"
14621
"dn: ou=people,dc=example,dc=com\n"
14622
"objectClass: organizationalUnit\n"
14625
"dn: ou=groups,dc=example,dc=com\n"
14626
"objectClass: organizationalUnit\n"
14629
"dn: uid=john,ou=people,dc=example,dc=com\n"
14630
"objectClass: inetOrgPerson\n"
14631
"objectClass: posixAccount\n"
14632
"objectClass: shadowAccount\n"
14635
"givenName: John\n"
14637
"displayName: John Doe\n"
14638
"uidNumber: 1000\n"
14639
"gidNumber: 10000\n"
14640
"userPassword: password\n"
14641
"gecos: John Doe\n"
14642
"loginShell: /bin/bash\n"
14643
"homeDirectory: /home/john\n"
14644
"shadowExpire: -1\n"
14646
"shadowWarning: 7\n"
14648
"shadowMax: 999999\n"
14649
"shadowLastChange: 10877\n"
14650
"mail: john.doe@example.com\n"
14651
"postalCode: 31000\n"
14654
"mobile: +33 (0)6 xx xx xx xx\n"
14655
"homePhone: +33 (0)5 xx xx xx xx\n"
14656
"title: System Administrator\n"
14657
"postalAddress: \n"
14660
"dn: cn=example,ou=groups,dc=example,dc=com\n"
14661
"objectClass: posixGroup\n"
14663
"gidNumber: 10000\n"
14666
#: serverguide/C/network-auth.xml:236(para)
14668
"In this example the directory structure, a user, and a group have been "
14669
"setup. In other examples you might see the <emphasis>objectClass: "
14670
"top</emphasis> added in every entry, but that is the default behaviour so "
14671
"you do not have to add it explicitly."
14674
#: serverguide/C/network-auth.xml:243(para)
14675
msgid "Add the entries to the LDAP directory:"
14678
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
14680
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
14683
#: serverguide/C/network-auth.xml:252(para)
14685
"We can check that the content has been correctly added with the "
14686
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
14690
#: serverguide/C/network-auth.xml:258(command)
14691
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
14694
#: serverguide/C/network-auth.xml:259(computeroutput)
14698
"dn: uid=john,ou=people,dc=example,dc=com\n"
14701
"givenName: John\n"
14704
#: serverguide/C/network-auth.xml:267(para)
14705
msgid "Just a quick explanation:"
14708
#: serverguide/C/network-auth.xml:273(para)
14710
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
14714
#: serverguide/C/network-auth.xml:279(para)
14715
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
14718
#: serverguide/C/network-auth.xml:287(title)
14719
msgid "Further Configuration"
14722
#: serverguide/C/network-auth.xml:290(para)
14724
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
14725
"utilities in the <application>ldap-utils</application> package. For example:"
14728
#: serverguide/C/network-auth.xml:298(para)
14730
"Use <application>ldapsearch</application> to view the tree, entering the "
14731
"admin password set during installation or reconfiguration:"
14734
#: serverguide/C/network-auth.xml:304(command)
14735
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
14738
#: serverguide/C/network-auth.xml:308(computeroutput)
14742
"SASL/EXTERNAL authentication started\n"
14743
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14747
"dn: cn=module{0},cn=config\n"
14749
"dn: cn=schema,cn=config\n"
14751
"dn: cn={0}core,cn=schema,cn=config\n"
14753
"dn: cn={1}cosine,cn=schema,cn=config\n"
14755
"dn: cn={2}nis,cn=schema,cn=config\n"
14757
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14759
"dn: olcDatabase={-1}frontend,cn=config\n"
14761
"dn: olcDatabase={0}config,cn=config\n"
14763
"dn: olcDatabase={1}hdb,cn=config\n"
14766
#: serverguide/C/network-auth.xml:334(para)
14768
"The output above is the current configuration options for the "
14769
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
14772
#: serverguide/C/network-auth.xml:342(para)
14774
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
14775
"another attribute to the index list using "
14776
"<application>ldapmodify</application>:"
14779
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
14780
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
14783
#: serverguide/C/network-auth.xml:356(userinput)
14786
"dn: olcDatabase={1}hdb,cn=config\n"
14787
"add: olcDbIndex\n"
14788
"olcDbIndex: uidNumber eq"
14791
#: serverguide/C/network-auth.xml:352(computeroutput)
14795
"SASL/EXTERNAL authentication started\n"
14796
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14798
"<placeholder-1/>\n"
14800
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14803
#: serverguide/C/network-auth.xml:364(para)
14805
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
14806
"exit the utility."
14809
#: serverguide/C/network-auth.xml:371(para)
14811
"<application>ldapmodify</application> can also read the changes from a file. "
14812
"Copy and paste the following into a file named "
14813
"<filename>uid_index.ldif</filename>:"
14816
#: serverguide/C/network-auth.xml:376(programlisting)
14820
"dn: olcDatabase={1}hdb,cn=config\n"
14821
"add: olcDbIndex\n"
14822
"olcDbIndex: uid eq,pres,sub\n"
14825
#: serverguide/C/network-auth.xml:382(para)
14826
msgid "Then execute <application>ldapmodify</application>:"
14829
#: serverguide/C/network-auth.xml:387(command)
14830
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14833
#: serverguide/C/network-auth.xml:391(computeroutput)
14837
"SASL/EXTERNAL authentication started\n"
14838
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14840
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14843
#: serverguide/C/network-auth.xml:399(para)
14844
msgid "The file method is very useful for large changes."
14847
#: serverguide/C/network-auth.xml:406(para)
14849
"Adding additional <emphasis>schemas</emphasis> to "
14850
"<application>slapd</application> requires the schema to be converted to LDIF "
14851
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
14852
"directory contains some schema files already converted to LDIF format as "
14853
"demonstrated in the previous section. Fortunately, the "
14854
"<application>slapd</application> program can be used to automate the "
14855
"conversion. The following example will add the "
14856
"<emphasis>dyngroup.schema</emphasis>:"
14859
#: serverguide/C/network-auth.xml:416(para)
14861
"First, create a conversion <filename>schema_convert.conf</filename> file "
14862
"containing the following lines:"
14865
#: serverguide/C/network-auth.xml:421(programlisting)
14869
"include /etc/ldap/schema/core.schema\n"
14870
"include /etc/ldap/schema/collective.schema\n"
14871
"include /etc/ldap/schema/corba.schema\n"
14872
"include /etc/ldap/schema/cosine.schema\n"
14873
"include /etc/ldap/schema/duaconf.schema\n"
14874
"include /etc/ldap/schema/dyngroup.schema\n"
14875
"include /etc/ldap/schema/inetorgperson.schema\n"
14876
"include /etc/ldap/schema/java.schema\n"
14877
"include /etc/ldap/schema/misc.schema\n"
14878
"include /etc/ldap/schema/nis.schema\n"
14879
"include /etc/ldap/schema/openldap.schema\n"
14880
"include /etc/ldap/schema/ppolicy.schema\n"
14883
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
14884
msgid "Next, create a temporary directory to hold the output:"
14887
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
14888
msgid "mkdir /tmp/ldif_output"
14891
#: serverguide/C/network-auth.xml:450(para)
14893
"Now using <application>slapcat</application> convert the schema files to "
14897
#: serverguide/C/network-auth.xml:455(command)
14899
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14900
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
14903
#: serverguide/C/network-auth.xml:458(para)
14905
"Adjust the configuration file name and temporary directory names if yours "
14906
"are different. Also, it may be worthwhile to keep the "
14907
"<filename>ldif_output</filename> directory around in case you want to add "
14908
"additional schemas in the future."
14911
#: serverguide/C/network-auth.xml:467(para)
14913
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
14914
"following attributes:"
14917
#: serverguide/C/network-auth.xml:471(programlisting)
14921
"dn: cn=dyngroup,cn=schema,cn=config\n"
14926
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
14927
msgid "And remove the following lines from the bottom of the file:"
14930
#: serverguide/C/network-auth.xml:481(programlisting)
14934
"structuralObjectClass: olcSchemaConfig\n"
14935
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
14936
"creatorsName: cn=config\n"
14937
"createTimestamp: 20080826021140Z\n"
14938
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
14939
"modifiersName: cn=config\n"
14940
"modifyTimestamp: 20080826021140Z\n"
14943
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
14945
"The attribute values will vary, just be sure the attributes are removed."
14948
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
14950
"Finally, using the <application>ldapadd</application> utility, add the new "
14951
"schema to the directory:"
14954
#: serverguide/C/network-auth.xml:506(command)
14955
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
14958
#: serverguide/C/network-auth.xml:512(para)
14960
"There should now be a <emphasis>dn: "
14961
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
14964
#: serverguide/C/network-auth.xml:522(title)
14965
msgid "LDAP Replication"
14968
#: serverguide/C/network-auth.xml:524(para)
14970
"LDAP often quickly becomes a highly critical service to the network. "
14971
"Multiple systems will come to depend on LDAP for authentication, "
14972
"authorization, configuration, etc. It is a good idea to setup a redundant "
14973
"system through replication."
14976
#: serverguide/C/network-auth.xml:530(para)
14978
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
14979
"Syncrepl allows the changes to be synced using a "
14980
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
14981
"provider sends directory changes to consumers."
14984
#: serverguide/C/network-auth.xml:537(title)
14985
msgid "Provider Configuration"
14988
#: serverguide/C/network-auth.xml:539(para)
14990
"The following is an example of a <emphasis>Single-Master</emphasis> "
14991
"configuration. In this configuration one OpenLDAP server is configured as a "
14992
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
14995
#: serverguide/C/network-auth.xml:547(para)
14997
"First, configure the provider server. Copy the following to a file named "
14998
"<filename>provider_sync.ldif</filename>:"
15001
#: serverguide/C/network-auth.xml:552(programlisting)
15005
"# Add indexes to the frontend db.\n"
15006
"dn: olcDatabase={1}hdb,cn=config\n"
15007
"changetype: modify\n"
15008
"add: olcDbIndex\n"
15009
"olcDbIndex: entryCSN eq\n"
15011
"add: olcDbIndex\n"
15012
"olcDbIndex: entryUUID eq\n"
15014
"#Load the syncprov and accesslog modules.\n"
15015
"dn: cn=module{0},cn=config\n"
15016
"changetype: modify\n"
15017
"add: olcModuleLoad\n"
15018
"olcModuleLoad: syncprov\n"
15020
"add: olcModuleLoad\n"
15021
"olcModuleLoad: accesslog\n"
15023
"# Accesslog database definitions\n"
15024
"dn: olcDatabase={2}hdb,cn=config\n"
15025
"objectClass: olcDatabaseConfig\n"
15026
"objectClass: olcHdbConfig\n"
15027
"olcDatabase: {2}hdb\n"
15028
"olcDbDirectory: /var/lib/ldap/accesslog\n"
15029
"olcSuffix: cn=accesslog\n"
15030
"olcRootDN: cn=admin,dc=example,dc=com\n"
15031
"olcDbIndex: default eq\n"
15032
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
15034
"# Accesslog db syncprov.\n"
15035
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
15036
"changetype: add\n"
15037
"objectClass: olcOverlayConfig\n"
15038
"objectClass: olcSyncProvConfig\n"
15039
"olcOverlay: syncprov\n"
15040
"olcSpNoPresent: TRUE\n"
15041
"olcSpReloadHint: TRUE\n"
15043
"# syncrepl Provider for primary db\n"
15044
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
15045
"changetype: add\n"
15046
"objectClass: olcOverlayConfig\n"
15047
"objectClass: olcSyncProvConfig\n"
15048
"olcOverlay: syncprov\n"
15049
"olcSpNoPresent: TRUE\n"
15051
"# accesslog overlay definitions for primary db\n"
15052
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
15053
"objectClass: olcOverlayConfig\n"
15054
"objectClass: olcAccessLogConfig\n"
15055
"olcOverlay: accesslog\n"
15056
"olcAccessLogDB: cn=accesslog\n"
15057
"olcAccessLogOps: writes\n"
15058
"olcAccessLogSuccess: TRUE\n"
15059
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
15060
"olcAccessLogPurge: 07+00:00 01+00:00\n"
15063
#: serverguide/C/network-auth.xml:614(para)
15065
"The <application>AppArmor</application> profile for "
15066
"<application>slapd</application> will need to be adjusted for the accesslog "
15067
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
15071
#: serverguide/C/network-auth.xml:619(programlisting)
15075
" /var/lib/ldap/accesslog/ r,\n"
15076
" /var/lib/ldap/accesslog/** rwk,\n"
15079
#: serverguide/C/network-auth.xml:624(para)
15081
"Then create the directory, reload the <application>apparmor</application> "
15082
"profile, and copy the <filename>DB_CONFIG</filename> file:"
15085
#: serverguide/C/network-auth.xml:630(command)
15086
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
15089
#: serverguide/C/network-auth.xml:631(command)
15090
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
15093
#: serverguide/C/network-auth.xml:636(para)
15095
"Using the <emphasis>-u openldap</emphasis> option with the "
15096
"<application>sudo</application> commands above removes the need to adjust "
15097
"permissions for the new directory later."
15100
#: serverguide/C/network-auth.xml:645(para)
15102
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
15106
#: serverguide/C/network-auth.xml:649(programlisting)
15110
"olcRootDN: cn=admin,dc=example,dc=com\n"
15113
#: serverguide/C/network-auth.xml:657(para)
15115
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
15118
#: serverguide/C/network-auth.xml:662(command)
15119
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
15122
#: serverguide/C/network-auth.xml:669(para)
15123
msgid "Restart <application>slapd</application>:"
15126
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
15127
msgid "sudo /etc/init.d/slapd restart"
15130
#: serverguide/C/network-auth.xml:680(para)
15132
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
15133
"to configure a <emphasis>Consumer</emphasis> server."
15136
#: serverguide/C/network-auth.xml:687(title)
15137
msgid "Consumer Configuration"
15140
#: serverguide/C/network-auth.xml:692(para)
15142
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
15143
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
15144
"configuration steps."
15147
#: serverguide/C/network-auth.xml:697(para)
15148
msgid "Add the additional schema files:"
15151
#: serverguide/C/network-auth.xml:707(para)
15153
"Also, create, or copy from the provider server, the "
15154
"<filename>backend.example.com.ldif</filename>"
15157
#: serverguide/C/network-auth.xml:711(programlisting)
15161
"# Load dynamic backend modules\n"
15162
"dn: cn=module,cn=config\n"
15163
"objectClass: olcModuleList\n"
15165
"olcModulepath: /usr/lib/ldap\n"
15166
"olcModuleload: back_hdb\n"
15168
"# Database settings\n"
15169
"dn: olcDatabase=hdb,cn=config\n"
15170
"objectClass: olcDatabaseConfig\n"
15171
"objectClass: olcHdbConfig\n"
15172
"olcDatabase: {1}hdb\n"
15173
"olcSuffix: dc=example,dc=com\n"
15174
"olcDbDirectory: /var/lib/ldap\n"
15175
"olcRootDN: cn=admin,dc=example,dc=com\n"
15176
"olcRootPW: secret\n"
15177
"olcDbConfig: set_cachesize 0 2097152 0\n"
15178
"olcDbConfig: set_lk_max_objects 1500\n"
15179
"olcDbConfig: set_lk_max_locks 1500\n"
15180
"olcDbConfig: set_lk_max_lockers 1500\n"
15181
"olcDbIndex: objectClass eq\n"
15182
"olcLastMod: TRUE\n"
15183
"olcDbCheckpoint: 512 30\n"
15184
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
15185
"by anonymous auth by self write by * none\n"
15186
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
15187
"olcAccess: to dn.base=\"\" by * read\n"
15188
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
15191
#: serverguide/C/network-auth.xml:741(para)
15192
msgid "And add the LDIF by entering:"
15195
#: serverguide/C/network-auth.xml:752(para)
15197
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
15198
"listed above, and add it:"
15201
#: serverguide/C/network-auth.xml:760(para)
15203
"The two severs should now have the same configuration except for the "
15204
"<emphasis>Syncrepl</emphasis> options."
15207
#: serverguide/C/network-auth.xml:768(para)
15209
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
15212
#: serverguide/C/network-auth.xml:772(programlisting)
15216
"#Load the syncprov module.\n"
15217
"dn: cn=module{0},cn=config\n"
15218
"changetype: modify\n"
15219
"add: olcModuleLoad\n"
15220
"olcModuleLoad: syncprov\n"
15222
"# syncrepl specific indices\n"
15223
"dn: olcDatabase={1}hdb,cn=config\n"
15224
"changetype: modify\n"
15225
"add: olcDbIndex\n"
15226
"olcDbIndex: entryUUID eq\n"
15228
"add: olcSyncRepl\n"
15229
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15230
"binddn=\"cn=admin,dc=example,dc=com\" \n"
15231
" credentials=secret searchbase=\"dc=example,dc=com\" "
15232
"logbase=\"cn=accesslog\" \n"
15233
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
15234
"schemachecking=on \n"
15235
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
15237
"add: olcUpdateRef\n"
15238
"olcUpdateRef: ldap://ldap01.example.com\n"
15241
#: serverguide/C/network-auth.xml:795(para)
15242
msgid "You will probably want to change the following attributes:"
15245
#: serverguide/C/network-auth.xml:800(para)
15246
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
15249
#: serverguide/C/network-auth.xml:801(emphasis)
15253
#: serverguide/C/network-auth.xml:802(emphasis)
15254
msgid "credentials"
15257
#: serverguide/C/network-auth.xml:803(emphasis)
15261
#: serverguide/C/network-auth.xml:804(emphasis)
15262
msgid "olcUpdateRef:"
15265
#: serverguide/C/network-auth.xml:810(para)
15266
msgid "Add the LDIF file to the configuration tree:"
15269
#: serverguide/C/network-auth.xml:815(command)
15270
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
15273
#: serverguide/C/network-auth.xml:821(para)
15275
"The frontend database should now sync between servers. You can add "
15276
"additional servers using the steps above as the need arises."
15279
#: serverguide/C/network-auth.xml:831(programlisting)
15281
msgid "127.0.0.1\tldap01.example.com ldap01"
15284
#: serverguide/C/network-auth.xml:827(para)
15286
"The <application>slapd</application> daemon will send log information to "
15287
"<filename>/var/log/syslog</filename> by default. So if all does "
15288
"<emphasis>not</emphasis> go well check there for errors and other "
15289
"troubleshooting information. Also, be sure that each server knows it's Fully "
15290
"Qualified Domain Name (FQDN). This is configured in "
15291
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
15294
#: serverguide/C/network-auth.xml:839(title)
15295
msgid "Setting up ACL"
15298
#: serverguide/C/network-auth.xml:841(para)
15300
"Authentication requires access to the password field, that should be not "
15301
"accessible by default. Also, in order for users to change their own "
15302
"password, using <command>passwd</command> or other utilities, "
15303
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
15307
#: serverguide/C/network-auth.xml:848(para)
15309
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
15310
"tree, use the <application>ldapsearch</application> utility:"
15313
#: serverguide/C/network-auth.xml:854(command)
15315
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
15316
"olcDatabase=config olcAccess"
15319
#: serverguide/C/network-auth.xml:858(computeroutput)
15322
"SASL/EXTERNAL authentication started\n"
15323
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15325
"dn: olcDatabase={0}config,cn=config\n"
15326
"olcAccess: {0}to * by "
15327
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
15328
" ,cn=auth manage by * break\n"
15331
#: serverguide/C/network-auth.xml:867(para)
15332
msgid "To see the ACL for the frontend tree enter:"
15335
#: serverguide/C/network-auth.xml:872(command)
15337
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
15338
"olcDatabase={1}hdb olcAccess"
15341
#: serverguide/C/network-auth.xml:878(title)
15342
msgid "TLS and SSL"
15345
#: serverguide/C/network-auth.xml:880(para)
15347
"When authenticating to an OpenLDAP server it is best to do so using an "
15348
"encrypted session. This can be accomplished using Transport Layer Security "
15349
"(TLS) and/or Secure Sockets Layer (SSL)."
15352
#: serverguide/C/network-auth.xml:885(para)
15354
"The first step in the process is to obtain or create a "
15355
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
15356
"is compiled using the <application>gnutls</application> library, the "
15357
"<application>certtool</application> utility will be used to create "
15361
#: serverguide/C/network-auth.xml:894(para)
15363
"First, install <application>gnutls-bin</application> by entering the "
15364
"following in a terminal:"
15367
#: serverguide/C/network-auth.xml:899(command)
15368
msgid "sudo apt-get install gnutls-bin"
15371
#: serverguide/C/network-auth.xml:905(para)
15373
"Next, create a private key for the <emphasis>Certificate "
15374
"Authority</emphasis> (CA):"
15377
#: serverguide/C/network-auth.xml:910(command)
15379
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
15382
#: serverguide/C/network-auth.xml:916(para)
15384
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
15385
"CA certificate containing:"
15388
#: serverguide/C/network-auth.xml:920(programlisting)
15392
"cn = Example Company\n"
15394
"cert_signing_key\n"
15397
#: serverguide/C/network-auth.xml:929(para)
15398
msgid "Now create the self-signed CA certificate:"
15401
#: serverguide/C/network-auth.xml:934(command)
15403
"sudo certtool --generate-self-signed --load-privkey "
15404
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
15405
"/etc/ssl/certs/cacert.pem"
15408
#: serverguide/C/network-auth.xml:941(para)
15409
msgid "Make a private key for the server:"
15412
#: serverguide/C/network-auth.xml:946(command)
15414
"sudo sh -c \"certtool --generate-privkey > "
15415
"/etc/ssl/private/ldap01_slapd_key.pem\""
15418
#: serverguide/C/network-auth.xml:950(para)
15420
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15421
"hostname. Naming the certificate and key for the host and service that will "
15422
"be using them will help keep filenames and paths straight."
15425
#: serverguide/C/network-auth.xml:959(para)
15427
"To sign the server's certificate with the CA, create the "
15428
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
15431
#: serverguide/C/network-auth.xml:963(programlisting)
15435
"organization = Example Company\n"
15436
"cn = ldap01.example.com\n"
15442
#: serverguide/C/network-auth.xml:974(para)
15443
msgid "Create the server's certificate:"
15446
#: serverguide/C/network-auth.xml:979(command)
15448
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
15449
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
15450
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
15451
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
15454
#: serverguide/C/network-auth.xml:987(para)
15456
"Once you have a certificate, key, and CA cert installed, use "
15457
"<application>ldapmodify</application> to add the new configuration options:"
15460
#: serverguide/C/network-auth.xml:998(userinput)
15464
"add: olcTLSCACertificateFile\n"
15465
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
15467
"add: olcTLSCertificateFile\n"
15468
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
15470
"add: olcTLSCertificateKeyFile\n"
15471
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
15474
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
15477
"Enter LDAP Password:\n"
15478
"<placeholder-1/>\n"
15480
"modifying entry \"cn=config\"\n"
15483
#: serverguide/C/network-auth.xml:1013(para)
15485
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
15486
"<filename>ldap01_slapd_key.pem</filename>, and "
15487
"<filename>cacert.pem</filename> names if yours are different."
15490
#: serverguide/C/network-auth.xml:1019(para)
15492
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
15493
"<emphasis>SLAPD_SERVICES</emphasis> option:"
15496
#: serverguide/C/network-auth.xml:1023(programlisting)
15500
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
15503
#: serverguide/C/network-auth.xml:1027(para)
15505
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
15508
#: serverguide/C/network-auth.xml:1032(command)
15509
msgid "sudo adduser openldap ssl-cert"
15512
#: serverguide/C/network-auth.xml:1033(command)
15513
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15516
#: serverguide/C/network-auth.xml:1034(command)
15517
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15520
#: serverguide/C/network-auth.xml:1038(para)
15522
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
15523
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
15524
"adjust the commands appropriately."
15527
#: serverguide/C/network-auth.xml:1044(para)
15528
msgid "Finally, restart <application>slapd</application>:"
15531
#: serverguide/C/network-auth.xml:1052(para)
15533
"The <application>slapd</application> daemon should now be listening for "
15534
"LDAPS connections and be able to use STARTTLS during authentication."
15537
#: serverguide/C/network-auth.xml:1058(para)
15539
"If you run into troubles with the server not starting, check the "
15540
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
15541
"it is likely there is a configuration problem. Check that the certificate is "
15542
"signed by the authority from in the files configured, and that the ssl-cert "
15543
"group has read permissions on the private key."
15546
#: serverguide/C/network-auth.xml:1070(title)
15547
msgid "TLS Replication"
15550
#: serverguide/C/network-auth.xml:1072(para)
15552
"If you have setup <application>Syncrepl</application> between servers, it is "
15553
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
15554
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
15555
"linkend=\"openldap-server-replication\"/>."
15558
#: serverguide/C/network-auth.xml:1078(para)
15560
"Assuming you have followed the above instructions and created a CA "
15561
"certificate and server certificate on the <emphasis>Provider</emphasis> "
15562
"server. Follow the following instructions to create a certificate and key "
15563
"for the <emphasis>Consumer</emphasis> server."
15566
#: serverguide/C/network-auth.xml:1087(para)
15567
msgid "Create a new key for the Consumer server:"
15570
#: serverguide/C/network-auth.xml:1092(command)
15571
msgid "mkdir ldap02-ssl"
15574
#: serverguide/C/network-auth.xml:1093(command)
15575
msgid "cd ldap02-ssl"
15578
#: serverguide/C/network-auth.xml:1094(command)
15579
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
15582
#: serverguide/C/network-auth.xml:1098(para)
15584
"Creating a new directory is not strictly necessary, but it will help keep "
15585
"things organized and make it easier to copy the files to the Consumer server."
15588
#: serverguide/C/network-auth.xml:1107(para)
15590
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
15591
"server, changing the attributes to match your locality and server:"
15594
#: serverguide/C/network-auth.xml:1112(programlisting)
15599
"state = North Carolina\n"
15600
"locality = Winston-Salem\n"
15601
"organization = Example Company\n"
15602
"cn = ldap02.salem.edu\n"
15608
#: serverguide/C/network-auth.xml:1126(para)
15609
msgid "Create the certificate:"
15612
#: serverguide/C/network-auth.xml:1131(command)
15614
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
15615
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
15616
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
15617
"ldap02_slapd_cert.pem"
15620
#: serverguide/C/network-auth.xml:1139(para)
15621
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
15624
#: serverguide/C/network-auth.xml:1144(command)
15625
msgid "cp /etc/ssl/certs/cacert.pem ."
15628
#: serverguide/C/network-auth.xml:1150(para)
15630
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
15631
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
15632
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
15633
"and copy <filename>ldap02_slapd_key.pem</filename> to "
15634
"<filename>/etc/ssl/private</filename>."
15637
#: serverguide/C/network-auth.xml:1159(para)
15639
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
15643
#: serverguide/C/network-auth.xml:1169(userinput)
15647
"add: olcTLSCACertificateFile\n"
15648
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
15650
"add: olcTLSCertificateFile\n"
15651
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15653
"add: olcTLSCertificateKeyFile\n"
15654
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
15657
#: serverguide/C/network-auth.xml:1186(para)
15659
"As with the Provider you can now edit "
15660
"<filename>/etc/default/slapd</filename> and add the "
15661
"<emphasis>ldaps:///</emphasis> parameter to the "
15662
"<emphasis>SLAPD_SERVICES</emphasis> option."
15665
#: serverguide/C/network-auth.xml:1194(para)
15667
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
15668
"modify the <emphasis>Consumer</emphasis> server's "
15669
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
15672
#: serverguide/C/network-auth.xml:1207(userinput)
15676
"dn: olcDatabase={1}hdb,cn=config\n"
15677
"replace: olcSyncrepl\n"
15678
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15680
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
15682
" e=\"cn=accesslog\" "
15683
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
15684
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
15688
#: serverguide/C/network-auth.xml:1204(computeroutput)
15691
"SASL/EXTERNAL authentication started\n"
15692
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15694
"<placeholder-1/>\n"
15696
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15699
#: serverguide/C/network-auth.xml:1219(para)
15701
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
15702
"(FQDN) in the certificate, you may have to edit "
15703
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
15706
#: serverguide/C/network-auth.xml:1224(programlisting)
15710
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15711
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
15712
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15715
#: serverguide/C/network-auth.xml:1231(para)
15717
"Finally, restart <application>slapd</application> on each of the servers:"
15720
#: serverguide/C/network-auth.xml:1244(title)
15721
msgid "LDAP Authentication"
15724
#: serverguide/C/network-auth.xml:1246(para)
15726
"Once you have a working LDAP server, the <application>auth-client-"
15727
"config</application> and <application>libnss-ldap</application> packages "
15728
"take the pain out of configuring an Ubuntu client to authenticate using "
15729
"LDAP. To install the packages from, a terminal prompt enter:"
15732
#: serverguide/C/network-auth.xml:1253(command)
15733
msgid "sudo apt-get install libnss-ldap"
15736
#: serverguide/C/network-auth.xml:1256(para)
15738
"During the install a menu dialog will ask you connection details about your "
15742
#: serverguide/C/network-auth.xml:1260(para)
15744
"If you make a mistake when entering your information you can execute the "
15745
"dialog again using:"
15748
#: serverguide/C/network-auth.xml:1265(command)
15749
msgid "sudo dpkg-reconfigure ldap-auth-config"
15752
#: serverguide/C/network-auth.xml:1268(para)
15754
"The results of the dialog can be seen in "
15755
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15756
"covered in the menu edit this file accordingly."
15759
#: serverguide/C/network-auth.xml:1273(para)
15761
"Now that <application>libnss-ldap</application> is configured enable the "
15762
"<application>auth-client-config</application> LDAP profile by entering:"
15765
#: serverguide/C/network-auth.xml:1279(command)
15766
msgid "sudo auth-client-config -t nss -p lac_ldap"
15769
#: serverguide/C/network-auth.xml:1284(para)
15771
"<emphasis>-t:</emphasis> only modifies "
15772
"<filename>/etc/nsswitch.conf</filename>."
15775
#: serverguide/C/network-auth.xml:1289(para)
15776
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
15779
#: serverguide/C/network-auth.xml:1294(para)
15781
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
15782
"config</application> profile that is part of the <application>ldap-auth-"
15783
"config</application> package."
15786
#: serverguide/C/network-auth.xml:1301(para)
15788
"Using the <application>pam-auth-update</application> utility, configure the "
15789
"system to use LDAP for authentication:"
15792
#: serverguide/C/network-auth.xml:1306(command)
15793
msgid "sudo pam-auth-update"
15796
#: serverguide/C/network-auth.xml:1309(para)
15798
"From the <application>pam-auth-update</application> menu, choose LDAP and "
15799
"any other authentication mechanisms you need."
15802
#: serverguide/C/network-auth.xml:1313(para)
15804
"You should now be able to login using user credentials stored in the LDAP "
15808
#: serverguide/C/network-auth.xml:1318(para)
15810
"If you are going to use LDAP to store Samba users you will need to configure "
15811
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
15815
#: serverguide/C/network-auth.xml:1326(title)
15816
msgid "User and Group Management"
15819
#: serverguide/C/network-auth.xml:1328(para)
15821
"The <application>ldap-utils</application> package comes with multiple "
15822
"utilities to manage the directory, but the long string of options needed, "
15823
"can make them a burden to use. The <application>ldapscripts</application> "
15824
"package contains configurable scripts to easily manage LDAP users and groups."
15827
#: serverguide/C/network-auth.xml:1334(para)
15828
msgid "To install the package, from a terminal enter:"
15831
#: serverguide/C/network-auth.xml:1339(command)
15832
msgid "sudo apt-get install ldapscripts"
15835
#: serverguide/C/network-auth.xml:1342(para)
15837
"Next, edit the config file "
15838
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
15839
"changing the following to match your environment:"
15842
#: serverguide/C/network-auth.xml:1347(programlisting)
15846
"SERVER=localhost\n"
15847
"BINDDN='cn=admin,dc=example,dc=com'\n"
15848
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
15849
"SUFFIX='dc=example,dc=com'\n"
15850
"GSUFFIX='ou=Groups'\n"
15851
"USUFFIX='ou=People'\n"
15852
"MSUFFIX='ou=Computers'\n"
15858
#: serverguide/C/network-auth.xml:1360(para)
15860
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
15861
"authenticated access to the directory:"
15864
#: serverguide/C/network-auth.xml:1365(command)
15866
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15869
#: serverguide/C/network-auth.xml:1366(command)
15870
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15873
#: serverguide/C/network-auth.xml:1370(para)
15875
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
15879
#: serverguide/C/network-auth.xml:1375(para)
15881
"The <application>ldapscripts</application> are now ready to help manage your "
15882
"directory. The following are some examples of how to use the scripts:"
15885
#: serverguide/C/network-auth.xml:1382(para)
15886
msgid "Create a new user:"
15889
#: serverguide/C/network-auth.xml:1386(command)
15890
msgid "sudo ldapadduser george example"
15893
#: serverguide/C/network-auth.xml:1388(para)
15895
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15896
"and set the user's primary group (gid) to <emphasis "
15897
"role=\"italic\">example</emphasis>"
15900
#: serverguide/C/network-auth.xml:1394(para)
15901
msgid "Change a user's password:"
15904
#: serverguide/C/network-auth.xml:1398(command)
15905
msgid "sudo ldapsetpasswd george"
15908
#: serverguide/C/network-auth.xml:1399(computeroutput)
15910
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15913
#: serverguide/C/network-auth.xml:1400(userinput)
15915
msgid "New Password: "
15918
#: serverguide/C/network-auth.xml:1401(userinput)
15920
msgid "New Password (verify): "
15923
#: serverguide/C/network-auth.xml:1405(para)
15924
msgid "Delete a user:"
15927
#: serverguide/C/network-auth.xml:1409(command)
15928
msgid "sudo ldapdeleteuser george"
15931
#: serverguide/C/network-auth.xml:1414(para)
15932
msgid "Add a group:"
15935
#: serverguide/C/network-auth.xml:1418(command)
15936
msgid "sudo ldapaddgroup qa"
15939
#: serverguide/C/network-auth.xml:1422(para)
15940
msgid "Delete a group:"
15943
#: serverguide/C/network-auth.xml:1426(command)
15944
msgid "sudo ldapdeletegroup qa"
15947
#: serverguide/C/network-auth.xml:1430(para)
15948
msgid "Add a user to a group:"
15951
#: serverguide/C/network-auth.xml:1434(command)
15952
msgid "sudo ldapaddusertogroup george qa"
15955
#: serverguide/C/network-auth.xml:1436(para)
15957
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15958
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15959
"role=\"italic\">george</emphasis>."
15962
#: serverguide/C/network-auth.xml:1442(para)
15963
msgid "Remove a user from a group:"
15966
#: serverguide/C/network-auth.xml:1446(command)
15967
msgid "sudo ldapdeleteuserfromgroup george qa"
15970
#: serverguide/C/network-auth.xml:1448(para)
15972
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15973
"<emphasis role=\"italic\">qa</emphasis> group."
15976
#: serverguide/C/network-auth.xml:1454(para)
15978
"The <application>ldapmodifyuser</application> script allows you to add, "
15979
"remove, or replace a user's attributes. The script uses the same syntax as "
15980
"the <application>ldapmodify</application> utility. For example:"
15983
#: serverguide/C/network-auth.xml:1459(command)
15984
msgid "sudo ldapmodifyuser george"
15987
#: serverguide/C/network-auth.xml:1460(computeroutput)
15990
"# About to modify the following entry :\n"
15991
"dn: uid=george,ou=People,dc=example,dc=com\n"
15992
"objectClass: account\n"
15993
"objectClass: posixAccount\n"
15996
"uidNumber: 1001\n"
15997
"gidNumber: 1001\n"
15998
"homeDirectory: /home/george\n"
15999
"loginShell: /bin/bash\n"
16001
"description: User account\n"
16002
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
16004
"# Enter your modifications here, end with CTRL-D.\n"
16005
"dn: uid=george,ou=People,dc=example,dc=com"
16008
#: serverguide/C/network-auth.xml:1476(userinput)
16012
"gecos: George Carlin"
16015
#: serverguide/C/network-auth.xml:1479(para)
16017
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
16021
#: serverguide/C/network-auth.xml:1484(para)
16023
"Another great feature of <application>ldapscripts</application>, is the "
16024
"template system. Templates allow you to customize the attributes of user, "
16025
"group, and machine objectes. For example, to enable the "
16026
"<emphasis>user</emphasis> template edit "
16027
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
16030
#: serverguide/C/network-auth.xml:1491(programlisting)
16034
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
16037
#: serverguide/C/network-auth.xml:1495(para)
16039
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
16040
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
16041
"<filename>ldapadduser.template.sample</filename> file to "
16042
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
16045
#: serverguide/C/network-auth.xml:1502(command)
16047
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
16048
"/etc/ldapscripts/ldapadduser.template"
16051
#: serverguide/C/network-auth.xml:1505(para)
16053
"Edit the new template to add the desired attributes. The following will "
16054
"create new user's as with an <emphasis>objectClass</emphasis> of "
16055
"<emphasis>inetOrgPerson</emphasis>:"
16058
#: serverguide/C/network-auth.xml:1510(programlisting)
16062
"dn: uid=<user>,<usuffix>,<suffix>\n"
16063
"objectClass: inetOrgPerson\n"
16064
"objectClass: posixAccount\n"
16065
"cn: <user>\n"
16066
"sn: <ask>\n"
16067
"uid: <user>\n"
16068
"uidNumber: <uid>\n"
16069
"gidNumber: <gid>\n"
16070
"homeDirectory: <home>\n"
16071
"loginShell: <shell>\n"
16072
"gecos: <user>\n"
16073
"description: User account\n"
16074
"title: Employee\n"
16077
#: serverguide/C/network-auth.xml:1526(para)
16079
"Notice the <emphasis><ask></emphasis> option used for the "
16080
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
16081
"<application>ldapadduser</application> to prompt you for the attribute value "
16082
"during user creation."
16085
#: serverguide/C/network-auth.xml:1534(para)
16087
"There are more useful scripts in the package, to see a full list enter: "
16088
"<command>dpkg -L ldapscripts | grep bin</command>"
16091
#: serverguide/C/network-auth.xml:1543(para)
16093
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16094
"Ubuntu Wiki</ulink> page has more details."
16097
#: serverguide/C/network-auth.xml:1548(para)
16099
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
16100
"Home Page</ulink>"
16103
#: serverguide/C/network-auth.xml:1553(para)
16105
"Though starting to show it's age, a great source for in depth LDAP "
16106
"information is O'Reilly's <ulink "
16107
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16108
"Administration</ulink>"
16111
#: serverguide/C/network-auth.xml:1559(para)
16113
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16114
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
16115
"newer versions of OpenLDAP."
16118
#: serverguide/C/network-auth.xml:1565(para)
16120
"For more information on <application>auth-client-config</application> see "
16121
"the man page: <command>man auth-client-config</command>."
16124
#: serverguide/C/network-auth.xml:1570(para)
16126
"For more details regarding the <application>ldapscripts</application> "
16127
"package see the man pages: <command>man ldapscripts</command>, <command>man "
16128
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
16131
#: serverguide/C/network-auth.xml:1580(title)
16132
msgid "Samba and LDAP"
16135
#: serverguide/C/network-auth.xml:1582(para)
16137
"This section covers configuring Samba to use LDAP for user, group, and "
16138
"machine account information and authentication. The assumption is, you "
16139
"already have a working OpenLDAP directory installed and the server is "
16140
"configured to use it for authentication. See <xref linkend=\"openldap-"
16141
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
16142
"setting up OpenLDAP. For more information on installing and configuring "
16143
"Samba see <xref linkend=\"windows-networking\"/>."
16146
#: serverguide/C/network-auth.xml:1592(para)
16148
"There are three packages needed when integrating Samba with LDAP. "
16149
"<application>samba</application>, <application>samba-doc</application>, and "
16150
"<application>smbldap-tools</application> packages . To install the packages, "
16151
"from a terminal enter:"
16154
#: serverguide/C/network-auth.xml:1598(command)
16155
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16158
#: serverguide/C/network-auth.xml:1601(para)
16160
"Strictly speaking the <application>smbldap-tools</application> package isn't "
16161
"needed, but unless you have another package or custom scripts, a method of "
16162
"managing users, groups, and computer accounts is needed."
16165
#: serverguide/C/network-auth.xml:1608(title)
16166
msgid "OpenLDAP Configuration"
16169
#: serverguide/C/network-auth.xml:1610(para)
16171
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
16172
"the user objects in the directory will need additional attributes. This "
16173
"section assumes you want Samba to be configured as a Windows NT domain "
16174
"controller, and will add the necessary LDAP objects and attributes."
