2932
2954
"a GUI), or via a remote VNC client from a GUI based computer."
2935
#: serverguide/C/virtualization.xml:206(title)
2957
#: serverguide/C/virtualization.xml:179(title)
2936
2958
msgid "virt-clone"
2939
#: serverguide/C/virtualization.xml:208(para)
2961
#: serverguide/C/virtualization.xml:180(para)
2941
2963
"The <application>virt-clone</application> application can be used to copy "
2942
2964
"one virtual machine to another. For example:"
2945
#: serverguide/C/virtualization.xml:212(command)
2967
#: serverguide/C/virtualization.xml:184(command)
2947
2969
"sudo virt-clone -o web_devel -n database_devel -f "
2948
2970
"/path/to/database_devel.img \\ --connect=qemu:///system"
2951
#: serverguide/C/virtualization.xml:218(para)
2973
#: serverguide/C/virtualization.xml:189(para)
2952
2974
msgid "<emphasis>-o:</emphasis> original virtual machine."
2955
#: serverguide/C/virtualization.xml:222(para)
2977
#: serverguide/C/virtualization.xml:194(para)
2956
2978
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
2959
#: serverguide/C/virtualization.xml:227(para)
2981
#: serverguide/C/virtualization.xml:199(para)
2961
2983
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
2962
2984
"be used by the new virtual machine."
2965
#: serverguide/C/virtualization.xml:232(para)
2987
#: serverguide/C/virtualization.xml:204(para)
2967
2989
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2970
#: serverguide/C/virtualization.xml:237(para)
2992
#: serverguide/C/virtualization.xml:209(para)
2972
2994
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
2973
2995
"help troubleshoot problems with <application>virt-clone</application>."
2976
#: serverguide/C/virtualization.xml:242(para)
2998
#: serverguide/C/virtualization.xml:214(para)
2978
3000
"Replace <emphasis>web_devel</emphasis> and "
2979
3001
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2982
#: serverguide/C/virtualization.xml:249(title)
3004
#: serverguide/C/virtualization.xml:220(title)
2983
3005
msgid "Virtual Machine Management"
2986
#: serverguide/C/virtualization.xml:252(title)
3008
#: serverguide/C/virtualization.xml:222(title)
2990
#: serverguide/C/virtualization.xml:254(para)
3012
#: serverguide/C/virtualization.xml:223(para)
2992
3014
"There are several utilities available to manage virtual machines and "
2993
3015
"<application>libvirt</application>. The <application>virsh</application> "
2994
3016
"utility can be used from the command line. Some examples:"
2997
#: serverguide/C/virtualization.xml:261(para)
3019
#: serverguide/C/virtualization.xml:229(para)
2998
3020
msgid "To list running virtual machines:"
3001
#: serverguide/C/virtualization.xml:264(command)
3023
#: serverguide/C/virtualization.xml:233(command)
3002
3024
msgid "virsh -c qemu:///system list"
3005
#: serverguide/C/virtualization.xml:269(para)
3027
#: serverguide/C/virtualization.xml:237(para)
3006
3028
msgid "To start a virtual machine:"
3009
#: serverguide/C/virtualization.xml:272(command)
3031
#: serverguide/C/virtualization.xml:241(command)
3010
3032
msgid "virsh -c qemu:///system start web_devel"
3013
#: serverguide/C/virtualization.xml:277(para)
3035
#: serverguide/C/virtualization.xml:245(para)
3014
3036
msgid "Similarly, to start a virtual machine at boot:"
3017
#: serverguide/C/virtualization.xml:280(command)
3039
#: serverguide/C/virtualization.xml:249(command)
3018
3040
msgid "virsh -c qemu:///system autostart web_devel"
3021
#: serverguide/C/virtualization.xml:285(para)
3043
#: serverguide/C/virtualization.xml:253(para)
3022
3044
msgid "Reboot a virtual machine with:"
3025
#: serverguide/C/virtualization.xml:288(command)
3047
#: serverguide/C/virtualization.xml:257(command)
3026
3048
msgid "virsh -c qemu:///system reboot web_devel"
3029
#: serverguide/C/virtualization.xml:293(para)
3051
#: serverguide/C/virtualization.xml:261(para)
3031
3053
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3032
3054
"order to be restored later. The following will save the virtual machine "
3033
3055
"state into a file named according to the date:"
3036
#: serverguide/C/virtualization.xml:299(command)
3058
#: serverguide/C/virtualization.xml:266(command)
3037
3059
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3040
#: serverguide/C/virtualization.xml:302(para)
3062
#: serverguide/C/virtualization.xml:268(para)
3041
3063
msgid "Once saved the virtual machine will no longer be running."
3044
#: serverguide/C/virtualization.xml:307(para)
3066
#: serverguide/C/virtualization.xml:273(para)
3045
3067
msgid "A saved virtual machine can be restored using:"
3048
#: serverguide/C/virtualization.xml:310(command)
3070
#: serverguide/C/virtualization.xml:277(command)
3049
3071
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3052
#: serverguide/C/virtualization.xml:315(para)
3074
#: serverguide/C/virtualization.xml:281(para)
3053
3075
msgid "To shutdown a virtual machine do:"
3056
#: serverguide/C/virtualization.xml:318(command)
3078
#: serverguide/C/virtualization.xml:285(command)
3057
3079
msgid "virsh -c qemu:///system shutdown web_devel"
3060
#: serverguide/C/virtualization.xml:323(para)
3082
#: serverguide/C/virtualization.xml:289(para)
3061
3083
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3064
#: serverguide/C/virtualization.xml:327(command)
3086
#: serverguide/C/virtualization.xml:293(command)
3065
3087
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3068
#: serverguide/C/virtualization.xml:333(para)
3090
#: serverguide/C/virtualization.xml:298(para)
3070
3092
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3071
3093
"appropriate virtual machine name, and <filename>web_devel-"
3072
3094
"022708.state</filename> with a descriptive file name."