16177
#: serverguide/C/network-auth.xml:1618(para)
16179
"The Samba attributes are defined in the <filename>samba.schema</filename> "
16180
"file which is part of the <application>samba-doc</application> package. The "
16181
"schema file needs to be unzipped and copied to "
16182
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
16185
#: serverguide/C/network-auth.xml:1625(command)
16187
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16188
"/etc/ldap/schema/"
16191
#: serverguide/C/network-auth.xml:1626(command)
16192
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16195
#: serverguide/C/network-auth.xml:1632(para)
16197
"The <emphasis>samba</emphasis> schema needs to be added to the "
16198
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16199
"<application>slapd</application> is also detailed in <xref "
16200
"linkend=\"openldap-configuration\"/>."
16203
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
16205
"First, create a configuration file named "
16206
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
16207
"containing the following lines:"
16210
#: serverguide/C/network-auth.xml:1645(programlisting)
16214
"include /etc/ldap/schema/core.schema\n"
16215
"include /etc/ldap/schema/collective.schema\n"
16216
"include /etc/ldap/schema/corba.schema\n"
16217
"include /etc/ldap/schema/cosine.schema\n"
16218
"include /etc/ldap/schema/duaconf.schema\n"
16219
"include /etc/ldap/schema/dyngroup.schema\n"
16220
"include /etc/ldap/schema/inetorgperson.schema\n"
16221
"include /etc/ldap/schema/java.schema\n"
16222
"include /etc/ldap/schema/misc.schema\n"
16223
"include /etc/ldap/schema/nis.schema\n"
16224
"include /etc/ldap/schema/openldap.schema\n"
16225
"include /etc/ldap/schema/ppolicy.schema\n"
16226
"include /etc/ldap/schema/samba.schema\n"
16229
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
16231
"Now use <application>slapcat</application> to convert the schema files:"
16234
#: serverguide/C/network-auth.xml:1680(command)
16236
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16237
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
16240
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
16242
"Change the above file and path names to match your own if they are different."
16245
#: serverguide/C/network-auth.xml:1690(para)
16247
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
16248
"the following attributes:"
16251
#: serverguide/C/network-auth.xml:1694(programlisting)
16255
"dn: cn=samba,cn=schema,cn=config\n"
16260
#: serverguide/C/network-auth.xml:1704(programlisting)
16264
"structuralObjectClass: olcSchemaConfig\n"
16265
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
16266
"creatorsName: cn=config\n"
16267
"createTimestamp: 20080827045234Z\n"
16268
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
16269
"modifiersName: cn=config\n"
16270
"modifyTimestamp: 20080827045234Z\n"
16273
#: serverguide/C/network-auth.xml:1729(command)
16274
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
16277
#: serverguide/C/network-auth.xml:1735(para)
16279
"There should now be a <emphasis>dn: "
16280
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
16281
"sequential schema, entry in the cn=config tree."
16284
#: serverguide/C/network-auth.xml:1743(para)
16286
"Copy and paste the following into a file named "
16287
"<filename>samba_indexes.ldif</filename>:"
16290
#: serverguide/C/network-auth.xml:1747(programlisting)
16294
"dn: olcDatabase={1}hdb,cn=config\n"
16295
"changetype: modify\n"
16296
"add: olcDbIndex\n"
16297
"olcDbIndex: uidNumber eq\n"
16298
"olcDbIndex: gidNumber eq\n"
16299
"olcDbIndex: loginShell eq\n"
16300
"olcDbIndex: uid eq,pres,sub\n"
16301
"olcDbIndex: memberUid eq,pres,sub\n"
16302
"olcDbIndex: uniqueMember eq,pres\n"
16303
"olcDbIndex: sambaSID eq\n"
16304
"olcDbIndex: sambaPrimaryGroupSID eq\n"
16305
"olcDbIndex: sambaGroupType eq\n"
16306
"olcDbIndex: sambaSIDList eq\n"
16307
"olcDbIndex: sambaDomainName eq\n"
16308
"olcDbIndex: default sub\n"
16311
#: serverguide/C/network-auth.xml:1765(para)
16313
"Using the <application>ldapmodify</application> utility load the new indexes:"
16316
#: serverguide/C/network-auth.xml:1770(command)
16317
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
16320
#: serverguide/C/network-auth.xml:1772(para)
16322
"If all went well you should see the new indexes using "
16323
"<application>ldapsearch</application>:"
16326
#: serverguide/C/network-auth.xml:1777(command)
16328
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
16331
#: serverguide/C/network-auth.xml:1783(para)
16333
"Next, configure the <application>smbldap-tools</application> package to "
16334
"match your environment. The package comes with a configuration script that "
16335
"will ask questions about the needed options. To run the script enter:"
16338
#: serverguide/C/network-auth.xml:1789(command)
16339
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
16342
#: serverguide/C/network-auth.xml:1790(command)
16343
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
16346
#: serverguide/C/network-auth.xml:1793(para)
16348
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
16349
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
16350
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
16351
"configure script, so if you made any mistakes while executing the script it "
16352
"may be simpler to edit the file appropriately."
16355
#: serverguide/C/network-auth.xml:1803(para)
16357
"The <application>smbldap-populate</application> script will add the "
16358
"necessary users, groups, and LDAP objects required for Samba. It is a good "
16359
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
16360
"<application>slapcat</application> before executing the command:"
16363
#: serverguide/C/network-auth.xml:1810(command)
16364
msgid "sudo slapcat -l backup.ldif"
16367
#: serverguide/C/network-auth.xml:1816(para)
16369
"Once you have a current backup execute <application>smbldap-"
16370
"populate</application> by entering:"
16373
#: serverguide/C/network-auth.xml:1821(command)
16374
msgid "sudo smbldap-populate"
16377
#: serverguide/C/network-auth.xml:1825(para)
16379
"You can create an LDIF file containing the new Samba objects by executing "
16380
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16381
"look over the changes making sure everything is correct."
16384
#: serverguide/C/network-auth.xml:1833(para)
16386
"Your LDAP directory now has the necessary domain information to authenticate "
16390
#: serverguide/C/network-auth.xml:1839(title)
16391
msgid "Samba Configuration"
16394
#: serverguide/C/network-auth.xml:1841(para)
16396
"There a multiple ways to configure Samba for details on some common "
16397
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
16398
"Samba to use LDAP, edit the main Samba configuration file "
16399
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
16400
"backend</emphasis> option and adding the following:"
16403
#: serverguide/C/network-auth.xml:1847(programlisting)
16407
"# passdb backend = tdbsam\n"
16409
"# LDAP Settings\n"
16410
" passdb backend = ldapsam:ldap://hostname\n"
16411
" ldap suffix = dc=example,dc=com\n"
16412
" ldap user suffix = ou=People\n"
16413
" ldap group suffix = ou=Groups\n"
16414
" ldap machine suffix = ou=Computers\n"
16415
" ldap idmap suffix = ou=Idmap\n"
16416
" ldap admin dn = cn=admin,dc=example,dc=com\n"
16417
" ldap ssl = start tls\n"
16418
" ldap passwd sync = yes\n"
16420
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16423
#: serverguide/C/network-auth.xml:1864(para)
16424
msgid "Restart <application>samba</application> to enable the new settings:"
16427
#: serverguide/C/network-auth.xml:1873(para)
16429
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
16433
#: serverguide/C/network-auth.xml:1878(command)
16434
msgid "sudo smbpasswd -w secret"
16437
#: serverguide/C/network-auth.xml:1882(para)
16439
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
16443
#: serverguide/C/network-auth.xml:1887(para)
16445
"If you currently have users in LDAP, and you want them to authenticate using "
16446
"Samba, they will need some Samba attributes defined in the "
16447
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
16448
"users using the <application>smbpasswd</application> utility, replacing "
16449
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
16452
#: serverguide/C/network-auth.xml:1895(command)
16453
msgid "sudo smbpasswd -a username"
16456
#: serverguide/C/network-auth.xml:1898(para)
16457
msgid "You will then be asked to enter the user's password."
16460
#: serverguide/C/network-auth.xml:1902(para)
16462
"To add new user, group, and machine accounts use the utilities from the "
16463
"<application>smbldap-tools</application> package. Here are some examples:"
16466
#: serverguide/C/network-auth.xml:1909(para)
16468
"To add a new user to LDAP with Samba attributes enter the following, "
16469
"replacing username with an actual username:"
16472
#: serverguide/C/network-auth.xml:1913(command)
16473
msgid "sudo smbldap-useradd -a -P username"
16476
#: serverguide/C/network-auth.xml:1915(para)
16478
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16479
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
16480
"passwd</application> utility after the user is created allowing you to enter "
16481
"a password for the user."
16484
#: serverguide/C/network-auth.xml:1921(para)
16485
msgid "To remove a user from the directory enter:"
16488
#: serverguide/C/network-auth.xml:1925(command)
16489
msgid "sudo smbldap-userdel username"
16492
#: serverguide/C/network-auth.xml:1927(para)
16494
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
16495
"r</emphasis> option to remove the user's home directory."
16498
#: serverguide/C/network-auth.xml:1932(para)
16500
"Use <application>smbldap-groupadd</application> to add a group, replacing "
16501
"groupname with an appropriate group:"
16504
#: serverguide/C/network-auth.xml:1936(command)
16505
msgid "sudo smbldap-groupadd -a groupname"
16508
#: serverguide/C/network-auth.xml:1938(para)
16510
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
16511
"a</emphasis> adds the Samba attributes."
16514
#: serverguide/C/network-auth.xml:1943(para)
16516
"To add a user to a group use <application>smbldap-groupmod</application>:"
16519
#: serverguide/C/network-auth.xml:1947(command)
16520
msgid "sudo smbldap-groupmod -m username groupname"
16523
#: serverguide/C/network-auth.xml:1949(para)
16525
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
16526
"<emphasis>-m</emphasis> option can add more than one user at a time by "
16527
"listing them in <emphasis>comma separated</emphasis> format."
16530
#: serverguide/C/network-auth.xml:1955(para)
16532
"<application>smbldap-groupmod</application> can also be used to remove a "
16533
"user from a group:"
16536
#: serverguide/C/network-auth.xml:1959(command)
16537
msgid "sudo smbldap-groupmod -x username groupname"
16540
#: serverguide/C/network-auth.xml:1963(para)
16542
"Additionally, the <application>smbldap-useradd</application> utility can add "
16543
"Samba machine accounts:"
16546
#: serverguide/C/network-auth.xml:1967(command)
16547
msgid "sudo smbldap-useradd -t 0 -w username"
16550
#: serverguide/C/network-auth.xml:1969(para)
16552
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16553
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16554
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
16555
"machine account. Also, note the <emphasis>add machine script</emphasis> "
16556
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
16557
"<application>smbldap-useradd</application>."
16560
#: serverguide/C/network-auth.xml:1978(para)
16562
"There are more useful utilities and options in the <application>smbldap-"
16563
"tools</application> package. The man page for each utility provides more "
16567
#: serverguide/C/network-auth.xml:1989(para)
16569
"There are multiple places where LDAP and Samba is documented in the <ulink "
16570
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
16571
"Collection</ulink>."
16574
#: serverguide/C/network-auth.xml:1995(para)
16576
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
16577
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
16580
#: serverguide/C/network-auth.xml:2001(para)
16582
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
16583
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
16586
#: serverguide/C/network-auth.xml:2007(para)
16588
"Again, for more information on <application>smbldap-tools</application> see "
16589
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
16590
"groupadd</command>, <command>man smbldap-populate</command>, etc."
16593
#: serverguide/C/network-auth.xml:2014(para)
16595
"Also, there is a list of <ulink "
16596
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
16597
"wiki</ulink> articles with more information."
16600
#: serverguide/C/network-auth.xml:2023(title)
16604
#: serverguide/C/network-auth.xml:2025(para)
16606
"<application>Kerberos</application> is a network authentication system based "
16607
"on the principal of a trusted third party. The other two parties being the "
16608
"user and the service the user wishes to authenticate to. Not all services "
16609
"and applications can use Kerberos, but for those that can, it brings the "
16610
"network environment one step closer to being Single Sign On (SSO)."
16613
#: serverguide/C/network-auth.xml:2031(para)
16615
"This section covers installation and configuration of a Kerberos server, and "
16616
"some example client configurations."
16619
#: serverguide/C/network-auth.xml:2038(para)
16621
"If you are new to Kerberos there are a few terms that are good to understand "
16622
"before setting up a Kerberos server. Most of the terms will relate to things "
16623
"you may be familiar with in other environments:"
16626
#: serverguide/C/network-auth.xml:2045(para)
16628
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16629
"by servers need to be defined as Kerberos Principals."
16632
#: serverguide/C/network-auth.xml:2050(para)
16634
"<emphasis>Instances:</emphasis> are used for service principals and special "
16635
"administrative principals."
16638
#: serverguide/C/network-auth.xml:2055(para)
16640
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16641
"Kerberos installation. Usually the DNS domain converted to uppercase "
16645
#: serverguide/C/network-auth.xml:2061(para)
16647
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16648
"a database of all principals, the authentication server, and the ticket "
16649
"granting server. For each realm there must be at least one KDC."
16652
#: serverguide/C/network-auth.xml:2067(para)
16654
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16655
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16656
"password which is known only to the user and the KDC."
16659
#: serverguide/C/network-auth.xml:2073(para)
16661
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16662
"clients upon request."
16665
#: serverguide/C/network-auth.xml:2078(para)
16667
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16668
"One principal being a user and the other a service requested by the user. "
16669
"Tickets establish an encryption key used for secure communication during the "
16670
"authenticated session."
16673
#: serverguide/C/network-auth.xml:2084(para)
16675
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16676
"principal database and contain the encryption key for a service or host."
16679
#: serverguide/C/network-auth.xml:2091(para)
16681
"To put the pieces together, a Realm has at least one KDC, preferably two for "
16682
"redundancy, which contains a database of Principals. When a user principal "
16683
"logs into a workstation, configured for Kerberos authentication, the KDC "
16684
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
16685
"match, the user is authenticated and can then request tickets for Kerberized "
16686
"services from the Ticket Granting Server (TGS). The service tickets allow "
16687
"the user to authenticate to the service without entering another username "
16691
#: serverguide/C/network-auth.xml:2100(title)
16692
msgid "Kerberos Server"
16695
#: serverguide/C/network-auth.xml:2104(para)
16697
"Before installing the Kerberos server a properly configured DNS server is "
16698
"needed for your domain. Since the Kerberos Realm by convention matches the "
16699
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
16700
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
16703
#: serverguide/C/network-auth.xml:2110(para)
16705
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16706
"between a client machine and the server differs by more than five minutes "
16707
"(by default), the workstation will not be able to authenticate. To correct "
16708
"the problem all hosts should have their time synchronized using the "
16709
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
16710
"NTP see <xref linkend=\"NTP\"/>."
16713
#: serverguide/C/network-auth.xml:2117(para)
16715
"The first step in installing a Kerberos Realm is to install the "
16716
"<application>krb5-kdc</application> and <application>krb5-admin-"
16717
"server</application> packages. From a terminal enter:"
16720
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
16721
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16724
#: serverguide/C/network-auth.xml:2126(para)
16726
"You will be asked at the end of the install to supply a name for the "
16727
"Kerberos and Admin servers, which may or may not be the same server, for the "
16731
#: serverguide/C/network-auth.xml:2131(para)
16733
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16737
#: serverguide/C/network-auth.xml:2136(command)
16738
msgid "sudo krb5_newrealm"
16741
#: serverguide/C/network-auth.xml:2143(para)
16743
"The questions asked during installation are used to configure the "
16744
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16745
"Distribution Center (KDC) settings simply edit the file and restart the "
16746
"<application>krb5-kdc</application> daemon."
16749
#: serverguide/C/network-auth.xml:2151(para)
16751
"Now that the KDC running an admin user is needed. It is recommended to use a "
16752
"different username from your everyday username. Using the "
16753
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16756
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
16757
msgid "sudo kadmin.local"
16760
#: serverguide/C/network-auth.xml:2158(computeroutput)
16763
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16767
#: serverguide/C/network-auth.xml:2159(userinput)
16769
msgid " addprinc steve/admin"
16772
#: serverguide/C/network-auth.xml:2160(computeroutput)
16775
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16777
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16778
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16779
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
16783
#: serverguide/C/network-auth.xml:2164(userinput)
16788
#: serverguide/C/network-auth.xml:2167(para)
16790
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16791
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16792
"is an <emphasis>Instance</emphasis>, and <emphasis "
16793
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
16794
"role=\"italic\">\"every day\"</emphasis> Principal would be "
16795
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
16799
#: serverguide/C/network-auth.xml:2175(para)
16801
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16802
"your Realm and admin username."
16805
#: serverguide/C/network-auth.xml:2183(para)
16807
"Next, the new admin user needs to have the appropriate Access Control List "
16808
"(ACL) permissions. The permissions are configured in the "
16809
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16812
#: serverguide/C/network-auth.xml:2188(programlisting)
16816
"steve/admin@EXAMPLE.COM *\n"
16819
#: serverguide/C/network-auth.xml:2192(para)
16821
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16822
"any operation on all principals in the realm."
16825
#: serverguide/C/network-auth.xml:2199(para)
16827
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16831
#: serverguide/C/network-auth.xml:2204(command)
16832
msgid "sudo /etc/init.d/krb5-admin-server restart"
16835
#: serverguide/C/network-auth.xml:2210(para)
16837
"The new user principal can be tested using the <application>kinit "
16838
"utility</application>:"
16841
#: serverguide/C/network-auth.xml:2215(command)
16842
msgid "kinit steve/admin"
16845
#: serverguide/C/network-auth.xml:2216(computeroutput)
16847
msgid "steve/admin@EXAMPLE.COM's Password:"
16850
#: serverguide/C/network-auth.xml:2219(para)
16852
"After entering the password, use the <application>klist</application> "
16853
"utility to view information about the Ticket Granting Ticket (TGT):"
16856
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
16860
#: serverguide/C/network-auth.xml:2226(computeroutput)
16863
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16864
" Principal: steve/admin@EXAMPLE.COM\n"
16866
" Issued Expires Principal\n"
16867
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16870
#: serverguide/C/network-auth.xml:2233(para)
16872
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
16873
"the KDC. For example:"
16876
#: serverguide/C/network-auth.xml:2237(programlisting)
16880
"192.168.0.1 kdc01.example.com kdc01\n"
16883
#: serverguide/C/network-auth.xml:2241(para)
16885
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
16888
#: serverguide/C/network-auth.xml:2248(para)
16890
"In order for clients to determine the KDC for the Realm some DNS SRV records "
16891
"are needed. Add the following to "
16892
"<filename>/etc/named/db.example.com</filename>:"
16895
#: serverguide/C/network-auth.xml:2253(programlisting)
16899
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16900
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16901
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16902
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16903
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16904
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16907
#: serverguide/C/network-auth.xml:2263(para)
16909
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16910
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16914
#: serverguide/C/network-auth.xml:2269(para)
16916
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16919
#: serverguide/C/network-auth.xml:2276(para)
16920
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16923
#: serverguide/C/network-auth.xml:2283(title)
16924
msgid "Secondary KDC"
16927
#: serverguide/C/network-auth.xml:2285(para)
16929
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16930
"practice to have a Secondary KDC in case the primary becomes unavailable."
16933
#: serverguide/C/network-auth.xml:2293(para)
16935
"First, install the packages, and when asked for the Kerberos and Admin "
16936
"server names enter the name of the Primary KDC:"
16939
#: serverguide/C/network-auth.xml:2304(para)
16941
"Once you have the packages installed, create the Secondary KDC's host "
16942
"principal. From a terminal prompt, enter:"
16945
#: serverguide/C/network-auth.xml:2309(command)
16946
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16949
#: serverguide/C/network-auth.xml:2313(para)
16951
"After, issuing any <application>kadmin</application> commands you will be "
16952
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16956
#: serverguide/C/network-auth.xml:2322(para)
16957
msgid "Extract the <emphasis>keytab</emphasis> file:"
16960
#: serverguide/C/network-auth.xml:2327(command)
16961
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
16964
#: serverguide/C/network-auth.xml:2333(para)
16966
"There should now be a <filename>keytab.kdc02</filename> in the current "
16967
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16970
#: serverguide/C/network-auth.xml:2339(command)
16971
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16974
#: serverguide/C/network-auth.xml:2343(para)
16976
"If the path to the <filename>keytab.kdc02</filename> file is different "
16977
"adjust accordingly."
16980
#: serverguide/C/network-auth.xml:2348(para)
16982
"Also, you can list the principals in a Keytab file, which can be useful when "
16983
"troubleshooting, using the <application>klist</application> utility:"
16986
#: serverguide/C/network-auth.xml:2354(command)
16987
msgid "sudo klist -k /etc/krb5.keytab"
16990
#: serverguide/C/network-auth.xml:2360(para)
16992
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16993
"that lists all KDCs for the Realm. For example, on both primary and "
16994
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16997
#: serverguide/C/network-auth.xml:2365(programlisting)
17001
"host/kdc01.example.com@EXAMPLE.COM\n"
17002
"host/kdc02.example.com@EXAMPLE.COM\n"
17005
#: serverguide/C/network-auth.xml:2373(para)
17006
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17009
#: serverguide/C/network-auth.xml:2378(command)
17010
msgid "sudo kdb5_util -s create"
17013
#: serverguide/C/network-auth.xml:2384(para)
17015
"Now start the <application>kpropd</application> daemon, which listens for "
17016
"connections from the <application>kprop</application> utility. "
17017
"<application>kprop</application> is used to transfer dump files:"
17020
#: serverguide/C/network-auth.xml:2391(command)
17021
msgid "sudo kpropd -S"
17024
#: serverguide/C/network-auth.xml:2397(para)
17026
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17027
"of the principal database:"
17030
#: serverguide/C/network-auth.xml:2402(command)
17031
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17034
#: serverguide/C/network-auth.xml:2408(para)
17036
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17037
"<filename>/etc/krb5.keytab</filename>:"
17040
#: serverguide/C/network-auth.xml:2413(command)
17041
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17044
#: serverguide/C/network-auth.xml:2414(command)
17045
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17048
#: serverguide/C/network-auth.xml:2418(para)
17050
"Make sure there is a <emphasis>host</emphasis> for "
17051
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17054
#: serverguide/C/network-auth.xml:2426(para)
17056
"Using the <application>kprop</application> utility push the database to the "
17060
#: serverguide/C/network-auth.xml:2431(command)
17061
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17064
#: serverguide/C/network-auth.xml:2435(para)
17066
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17067
"worked. If there is an error message check "
17068
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
17072
#: serverguide/C/network-auth.xml:2441(para)
17074
"You may also want to create a <application>cron</application> job to "
17075
"periodically update the database on the Secondary KDC. For example, the "
17076
"following will push the database every hour:"
17079
#: serverguide/C/network-auth.xml:2446(programlisting)
17083
"# m h dom mon dow command\n"
17084
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
17085
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17088
#: serverguide/C/network-auth.xml:2454(para)
17090
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17091
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17094
#: serverguide/C/network-auth.xml:2460(command)
17095
msgid "sudo kdb5_util stash"
17098
#: serverguide/C/network-auth.xml:2466(para)
17100
"Finally, start the <application>krb5-kdc</application> daemon on the "
17104
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
17105
msgid "sudo /etc/init.d/krb5-kdc start"
17108
#: serverguide/C/network-auth.xml:2477(para)
17110
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17111
"for the Realm. You can test this by stopping the <application>krb5-"
17112
"kdc</application> daemon on the Primary KDC, then use "
17113
"<application>kinit</application> to request a ticket. If all goes well you "
17114
"should receive a ticket from the Secondary KDC."
17117
#: serverguide/C/network-auth.xml:2485(title)
17118
msgid "Kerberos Linux Client"
17121
#: serverguide/C/network-auth.xml:2487(para)
17123
"This section covers configuring a Linux system as a "
17124
"<application>Kerberos</application> client. This will allow access to any "
17125
"kerberized services once a user has successfully logged into the system."
17128
#: serverguide/C/network-auth.xml:2495(para)
17130
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17131
"user</application> and <application>libpam-krb5</application> packages are "
17132
"needed, along with a few others that are not strictly necessary but make "
17133
"life easier. To install the packages enter the following in a terminal "
17137
#: serverguide/C/network-auth.xml:2502(command)
17139
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17142
#: serverguide/C/network-auth.xml:2505(para)
17144
"The <application>auth-client-config</application> package allows simple "
17145
"configuration of PAM for authentication from multiple sources, and the "
17146
"<application>libpam-ccreds</application> will cache authentication "
17147
"credentials allowing you to login in case the Key Distribution Center (KDC) "
17148
"is unavailable. This package is also useful for laptops that may "
17149
"authenticate using Kerberos while on the corporate network, but will need to "
17150
"be accessed off the network as well."
17153
#: serverguide/C/network-auth.xml:2516(para)
17154
msgid "To configure the client in a terminal enter:"
17157
#: serverguide/C/network-auth.xml:2521(command)
17158
msgid "sudo dpkg-reconfigure krb5-config"
17161
#: serverguide/C/network-auth.xml:2524(para)
17163
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17164
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17165
"records, the menu will prompt you for the hostname of the Key Distribution "
17166
"Center (KDC) and Realm Administration server."
17169
#: serverguide/C/network-auth.xml:2530(para)
17171
"The <application>dpkg-reconfigure</application> adds entries to the "
17172
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17173
"entries similar to the following:"
17176
#: serverguide/C/network-auth.xml:2535(programlisting)
17181
" default_realm = EXAMPLE.COM\n"
17184
" EXAMPLE.COM = } \n"
17185
" kdc = 192.168.0.1 \n"
17186
" admin_server = 192.168.0.1\n"
17190
#: serverguide/C/network-auth.xml:2546(para)
17192
"You can test the configuration by requesting a ticket using the "
17193
"<application>kinit</application> utility. For example:"
17196
#: serverguide/C/network-auth.xml:2551(command)
17197
msgid "kinit steve@EXAMPLE.COM"
17200
#: serverguide/C/network-auth.xml:2552(computeroutput)
17202
msgid "Password for steve@EXAMPLE.COM:"
17205
#: serverguide/C/network-auth.xml:2555(para)
17207
"When a ticket has been granted, the details can be viewed using "
17208
"<application>klist</application>:"
17211
#: serverguide/C/network-auth.xml:2561(computeroutput)
17214
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17215
"Default principal: steve@EXAMPLE.COM\n"
17217
"Valid starting Expires Service principal\n"
17218
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
17219
" renew until 07/25/08 05:18:57\n"
17222
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
17223
"klist: You have no tickets cached"
17226
#: serverguide/C/network-auth.xml:2573(para)
17228
"Next, use the <application>auth-client-config</application> to configure the "
17229
"<application>libpam-krb5</application> module to request a ticket during "
17233
#: serverguide/C/network-auth.xml:2579(command)
17234
msgid "sudo auth-client-config -a -p kerberos_example"
17237
#: serverguide/C/network-auth.xml:2582(para)
17239
"You will should now receive a ticket upon successful login authentication."
17242
#: serverguide/C/network-auth.xml:2593(para)
17244
"For more information on Kerberos see the <ulink "
17245
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17248
#: serverguide/C/network-auth.xml:2598(para)
17250
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17251
"Kerberos</ulink> page has more details."
17254
#: serverguide/C/network-auth.xml:2603(para)
17256
"O'Reilly's <ulink "
17257
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17258
"Guide</ulink> is a great reference when setting up Kerberos."
17261
#: serverguide/C/network-auth.xml:2609(para)
17263
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
17264
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
17265
"Kerberos questions."
17268
#: serverguide/C/network-auth.xml:2619(title)
17269
msgid "Kerberos and LDAP"
17272
#: serverguide/C/network-auth.xml:2621(para)
17274
"Replicating a Kerberos principal database between two servers can be "
17275
"complicated, and adds an additional user database to your network. "
17276
"Fortunately, MIT Kerberos can be configured to use an "
17277
"<application>LDAP</application> directory as a principal database. This "
17278
"section covers configuring a primary and secondary kerberos server to use "
17279
"<application>OpenLDAP</application> for the principal database."
17282
#: serverguide/C/network-auth.xml:2629(title)
17283
msgid "Configuring OpenLDAP"
17286
#: serverguide/C/network-auth.xml:2631(para)
17288
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17289
"<application>OpenLDAP</application> server that has network connectivity to "
17290
"the Primary and Secondary KDCs. The rest of this section assumes that you "
17291
"also have LDAP replication configured between at least two servers. For "
17292
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17295
#: serverguide/C/network-auth.xml:2638(para)
17297
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17298
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17299
"linkend=\"openldap-tls\"/> for details."
17302
#: serverguide/C/network-auth.xml:2645(para)
17304
"To load the schema into LDAP, on the LDAP server install the "
17305
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17308
#: serverguide/C/network-auth.xml:2651(command)
17309
msgid "sudo apt-get install krb5-kdc-ldap"
17312
#: serverguide/C/network-auth.xml:2656(para)
17313
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17316
#: serverguide/C/network-auth.xml:2661(command)
17317
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17320
#: serverguide/C/network-auth.xml:2662(command)
17322
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17325
#: serverguide/C/network-auth.xml:2668(para)
17327
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17328
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17329
"<application>slapd</application> is also detailed in <xref "
17330
"linkend=\"openldap-configuration\"/>."
17333
#: serverguide/C/network-auth.xml:2681(programlisting)
17337
"include /etc/ldap/schema/core.schema\n"
17338
"include /etc/ldap/schema/collective.schema\n"
17339
"include /etc/ldap/schema/corba.schema\n"
17340
"include /etc/ldap/schema/cosine.schema\n"
17341
"include /etc/ldap/schema/duaconf.schema\n"
17342
"include /etc/ldap/schema/dyngroup.schema\n"
17343
"include /etc/ldap/schema/inetorgperson.schema\n"
17344
"include /etc/ldap/schema/java.schema\n"
17345
"include /etc/ldap/schema/misc.schema\n"
17346
"include /etc/ldap/schema/nis.schema\n"
17347
"include /etc/ldap/schema/openldap.schema\n"
17348
"include /etc/ldap/schema/ppolicy.schema\n"
17349
"include /etc/ldap/schema/kerberos.schema\n"
17352
#: serverguide/C/network-auth.xml:2701(para)
17353
msgid "Create a temporary directory to hold the LDIF files:"
17356
#: serverguide/C/network-auth.xml:2716(command)
17358
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
17359
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17362
#: serverguide/C/network-auth.xml:2726(para)
17364
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17365
"changing the following attributes:"
17368
#: serverguide/C/network-auth.xml:2730(programlisting)
17372
"dn: cn=kerberos,cn=schema,cn=config\n"
17377
#: serverguide/C/network-auth.xml:2736(para)
17378
msgid "And remove the following lines from the end of the file:"
17381
#: serverguide/C/network-auth.xml:2740(programlisting)
17385
"structuralObjectClass: olcSchemaConfig\n"
17386
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
17387
"creatorsName: cn=config\n"
17388
"createTimestamp: 20090111203515Z\n"
17389
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
17390
"modifiersName: cn=config\n"
17391
"modifyTimestamp: 20090111203515Z\n"
17394
#: serverguide/C/network-auth.xml:2759(para)
17395
msgid "Load the new schema with <application>ldapadd</application>:"
17398
#: serverguide/C/network-auth.xml:2764(command)
17399
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17402
#: serverguide/C/network-auth.xml:2770(para)
17404
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17407
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
17408
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17411
#: serverguide/C/network-auth.xml:2777(userinput)
17414
"dn: olcDatabase={1}hdb,cn=config\n"
17415
"add: olcDbIndex\n"
17416
"olcDbIndex: krbPrincipalName eq,pres,sub"
17419
#: serverguide/C/network-auth.xml:2776(computeroutput)
17422
"Enter LDAP Password:\n"
17423
"<placeholder-1/>\n"
17425
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17428
#: serverguide/C/network-auth.xml:2787(para)
17429
msgid "Finally, update the Access Control Lists (ACL):"
17432
#: serverguide/C/network-auth.xml:2794(userinput)
17435
"dn: olcDatabase={1}hdb,cn=config\n"
17436
"replace: olcAccess\n"
17437
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
17438
"dn=\"cn=admin,dc=exampl\n"
17439
" e,dc=com\" write by anonymous auth by self write by * none\n"
17442
"olcAccess: to dn.base=\"\" by * read\n"
17445
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17448
#: serverguide/C/network-auth.xml:2793(computeroutput)
17451
"Enter LDAP Password: \n"
17452
"<placeholder-1/>\n"
17454
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17457
#: serverguide/C/network-auth.xml:2814(para)
17459
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17463
#: serverguide/C/network-auth.xml:2820(title)
17464
msgid "Primary KDC Configuration"
17467
#: serverguide/C/network-auth.xml:2822(para)
17469
"With <application>OpenLDAP</application> configured it is time to configure "
17473
#: serverguide/C/network-auth.xml:2828(para)
17474
msgid "First, install the necessary packages, from a terminal enter:"
17477
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
17478
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17481
#: serverguide/C/network-auth.xml:2839(para)
17483
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17484
"under the appropriate sections:"
17487
#: serverguide/C/network-auth.xml:2843(programlisting)
17492
" default_realm = EXAMPLE.COM\n"
17497
" EXAMPLE.COM = {\n"
17498
" kdc = kdc01.example.com\n"
17499
" kdc = kdc02.example.com\n"
17500
" admin_server = kdc01.example.com\n"
17501
" admin_server = kdc02.example.com\n"
17502
" default_domain = example.com\n"
17503
" database_module = openldap_ldapconf\n"
17509
" .example.com = EXAMPLE.COM\n"
17515
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17518
" openldap_ldapconf = {\n"
17519
" db_library = kldap\n"
17520
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17522
" # this object needs to have read rights on\n"
17523
" # the realm container, principal container and realm sub-"
17525
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17527
" # this object needs to have read and write rights on\n"
17528
" # the realm container, principal container and realm sub-"
17530
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17531
" ldap_servers = ldaps://ldap01.example.com "
17532
"ldaps://ldap02.example.com\n"
17533
" ldap_conns_per_server = 5\n"
17537
#: serverguide/C/network-auth.xml:2888(para)
17539
"Change <emphasis>example.com</emphasis>, "
17540
"<emphasis>dc=example,dc=com</emphasis>, "
17541
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
17542
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
17543
"object, and LDAP server for your network."
17546
#: serverguide/C/network-auth.xml:2897(para)
17548
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17552
#: serverguide/C/network-auth.xml:2902(command)
17554
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
17555
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17558
#: serverguide/C/network-auth.xml:2908(para)
17560
"Create a stash of the password used to bind to the LDAP server. This "
17561
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17562
"<emphasis>ldap_kadmin_dn</emphasis> options in "
17563
"<filename>/etc/krb5.conf</filename>:"
17566
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
17568
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
17569
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17572
#: serverguide/C/network-auth.xml:2920(para)
17573
msgid "Copy the CA certificate from the LDAP server:"
17576
#: serverguide/C/network-auth.xml:2925(command)
17577
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17580
#: serverguide/C/network-auth.xml:2926(command)
17581
msgid "sudo cp cacert.pem /etc/ssl/certs"
17584
#: serverguide/C/network-auth.xml:2929(para)
17586
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17589
#: serverguide/C/network-auth.xml:2933(programlisting)
17593
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17596
#: serverguide/C/network-auth.xml:2938(para)
17598
"The certificate will also need to be copied to the Secondary KDC, to allow "
17599
"the connection to the LDAP servers using LDAPS."
17602
#: serverguide/C/network-auth.xml:2947(para)
17604
"You can now add Kerberos principals to the LDAP database, and they will be "
17605
"copied to any other LDAP servers configured for replication. To add a "
17606
"principal using the <application>kadmin.local</application> utility enter:"
17609
#: serverguide/C/network-auth.xml:2955(userinput)
17611
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17614
#: serverguide/C/network-auth.xml:2954(computeroutput)
17617
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17618
"kadmin.local: <placeholder-1/>\n"
17619
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
17620
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
17621
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
17622
"Principal \"steve@EXAMPLE.COM\" created."
17625
#: serverguide/C/network-auth.xml:2962(para)
17627
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17628
"krbExtraData attributes added to the "
17629
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
17630
"the <application>kinit</application> and <application>klist</application> "
17631
"utilities to test that the user is indeed issued a ticket."
17634
#: serverguide/C/network-auth.xml:2969(para)
17636
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17637
"option is needed to add the Kerberos attributes. Otherwise a new "
17638
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17641
#: serverguide/C/network-auth.xml:2977(title)
17642
msgid "Secondary KDC Configuration"
17645
#: serverguide/C/network-auth.xml:2979(para)
17647
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17648
"one using the normal Kerberos database."
17651
#: serverguide/C/network-auth.xml:2985(para)
17652
msgid "First, install the necessary packages. In a terminal enter:"
17655
#: serverguide/C/network-auth.xml:2996(para)
17657
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17660
#: serverguide/C/network-auth.xml:3000(programlisting)
17665
" default_realm = EXAMPLE.COM\n"
17670
" EXAMPLE.COM = {\n"
17671
" kdc = kdc01.example.com\n"
17672
" kdc = kdc02.example.com\n"
17673
" admin_server = kdc01.example.com\n"
17674
" admin_server = kdc02.example.com\n"
17675
" default_domain = example.com\n"
17676
" database_module = openldap_ldapconf\n"
17682
" .example.com = EXAMPLE.COM\n"
17687
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17690
" openldap_ldapconf = {\n"
17691
" db_library = kldap\n"
17692
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17694
" # this object needs to have read rights on\n"
17695
" # the realm container, principal container and realm sub-"
17697
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17699
" # this object needs to have read and write rights on\n"
17700
" # the realm container, principal container and realm sub-"
17702
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17703
" ldap_servers = ldaps://ldap01.example.com "
17704
"ldaps://ldap02.example.com\n"
17705
" ldap_conns_per_server = 5\n"
17709
#: serverguide/C/network-auth.xml:3047(para)
17710
msgid "Create the stash for the LDAP bind password:"
17713
#: serverguide/C/network-auth.xml:3058(para)
17715
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17716
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17717
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
17718
"encrypted connection such as <application>scp</application>, or on physical "
17722
#: serverguide/C/network-auth.xml:3065(command)
17723
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17726
#: serverguide/C/network-auth.xml:3066(command)
17727
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17730
#: serverguide/C/network-auth.xml:3070(para)
17732
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17735
#: serverguide/C/network-auth.xml:3078(para)
17736
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17739
#: serverguide/C/network-auth.xml:3089(para)
17741
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17742
"you should be able to continue to authenticate users if one LDAP server, one "
17743
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17746
#: serverguide/C/network-auth.xml:3101(para)
17748
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17749
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17750
"Guide</ulink> has some additional details."
17753
#: serverguide/C/network-auth.xml:3107(para)
17755
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17756
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17757
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
17758
"5.6</ulink> and the <ulink "
17759
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
17760
"tml\">kdb5_ldap_util man page</ulink>."
17763
#: serverguide/C/network-auth.xml:3115(para)
17765
"Another useful link is the <ulink "
17766
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
17767
">krb5.conf man page</ulink>."
17770
#: serverguide/C/network-auth.xml:3120(para)
17772
"Also, see the <ulink "
17773
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17774
"and LDAP</ulink> Ubuntu wiki page."
17777
#: serverguide/C/monitoring.xml:13(title)
17781
#: serverguide/C/monitoring.xml:17(para)
17783
"The monitoring of essential servers and services is an important part of "
17784
"system administration. Most network services are monitored for performance, "
17785
"availability, or both. This section will cover installation and "
17786
"configuration of <application>Nagios</application> for availability "
17787
"monitoring, and <application>Munin</application> for performance monitoring."
17790
#: serverguide/C/monitoring.xml:24(para)
17792
"The examples in this section will use two servers with hostnames "
17793
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
17794
"<emphasis>Server01</emphasis> will be configured with "
17795
"<application>Nagios</application> to monitor services on itself and "
17796
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
17797
"<application>munin</application> package to gather information from the "
17798
"network. Using the <application>munin-node</application> package, "
17799
"<emphasis>server02</emphasis> will be configured to send information to "
17800
"<emphasis>server01</emphasis>."
17803
#: serverguide/C/monitoring.xml:33(para)
17805
"Hopefully these simple examples will allow you to monitor additional servers "
17806
"and services on your network."
17809
#: serverguide/C/monitoring.xml:39(title)
17813
#: serverguide/C/monitoring.xml:44(para)
17815
"First, on <emphasis>server01</emphasis> install the "
17816
"<application>nagios</application> package. In a terminal enter:"
17819
#: serverguide/C/monitoring.xml:50(command)
17820
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
17823
#: serverguide/C/monitoring.xml:53(para)
17825
"You will be asked to enter a password for the "
17826
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
17827
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
17828
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
17829
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
17830
"of the <application>apache2-utils</application> package."
17833
#: serverguide/C/monitoring.xml:60(para)
17835
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
17839
#: serverguide/C/monitoring.xml:65(command)
17840
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
17843
#: serverguide/C/monitoring.xml:68(para)
17844
msgid "To add a user:"
17847
#: serverguide/C/monitoring.xml:73(command)
17848
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
17851
#: serverguide/C/monitoring.xml:76(para)
17853
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
17854
"server</application> package. From a terminal on server02 enter:"
17857
#: serverguide/C/monitoring.xml:82(command)
17858
msgid "sudo apt-get install nagios-nrpe-server"
17861
#: serverguide/C/monitoring.xml:86(para)
17863
"<application>NRPE</application> allows you to execute local checks on remote "
17864
"hosts. There are other ways of accomplishing this through other Nagios "
17865
"plugins as well as other checks."
17868
#: serverguide/C/monitoring.xml:94(title)
17869
msgid "Configuration Overview"
17872
#: serverguide/C/monitoring.xml:96(para)
17874
"There are a couple of directories containing "
17875
"<application>Nagios</application> configuration and check files."
17878
#: serverguide/C/monitoring.xml:102(para)
17880
"<filename>/etc/nagios3</filename>: contains configuration files for the "
17881
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
17885
#: serverguide/C/monitoring.xml:108(para)
17887
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
17891
#: serverguide/C/monitoring.xml:113(para)
17893
"<filename>/etc/nagios</filename>: on the remote host contains the "
17894
"<application>nagios-nrpe-server</application> configuration files."
17897
#: serverguide/C/monitoring.xml:118(para)
17899
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
17900
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
17903
#: serverguide/C/monitoring.xml:123(para)
17904
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
17907
#: serverguide/C/monitoring.xml:129(para)
17909
"There are a plethora of checks <application>Nagios</application> can be "
17910
"configured to execute for any given host. For this example Nagios will be "
17911
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
17912
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
17913
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
17916
#: serverguide/C/monitoring.xml:136(para)
17918
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
17919
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
17922
#: serverguide/C/monitoring.xml:141(para)
17924
"Additionally, there are some terms that once explained will hopefully make "
17925
"understanding Nagios configuration easier:"
17928
#: serverguide/C/monitoring.xml:147(para)
17930
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
17931
"is being monitored."
17934
#: serverguide/C/monitoring.xml:152(para)
17936
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
17937
"could group all web servers, file server, etc."
17940
#: serverguide/C/monitoring.xml:157(para)
17942
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
17943
"as HTTP, DNS, NFS, etc."
17946
#: serverguide/C/monitoring.xml:162(para)
17948
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
17949
"together. This is useful for grouping multiple HTTP for example."
17952
#: serverguide/C/monitoring.xml:168(para)
17954
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
17955
"place. Nagios can be configured to send emails, SMS messages, etc."
17958
#: serverguide/C/monitoring.xml:174(para)
17960
"By default Nagios is configured to check HTTP, disk space, SSH, current "
17961
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
17962
"will also <application>ping</application> check the "
17963
"<emphasis>gateway</emphasis>."
17966
#: serverguide/C/monitoring.xml:179(para)
17968
"Large Nagios installations can be quite complex to configure. It is usually "
17969
"best to start small, one or two hosts, get things configured the way you "
17970
"like then expand."
17973
#: serverguide/C/monitoring.xml:194(para)
17975
"First, create a <emphasis>host</emphasis> configuration file for "
17976
"<emphasis>server02</emphasis>. In a terminal enter:"
17979
#: serverguide/C/monitoring.xml:199(command)
17981
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
17982
"/etc/nagios3/conf.d/server02.cfg"
17985
#: serverguide/C/monitoring.xml:203(para)
17987
"In the above and following command examples, replace "
17988
"<emphasis>\"server01\"</emphasis>, "
17989
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
17990
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
17994
#: serverguide/C/monitoring.xml:212(para)
17995
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17998
#: serverguide/C/monitoring.xml:216(programlisting)
18003
" use generic-host ; Name of host "
18004
"template to use\n"
18005
" host_name server02\n"
18006
" alias Server 02\n"
18007
" address 172.18.100.101\n"
18010
"# check DNS service.\n"
18011
"define service {\n"
18012
" use generic-service\n"
18013
" host_name server02\n"
18014
" service_description DNS\n"
18015
" check_command check_dns!172.18.100.101\n"
18019
#: serverguide/C/monitoring.xml:236(para)
18021
"Restart the <application>nagios</application> daemon to enable the new "
18025
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
18026
msgid "sudo /etc/init.d/nagios3 restart"
18029
#: serverguide/C/monitoring.xml:251(para)
18031
"Now add a service definition for the MySQL check by adding the following to "
18032
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
18035
#: serverguide/C/monitoring.xml:255(programlisting)
18039
"# check MySQL servers.\n"
18040
"define service {\n"
18041
" hostgroup_name mysql-servers\n"
18042
" service_description MySQL\n"
18044
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
18045
" use generic-service\n"
18046
" notification_interval 0 ; set > 0 if you want to be "
18051
#: serverguide/C/monitoring.xml:269(para)
18053
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
18054
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
18057
#: serverguide/C/monitoring.xml:274(programlisting)
18061
"# MySQL hostgroup.\n"
18062
"define hostgroup {\n"
18063
" hostgroup_name mysql-servers\n"
18064
" alias MySQL servers\n"
18065
" members localhost, server02\n"
18069
#: serverguide/C/monitoring.xml:286(para)
18071
"The Nagios check needs to authenticate to MySQL. To add a "
18072
"<emphasis>nagios</emphasis> user to MySQL enter:"
18075
#: serverguide/C/monitoring.xml:291(command)
18076
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
18079
#: serverguide/C/monitoring.xml:295(para)
18081
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
18082
"<emphasis>mysql-servers</emphasis> hostgroup."
18085
#: serverguide/C/monitoring.xml:303(para)
18087
"Restart <application>nagios</application> to start checking the MySQL "
18091
#: serverguide/C/monitoring.xml:318(para)
18093
"Lastly configure NRPE to check the disk space on "
18094
"<emphasis>server02</emphasis>."
18097
#: serverguide/C/monitoring.xml:322(para)
18099
"On <emphasis>server01</emphasis> add the service check to "
18100
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
18103
#: serverguide/C/monitoring.xml:327(programlisting)
18107
"# NRPE disk check.\n"
18108
"define service {\n"
18109
" use generic-service\n"
18110
" host_name server02\n"
18111
" service_description nrpe-disk\n"
18113
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
18117
#: serverguide/C/monitoring.xml:340(para)
18119
"Now on <emphasis>server02</emphasis> edit "
18120
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
18123
#: serverguide/C/monitoring.xml:344(programlisting)
18127
"allowed_hosts=172.18.100.100\n"
18130
#: serverguide/C/monitoring.xml:348(para)
18131
msgid "And below in the command definition area add:"
18134
#: serverguide/C/monitoring.xml:352(programlisting)
18138
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
18142
#: serverguide/C/monitoring.xml:359(para)
18143
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
18146
#: serverguide/C/monitoring.xml:364(command)
18147
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
18150
#: serverguide/C/monitoring.xml:370(para)
18152
"Also, on <emphasis>server01</emphasis> restart "
18153
"<application>nagios</application>:"
18156
#: serverguide/C/monitoring.xml:383(para)
18158
"You should now be able to see the host and service checks in the Nagios CGI "
18159
"files. To access them point a browser to http://server01/nagios3. You will "
18160
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
18164
#: serverguide/C/monitoring.xml:393(para)
18166
"This section has just scratched the surface of Nagios' features. The "
18167
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
18168
"plugins</application> contain many more service checks."
18171
#: serverguide/C/monitoring.xml:400(para)
18173
"For more information see <ulink "
18174
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
18177
#: serverguide/C/monitoring.xml:405(para)
18179
"Specifically the <ulink "
18180
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
18184
#: serverguide/C/monitoring.xml:410(para)
18186
"There is also a list of <ulink "
18187
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
18188
"Nagios and network monitoring:"
18191
#: serverguide/C/monitoring.xml:416(para)
18193
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
18194
"Wiki</ulink> page also has more details."
18197
#: serverguide/C/monitoring.xml:425(title)
18201
#: serverguide/C/monitoring.xml:430(para)
18203
"Before installing <application>Munin</application> on "
18204
"<emphasis>server01</emphasis><application>apache2</application> will need to "
18205
"be installed. The default configuration is fine for running a "
18206
"<application>munin</application> server. For more information see <xref "
18207
"linkend=\"httpd\"/>."
18210
#: serverguide/C/monitoring.xml:436(para)
18212
"First, on <emphasis>server01</emphasis> install "
18213
"<application>munin</application>. In a terminal enter:"
18216
#: serverguide/C/monitoring.xml:441(command)
18217
msgid "sudo apt-get install munin"
18220
#: serverguide/C/monitoring.xml:444(para)
18222
"Now on <emphasis>server02</emphasis> install the <application>munin-"
18223
"node</application> package:"
18226
#: serverguide/C/monitoring.xml:449(command)
18227
msgid "sudo apt-get install munin-node"
18230
#: serverguide/C/monitoring.xml:456(para)
18232
"On <emphasis>server01</emphasis> edit the "
18233
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
18234
"<emphasis>server02</emphasis>:"
18237
#: serverguide/C/monitoring.xml:461(programlisting)
18241
"## First our \"normal\" host.\n"
18243
" address 172.18.100.101\n"
18246
#: serverguide/C/monitoring.xml:468(para)
18248
"Replace <emphasis>server02</emphasis> and "
18249
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
18253
#: serverguide/C/monitoring.xml:474(para)
18255
"Next, configure <application>munin-node</application> on "
18256
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
18257
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
18260
#: serverguide/C/monitoring.xml:479(programlisting)
18264
"allow ^172\\.18\\.100\\.100$\n"
18267
#: serverguide/C/monitoring.xml:484(para)
18269
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
18270
"<application>munin</application> server."
18273
#: serverguide/C/monitoring.xml:489(para)
18275
"Now restart <application>munin-node</application> on "
18276
"<emphasis>server02</emphasis> for the changes to take effect:"
18279
#: serverguide/C/monitoring.xml:494(command)
18280
msgid "sudo /etc/init.d/munin-node restart"
18283
#: serverguide/C/monitoring.xml:497(para)
18285
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
18286
"you should see links to nice graphs displaying information from the standard "
18287
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
18290
#: serverguide/C/monitoring.xml:503(para)
18292
"Since this is a new install it may take some time for the graphs to display "
18296
#: serverguide/C/monitoring.xml:510(title)
18297
msgid "Additional Plugins"
18300
#: serverguide/C/monitoring.xml:512(para)
18302
"The <application>munin-plugins-extra</application> package contains "
18303
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
18304
"install the package, from a terminal enter:"
18307
#: serverguide/C/monitoring.xml:518(command)
18308
msgid "sudo apt-get install munin-plugins-extra"
18311
#: serverguide/C/monitoring.xml:521(para)
18312
msgid "Be sure to install the package on both the server and node machines."
18315
#: serverguide/C/monitoring.xml:531(para)
18317
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
18318
"website for more details."
18321
#: serverguide/C/monitoring.xml:536(para)
18323
"Specifically the <ulink "
18324
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
18325
"Documentation</ulink> page includes information on additional plugins, "
18326
"writing plugins, etc."
18329
#: serverguide/C/monitoring.xml:542(para)
18331
"Also, there is a book in German by Open Source Press: <ulink "
18332
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
18333
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
18336
#: serverguide/C/monitoring.xml:548(para)
18338
"Another resource is the <ulink "
18339
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
18343
#: serverguide/C/mail.xml:13(title)
18344
msgid "Email Services"
18347
#: serverguide/C/mail.xml:14(para)
18349
"The process of getting an email from one person to another over a network or "
18350
"the Internet involves many systems working together. Each of these systems "
18351
"must be correctly configured for the process to work. The sender uses a "
18352
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
18353
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
18354
"the last of which will hand it off to a <emphasis>Mail Delivery "
18355
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
18356
"it will be retrieved by the recipient's email client, usually via a POP3 or "
18360
"上从一个人得到邮件给另一个人的处理过程包含许多系统的协同工作。这些系统中的每一个都必须配置正确以便可以正常工作。发送者使用一个 <emphasis>邮件用"
18361
"户代理</emphasis> (MUA),或邮件客户端通过一个或多个 <emphasis>邮件传输代理</emphasis> (MTA) "
18362
"来发送信息,最后一个将信息送到 <emphasis>邮件投递代理</emphasis> (MDA) "
18363
"以便将其投递到接受者的收件箱中。该信息将会被接受者邮件客户端检索到,通常是通过 POP3 或 IMAP 服务器。"
18365
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
18369
#: serverguide/C/mail.xml:25(para)
18371
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
18372
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
18373
"compatible with the MTA <application>sendmail</application>. This section "
18374
"explains how to install and configure <application>postfix</application>. It "
18375
"also explains how to set it up as an SMTP server using a secure connection "
18376
"(for sending emails securely)."
18378
"<application>Postfix</application> 是 Ubuntu 中缺省的邮件传输代理 "
18379
"(MTA)。它试图变得快捷、易于管理和安全。它与 MTA <application>sendmail</application> "
18380
"兼容。这部分内容说明如何安装和配置 <application>postfix</application>。还说明如何将它设置成使用安全连接的 SMTP "
18383
#: serverguide/C/mail.xml:34(para)
18385
"This guide does not cover setting up Postfix <emphasis>Virtual "
18386
"Domains</emphasis>, for information on Virtual Domains and other advanced "
18387
"configurations see <xref linkend=\"postfix-references\"/>."
18390
#: serverguide/C/mail.xml:41(para)
18392
"To install <application>postfix</application> run the following command:"
18395
#: serverguide/C/mail.xml:47(para)
18397
"Simply press return when the installation process asks questions, the "
18398
"configuration will be done in greater detail in the next stage."
18401
#: serverguide/C/mail.xml:52(title)
18402
msgid "Basic Configuration"
18405
#: serverguide/C/mail.xml:53(para)
18407
"To configure <application>postfix</application>, run the following command:"
18410
#: serverguide/C/mail.xml:57(command)
18411
msgid "sudo dpkg-reconfigure postfix"
18412
msgstr "sudo dpkg-reconfigure postfix"
18414
#: serverguide/C/mail.xml:63(para)
18415
msgid "Internet Site"
18416
msgstr "Internet 站点"
18418
#: serverguide/C/mail.xml:64(para)
18419
msgid "mail.example.com"
18420
msgstr "mail.example.com"
18422
#: serverguide/C/mail.xml:65(para)
18426
#: serverguide/C/mail.xml:66(para)
18427
msgid "mail.example.com, localhost.localdomain, localhost"
18428
msgstr "mail.example.com, localhost.localdomain, localhost"
18430
#: serverguide/C/mail.xml:67(para)
18434
#: serverguide/C/mail.xml:68(para)
18435
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
18438
#: serverguide/C/mail.xml:69(para)
18442
#: serverguide/C/mail.xml:70(para)
18446
#: serverguide/C/mail.xml:71(para)
18450
#: serverguide/C/mail.xml:59(para)
18452
"The user interface will be displayed. On each screen, select the following "
18453
"values: <placeholder-1/>"
18456
#: serverguide/C/mail.xml:75(para)
18458
"Replace mail.example.com with the domain for which you'll accept email, "
18459
"192.168.0.0/24 with the actual network and class range of your mail server, "
18460
"and steve with the appropriate username."
18463
#: serverguide/C/mail.xml:81(para)
18465
"Now is a good time to decide which mailbox format you want to use. By "
18466
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
18467
"mailbox format. Rather than editing the configuration file directly, you can "
18468
"use the <command>postconf</command> command to configure all "
18469
"<application>postfix</application> parameters. The configuration parameters "
18470
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
18471
"you wish to re-configure a particular parameter, you can either run the "
18472
"command or change it manually in the file."
18475
#: serverguide/C/mail.xml:92(para)
18477
"To configure the mailbox format for <emphasis "
18478
"role=\"strong\">Maildir:</emphasis>"
18481
#: serverguide/C/mail.xml:97(command)
18482
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
18483
msgstr "sudo postconf -e 'home_mailbox = Maildir/'"
18485
#: serverguide/C/mail.xml:100(para)
18487
"This will place new mail in /home/<emphasis "
18488
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
18489
"your Mail Delivery Agent (MDA) to use the same path."
18492
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
18493
msgid "SMTP Authentication"
18496
#: serverguide/C/mail.xml:110(para)
18498
"SMTP-AUTH allows a client to identify itself through an authentication "
18499
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
18500
"the authentication process. Once authenticated the SMTP server will allow "
18501
"the client to relay mail."
18504
#: serverguide/C/mail.xml:117(para)
18505
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
18508
#: serverguide/C/mail.xml:120(screen)
18512
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
18513
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
18514
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
18515
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
18516
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
18517
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
18518
"sudo postconf -e 'smtpd_recipient_restrictions = "
18519
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
18520
"sudo postconf -e 'inet_interfaces = all'\n"
18523
#: serverguide/C/mail.xml:131(para)
18525
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
18526
"the Postfix queue directory."
18529
#: serverguide/C/mail.xml:137(para)
18531
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
18532
"and-security\"/> for details. This example also uses a Certificate Authority "
18533
"(CA). For information on generating a CA certificate see <xref "
18534
"linkend=\"certificate-authority\"/>."
18537
#: serverguide/C/mail.xml:143(para)
18539
"You can get the digital certificate from a certificate authority. But unlike "
18540
"web clients, SMTP clients rarely complain about \"self-signed "
18541
"certificates\", so alternatively, you can create the certificate yourself. "
18542
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
18546
#: serverguide/C/mail.xml:155(para)
18548
"Once you have a certificate, configure Postfix to provide TLS encryption for "
18549
"both incoming and outgoing mail:"
18552
#: serverguide/C/mail.xml:158(screen)
18556
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
18557
"sudo postconf -e 'smtp_use_tls = yes'\n"
18558
"sudo postconf -e 'smtpd_use_tls = yes'\n"
18559
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
18560
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
18561
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
18562
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
18563
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
18564
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
18565
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
18566
"sudo postconf -e 'myhostname = mail.example.com'\n"
18569
#: serverguide/C/mail.xml:173(para)
18571
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
18572
"the certificate enter:"
18575
#: serverguide/C/mail.xml:177(command)
18576
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
18579
#: serverguide/C/mail.xml:180(para)
18581
"Again, for more details about certificates see <xref linkend=\"certificates-"
18582
"and-security\"/>."
18585
#: serverguide/C/mail.xml:186(para)
18587
"After running all the commands, <application>Postfix</application> is "
18588
"configured for SMTP-AUTH and a self-signed certificate has been created for "
18592
#: serverguide/C/mail.xml:191(para)
18594
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
18595
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
18597
"现在文件 <filename>/etc/postfix/main.cf</filename> 看上去就象 <ulink "
18598
"url=\"../sample/postfix_configuration\">这样</ulink>。"
18600
#: serverguide/C/mail.xml:195(para)
18602
"The postfix initial configuration is complete. Run the following command to "
18603
"restart the postfix daemon:"
18606
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
18607
msgid "sudo /etc/init.d/postfix restart"
18608
msgstr "sudo /etc/init.d/postfix restart"
18610
#: serverguide/C/mail.xml:204(para)
18612
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
18613
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
18614
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
18615
"However it is still necessary to set up SASL authentication before you can "
18619
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
18620
msgid "Configuring SASL"
18623
#: serverguide/C/mail.xml:215(para)
18625
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
18626
"enable Dovecot SASL the <application>dovecot-common</application> package "
18627
"will need to be installed. From a terminal prompt enter the following:"
18630
#: serverguide/C/mail.xml:221(command)
18631
msgid "sudo apt-get install dovecot-common"
18632
msgstr "sudo apt-get install dovecot-common"
18634
#: serverguide/C/mail.xml:223(para)
18636
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
18637
"In the <emphasis>auth default</emphasis> section uncomment the "
18638
"<emphasis>socket listen</emphasis> option and change the following:"
18641
#: serverguide/C/mail.xml:227(programlisting)
18645
" socket listen {\n"
18647
" # Master socket provides access to userdb information. It's typically\n"
18648
" # used to give Dovecot's local delivery agent access to userdb so it\n"
18649
" # can find mailbox locations.\n"
18650
" #path = /var/run/dovecot/auth-master\n"
18652
" # Default user/group is the one who started dovecot-auth (root)\n"
18657
" # The client socket is generally safe to export to everyone. Typical "
18659
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
18661
" path = /var/spool/postfix/private/auth-client\n"
18663
" user = postfix\n"
18664
" group = postfix\n"
18669
#: serverguide/C/mail.xml:251(para)
18671
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
18672
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
18673
"add <emphasis>\"login\"</emphasis>:"
18676
#: serverguide/C/mail.xml:256(programlisting)
18680
" mechanisms = plain login\n"
18683
#: serverguide/C/mail.xml:260(para)
18685
"Once you have <application>Dovecot</application> configured restart it with:"
18688
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
18689
msgid "sudo /etc/init.d/dovecot restart"
18692
#: serverguide/C/mail.xml:269(title)
18693
msgid "Postfix-Dovecot"
18696
#: serverguide/C/mail.xml:271(para)
18698
"Another option for configuring <application>Postfix</application> for SMTP-"
18699
"AUTH is using the <application>dovecot-postfix</application> package. This "
18700
"package will install <application>Dovecot</application> and configure "
18701
"<application>Postfix</application> to use it for both SASL authentication "
18702
"and as a Mail Delivery Agent (MDA). The package also configures "
18703
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
18706
#: serverguide/C/mail.xml:280(para)
18708
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
18709
"server. For example, if you are configuring your server to be a mail "
18710
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
18711
"the above commands to configure Postfix for SMTPAUTH."
18714
#: serverguide/C/mail.xml:287(para)
18715
msgid "To install the package, from a terminal prompt enter:"
18718
#: serverguide/C/mail.xml:292(command)
18719
msgid "sudo apt-get install dovecot-postfix"
18722
#: serverguide/C/mail.xml:295(para)
18724
"You should now have a working mail server, but there are a few options that "
18725
"you may wish to further customize. For example, the package uses the "
18726
"certificate and key from the <application>ssl-cert</application> package, "
18727
"and in a production environment you should use a certificate and key "
18728
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
18729
"for more details."
18732
#: serverguide/C/mail.xml:301(para)
18734
"Once you have a customized certificate and key for the host, change the "
18735
"following options in <filename>/etc/postfix/main.cf</filename>:"
18738
#: serverguide/C/mail.xml:305(programlisting)
18742
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
18743
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
18746
#: serverguide/C/mail.xml:310(para)
18747
msgid "Then restart Postfix:"
18750
#: serverguide/C/mail.xml:321(para)
18752
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
18755
#: serverguide/C/mail.xml:324(para)
18756
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
18759
#: serverguide/C/mail.xml:329(command)
18760
msgid "telnet mail.example.com 25"
18761
msgstr "telnet mail.example.com 25"
18763
#: serverguide/C/mail.xml:331(para)
18765
"After you have established the connection to the postfix mail server, type:"
18768
#: serverguide/C/mail.xml:335(screen)
18772
"ehlo mail.example.com\n"
18775
"ehlo mail.example.com\n"
18777
#: serverguide/C/mail.xml:338(para)
18779
"If you see the following lines among others, then everything is working "
18780
"perfectly. Type <command>quit</command> to exit."
18783
#: serverguide/C/mail.xml:342(programlisting)
18788
"250-AUTH LOGIN PLAIN\n"
18789
"250-AUTH=LOGIN PLAIN\n"
18794
"250-AUTH LOGIN PLAIN\n"
18795
"250-AUTH=LOGIN PLAIN\n"
18798
#: serverguide/C/mail.xml:352(para)
18800
"This section introduces some common ways to determine the cause if problems "
18804
#: serverguide/C/mail.xml:356(title)
18805
msgid "Escaping chroot"
18808
#: serverguide/C/mail.xml:357(para)
18810
"The Ubuntu <application>postfix</application> package will by default "
18811
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
18812
"This can add greater complexity when troubleshooting problems."
18815
#: serverguide/C/mail.xml:361(para)
18817
"To turn off the chroot operation locate for the following line in the "
18818
"<filename>/etc/postfix/master.cf</filename> configuration file:"
18821
#: serverguide/C/mail.xml:365(screen)
18825
"smtp inet n - - - - smtpd\n"
18828
"smtp inet n - - - - smtpd\n"
18830
#: serverguide/C/mail.xml:368(para)
18831
msgid "and modify it as follows:"
18834
#: serverguide/C/mail.xml:371(screen)
18838
"smtp inet n - n - - smtpd\n"
18841
"smtp inet n - n - - smtpd\n"
18843
#: serverguide/C/mail.xml:374(para)
18845
"You will then need to restart Postfix to use the new configuration. From a "
18846
"terminal prompt enter:"
18849
#: serverguide/C/mail.xml:382(title)
18853
#: serverguide/C/mail.xml:383(para)
18855
"<application>Postfix</application> sends all log messages to "
18856
"<filename>/var/log/mail.log</filename>. However error and warning messages "
18857
"can sometimes get lost in the normal log output so they are also logged to "
18858
"<filename>/var/log/mail.err</filename> and "
18859
"<filename>/var/log/mail.warn</filename> respectively."
18862
#: serverguide/C/mail.xml:388(para)
18864
"To see messages entered into the logs in real time you can use the "
18865
"<application>tail -f</application> command:"
18868
#: serverguide/C/mail.xml:393(command)
18869
msgid "tail -f /var/log/mail.err"
18870
msgstr "tail -f /var/log/mail.err"
18872
#: serverguide/C/mail.xml:395(para)
18874
"The amount of detail that is recorded in the logs can be increased. Below "
18875
"are some configuration options for increasing the log level for some of the "
18876
"areas covered above."
18879
#: serverguide/C/mail.xml:401(para)
18881
"To increase <emphasis>TLS</emphasis> activity logging set the "
18882
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
18885
#: serverguide/C/mail.xml:405(command)
18886
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18887
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18889
#: serverguide/C/mail.xml:409(para)
18891
"If you are having trouble sending or receiving mail from a specific domain "
18892
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
18895
#: serverguide/C/mail.xml:414(command)
18896
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
18897
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
18899
#: serverguide/C/mail.xml:418(para)
18901
"You can increase the verbosity of any <application>Postfix</application> "
18902
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
18903
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
18904
"<emphasis>smtp</emphasis> entry:"
18907
#: serverguide/C/mail.xml:422(programlisting)
18911
"smtp unix - - - - - smtp -v\n"
18914
"smtp unix - - - - - smtp -v\n"
18916
#: serverguide/C/mail.xml:428(para)
18918
"It is important to note that after making one of the logging changes above "
18919
"the <application>Postfix</application> process will need to be reloaded in "
18920
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
18924
#: serverguide/C/mail.xml:435(para)
18926
"To increase the amount of information logged when troubleshooting "
18927
"<emphasis>SASL</emphasis> issues you can set the following options in "
18928
"<filename>/etc/dovecot/dovecot.conf</filename>"
18931
#: serverguide/C/mail.xml:439(programlisting)
18936
"auth_debug_passwords=yes\n"
18940
"auth_debug_passwords=yes\n"
18942
#: serverguide/C/mail.xml:446(para)
18944
"Just like <application>Postfix</application> if you change a "
18945
"<application>Dovecot</application> configuration the process will need to be "
18946
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
18949
#: serverguide/C/mail.xml:452(para)
18951
"Some of the options above can drastically increase the amount of information "
18952
"sent to the log files. Remember to return the log level back to normal after "
18953
"you have corrected the problem. Then reload the appropriate daemon for the "
18954
"new configuration to take affect."
18957
#: serverguide/C/mail.xml:460(para)
18959
"Administering a <application>Postfix</application> server can be a very "
18960
"complicated task. At some point you may need to turn to the Ubuntu community "
18961
"for more experienced help."
18964
#: serverguide/C/mail.xml:464(para)
18966
"A great place to ask for <application>Postfix</application> assistance, and "
18967
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
18968
"server</emphasis> IRC channel on <ulink "
18969
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
18970
"one of the <ulink "
18971
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
18974
#: serverguide/C/mail.xml:469(para)
18976
"For in depth <application>Postfix</application> information Ubuntu "
18977
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
18978
"Book of Postfix</ulink>."
18981
#: serverguide/C/mail.xml:473(para)
18983
"Finally, the <ulink "
18984
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
18985
"also has great documentation on all the different configuration options "
18989
#: serverguide/C/mail.xml:477(para)
18991
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
18992
"Wiki Postifx</ulink> page has more information."
18995
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
18999
#: serverguide/C/mail.xml:486(para)
19001
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
19002
"developed at the University of Cambridge for use on Unix systems connected "
19003
"to the Internet. Exim can be installed in place of "
19004
"<application>sendmail</application>, although the configuration of "
19005
"<application>exim</application> is quite different to that of "
19006
"<application>sendmail</application>."
19009
#: serverguide/C/mail.xml:497(para)
19011
"To install <application>exim4</application>, run the following command: "
19013
"<command>sudo apt-get install exim4</command>\n"
19017
#: serverguide/C/mail.xml:506(para)
19019
"To configure <application>Exim4</application>, run the following command:"
19022
#: serverguide/C/mail.xml:510(command)
19023
msgid "sudo dpkg-reconfigure exim4-config"
19024
msgstr "sudo dpkg-reconfigure exim4-config"
19026
#: serverguide/C/mail.xml:512(para)
19028
"The user interface will be displayed. The user interface lets you configure "
19029
"many parameters. For example, In <application>Exim4</application> the "
19030
"configuration files are split among multiple files. If you wish to have them "
19031
"in one file you can configure accordingly in this user interface."
19034
#: serverguide/C/mail.xml:520(para)
19036
"All the parameters you configure in the user interface are stored in "
19037
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
19038
"re-configure, either you re-run the configuration wizard or manually edit "
19039
"this file using your favorite editor. Once you configure, you can run the "
19040
"following command to generate the master configuration file:"
19043
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
19044
msgid "sudo update-exim4.conf"
19045
msgstr "sudo update-exim4.conf"
19047
#: serverguide/C/mail.xml:533(para)
19049
"The master configuration file, is generated and it is stored in "
19050
"<filename>/var/lib/exim4/config.autogenerated</filename>."
19053
#: serverguide/C/mail.xml:539(para)
19055
"At any time, you should not edit the master configuration file, "
19056
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
19057
"updated automatically every time you run <command>update-exim4.conf</command>"
19059
"在任何时候,你都不要手工编辑主配置文件 "
19060
"<filename>/var/lib/exim4/config.autogenerated</filename>。它在每次您运行 "
19061
"<command>update-exim4.conf</command> 之后会自动更新。"
19063
#: serverguide/C/mail.xml:547(para)
19065
"You can run the following command to start <application>Exim4</application> "
19069
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
19070
msgid "sudo /etc/init.d/exim4 start"
19071
msgstr "sudo /etc/init.d/exim4 start"
19073
#: serverguide/C/mail.xml:557(para)
19075
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
19078
#: serverguide/C/mail.xml:560(para)
19080
"The first step is to create a certificate for use with TLS. Enter the "
19081
"following into a terminal prompt:"
19084
#: serverguide/C/mail.xml:564(command)
19085
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19086
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
19088
#: serverguide/C/mail.xml:566(para)
19090
"Now Exim4 needs to be configured for TLS by editing "
19091
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
19095
#: serverguide/C/mail.xml:570(programlisting)
19099
"MAIN_TLS_ENABLE = yes\n"
19102
"MAIN_TLS_ENABLE = yes\n"
19104
#: serverguide/C/mail.xml:573(para)
19106
"Next you need to configure <application>Exim4</application> to use the "
19107
"<application>saslauthd</application> for authentication. Edit "
19108
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
19109
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
19110
"<emphasis>login_saslauthd_server</emphasis> sections:"
19113
#: serverguide/C/mail.xml:578(programlisting)
19117
" plain_saslauthd_server:\n"
19118
" driver = plaintext\n"
19119
" public_name = PLAIN\n"
19120
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
19121
" server_set_id = $auth2\n"
19122
" server_prompts = :\n"
19123
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
19124
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
19127
" login_saslauthd_server:\n"
19128
" driver = plaintext\n"
19129
" public_name = LOGIN\n"
19130
" server_prompts = \"Username:: : Password::\"\n"
19131
" # don't send system passwords over unencrypted connections\n"
19132
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
19133
" server_set_id = $auth1\n"
19134
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
19135
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
19139
#: serverguide/C/mail.xml:600(para)
19140
msgid "Finally, update the Exim4 configuration and restart the service:"
19143
#: serverguide/C/mail.xml:605(command)
19144
msgid "sudo /etc/init.d/exim4 restart"
19145
msgstr "sudo /etc/init.d/exim4 restart"
19147
#: serverguide/C/mail.xml:610(para)
19149
"This section provides details on configuring the saslauthd to provide "
19150
"authentication for <application>Exim4</application>."
19153
#: serverguide/C/mail.xml:613(para)
19155
"The first step is to install the sasl2-bin package. From a terminal prompt "
19156
"enter the following:"
19159
#: serverguide/C/mail.xml:617(command)
19160
msgid "sudo apt-get install sasl2-bin"
19161
msgstr "sudo apt-get install sasl2-bin"
19163
#: serverguide/C/mail.xml:619(para)
19165
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
19166
"and set START=no to:"
19169
#: serverguide/C/mail.xml:622(programlisting)
19178
#: serverguide/C/mail.xml:625(para)
19180
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
19181
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
19185
#: serverguide/C/mail.xml:630(command)
19186
msgid "sudo adduser Debian-exim sasl"
19187
msgstr "sudo adduser Debian-exim sasl"
19189
#: serverguide/C/mail.xml:632(para)
19190
msgid "Now start the <application>saslauthd</application> service:"
19193
#: serverguide/C/mail.xml:636(command)
19194
msgid "sudo /etc/init.d/saslauthd start"
19195
msgstr "sudo /etc/init.d/saslauthd start"
19197
#: serverguide/C/mail.xml:638(para)
19199
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
19200
"and SASL authentication."
19203
#: serverguide/C/mail.xml:647(para)
19205
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
19209
#: serverguide/C/mail.xml:652(para)
19211
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
19212
"server\">Exim4 Book</ulink> available."
19215
#: serverguide/C/mail.xml:657(para)
19217
"Another resource is the <ulink "
19218
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
19222
#: serverguide/C/mail.xml:666(title)
19223
msgid "Dovecot Server"
19224
msgstr "Dovecot 服务器"
19226
#: serverguide/C/mail.xml:667(para)
19228
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
19229
"security primarily in mind. It supports the major mailbox formats: mbox or "
19230
"Maildir. This section explain how to set it up as an imap or pop3 server."
19232
"<application>Dovecot</application> 是一个主要出于安全考虑编写的邮件投递代理。它支持主要收件箱格式:mbox 或 "
19233
"Maidir。这部分说明如何将它设为一个 imap 或 pop3 服务器。"
19235
#: serverguide/C/mail.xml:675(para)
19237
"To install <application>dovecot</application>, run the following command in "
19238
"the command prompt:"
19241
#: serverguide/C/mail.xml:680(command)
19242
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
19245
#: serverguide/C/mail.xml:685(para)
19247
"To configure <application>dovecot</application>, you can edit the file "
19248
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
19249
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
19250
"secure). A description of these protocols is beyond the scope of this guide. "
19251
"For further information, refer to the Wikipedia articles on <ulink "
19252
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
19253
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
19257
#: serverguide/C/mail.xml:695(para)
19259
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
19260
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
19261
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
19264
#: serverguide/C/mail.xml:701(programlisting)
19268
"protocols = pop3 pop3s imap imaps\n"
19271
"protocols = pop3 pop3s imap imaps\n"
19273
#: serverguide/C/mail.xml:704(para)
19275
"Next, choose the mailbox you would like to use. "
19276
"<application>Dovecot</application> supports <emphasis "
19277
"role=\"strong\">maildir</emphasis> and <emphasis "
19278
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
19279
"mailbox formats. They both have their own benefits and are discussed on "
19280
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
19284
#: serverguide/C/mail.xml:712(para)
19286
"Once you have chosen your mailbox type, edit the file "
19287
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
19290
#: serverguide/C/mail.xml:717(programlisting)
19294
"mail_location = maildir:~/Maildir # (for maildir)\n"
19296
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
19299
"mail_location = maildir:~/Maildir # (对于 maildir)\n"
19301
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (对于 mbox)\n"
19303
#: serverguide/C/mail.xml:723(para)
19305
"You should configure your Mail Transport Agent (MTA) to transfer the "
19306
"incoming mail to this type of mailbox if it is different from the one you "
19309
"您应当配置您的 MTA (Mail Transport Agent,邮件传输助理)来将新邮件传输到这类邮箱中,如果其与您已经配置的不同的话。"
19311
#: serverguide/C/mail.xml:729(para)
19313
"Once you have configured dovecot, restart the "
19314
"<application>dovecot</application> daemon in order to test your setup:"
19317
#: serverguide/C/mail.xml:738(para)
19319
"If you have enabled imap, or pop3, you can also try to log in with the "
19320
"commands <command>telnet localhost pop3</command> or <command>telnet "
19321
"localhost imap2</command>. If you see something like the following, the "
19322
"installation has been successful:"
19325
#: serverguide/C/mail.xml:745(programlisting)
19329
"bhuvan@rainbow:~$ telnet localhost pop3\n"
19330
"Trying 127.0.0.1...\n"
19331
"Connected to localhost.localdomain.\n"
19332
"Escape character is '^]'.\n"
19333
"+OK Dovecot ready.\n"
19336
"bhuvan@rainbow:~$ telnet localhost pop3\n"
19337
"Trying 127.0.0.1...\n"
19338
"Connected to localhost.localdomain.\n"
19339
"Escape character is '^]'.\n"
19340
"+OK Dovecot ready.\n"
19342
#: serverguide/C/mail.xml:754(title)
19343
msgid "Dovecot SSL Configuration"
19344
msgstr "Dovecot SSL 配置"
19346
#: serverguide/C/mail.xml:755(para)
19348
"To configure <application>dovecot</application> to use SSL, you can edit the "
19349
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
19353
#: serverguide/C/mail.xml:760(programlisting)
19357
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
19358
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
19359
"ssl_disable = no\n"
19360
"disable_plaintext_auth = no\n"
19363
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
19364
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
19365
"ssl_disable = no\n"
19366
"disable_plaintext_auth = no\n"
19368
#: serverguide/C/mail.xml:766(para)
19370
"You can get the SSL certificate from a Certificate Issuing Authority or you "
19371
"can create self signed SSL certificate. The latter is a good option for "
19372
"email, because SMTP clients rarely complain about \"self-signed "
19373
"certificates\". Please refer to <xref linkend=\"certificates-and-"
19374
"security\"/> for details about how to create self signed SSL certificate. "
19375
"Once you create the certificate, you will have a key file and a certificate "
19376
"file. Please copy them to the location pointed in the "
19377
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
19380
#: serverguide/C/mail.xml:781(title)
19381
msgid "Firewall Configuration for an Email Server"
19382
msgstr "邮件服务器的防火墙配置"
19384
#: serverguide/C/mail.xml:787(para)
19386
msgstr "IMAP - 143"
19388
#: serverguide/C/mail.xml:788(para)
19389
msgid "IMAPS - 993"
19390
msgstr "IMAPS - 993"
19392
#: serverguide/C/mail.xml:789(para)
19394
msgstr "POP3 - 110"
19396
#: serverguide/C/mail.xml:790(para)
19397
msgid "POP3S - 995"
19398
msgstr "POP3S - 995"
19400
#: serverguide/C/mail.xml:782(para)
19402
"To access your mail server from another computer, you must configure your "
19403
"firewall to allow connections to the server on the necessary ports. "
19405
msgstr "要从另一台计算机访问您的邮件服务器,您必须配置您的防火墙以允许连接服务器必要的端口。<placeholder-1/>"
19407
#: serverguide/C/mail.xml:799(para)
19409
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
19410
"more information."