3075
#: serverguide/C/virtualization.xml:341(title)
3097
#: serverguide/C/virtualization.xml:305(title)
3076
3098
msgid "Virtual Machine Manager"
3079
#: serverguide/C/virtualization.xml:343(para)
3101
#: serverguide/C/virtualization.xml:306(para)
3081
3103
"The <application>virt-manager</application> package contains a graphical "
3082
3104
"utility to manage local and remote virtual machines. To install virt-manager "
3086
#: serverguide/C/virtualization.xml:348(command)
3108
#: serverguide/C/virtualization.xml:311(command)
3087
3109
msgid "sudo apt-get install virt-manager"
3090
#: serverguide/C/virtualization.xml:351(para)
3112
#: serverguide/C/virtualization.xml:313(para)
3092
3114
"Since <application>virt-manager</application> requires a Graphical User "
3093
3115
"Interface (GUI) environment it is recommended to be installed on a "
5888
5913
"package for account management."
5891
#: serverguide/C/security.xml:88(para)
5916
#: serverguide/C/security.xml:77(para)
5893
5918
"To add a user account, use the following syntax, and follow the prompts to "
5894
5919
"give the account a password and identifiable characteristics such as a full "
5895
5920
"name, phone number, etc."
5898
#: serverguide/C/security.xml:92(command)
5923
#: serverguide/C/security.xml:81(command)
5899
5924
msgid "sudo adduser username"
5902
#: serverguide/C/security.xml:96(para)
5927
#: serverguide/C/security.xml:85(para)
5904
5929
"To delete a user account and its primary group, use the following syntax:"
5907
#: serverguide/C/security.xml:100(command)
5932
#: serverguide/C/security.xml:89(command)
5908
5933
msgid "sudo deluser username"
5911
#: serverguide/C/security.xml:102(para)
5936
#: serverguide/C/security.xml:91(para)
5913
5938
"Deleting an account does not remove their respective home folder. It is up "
5914
5939
"to you whether or not you wish to delete the folder manually or keep it "
5915
5940
"according to your desired retention policies."
5918
#: serverguide/C/security.xml:105(para)
5943
#: serverguide/C/security.xml:94(para)
5920
5945
"Remember, any user added later on with the same UID/GID as the previous "
5921
5946
"owner will now have access to this folder if you have not taken the "
5922
5947
"necessary precautions."
5925
#: serverguide/C/security.xml:108(para)
5950
#: serverguide/C/security.xml:97(para)
5927
5952
"You may want to change these UID/GID values to something more appropriate, "
5928
5953
"such as the root account, and perhaps even relocate the folder to avoid "
5929
5954
"future conflicts:"
5932
#: serverguide/C/security.xml:112(command)
5957
#: serverguide/C/security.xml:101(command)
5933
5958
msgid "sudo chown -R root:root /home/username/"
5936
#: serverguide/C/security.xml:113(command)
5961
#: serverguide/C/security.xml:102(command)
5937
5962
msgid "sudo mkdir /home/archived_users/"
5940
#: serverguide/C/security.xml:114(command)
5965
#: serverguide/C/security.xml:103(command)
5941
5966
msgid "sudo mv /home/username /home/archived_users/"
5944
#: serverguide/C/security.xml:118(para)
5969
#: serverguide/C/security.xml:107(para)
5946
5971
"To temporarily lock or unlock a user account, use the following syntax, "
5947
5972
"respectively:"
5950
#: serverguide/C/security.xml:122(command)
5975
#: serverguide/C/security.xml:111(command)
5951
5976
msgid "sudo passwd -l username"
5954
#: serverguide/C/security.xml:123(command)
5979
#: serverguide/C/security.xml:112(command)
5955
5980
msgid "sudo passwd -u username"
5958
#: serverguide/C/security.xml:127(para)
5983
#: serverguide/C/security.xml:116(para)
5960
5985
"To add or delete a personalized group, use the following syntax, "
5961
5986
"respectively:"
5964
#: serverguide/C/security.xml:131(command)
5989
#: serverguide/C/security.xml:120(command)
5965
5990
msgid "sudo addgroup groupname"
5968
#: serverguide/C/security.xml:132(command)
5993
#: serverguide/C/security.xml:121(command)
5969
5994
msgid "sudo delgroup groupname"
5972
#: serverguide/C/security.xml:136(para)
5997
#: serverguide/C/security.xml:125(para)
5973
5998
msgid "To add a user to a group, use the following syntax:"
5976
#: serverguide/C/security.xml:140(command)
6001
#: serverguide/C/security.xml:129(command)
5977
6002
msgid "sudo adduser username groupname"
5980
#: serverguide/C/security.xml:147(title)
6005
#: serverguide/C/security.xml:136(title)
5981
6006
msgid "User Profile Security"
5984
#: serverguide/C/security.xml:148(para)
6009
#: serverguide/C/security.xml:137(para)
5986
6011
"When a new user is created, the adduser utility creates a brand new home "
5987
6012
"directory named <filename class=\"directory\">/home/username</filename>, "
6393
6418
"to create an IPv4 or IPv6 host-based firewall."
6396
#: serverguide/C/security.xml:388(para)
6421
#: serverguide/C/security.xml:373(para)
6398
6423
"<application>ufw</application> by default is initially disabled. From the "
6399
6424
"<application>ufw</application> man page:"
6402
#: serverguide/C/security.xml:392(quote)
6427
#: serverguide/C/security.xml:377(quote)
6404
6429
"ufw is not intended to provide complete firewall functionality via its "
6405
6430
"command interface, but instead provides an easy way to add or remove simple "
6406
6431
"rules. It is currently mainly used for host-based firewalls."