19413
#: serverguide/C/mail.xml:804(para)
19415
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
19416
"Ubuntu Wiki</ulink> page has more details."
19419
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
19423
#: serverguide/C/mail.xml:814(para)
19425
"Mailman is an open source program for managing electronic mail discussions "
19426
"and e-newsletter lists. Many open source mailing lists (including all the "
19427
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
19428
"Mailman as their mailing list software. It is powerful and easy to install "
19431
"Mailman 是一个管理电子邮件讨论及电子通讯列表的开源程序。许多开源的邮件列表 (包括所有的 <ulink "
19432
"url=\"http://lists.ubuntu.com\">Ubuntu 邮件列表</ulink>)使用 Mailman "
19433
"作为他们的邮件列表软件。它是强大的且易于安装和维护。"
19435
#: serverguide/C/mail.xml:824(para)
19437
"Mailman provides a web interface for the administrators and users, using an "
19438
"external mail server to send and receive emails. It works perfectly with the "
19439
"following mail servers:"
19442
#: serverguide/C/mail.xml:835(application)
19446
#: serverguide/C/mail.xml:838(application)
19450
#: serverguide/C/mail.xml:841(application)
19454
#: serverguide/C/mail.xml:846(para)
19456
"We will see how to install and configure Mailman with, the Apache web "
19457
"server, and either the Postfix or Exim mail server. If you wish to install "
19458
"Mailman with a different mail server, please refer to the references section."
19461
#: serverguide/C/mail.xml:853(para)
19463
"You only need to install one mail server and "
19464
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
19467
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
19471
#: serverguide/C/mail.xml:859(para)
19473
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
19474
"installation\">HTTPD Installation</ulink> section for details."
19476
"若要安装 apache2,详情请参考 <ulink url=\"./web-servers.xml#http-installation\">HTTPD "
19479
#: serverguide/C/mail.xml:867(para)
19481
"For instructions on installing and configuring Postfix refer to <xref "
19482
"linkend=\"postfix\"/>"
19485
#: serverguide/C/mail.xml:873(para)
19486
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
19489
#: serverguide/C/mail.xml:884(application)
19490
msgid "dc_use_split_config='true'"
19491
msgstr "dc_use_split_config='true'"
19493
#: serverguide/C/mail.xml:876(para)
19495
"Once exim4 is installed, the configuration files are stored in the "
19496
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
19497
"configuration files are split across different files. You can change this "
19498
"behavior by changing the following variable in the "
19499
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
19502
#: serverguide/C/mail.xml:891(para)
19504
"To install <application>Mailman</application>, run following command at a "
19508
#: serverguide/C/mail.xml:895(command)
19509
msgid "sudo apt-get install mailman"
19510
msgstr "sudo apt-get install mailman"
19512
#: serverguide/C/mail.xml:897(para)
19514
"It copies the installation files in "
19515
"<application>/var/lib/mailman</application> directory. It installs the CGI "
19516
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
19517
"creates <emphasis>list</emphasis> linux user. It creates the "
19518
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
19522
#: serverguide/C/mail.xml:909(para)
19524
"This section assumes you have successfully installed "
19525
"<application>mailman</application>, <application>apache2</application>, and "
19526
"<application>postfix</application> or <application>exim4</application>. Now "
19527
"you just need to configure them."
19530
#: serverguide/C/mail.xml:918(para)
19532
"An example Apache configuration file comes with "
19533
"<application>Mailman</application> and is placed in "
19534
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
19535
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
19536
"available</filename>:"
19539
#: serverguide/C/mail.xml:924(command)
19541
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
19543
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
19545
#: serverguide/C/mail.xml:926(para)
19547
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
19548
"Mailman administration site. Now enable the new configuration and restart "
19552
#: serverguide/C/mail.xml:931(command)
19553
msgid "sudo a2ensite mailman.conf"
19554
msgstr "sudo a2ensite mailman.conf"
19556
#: serverguide/C/mail.xml:934(para)
19558
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
19559
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
19560
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
19561
"can make changes to the <filename>/etc/apache2/sites-"
19562
"available/mailman.conf</filename> file if you wish to change this behavior."
19565
#: serverguide/C/mail.xml:945(para)
19567
"For <application>Postfix</application> integration, we will associate the "
19568
"domain lists.example.com with the mailing lists. Please replace "
19569
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
19572
#: serverguide/C/mail.xml:949(para)
19574
"You can use the postconf command to add the necessary configuration to "
19575
"<filename>/etc/postfix/main.cf</filename>:"
19578
#: serverguide/C/mail.xml:953(command)
19579
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
19580
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
19582
#: serverguide/C/mail.xml:954(command)
19583
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
19584
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
19586
#: serverguide/C/mail.xml:955(command)
19587
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
19588
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
19590
#: serverguide/C/mail.xml:957(para)
19592
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
19593
"the following transport:"
19596
#: serverguide/C/mail.xml:960(programlisting)
19600
"mailman unix - n n - - pipe\n"
19601
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
19602
" ${nexthop} ${user}\n"
19605
"mailman unix - n n - - pipe\n"
19606
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
19607
" ${nexthop} ${user}\n"
19609
#: serverguide/C/mail.xml:965(para)
19611
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
19612
"is delivered to a list."
19613
msgstr "当有邮件发送到一个列表时,它会调用<emphasis>postfix-to-mailman.py</emphasis>脚本。"
19615
#: serverguide/C/mail.xml:968(para)
19617
"Associate the domain lists.example.com to the Mailman transport with the "
19618
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
19620
"用传送图将域名lists.example.com与Mailman传送连接起来。请编辑文件<filename>/etc/postfix/transport<"
19623
#: serverguide/C/mail.xml:971(programlisting)
19627
"lists.example.com mailman:\n"
19630
"lists.example.com mailman:\n"
19632
#: serverguide/C/mail.xml:974(para)
19634
"Now have <application>Postfix</application> build the transport map by "
19635
"entering the following from a terminal prompt:"
19636
msgstr "然后在终端输入如下命令来用<application>Postfix</application>构建传送图:"
19638
#: serverguide/C/mail.xml:978(command)
19639
msgid "sudo postmap -v /etc/postfix/transport"
19640
msgstr "sudo postmap -v /etc/postfix/transport"
19642
#: serverguide/C/mail.xml:980(para)
19643
msgid "Then restart Postfix to enable the new configurations:"
19644
msgstr "然后重启Postfix以启用新的配置:"
19646
#: serverguide/C/mail.xml:989(para)
19648
"Once Exim4 is installed, you can start the Exim server using the following "
19649
"command from a terminal prompt:"
19650
msgstr "当Exim4安装以后,你可以在终端输入如下命令以启动Exim服务器:"
19652
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
19656
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
19660
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
19664
#: serverguide/C/mail.xml:996(para)
19666
"In order to make mailman work with Exim4, you need to configure Exim4. As "
19667
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
19668
"different types. For details, please refer to the <ulink "
19669
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
19670
"add new a configuration file to the following configuration types: "
19671
"<placeholder-1/> Exim creates a master configuration file by sorting all "
19672
"these mini configuration files. So, the order of these configuration files "
19673
"is very important."
19675
"要使mailman能够与Exim4协同工作,你需要配置Exim4。如早前提过的,Exim4默认情况下是使用不同文件类型的多种配置文件。详细内容请查看<ul"
19677
"url=\"http://www.exim.org\">Exim</ulink>网站。要运行mailman,我们要向如下配置类型里添加一个新的配置文件:<"
19678
"placeholder-1/> Exim通过搜选这些迷你配置文件来创建一个主配置文件。因此,这些配置文件罗列的顺序是非常重要的。"
19680
#: serverguide/C/mail.xml:1027(programlisting)
19685
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
19687
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
19688
"# This is normally the same as ~mailman\n"
19689
"MM_HOME=/var/lib/mailman\n"
19691
"# User and group for Mailman, should match your --with-mail-gid\n"
19692
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
19696
"# Domains that your lists are in - colon separated list\n"
19697
"# you may wish to add these into local_domains as well\n"
19698
"domainlist mm_domains=hostname.com\n"
19700
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
19702
"# These values are derived from the ones above and should not need\n"
19703
"# editing unless you have munged your mailman installation\n"
19705
"# The path of the Mailman mail wrapper script\n"
19706
"MM_WRAP=MM_HOME/mail/mailman\n"
19708
"# The path of the list config file (used as a required file when\n"
19709
"# verifying list addresses)\n"
19710
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
19716
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
19720
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
19722
"# This is normally the same as ~mailman\n"
19724
"MM_HOME=/var/lib/mailman\n"
19728
"# User and group for Mailman, should match your --with-mail-gid\n"
19730
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
19738
"# Domains that your lists are in - colon separated list\n"
19740
"# you may wish to add these into local_domains as well\n"
19742
"domainlist mm_domains=hostname.com\n"
19745
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
19747
"# These values are derived from the ones above and should not need\n"
19748
"# editing unless you have munged your mailman installation\n"
19750
"# The path of the Mailman mail wrapper script\n"
19751
"MM_WRAP=MM_HOME/mail/mailman\n"
19753
"# The path of the list config file (used as a required file when\n"
19754
"# verifying list addresses)\n"
19755
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
19758
#: serverguide/C/mail.xml:1021(para)
19760
"All the configuration files belonging to the main type are stored in the "
19761
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
19762
"following content to a new file, named <filename>04_exim4-"
19763
"config_mailman</filename>: <placeholder-1/>"
19765
"所有隶属于主类别的配置文件都被保存在 <filename>/etc/exim4/conf.d/main/</filename> "
19766
"目录中。您可以将下面的内容添加到一个名为 <filename>04_exim4-config_mailman</filename> "
19767
"的新文件中:<placeholder-1/>"
19769
#: serverguide/C/mail.xml:1067(programlisting)
19773
" mailman_transport:\n"
19775
" command = MM_WRAP \\\n"
19776
" '${if def:local_part_suffix \\\n"
19777
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19781
" current_directory = MM_HOME\n"
19782
" home_directory = MM_HOME\n"
19784
" group = MM_GID\n"
19787
" mailman_transport:\n"
19789
" command = MM_WRAP \\\n"
19790
" '${if def:local_part_suffix \\\n"
19791
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19795
" current_directory = MM_HOME\n"
19796
" home_directory = MM_HOME\n"
19798
" group = MM_GID\n"
19800
#: serverguide/C/mail.xml:1061(para)
19802
"All the configuration files belonging to transport type are stored in the "
19803
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
19804
"following content to a new file named <filename> 40_exim4-"
19805
"config_mailman</filename>: <placeholder-1/>"
19807
"所有隶属于传输类型的文件被保存在 <filename>/etc/exim4/conf.d/transport/</filename> "
19808
"目录中。您可以将下面的内容添加到一个名为 <filename>40_exim4-config_mailman</filename> "
19809
"的新文件中:<placeholder-1/>"
19811
#: serverguide/C/mail.xml:1088(programlisting)
19815
" mailman_router:\n"
19816
" driver = accept\n"
19817
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19818
" local_part_suffix_optional\n"
19819
" local_part_suffix = -bounces : -bounces+* : \\\n"
19820
" -confirm+* : -join : -leave : \\\n"
19821
" -owner : -request : -admin\n"
19822
" transport = mailman_transport\n"
19825
" mailman_router:\n"
19826
" driver = accept\n"
19827
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19828
" local_part_suffix_optional\n"
19829
" local_part_suffix = -bounces : -bounces+* : \\\n"
19830
" -confirm+* : -join : -leave : \\\n"
19831
" -owner : -request : -admin\n"
19832
" transport = mailman_transport\n"
19834
#: serverguide/C/mail.xml:1084(para)
19836
"All the configuration files belonging to router type are stored in the "
19837
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
19838
"following content in to a new file named <filename>101_exim4-"
19839
"config_mailman</filename>: <placeholder-1/>"
19841
"所有隶属于路由类的所有配置文件都被保存在 <filename>/etc/exim4/conf.d/router/</filename> "
19842
"目录中。您可以将下列内容添加到名为 <filename>101_exim4-config_mailman</filename> "
19843
"的新文件中:<placeholder-1/>"
19845
#: serverguide/C/mail.xml:1101(para)
19847
"The order of main and transport configuration files can be in any order. "
19848
"But, the order of router configuration files must be the same. This "
19849
"particular file must appear before the <application>200_exim4-"
19850
"config_primary</application> file. These two configuration files contain "
19851
"same type of information. The first file takes the precedence. For more "
19852
"details, please refer to the references section."
19854
"主类和传输类的配置文件的顺序可以随意。但路由类的配置文件的顺序必须相同。该文件必须在 <application>200_exim4-"
19855
"config_primary</application> 文件之前出现。如果两个配置文件包含相同类型的信息。第一个文件优先。详情请参阅参考部分。"
19857
#: serverguide/C/mail.xml:1114(para)
19859
"Once mailman is installed, you can run it using the following command:"
19860
msgstr "当mailman安装之后,你可以使用如下命令来运行它:"
19862
#: serverguide/C/mail.xml:1118(command)
19863
msgid "sudo /etc/init.d/mailman start"
19864
msgstr "sudo /etc/init.d/mailman start"
19866
#: serverguide/C/mail.xml:1120(para)
19868
"Once mailman is installed, you should create the default mailing list. Run "
19869
"the following command to create the mailing list:"
19870
msgstr "当mailman安装以后,你可以创建默认的邮件列表。运行如下命令来创建邮件列表:"
19872
#: serverguide/C/mail.xml:1126(command)
19873
msgid "sudo /usr/sbin/newlist mailman"
19874
msgstr "sudo /usr/sbin/newlist mailman"
19876
#: serverguide/C/mail.xml:1129(programlisting)
19880
" Enter the email address of the person running the list: bhuvan at "
19882
" Initial mailman password:\n"
19883
" To finish creating your mailing list, you must edit your "
19884
"<filename>/etc/aliases</filename> (or\n"
19885
" equivalent) file by adding the following lines, and possibly running the\n"
19886
" `newaliases' program:\n"
19888
" ## mailman mailing list\n"
19889
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19890
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19891
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19892
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19893
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19894
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19895
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19896
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19897
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
19899
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19902
" Hit enter to notify mailman owner...\n"
19907
" Enter the email address of the person running the list: bhuvan at "
19909
" Initial mailman password:\n"
19910
" To finish creating your mailing list, you must edit your "
19911
"<filename>/etc/aliases</filename> (or\n"
19912
" equivalent) file by adding the following lines, and possibly running the\n"
19913
" `newaliases' program:\n"
19915
" ## mailman mailing list\n"
19916
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19917
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19918
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19919
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19920
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19921
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19922
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19923
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19924
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe mailman\"\n"
19925
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19929
" Hit enter to notify mailman owner...\n"
19933
#: serverguide/C/mail.xml:1152(para)
19935
"We have configured either Postfix or Exim4 to recognize all emails from "
19936
"mailman. So, it is not mandatory to make any new entries in "
19937
"<filename>/etc/aliases</filename>. If you have made any changes to the "
19938
"configuration files, please ensure that you restart those services before "
19939
"continuing to next section."
19941
"我们已经配置了Postfix或Exim4以查看来自mailman的所有邮件。因此,你不用必须在<filename>/etc/aliases</filena"
19942
"me>里添加新的条目了。如果你对配置文件做过了更改,请确保在进入下一环节之前已重启过这些服务。"
19944
#: serverguide/C/mail.xml:1160(para)
19946
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
19947
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
19948
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
19949
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
19951
"因为Exim4使用<emphasis>发现</emphasis> "
19952
"机制,所以它不使用以上的别名将邮件转发给Mailman。要在创建列表时禁止别名,你可以将<emphasis>MTA=None</emphasis>添加到M"
19953
"ailman的配置文件<filename>/etc/mailman/mm_cfg.py</filename>中。"
19955
#: serverguide/C/mail.xml:1171(title)
19956
msgid "Administration"
19959
#: serverguide/C/mail.xml:1172(para)
19961
"We assume you have a default installation. The mailman cgi scripts are still "
19962
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
19963
"Mailman provides a web based administration facility. To access this page, "
19964
"point your browser to the following url:"
19966
"我们假设您是默认安装。mailman 的 cgi 脚本还在 <application>/usr/lib/cgi-"
19967
"bin/mailman/</application> 目录中。mailman 提供了一个基于 web "
19968
"的管理工具。若想访问这个页面,请将您的浏览器指向以下 url:"
19970
#: serverguide/C/mail.xml:1180(para)
19971
msgid "http://hostname/cgi-bin/mailman/admin"
19972
msgstr "http://hostname/cgi-bin/mailman/admin"
19974
#: serverguide/C/mail.xml:1184(para)
19976
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19977
"screen. If you click the mailing list name, it will ask for your "
19978
"authentication password. If you enter the correct password, you will be able "
19979
"to change administrative settings of this mailing list. You can create a new "
19980
"mailing list using the command line utility "
19981
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
19982
"mailing list using the web interface."
19984
"默认的邮件列表 <emphasis>mailman</emphasis> "
19985
"会在这个屏幕中出现。如果您点击邮件列表的名称,它会向您询问通行密码。如果您输入了正确的密码,您就可以修改这个邮件列表的管理设定。您可以使用命令行工具来创建"
19986
"新的邮件列表(<command>/usr/sbin/newlist</command>)。或者您也可以使用 web 界面"
19988
#: serverguide/C/mail.xml:1197(title)
19992
#: serverguide/C/mail.xml:1198(para)
19994
"Mailman provides a web based interface for users. To access this page, point "
19995
"your browser to the following url:"
19996
msgstr "Mailman 为用户提供了一个 web 界面,可以在您的浏览器中输入下列 url 来访问该页:"
19998
#: serverguide/C/mail.xml:1203(para)
19999
msgid "http://hostname/cgi-bin/mailman/listinfo"
20000
msgstr "http://hostname/cgi-bin/mailman/listinfo"
20002
#: serverguide/C/mail.xml:1207(para)
20004
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
20005
"screen. If you click the mailing list name, it will display the subscription "
20006
"form. You can enter your email address, name (optional), and password to "
20007
"subscribe. An email invitation will be sent to you. You can follow the "
20008
"instructions in the email to subscribe."
20010
"缺省邮件列表 <emphasis>mailman</emphasis> "
20011
"将出现在屏幕上。如果您点击邮件列表名,它将显示订阅表单。您可以输入您的邮件地址、姓名 "
20012
"(可选)及密码来订阅。一个邀请邮件将发送给您。您可以根据该邮件的指示完成订阅。"
20014
#: serverguide/C/mail.xml:1219(ulink)
20015
msgid "GNU Mailman - Installation Manual"
20016
msgstr "GNU Mailman - 安装手册"
20018
#: serverguide/C/mail.xml:1223(ulink)
20019
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
20020
msgstr "指南 - 一起使用 Exim 4 和 Mailman 2.1"
20022
#: serverguide/C/mail.xml:1226(para)
20024
"Also, see the <ulink "
20025
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
20026
"Wiki</ulink> page."
20029
#: serverguide/C/mail.xml:1232(title)
20030
msgid "Mail Filtering"
20033
#: serverguide/C/mail.xml:1233(para)
20035
"One of the largest issues with email today is the problem of Unsolicited "
20036
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
20037
"and other forms of malware. According to some reports these messages make up "
20038
"the bulk of all email traffic on the Internet."
20040
"当前邮件面临的最大问题是垃圾广告邮件(UBE,即Unsolicited Bulk "
20041
"Email)。也叫做SPAM,此类信息也可能携带病毒或者其它形式的流氓软件。据一些报告显示,此类邮件已占据互联网邮件流量的大部分。"
20043
#: serverguide/C/mail.xml:1238(para)
20045
"This section will cover integrating <application>Amavisd-new</application>, "
20046
"<application>Spamassassin</application>, and "
20047
"<application>ClamAV</application> with the "
20048
"<application>Postfix</application> Mail Transport Agent (MTA). "
20049
"<application>Postfix</application> can also check email validity by passing "
20050
"it through external content filters. These filters can sometimes determine "
20051
"if a message is spam without needing to process it with more resource "
20052
"intensive applications. Two common filters are "
20053
"<application>opendkim</application> and <application>python-policyd-"
20054
"spf</application>."
20057
#: serverguide/C/mail.xml:1248(para)
20059
"<application>Amavisd-new</application> is a wrapper program that can call "
20060
"any number of content filtering programs for spam detection, antivirus, etc."
20063
#: serverguide/C/mail.xml:1254(para)
20065
"<application>Spamassassin</application> uses a variety of mechanisms to "
20066
"filter email based on the message content."
20069
#: serverguide/C/mail.xml:1259(para)
20071
"<application>ClamAV</application> is an open source antivirus application."
20074
#: serverguide/C/mail.xml:1264(para)
20076
"<application>opendkim</application> implements a Sendmail Mail Filter "
20077
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
20080
#: serverguide/C/mail.xml:1270(para)
20082
"<application>python-policyd-spf</application> enables Sender Policy "
20083
"Framework (SPF) checking with <application>Postfix</application>."
20086
#: serverguide/C/mail.xml:1275(para)
20087
msgid "This is how the pieces fit together:"
20090
#: serverguide/C/mail.xml:1280(para)
20091
msgid "An email message is accepted by <application>Postfix</application>."
20094
#: serverguide/C/mail.xml:1285(para)
20096
"The message is passed through any external filters "
20097
"<application>opendkim</application> and <application>python-policyd-"
20098
"spf</application> in this case."
20101
#: serverguide/C/mail.xml:1291(para)
20102
msgid "<application>Amavisd-new</application> then processes the message."
20105
#: serverguide/C/mail.xml:1296(para)
20107
"<application>ClamAV</application> is used to scan the message. If the "
20108
"message contains a virus <application>Postfix</application> will reject the "
20112
#: serverguide/C/mail.xml:1302(para)
20114
"Clean messages will then be analyzed by "
20115
"<application>Spamassassin</application> to find out if the message is spam. "
20116
"<application>Spamassassin</application> will then add X-Header lines "
20117
"allowing <application>Amavisd-new</application> to further manipulate the "
20121
#: serverguide/C/mail.xml:1309(para)
20123
"For example, if a message has a Spam score of over fifty the message could "
20124
"be automatically dropped from the queue without the recipient ever having to "
20125
"be bothered. Another, way to handle flagged messages is to deliver them to "
20126
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
20130
#: serverguide/C/mail.xml:1316(para)
20132
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20133
"configuring Postfix."
20136
#: serverguide/C/mail.xml:1319(para)
20138
"To install the rest of the applications enter the following from a terminal "
20142
#: serverguide/C/mail.xml:1323(command)
20143
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20146
#: serverguide/C/mail.xml:1324(command)
20147
msgid "sudo apt-get install opendkim python-policyd-spf"
20150
#: serverguide/C/mail.xml:1326(para)
20152
"There are some optional packages that integrate with "
20153
"<application>Spamassassin</application> for better spam detection:"
20156
#: serverguide/C/mail.xml:1330(command)
20157
msgid "sudo apt-get install pyzor razor"
20158
msgstr "sudo apt-get install pyzor razor"
20160
#: serverguide/C/mail.xml:1332(para)
20162
"Along with the main filtering applications compression utilities are needed "
20163
"to process some email attachments:"
20166
#: serverguide/C/mail.xml:1336(command)
20168
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20171
#: serverguide/C/mail.xml:1339(para)
20173
"If some packages are not found, check that the "
20174
"<emphasis>multiverse</emphasis> repository is enabled in "
20175
"<filename>/etc/apt/sources.list</filename>"
20178
#: serverguide/C/mail.xml:1340(para)
20180
"If you make changes to the file, be sure to run <command>sudo apt-get "
20181
"update</command> before trying to install again."
20184
#: serverguide/C/mail.xml:1345(para)
20185
msgid "Now configure everything to work together and filter email."
20188
#: serverguide/C/mail.xml:1349(title)
20192
#: serverguide/C/mail.xml:1350(para)
20194
"The default behaviour of <application>ClamAV</application> will fit our "
20195
"needs. For more ClamAV configuration options, check the configuration files "
20196
"in <filename>/etc/clamav</filename>."
20199
#: serverguide/C/mail.xml:1355(para)
20201
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20202
"group in order for <application>Amavisd-new</application> to have the "
20203
"appropriate access to scan files:"
20206
#: serverguide/C/mail.xml:1360(command)
20207
msgid "sudo adduser clamav amavis"
20210
#: serverguide/C/mail.xml:1364(title)
20211
msgid "Spamassassin"
20212
msgstr "Spamassassin"
20214
#: serverguide/C/mail.xml:1365(para)
20216
"Spamassassin automatically detects optional components and will use them if "
20217
"they are present. This means that there is no need to configure "
20218
"<application>pyzor</application> and <application>razor</application>."
20221
#: serverguide/C/mail.xml:1369(para)
20223
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20224
"<application>Spamassassin</application> daemon. Change "
20225
"<emphasis>ENABLED=0</emphasis> to:"
20228
#: serverguide/C/mail.xml:1373(programlisting)
20237
#: serverguide/C/mail.xml:1376(para)
20238
msgid "Now start the daemon:"
20241
#: serverguide/C/mail.xml:1380(command)
20242
msgid "sudo /etc/init.d/spamassassin start"
20243
msgstr "sudo /etc/init.d/spamassassin start"
20245
#: serverguide/C/mail.xml:1384(title)
20246
msgid "Amavisd-new"
20249
#: serverguide/C/mail.xml:1385(para)
20251
"First activate spam and antivirus detection in <application>Amavisd-"
20252
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
20253
"content_filter_mode</filename>:"
20256
#: serverguide/C/mail.xml:1389(programlisting)
20262
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
20263
"# and to re-enable antivirus checking.\n"
20266
"# Default antivirus checking mode\n"
20267
"# Uncomment the two lines below to enable it\n"
20270
"@bypass_virus_checks_maps = (\n"
20271
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
20272
"$bypass_virus_checks_re);\n"
20276
"# Default SPAM checking mode\n"
20277
"# Uncomment the two lines below to enable it\n"
20280
"@bypass_spam_checks_maps = (\n"
20281
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
20282
"$bypass_spam_checks_re);\n"
20284
"1; # insure a defined return\n"
20287
#: serverguide/C/mail.xml:1414(para)
20289
"Bouncing spam can be a bad idea as the return address is often faked. "
20290
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
20291
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
20292
"D_BOUNCE, as follows:"
20295
#: serverguide/C/mail.xml:1420(programlisting)
20299
"$final_spam_destiny = D_DISCARD;\n"
20302
"$final_spam_destiny = D_DISCARD;\n"
20304
#: serverguide/C/mail.xml:1424(para)
20306
"Additionally, you may want to adjust the following options to flag more "
20307
"messages as spam:"
20310
#: serverguide/C/mail.xml:1428(programlisting)
20314
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
20316
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
20317
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
20318
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
20321
#: serverguide/C/mail.xml:1435(para)
20323
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
20324
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
20325
"option. Also, if the server receives mail for multiple domains the "
20326
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
20327
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
20330
#: serverguide/C/mail.xml:1442(programlisting)
20334
"$myhostname = 'mail.example.com';\n"
20335
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
20338
#: serverguide/C/mail.xml:1447(para)
20340
"After configuration <application>Amavisd-new</application> needs to be "
20344
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
20345
msgid "sudo /etc/init.d/amavis restart"
20346
msgstr "sudo /etc/init.d/amavis restart"
20348
#: serverguide/C/mail.xml:1454(title)
20349
msgid "DKIM Whitelist"
20352
#: serverguide/C/mail.xml:1456(para)
20354
"<application>Amavisd-new</application> can be configured to automatically "
20355
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
20356
"Keys. There are some pre-configured domains in the "
20357
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
20360
#: serverguide/C/mail.xml:1462(para)
20361
msgid "There are multiple ways to configure the Whitelist for a domain:"
20364
#: serverguide/C/mail.xml:1468(para)
20366
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20367
"address from the \"example.com\" domain."
20370
#: serverguide/C/mail.xml:1473(para)
20372
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
20373
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
20374
"have a valid signature."
20377
#: serverguide/C/mail.xml:1479(para)
20379
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
20380
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
20381
"role=\"italic\">example.com</emphasis> the parent domain."
20384
#: serverguide/C/mail.xml:1485(para)
20386
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
20387
"that have a valid signature from \"example.com\". This is usually used for "
20388
"discussion groups that sign their messages."
20391
#: serverguide/C/mail.xml:1492(para)
20393
"A domain can also have multiple Whitelist configurations. After, editing the "
20394
"file restart <application>amaisd-new</application>:"
20397
#: serverguide/C/mail.xml:1501(para)
20399
"In this context, once a domain has been added to the Whitelist the message "
20400
"will not receive any anti-virus or spam filtering. This may or may not be "
20401
"the intended behavior you wish for a domain."
20404
#: serverguide/C/mail.xml:1511(para)
20406
"For <application>Postfix</application> integration, enter the following from "
20407
"a terminal prompt:"
20410
#: serverguide/C/mail.xml:1515(command)
20411
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20412
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
20414
#: serverguide/C/mail.xml:1517(para)
20416
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
20417
"to the end of the file:"
20420
#: serverguide/C/mail.xml:1520(programlisting)
20424
"smtp-amavis unix - - - - 2 smtp\n"
20425
" -o smtp_data_done_timeout=1200\n"
20426
" -o smtp_send_xforward_command=yes\n"
20427
" -o disable_dns_lookups=yes\n"
20430
"127.0.0.1:10025 inet n - - - - smtpd\n"
20431
" -o content_filter=\n"
20432
" -o local_recipient_maps=\n"
20433
" -o relay_recipient_maps=\n"
20434
" -o smtpd_restriction_classes=\n"
20435
" -o smtpd_delay_reject=no\n"
20436
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
20437
" -o smtpd_helo_restrictions=\n"
20438
" -o smtpd_sender_restrictions=\n"
20439
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
20440
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
20441
" -o smtpd_end_of_data_restrictions=\n"
20442
" -o mynetworks=127.0.0.0/8\n"
20443
" -o smtpd_error_sleep_time=0\n"
20444
" -o smtpd_soft_error_limit=1001\n"
20445
" -o smtpd_hard_error_limit=1000\n"
20446
" -o smtpd_client_connection_count_limit=0\n"
20447
" -o smtpd_client_connection_rate_limit=0\n"
20449
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
20452
#: serverguide/C/mail.xml:1547(para)
20454
"Also add the following two lines immediately below the "
20455
"<emphasis>\"pickup\"</emphasis> transport service:"
20458
#: serverguide/C/mail.xml:1550(programlisting)
20462
" -o content_filter=\n"
20463
" -o receive_override_options=no_header_body_checks\n"
20466
" -o content_filter=\n"
20467
" -o receive_override_options=no_header_body_checks\n"
20469
#: serverguide/C/mail.xml:1554(para)
20471
"This will prevent messages that are generated to report on spam from being "
20472
"classified as spam."
20475
#: serverguide/C/mail.xml:1557(para)
20476
msgid "Now restart <application>Postfix</application>:"
20477
msgstr "现在重启 <application>Postfix</application>:"
20479
#: serverguide/C/mail.xml:1563(para)
20480
msgid "Content filtering with spam and virus detection is now enabled."
20483
#: serverguide/C/mail.xml:1569(title)
20484
msgid "Amavisd-new and Spamassassin"
20487
#: serverguide/C/mail.xml:1571(para)
20489
"When integrating <application>Amavisd-new</application> with "
20490
"<application>Spamassassin</application>, if you choose to disable the bayes "
20491
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
20492
"<application>cron</application> to update the nightly rules, the result can "
20493
"cause a situation where a large amount of error messages are sent to the "
20494
"<emphasis>amavis</emphasis> user via the amavisd-new "
20495
"<application>cron</application> job."
20498
#: serverguide/C/mail.xml:1578(para)
20499
msgid "There are several ways to handle this situation:"
20502
#: serverguide/C/mail.xml:1584(para)
20503
msgid "Configure your MDA to filter messages you do not wish to see."
20506
#: serverguide/C/mail.xml:1589(para)
20508
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
20509
"<emphasis>use_bayes 0</emphasis>. For example, edit "
20510
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
20511
"the top before the <emphasis>test</emphasis> statements:"
20514
#: serverguide/C/mail.xml:1593(programlisting)
20518
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
20522
#: serverguide/C/mail.xml:1603(para)
20524
"First, test that the <application>Amavisd-new</application> SMTP is "
20528
#: serverguide/C/mail.xml:1606(programlisting)
20532
"telnet localhost 10024\n"
20533
"Trying 127.0.0.1...\n"
20534
"Connected to localhost.\n"
20535
"Escape character is '^]'.\n"
20536
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
20540
#: serverguide/C/mail.xml:1614(para)
20542
"In the Header of messages that go through the content filter you should see:"
20545
#: serverguide/C/mail.xml:1617(programlisting)
20550
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
20551
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
20557
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
20558
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
20562
#: serverguide/C/mail.xml:1624(para)
20564
"Your output will vary, but the important thing is that there are <emphasis>X-"
20565
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
20568
#: serverguide/C/mail.xml:1632(para)
20570
"The best way to figure out why something is going wrong is to check the log "
20574
#: serverguide/C/mail.xml:1637(para)
20576
"For instructions on <application>Postfix</application> logging see the <xref "
20577
"linkend=\"postfix-troubleshooting\"/> section."
20580
#: serverguide/C/mail.xml:1643(para)
20582
"<application>Amavisd-new</application> uses "
20583
"<application>Syslog</application> to send messages to "
20584
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
20585
"increased by adding the <emphasis>$log_level</emphasis> option to "
20586
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
20590
#: serverguide/C/mail.xml:1648(programlisting)
20594
"$log_level = 2;\n"
20597
"$log_level = 2;\n"
20599
#: serverguide/C/mail.xml:1652(para)
20601
"When the <application>Amavisd-new</application> log output is increased "
20602
"<application>Spamassassin</application> log output is also increased."
20605
#: serverguide/C/mail.xml:1659(para)
20607
"The <application>ClamAV</application> log level can be increased by editing "
20608
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
20611
#: serverguide/C/mail.xml:1663(programlisting)
20615
"LogVerbose true\n"
20618
#: serverguide/C/mail.xml:1666(para)
20620
"By default <application>ClamAV</application> will send log messages to "
20621
"<filename>/var/log/clamav/clamav.log</filename>."
20624
#: serverguide/C/mail.xml:1672(para)
20626
"After changing an applications log settings remember to restart the service "
20627
"for the new settings to take affect. Also, once the issue you are "
20628
"troubleshooting is resolved it is a good idea to change the log settings "
20632
#: serverguide/C/mail.xml:1680(para)
20633
msgid "For more information on filtering mail see the following links:"
20636
#: serverguide/C/mail.xml:1686(ulink)
20637
msgid "Amavisd-new Documentation"
20640
#: serverguide/C/mail.xml:1690(para)
20642
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
20643
"Documentation</ulink> and <ulink "
20644
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
20647
#: serverguide/C/mail.xml:1697(ulink)
20648
msgid "Spamassassin Wiki"
20649
msgstr "Spamassassin 维基"
20651
#: serverguide/C/mail.xml:1702(ulink)
20652
msgid "Pyzor Homepage"
20655
#: serverguide/C/mail.xml:1707(ulink)
20656
msgid "Razor Homepage"
20659
#: serverguide/C/mail.xml:1712(ulink)
20663
#: serverguide/C/mail.xml:1717(ulink)
20664
msgid "Postfix Amavis New"
20667
#: serverguide/C/mail.xml:1721(para)
20669
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
20670
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
20673
#: serverguide/C/lamp-applications.xml:13(title)
20674
msgid "LAMP Applications"
20677
#: serverguide/C/lamp-applications.xml:19(para)
20679
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
20680
"Ubuntu servers. There is a plethora of Open Source applications written "
20681
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
20682
"Content Management Systems, and Management Software such as phpMyAdmin."
20685
#: serverguide/C/lamp-applications.xml:26(para)
20687
"One advantage of LAMP is the substantial flexibility for different database, "
20688
"web server, and scripting languages. Popular substitutes for MySQL include "
20689
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
20693
#: serverguide/C/lamp-applications.xml:32(para)
20695
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
20699
#: serverguide/C/lamp-applications.xml:38(para)
20700
msgid "Download an archive containing the application source files."
20703
#: serverguide/C/lamp-applications.xml:43(para)
20705
"Unpack the archive, usually in a directory accessible to a web server."
20708
#: serverguide/C/lamp-applications.xml:48(para)
20710
"Depending on where the source was extracted, configure a web server to serve "
20714
#: serverguide/C/lamp-applications.xml:53(para)
20715
msgid "Configure the application to connect to the database."
20718
#: serverguide/C/lamp-applications.xml:58(para)
20720
"Run a script, or browse to a page of the application, to install the "
20721
"database needed by the application."
20724
#: serverguide/C/lamp-applications.xml:63(para)
20726
"Once the steps above, or similar steps, are completed you are ready to begin "
20727
"using the application."
20730
#: serverguide/C/lamp-applications.xml:69(para)
20732
"A disadvantage of using this approach is that the application files are not "
20733
"placed in the file system in a standard way, which can cause confusion as to "
20734
"where the application is installed. Another larger disadvantage is updating "
20735
"the application. When a new version is released, the same process used to "
20736
"install the application is needed to apply updates."
20739
#: serverguide/C/lamp-applications.xml:76(para)
20741
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
20742
"packaged for Ubuntu, and are available for installation in the same way as "
20743
"non-LAMP applications. Depending on the application some extra configuration "
20744
"and setup steps may be needed, however."
20747
#: serverguide/C/lamp-applications.xml:82(para)
20749
"This section covers howto install and configure the Wiki applications "
20750
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
20751
"and the MySQL management application <application>phpMyAdmin</application>."
20754
#: serverguide/C/lamp-applications.xml:88(para)
20756
"A Wiki is a website that allows the visitors to easily add, remove and "
20757
"modify available content easily. The ease of interaction and operation makes "
20758
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
20759
"also referred to the collaborative software."
20761
"Wiki 是一种允许访问者方便地添加、删除和修改可用内容的网站。其交互和操作的便利性使得 Wiki 成为大规模协作写作的有效工具。术语 Wiki "
20764
#: serverguide/C/lamp-applications.xml:100(title)
20768
#: serverguide/C/lamp-applications.xml:102(para)
20770
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
20771
"engine, and licensed under the GNU GPL."
20772
msgstr "MoinMoin 是个用 Python 实现的 Wiki 引擎,其基于 PikiPiki Wiki 引擎,并在 GNU GPL 下授权。"
20774
#: serverguide/C/lamp-applications.xml:110(para)
20776
"To install <application>MoinMoin</application>, run the following command in "
20777
"the command prompt:"
20778
msgstr "若想安装 <application>MoinMoin</application>,请在命令行提示中运行如下命令:"
20780
#: serverguide/C/lamp-applications.xml:116(command)
20781
msgid "sudo apt-get install python-moinmoin"
20782
msgstr "sudo apt-get install python-moinmoin"
20784
#: serverguide/C/lamp-applications.xml:119(para)
20786
"You should also install <application>apache2</application> web server. For "
20787
"installing <application>apache2</application> web server, please refer to "
20788
"<xref linkend=\"http-installation\"/> sub-section in <xref "
20789
"linkend=\"httpd\"/> section."
20791
"你也应该安装<application>apache2</application>网络服务器。为了安装<application>apache2</appli"
20792
"cation>网络服务器,请参考<xref linkend=\"http-installation\"/> sub-section in <xref "
20793
"linkend=\"httpd\"/> section。"
20795
#: serverguide/C/lamp-applications.xml:130(para)
20797
"For configuring your first Wiki application, please run the following set of "
20798
"commands. Let us assume that you are creating a Wiki named "
20799
"<emphasis>mywiki</emphasis>:"
20801
"要设置您的第一个 Wiki 应用程序,请运行以下一组命令。让我们假设您正在创建一个名为 <emphasis>mywiki</emphasis> 的 "
20804
#: serverguide/C/lamp-applications.xml:137(command)
20805
msgid "cd /usr/share/moin"
20808
#: serverguide/C/lamp-applications.xml:138(command)
20809
msgid "sudo mkdir mywiki"
20812
#: serverguide/C/lamp-applications.xml:139(command)
20813
msgid "sudo cp -R data mywiki"
20816
#: serverguide/C/lamp-applications.xml:140(command)
20817
msgid "sudo cp -R underlay mywiki"
20820
#: serverguide/C/lamp-applications.xml:141(command)
20821
msgid "sudo cp server/moin.cgi mywiki"
20824
#: serverguide/C/lamp-applications.xml:142(command)
20825
msgid "sudo chown -R www-data.www-data mywiki"
20828
#: serverguide/C/lamp-applications.xml:143(command)
20829
msgid "sudo chmod -R ug+rwX mywiki"
20832
#: serverguide/C/lamp-applications.xml:144(command)
20833
msgid "sudo chmod -R o-rwx mywiki"
20836
#: serverguide/C/lamp-applications.xml:147(para)
20838
"Now you should configure <application>MoinMoin</application> to find your "
20839
"new Wiki <emphasis>mywiki</emphasis>. To configure "
20840
"<application>MoinMoin</application>, open "
20841
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
20843
"现在您需要配置 <application>MoinMoin</application> 来找到您的新 Wiki "
20844
"<emphasis>mywiki</emphasis>。要配置 <application>MoinMoin</application>,请打开 "
20845
"<filename>/etc/moin/mywiki.py</filename> 文件并改动以下的行:"
20847
#: serverguide/C/lamp-applications.xml:155(programlisting)
20849
msgid "data_dir = '/org/mywiki/data'"
20852
#: serverguide/C/lamp-applications.xml:157(para)
20856
#: serverguide/C/lamp-applications.xml:161(programlisting)
20858
msgid "data_dir = '/usr/share/moin/mywiki/data'"
20859
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
20861
#: serverguide/C/lamp-applications.xml:163(para)
20863
"Also, below the <emphasis>data_dir</emphasis> option add the "
20864
"<emphasis>data_underlay_dir</emphasis>:"
20867
#: serverguide/C/lamp-applications.xml:167(programlisting)
20871
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
20874
#: serverguide/C/lamp-applications.xml:172(para)
20876
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
20877
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
20878
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
20881
"如果 <filename>/etc/moin/mywiki.py</filename> 文件不存在,您需要将 "
20882
"<filename>/etc/moin/moinmaster.py</filename> 文件复制为 "
20883
"<filename>/etc/moin/mywiki.py</filename> 文件,并进行上述的更改。"
20885
#: serverguide/C/lamp-applications.xml:181(para)
20887
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
20888
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
20889
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
20890
"<quote>(\"mywiki\", r\".*\")</quote>."
20892
"如果您将您的 Wiki 命名为 <emphasis>my_wiki_name</emphasis>,您需要在 "
20893
"<filename>/etc/moin/farmconfig.py</filename> 中的 <quote>(\"mywiki\", "
20894
"r\".*\")</quote> 行后插入一行 <quote>(\"my_wiki_name\", r\".*\")</quote>。"
20896
#: serverguide/C/lamp-applications.xml:189(para)
20898
"Once you have configured <application>MoinMoin</application> to find your "
20899
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
20900
"<application>apache2</application> and make it ready for your Wiki "
20903
"当您配置了 <application>MoinMoin</application> 来找到您的第一个 Wiki 应用程序 "
20904
"<emphasis>mywiki</emphasis> 后,您还要配置 <application>apache2</application> "
20905
"以使其能运行您的 Wiki 应用程序。"
20907
#: serverguide/C/lamp-applications.xml:196(para)
20909
"You should add the following lines in <filename>/etc/apache2/sites-"
20910
"available/default</filename> file inside the <quote><VirtualHost "
20911
"*></quote> tag:"
20913
"您应当在 <filename>/etc/apache2/sites-available/default</filename> 中的 "
20914
"<quote><VirtualHost *></quote> 标签内添加如下内容:"
20916
#: serverguide/C/lamp-applications.xml:202(programlisting)
20921
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
20922
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
20923
" <Directory /usr/share/moin/htdocs>\n"
20924
" Order allow,deny\n"
20925
" allow from all\n"
20926
" </Directory>\n"
20930
#: serverguide/C/lamp-applications.xml:214(para)
20932
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
20933
"<emphasis>alias</emphasis> line above, to the "
20934
"<application>moinmoin</application> version installed."
20937
#: serverguide/C/lamp-applications.xml:220(para)
20939
"Once you configure the <application>apache2</application> web server and "
20940
"make it ready for your Wiki application, you should restart it. You can run "
20941
"the following command to restart the <application>apache2</application> web "
20944
"当您配置完 <application>apache2</application> web 服务器,要使其能运行您的 Wiki "
20945
"应用程序,您需要重启它。您可以运行如下命令来重启 <application>apache2</application> web 服务器:"
20947
#: serverguide/C/lamp-applications.xml:233(title)
20948
msgid "Verification"
20951
#: serverguide/C/lamp-applications.xml:235(para)
20953
"You can verify the Wiki application and see if it works by pointing your web "
20954
"browser to the following URL:"
20955
msgstr "您可以把您的浏览器指向如下地址来验证 Wiki 应用是否工作:"
20957
#: serverguide/C/lamp-applications.xml:239(programlisting)
20961
"http://localhost/mywiki\n"
20964
"http://localhost/mywiki\n"
20966
#: serverguide/C/lamp-applications.xml:243(para)
20968
"You can also run the test command by pointing your web browser to the "
20970
msgstr "您可以把您的浏览器指向如下地址来运行测试命令:工作"
20972
#: serverguide/C/lamp-applications.xml:248(programlisting)
20976
"http://localhost/mywiki?action=test\n"
20979
"http://localhost/mywiki?action=test\n"
20981
#: serverguide/C/lamp-applications.xml:252(para)
20983
"For more details, please refer to the <ulink "
20984
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
20987
#: serverguide/C/lamp-applications.xml:263(para)
20989
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
20993
#: serverguide/C/lamp-applications.xml:268(para)
20995
"Also, see the <ulink "
20996
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
20997
"MoinMoin</ulink> page."
21000
#: serverguide/C/lamp-applications.xml:277(title)
21004
#: serverguide/C/lamp-applications.xml:279(para)
21006
"MediaWiki is an web based Wiki software written in the PHP language. It can "
21007
"either use <application>MySQL</application> or "
21008
"<application>PostgreSQL</application> Database Management System."
21010
"MediaWiki是一款用PHP语言写成的基于网页的维基软件。它可使用<application>MySQL</application> "
21011
"或<application>PostgreSQL</application>数据库管理系统(Database Management "
21014
#: serverguide/C/lamp-applications.xml:289(para)
21016
"Before installing <application>MediaWiki</application> you should also "
21017
"install <application>Apache2</application>, the "
21018
"<application>PHP5</application> scripting language and Database a Management "
21019
"System. <application>MySQL</application> or "
21020
"<application>PostgreSQL</application> are the most common, choose one "
21021
"depending on your need. Please refer to those sections in this manual for "
21022
"installation instructions."
21024
"安装 <application>MediaWiki</application> 之前,您需要安装 "
21025
"<application>Apache2</application>,<application>PHP5</application> "
21026
"脚本语言和一个数据库管理系统。 <application>MySQL</application> 和 "
21027
"<application>PostgreSQL</application> 最为常用,根据您的需要选择一个,其安装步骤请查阅本手册相关章节。"
21029
#: serverguide/C/lamp-applications.xml:297(para)
21031
"To install <application>MediaWiki</application>, run the following command "
21032
"in the command prompt:"
21033
msgstr "若想安装 <application>MediaWiki</application>,请在命令行提示中运行如下命令:"
21035
#: serverguide/C/lamp-applications.xml:303(command)
21036
msgid "sudo apt-get install mediawiki php5-gd"
21037
msgstr "sudo apt-get install mediawiki php5-gd"
21039
#: serverguide/C/lamp-applications.xml:306(para)
21041
"For additional <application>MediaWiki</application> functionality see the "
21042
"<application>mediawiki-extensions</application> package."
21045
#: serverguide/C/lamp-applications.xml:316(para)
21047
"The Apache configuration file <filename>mediawiki.conf</filename> for "
21048
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
21049
"directory. You should uncomment the following line in this file to access "
21050
"MediaWiki application."
21053
#: serverguide/C/lamp-applications.xml:324(screen)
21057
"# Alias /mediawiki /var/lib/mediawiki\n"
21060
#: serverguide/C/lamp-applications.xml:328(para)
21062
"After you uncomment the above line, restart Apache server and access "
21063
"MediaWiki using the following url:"
21066
#: serverguide/C/lamp-applications.xml:333(programlisting)
21070
"http://localhost/mediawiki/config/index.php\n"
21073
"http://localhost/mediawiki/config/index.php\n"
21075
#: serverguide/C/lamp-applications.xml:338(para)
21077
"Please read the <quote>Checking environment...</quote> section in this page. "
21078
"You should be able to fix many issues by carefully reading this section."
21079
msgstr "请阅读本页中的 <quote>检查环境...</quote> 部分。通过仔细阅读这部分您应当能够解决许多问题。"
21081
#: serverguide/C/lamp-applications.xml:345(para)
21083
"Once the configuration is complete, you should copy the "
21084
"<filename>LocalSettings.php</filename> file to "
21085
"<filename>/etc/mediawiki</filename> directory:"
21088
#: serverguide/C/lamp-applications.xml:352(command)
21089
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
21092
#: serverguide/C/lamp-applications.xml:355(para)
21094
"You may also want to edit "
21095
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
21098
#: serverguide/C/lamp-applications.xml:360(programlisting)
21102
"ini_set( 'memory_limit', '64M' );\n"
21105
#: serverguide/C/lamp-applications.xml:367(title)
21109
#: serverguide/C/lamp-applications.xml:368(para)
21111
"The extensions add new features and enhancements for the MediaWiki "
21112
"application. The extensions give wiki administrators and end users the "
21113
"ability to customize MediaWiki to their requirements."
21116
#: serverguide/C/lamp-applications.xml:374(para)
21118
"You can download MediaWiki extensions as an archive file or checkout from "
21119
"the Subversion repository. You should copy it to "
21120
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
21121
"also add the following line at the end of file: "
21122
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
21125
#: serverguide/C/lamp-applications.xml:382(programlisting)
21129
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
21132
#: serverguide/C/lamp-applications.xml:392(para)
21134
"For more details, please refer to the <ulink "
21135
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
21136
msgstr "详情请参阅 <ulink url=\"http://www.mediawiki.org\">MediaWiki</ulink> 网站。"
21138
#: serverguide/C/lamp-applications.xml:398(para)
21140
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
21141
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
21142
"new MediaWiki administrators."
21145
#: serverguide/C/lamp-applications.xml:404(para)
21147
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
21148
"Wiki MediaWiki</ulink> page is a good resource."
21151
#: serverguide/C/lamp-applications.xml:414(title)
21155
#: serverguide/C/lamp-applications.xml:416(para)
21157
"<application>phpMyAdmin</application> is a LAMP application specifically "
21158
"written for administering <application>MySQL</application> servers. Written "
21159
"in <application>PHP</application>, and accessed through a web browser, "
21160
"phpMyAdmin provides a graphical interface for database administration tasks."
21163
#: serverguide/C/lamp-applications.xml:425(para)
21165
"Before installing <application>phpMyAdmin</application> you will need access "
21166
"to a <application>MySQL</application> database either on the same host as "
21167
"that phpMyAdmin is installed on, or on a host accessible over the network. "
21168
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
21172
#: serverguide/C/lamp-applications.xml:432(command)
21173
msgid "sudo apt-get install phpmyadmin"
21176
#: serverguide/C/lamp-applications.xml:435(para)
21178
"At the prompt choose which web server to be configured for "
21179
"<application>phpMyAdmin</application>. The rest of this section will use "
21180
"<application>Apache2</application> for the web server."
21183
#: serverguide/C/lamp-applications.xml:440(para)
21185
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
21186
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
21187
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
21188
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
21189
"user if you any setup, and enter the <application>MySQL</application> user's "
21193
#: serverguide/C/lamp-applications.xml:447(para)
21195
"Once logged in you can reset the <emphasis>root</emphasis> password if "
21196
"needed, create users, create/destroy databases and tables, etc."
21199
#: serverguide/C/lamp-applications.xml:455(para)
21201
"The configuration files for <application>phpMyAdmin</application> are "
21202
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
21203
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
21204
"configuration options that apply globally to "
21205
"<application>phpMyAdmin</application>."
21208
#: serverguide/C/lamp-applications.xml:461(para)
21210
"To use <application>phpMyAdmin</application> to administer a MySQL database "
21211
"hosted on another server, adjust the following in "
21212
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
21215
#: serverguide/C/lamp-applications.xml:466(programlisting)
21219
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
21222
#: serverguide/C/lamp-applications.xml:471(para)
21224
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
21225
"remote database server name or IP address. Also, be sure that the "
21226
"<application>phpMyAdmin</application> host has permissions to access the "
21230
#: serverguide/C/lamp-applications.xml:477(para)
21232
"Once configured, log out of <application>phpMyAdmin</application> and back "
21233
"in, and you should be accessing the new server."
21236
#: serverguide/C/lamp-applications.xml:481(para)
21238
"The <filename>config.header.inc.php</filename> and "
21239
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
21240
"header and footer to <application>phpMyAdmin</application>."
21243
#: serverguide/C/lamp-applications.xml:486(para)
21245
"Another important configuration file is "
21246
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
21247
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
21248
"configure <application>Apache2</application> to serve the "
21249
"<application>phpMyAdmin</application> site. The file contains directives for "
21250
"loading <application>PHP</application>, directory permissions, etc. For more "
21251
"information on configuring <application>Apache2</application> see <xref "
21252
"linkend=\"httpd\"/>."
21255
#: serverguide/C/lamp-applications.xml:500(para)
21257
"The <application>phpMyAdmin</application> documentation comes installed with "
21258
"the package and can be accessed from the <emphasis>phpMyAdmin "
21259
"Documentation</emphasis> link (a question mark with a box around it) under "
21260
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
21261
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
21264
#: serverguide/C/lamp-applications.xml:507(para)
21266
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
21267
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
21270
#: serverguide/C/lamp-applications.xml:512(para)
21272
"A third resource is the <ulink "
21273
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
21274
"Wiki</ulink> page."
21277
#: serverguide/C/introduction.xml:14(para)
21278
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
21279
msgstr "欢迎来到 <emphasis>Ubuntu 服务器指南</emphasis>!"
21281
#: serverguide/C/introduction.xml:15(para)
21283
"Here you can find information on how to install and configure various server "
21284
"applications. It is a step-by-step, task-oriented guide for configuring and "
21285
"customizing your system."
21288
#: serverguide/C/introduction.xml:19(para)
21290
"This guide assumes you have a basic understanding of your Ubuntu system. "
21291
"Some installation details are covered in <xref linkend=\"installation\"/>, "
21292
"but if you need detailed instructions installing Ubuntu please refer to the "
21293
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
21294
"Installation Guide</ulink>."
21297
#: serverguide/C/introduction.xml:25(para)
21299
"A HTML version of the manual is available online at <ulink "
21300
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
21301
"HTML files are also available in the <application>ubuntu-"
21302
"serverguide</application> package. See <xref linkend=\"package-"
21303
"management\"/> for details on installing packages."
21306
#: serverguide/C/introduction.xml:32(para)
21308
"If you choose to install the <application>ubuntu-serverguide</application> "
21309
"you can view this document from a console by:"
21312
#: serverguide/C/introduction.xml:36(command)
21313
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
21316
#: serverguide/C/introduction.xml:39(para)
21318
"If you are using a localized version of Ubuntu, replace "
21319
"<emphasis>C</emphasis> with your language localization (e.g. "
21320
"<emphasis>en_GB</emphasis>)."
21323
#: serverguide/C/introduction.xml:53(title)
21327
#: serverguide/C/introduction.xml:55(para)
21329
"There are a couple of different ways that Ubuntu Server Edition is "
21330
"supported, commercial support and community support. The main commercial "
21331
"support (and development funding) is available from Canonical Ltd. They "
21332
"supply reasonably priced support contracts on a per desktop or per server "
21333
"basis. For more information see the <ulink "
21334
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
21338
#: serverguide/C/introduction.xml:62(para)
21340
"Community support is also provided by dedicated individuals, and companies, "
21341
"that wish to make Ubuntu the best distribution possible. Support is provided "
21342
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
21343
"large amount of information available can be overwhelming, but a good search "
21344
"engine query can usually provide an answer to your questions. See the <ulink "
21345
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
21349
#: serverguide/C/installation.xml:14(para)
21351
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
21352
"Edition. For more detailed instructions, please refer to the <ulink "
21353
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
21354
"Installation Guide</ulink>."
21357
#: serverguide/C/installation.xml:19(title)
21358
msgid "Preparing to Install"
21361
#: serverguide/C/installation.xml:20(para)
21363
"This section explains various aspects to consider before starting the "
21365
msgstr "本部分内容说明在开始安装之前要考虑的各个方面。"
21367
#: serverguide/C/installation.xml:24(title)
21368
msgid "System Requirements"
21371
#: serverguide/C/installation.xml:25(para)
21373
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
21374
"and AMD64. The table below lists recommended hardware specifications. "
21375
"Depending on your needs, you might manage with less than this. However, most "
21376
"users risk being frustrated if they ignore these suggestions."
21379
#: serverguide/C/installation.xml:27(title)
21380
msgid "Recommended Minimum Requirements"
21383
#: serverguide/C/installation.xml:35(para)
21384
msgid "Install Type"
21387
#: serverguide/C/installation.xml:36(para)
21391
#: serverguide/C/installation.xml:37(para)
21392
msgid "Hard Drive Space"
21395
#: serverguide/C/installation.xml:40(para)
21396
msgid "Base System"
21399
#: serverguide/C/installation.xml:41(para)
21400
msgid "All Tasks Installed"
21403
#: serverguide/C/installation.xml:46(para)
21407
#: serverguide/C/installation.xml:47(para)
21408
msgid "128 megabytes"
21411
#: serverguide/C/installation.xml:48(para)
21412
msgid "500 megabytes"
21415
#: serverguide/C/installation.xml:49(para)
21419
#: serverguide/C/installation.xml:54(para)
21421
"The Server Edition provides a common base for all sorts of server "
21422
"applications. It is a minimalist design providing a platform for the desired "
21423
"services, such as file/print services, web hosting, email hosting, etc."
21426
#: serverguide/C/installation.xml:60(para)
21428
"The requirements for UEC are slightly different for Front End requirements "
21429
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
21430
"requirements see <xref linkend=\"uec-node-requirements\"/>."
21433
#: serverguide/C/installation.xml:68(title)
21434
msgid "Server and Desktop Differences"
21437
#: serverguide/C/installation.xml:69(para)
21439
"There are a few differences between the <emphasis>Ubuntu Server "
21440
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
21441
"should be noted that both editions use the same "
21442
"<application>apt</application> repositories. Making it just as easy to "
21443
"install a <emphasis role=\"italic\">server</emphasis> application on the "
21444
"Desktop Edition as it is on the Server Edition."
21447
#: serverguide/C/installation.xml:75(para)
21449
"The differences between the two editions are the lack of an X window "
21450
"environment in the Server Edition, the installation process, and different "
21454
#: serverguide/C/installation.xml:82(title)
21455
msgid "Kernel Differences:"
21458
#: serverguide/C/installation.xml:85(para)
21460
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
21461
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
21465
#: serverguide/C/installation.xml:91(para)
21466
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
21469
#: serverguide/C/installation.xml:96(para)
21471
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
21475
#: serverguide/C/installation.xml:102(para)
21477
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
21478
"limited by memory addressing space."
21481
#: serverguide/C/installation.xml:107(para)
21483
"To see all kernel configuration options you can look through "
21484
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
21485
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
21486
"is a great resource on the options available."
21489
#: serverguide/C/installation.xml:116(title)
21493
#: serverguide/C/installation.xml:119(para)
21495
"Before installing <application>Ubuntu Server Edition</application> you "
21496
"should make sure all data on the system is backed up. See <xref "
21497
"linkend=\"backups\"/> for backup options."
21500
#: serverguide/C/installation.xml:123(para)
21502
"If this is not the first time an operating system has been installed on your "
21503
"computer, it is likely you will need to re-partition your disk to make room "
21507
#: serverguide/C/installation.xml:127(para)
21509
"Any time you partition your disk, you should be prepared to lose everything "
21510
"on the disk should you make a mistake or something goes wrong during "
21511
"partitioning. The programs used in installation are quite reliable, most "
21512
"have seen years of use, but they also perform destructive actions."
21515
#: serverguide/C/installation.xml:139(title)
21516
msgid "Installing from CD"
21519
#: serverguide/C/installation.xml:140(para)
21521
"The basic steps to install Ubuntu Server Edition from CD are the same for "
21522
"installing any operating system from CD. Unlike the <emphasis>Desktop "
21523
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
21524
"a graphical installation program. Instead the Server Edition uses a console "
21525
"menu based process."
21528
#: serverguide/C/installation.xml:147(para)
21530
"First, download and burn the appropriate ISO file from the <ulink "
21531
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
21534
#: serverguide/C/installation.xml:153(para)
21535
msgid "Boot the system from the CD-ROM drive."
21538
#: serverguide/C/installation.xml:158(para)
21540
"At the boot prompt you will be asked to select the language. Afterwards the "
21541
"installation process begins by asking for your keyboard layout."
21544
#: serverguide/C/installation.xml:164(para)
21546
"From the main boot menu there are some additional options to install Ubuntu "
21547
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
21548
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
21549
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
21550
"will cover the basic Ubuntu Server install."
21553
#: serverguide/C/installation.xml:172(para)
21555
"The installer then discovers your hardware configuration, and configures the "
21556
"network settings using DHCP. If you do not wish to use DHCP at the next "
21557
"screen choose \"Go Back\", and you have the option to \"Configure the "
21558
"network manually\"."
21561
#: serverguide/C/installation.xml:179(para)
21562
msgid "Next, the installer asks for the system's hostname and Time Zone."
21565
#: serverguide/C/installation.xml:184(para)
21567
"You can then choose from several options to configure the hard drive layout. "
21568
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
21571
#: serverguide/C/installation.xml:190(para)
21572
msgid "The Ubuntu base system is then installed."
21575
#: serverguide/C/installation.xml:195(para)
21577
"A new user is setup, this user will have <emphasis>root</emphasis> access "
21578
"through the <application>sudo</application> utility."
21581
#: serverguide/C/installation.xml:201(para)
21583
"After the user is setup, you will be asked to encrypt your <filename "
21584
"role=\"directory\">home</filename> directory."
21587
#: serverguide/C/installation.xml:207(para)
21589
"The next step in the installation process is to decide how you want to "
21590
"update the system. There are three options:"
21593
#: serverguide/C/installation.xml:213(para)
21595
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
21596
"log into the machine and manually install updates."
21599
#: serverguide/C/installation.xml:219(para)
21601
"<emphasis>Install security updates Automatically</emphasis>: will install "
21602
"the <application>unattended-upgrades</application> package, which will "
21603
"install security updates without the intervention of an administrator. For "
21604
"more details see <xref linkend=\"automatic-updates\"/>."
21607
#: serverguide/C/installation.xml:226(para)
21609
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
21610
"service provided by Canonical to help manage your Ubuntu machines. See the "
21611
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
21612
"site for details."
21615
#: serverguide/C/installation.xml:235(para)
21617
"You now have the option to install, or not install, several package tasks. "
21618
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
21619
"to launch <application>aptitude</application> to choose specific packages to "
21620
"install. For more information see <xref linkend=\"aptitude\"/>."
21623
#: serverguide/C/installation.xml:243(para)
21624
msgid "Finally, the last step before rebooting is to set the clock to UTC."
21627
#: serverguide/C/installation.xml:249(para)
21629
"If at any point during installation you are not satisfied by the default "
21630
"setting, use the \"Go Back\" function at any prompt to be brought to a "
21631
"detailed installation menu that will allow you to modify the default "
21635
#: serverguide/C/installation.xml:254(para)
21637
"At some point during the installation process you may want to read the help "
21638
"screen provided by the installation system. To do this, press F1."
21641
#: serverguide/C/installation.xml:259(para)
21643
"Once again, for detailed instructions see the <ulink "
21644
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
21645
"Installation Guide</ulink>."
21648
#: serverguide/C/installation.xml:265(title)
21649
msgid "Package Tasks"
21652
#: serverguide/C/installation.xml:266(para)
21654
"During the Server Edition installation you have the option of installing "
21655
"additional packages from the CD. The packages are grouped by the type of "
21656
"service they provide."
21659
#: serverguide/C/installation.xml:272(para)
21660
msgid "Cloud computing: Walrus storage service"
21663
#: serverguide/C/installation.xml:277(para)
21664
msgid "Cloud computing: all-in-one cluster"
21667
#: serverguide/C/installation.xml:282(para)
21668
msgid "Cloud computing: Cluster controller"
21671
#: serverguide/C/installation.xml:287(para)
21672
msgid "Cloud computing: Node controller"
21675
#: serverguide/C/installation.xml:292(para)
21676
msgid "Cloud computing: Storage controller"
21679
#: serverguide/C/installation.xml:297(para)
21680
msgid "Cloud computing: top-level cloud controller"
21683
#: serverguide/C/installation.xml:302(para)
21684
msgid "DNS server: Selects the BIND DNS server and its documentation."
21687
#: serverguide/C/installation.xml:307(para)
21688
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
21691
#: serverguide/C/installation.xml:312(para)
21693
"Mail server: This task selects a variety of package useful for a general "
21694
"purpose mail server system."
21697
#: serverguide/C/installation.xml:317(para)
21698
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
21701
#: serverguide/C/installation.xml:322(para)
21703
"PostgreSQL database: This task selects client and server packages for the "
21704
"PostgreSQL database."
21707
#: serverguide/C/installation.xml:327(para)
21708
msgid "Print server: This task sets up your system to be a print server."
21711
#: serverguide/C/installation.xml:332(para)
21713
"Samba File server: This task sets up your system to be a Samba file server, "
21714
"which is especially suitable in networks with both Windows and Linux systems."
21717
#: serverguide/C/installation.xml:338(para)
21719
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
21723
#: serverguide/C/installation.xml:343(para)
21725
"Virtual machine host: Includes packages needed to run KVM virtual machines."
21728
#: serverguide/C/installation.xml:348(para)
21730
"Manually select packages: Executes <application>apptitude</application> "
21731
"allowing you to individually select packages."
21734
#: serverguide/C/installation.xml:353(para)
21736
"Installing the package groups is accomplished using the "
21737
"<application>tasksel</application> utility. One of the important difference "
21738
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
21739
"installed, a package is also configured to reasonable defaults, eventually "
21740
"prompting you for additional required information. Likewise, when installing "
21741
"a task, the packages are not only installed, but also configured to provided "
21742
"a fully integrated service."
21745
#: serverguide/C/installation.xml:360(para)
21747
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
21748
"<xref linkend=\"uec\"/>."
21751
#: serverguide/C/installation.xml:363(para)
21753
"Once the installation process has finished you can view a list of available "
21754
"tasks by entering the following from a terminal prompt:"
21757
#: serverguide/C/installation.xml:368(command)
21758
msgid "tasksel --list-tasks"
21759
msgstr "tasksel --list-tasks"
21761
#: serverguide/C/installation.xml:371(para)
21763
"The output will list tasks from other Ubuntu based distributions such as "
21764
"Kubuntu and Edubuntu. Note that you can also invoke the "
21765
"<command>tasksel</command> command by itself, which will bring up a menu of "
21766
"the different tasks available."
21769
#: serverguide/C/installation.xml:377(para)
21771
"You can view a list of which packages are installed with each task using the "
21772
"<emphasis>--task-packages</emphasis> option. For example, to list the "
21773
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
21777
#: serverguide/C/installation.xml:382(command)
21778
msgid "tasksel --task-packages dns-server"
21779
msgstr "tasksel --task-packages dns-server"
21781
#: serverguide/C/installation.xml:384(para)
21782
msgid "The output of the command should list:"
21785
#: serverguide/C/installation.xml:387(programlisting)
21794
#: serverguide/C/installation.xml:392(para)
21796
"Also, if you did not install one of the tasks during the installation "
21797
"process, but for example you decide to make your new LAMP server a DNS "
21798
"server as well. Simply insert the installation CD and from a terminal:"
21801
#: serverguide/C/installation.xml:397(command)
21802
msgid "sudo tasksel install dns-server"
21803
msgstr "sudo tasksel install dns-server"
21805
#: serverguide/C/installation.xml:402(title)
21809
#: serverguide/C/installation.xml:403(para)
21811
"There are several ways to upgrade from one Ubuntu release to another. This "
21812
"section gives an overview of the recommended upgrade method."
21815
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
21816
msgid "do-release-upgrade"
21817
msgstr "do-release-upgrade"
21819
#: serverguide/C/installation.xml:408(para)
21821
"The recommended way to upgrade a Server Edition installation is to use the "
21822
"<application>do-release-upgrade</application> utility. Part of the "
21823
"<emphasis>update-manager-core</emphasis> package, it does not have any "
21824
"graphical dependencies and is installed by default."
21827
#: serverguide/C/installation.xml:413(para)
21829
"Debian based systems can also be upgraded by using <command>apt-get dist-"
21830
"upgrade</command>. However, using <application>do-release-"
21831
"upgrade</application> is recommended because it has the ability to handle "
21832
"system configuration changes sometimes needed between releases."
21835
#: serverguide/C/installation.xml:418(para)
21836
msgid "To upgrade to a newer release, from a terminal prompt enter:"
21839
#: serverguide/C/installation.xml:424(para)
21841
"It is also possible to use <application>do-release-upgrade</application> to "
21842
"upgrade to a development version of Ubuntu. To accomplish this use the "
21843
"<emphasis>-d</emphasis> switch:"
21846
#: serverguide/C/installation.xml:429(command)
21847
msgid "do-release-upgrade -d"
21848
msgstr "do-release-upgrade -d"
21850
#: serverguide/C/installation.xml:432(para)
21852
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
21853
"for production environments."
21856
#: serverguide/C/installation.xml:439(title)
21857
msgid "Advanced Installation"
21860
#: serverguide/C/installation.xml:442(title)
21861
msgid "Software RAID"
21864
#: serverguide/C/installation.xml:444(para)
21866
"RAID is a method of configuring multiple hard drives to act as one, reducing "
21867
"the probability of catastrophic data loss in case of drive failure. RAID is "
21868
"implemented in either software (where the operating system knows about both "
21869
"drives and actively maintains both of them) or hardware (where a special "
21870
"controller makes the OS think there's only one drive and maintains the "
21871
"drives 'invisibly')."
21874
#: serverguide/C/installation.xml:451(para)
21876
"The RAID software included with current versions of Linux (and Ubuntu) is "
21877
"based on the <application>'mdadm'</application> driver and works very well, "
21878
"better even than many so-called 'hardware' RAID controllers. This section "
21879
"will guide you through installing Ubuntu Server Edition using two RAID1 "
21880
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
21881
"another for <emphasis>swap</emphasis>."
21884
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
21886
"Follow the installation steps until you get to the <emphasis>Partition "
21887
"disks</emphasis> step, then:"
21890
#: serverguide/C/installation.xml:468(para)
21891
msgid "Select <emphasis>Manual</emphasis> as the partition method."
21894
#: serverguide/C/installation.xml:475(para)
21896
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
21897
"partition table on this device?\"</emphasis>."
21900
#: serverguide/C/installation.xml:479(para)
21902
"Repeat this step for each drive you wish to be part of the RAID array."
21905
#: serverguide/C/installation.xml:486(para)
21907
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
21908
"select <emphasis>\"Create a new partition\"</emphasis>."
21911
#: serverguide/C/installation.xml:493(para)
21913
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
21914
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
21915
"size is twice that of RAM. Enter the partition size, then choose "
21916
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
21919
#: serverguide/C/installation.xml:502(para)
21921
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
21922
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
21923
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
21924
"<emphasis>\"Done setting up partition\"</emphasis>."
21927
#: serverguide/C/installation.xml:511(para)
21929
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
21930
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
21931
"partition\"</emphasis>."
21934
#: serverguide/C/installation.xml:519(para)
21936
"Use the rest of the free space on the drive and choose "
21937
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
21940
#: serverguide/C/installation.xml:526(para)
21942
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
21943
"at the top, changing it to <emphasis>\"physical volume for "
21944
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
21945
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
21946
"<emphasis>\"Done setting up partition\"</emphasis>."
21949
#: serverguide/C/installation.xml:536(para)
21950
msgid "Repeat steps three through eight for the other disk and partitions."
21953
#: serverguide/C/installation.xml:545(title)
21954
msgid "RAID Configuration"
21957
#: serverguide/C/installation.xml:547(para)
21958
msgid "With the partitions setup the arrays are ready to be configured:"
21961
#: serverguide/C/installation.xml:554(para)
21963
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
21964
"Software RAID\"</emphasis> at the top."
21967
#: serverguide/C/installation.xml:561(para)
21968
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
21971
#: serverguide/C/installation.xml:568(para)
21972
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
21975
#: serverguide/C/installation.xml:575(para)
21977
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
21978
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
21981
#: serverguide/C/installation.xml:581(para)
21983
"In order to use <emphasis>RAID5</emphasis> you need at least "
21984
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
21985
"<emphasis>two</emphasis> drives are required."
21988
#: serverguide/C/installation.xml:590(para)
21990
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
21991
"of hard drives you have, for the array. Then select "
21992
"<emphasis>\"Continue\"</emphasis>."
21995
#: serverguide/C/installation.xml:598(para)
21997
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
21998
"default, then choose <emphasis>\"Continue\"</emphasis>."
22001
#: serverguide/C/installation.xml:605(para)
22003
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22004
"etc. The numbers will usually match and the different letters correspond to "
22005
"different hard drives."
22008
#: serverguide/C/installation.xml:610(para)
22010
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22011
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22012
"go to the next step."
22015
#: serverguide/C/installation.xml:618(para)
22017
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22018
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22019
"and <emphasis>sdb2</emphasis>."
22022
#: serverguide/C/installation.xml:626(para)
22023
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22026
#: serverguide/C/installation.xml:636(title)
22030
#: serverguide/C/installation.xml:638(para)
22032
"There should now be a list of hard drives and RAID devices. The next step is "
22033
"to format and set the mount point for the RAID devices. Treat the RAID "
22034
"device as a local hard drive, format and mount accordingly."
22037
#: serverguide/C/installation.xml:646(para)
22039
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22040
"#0\"</emphasis> partition."
22043
#: serverguide/C/installation.xml:653(para)
22045
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22046
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22049
#: serverguide/C/installation.xml:661(para)
22051
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22052
"#1\"</emphasis> partition."
22055
#: serverguide/C/installation.xml:668(para)
22057
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22058
"journaling file system\"</emphasis>."
22061
#: serverguide/C/installation.xml:675(para)
22063
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22064
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22065
"options as appropriate, then select <emphasis>\"Done setting up "
22066
"partition\"</emphasis>."
22069
#: serverguide/C/installation.xml:683(para)
22071
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22072
"disk\"</emphasis>."
22075
#: serverguide/C/installation.xml:690(para)
22077
"If you choose to place the root partition on a RAID array, the installer "
22078
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
22079
"state. See <xref linkend=\"raid-degraded\"/> for further details."
22082
#: serverguide/C/installation.xml:695(para)
22083
msgid "The installation process will then continue normally."
22086
#: serverguide/C/installation.xml:701(title)
22087
msgid "Degraded RAID"
22090
#: serverguide/C/installation.xml:703(para)
22092
"At some point in the life of the computer a disk failure event may occur. "
22093
"When this happens, using Software RAID, the operating system will place the "
22094
"array into what is known as a <emphasis>degraded</emphasis> state."
22097
#: serverguide/C/installation.xml:708(para)
22099
"If the array has become degraded, due to the chance of data corruption, by "
22100
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
22101
"after thirty seconds. Once the initramfs has booted there is a fifteen "
22102
"second prompt giving you the option to go ahead and boot the system, or "
22103
"attempt manual recover. Booting to the initramfs prompt may or may not be "
22104
"the desired behavior, especially if the machine is in a remote location. "
22105
"Booting to a degraded array can be configured several ways:"
22108
#: serverguide/C/installation.xml:719(para)
22110
"The <application>dpkg-reconfigure</application> utility can be used to "
22111
"configure the default behavior, and during the process you will be queried "
22112
"about additional settings related to the array. Such as monitoring, email "
22113
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
22117
#: serverguide/C/installation.xml:726(command)
22118
msgid "sudo dpkg-reconfigure mdadm"
22121
#: serverguide/C/installation.xml:732(para)
22123
"The <command>dpkg-reconfigure mdadm</command> process will change the "
22124
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
22125
"The file has the advantage of being able to pre-configure the system's "
22126
"behavior, and can also be manually edited:"
22129
#: serverguide/C/installation.xml:738(programlisting)
22133
"BOOT_DEGRADED=true\n"
22136
#: serverguide/C/installation.xml:743(para)
22137
msgid "The configuration file can be overridden by using a Kernel argument."
22140
#: serverguide/C/installation.xml:751(para)
22142
"Using a Kernel argument will allow the system to boot to a degraded array as "
22146
#: serverguide/C/installation.xml:757(para)
22148
"When the server is booting press <keycap>Shift</keycap> to open the "
22149
"<application>Grub</application> menu."
22152
#: serverguide/C/installation.xml:762(para)
22153
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22156
#: serverguide/C/installation.xml:767(para)
22157
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22160
#: serverguide/C/installation.xml:772(para)
22162
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22166
#: serverguide/C/installation.xml:777(para)
22168
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22172
#: serverguide/C/installation.xml:786(para)
22174
"Once the system has booted you can either repair the array see <xref "
22175
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22176
"another machine due to major hardware failure."
22179
#: serverguide/C/installation.xml:793(title)
22180
msgid "RAID Maintenance"
22183
#: serverguide/C/installation.xml:795(para)
22185
"The <application>mdadm</application> utility can be used to view the status "
22186
"of an array, add disks to an array, remove disks, etc:"
22189
#: serverguide/C/installation.xml:802(para)
22190
msgid "To view the status of an array, from a terminal prompt enter:"
22193
#: serverguide/C/installation.xml:806(command)
22194
msgid "sudo mdadm -D /dev/md0"
22197
#: serverguide/C/installation.xml:809(para)
22199
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22200
"display <emphasis>detailed</emphasis> information about the "
22201
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
22202
"with the appropriate RAID device."
22205
#: serverguide/C/installation.xml:815(para)
22206
msgid "To view the status of a disk in an array:"
22209
#: serverguide/C/installation.xml:819(command)
22210
msgid "sudo mdadm -E /dev/sda1"
22213
#: serverguide/C/installation.xml:821(para)
22215
"The output if very similar to the <command>mdadm -D</command> command, "
22216
"adjust <filename>/dev/sda1</filename> for each disk."
22219
#: serverguide/C/installation.xml:826(para)
22220
msgid "If a disk fails and needs to be removed from an array enter:"
22223
#: serverguide/C/installation.xml:830(command)
22224
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
22227
#: serverguide/C/installation.xml:832(para)
22229
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
22230
"the appropriate RAID device and disk."
22233
#: serverguide/C/installation.xml:837(para)
22234
msgid "Similarly, to add a new disk:"
22237
#: serverguide/C/installation.xml:841(command)
22238
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
22241
#: serverguide/C/installation.xml:846(para)
22243
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
22244
"though there is nothing physically wrong with the drive. It is usually "
22245
"worthwhile to remove the drive from the array then re-add it. This will "
22246
"cause the drive to re-sync with the array. If the drive will not sync with "
22247
"the array, it is a good indication of hardware failure."
22250
#: serverguide/C/installation.xml:852(para)
22252
"The <filename>/proc/mdstat</filename> file also contains useful information "
22253
"about the system's RAID devices:"
22256
#: serverguide/C/installation.xml:857(command)
22257
msgid "cat /proc/mdstat"
22260
#: serverguide/C/installation.xml:858(computeroutput)
22263
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
22265
"md0 : active raid1 sda1[0] sdb1[1]\n"
22266
" 10016384 blocks [2/2] [UU]\n"
22268
"unused devices: <none>"
22271
#: serverguide/C/installation.xml:865(para)
22273
"The following command is great for watching the status of a syncing drive:"
22276
#: serverguide/C/installation.xml:870(command)
22277
msgid "watch -n1 cat /proc/mdstat"
22280
#: serverguide/C/installation.xml:873(para)
22282
"Press <emphasis>Ctrl+c</emphasis> to stop the "
22283
"<application>watch</application> command."