6409
#: serverguide/C/security.xml:396(para)
6434
#: serverguide/C/security.xml:381(para)
6411
6436
"The following are some examples of how to use <application>ufw</application>:"
6414
#: serverguide/C/security.xml:401(para)
6439
#: serverguide/C/security.xml:386(para)
6416
6441
"First, <application>ufw</application> needs to be enabled. From a terminal "
6417
6442
"prompt enter:"
6420
#: serverguide/C/security.xml:405(command)
6445
#: serverguide/C/security.xml:390(command)
6421
6446
msgid "sudo ufw enable"
6424
#: serverguide/C/security.xml:409(para)
6449
#: serverguide/C/security.xml:394(para)
6425
6450
msgid "To open a port (ssh in this example):"
6428
#: serverguide/C/security.xml:413(command)
6453
#: serverguide/C/security.xml:398(command)
6429
6454
msgid "sudo ufw allow 22"
6432
#: serverguide/C/security.xml:417(para)
6457
#: serverguide/C/security.xml:402(para)
6433
6458
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6436
#: serverguide/C/security.xml:421(command)
6461
#: serverguide/C/security.xml:406(command)
6437
6462
msgid "sudo ufw insert 1 allow 80"
6440
#: serverguide/C/security.xml:425(para)
6465
#: serverguide/C/security.xml:410(para)
6441
6466
msgid "Similarly, to close an opened port:"
6444
#: serverguide/C/security.xml:429(command)
6469
#: serverguide/C/security.xml:414(command)
6445
6470
msgid "sudo ufw deny 22"
6448
#: serverguide/C/security.xml:433(para)
6473
#: serverguide/C/security.xml:418(para)
6449
6474
msgid "To remove a rule, use delete followed by the rule:"
6452
#: serverguide/C/security.xml:437(command)
6477
#: serverguide/C/security.xml:422(command)
6453
6478
msgid "sudo ufw delete deny 22"
6456
#: serverguide/C/security.xml:441(para)
6481
#: serverguide/C/security.xml:426(para)
6458
6483
"It is also possible to allow access from specific hosts or networks to a "
6459
6484
"port. The following example allows ssh access from host 192.168.0.2 to any "
6460
6485
"ip address on this host:"
6463
#: serverguide/C/security.xml:446(command)
6488
#: serverguide/C/security.xml:431(command)
6464
6489
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6467
#: serverguide/C/security.xml:448(para)
6492
#: serverguide/C/security.xml:433(para)
6469
6494
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6473
#: serverguide/C/security.xml:454(para)
6498
#: serverguide/C/security.xml:439(para)
6475
6500
"Adding the <emphasis>--dry-run</emphasis> option to a "
6476
6501
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6787
6812
"forward</emphasis> chain."
6790
#: serverguide/C/security.xml:720(title)
6815
#: serverguide/C/security.xml:705(title)
6791
6816
msgid "iptables Masquerading"
6794
#: serverguide/C/security.xml:721(para)
6819
#: serverguide/C/security.xml:706(para)
6796
6821
"<application>iptables</application> can also be used to enable Masquerading."
6799
#: serverguide/C/security.xml:726(para)
6824
#: serverguide/C/security.xml:711(para)
6801
6826
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6802
6827
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6803
6828
"uncomment the following line"
6806
#: serverguide/C/security.xml:730(programlisting)
6831
#: serverguide/C/security.xml:715(programlisting)
6810
6835
"net.ipv4.ip_forward=1\n"
6813
#: serverguide/C/security.xml:733(para)
6838
#: serverguide/C/security.xml:718(para)
6814
6839
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6817
#: serverguide/C/security.xml:736(programlisting)
6842
#: serverguide/C/security.xml:721(programlisting)
6821
6846
"net.ipv6.conf.default.forwarding=1\n"
6824
#: serverguide/C/security.xml:741(para)
6849
#: serverguide/C/security.xml:726(para)
6826
6851
"Next, execute the <application>sysctl</application> command to enable the "
6827
6852
"new settings in the configuration file:"
6830
#: serverguide/C/security.xml:745(command)
6855
#: serverguide/C/security.xml:730(command)
6831
6856
msgid "sudo sysctl -p"
6834
#: serverguide/C/security.xml:749(para)
6859
#: serverguide/C/security.xml:734(para)
6836
6861
"IP Masquerading can now be accomplished with a single iptables rule, which "
6837
6862
"may differ slightly based on your network configuration:"
6840
#: serverguide/C/security.xml:752(screen)
6865
#: serverguide/C/security.xml:737(screen)
6844
6869
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6847
#: serverguide/C/security.xml:755(para)
6872
#: serverguide/C/security.xml:740(para)
6849
6874
"The above command assumes that your private address space is 192.168.0.0/16 "
6850
6875
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6854
#: serverguide/C/security.xml:760(para)
6879
#: serverguide/C/security.xml:745(para)
6855
6880
msgid "-t nat -- the rule is to go into the nat table"
6858
#: serverguide/C/security.xml:761(para)
6883
#: serverguide/C/security.xml:746(para)
6860
6885
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6863
#: serverguide/C/security.xml:762(para)
6888
#: serverguide/C/security.xml:747(para)
6865
6890
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6866
6891
"specified address space"
6869
#: serverguide/C/security.xml:763(para)
6894
#: serverguide/C/security.xml:748(para)
6871
6896
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6872
6897
"specified network device"
6875
#: serverguide/C/security.xml:765(para)
6900
#: serverguide/C/security.xml:750(para)
6877
6902
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6878
6903
"MASQUERADE target to be manipulated as described above"
6881
#: serverguide/C/security.xml:773(para)
6906
#: serverguide/C/security.xml:758(para)
6883
6908
"Also, each chain in the filter table (the default table, and where most or "
6884
6909
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7077
7102
"<application>apparmor-profiles</application> package."
7080
#: serverguide/C/security.xml:921(para)
7105
#: serverguide/C/security.xml:907(para)
7082
7107
"To install the <application>apparmor-profiles</application> package from a "
7083
7108
"terminal prompt:"
7086
#: serverguide/C/security.xml:925(command)
7111
#: serverguide/C/security.xml:911(command)
7087
7112
msgid "sudo apt-get install apparmor-profiles"
7090
#: serverguide/C/security.xml:927(para)
7115
#: serverguide/C/security.xml:913(para)
7091
7116
msgid "AppArmor profiles have two modes of execution:"
7094
#: serverguide/C/security.xml:932(para)
7119
#: serverguide/C/security.xml:918(para)
7096
7121
"Complaining/Learning: profile violations are permitted and logged. Useful "
7097
7122
"for testing and developing new profiles."
7100
#: serverguide/C/security.xml:937(para)
7125
#: serverguide/C/security.xml:923(para)
7102
7127
"Enforced/Confined: enforces profile policy as well as logging the violation."
7105
#: serverguide/C/security.xml:943(title)
7130
#: serverguide/C/security.xml:929(title)
7106
7131
msgid "Using AppArmor"
7109
#: serverguide/C/security.xml:944(para)
7134
#: serverguide/C/security.xml:945(para)
7136
"This section is plagued by a bug (<ulink "
7137
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
7138
"#1304134</ulink>) and instructions will not work as advertised."
7141
#: serverguide/C/security.xml:930(para)
7111
7143
"The <application>apparmor-utils</application> package contains command line "
7112
7144
"utilities that you can use to change the <application>AppArmor</application> "
7113
7145
"execution mode, find the status of a profile, create new profiles, etc."
7116
#: serverguide/C/security.xml:950(para)
7148
#: serverguide/C/security.xml:936(para)
7118
7150
"<application>apparmor_status</application> is used to view the current "
7119
7151
"status of AppArmor profiles."
7122
#: serverguide/C/security.xml:954(command)
7154
#: serverguide/C/security.xml:940(command)
7123
7155
msgid "sudo apparmor_status"
7126
#: serverguide/C/security.xml:958(para)
7158
#: serverguide/C/security.xml:944(para)
7128
7160
"<application>aa-complain</application> places a profile into "
7129
7161
"<emphasis>complain</emphasis> mode."
7132
#: serverguide/C/security.xml:962(command)
7164
#: serverguide/C/security.xml:948(command)
7133
7165
msgid "sudo aa-complain /path/to/bin"
7136
#: serverguide/C/security.xml:966(para)
7168
#: serverguide/C/security.xml:952(para)
7138
7170
"<application>aa-enforce</application> places a profile into "
7139
7171
"<emphasis>enforce</emphasis> mode."
7142
#: serverguide/C/security.xml:970(command)
7174
#: serverguide/C/security.xml:956(command)
7143
7175
msgid "sudo aa-enforce /path/to/bin"
7146
#: serverguide/C/security.xml:974(para)
7178
#: serverguide/C/security.xml:960(para)
7148
7180
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7149
7181
"profiles are located. It can be used to manipulate the "
7150
7182
"<emphasis>mode</emphasis> of all profiles."
7153
#: serverguide/C/security.xml:978(para)
7185
#: serverguide/C/security.xml:964(para)
7154
7186
msgid "Enter the following to place all profiles into complain mode:"
7157
#: serverguide/C/security.xml:982(command)
7189
#: serverguide/C/security.xml:968(command)
7158
7190
msgid "sudo aa-complain /etc/apparmor.d/*"
7161
#: serverguide/C/security.xml:984(para)
7193
#: serverguide/C/security.xml:970(para)
7162
7194
msgid "To place all profiles in enforce mode:"
7165
#: serverguide/C/security.xml:988(command)
7197
#: serverguide/C/security.xml:974(command)
7166
7198
msgid "sudo aa-enforce /etc/apparmor.d/*"
7169
#: serverguide/C/security.xml:992(para)
7201
#: serverguide/C/security.xml:978(para)
7171
7203
"<application>apparmor_parser</application> is used to load a profile into "
7172
7204
"the kernel. It can also be used to reload a currently loaded profile using "
7173
7205
"the <emphasis>-r</emphasis> option. To load a profile:"
7176
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7208
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7177
7209
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7180
#: serverguide/C/security.xml:999(para)
7212
#: serverguide/C/security.xml:985(para)
7181
7213
msgid "To reload a profile:"
7184
#: serverguide/C/security.xml:1003(command)
7216
#: serverguide/C/security.xml:989(command)
7185
7217
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7188
#: serverguide/C/security.xml:1007(para)
7220
#: serverguide/C/security.xml:1013(para)
7190
7222
"<filename>service apparmor</filename> can be used to "
7191
7223
"<emphasis>reload</emphasis> all profiles:"
7194
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:943(command)
7226
#: serverguide/C/network-auth.xml:964(command)
7195
7227
msgid "sudo service apparmor reload"
7198
#: serverguide/C/security.xml:1015(para)
7230
#: serverguide/C/security.xml:1001(para)
7200
7232
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7201
7233
"with the <application>apparmor_parser -R</application> option to "
7202
7234
"<emphasis>disable</emphasis> a profile."
7205
#: serverguide/C/security.xml:1020(command)
7237
#: serverguide/C/security.xml:1006(command)
7206
7238
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7209
#: serverguide/C/security.xml:1021(command)
7241
#: serverguide/C/security.xml:1007(command)
7210
7242
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7213
#: serverguide/C/security.xml:1023(para)
7245
#: serverguide/C/security.xml:1009(para)
7215
7247
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7216
7248
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7217
7249
"load the profile using the <emphasis>-a</emphasis> option."