22286
#: serverguide/C/installation.xml:877(para)
22288
"If you do need to replace a faulty drive, after the drive has been replaced "
22289
"and synced, <application>grub</application> will need to be installed. To "
22290
"install <application>grub</application> on the new drive, enter the "
22294
#: serverguide/C/installation.xml:883(command)
22295
msgid "sudo grub-install /dev/md0"
22298
#: serverguide/C/installation.xml:886(para)
22300
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
22303
#: serverguide/C/installation.xml:894(para)
22305
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
22306
"can be configured. Please see the following links for more information:"
22309
#: serverguide/C/installation.xml:901(para)
22311
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
22312
"Wiki Articles on RAID</ulink>."
22315
#: serverguide/C/installation.xml:907(ulink)
22316
msgid "Software RAID HOWTO"
22319
#: serverguide/C/installation.xml:912(ulink)
22320
msgid "Managing RAID on Linux"
22323
#: serverguide/C/installation.xml:919(title)
22324
msgid "Logical Volume Manager (LVM)"
22327
#: serverguide/C/installation.xml:921(para)
22329
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
22330
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
22331
"hard disks. LVM volumes can be created on both software RAID partitions and "
22332
"standard partitions residing on a single disk. Volumes can also be extended, "
22333
"giving greater flexibility to systems as requirements change."
22336
#: serverguide/C/installation.xml:930(para)
22338
"A side effect of LVM's power and flexibility is a greater degree of "
22339
"complication. Before diving into the LVM installation process, it is best to "
22340
"get familiar with some terms."
22343
#: serverguide/C/installation.xml:937(para)
22345
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
22349
#: serverguide/C/installation.xml:942(para)
22351
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
22352
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
22353
"which resides the actual EXT3, XFS, JFS, etc filesystem."
22356
#: serverguide/C/installation.xml:948(para)
22358
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
22359
"RAID partition. The Volume Group can be extended by adding more PVs."
22362
#: serverguide/C/installation.xml:959(para)
22364
"As an example this section covers installing Ubuntu Server Edition with "
22365
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
22366
"the initial install only one Physical Volume (PV) will be part of the Volume "
22367
"Group (VG). Another PV will be added after install to demonstrate how a VG "
22371
#: serverguide/C/installation.xml:965(para)
22373
"There are several installation options for LVM, <emphasis>\"Guided - use the "
22374
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
22375
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
22376
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
22377
"partitions and configure LVM. At this time the only way to configure a "
22378
"system with both LVM and standard partitions, during installation, is to use "
22379
"the Manual approach."
22382
#: serverguide/C/installation.xml:982(para)
22384
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
22385
"<emphasis>\"Manual\"</emphasis>."
22388
#: serverguide/C/installation.xml:989(para)
22390
"Select the hard disk and on the next screen choose \"yes\" to "
22391
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
22394
#: serverguide/C/installation.xml:996(para)
22396
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
22397
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
22400
#: serverguide/C/installation.xml:1004(para)
22402
"For the LVM <emphasis>/srv</emphasis>, create a new "
22403
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
22404
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
22405
"<emphasis>\"Done setting up the partition\"</emphasis>."
22408
#: serverguide/C/installation.xml:1012(para)
22410
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
22411
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
22415
#: serverguide/C/installation.xml:1020(para)
22417
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
22418
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
22419
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
22420
"After entering a name, select the partition configured for LVM, and choose "
22421
"<emphasis>\"Continue\"</emphasis>."
22424
#: serverguide/C/installation.xml:1029(para)
22426
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
22427
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
22428
"volume group, and enter a name for the new LV, for example "
22429
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
22430
"a size, which may be the full partition because it can always be extended "
22431
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
22432
"main <emphasis>\"Partition Disks\"</emphasis> screen."
22435
#: serverguide/C/installation.xml:1039(para)
22437
"Now add a filesystem to the new LVM. Select the partition under "
22438
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
22439
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
22440
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
22441
"select <emphasis>\"Done setting up the partition\"</emphasis>."
22444
#: serverguide/C/installation.xml:1048(para)
22446
"Finally, select <emphasis>\"Finish partitioning and write changes to "
22447
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
22448
"the installation."
22451
#: serverguide/C/installation.xml:1056(para)
22452
msgid "There are some useful utilities to view information about LVM:"
22455
#: serverguide/C/installation.xml:1061(para)
22457
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
22460
#: serverguide/C/installation.xml:1062(para)
22462
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
22465
#: serverguide/C/installation.xml:1063(para)
22467
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
22468
"Physical Volumes."
22471
#: serverguide/C/installation.xml:1068(title)
22472
msgid "Extending Volume Groups"
22475
#: serverguide/C/installation.xml:1070(para)
22477
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
22478
"section covers adding a second hard disk, creating a Physical Volume (PV), "
22479
"adding it to the volume group (VG), extending the logical volume <filename "
22480
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
22481
"example assumes a second hard disk has been added to the system. This hard "
22482
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
22483
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
22484
"before issuing the commands below. You could lose some data if you issue "
22485
"those commands on a non-empty disk. In our example we will use the entire "
22486
"disk as a physical volume (you could choose to create partitions and use "
22487
"them as different physical volumes)"
22490
#: serverguide/C/installation.xml:1082(para)
22491
msgid "First, create the physical volume, in a terminal execute:"
22494
#: serverguide/C/installation.xml:1087(command)
22495
msgid "sudo pvcreate /dev/sdb"
22498
#: serverguide/C/installation.xml:1093(para)
22499
msgid "Now extend the Volume Group (VG):"
22502
#: serverguide/C/installation.xml:1098(command)
22503
msgid "sudo vgextend vg01 /dev/sdb"
22506
#: serverguide/C/installation.xml:1104(para)
22508
"Use <application>vgdisplay</application> to find out the free physical "
22509
"extents - Free PE / size (the size you can allocate). We will assume a free "
22510
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
22511
"whole free space available. Use your own PE and/or free space."
22514
#: serverguide/C/installation.xml:1110(para)
22516
"The Logical Volume (LV) can now be extended by different methods, we will "
22517
"only see how to use the PE to extend the LV:"
22520
#: serverguide/C/installation.xml:1115(command)
22521
msgid "sudo lvextend /dev/vg01/srv -l +511"
22524
#: serverguide/C/installation.xml:1118(para)
22526
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
22527
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
22528
"Gig, Tera, etc bytes."
22531
#: serverguide/C/installation.xml:1126(para)
22533
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
22534
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
22535
"practice to unmount it anyway and check the filesystem, so that you don't "
22536
"mess up the day you want to reduce a logical volume (in that case unmounting "
22537
"first is compulsory)."
22540
#: serverguide/C/installation.xml:1132(para)
22542
"The following commands are for an <emphasis>EXT3</emphasis> or "
22543
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
22544
"there may be other utilities available."
22547
#: serverguide/C/installation.xml:1139(command)
22548
msgid "sudo e2fsck -f /dev/vg01/srv"
22551
#: serverguide/C/installation.xml:1142(para)
22553
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
22554
"forces checking even if the system seems clean."
22557
#: serverguide/C/installation.xml:1149(para)
22558
msgid "Finally, resize the filesystem:"
22561
#: serverguide/C/installation.xml:1154(command)
22562
msgid "sudo resize2fs /dev/vg01/srv"
22565
#: serverguide/C/installation.xml:1160(para)
22566
msgid "Now mount the partition and check its size."
22569
#: serverguide/C/installation.xml:1165(command)
22570
msgid "mount /dev/vg01/srv /srv && df -h /srv"
22573
#: serverguide/C/installation.xml:1177(para)
22576
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
22577
"Articles</ulink>."
22580
#: serverguide/C/installation.xml:1182(para)
22582
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
22583
"HOWTO</ulink> for more information."
22586
#: serverguide/C/installation.xml:1187(para)
22588
"Another good article is <ulink "
22589
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
22590
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
22591
"linuxdevcenter.com site."
22594
#: serverguide/C/installation.xml:1194(para)
22596
"For more information on <application>fdisk</application> see the <ulink "
22597
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
22598
"sk man page</ulink>."
22601
#: serverguide/C/file-server.xml:13(title)
22602
msgid "File Servers"
22605
#: serverguide/C/file-server.xml:15(para)
22607
"If you have more than one computer on a single network. At some point you "
22608
"will probably need to share files between them. In this section we cover "
22609
"installing and configuring FTP, NFS, and CUPS."
22612
#: serverguide/C/file-server.xml:22(title)
22616
#: serverguide/C/file-server.xml:24(para)
22618
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
22619
"files between computers. FTP works on a client/server model. The server "
22620
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
22621
"listens for FTP requests from remote clients. When a request is received, it "
22622
"manages the login and sets up the connection. For the duration of the "
22623
"session it executes any of commands sent by the FTP client."
22625
"FTP (文件传输协议) 是一个用来在计算机之间上传和下载文件的 TCP 协议。FTP 以 客户端/服务器 模式工作。服务端被称作 "
22626
"<emphasis>FTP 守护进程</emphasis>。它持续监听来自远程客户端的 FTP "
22627
"请求。当接收到一个请求时,它会管理登录并建立连接。在会话过程中它会执行由 FTP 客户端发出的任何命令。"
22629
#: serverguide/C/file-server.xml:33(para)
22630
msgid "Access to an FTP server can be managed in two ways:"
22631
msgstr "可以通过两种方式来管理 FTP 服务器的访问:"
22633
#: serverguide/C/file-server.xml:37(para)
22637
#: serverguide/C/file-server.xml:40(para)
22638
msgid "Authenticated"
22641
#: serverguide/C/file-server.xml:43(para)
22643
"In the Anonymous mode, remote clients can access the FTP server by using the "
22644
"default user account called \"anonymous\" or \"ftp\" and sending an email "
22645
"address as the password. In the Authenticated mode a user must have an "
22646
"account and a password. User access to the FTP server directories and files "
22647
"is dependent on the permissions defined for the account used at login. As a "
22648
"general rule, the FTP daemon will hide the root directory of the FTP server "
22649
"and change it to the FTP Home directory. This hides the rest of the file "
22650
"system from remote sessions."
22653
#: serverguide/C/file-server.xml:55(title)
22654
msgid "vsftpd - FTP Server Installation"
22655
msgstr "vsftpd - FTP 服务器安装"
22657
#: serverguide/C/file-server.xml:57(para)
22659
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
22660
"and maintain. To install <application>vsftpd</application> you can run the "
22661
"following command:"
22664
#: serverguide/C/file-server.xml:65(command)
22665
msgid "sudo apt-get install vsftpd"
22668
#: serverguide/C/file-server.xml:71(title)
22669
msgid "Anonymous FTP Configuration"
22672
#: serverguide/C/file-server.xml:73(para)
22674
"By default <application>vsftpd</application> is configured to only allow "
22675
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
22676
"created with a home directory of <filename>/home/ftp</filename>. This is the "
22677
"default FTP directory."
22680
#: serverguide/C/file-server.xml:80(para)
22682
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
22683
"example, simply create a directory in another location and change the "
22684
"<emphasis>ftp</emphasis> user's home directory:"
22687
#: serverguide/C/file-server.xml:87(command)
22688
msgid "sudo mkdir /srv/ftp"
22691
#: serverguide/C/file-server.xml:88(command)
22692
msgid "sudo usermod -d /srv/ftp ftp"
22695
#: serverguide/C/file-server.xml:91(para)
22696
msgid "After making the change restart <application>vsftpd</application>:"
22699
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
22700
msgid "sudo /etc/init.d/vsftpd restart"
22703
#: serverguide/C/file-server.xml:99(para)
22705
"Finally, copy any files and directories you would like to make available "
22706
"through anonymous FTP to <filename>/srv/ftp</filename>."
22709
#: serverguide/C/file-server.xml:106(title)
22710
msgid "User Authenticated FTP Configuration"
22713
#: serverguide/C/file-server.xml:108(para)
22715
"To configure <application>vsftpd</application> to authenticate system users "
22716
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
22719
#: serverguide/C/file-server.xml:114(programlisting)
22723
"local_enable=YES\n"
22724
"write_enable=YES\n"
22727
#: serverguide/C/file-server.xml:119(para)
22728
msgid "Now restart <application>vsftpd</application>:"
22731
#: serverguide/C/file-server.xml:127(para)
22733
"Now when system users login to FTP they will start in their "
22734
"<emphasis>home</emphasis> directories where they can download, upload, "
22735
"create directories, etc."
22738
#: serverguide/C/file-server.xml:133(para)
22740
"Similarly, by default, the anonymous users are not allowed to upload files "
22741
"to FTP server. To change this setting, you should uncomment the following "
22742
"line, and restart <application>vsftpd</application>:"
22745
#: serverguide/C/file-server.xml:140(programlisting)
22749
"anon_upload_enable=YES\n"
22752
#: serverguide/C/file-server.xml:145(para)
22754
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
22755
"not enable anonymous upload on servers accessed directly from the Internet."
22758
#: serverguide/C/file-server.xml:151(para)
22760
"The configuration file consists of many configuration parameters. The "
22761
"information about each parameter is available in the configuration file. "
22762
"Alternatively, you can refer to the man page, <command>man 5 "
22763
"vsftpd.conf</command> for details of each parameter."
22766
#: serverguide/C/file-server.xml:162(title)
22767
msgid "Securing FTP"
22770
#: serverguide/C/file-server.xml:164(para)
22772
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
22773
"<application>vsftpd</application> more secure. For example users can be "
22774
"limited to their home directories by uncommenting:"
22777
#: serverguide/C/file-server.xml:170(programlisting)
22781
"chroot_local_user=YES\n"
22784
#: serverguide/C/file-server.xml:174(para)
22786
"You can also limit a specific list of users to just their home directories:"
22789
#: serverguide/C/file-server.xml:178(programlisting)
22793
"chroot_list_enable=YES\n"
22794
"chroot_list_file=/etc/vsftpd.chroot_list\n"
22797
#: serverguide/C/file-server.xml:183(para)
22799
"After uncommenting the above options, create a "
22800
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
22801
"per line. Then restart <application>vsftpd</application>:"
22804
#: serverguide/C/file-server.xml:192(para)
22806
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
22807
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
22808
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
22809
"add them to the list."
22812
#: serverguide/C/file-server.xml:199(para)
22814
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
22815
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
22816
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
22817
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
22818
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
22819
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
22820
"with a shell may not be ideal for some environments, such as a shared web "
22824
#: serverguide/C/file-server.xml:208(para)
22826
"To configure <emphasis>FTPS</emphasis>, edit "
22827
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
22830
#: serverguide/C/file-server.xml:212(programlisting)
22837
#: serverguide/C/file-server.xml:216(para)
22838
msgid "Also, notice the certificate and key related options:"
22841
#: serverguide/C/file-server.xml:220(programlisting)
22845
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
22846
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
22849
#: serverguide/C/file-server.xml:225(para)
22851
"By default these options are set the certificate and key provided by the "
22852
"<application>ssl-cert</application> package. In a production environment "
22853
"these should be replaced with a certificate and key generated for the "
22854
"specific host. For more information on certificates see <xref "
22855
"linkend=\"certificates-and-security\"/>."
22858
#: serverguide/C/file-server.xml:231(para)
22860
"Now restart <application>vsftpd</application>, and non-anonymous users will "
22861
"be forced to use <emphasis>FTPS</emphasis>:"
22864
#: serverguide/C/file-server.xml:240(para)
22866
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
22867
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
22868
"adding the <emphasis>nologin</emphasis> shell:"
22871
#: serverguide/C/file-server.xml:245(programlisting)
22875
"# /etc/shells: valid login shells\n"
22888
"/usr/bin/screen\n"
22889
"/usr/sbin/nologin\n"
22892
#: serverguide/C/file-server.xml:263(para)
22894
"This is necessary because, by default <application>vsftpd</application> uses "
22895
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
22896
"configuration file contains:"
22899
#: serverguide/C/file-server.xml:268(programlisting)
22903
"auth required pam_shells.so\n"
22906
#: serverguide/C/file-server.xml:272(para)
22908
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
22909
"in the <filename>/etc/shells</filename> file."
22912
#: serverguide/C/file-server.xml:277(para)
22914
"Most popular FTP clients can be configured connect using FTPS. The "
22915
"<application>lftp</application> command line FTP client has the ability to "
22916
"use FTPS as well."
22919
#: serverguide/C/file-server.xml:288(para)
22921
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
22922
"website</ulink> for more information."
22925
#: serverguide/C/file-server.xml:293(para)
22927
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
22928
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
22929
"\">vsftpd.conf man page</ulink>."
22932
#: serverguide/C/file-server.xml:299(para)
22934
"The CodeGurus article <ulink "
22935
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
22936
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
22937
"contrasting FTPS and SFTP."
22940
#: serverguide/C/file-server.xml:305(para)
22942
"Also, for more information see the <ulink "
22943
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
22947
#: serverguide/C/file-server.xml:315(title)
22948
msgid "Network File System (NFS)"
22949
msgstr "网络文件系统 (NFS)"
22951
#: serverguide/C/file-server.xml:316(para)
22953
"NFS allows a system to share directories and files with others over a "
22954
"network. By using NFS, users and programs can access files on remote systems "
22955
"almost as if they were local files."
22956
msgstr "NFS 允许系统将其目录和文件共享给网络上的其他系统。通过 NFS,用户和应用程序可以访问远程系统上的文件,就象它们是本地文件一样。"
22958
#: serverguide/C/file-server.xml:322(para)
22959
msgid "Some of the most notable benefits that NFS can provide are:"
22960
msgstr "NFS 最值得注意的优点有:"
22962
#: serverguide/C/file-server.xml:328(para)
22964
"Local workstations use less disk space because commonly used data can be "
22965
"stored on a single machine and still remain accessible to others over the "
22967
msgstr "本地工作站可以使用更少的磁盘空间,因为常用数据可以被保存在一台机器上,并让网络上的其他机器可以访问它。"
22969
#: serverguide/C/file-server.xml:333(para)
22971
"There is no need for users to have separate home directories on every "
22972
"network machine. Home directories could be set up on the NFS server and made "
22973
"available throughout the network."
22974
msgstr "不需要为用户在每台网络机器上放一个用户目录。用户目录可以在 NFS 服务器上设置并使其在整个网络上可用。"
22976
#: serverguide/C/file-server.xml:339(para)
22978
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
22979
"be used by other machines on the network. This may reduce the number of "
22980
"removable media drives throughout the network."
22981
msgstr "存储设备如软盘、光驱及 USB 设备可以被网络上其它机器使用。这可能可以减少网络上移动设备的数量。"
22983
#: serverguide/C/file-server.xml:349(para)
22985
"At a terminal prompt enter the following command to install the NFS Server:"
22986
msgstr "在终端提示符后键入以下命令安装 NFS 服务器:"
22988
#: serverguide/C/file-server.xml:355(command)
22989
msgid "sudo apt-get install nfs-kernel-server"
22990
msgstr "sudo apt-get install nfs-kernel-server"
22992
#: serverguide/C/file-server.xml:361(para)
22994
"You can configure the directories to be exported by adding them to the "
22995
"<filename>/etc/exports</filename> file. For example:"
22996
msgstr "您可以配置要输出的目录,您可以在 <filename>/etc/exports</filename> 文件中添加该目录。例如:"
22998
#: serverguide/C/file-server.xml:366(screen)
23002
"/ubuntu *(ro,sync,no_root_squash)\n"
23003
"/home *(rw,sync,no_root_squash)\n"
23006
"/ubuntu *(ro,sync,no_root_squash)\n"
23007
"/home *(rw,sync,no_root_squash)\n"
23009
#: serverguide/C/file-server.xml:372(para)
23011
"You can replace * with one of the hostname formats. Make the hostname "
23012
"declaration as specific as possible so unwanted systems cannot access the "
23014
msgstr "您可以用主机名来代替 *。尽量指定主机名以便使那些不想其访问的系统访问 NFS 挂载的资源。"
23016
#: serverguide/C/file-server.xml:378(para)
23018
"To start the NFS server, you can run the following command at a terminal "
23020
msgstr "您可以在终端提示符后运行以下命令来启动 NFS 服务器:"
23022
#: serverguide/C/file-server.xml:383(command)
23023
msgid "sudo /etc/init.d/nfs-kernel-server start"
23024
msgstr "sudo /etc/init.d/nfs-kernel-server start"
23026
#: serverguide/C/file-server.xml:388(title)
23027
msgid "NFS Client Configuration"
23030
#: serverguide/C/file-server.xml:389(para)
23032
"Use the <application>mount</application> command to mount a shared NFS "
23033
"directory from another machine, by typing a command line similar to the "
23034
"following at a terminal prompt:"
23036
"使用 <application>mount</application> 命令来挂载其他机器共享的 NFS 目录。可以在终端提示符后输入以下类似的命令:"
23038
#: serverguide/C/file-server.xml:395(command)
23039
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
23040
msgstr "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
23042
#: serverguide/C/file-server.xml:399(para)
23044
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
23045
"There should be no files or subdirectories in the "
23046
"<filename>/local/ubuntu</filename> directory."
23048
"挂载点 <filename>/local/ubuntu</filename> 目录必须已经存在。而且在 "
23049
"<filename>/local/ubuntu</filename> 目录中没有文件或子目录。"
23051
#: serverguide/C/file-server.xml:406(para)
23053
"An alternate way to mount an NFS share from another machine is to add a line "
23054
"to the <filename>/etc/fstab</filename> file. The line must state the "
23055
"hostname of the NFS server, the directory on the server being exported, and "
23056
"the directory on the local machine where the NFS share is to be mounted."
23058
"另一个挂载其他机器的 NFS 共享的方式就是在 <filename>/etc/fstab</filename> 文件中添加一行。该行必须指明 NFS "
23059
"服务器的主机名、服务器输出的目录名以及挂载 NFS 共享的本机目录。"
23061
#: serverguide/C/file-server.xml:414(para)
23063
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
23065
msgstr "以下是在 <filename>/etc/fstab</filename> 中的常用语法:"
23067
#: serverguide/C/file-server.xml:420(programlisting)
23071
"example.hostname.com:/ubuntu /local/ubuntu nfs "
23072
"rsize=8192,wsize=8192,timeo=14,intr\n"
23075
"example.hostname.com:/ubuntu /local/ubuntu nfs "
23076
"rsize=8192,wsize=8192,timeo=14,intr\n"
23078
#: serverguide/C/file-server.xml:424(para)
23080
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
23081
"common</application> package is installed on your client. To install "
23082
"<application>nfs-common</application> enter the following command at the "
23083
"terminal prompt: <screen>\n"
23084
"<command>sudo apt-get install nfs-common</command>\n"
23088
#: serverguide/C/file-server.xml:437(ulink)
23089
msgid "Linux NFS faq"
23090
msgstr "Linux NFS 常见问答"
23092
#: serverguide/C/file-server.xml:439(ulink)
23093
msgid "Ubuntu Wiki NFS Howto"
23096
#: serverguide/C/file-server.xml:445(title)
23097
msgid "CUPS - Print Server"
23098
msgstr "CUPS - 打印服务器"
23100
#: serverguide/C/file-server.xml:446(para)
23102
"The primary mechanism for Ubuntu printing and print services is the "
23103
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
23104
"printing system is a freely available, portable printing layer which has "
23105
"become the new standard for printing in most Linux distributions."
23107
"Ubuntu 印刷和打印服务的主要机制是 <emphasis role=\"bold\">CUPS</emphasis> (Common UNIX "
23108
"Printing System,通用 UNIX 打印系统)。这个打印系统是一个免费可用的、可移植的打印虚拟层,并已成为大多数 Linux "
23111
#: serverguide/C/file-server.xml:453(para)
23113
"CUPS manages print jobs and queues and provides network printing using the "
23114
"standard Internet Printing Protocol (IPP), while offering support for a very "
23115
"large range of printers, from dot-matrix to laser and many in between. CUPS "
23116
"also supports PostScript Printer Description (PPD) and auto-detection of "
23117
"network printers, and features a simple web-based configuration and "
23118
"administration tool."
23120
"CUPS 管理打印作业和队列,并使用标准的 Internet 打印协议 (IPP) "
23121
"提供网络打印,该协议提供最大范围的打印机支持,从点阵打印机到激光打印机以及位于两者之间的许多打印机。CUPS 也支持 PostScript "
23122
"Printer Description (PPD) 和网络打印机的自动检测,以及提供基于 Web 的简单配置和管理工具。"
23124
#: serverguide/C/file-server.xml:463(para)
23126
"To install CUPS on your Ubuntu computer, simply use "
23127
"<application>sudo</application> with the <application>apt-get</application> "
23128
"command and give the packages to install as the first parameter. A complete "
23129
"CUPS install has many package dependencies, but they may all be specified on "
23130
"the same command line. Enter the following at a terminal prompt to install "
23133
"若想在您的 Ubuntu 计算机中安装 CUPS,只需通过 <application>sudo</application> 运行 "
23134
"<application>apt-get</application> 命令并将要安装的包作为第一个参数即可。一个完整的 CUPS "
23135
"安装有很多包依赖关系,但它们都可以在同一行上给出。在终端输入以下命令来安装 CUPS:"
23137
#: serverguide/C/file-server.xml:468(command)
23138
msgid "sudo apt-get install cups"
23141
#: serverguide/C/file-server.xml:471(para)
23143
"Upon authenticating with your user password, the packages should be "
23144
"downloaded and installed without error. Upon the conclusion of installation, "
23145
"the CUPS server will be started automatically."
23148
#: serverguide/C/file-server.xml:476(para)
23150
"For troubleshooting purposes, you can access CUPS server errors via the "
23151
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
23152
"error log does not show enough information to troubleshoot any problems you "
23153
"encounter, the verbosity of the CUPS log can be increased by changing the "
23154
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
23155
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
23156
"everything, from the default of \"info\". If you make this change, remember "
23157
"to change it back once you've solved your problem, to prevent the log file "
23158
"from becoming overly large."
23161
#: serverguide/C/file-server.xml:489(para)
23163
"The Common UNIX Printing System server's behavior is configured through the "
23164
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
23165
"The CUPS configuration file follows the same syntax as the primary "
23166
"configuration file for the Apache HTTP server, so users familiar with "
23167
"editing Apache's configuration file should feel at ease when editing the "
23168
"CUPS configuration file. Some examples of settings you may wish to change "
23169
"initially will be presented here."
23171
"可以通过 <filename>/etc/cups/cupsd.conf</filename> 文件中的指令来配置通用 UNIX "
23172
"打印系统服务器的行为的。CUPS 配置文件与 Apache HTTP 服务器的主配置文件语法相同,因此熟悉编辑 Apache 配置文件的用户在编辑 "
23173
"CUPS 配置文件时会感到相当容易。在这里将显示一些您可能想要改变初始值的设置范例。"
23175
#: serverguide/C/file-server.xml:499(para)
23177
"Prior to editing the configuration file, you should make a copy of the "
23178
"original file and protect it from writing, so you will have the original "
23179
"settings as a reference, and to reuse as necessary."
23180
msgstr "在编辑配置文件之前,您应该将原始文件做个副本并将其写保护,以便您可以将原始文件作为参考并在必要时重用它。"
23182
#: serverguide/C/file-server.xml:503(para)
23184
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
23185
"writing with the following commands, issued at a terminal prompt:"
23187
"拷贝 <filename>/etc/cups/cupsd.conf</filename> 文件并对其写保护,可以在终端提示符后执行以下命令:"
23189
#: serverguide/C/file-server.xml:509(command)
23190
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
23191
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
23193
#: serverguide/C/file-server.xml:510(command)
23194
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
23195
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
23197
#: serverguide/C/file-server.xml:515(para)
23199
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
23200
"address of the designated administrator of the CUPS server, simply edit the "
23201
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
23202
"preferred text editor, and add or modify the <emphasis "
23203
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
23204
"you are the Administrator for the CUPS server, and your e-mail address is "
23205
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
23209
#: serverguide/C/file-server.xml:526(screen)
23213
"ServerAdmin bjoy@somebigco.com\n"
23216
"ServerAdmin bjoy@somebigco.com\n"
23218
#: serverguide/C/file-server.xml:532(para)
23220
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
23221
"server installation listens only on the loopback interface at IP address "
23222
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
23223
"listen on an actual network adapter's IP address, you must specify either a "
23224
"hostname, the IP address, or optionally, an IP address/port pairing via the "
23225
"addition of a Listen directive. For example, if your CUPS server resides on "
23226
"a local network at the IP address <emphasis "
23227
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
23228
"accessible to the other systems on this subnetwork, you would edit the "
23229
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
23233
#: serverguide/C/file-server.xml:546(screen)
23237
"Listen 127.0.0.1:631 # existing loopback Listen\n"
23238
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
23239
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
23243
"Listen 127.0.0.1:631 # existing loopback Listen\n"
23244
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
23245
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 (IPP)\n"
23247
#: serverguide/C/file-server.xml:552(para)
23249
"In the example above, you may comment out or remove the reference to the "
23250
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
23251
"</application> to listen on that interface, but would rather have it only "
23252
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
23253
"listening for all network interfaces for which a certain hostname is bound, "
23254
"including the Loopback, you could create a Listen entry for the hostname "
23255
"<emphasis>socrates</emphasis> as such:"
23257
"在上面的例子里,如果您不想 <application>cupsd </application> 监听环回地址 (127.0.0.1) "
23258
",您可能注释或删除了相关语句。但最好保留它以监听局域网 (LAN) 的以太网接口。为了能监听一个特定主机名所绑定的所有的网络接口,您可以为 "
23259
"<emphasis>socrates</emphasis> 主机名创建一个 Listen 条目,如下所示:"
23261
#: serverguide/C/file-server.xml:562(screen)
23265
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
23268
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
23270
#: serverguide/C/file-server.xml:566(para)
23272
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
23274
msgstr "或者忽略 Listen 语句并使用 <emphasis>Port</emphasis> 来代替,如:"
23276
#: serverguide/C/file-server.xml:568(screen)
23280
"Port 631 # Listen on port 631 on all interfaces\n"
23283
"Port 631 # Listen on port 631 on all interfaces\n"
23285
#: serverguide/C/file-server.xml:575(para)
23287
"For more examples of configuration directives in the CUPS server "
23288
"configuration file, view the associated system manual page by entering the "
23289
"following command at a terminal prompt:"
23290
msgstr "关于 CUPS 服务器配置文件中配置语句的更多范例,通过在终端提示符后输入以下命令可以查阅相关的系统手册页:"
23292
#: serverguide/C/file-server.xml:582(command)
23293
msgid "man cupsd.conf"
23294
msgstr "man cupsd.conf"
23296
#: serverguide/C/file-server.xml:586(para)
23298
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
23299
"configuration file, you'll need to restart the CUPS server by typing the "
23300
"following command at a terminal prompt:"
23302
"无论您在什么时间修改了 <filename>/etc/cups/cupsd.conf</filename> 配置文件,您都需要重启 CUPS "
23303
"服务,在终端提示符后键入以下命令:"
23305
#: serverguide/C/file-server.xml:592(command)
23306
msgid "sudo /etc/init.d/cups restart"
23309
#: serverguide/C/file-server.xml:598(title)
23310
msgid "Web Interface"
23313
#: serverguide/C/file-server.xml:600(para)
23315
"CUPS can be configured and monitored using a web interface, which by default "
23316
"is available at <ulink "
23317
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
23318
"web interface can be used to perform all printer management tasks."
23321
#: serverguide/C/file-server.xml:604(para)
23323
"In order to perform administrative tasks via the web interface, you must "
23324
"either have the root account enabled on your server, or authenticate as a "
23325
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
23326
"reasons, CUPS won't authenticate a user that doesn't have a password."
23329
#: serverguide/C/file-server.xml:607(para)
23331
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
23332
"at the terminal prompt: <screen>\n"
23333
"<command>sudo usermod -aG lpadmin username</command>\n"
23337
#: serverguide/C/file-server.xml:613(para)
23339
"Further documentation is available in the <emphasis "
23340
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
23343
#: serverguide/C/file-server.xml:621(ulink)
23344
msgid "CUPS Website"
23347
#: serverguide/C/file-server.xml:624(ulink)
23348
msgid "Ubuntu Wiki CUPS page"
23351
#: serverguide/C/dns.xml:13(title)
23352
msgid "Domain Name Service (DNS)"
23353
msgstr "域名解析服务 (DNS)"
23355
#: serverguide/C/dns.xml:14(para)
23357
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
23358
"fully qualified domain names (FQDN) to one another. In this way, DNS "
23359
"alleviates the need to remember IP addresses. Computers that run DNS are "
23360
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
23361
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
23362
"common program used for maintaining a name server on Linux."
23364
"DNS (域名解析服务) 是将 IP 地址与 FQDN(fully qualified domain name,全称域名) 相互转换的一种 "
23365
"Internet 服务。通过DNS,人们可以无需记忆 IP 地址。运行 DNS 的计算机称作 <emphasis>域名服务器</emphasis>。 "
23366
"Ubuntu 自带了 <application>BIND</application>(Berkley Internet Naming "
23367
"Daemon),它是用来在 Linux 上维护一个域名服务器最常用的程序。"
23369
#: serverguide/C/dns.xml:24(para)
23371
"At a terminal prompt, enter the following command to install "
23372
"<application>dns</application>:"
23373
msgstr "在终端提示符后输入以下命令来安装 <application>dns</application>:"
23375
#: serverguide/C/dns.xml:28(command)
23376
msgid "sudo apt-get install bind9"
23377
msgstr "sudo apt-get install bind9"
23379
#: serverguide/C/dns.xml:30(para)
23381
"A very useful package for testing and troubleshooting DNS issues is the "
23382
"dnsutils package. To install <application>dnsutils</application> enter the "
23386
#: serverguide/C/dns.xml:35(command)
23387
msgid "sudo apt-get install dnsutils"
23388
msgstr "sudo apt-get install dnsutils"
23390
#: serverguide/C/dns.xml:40(para)
23392
"There are many ways to configure <application>BIND9</application>. Some of "
23393
"the most common configurations are a caching nameserver, primary master, and "
23394
"as a secondary master."
23397
#: serverguide/C/dns.xml:46(para)
23399
"When configured as a caching nameserver BIND9 will find the answer to name "
23400
"queries and remember the answer when the domain is queried again."
23403
#: serverguide/C/dns.xml:52(para)
23405
"As a primary master server BIND9 reads the data for a zone from a file on "
23406
"it's host and is authoritative for that zone."
23409
#: serverguide/C/dns.xml:57(para)
23411
"In a secondary master configuration BIND9 gets the zone data from another "
23412
"nameserver authoritative for the zone."
23415
#: serverguide/C/dns.xml:65(para)
23417
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
23418
"directory. The primary configuration file is "
23419
"<filename>/etc/bind/named.conf</filename>."
23422
#: serverguide/C/dns.xml:72(para)
23424
"The <emphasis>include</emphasis> line specifies the filename which contains "
23425
"the DNS options. The <emphasis>directory</emphasis> line in the "
23426
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
23427
"look for files. All files BIND uses will be relative to this directory."
23430
#: serverguide/C/dns.xml:80(para)
23432
"The file named <filename>/etc/bind/db.root</filename> describes the root "
23433
"nameservers in the world. The servers change over time, so the "
23434
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
23435
"This is usually done as updates to the <application>bind9</application> "
23436
"package. The <emphasis>zone</emphasis> section defines a master server, and "
23437
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
23440
#: serverguide/C/dns.xml:90(para)
23442
"It is possible to configure the same server to be a caching name server, "
23443
"primary master, and secondary master. A server can be the Start of Authority "
23444
"(SOA) for one zone, while providing secondary service for another zone. All "
23445
"the while providing caching services for hosts on the local LAN."
23448
#: serverguide/C/dns.xml:98(title)
23449
msgid "Caching Nameserver"
23452
#: serverguide/C/dns.xml:99(para)
23454
"The default configuration is setup to act as a caching server. All that is "
23455
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
23456
"uncomment and edit the following in "
23457
"<filename>/etc/bind/named.conf.options</filename>:"
23460
#: serverguide/C/dns.xml:103(programlisting)
23470
#: serverguide/C/dns.xml:110(para)
23472
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
23473
"the IP Adresses of actual nameservers."
23476
#: serverguide/C/dns.xml:114(para)
23478
"Now restart the DNS server, to enable the new configuration. From a terminal "
23482
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
23483
msgid "sudo /etc/init.d/bind9 restart"
23484
msgstr "sudo /etc/init.d/bind9 restart"
23486
#: serverguide/C/dns.xml:120(para)
23488
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
23492
#: serverguide/C/dns.xml:125(title)
23493
msgid "Primary Master"
23496
#: serverguide/C/dns.xml:126(para)
23498
"In this section <application>BIND9</application> will be configured as the "
23499
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
23500
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
23501
"(Fully Qualified Domain Name)."
23504
#: serverguide/C/dns.xml:132(title)
23505
msgid "Forward Zone File"
23508
#: serverguide/C/dns.xml:133(para)
23510
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
23511
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
23514
#: serverguide/C/dns.xml:137(programlisting)
23518
"zone \"example.com\" {\n"
23520
" file \"/etc/bind/db.example.com\";\n"
23524
#: serverguide/C/dns.xml:143(para)
23526
"Now use an existing zone file as a template to create the "
23527
"<filename>/etc/bind/db.example.com</filename> file:"
23530
#: serverguide/C/dns.xml:147(command)
23531
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
23534
#: serverguide/C/dns.xml:149(para)
23536
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
23537
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
23538
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
23539
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
23540
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
23541
"leaving the \".\" at the end."
23544
#: serverguide/C/dns.xml:155(para)
23546
"Also, create an <emphasis>A record</emphasis> for <emphasis "
23547
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
23550
#: serverguide/C/dns.xml:159(programlisting)
23555
"; BIND data file for local loopback interface\n"
23558
"@ IN SOA ns.example.com. root.example.com. (\n"
23560
" 604800 ; Refresh\n"
23562
" 2419200 ; Expire\n"
23563
" 604800 ) ; Negative Cache TTL\n"
23565
"@ IN NS ns.example.com.\n"
23566
"@ IN A 127.0.0.1\n"
23568
"ns IN A 192.168.1.10\n"
23571
#: serverguide/C/dns.xml:176(para)
23573
"You must increment the <emphasis>Serial Number</emphasis> every time you "
23574
"make changes to the zone file. If you make multiple changes before "
23575
"restarting BIND9, simply increment the Serial once."
23578
#: serverguide/C/dns.xml:180(para)
23580
"Now, you can add DNS records to the bottom of the zone file. See <xref "
23581
"linkend=\"dns-record-types\"/> for details."
23584
#: serverguide/C/dns.xml:184(para)
23586
"Many admins like to use the last date edited as the serial of a zone, such "
23587
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
23588
"<emphasis>ss</emphasis> is the Serial Number)"
23591
#: serverguide/C/dns.xml:189(para)
23593
"Once you have made a change to the zone file "
23594
"<application>BIND9</application> will need to be restarted for the changes "
23598
#: serverguide/C/dns.xml:198(title)
23599
msgid "Reverse Zone File"
23602
#: serverguide/C/dns.xml:199(para)
23604
"Now that the zone is setup and resolving names to IP Adresses a "
23605
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
23606
"DNS to resolve an address to a name."
23609
#: serverguide/C/dns.xml:203(para)
23610
msgid "Edit /etc/bind/named.conf.local and add the following:"
23613
#: serverguide/C/dns.xml:206(programlisting)
23617
"zone \"1.168.192.in-addr.arpa\" {\n"
23620
" file \"/etc/bind/db.192\";\n"
23624
#: serverguide/C/dns.xml:214(para)
23626
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
23627
"whatever network you are using. Also, name the zone file "
23628
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
23629
"first octet of your network."
23632
#: serverguide/C/dns.xml:219(para)
23633
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
23636
#: serverguide/C/dns.xml:223(command)
23637
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
23638
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
23640
#: serverguide/C/dns.xml:225(para)
23642
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
23643
"same options as <filename>/etc/bind/db.example.com</filename>:"
23646
#: serverguide/C/dns.xml:229(programlisting)
23651
"; BIND reverse data file for local loopback interface\n"
23654
"@ IN SOA ns.example.com. root.example.com. (\n"
23656
" 604800 ; Refresh\n"
23658
" 2419200 ; Expire\n"
23659
" 604800 ) ; Negative Cache TTL\n"
23662
"10 IN PTR ns.example.com.\n"
23665
#: serverguide/C/dns.xml:244(para)
23667
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
23668
"incremented on each change as well. For each <emphasis>A record</emphasis> "
23669
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
23670
"create a <emphasis>PTR record</emphasis> in "
23671
"<filename>/etc/bind/db.192</filename>."