7220
#: serverguide/C/security.xml:1028(command)
7252
#: serverguide/C/security.xml:1014(command)
7221
7253
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7224
#: serverguide/C/security.xml:1033(para)
7256
#: serverguide/C/security.xml:1019(para)
7226
7258
"<application>AppArmor</application> can be disabled, and the kernel module "
7227
7259
"unloaded by entering the following:"
7230
#: serverguide/C/security.xml:1037(command)
7262
#: serverguide/C/security.xml:1043(command)
7231
7263
msgid "sudo service apparmor stop"
7234
#: serverguide/C/security.xml:1038(command)
7266
#: serverguide/C/security.xml:1024(command)
7235
7267
msgid "sudo update-rc.d -f apparmor remove"
7238
#: serverguide/C/security.xml:1042(para)
7270
#: serverguide/C/security.xml:1028(para)
7239
7271
msgid "To re-enable <application>AppArmor</application> enter:"
7242
#: serverguide/C/security.xml:1046(command)
7274
#: serverguide/C/security.xml:1052(command)
7243
7275
msgid "sudo service apparmor start"
7246
#: serverguide/C/security.xml:1047(command)
7278
#: serverguide/C/security.xml:1033(command)
7247
7279
msgid "sudo update-rc.d apparmor defaults"
7250
#: serverguide/C/security.xml:1052(para)
7282
#: serverguide/C/security.xml:1038(para)
7252
7284
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7253
7285
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7934
7966
"filesystem, partition type, etc."
7937
#: serverguide/C/security.xml:1661(para)
7969
#: serverguide/C/security.xml:1647(para)
7939
7971
"During installation there is an option to encrypt the <filename "
7940
7972
"role=\"directory\">/home</filename> partition. This will automatically "
7941
7973
"configure everything needed to encrypt and mount the partition."
7944
#: serverguide/C/security.xml:1666(para)
7976
#: serverguide/C/security.xml:1652(para)
7946
7978
"As an example, this section will cover configuring <filename "
7947
7979
"role=\"directory\">/srv</filename> to be encrypted using "
7948
7980
"<emphasis>eCryptfs</emphasis>."
7951
#: serverguide/C/security.xml:1671(title)
7983
#: serverguide/C/security.xml:1657(title)
7952
7984
msgid "Using eCryptfs"
7955
#: serverguide/C/security.xml:1673(para)
7987
#: serverguide/C/security.xml:1659(para)
7956
7988
msgid "First, install the necessary packages. From a terminal prompt enter:"
7959
#: serverguide/C/security.xml:1678(command)
7991
#: serverguide/C/security.xml:1664(command)
7960
7992
msgid "sudo apt-get install ecryptfs-utils"
7963
#: serverguide/C/security.xml:1681(para)
7995
#: serverguide/C/security.xml:1667(para)
7964
7996
msgid "Now mount the partition to be encrypted:"
7967
#: serverguide/C/security.xml:1686(command)
7999
#: serverguide/C/security.xml:1672(command)
7968
8000
msgid "sudo mount -t ecryptfs /srv /srv"
7971
#: serverguide/C/security.xml:1689(para)
8003
#: serverguide/C/security.xml:1675(para)
7973
8005
"You will then be prompted for some details on how "
7974
8006
"<application>ecryptfs</application> should encrypt the data."
7977
#: serverguide/C/security.xml:1693(para)
8009
#: serverguide/C/security.xml:1679(para)
7979
8011
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
7980
8012
"copy the <filename>/etc/default</filename> folder to "
7981
8013
"<filename>/srv</filename>:"
7984
#: serverguide/C/security.xml:1699(command) serverguide/C/clustering.xml:190(command)
8016
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
7985
8017
msgid "sudo cp -r /etc/default /srv"
7988
#: serverguide/C/security.xml:1702(para)
8020
#: serverguide/C/security.xml:1688(para)
7989
8021
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
7992
#: serverguide/C/security.xml:1707(command) serverguide/C/installation.xml:1125(command) serverguide/C/clustering.xml:198(command)
8024
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
7993
8025
msgid "sudo umount /srv"
7996
#: serverguide/C/security.xml:1708(command)
8028
#: serverguide/C/security.xml:1694(command)
7997
8029
msgid "cat /srv/default/cron"
8000
#: serverguide/C/security.xml:1711(para)
8032
#: serverguide/C/security.xml:1697(para)
8002
8034
"Remounting <filename>/srv</filename> using "
8003
8035
"<application>ecryptfs</application> will make the data viewable once again."
8006
#: serverguide/C/security.xml:1717(title)
8038
#: serverguide/C/security.xml:1703(title)
8007
8039
msgid "Automatically Mounting Encrypted Partitions"
8010
#: serverguide/C/security.xml:1719(para)
8042
#: serverguide/C/security.xml:1705(para)
8012
8044
"There are a couple of ways to automatically mount an "
8013
8045
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8560
8587
"of the Samba guide for more details."
8563
#: serverguide/C/samba.xml:425(para)
8590
#: serverguide/C/windows-networking.xml:425(para)
8565
8592
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8566
8593
"without supplying a username and password."
8569
#: serverguide/C/samba.xml:432(para)
8596
#: serverguide/C/windows-networking.xml:432(para)
8571
8598
"The security mode you choose will depend on your environment and what you "
8572
8599
"need the Samba server to accomplish."
8575
#: serverguide/C/samba.xml:438(title)
8602
#: serverguide/C/windows-networking.xml:438(title)
8576
8603
msgid "Security = User"
8579
#: serverguide/C/samba.xml:440(para)
8606
#: serverguide/C/windows-networking.xml:440(para)
8581
8608
"This section will reconfigure the Samba file and print server, from <xref "
8582
8609
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8583
8610
"require authentication."
8586
#: serverguide/C/samba.xml:445(para)
8613
#: serverguide/C/windows-networking.xml:445(para)
8588
8615
"First, install the <application>libpam-smbpass</application> package which "
8589
8616
"will sync the system users to the Samba user database:"
8592
#: serverguide/C/samba.xml:451(command)
8619
#: serverguide/C/windows-networking.xml:451(command)
8593
8620
msgid "sudo apt-get install libpam-smbpass"
8596
#: serverguide/C/samba.xml:455(para)
8623
#: serverguide/C/windows-networking.xml:455(para)
8598
8625
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8599
8626
"<application>libpam-smbpass</application> is already installed."
8602
#: serverguide/C/samba.xml:461(para)
8629
#: serverguide/C/windows-networking.xml:461(para)
8604
8631
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8605
8632
"<emphasis>[share]</emphasis> section change:"
8608
#: serverguide/C/samba.xml:465(programlisting)
8635
#: serverguide/C/windows-networking.xml:465(programlisting)
8612
8639
" guest ok = no\n"
8615
#: serverguide/C/samba.xml:469(para)
8642
#: serverguide/C/windows-networking.xml:469(para)
8616
8643
msgid "Finally, restart Samba for the new settings to take effect:"
8619
#: serverguide/C/samba.xml:478(para)
8646
#: serverguide/C/windows-networking.xml:478(para)
8621
8648
"Now when connecting to the shared directories or printers you should be "
8622
8649
"prompted for a username and password."
8625
#: serverguide/C/samba.xml:483(para)
8652
#: serverguide/C/windows-networking.xml:483(para)
8627
8654
"If you choose to map a network drive to the share you can check the "
8628
8655
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8629
8656
"enter the username and password once, at least until the password changes."
8632
#: serverguide/C/samba.xml:491(title)
8659
#: serverguide/C/windows-networking.xml:491(title)
8633
8660
msgid "Share Security"
8636
#: serverguide/C/samba.xml:493(para)
8663
#: serverguide/C/windows-networking.xml:493(para)
8638
8665
"There are several options available to increase the security for each "
8639
8666
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8640
8667
"this section will cover some common options."
8643
#: serverguide/C/samba.xml:499(title)
8670
#: serverguide/C/windows-networking.xml:499(title)
8647
#: serverguide/C/samba.xml:501(para)
8674
#: serverguide/C/windows-networking.xml:501(para)
8649
8676
"Groups define a collection of computers or users which have a common level "
8650
8677
"of access to particular network resources and offer a level of granularity "
10447
10473
"Personal Package Archive (PPA)</ulink>."
10450
#: serverguide/C/remote-administration.xml:606(para)
10476
#: serverguide/C/remote-administration.xml:566(para)
10452
10478
"Not present on Ubuntu Universe repositories, but on <ulink "
10453
10479
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10454
10480
"find these other modules:"
10457
#: serverguide/C/remote-administration.xml:613(para)
10483
#: serverguide/C/remote-administration.xml:573(para)
10459
10485
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10460
10486
"with other modules like the proxy, file sharing or mailfilter."
10463
#: serverguide/C/remote-administration.xml:620(para)
10489
#: serverguide/C/remote-administration.xml:580(para)
10465
10491
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10466
10492
"a simple PBX with LDAP based authentication."
10469
#: serverguide/C/remote-administration.xml:626(para)
10495
#: serverguide/C/remote-administration.xml:586(para)
10471
10497
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10474
#: serverguide/C/remote-administration.xml:632(para)
10500
#: serverguide/C/remote-administration.xml:592(para)
10476
10502
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10477
10503
"LDAP users and groups."
10480
#: serverguide/C/remote-administration.xml:638(para)
10506
#: serverguide/C/remote-administration.xml:598(para)
10482
10508
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10483
10509
"popular <application>duplicity</application> backup tool."
10486
#: serverguide/C/remote-administration.xml:644(para)
10512
#: serverguide/C/remote-administration.xml:604(para)
10487
10513
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10490
#: serverguide/C/remote-administration.xml:649(para)
10516
#: serverguide/C/remote-administration.xml:609(para)
10491
10517
msgid "zentyal-ids: integrates a network intrusion detection system."
10494
#: serverguide/C/remote-administration.xml:654(para)
10520
#: serverguide/C/remote-administration.xml:614(para)
10496
10522
"zentyal-ipsec: allows to configure IPsec tunnels using "
10497
10523
"<application>OpenSwan</application>."
10500
#: serverguide/C/remote-administration.xml:660(para)
10526
#: serverguide/C/remote-administration.xml:620(para)
10502
10528
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10503
10529
"with LDAP users and groups."
10506
#: serverguide/C/remote-administration.xml:666(para)
10532
#: serverguide/C/remote-administration.xml:626(para)
10508
10534
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10512
#: serverguide/C/remote-administration.xml:672(para)
10538
#: serverguide/C/remote-administration.xml:632(para)
10514
10540
"zentyal-mail: a full mail stack including <application>Postfix "
10515
10541
"</application> and <application>Dovecot</application> with LDAP backend."
10518
#: serverguide/C/remote-administration.xml:679(para)
10544
#: serverguide/C/remote-administration.xml:639(para)
10520
10546
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10521
10547
"stack to filter spam and attached virus."
10524
#: serverguide/C/remote-administration.xml:685(para)
10550
#: serverguide/C/remote-administration.xml:645(para)
10526
10552
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10527
10553
"server performance and running services."
10530
#: serverguide/C/remote-administration.xml:691(para)
10556
#: serverguide/C/remote-administration.xml:651(para)
10532
10558
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10535
#: serverguide/C/remote-administration.xml:696(para)
10561
#: serverguide/C/remote-administration.xml:656(para)
10537
10563
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10538
10564
"users and groups."
10541
#: serverguide/C/remote-administration.xml:702(para)
10567
#: serverguide/C/remote-administration.xml:662(para)
10543
10569
"zentyal-software: simple interface to manage installed "
10544
10570
"<application>Zentyal</application> modules and system updates."
10547
#: serverguide/C/remote-administration.xml:708(para)
10573
#: serverguide/C/remote-administration.xml:668(para)
10549
10575
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10550
10576
"throttling and improve latency."
10553
#: serverguide/C/remote-administration.xml:714(para)
10579
#: serverguide/C/remote-administration.xml:674(para)
10555
10581
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10556
10582
"web browser."