23674
#: serverguide/C/dns.xml:249(para)
23676
"After creating the reverse zone file restart "
23677
"<application>BIND9</application>:"
23680
#: serverguide/C/dns.xml:258(title)
23681
msgid "Secondary Master"
23684
#: serverguide/C/dns.xml:259(para)
23686
"Once a <emphasis>Primary Master</emphasis> has been configured a "
23687
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
23688
"availability of the domain should the Primary become unavailable."
23691
#: serverguide/C/dns.xml:263(para)
23693
"First, on the Primary Master server, the zone transfer needs to be allowed. "
23694
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
23695
"and Reverse zone definitions in "
23696
"<filename>/etc/bind/named.conf.local</filename>:"
23699
#: serverguide/C/dns.xml:267(programlisting)
23703
"zone \"example.com\" {\n"
23705
"\tfile \"/etc/bind/db.example.com\";\n"
23706
" allow-transfer { 192.168.1.11; };\n"
23709
"zone \"1.168.192.in-addr.arpa\" {\n"
23712
" file \"/etc/bind/db.192\";\n"
23713
"\tallow-transfer { 192.168.1.11; };\n"
23717
#: serverguide/C/dns.xml:282(para)
23719
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
23720
"Secondary nameserver."
23723
#: serverguide/C/dns.xml:286(para)
23725
"Next, on the Secondary Master, install the <application>bind9</application> "
23726
"package the same way as on the Primary. Then edit the "
23727
"<filename>/etc/bind/named.conf.local</filename> and add the following "
23728
"declarations for the Forward and Reverse zones:"
23731
#: serverguide/C/dns.xml:290(programlisting)
23735
"zone \"example.com\" {\n"
23737
" file \"/var/cache/bind/db.example.com\";\n"
23738
" masters { 192.168.1.10; };\n"
23741
"zone \"1.168.192.in-addr.arpa\" {\n"
23743
" file \"/var/cache/bind/db.192\";\n"
23744
" masters { 192.168.1.10; };\n"
23748
#: serverguide/C/dns.xml:304(para)
23750
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
23751
"Primary nameserver."
23754
#: serverguide/C/dns.xml:308(para)
23755
msgid "Restart <application>BIND9</application> on the Secondary Master:"
23758
#: serverguide/C/dns.xml:314(para)
23760
"In <filename>/var/log/syslog</filename> you should see something similar to:"
23763
#: serverguide/C/dns.xml:317(programlisting)
23767
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
23768
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
23771
#: serverguide/C/dns.xml:322(para)
23773
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
23774
"on the Primary is larger than the one on the Secondary."
23777
#: serverguide/C/dns.xml:328(para)
23779
"The default directory for non-authoritative zone files is "
23780
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
23781
"<application>AppArmor</application> to allow the "
23782
"<application>named</application> daemon to write to it. For more information "
23783
"on AppArmor see <xref linkend=\"apparmor\"/>."
23786
#: serverguide/C/dns.xml:339(para)
23788
"This section covers ways to help determine the cause when problems happen "
23789
"with DNS and <application>BIND9</application>."
23792
#: serverguide/C/dns.xml:345(title)
23793
msgid "resolv.conf"
23794
msgstr "resolv.conf"
23796
#: serverguide/C/dns.xml:346(para)
23798
"The first step in testing <application>BIND9</application> is to add the "
23799
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
23800
"be configured as well as another host to double check things. Simply edit "
23801
"<filename>/etc/resolv.conf</filename> and add the following:"
23804
#: serverguide/C/dns.xml:351(programlisting)
23808
"nameserver\t192.168.1.10\n"
23809
"nameserver\t192.168.1.11\n"
23812
#: serverguide/C/dns.xml:356(para)
23814
"You should also add the IP Address of the Secondary nameserver in case the "
23815
"Primary becomes unavailable."
23818
#: serverguide/C/dns.xml:362(title)
23822
#: serverguide/C/dns.xml:363(para)
23824
"If you installed the <application>dnsutils</application> package you can "
23825
"test your setup using the DNS lookup utility <application>dig</application>:"
23828
#: serverguide/C/dns.xml:369(para)
23830
"After installing <application>BIND9</application> use "
23831
"<application>dig</application> against the loopback interface to make sure "
23832
"it is listening on port 53. From a terminal prompt:"
23835
#: serverguide/C/dns.xml:374(command)
23836
msgid "dig -x 127.0.0.1"
23837
msgstr "dig -x 127.0.0.1"
23839
#: serverguide/C/dns.xml:376(para)
23840
msgid "You should see lines similar to the following in the command output:"
23843
#: serverguide/C/dns.xml:379(programlisting)
23847
";; Query time: 1 msec\n"
23848
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
23851
#: serverguide/C/dns.xml:385(para)
23853
"If you have configured <application>BIND9</application> as a "
23854
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
23858
#: serverguide/C/dns.xml:390(command)
23859
msgid "dig ubuntu.com"
23860
msgstr "dig ubuntu.com"
23862
#: serverguide/C/dns.xml:392(para)
23863
msgid "Note the query time toward the end of the command output:"
23866
#: serverguide/C/dns.xml:395(programlisting)
23870
";; Query time: 49 msec\n"
23873
#: serverguide/C/dns.xml:398(para)
23874
msgid "After a second dig there should be improvement:"
23877
#: serverguide/C/dns.xml:401(programlisting)
23881
";; Query time: 1 msec\n"
23884
#: serverguide/C/dns.xml:408(title)
23888
#: serverguide/C/dns.xml:410(para)
23890
"Now to demonstrate how applications make use of DNS to resolve a host name "
23891
"use the <application>ping</application> utility to send an ICMP echo "
23892
"request. From a terminal prompt enter:"
23895
#: serverguide/C/dns.xml:416(command)
23896
msgid "ping example.com"
23897
msgstr "ping example.com"
23899
#: serverguide/C/dns.xml:418(para)
23901
"This tests if the nameserver can resolve the name "
23902
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
23906
#: serverguide/C/dns.xml:422(programlisting)
23910
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
23911
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
23912
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
23915
#: serverguide/C/dns.xml:429(title)
23916
msgid "named-checkzone"
23917
msgstr "named-checkzone"
23919
#: serverguide/C/dns.xml:430(para)
23921
"A great way to test your zone files is by using the <application>named-"
23922
"checkzone</application> utility installed with the "
23923
"<application>bind9</application> package. This utility allows you to make "
23924
"sure the configuration is correct before restarting "
23925
"<application>BIND9</application> and making the changes live."
23928
#: serverguide/C/dns.xml:437(para)
23930
"To test our example Forward zone file enter the following from a command "
23934
#: serverguide/C/dns.xml:441(command)
23935
msgid "named-checkzone example.com /etc/bind/db.example.com"
23936
msgstr "named-checkzone example.com /etc/bind/db.example.com"
23938
#: serverguide/C/dns.xml:443(para)
23940
"If everything is configured correctly you should see output similar to:"
23943
#: serverguide/C/dns.xml:446(programlisting)
23947
"zone example.com/IN: loaded serial 6\n"
23951
#: serverguide/C/dns.xml:452(para)
23952
msgid "Similarly, to test the Reverse zone file enter the following:"
23955
#: serverguide/C/dns.xml:456(command)
23956
msgid "named-checkzone example.com /etc/bind/db.192"
23957
msgstr "named-checkzone example.com /etc/bind/db.192"
23959
#: serverguide/C/dns.xml:458(para)
23960
msgid "The output should be similar to:"
23963
#: serverguide/C/dns.xml:461(programlisting)
23967
"zone example.com/IN: loaded serial 3\n"
23971
#: serverguide/C/dns.xml:468(para)
23973
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
23977
#: serverguide/C/dns.xml:475(title)
23981
#: serverguide/C/dns.xml:476(para)
23983
"<application>BIND9</application> has a wide variety of logging configuration "
23984
"options available. There are two main options. The "
23985
"<emphasis>channel</emphasis> option configures where logs go, and the "
23986
"<emphasis>category</emphasis> option determines what information to log."
23989
#: serverguide/C/dns.xml:480(para)
23990
msgid "If no logging option is configured the default option is:"
23993
#: serverguide/C/dns.xml:483(programlisting)
23998
" category default { default_syslog; default_debug; };\n"
23999
" category unmatched { null; };\n"
24003
#: serverguide/C/dns.xml:489(para)
24005
"This section covers configuring <application>BIND9</application> to send "
24006
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
24010
#: serverguide/C/dns.xml:494(para)
24012
"First, we need to configure a channel to specify which file to send the "
24013
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
24017
#: serverguide/C/dns.xml:498(programlisting)
24022
" channel query.log { \n"
24023
" file \"/var/log/query.log\";\n"
24024
" severity debug 3; \n"
24029
#: serverguide/C/dns.xml:508(para)
24030
msgid "Next, configure a category to send all DNS queries to the query file:"
24033
#: serverguide/C/dns.xml:511(programlisting)
24038
" channel query.log { \n"
24039
" file \"/var/log/query.log\"; \n"
24040
" severity debug 3; \n"
24042
" <emphasis>category queries { query.log; };</emphasis> \n"
24046
#: serverguide/C/dns.xml:523(para)
24048
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
24049
"level isn't specified level 1 is the default."
24052
#: serverguide/C/dns.xml:529(para)
24054
"Since the <emphasis>named daemon</emphasis> runs as the "
24055
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
24056
"file must be created and the ownership changed:"
24059
#: serverguide/C/dns.xml:534(command)
24060
msgid "sudo touch /var/log/query.log"
24061
msgstr "sudo touch /var/log/query.log"
24063
#: serverguide/C/dns.xml:535(command)
24064
msgid "sudo chown bind /var/log/query.log"
24065
msgstr "sudo chown bind /var/log/query.log"
24067
#: serverguide/C/dns.xml:539(para)
24069
"Before <application>named</application> daemon can write to the new log file "
24070
"the <application>AppArmor</application> profile must be updated. First, edit "
24071
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
24074
#: serverguide/C/dns.xml:543(programlisting)
24078
"/var/log/query.log w,\n"
24081
#: serverguide/C/dns.xml:546(para)
24082
msgid "Next, reload the profile:"
24085
#: serverguide/C/dns.xml:550(command)
24086
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
24089
#: serverguide/C/dns.xml:552(para)
24091
"For more information on <application>AppArmor</application> see <xref "
24092
"linkend=\"apparmor\"/>"
24095
#: serverguide/C/dns.xml:557(para)
24097
"Now restart <application>BIND9</application> for the changes to take effect:"
24100
#: serverguide/C/dns.xml:565(para)
24102
"You should see the file <filename>/var/log/query.log</filename> fill with "
24103
"query information. This is a simple example of the "
24104
"<application>BIND9</application> logging options. For coverage of advanced "
24105
"options see <xref linkend=\"dns-more-info\"/>."
24108
#: serverguide/C/dns.xml:574(title)
24109
msgid "Common Record Types"
24112
#: serverguide/C/dns.xml:575(para)
24113
msgid "This section covers some of the most common DNS record types."
24116
#: serverguide/C/dns.xml:580(para)
24118
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
24121
#: serverguide/C/dns.xml:583(programlisting)
24125
"www IN A 192.168.1.12\n"
24128
"www IN A 192.168.1.12\n"
24130
#: serverguide/C/dns.xml:588(para)
24132
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
24133
"record. You cannot create a CNAME record pointing to another CNAME record."
24136
#: serverguide/C/dns.xml:591(programlisting)
24140
"web IN CNAME www\n"
24143
"web IN CNAME www\n"
24145
#: serverguide/C/dns.xml:596(para)
24147
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
24148
"to. Must point to an A record, not a CNAME."
24151
#: serverguide/C/dns.xml:599(programlisting)
24155
" IN MX 1 mail.example.com.\n"
24156
"mail IN A 192.168.1.13\n"
24159
#: serverguide/C/dns.xml:605(para)
24161
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
24162
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
24163
"Secondary servers are defined."
24166
#: serverguide/C/dns.xml:609(programlisting)
24170
" IN NS ns.example.com.\n"
24171
"\tIN NS ns2.example.com.\n"
24172
"ns IN A 192.168.1.10\n"
24173
"ns2\tIN A\t 192.168.1.11\n"
24176
#: serverguide/C/dns.xml:622(para)
24178
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
24179
"HOWTO</ulink> explains more advanced options for configuring BIND9."
24182
#: serverguide/C/dns.xml:627(para)
24184
"For in depth coverage of <emphasis>DNS</emphasis> and "
24185
"<application>BIND9</application> see <ulink "
24186
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
24189
#: serverguide/C/dns.xml:632(para)
24191
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
24192
"BIND</ulink> is a popular book now in it's fifth edition."
24195
#: serverguide/C/dns.xml:637(para)
24197
"A great place to ask for <application>BIND9</application> assistance, and "
24198
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
24199
"server</emphasis> IRC channel on <ulink "
24200
"url=\"http://freenode.net\">freenode</ulink>."
24203
#: serverguide/C/dns.xml:643(para)
24205
"Also, see the <ulink "
24206
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
24207
"HOWTO</ulink> in the Ubuntu Wiki."
24210
#: serverguide/C/databases.xml:13(title)
24214
#: serverguide/C/databases.xml:14(para)
24215
msgid "Ubuntu provides two popular database servers. They are:"
24218
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
24220
msgstr "PostgreSQL"
24222
#: serverguide/C/databases.xml:25(para)
24224
"They are available in the main repository. This section explains how to "
24225
"install and configure these database servers."
24228
#: serverguide/C/databases.xml:32(para)
24230
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
24231
"It is intended for mission-critical, heavy-load production systems as well "
24232
"as for embedding into mass-deployed software."
24233
msgstr "MySQL 是一个快速、多线程、多用户、强大的 SQL 数据库服务器。它旨在成为能用于大型应用、高负载的生产系统以及大规模部署的软件。"
24235
#: serverguide/C/databases.xml:41(para)
24236
msgid "To install MySQL, run the following command from a terminal prompt:"
24237
msgstr "要安装 MySQL,可以在终端提示符后运行下列命令:"
24239
#: serverguide/C/databases.xml:46(command)
24240
msgid "sudo apt-get install mysql-server"
24243
#: serverguide/C/databases.xml:48(para)
24245
"During the installation process you will be prompted to enter a password for "
24246
"the <application>MySQL</application> root user."
24249
#: serverguide/C/databases.xml:53(para)
24251
"Once the installation is complete, the MySQL server should be started "
24252
"automatically. You can run the following command from a terminal prompt to "
24253
"check whether the MySQL server is running:"
24254
msgstr "一旦安装完成,MySQL 服务器应该自动启动。您可以在终端提示符后运行以下命令来检查 MySQL 服务器是否正在运行:"
24256
#: serverguide/C/databases.xml:61(command)
24257
msgid "sudo netstat -tap | grep mysql"
24258
msgstr "sudo netstat -tap | grep mysql"
24260
#: serverguide/C/databases.xml:70(programlisting)
24264
"tcp 0 0 localhost:mysql *:* LISTEN "
24268
#: serverguide/C/databases.xml:74(para)
24270
"If the server is not running correctly, you can type the following command "
24272
msgstr "如果服务器不能正常运行,您可以通过下列命令启动它:"
24274
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
24275
msgid "sudo /etc/init.d/mysql restart"
24276
msgstr "sudo /etc/init.d/mysql restart"
24278
#: serverguide/C/databases.xml:85(para)
24280
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
24281
"the basic settings -- log file, port number, etc. For example, to configure "
24282
"<application>MySQL</application> to listen for connections from network "
24283
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
24284
"server's IP address:"
24287
#: serverguide/C/databases.xml:91(programlisting)
24291
"bind-address = 192.168.0.5\n"
24294
#: serverguide/C/databases.xml:95(para)
24295
msgid "Replace 192.168.0.5 with the appropriate address."
24298
#: serverguide/C/databases.xml:99(para)
24300
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
24301
"<application>mysql</application> daemon will need to be restarted:"
24304
#: serverguide/C/databases.xml:107(para)
24306
"If you would like to change the "
24307
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
24311
#: serverguide/C/databases.xml:113(command)
24312
msgid "sudo dpkg-reconfigure mysql-server-5.1"
24315
#: serverguide/C/databases.xml:116(para)
24317
"The <application>mysql</application> daemon will be stopped, and you will be "
24318
"prompted to enter a new password."
24321
#: serverguide/C/databases.xml:125(para)
24323
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
24324
"more information."
24327
#: serverguide/C/databases.xml:130(para)
24329
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
24330
"<application>mysql-doc-5.0</application> package. To install the package "
24331
"enter the following in a terminal:"
24334
#: serverguide/C/databases.xml:135(command)
24335
msgid "sudo apt-get install mysql-doc-5.0"
24338
#: serverguide/C/databases.xml:137(para)
24340
"The documentation is in HTML format, to view them enter "
24341
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
24342
"chapter/index.html</command> in your browser's address bar."
24345
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
24347
"For general SQL information see <ulink "
24348
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
24349
"Special Edition</ulink> by Rafe Colburn."
24352
#: serverguide/C/databases.xml:149(para)
24354
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
24355
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
24358
#: serverguide/C/databases.xml:158(para)
24360
"PostgreSQL is an object-relational database system that has the features of "
24361
"traditional commercial database systems with enhancements to be found in "
24362
"next-generation DBMS systems."
24363
msgstr "PostgreSQL 是一个面向对象的数据库系统,它有着传统商业数据库系统和下一代 DBMS 系统所增进的功能。"
24365
#: serverguide/C/databases.xml:165(para)
24367
"To install PostgreSQL, run the following command in the command prompt:"
24368
msgstr "要安装 PostgreSQL,可以在命令提示符后运行下列命令:"
24370
#: serverguide/C/databases.xml:172(command)
24371
msgid "sudo apt-get install postgresql"
24372
msgstr "sudo apt-get install postgresql"
24374
#: serverguide/C/databases.xml:176(para)
24376
"Once the installation is complete, you should configure the PostgreSQL "
24377
"server based on your needs, although the default configuration is viable."
24378
msgstr "一旦安装完成,您就要按您的需要配置 PostgreSQL 服务器,尽管缺省配置已经可以使它可以正常运行了。"
24380
#: serverguide/C/databases.xml:184(para)
24382
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
24383
"client authentication methods. By default, IDENT authentication method is "
24384
"used for <application>postgres</application> and local users. Please refer "
24385
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
24386
"PostgreSQL Administrator's Guide</ulink>."
24389
#: serverguide/C/databases.xml:191(para)
24391
"The following discussion assumes that you wish to enable TCP/IP connections "
24392
"and use the MD5 method for client authentication. PostgreSQL configuration "
24393
"files are stored in the "
24394
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
24395
"example, if you install PostgreSQL 8.4, the configuration files are stored "
24396
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
24399
#: serverguide/C/databases.xml:201(para)
24401
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
24402
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
24405
#: serverguide/C/databases.xml:208(para)
24407
"To enable TCP/IP connections, edit the file "
24408
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
24411
#: serverguide/C/databases.xml:210(para)
24413
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
24417
#: serverguide/C/databases.xml:213(programlisting)
24421
"listen_addresses = 'localhost'\n"
24424
"listen_addresses = 'localhost'\n"
24426
#: serverguide/C/databases.xml:217(para)
24428
"To allow other computers to connect to your "
24429
"<application>PostgreSQL</application> server replace 'localhost' with the "
24430
"<emphasis>IP Address</emphasis> of your server."
24433
#: serverguide/C/databases.xml:222(para)
24435
"You may also edit all other parameters, if you know what you are doing! For "
24436
"details, refer to the configuration file or to the PostgreSQL documentation."
24439
#: serverguide/C/databases.xml:227(para)
24441
"Now that we can connect to our <application>PostgreSQL</application> server, "
24442
"the next step is to set a password for the <emphasis>postgres</emphasis> "
24443
"user. Run the following command at a terminal prompt to connect to the "
24444
"default PostgreSQL template database:"
24447
#: serverguide/C/databases.xml:234(command)
24448
msgid "sudo -u postgres psql template1"
24449
msgstr "sudo -u postgres psql template1"
24451
#: serverguide/C/databases.xml:236(para)
24453
"The above command connects to PostgreSQL database "
24454
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
24455
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
24456
"run the following SQL command at the <application>psql</application> prompt "
24457
"to configure the password for the user <emphasis "
24458
"role=\"italics\">postgres</emphasis>."
24460
"上面的命令是以用户 <emphasis>postgres</emphasis> 的身份连接 PostgreSQL 的 "
24461
"<emphasis>template1</emphasis> 数据库。一旦您连到 PostgreSQL 服务器,您将会在 SQL 提示符下。您可以在 "
24462
"<application>psql</application> 提示符中运行下列命令来为用户 <emphasis "
24463
"role=\"italics\">postgres</emphasis> 配置密码。"
24465
#: serverguide/C/databases.xml:244(command)
24466
msgid "ALTER USER postgres with encrypted password 'your_password';"
24469
#: serverguide/C/databases.xml:246(para)
24471
"After configuring the password, edit the file "
24472
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
24473
"<emphasis>MD5</emphasis> authentication with the "
24474
"<emphasis>postgres</emphasis> user:"
24477
#: serverguide/C/databases.xml:252(programlisting)
24481
"local all postgres md5\n"
24484
#: serverguide/C/databases.xml:256(para)
24486
"Finally, you should restart the <application>PostgreSQL</application> "
24487
"service to initialize the new configuration. From a terminal prompt enter "
24488
"the following to restart <application>PostgreSQL</application>:"
24491
#: serverguide/C/databases.xml:262(command)
24492
msgid "sudo /etc/init.d/postgresql-8.4 restart"
24495
#: serverguide/C/databases.xml:265(para)
24497
"The above configuration is not complete by any means. Please refer <ulink "
24498
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
24499
"Administrator's Guide</ulink> to configure more parameters."
24502
#: serverguide/C/databases.xml:276(para)
24504
"As mentioned above the <ulink "
24505
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
24506
"Guide</ulink> is an excellent resource. The guide is also available in the "
24507
"<application>postgresql-doc-8.4</application> package. Execute the following "
24508
"in a terminal to install the package:"
24511
#: serverguide/C/databases.xml:282(command)
24512
msgid "sudo apt-get install postgresql-doc-8.4"
24515
#: serverguide/C/databases.xml:284(para)
24517
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
24518
"8.4/html/index.html</command> into the address bar of your browser."
24521
#: serverguide/C/databases.xml:296(para)
24523
"Also, see the <ulink "
24524
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
24525
"Wiki</ulink> page for more information."
24528
#: serverguide/C/clustering.xml:13(title)
24532
#: serverguide/C/clustering.xml:16(title)
24536
#: serverguide/C/clustering.xml:18(para)
24538
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
24539
"multiple hosts. The replication is transparent to other applications on the "
24540
"host systems. Any block device hard disks, partitions, RAID devices, logical "
24541
"volumes, etc can be mirrored."
24544
#: serverguide/C/clustering.xml:24(para)
24546
"To get started using <application>drbd</application>, first install the "
24547
"necessary packages. From a terminal enter:"
24550
#: serverguide/C/clustering.xml:29(command)
24551
msgid "sudo apt-get install drbd8-utils"
24554
#: serverguide/C/clustering.xml:33(para)
24556
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
24557
"virtual machine you will need to manually compile the "
24558
"<application>drbd</application> module. It may be easier to install the "
24559
"<application>linux-server</application> package inside the virtual machine."
24562
#: serverguide/C/clustering.xml:40(para)
24564
"This section covers setting up a <application>drbd</application> to "
24565
"replicate a separate <filename>/srv</filename> partition, with an "
24566
"<application>ext3</application> filesystem between two hosts. The partition "
24567
"size is not particularly relevant, but both partitions need to be the same "
24571
#: serverguide/C/clustering.xml:49(para)
24573
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
24574
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
24575
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
24576
"See <xref linkend=\"dns\"/> for details."
24579
#: serverguide/C/clustering.xml:57(para)
24581
"To configure <application>drbd</application>, on the first host edit "
24582
"<filename>/etc/drbd.conf</filename>:"
24585
#: serverguide/C/clustering.xml:61(programlisting)
24589
"global { usage-count no; }\n"
24590
"common { syncer { rate 100M; } }\n"
24594
" wfc-timeout 15;\n"
24595
" degr-wfc-timeout 60;\n"
24598
" cram-hmac-alg sha1;\n"
24599
" shared-secret \"secret\";\n"
24602
" device /dev/drbd0;\n"
24603
" disk /dev/sdb1;\n"
24604
" address 192.168.0.1:7788;\n"
24605
" meta-disk internal;\n"
24608
" device /dev/drbd0;\n"
24609
" disk /dev/sdb1;\n"
24610
" address 192.168.0.2:7788;\n"
24611
" meta-disk internal;\n"
24616
#: serverguide/C/clustering.xml:90(para)
24618
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
24619
"this example their default values are fine."
24622
#: serverguide/C/clustering.xml:98(para)
24623
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
24626
#: serverguide/C/clustering.xml:103(command)
24627
msgid "scp /etc/drbd.conf drbd02:~"
24630
#: serverguide/C/clustering.xml:109(para)
24632
"And, on <emphasis>drbd02</emphasis> move the file to "
24633
"<filename>/etc</filename>:"
24636
#: serverguide/C/clustering.xml:114(command)
24637
msgid "sudo mv drbd.conf /etc/"
24640
#: serverguide/C/clustering.xml:120(para)
24642
"Next, on both hosts, start the <application>drbd</application> daemon:"
24645
#: serverguide/C/clustering.xml:125(command)
24646
msgid "sudo /etc/init.d/drbd start"
24649
#: serverguide/C/clustering.xml:131(para)
24651
"Now using the <application>drbdadm</application> utility initialize the meta "
24652
"data storage. On each server execute:"
24655
#: serverguide/C/clustering.xml:137(command)
24656
msgid "sudo drbdadm create-md r0"
24659
#: serverguide/C/clustering.xml:143(para)
24661
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
24662
"primary, enter the following:"
24665
#: serverguide/C/clustering.xml:148(command)
24666
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
24669
#: serverguide/C/clustering.xml:154(para)
24671
"After executing the above command, the data will start syncing with the "
24672
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
24676
#: serverguide/C/clustering.xml:160(command)
24677
msgid "watch -n1 cat /proc/drbd"
24680
#: serverguide/C/clustering.xml:163(para)
24681
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
24684
#: serverguide/C/clustering.xml:170(para)
24686
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
24689
#: serverguide/C/clustering.xml:175(command)
24690
msgid "sudo mkfs.ext3 /dev/drbd0"
24693
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
24694
msgid "sudo mount /dev/drbd0 /srv"
24697
#: serverguide/C/clustering.xml:186(para)
24699
"To test that the data is actually syncing between the hosts copy some files "
24700
"on the <emphasis>drbd01</emphasis>, the primary, to "
24701
"<filename>/srv</filename>:"
24704
#: serverguide/C/clustering.xml:195(para)
24705
msgid "Next, unmount <filename>/srv</filename>:"
24708
#: serverguide/C/clustering.xml:203(para)
24710
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
24711
"<emphasis>secondary</emphasis> role:"
24714
#: serverguide/C/clustering.xml:208(command)
24715
msgid "sudo drbdadm secondary r0"
24718
#: serverguide/C/clustering.xml:211(para)
24720
"Now on the <emphasis>secondary</emphasis> server "
24721
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
24724
#: serverguide/C/clustering.xml:216(command)
24725
msgid "sudo drbdadm primary r0"
24728
#: serverguide/C/clustering.xml:219(para)
24729
msgid "Lastly, mount the partition:"
24732
#: serverguide/C/clustering.xml:227(para)
24734
"Using <emphasis>ls</emphasis> you should see "
24735
"<filename>/srv/default</filename> copied from the former "
24736
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
24739
#: serverguide/C/clustering.xml:238(para)
24741
"For more information on <application>DRBD</application> see the <ulink "
24742
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
24745
#: serverguide/C/clustering.xml:243(para)
24748
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
24749
">drbd.conf man page</ulink> contains details on the options not covered in "
24753
#: serverguide/C/clustering.xml:249(para)
24755
"Also, see the <ulink "
24756
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
24757
"rbdadm man page</ulink>."
24760
#: serverguide/C/clustering.xml:254(para)
24762
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
24763
"Wiki</ulink> page also has more information."
24766
#: serverguide/C/chat.xml:13(title)
24767
msgid "Chat Applications"
24770
#: serverguide/C/chat.xml:19(para)
24772
"In this section, we will discuss how to install and configure a IRC server, "
24773
"<application>ircd-irc2</application>. We will also discuss how to install "
24774
"and configure Jabber, an instance messaging server."
24777
#: serverguide/C/chat.xml:28(title)
24781
#: serverguide/C/chat.xml:30(para)
24783
"The Ubuntu repository has many Internet Relay Chat servers. This section "
24784
"explains how to install and configure the original IRC server "
24785
"<application>ircd-irc2</application>."
24788
#: serverguide/C/chat.xml:39(para)
24790
"To install <application>ircd-irc2</application>, run the following command "
24791
"in the command prompt:"
24794
#: serverguide/C/chat.xml:45(command)
24795
msgid "sudo apt-get install ircd-irc2"
24798
#: serverguide/C/chat.xml:48(para)
24800
"The configuration files are stored in <filename>/etc/ircd</filename> "
24801
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
24802
"irc2</filename> directory."
24805
#: serverguide/C/chat.xml:59(para)
24807
"The IRC settings can be done in the configuration file "
24808
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
24809
"this file by editing the following line:"
24812
#: serverguide/C/chat.xml:64(programlisting)
24816
"M:irc.localhost::Debian ircd default configuration::000A\n"
24819
#: serverguide/C/chat.xml:68(para)
24821
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
24822
"you set irc.livecipher.com as IRC host name, please make sure "
24823
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
24824
"name should not be same as the host name."
24827
#: serverguide/C/chat.xml:75(para)
24829
"The IRC admin details can be configured by editing the following line:"
24832
#: serverguide/C/chat.xml:80(programlisting)
24836
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
24837
"Server::IRCnet:\n"
24840
#: serverguide/C/chat.xml:84(para)
24842
"You should add specific lines to configure the list of IRC ports to listen "
24843
"on, to configure Operator credentials, to configure client authentication, "
24844
"etc. For details, please refer to the example configuration file "
24845
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
24848
#: serverguide/C/chat.xml:92(para)
24850
"The IRC banner to be displayed in the IRC client, when the user connects to "
24851
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
24854
#: serverguide/C/chat.xml:97(para)
24856
"After making necessary changes to the configuration file, you can restart "
24857
"the IRC server using following command:"
24860
#: serverguide/C/chat.xml:101(programlisting)
24864
"sudo /etc/init.d/ircd-irc2 restart\n"
24867
#: serverguide/C/chat.xml:109(para)
24869
"You may also be interested to take a look at other IRC servers available in "
24870
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
24871
"<application>ircd-hybrid</application>."
24874
#: serverguide/C/chat.xml:117(para)
24876
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
24877
"FAQ</ulink> for more details about the IRC Server."
24880
#: serverguide/C/chat.xml:124(para)
24882
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
24883
"IRCD</ulink> page has more information."
24886
#: serverguide/C/chat.xml:132(title)
24887
msgid "Jabber Instant Messaging Server"
24890
#: serverguide/C/chat.xml:134(para)
24892
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
24893
"XMPP, an open standard for instant messaging, and used by many popular "
24894
"applications. This section covers setting up a <emphasis>Jabberd "
24895
"2</emphasis> server on a local LAN. This configuration can also be adapted "
24896
"to providing messaging services to users over the Internet."
24899
#: serverguide/C/chat.xml:143(para)
24900
msgid "To install <application>jabberd2</application>, in a terminal enter:"
24903
#: serverguide/C/chat.xml:148(command)
24904
msgid "sudo apt-get install jabberd2"
24907
#: serverguide/C/chat.xml:155(para)
24909
"A couple of XML configuration files will be used to configure "
24910
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
24911
"authentication. This is a very simple form of authentication. However, "
24912
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
24913
"Postgresql, etc for for user authentication."
24916
#: serverguide/C/chat.xml:162(para)
24917
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
24920
#: serverguide/C/chat.xml:166(programlisting)
24924
" <id>jabber.example.com</id>\n"
24927
#: serverguide/C/chat.xml:171(para)
24929
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
24930
"id, of your server."
24933
#: serverguide/C/chat.xml:176(para)
24934
msgid "Now in the <storage> section change the <driver> to:"
24937
#: serverguide/C/chat.xml:180(programlisting)
24941
" <driver>db</driver>\n"
24944
#: serverguide/C/chat.xml:184(para)
24946
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
24947
"<emphasis><local></emphasis> section change:"
24950
#: serverguide/C/chat.xml:188(programlisting)
24954
" <id>jabber.example.com</id>\n"
24957
#: serverguide/C/chat.xml:192(para)
24959
"And in the <authreg> section adjust the <module> section to:"
24962
#: serverguide/C/chat.xml:196(programlisting)
24966
" <module>db</module>\n"
24969
#: serverguide/C/chat.xml:200(para)
24971
"Finally, restart <application>jabberd2</application> to enable the new "
24975
#: serverguide/C/chat.xml:205(command)
24976
msgid "sudo /etc/init.d/jabberd2 restart"
24979
#: serverguide/C/chat.xml:208(para)
24981
"You should now be able to connect to the server using a Jabber client like "
24982
"<application>Pidgin</application> for example."
24985
#: serverguide/C/chat.xml:213(para)
24987
"The advantage of using Berkeley DB for user data is that after being "
24988
"configured no additional maintenance is required. If you need more control "
24989
"over user accounts and credentials another authentication method is "
24993
#: serverguide/C/chat.xml:225(para)
24995
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
24996
"Site</ulink> contains more details on configuring "
24997
"<application>Jabberd2</application>."
25000
#: serverguide/C/chat.xml:231(para)
25002
"For more authentication options see the <ulink "
25003
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
25007
#: serverguide/C/chat.xml:236(para)
25009
"Also, the <ulink "
25010
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
25011
"Jabber Server Ubuntu Wiki</ulink> page has more information."
25014
#: serverguide/C/backups.xml:13(title)
25018
#: serverguide/C/backups.xml:14(para)
25020
"There are many ways to backup an Ubuntu installation. The most important "
25021
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
25022
"consisting of what to backup, where to back it up to, and how to restore it."
25025
#: serverguide/C/backups.xml:18(para)
25027
"The following sections discuss various ways of accomplishing these tasks."
25030
#: serverguide/C/backups.xml:22(title)
25031
msgid "Shell Scripts"
25034
#: serverguide/C/backups.xml:23(para)
25036
"One of the simplest ways to backup a system is using a <emphasis>shell "
25037
"script</emphasis>. For example, a script can be used to configure which "
25038
"directories to backup, and use those directories as arguments to the "
25039
"<application>tar</application> utility creating an archive file. The archive "
25040
"file can then be moved or copied to another location. The archive can also "
25041
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
25044
#: serverguide/C/backups.xml:29(para)
25046
"The <application>tar</application> utility creates one archive file out of "
25047
"many files or directories. <application>tar</application> can also filter "
25048
"the files through compression utilities reducing the size of the archive "
25052
#: serverguide/C/backups.xml:35(title)
25053
msgid "Simple Shell Script"
25056
#: serverguide/C/backups.xml:36(para)
25058
"The following shell script uses <application>tar</application> to create an "
25059
"archive file on a remotely mounted NFS file system. The archive filename is "
25060
"determined using additional command line utilities."
25063
#: serverguide/C/backups.xml:40(programlisting)
25068
"####################################\n"
25070
"# Backup to NFS mount script.\n"
25072
"####################################\n"
25074
"# What to backup. \n"
25075
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25077
"# Where to backup to.\n"
25078
"dest=\"/mnt/backup\"\n"
25080
"# Create archive filename.\n"
25081
"day=$(date +%A)\n"
25082
"hostname=$(hostname -s)\n"
25083
"archive_file=\"$hostname-$day.tgz\"\n"
25085
"# Print start status message.\n"
25086
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
25090
"# Backup the files using tar.\n"
25091
"tar czf $dest/$archive_file $backup_files\n"
25093
"# Print end status message.\n"
25095
"echo \"Backup finished\"\n"
25098
"# Long listing of files in $dest to check file sizes.\n"
25102
#: serverguide/C/backups.xml:77(para)
25104
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
25105
"would like to backup. The list should be customized to fit your needs."
25108
#: serverguide/C/backups.xml:83(para)
25110
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
25111
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
25112
"day of the week, giving a backup history of seven days. There are other ways "
25113
"to accomplish this including other ways using the "
25114
"<application>date</application> utility."
25117
#: serverguide/C/backups.xml:90(para)
25119
"<emphasis>$hostname:</emphasis> variable containing the "
25120
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
25121
"archive filename gives you the option of placing daily archive files from "
25122
"multiple systems in the same directory."
25125
#: serverguide/C/backups.xml:97(para)
25126
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
25129
#: serverguide/C/backups.xml:102(para)
25131
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
25132
"needs to be created and in this case <emphasis>mounted</emphasis> before "
25133
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
25134
"details using <emphasis>NFS</emphasis>."
25137
#: serverguide/C/backups.xml:109(para)
25139
"<emphasis>status messages:</emphasis> optional messages printed to the "
25140
"console using the <application>echo</application> utility."
25143
#: serverguide/C/backups.xml:115(para)
25145
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
25146
"<application>tar</application> command used to create the archive file."
25149
#: serverguide/C/backups.xml:121(para)
25150
msgid "<emphasis>c:</emphasis> creates an archive."
25153
#: serverguide/C/backups.xml:126(para)
25155
"<emphasis>z:</emphasis> filter the archive through the "
25156
"<application>gzip</application> utility compressing the archive."
25159
#: serverguide/C/backups.xml:131(para)
25161
"<emphasis>f:</emphasis> use archive file. Otherwise the "
25162
"<application>tar</application> output will be sent to STDOUT."
25165
#: serverguide/C/backups.xml:138(para)
25167
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
25168
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
25169
"of the destination directory. This is useful for a quick file size check of "
25170
"the archive file. This check should not replace testing the archive file."
25173
#: serverguide/C/backups.xml:145(para)
25175
"This is a simple example of a backup shell script. There are large amount of "
25176
"options that can be included in a backup script. See <xref linkend=\"backup-"
25177
"shellscript-references\"/> for links to resources providing more in depth "
25178
"shell scripting information."
25181
#: serverguide/C/backups.xml:152(title)
25182
msgid "Executing the Script"
25185
#: serverguide/C/backups.xml:154(title)
25186
msgid "Executing from a Terminal"
25189
#: serverguide/C/backups.xml:155(para)
25191
"The simplest way of executing the above backup script is to copy and paste "
25192
"the contents into a file. <filename>backup.sh</filename> for example. Then "
25193
"from a terminal prompt:"
25196
#: serverguide/C/backups.xml:160(command)
25197
msgid "sudo bash backup.sh"
25198
msgstr "sudo bash backup.sh"
25200
#: serverguide/C/backups.xml:162(para)
25202
"This is a great way to test the script to make sure everything works as "
25206
#: serverguide/C/backups.xml:167(title)
25207
msgid "Executing with cron"
25210
#: serverguide/C/backups.xml:168(para)
25212
"The <application>cron</application> utility can be used to automate the "
25213
"script execution. The <application>cron</application> daemon allows the "
25214
"execution of scripts, or commands, at a specified time and date."
25217
#: serverguide/C/backups.xml:172(para)
25219
"<application>cron</application> is configured through entries in a "
25220
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
25221
"separated into fields:"
25224
#: serverguide/C/backups.xml:176(programlisting)
25228
"# m h dom mon dow command\n"
25231
"# m h dom mon dow command\n"
25233
#: serverguide/C/backups.xml:181(para)
25235
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
25238
#: serverguide/C/backups.xml:186(para)
25240
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
25243
#: serverguide/C/backups.xml:191(para)
25244
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
25247
#: serverguide/C/backups.xml:196(para)
25249
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
25252
#: serverguide/C/backups.xml:201(para)
25254
"<emphasis>dow:</emphasis> the day of the week the command executes on "
25255
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
25259
#: serverguide/C/backups.xml:206(para)
25260
msgid "<emphasis>command:</emphasis> the command to execute."
25263
#: serverguide/C/backups.xml:211(para)
25265
"To add or change entries in a <filename>crontab</filename> file the "
25266
"<application>crontab -e</application> command should be used. Also, the "
25267
"contents of a <filename>crontab</filename> file can be viewed using the "
25268
"<application>crontab -l</application> command."
25271
#: serverguide/C/backups.xml:215(para)
25273
"To execute the <application>backup.sh</application> script listed above "
25274
"using <application>cron</application>. Enter the following from a terminal "
25278
#: serverguide/C/backups.xml:220(command)
25279
msgid "sudo crontab -e"
25280
msgstr "sudo crontab -e"
25282
#: serverguide/C/backups.xml:223(para)
25284
"Using <application>sudo</application> with the <application>crontab -"
25285
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
25286
"This is necessary if you are backing up directories only the root user has "
25290
#: serverguide/C/backups.xml:228(para)
25291
msgid "Add the following entry to the <filename>crontab</filename> file:"
25294
#: serverguide/C/backups.xml:231(programlisting)
25298
"# m h dom mon dow command\n"
25299
"0 0 * * * bash /usr/local/bin/backup.sh\n"
25302
#: serverguide/C/backups.xml:235(para)
25304
"The <application>backup.sh</application> script will now be executed every "
25308
#: serverguide/C/backups.xml:239(para)
25310
"The <application>backup.sh</application> script will need to be copied to "
25311
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
25312
"to execute properly. The script can reside anywhere on the file system "
25313
"simply change the script path appropriately."
25316
#: serverguide/C/backups.xml:244(para)
25318
"For more in depth <application>crontab</application> options see <xref "
25319
"linkend=\"backup-shellscript-references\"/>."
25322
#: serverguide/C/backups.xml:250(title)
25323
msgid "Restoring from the Archive"
25326
#: serverguide/C/backups.xml:251(para)
25328
"Once an archive has been created it is important to test the archive. The "
25329
"archive can be tested by listing the files it contains, but the best test is "
25330
"to <emphasis>restore</emphasis> a file from the archive."
25333
#: serverguide/C/backups.xml:257(para)
25334
msgid "To see a listing of the archive contents. From a terminal prompt:"
25337
#: serverguide/C/backups.xml:261(command)
25338
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
25339
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
25341
#: serverguide/C/backups.xml:265(para)
25342
msgid "To restore a file from the archive to a different directory enter:"
25345
#: serverguide/C/backups.xml:269(command)
25346
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
25347
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
25349
#: serverguide/C/backups.xml:271(para)
25351
"The <emphasis>-C</emphasis> option to <application>tar</application> "
25352
"redirects the extracted files to the specified directory. The above example "
25353
"will extract the <filename>/etc/hosts</filename> file to "
25354
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
25355
"recreates the directory structure that it contains."
25358
#: serverguide/C/backups.xml:276(para)
25360
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
25361
"the file to restore."
25364
#: serverguide/C/backups.xml:281(para)
25365
msgid "To restore all files in the archive enter the following:"
25368
#: serverguide/C/backups.xml:285(command)
25372
#: serverguide/C/backups.xml:286(command)
25373
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
25374
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
25376
#: serverguide/C/backups.xml:291(para)
25377
msgid "This will overwrite the files currently on the file system."
25380
#: serverguide/C/backups.xml:300(para)
25382
"For more information on shell scripting see the <ulink "
25383
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
25386
#: serverguide/C/backups.xml:305(para)
25388
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
25389
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
25390
"great resource for shell scripting."
25393
#: serverguide/C/backups.xml:311(para)
25395
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
25396
"Wiki Page</ulink> contains details on advanced "
25397
"<application>cron</application> options."
25400
#: serverguide/C/backups.xml:318(para)
25402
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
25403
"tar Manual</ulink> for more <application>tar</application> options."
25406
#: serverguide/C/backups.xml:324(para)
25408
"The Wikipedia <ulink "
25409
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
25410
"Scheme</ulink> article contains information on other backup rotation schemes."
25413
#: serverguide/C/backups.xml:330(para)
25415
"The shell script uses <application>tar</application> to create the archive, "
25416
"but there many other command line utilities that can be used. For example:"
25419
#: serverguide/C/backups.xml:336(para)
25421
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
25422
"files to and from archives."
25425
#: serverguide/C/backups.xml:341(para)
25427
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
25428
"the <application>coreutils</application> package. A low level utility that "
25429
"can copy data from one format to another"
25432
#: serverguide/C/backups.xml:347(para)
25434
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
25435
"snap shot utility used to create copies of an entire file system."
25438
#: serverguide/C/backups.xml:358(title)
25439
msgid "Archive Rotation"
25442
#: serverguide/C/backups.xml:359(para)
25444
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
25445
"allows for seven different archives. For a server whose data doesn't change "
25446
"often this may be enough. If the server has a large amount of data a more "
25447
"robust rotation scheme should be used."
25450
#: serverguide/C/backups.xml:365(title)
25451
msgid "Rotating NFS Archives"
25454
#: serverguide/C/backups.xml:366(para)
25456
"In this section the shell script will be slightly modified to implement a "
25457
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
25460
#: serverguide/C/backups.xml:372(para)
25462
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
25466
#: serverguide/C/backups.xml:377(para)
25468
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
25469
"weekly backups a month."
25472
#: serverguide/C/backups.xml:382(para)
25474
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
25475
"rotating two monthly backups based on if the month is odd or even."
25478
#: serverguide/C/backups.xml:388(para)
25479
msgid "Here is the new script:"
25482
#: serverguide/C/backups.xml:391(programlisting)
25487
"####################################\n"
25489
"# Backup to NFS mount script with\n"
25490
"# grandfather-father-son rotation.\n"
25492
"####################################\n"
25494
"# What to backup. \n"
25495
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25497
"# Where to backup to.\n"
25498
"dest=\"/mnt/backup\"\n"
25500
"# Setup variables for the archive filename.\n"
25501
"day=$(date +%A)\n"
25502
"hostname=$(hostname -s)\n"
25504
"# Find which week of the month 1-4 it is.\n"
25505
"day_num=$(date +%d)\n"
25506
"if (( $day_num <= 7 )); then\n"
25507
" week_file=\"$hostname-week1.tgz\"\n"
25508
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
25509
" week_file=\"$hostname-week2.tgz\"\n"
25510
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
25511
" week_file=\"$hostname-week3.tgz\"\n"
25512
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
25513
" week_file=\"$hostname-week4.tgz\"\n"
25516
"# Find if the Month is odd or even.\n"
25517
"month_num=$(date +%m)\n"
25518
"month=$(expr $month_num % 2)\n"
25519
"if [ $month -eq 0 ]; then\n"
25520
" month_file=\"$hostname-month2.tgz\"\n"
25522
" month_file=\"$hostname-month1.tgz\"\n"
25525
"# Create archive filename.\n"
25526
"if [ $day_num == 1 ]; then\n"
25527
"\tarchive_file=$month_file\n"
25528
"elif [ $day != \"Saturday\" ]; then\n"
25529
" archive_file=\"$hostname-$day.tgz\"\n"
25531
"\tarchive_file=$week_file\n"
25534
"# Print start status message.\n"
25535
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
25539
"# Backup the files using tar.\n"
25540
"tar czf $dest/$archive_file $backup_files\n"
25542
"# Print end status message.\n"
25544
"echo \"Backup finished\"\n"
25547
"# Long listing of files in $dest to check file sizes.\n"
25551
#: serverguide/C/backups.xml:456(para)
25553
"The script can be executed using the same methods as in <xref "
25554
"linkend=\"backup-executing-shellscript\"/>."
25557
#: serverguide/C/backups.xml:459(para)
25559
"It is good practice to take backup media off site in case of a disaster. In "
25560
"the shell script example the backup media is another server providing an NFS "
25561
"share. In all likelihood taking the NFS server to another location would not "
25562
"be practical. Depending upon connection speeds it may be an option to copy "
25563
"the archive file over a WAN link to a server in another location."
25566
#: serverguide/C/backups.xml:465(para)
25568
"Another option is to copy the archive file to an external hard drive which "
25569
"can then be taken off site. Since the price of external hard drives continue "
25570
"to decrease it may be cost-effective to use two drives for each archive "
25571
"level. This would allow you to have one external drive attached to the "
25572
"backup server and one in another location."
25575
#: serverguide/C/backups.xml:472(title)
25576
msgid "Tape Drives"
25579
#: serverguide/C/backups.xml:473(para)
25581
"A tape drive attached to the server can be used instead of a NFS share. "
25582
"Using a tape drive simplifies archive rotation, and taking the media off "
25586
#: serverguide/C/backups.xml:477(para)
25588
"When using a tape drive the filename portions of the script aren't needed "
25589
"because the date is sent directly to the tape device. Some commands to "
25590
"manipulate the tape are needed. This is accomplished using "
25591
"<application>mt</application>, a magnetic tape control utility part of the "
25592
"<application>cpio</application> package."
25595
#: serverguide/C/backups.xml:482(para)
25596
msgid "Here is the shell script modified to use a tape drive:"
25597
msgstr "这是一个为磁带机而修改的外壳文稿程序:"
25599
#: serverguide/C/backups.xml:485(programlisting)
25604
"####################################\n"
25606
"# Backup to tape drive script.\n"
25608
"####################################\n"
25610
"# What to backup. \n"
25611
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
25613
"# Where to backup to.\n"
25614
"dest=\"/dev/st0\"\n"
25616
"# Print start status message.\n"
25617
"echo \"Backing up $backup_files to $dest\"\n"
25621
"# Make sure the tape is rewound.\n"
25622
"mt -f $dest rewind\n"
25624
"# Backup the files using tar.\n"
25625
"tar czf $dest $backup_files\n"
25627
"# Rewind and eject the tape.\n"
25628
"mt -f $dest rewoffl\n"
25630
"# Print end status message.\n"
25632
"echo \"Backup finished\"\n"
25636
#: serverguide/C/backups.xml:519(para)
25638
"The default device name for a SCSI tape drive is "
25639
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
25643
#: serverguide/C/backups.xml:524(para)
25645
"Restoring from a tape drive is basically the same as restoring from a file. "
25646
"Simply rewind the tape and use the device path instead of a file path. For "
25647
"example to restore the <filename>/etc/hosts</filename> file to "
25648
"<filename>/tmp/etc/hosts</filename>:"
25651
#: serverguide/C/backups.xml:529(command)
25652
msgid "mt -f /dev/st0 rewind"
25653
msgstr "mt -f /dev/st0 rewind"
25655
#: serverguide/C/backups.xml:530(command)
25656
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
25657
msgstr "tar -xzf /dev/st0 -C /tmp etc/hosts"
25659
#: serverguide/C/backups.xml:535(title)
25663
#: serverguide/C/backups.xml:536(para)
25665
"<application>Bacula</application> is a backup program enabling you to "
25666
"backup, restore, and verify data across your network. There are Bacula "
25667
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
25671
#: serverguide/C/backups.xml:542(para)
25673
"<application>Bacula</application> is made up of several components and "
25674
"services used to manage which files to backup and where to back them up to:"
25677
#: serverguide/C/backups.xml:548(para)
25679
"<application>Bacula Director:</application> a service that controls all "
25680
"backup, restore, verify, and archive operations."
25683
#: serverguide/C/backups.xml:553(para)
25685
"<application>Bacula Console:</application> an application allowing "
25686
"communication with the Director. There are three versions of the Console:"
25689
#: serverguide/C/backups.xml:558(para)
25690
msgid "Text based command line version."
25693
#: serverguide/C/backups.xml:559(para)
25694
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
25697
#: serverguide/C/backups.xml:560(para)
25698
msgid "wxWidgets GUI interface."
25701
#: serverguide/C/backups.xml:564(para)
25703
"<application>Bacula File:</application> also known as the "
25704
"<application>Bacula Client</application> program. This application is "
25705
"installed on machines to be backed up, and is responsible for the data "
25706
"requested by the Director."
25709
#: serverguide/C/backups.xml:570(para)
25711
"<application>Bacula Storage:</application> the programs that perform the "
25712
"storage and recovery of data to the physical media."
25715
#: serverguide/C/backups.xml:575(para)
25717
"<application>Bacula Catalog:</application> is responsible for maintaining "
25718
"the file indexes and volume databases for all files backed up, enabling "
25719
"quick location and restoration of archived files. The Catalog supports three "
25720
"different databases MySQL, PostgreSQL, and SQLite."
25723
#: serverguide/C/backups.xml:581(para)
25725
"<application>Bacula Monitor:</application> allows the monitoring of the "
25726
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
25727
"available as a GTK+ GUI application."
25730
#: serverguide/C/backups.xml:587(para)
25732
"These services and applications can be run on multiple servers and clients, "
25733
"or they can be installed on one machine if backing up a single disk or "
25737
#: serverguide/C/backups.xml:594(para)
25739
"There are multiple packages containing the different "
25740
"<application>Bacula</application> components. To install Bacula, from a "
25741
"terminal prompt enter:"
25744
#: serverguide/C/backups.xml:599(command)
25745
msgid "sudo apt-get install bacula"
25748
#: serverguide/C/backups.xml:601(para)
25750
"By default installing the <application>bacula</application> package will use "
25751
"a <application>MySQL</application> database for the Catalog. If you want to "
25752
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
25753
"director-sqlite3</application> or <application>bacula-director-"
25754
"pgsql</application> respectively."
25757
#: serverguide/C/backups.xml:607(para)
25759
"During the install process you will be asked to supply credentials for the "
25760
"database <emphasis>administrator</emphasis> and the "
25761
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
25762
"database administrator will need to have the appropriate rights to create a "
25763
"database, see <xref linkend=\"mysql\"/> for more information."
25766
#: serverguide/C/backups.xml:617(para)
25768
"<application>Bacula</application> configuration files are formatted based on "
25769
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
25770
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
25771
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
25775
#: serverguide/C/backups.xml:622(para)
25777
"The various <application>Bacula</application> components must authorize "
25778
"themselves to each other. This is accomplished using the "
25779
"<emphasis>password</emphasis> directive. For example, the "
25780
"<emphasis>Storage</emphasis> resource password in the "
25781
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
25782
"<emphasis>Director</emphasis> resource password in "
25783
"<filename>/etc/bacula/bacula-sd.conf</filename>."
25786
#: serverguide/C/backups.xml:628(para)
25788
"By default the backup job named <emphasis>Client1</emphasis> is configured "
25789
"to archive the <application>Bacula</application> Catalog. If you plan on "
25790
"using the server to backup more than one client you should change the name "
25791
"of this job to something more descriptive. To change the name edit "
25792
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
25795
#: serverguide/C/backups.xml:633(programlisting)
25800
"# Define the main nightly save backup job\n"
25801
"# By default, this job will back up to disk in \n"
25803
" Name = \"BackupServer\"\n"
25804
" JobDefs = \"DefaultJob\"\n"
25805
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
25809
#: serverguide/C/backups.xml:644(para)
25811
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
25812
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
25813
"your appropriate hostname, or other descriptive name."
25816
#: serverguide/C/backups.xml:649(para)
25818
"The <emphasis>Console</emphasis> can be used to query the "
25819
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
25820
"<emphasis>non-root</emphasis> user, the user needs to be in the "
25821
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
25822
"the following from a terminal:"
25825
#: serverguide/C/backups.xml:655(command)
25826
msgid "sudo adduser $username bacula"
25829
#: serverguide/C/backups.xml:658(para)
25831
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
25832
"you are adding the current user to the group you should log out and back in "
25833
"for the new permissions to take effect."
25836
#: serverguide/C/backups.xml:665(title)
25837
msgid "Localhost Backup"
25840
#: serverguide/C/backups.xml:666(para)
25842
"This section describes how to backup specified directories on a single host "
25843
"to a local tape drive."
25844
msgstr "这部分描述了怎样从一台单独的主机到一个本地磁带驱动器备份指定的目录。"
25846
#: serverguide/C/backups.xml:671(para)
25848
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
25849
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
25852
#: serverguide/C/backups.xml:674(programlisting)
25857
" Name = \"Tape Drive\"\n"
25858
" Device Type = tape\n"
25859
" Media Type = DDS-4\n"
25860
" Archive Device = /dev/st0\n"
25861
" Hardware end of medium = No;\n"
25862
" AutomaticMount = yes; # when device opened, read it\n"
25863
" AlwaysOpen = Yes;\n"
25864
" RemovableMedia = yes;\n"
25865
" RandomAccess = no;\n"
25866
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
25870
#: serverguide/C/backups.xml:688(para)
25872
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
25873
"Type and Archive Device to match your hardware."
25876
#: serverguide/C/backups.xml:691(para)
25877
msgid "You could also uncomment one of the other examples in the file."
25880
#: serverguide/C/backups.xml:696(para)
25882
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
25883
"<application>Storage</application> daemon will need to be restarted:"
25886
#: serverguide/C/backups.xml:701(command)
25887
msgid "sudo /etc/init.d/bacula-sd restart"
25890
#: serverguide/C/backups.xml:705(para)
25892
"Now add a <emphasis>Storage</emphasis> resource in "
25893
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
25896
#: serverguide/C/backups.xml:708(programlisting)
25900
"# Definition of \"Tape Drive\" storage device\n"
25902
" Name = TapeDrive\n"
25903
" # Do not use \"localhost\" here \n"
25904
" Address = backupserver # N.B. Use a fully qualified name "
25907
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
25908
" Device = \"Tape Drive\"\n"
25909
" Media Type = tape\n"
25913
#: serverguide/C/backups.xml:720(para)
25915
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
25916
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
25917
"to the actual host name."
25920
#: serverguide/C/backups.xml:724(para)
25922
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
25923
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
25925
"也要确保<emphasis>密码</emphasis> 和<filename>/etc/bacula/bacula-"
25926
"sd.conf</filename>里的密码字符串想匹配。"
25928
#: serverguide/C/backups.xml:730(para)
25930
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
25931
"directories to backup, by adding:"
25932
msgstr "创建一个新的<emphasis>FileSet</emphasis>, 这将决定哪些目录备份"
25934
#: serverguide/C/backups.xml:733(programlisting)
25938
"# LocalhostBacup FileSet.\n"
25940
" Name = \"LocalhostFiles\"\n"
25943
" signature = MD5\n"
25944
" compression=GZIP\n"
25952
#: serverguide/C/backups.xml:747(para)
25954
"This <emphasis>FileSet</emphasis> will backup the <filename "
25955
"role=\"directory\">/etc</filename> and <filename "
25956
"role=\"directory\">/home</filename> directories. The "
25957
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
25958
"create a MD5 signature for each file backed up, and to compress the files "
25961
"这个<emphasis>文件集</emphasis>将会备份<filename role=\"目录\">/etc</filename> 和 "
25962
"<filename role=\"目录\">/home</filename> 目录. 可用的<emphasis>选项</emphasis> "
25963
"指导你创建备份和为每一个备份的文件创建MD5码,并且使用GZIP来对这些文件进行压缩。"
25965
#: serverguide/C/backups.xml:754(para)
25966
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
25967
msgstr "接下来,为每备份任务创建一个新的<emphasis>计划</emphasis>:"
25969
#: serverguide/C/backups.xml:757(programlisting)
25973
"# LocalhostBackup Schedule -- Daily.\n"
25975
" Name = \"LocalhostDaily\"\n"
25976
" Run = Full daily at 00:01\n"
25980
#: serverguide/C/backups.xml:764(para)
25982
"The job will run every day at 00:01 or 12:01 am. There are many other "
25983
"scheduling options available."
25984
msgstr "这项工作会在每天凌晨00:01或者上午12:01开始运行。并会有许多其它的调度选项可供使用。"
25986
#: serverguide/C/backups.xml:769(para)
25987
msgid "Finally create the <emphasis>Job</emphasis>:"
25988
msgstr "最后创建<emphasis>工作</emphasis>:"
25990
#: serverguide/C/backups.xml:772(programlisting)
25994
"# Localhost backup.\n"
25996
" Name = \"LocalhostBackup\"\n"
25997
" JobDefs = \"DefaultJob\"\n"
26000
" FileSet = \"LocalhostFiles\"\n"
26001
" Schedule = \"LocalhostDaily\"\n"
26002
" Storage = TapeDrive\n"
26003
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
26007
"# 本地主机(Localhost) 备份\n"
26009
" Name = \"LocalhostBackup\"\n"
26010
" JobDefs = \"DefaultJob\"\n"
26011
" Enabled = yes Level = Full\n"
26012
" FileSet = \"LocalhostFiles\"\n"
26013
" Schedule = \"LocalhostDaily\"\n"
26014
" Storage = TapeDrive\n"
26015
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
26018
#: serverguide/C/backups.xml:785(para)
26020
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
26022
msgstr "此任务将每天进行到磁带驱动器的 <emphasis>完全</emphasis> 备份。"
26024
#: serverguide/C/backups.xml:790(para)
26026
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
26027
"current tape does not have a label <application>Bacula</application> will "
26028
"send an email letting you know. To label a tape using the "
26029
"<application>Console</application> enter the following from a terminal:"
26032
#: serverguide/C/backups.xml:796(command)
26036
#: serverguide/C/backups.xml:800(para)
26037
msgid "At the Bacula Console prompt enter:"
26040
#: serverguide/C/backups.xml:804(command)
26044
#: serverguide/C/backups.xml:808(para)
26046
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
26047
msgstr "你将会被提示<emphasis>存储</emphasis> 资源:"
26049
#: serverguide/C/backups.xml:818(userinput)
26054
#: serverguide/C/backups.xml:812(computeroutput)
26058
"Automatically selected Catalog: MyCatalog\n"
26059
"Using Catalog \"MyCatalog\"\n"
26060
"The defined Storage resources are:\n"
26063
"Select Storage resource (1-2):<placeholder-1/>\n"
26066
#: serverguide/C/backups.xml:823(para)
26067
msgid "Enter the new <emphasis>Volume</emphasis> name:"
26068
msgstr "输入新的<emphasis>卷标</emphasis>名字"
26070
#: serverguide/C/backups.xml:828(userinput)
26075
#: serverguide/C/backups.xml:827(computeroutput)
26079
"Enter new Volume name: <placeholder-1/>\n"
26085
#: serverguide/C/backups.xml:833(para)
26086
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
26087
msgstr "使用新的标签来替换<emphasis>星期日</emphasis>"
26089
#: serverguide/C/backups.xml:838(para)
26090
msgid "Now, select the <emphasis>Pool</emphasis>:"
26091
msgstr "现在,选择 <emphasis>Pool</emphasis>:"
26093
#: serverguide/C/backups.xml:843(userinput)
26098
#: serverguide/C/backups.xml:842(computeroutput)
26102
"Select the Pool (1-2): <placeholder-1/>\n"
26103
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
26104
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
26107
#: serverguide/C/backups.xml:850(para)
26109
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
26110
"backup the localhost to an attached tape drive."
26111
msgstr "祝贺,你现在已经配置好<emphasis>Bacula</emphasis>备份本地主机,并附带磁带驱动"
26113
#: serverguide/C/backups.xml:858(para)
26115
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
26116
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
26119
"要获得更多<emphasis>Bacula</emphasis>设置选项请参考<ulink "
26120
"url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula用户手册</ulink>"
26122
#: serverguide/C/backups.xml:864(para)
26124
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
26125
"the latest Bacula news and developments."
26127
"<ulink url=\"http://www.bacula.org/\">Bacula Home "
26128
"Page</ulink>包含了最新的Bacula的新闻和开发进展。"
26130
#: serverguide/C/backups.xml:869(para)
26132
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
26133
"Ubuntu Wiki</ulink> page."
26136
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
26137
#: serverguide/C/backups.xml:0(None)
26138
msgid "translator-credits"
26140
"Launchpad Contributions:\n"
26141
" Aron Xu https://launchpad.net/~happyaron\n"
26142
" Azrael Green https://launchpad.net/~azrael-green\n"
26143
" Congping Hao https://launchpad.net/~cqhcp\n"
26144
" Devin https://launchpad.net/~gnujava\n"
26145
" Hugh https://launchpad.net/~box.xoq\n"
26146
" Jun CHEN https://launchpad.net/~morning.nju\n"
26147
" Justin Yang https://launchpad.net/~yzmsq\n"
26148
" Lain https://launchpad.net/~lain\n"
26149
" Magicnight https://launchpad.net/~magicnight\n"
26150
" Miaobo Yao https://launchpad.net/~ubuntu-firehare\n"
26151
" Proton https://launchpad.net/~feisuzhu\n"
26152
" Tao Wei https://launchpad.net/~weitao1979\n"
26153
" USSR https://launchpad.net/~samuel-lee-1991\n"
26154
" Xu Hejie https://launchpad.net/~xuhejie\n"
26155
" Yiding He https://launchpad.net/~yiding-he\n"
26156
" bailiang https://launchpad.net/~bailiangcn\n"
26157
" hunhun https://launchpad.net/~gmljkl\n"
26158
" jinxin16897123 https://launchpad.net/~jinxin16897123\n"
26159
" king_li https://launchpad.net/~lzldc987\n"
26160
" linuxwj https://launchpad.net/~linuxwj\n"
26161
" saber https://launchpad.net/~saber-lover\n"
26162
" sdxianchao https://launchpad.net/~sdxianchao\n"
26163
" snowwhite https://launchpad.net/~yuxin6147\n"
26164
" wangajing https://launchpad.net/~yifan-870829\n"
26165
" wsw https://launchpad.net/~imskyee\n"
26166
" xiajiebuhui https://launchpad.net/~xiajiebuhui\n"
26167
" yugq https://launchpad.net/~yuguoqiang\n"
26168
" zhangmiao https://launchpad.net/~mymzhang\n"
26169
" zhongxin https://launchpad.net/~zhongxin0826\n"
26170
" 英华 https://launchpad.net/~wantinghard\n"
26171
" 龚韬 https://launchpad.net/~gongtao0607"
26174
#~ "The <varname>max=8</varname> variable does not represent the maximum length "
26175
#~ "of a password. It only means that complexity requirements will not be "
26176
#~ "checked on passwords over 8 characters. You may want to look at the "
26177
#~ "<application>libpam-cracklib</application> package for additional password "
26178
#~ "entropy assistance."
26180
#~ "变量<varname>max=8</varname>不代表是密码的最大长度。它只是表示当密码超过八位时就不会检查其复杂程度。你可以查看<applicati"
26181
#~ "on>libpam-cracklib</application>包里关于密码规则帮助。"
26184
#~ "If you would like to adjust the minimum length to 6 characters, change the "
26185
#~ "appropriate variable to min=6. The modification is outlined below."
26186
#~ msgstr "如果你想要将最小密码长度改成六位,将相应的变量改成min=6。如下是对于更改的描述。"
26188
#~ msgid "sudo /etc/init.d/samba restart"
26189
#~ msgstr "sudo /etc/init.d/samba restart"
26191
#~ msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
26192
#~ msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
26195
#~ "By default, Ubuntu requires a minimum password length of 4 characters, as "
26196
#~ "well as some basic entropy checks. These values are controlled in the file "
26197
#~ "<filename>/etc/pam.d/common-password</filename>, which is outlined below."
26199
#~ "默认地,Ubuntu对最小密码长度是四位,另加一位基本的熵值检查。这些值由<filename>/etc/pam.d/common-"
26200
#~ "password</filename>文件控制,要点在下面有描述。"
26208
#~ "password required pam_unix.so nullok obscure min=4 max=8 md5\n"
26211
#~ "密码需要 pam_unix.so nullok obscure min=4 max=8 md5\n"
26216
#~ "password required pam_unix.so nullok obscure min=6 max=8 md5\n"
26219
#~ "密码需要 pam_unix.so nullok obscure min=6 max=8 md5\n"
26222
#~ "<application>OpenNebula</application> allows virtual machines to be placed "
26223
#~ "and re-placed dynamically on a pool of physical resources. This allows a "
26224
#~ "virtual machine to be hosted from any location available."
26226
#~ "<application>OpenNebula</application>允许虚拟机被动态的在一个物理资源池里面替换或者重置。这就允许一个虚拟机被从任何位"
26229
#~ msgid "OpenNebula"
26230
#~ msgstr "OpenNebula"
26233
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26234
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
26236
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26237
#~ "oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
26240
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26241
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
26243
#~ "sudo scp /var/lib/one/.ssh/id_rsa.pub "
26244
#~ "oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
26246
#~ msgid "sudo passwd oneadmin"
26247
#~ msgstr "sudo passwd oneadmin"
26250
#~ "Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
26251
#~ "Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
26253
#~ "接下来,拷贝<emphasis>oneadmin</emphasis>用户的SSH键到计算节点,然后拷贝到Front-"
26254
#~ "End的<filename>authorized_keys</filename>文件:"
26256
#~ msgid "sudo apt-get install opennebula-node"
26257
#~ msgstr "sudo apt-get install opennebula-node"
26260
#~ "In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
26261
#~ "to have a password. On each machine execute:"
26262
#~ msgstr "为了拷贝SSH 键,<emphasis>oneadmin</emphasis>用户需要一个密码。在每个机器上执行:"
26264
#~ msgid "sudo apt-get install opennebula"
26265
#~ msgstr "sudo apt-get install opennebula"
26267
#~ msgid "On each Compute Node install:"
26268
#~ msgstr "在每一个计算节点输入:"
26270
#~ msgid "First, from a terminal on the Front-End enter:"
26271
#~ msgstr "首先,在一个Front-End的终端中输入:"
26273
#~ msgid "sudo mkdir /var/lib/one/images"
26274
#~ msgstr "sudo mkdir /var/lib/one/images"
26277
#~ "Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
26278
#~ "appropriate host names."
26279
#~ msgstr "使用适当的主机名来替换<emphasis>node01</emphasis>和<emphasis>node02</emphasis>。"
26282
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
26283
#~ "/etc/ssh/ssh_known_hosts\""
26285
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
26286
#~ "/etc/ssh/ssh_known_hosts\""
26289
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
26290
#~ "/etc/ssh/ssh_known_hosts\""
26292
#~ "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
26293
#~ "/etc/ssh/ssh_known_hosts\""
26296
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
26297
#~ "/var/lib/one/.ssh/authorized_keys\""
26299
#~ "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
26300
#~ "/var/lib/one/.ssh/authorized_keys\""
26302
#~ msgid "sudo chown oneadmin /var/lib/one/images/"
26303
#~ msgstr "sudo chown oneadmin /var/lib/one/images/"
26305
#~ msgid "onevnet create vnet01.template"
26306
#~ msgstr "onevnet create vnet01.template"
26308
#~ msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
26309
#~ msgstr "onehost create node01 im_kvm vmm_kvm tm_ssh"
26311
#~ msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
26312
#~ msgstr "onehost create node02 im_kvm vmm_kvm tm_ssh"
26317
#~ "NAME = \"LAN\"\n"
26318
#~ "TYPE = RANGED\n"
26319
#~ "BRIDGE = br0\n"
26320
#~ "NETWORK_SIZE = C\n"
26321
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
26324
#~ "NAME = \"LAN\"\n"
26325
#~ "TYPE = RANGED\n"
26326
#~ "BRIDGE = br0\n"
26327
#~ "NETWORK_SIZE = C\n"
26328
#~ "NETWORK_ADDRESS = 192.168.0.0\n"
26335
#~ "MEMORY = 512\n"
26337
#~ "OS = [ BOOT = hd ]\n"
26340
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
26341
#~ " target = \"hda\",\n"
26342
#~ " readonly = \"no\" ]\n"
26344
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
26346
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
26351
#~ "MEMORY = 512\n"
26353
#~ "OS = [ BOOT = hd ]\n"
26356
#~ " source = \"/var/lib/one/images/vm01.qcow2\",\n"
26357
#~ " target = \"hda\",\n"
26358
#~ " readonly = \"no\" ]\n"
26360
#~ "NIC = [ NETWORK=\"LAN\" ]\n"
26362
#~ "GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
26364
#~ msgid "onevm submit vm01.template"
26365
#~ msgstr "onevm submit vm01.template"
26368
#~ "On the Front-End create a directory to store the VM images, giving the "
26369
#~ "<emphasis>oneadmin</emphasis> user access to the directory:"
26371
#~ "在Front-End上创建一个文件夹来保存虚拟机映像,给予用户<emphasis>oneadmin</emphasis>这个文件夹的读取权限。"
26374
#~ "This allows the <emphasis>oneadmin</emphasis> to use "
26375
#~ "<application>scp</application>, without a password or manual intervention, "
26376
#~ "to deploy an image to the Compute Nodes."
26378
#~ "这样就允许<emphasis>oneadmin</emphasis>来使用<application>scp</application>去部署一个映像到计算"
26379
#~ "节点上,而不需要一个密码或者人工干涉。"
26382
#~ "Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
26383
#~ msgstr "确保把本地网络修改成<emphasis>192.168.0.0</emphasis>"
26386
#~ "The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
26387
#~ "and virtual machines added to the cluster."
26388
#~ msgstr "<emphasis>OpenNebula簇</emphasis>已经可以被配置,虚拟机也被加入到了簇中。"
26390
#~ msgid "From a terminal prompt enter:"
26391
#~ msgstr "在一个终端提示中输入:"
26394
#~ "Next, create a <emphasis>Virtual Network</emphasis> template file named "
26395
#~ "<filename>vnet01.template</filename>:"
26397
#~ "接下来,创建一个叫做<filename>vnet01.template</filename>的<emphasis>虚拟网络</emphasis>模板文件:"
26400
#~ "Using the <application>onevnet</application> utility, add the virtual "
26401
#~ "network to OpenNebula:"
26402
#~ msgstr "使用<application>onevnet</application>工具来把一个虚拟网络添加到OpenNebula"
26405
#~ "Now create a <emphasis>VM Template</emphasis> file named "
26406
#~ "<filename>vm01.template</filename>:"
26408
#~ "现在创建一个叫做<filename>vm01.template</filename>的<emphasis>VM "
26409
#~ "Template</emphasis>文件。"
26411
#~ msgid "Start the virtual machine using <application>onevm</application>:"
26412
#~ msgstr "使用<application>onevm</application>来开始虚拟机。"
26415
#~ "Use the <application>onevm list</application> option to view information "
26416
#~ "about virtual machines. Also, the <application>onevm show vm01</application> "
26417
#~ "option will display more details about a specific virtual machine."
26419
#~ "使用<application>onevm list</application>选项来查看关于虚拟机的信息。同样<application>onevm "
26420
#~ "show vm01</application>选项会显示某个特定虚拟机的信息。"
26423
#~ "See the <ulink "
26424
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
26425
#~ "> for more information."
26427
#~ "更多信息,请参见<ulink "
26428
#~ "url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
26432
#~ "You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
26433
#~ "<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
26434
#~ "url=\"http://freenode.net\">Freenode</ulink>."
26436
#~ "您同样可以在<ulink url=\"http://freenode.net\">Freenode</ulink>的<emphasis>#ubuntu-"
26437
#~ "virt</emphasis>和<emphasis>#ubuntu-server</emphasis>的IRC频道得到帮助。"
26440
#~ "The SSH key for the Compute Nodes needs to be added to the "
26441
#~ "<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
26442
#~ "accomplish this <application>ssh</application> to each Compute Node as a "
26443
#~ "user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
26444
#~ "session, and execute the following to copy the SSH key from "
26445
#~ "<filename>~/.ssh/known_hosts</filename> to "
26446
#~ "<filename>/etc/ssh/ssh_known_hosts</filename>:"
26448
#~ "计算节点的SSH键需要被添加到Front-"
26449
#~ "End主机的<filename>/etc/ssh/ssh_known_hosts</filename>文件中。为了完成这个,<application>ss"
26450
#~ "h</application>对每一个计算节点来说更像一个用户而不是一个<emphasis>oneadmin</emphasis>。然后从SSH "
26451
#~ "session中退出,然后执行下面的内容,来把SSH键从<filename>~/.ssh/known_hosts</filename>拷贝到<filena"
26452
#~ "me>/etc/ssh/ssh_known_hosts</filename>。"
26457
#~ msgid "sudo apt-get install ebox"
26458
#~ msgstr "sudo apt-get install ebox"
26460
#~ msgid "apt-cache rdepends ebox | uniq"
26461
#~ msgstr "apt-cache rdepends ebox | uniq"
26464
#~ "Once you make a change that requires a Save, the link will change from green "
26466
#~ msgstr "一旦您做了需要保存的改动,链接将会由绿色变成红色。"
26469
#~ "This section will detail configuring an OpenNebula cluster using three "
26470
#~ "machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
26471
#~ "Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
26472
#~ "also need a bridge configured to allow the virtual machines access to the "
26473
#~ "local network. For details see <xref linkend=\"bridging\"/>."
26475
#~ "这一节将介绍使用三个机器来配置一个OpenNebula簇的方法:一个<emphasis>Front-"
26476
#~ "End</emphasis>主机和两个<emphasis>计算节点</emphasis>用来运行虚拟机。那些计算节点同样需要配置一个桥来允许虚拟机读取本地"
26477
#~ "网络。更多细节,请参阅<xref linkend=\"bridging\"/>"
26480
#~ "Finally, copy a virtual machine disk file into "
26481
#~ "<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
26482
#~ "machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
26483
#~ "and-vmbuilder\"/> for details."
26485
#~ "最后,把一个虚拟机的磁盘镜像拷贝到<filename>/var/lib/one/images</filename>。你可以使用<application>v"
26486
#~ "mbuilder</application>来生成一个Ubuntu虚拟机镜像,更多细节,请参阅<xref linkend=\"jeos-and-"
26489
#~ msgid "eBox Modules"
26493
#~ "<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
26494
#~ "server configuration options."
26496
#~ "<emphasis>DNS:</emphasis> 提供 <application>BIND9</application> DNS 服务器设置选项"
26499
#~ "<application>eBox</application> is a web framework used to manage server "
26500
#~ "application configuration. The modular design of eBox allows you to pick and "
26501
#~ "choose which services you want to configure using eBox."
26503
#~ "<application>eBox</application> 是一个服务器应用设置管理 Web 框架。eBox "
26504
#~ "模块化的设计使您可以用它来选择您需要设置的服务。"
26507
#~ "During the installation you will be asked to supply a password for the ebox "
26508
#~ "user. After installing eBox the web interface can be accessed from: "
26509
#~ "<emphasis>https://yourserver/ebox</emphasis>."
26511
#~ "在安装过程中,您将会被要求提供一个 ebox 用户密码。安装 ebox 之后,您将可以访问 eBox 的 web "
26512
#~ "界面:<emphasis>https://yourserver/ebox</emphasis>。"
26515
#~ "<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
26516
#~ "Objects</emphasis>, which allow you to assign a name to an IP address or "
26519
#~ "<emphasis>Objects:</emphasis> 允许配置 eBox "
26520
#~ "<emphasis>网络对象</emphasis>,这意味着允许您为指定的一个或一组 IP 地址命名。"
26522
#~ msgid "Default Modules"
26526
#~ "This section provides a quick summary of the default "
26527
#~ "<application>eBox</application> modules."
26528
#~ msgstr "这里给出了默认的<application>ebox</application>模块的简介。"
26530
#~ msgid "Additional Modules"
26534
#~ "Here is a quick description of other available "
26535
#~ "<application>eBox</application> modules:"
26536
#~ msgstr "这里给出了其它可用的ebox模块的简介。"
26539
#~ "To install the <application>ebox</application> package, which contains the "
26540
#~ "default modules, enter the following:"
26541
#~ msgstr "要安装包含了默认模块的 <application>ebox</application> 软件包,输入下面的内容:"
26544
#~ "This section will cover integrating <application>Amavisd-new</application>, "
26545
#~ "<application>Spamassassin</application>, and "
26546
#~ "<application>ClamAV</application> with the "
26547
#~ "<application>Postfix</application> Mail Transport Agent (MTA). "
26548
#~ "<application>Postfix</application> can also check email validity by passing "
26549
#~ "it through external content filters. These filters can sometimes determine "
26550
#~ "if a message is spam without needing to process it with more resource "
26551
#~ "intensive applications. Two common filters are <application>dkim-"
26552
#~ "filter</application> and <application>python-policyd-spf</application>."
26554
#~ "此章节会阐述<application>Amavisd-new</application>, "
26555
#~ "<application>Spamassassin</application>和 <application>ClamAV</application> "
26556
#~ "与<application>Postfix</application> "
26557
#~ "邮件传送代理(MTA)的整合。<application>Postfix</application>也可以将邮件交由外部内容过滤器来检查。这些过滤器可以在不"
26558
#~ "需要使用更占内存的软件情况来判断一个邮件是否为垃圾邮件。两个常见的过滤器<application>dkim-"
26559
#~ "filter</application>和<application>python-policyd-spf</application>。"
26562
#~ "By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
26563
#~ "new module is installed it will not be automatically enabled."
26564
#~ msgstr "默认情况下 eBox <emphasis>模块</emphasis> 没有全部启用,新模块安装后也不会自动启用。"