10559
#: serverguide/C/remote-administration.xml:720(para)
10585
#: serverguide/C/remote-administration.xml:680(para)
10561
10587
"zentyal-virt: simple interface to create and manage virtual machines based "
10562
10588
"on <application>libvirt</application>."
10565
#: serverguide/C/remote-administration.xml:726(para)
10591
#: serverguide/C/remote-administration.xml:686(para)
10567
10593
"zentyal-webmail: allows to access your mail using the popular "
10568
10594
"<application>Roundcube</application> webmail."
10571
#: serverguide/C/remote-administration.xml:732(para)
10597
#: serverguide/C/remote-administration.xml:692(para)
10573
10599
"zentyal-webserver: configures <application>Apache</application> webserver to "
10574
10600
"host different sites on your machine."
10577
#: serverguide/C/remote-administration.xml:738(para)
10603
#: serverguide/C/remote-administration.xml:698(para)
10579
10605
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10580
10606
"with <application>Zentyal</application> mail stack and LDAP."
10583
#: serverguide/C/remote-administration.xml:750(title)
10609
#: serverguide/C/remote-administration.xml:710(title)
10584
10610
msgid "First steps"
10587
#: serverguide/C/remote-administration.xml:752(para)
10613
#: serverguide/C/remote-administration.xml:712(para)
10589
10615
"Any system account belonging to the sudo group is allowed to log into "
10590
10616
"<application>Zentyal</application> web interface. If you are using the user "
10591
10617
"created during the installation, this should be in the sudo group by default."
10594
#: serverguide/C/remote-administration.xml:760(para)
10620
#: serverguide/C/remote-administration.xml:720(para)
10595
10621
msgid "If you need to add another user to the sudo group, just execute:"
10598
#: serverguide/C/remote-administration.xml:765(command)
10624
#: serverguide/C/remote-administration.xml:725(command)
10599
10625
msgid "sudo adduser username sudo"
10602
#: serverguide/C/remote-administration.xml:769(para)
10628
#: serverguide/C/remote-administration.xml:729(para)
10604
10630
"To access <application>Zentyal</application> web interface, browse into "
10605
10631
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11523
11549
"flexibility of <application>pam_motd</application>."
11526
#: serverguide/C/other-apps.xml:151(title)
11552
#: serverguide/C/other-apps.xml:156(para)
11555
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11556
"motd.5.html\">update-motd man page</ulink> for more options available to "
11557
"<application>update-motd</application>."
11560
#: serverguide/C/other-apps.xml:338(para)
11562
"The Debian Package of the Day <ulink "
11563
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11564
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11565
"details about using the <application>weather</application>utility."
11568
#: serverguide/C/other-apps.xml:134(title)
11527
11569
msgid "etckeeper"
11530
#: serverguide/C/other-apps.xml:153(para)
11572
#: serverguide/C/other-apps.xml:180(para)
11532
11574
"<application>etckeeper</application> allows the contents of <filename "
11533
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11534
"System (VCS) repository. It hooks into <application>apt</application> to "
11535
"automatically commit changes to <filename>/etc</filename> when packages are "
11575
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
11576
"(VCS) repository. It integrates with <application>APT</application> and "
11577
"automatically commits changes to <filename>/etc</filename> when packages are "
11536
11578
"installed or upgraded. Placing <filename>/etc</filename> under version "
11537
11579
"control is considered an industry best practice, and the goal of "
11538
11580
"<application>etckeeper</application> is to make this process as painless as "
11542
#: serverguide/C/other-apps.xml:161(para)
11584
#: serverguide/C/other-apps.xml:144(para)
11544
11586
"Install <application>etckeeper</application> by entering the following in a "
11548
#: serverguide/C/other-apps.xml:166(command)
11590
#: serverguide/C/other-apps.xml:149(command)
11549
11591
msgid "sudo apt-get install etckeeper"
11552
#: serverguide/C/other-apps.xml:169(para)
11594
#: serverguide/C/other-apps.xml:196(para)
11554
11596
"The main configuration file, "
11555
11597
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11556
"main option is which VCS to use. By default "
11598
"main option is which VCS to use and by default "
11557
11599
"<application>etckeeper</application> is configured to use "
11558
"<application>bzr</application> for version control. The repository is "
11559
"automatically initialized (and committed for the first time) during package "
11560
"installation. It is possible to undo this by entering the following command:"
11600
"<application>Bazaar</application>. The repository is automatically "
11601
"initialized (and committed for the first time) during package installation. "
11602
"It is possible to undo this by entering the following command:"
11563
#: serverguide/C/other-apps.xml:179(command)
11605
#: serverguide/C/other-apps.xml:162(command)
11564
11606
msgid "sudo etckeeper uninit"
11567
#: serverguide/C/other-apps.xml:182(para)
11609
#: serverguide/C/other-apps.xml:165(para)
11569
11611
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11570
11612
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11647
11687
"Committed revision 2."
11650
#: serverguide/C/other-apps.xml:256(para)
11690
#: serverguide/C/other-apps.xml:239(para)
11652
11692
"For an example of how <application>etckeeper</application> tracks manual "
11653
11693
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11654
11694
"<application>bzr</application> you can see which files have been modified:"
11657
#: serverguide/C/other-apps.xml:262(command)
11697
#: serverguide/C/other-apps.xml:245(command)
11658
11698
msgid "sudo bzr status /etc/"
11661
#: serverguide/C/other-apps.xml:263(computeroutput)
11701
#: serverguide/C/other-apps.xml:246(computeroutput)
11664
11704
"modified:\n"
11668
#: serverguide/C/other-apps.xml:267(para)
11708
#: serverguide/C/other-apps.xml:250(para)
11669
11709
msgid "Now commit the changes:"
11672
#: serverguide/C/other-apps.xml:272(command)
11673
msgid "sudo etckeeper commit \"new host\""
11712
#: serverguide/C/other-apps.xml:295(command)
11713
msgid "sudo etckeeper commit \"added new host\""
11676
#: serverguide/C/other-apps.xml:275(para)
11716
#: serverguide/C/other-apps.xml:258(para)
11678
11718
"For more information on <application>bzr</application> see <xref "
11679
11719
"linkend=\"bazaar\"/>."
11682
#: serverguide/C/other-apps.xml:281(title)
11722
#: serverguide/C/other-apps.xml:345(para)
11725
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11726
"more details on using <application>etckeeper</application>."
11729
#: serverguide/C/other-apps.xml:351(para)
11731
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11732
"Ubuntu Wiki</ulink> page."
11735
#: serverguide/C/other-apps.xml:356(para)
11737
"For the latest news and information about <application>bzr</application> see "
11738
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11741
#: serverguide/C/other-apps.xml:264(title)
11683
11742
msgid "Byobu"
11686
#: serverguide/C/other-apps.xml:283(para)
11688
"One of the most useful applications for any system administrator is "
11689
"<application>screen</application>. It allows the execution of multiple "
11690
"shells in one terminal. To make some of the advanced "
11691
"<application>screen</application> features more user friendly, and provide "
11692
"some useful information about the system, the "
11693
"<application>byobu</application> package was created."
11696
#: serverguide/C/other-apps.xml:290(para)
11698
"When executing <application>byobu</application> pressing the "
11699
"<emphasis>F9</emphasis> key will bring up the "
11700
"<application>Configuration</application> menu. This menu will allow you to:"
11703
#: serverguide/C/other-apps.xml:296(para)
11745
#: serverguide/C/other-apps.xml:337(para)
11747
"One of the most useful applications for any system administrator is an xterm "
11748
"multiplexor such as <application>screen</application> or "
11749
"<application>tmux</application>. It allows for the execution of multiple "
11750
"shells in one terminal. To make some of the advanced multiplexor features "
11751
"more user-friendly and provide some useful information about the system, the "
11752
"<application>byobu</application> package was created. It acts as a wrapper "
11753
"to these programs. By default Byobu uses tmux (if installed) but this can be "
11754
"changed by the user."
11757
#: serverguide/C/other-apps.xml:344(para)
11758
msgid "Invoke it simply with:"
11761
#: serverguide/C/other-apps.xml:349(command)
11765
#: serverguide/C/other-apps.xml:352(para)
11767
"Now bring up the configuration menu. By default this is done by pressing the "
11768
"<emphasis>F9</emphasis> key. This will allow you to:"
11771
#: serverguide/C/other-apps.xml:279(para)
11704
11772
msgid "View the Help menu"
11707
#: serverguide/C/other-apps.xml:297(para)
11775
#: serverguide/C/other-apps.xml:280(para)
11708
11776
msgid "Change Byobu's background color"
11711
#: serverguide/C/other-apps.xml:298(para)
11779
#: serverguide/C/other-apps.xml:281(para)
11712
11780
msgid "Change Byobu's foreground color"
11715
#: serverguide/C/other-apps.xml:299(para)
11783
#: serverguide/C/other-apps.xml:282(para)
11716
11784
msgid "Toggle status notifications"
11719
#: serverguide/C/other-apps.xml:300(para)
11787
#: serverguide/C/other-apps.xml:283(para)
11720
11788
msgid "Change the key binding set"
11723
#: serverguide/C/other-apps.xml:301(para)
11791
#: serverguide/C/other-apps.xml:284(para)
11724
11792
msgid "Change the escape sequence"
11727
#: serverguide/C/other-apps.xml:302(para)
11795
#: serverguide/C/other-apps.xml:285(para)
11728
11796
msgid "Create new windows"
11731
#: serverguide/C/other-apps.xml:303(para)
11799
#: serverguide/C/other-apps.xml:286(para)
11732
11800
msgid "Manage the default windows"
11735
#: serverguide/C/other-apps.xml:304(para)
11803
#: serverguide/C/other-apps.xml:287(para)
11736
11804
msgid "Byobu currently does not launch at login (toggle on)"
11739
#: serverguide/C/other-apps.xml:307(para)
11807
#: serverguide/C/other-apps.xml:290(para)
11741
11809
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11742
11810
"sequence, new window, change window, etc. There are two key binding sets to "
11769
11837
"commands. Here is a quick list of movement commands:"
11772
#: serverguide/C/other-apps.xml:331(para)
11840
#: serverguide/C/other-apps.xml:314(para)
11773
11841
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11776
#: serverguide/C/other-apps.xml:332(para)
11844
#: serverguide/C/other-apps.xml:315(para)
11777
11845
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11780
#: serverguide/C/other-apps.xml:333(para)
11848
#: serverguide/C/other-apps.xml:316(para)
11781
11849
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11784
#: serverguide/C/other-apps.xml:334(para)
11852
#: serverguide/C/other-apps.xml:317(para)
11785
11853
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11788
#: serverguide/C/other-apps.xml:335(para)
11856
#: serverguide/C/other-apps.xml:318(para)
11789
11857
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11792
#: serverguide/C/other-apps.xml:336(para)
11860
#: serverguide/C/other-apps.xml:319(para)
11793
11861
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11796
#: serverguide/C/other-apps.xml:337(para)
11864
#: serverguide/C/other-apps.xml:320(para)
11798
11866
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11799
11867
"the buffer)"
11802
#: serverguide/C/other-apps.xml:338(para)
11870
#: serverguide/C/other-apps.xml:321(para)
11803
11871
msgid "<emphasis>/</emphasis> - Search forward"
11806
#: serverguide/C/other-apps.xml:339(para)
11874
#: serverguide/C/other-apps.xml:322(para)
11807
11875
msgid "<emphasis>?</emphasis> - Search backward"
11810
#: serverguide/C/other-apps.xml:340(para)
11878
#: serverguide/C/other-apps.xml:401(para)
11812
11880
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
11815
#: serverguide/C/other-apps.xml:349(para)
11818
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/update-"
11819
"motd.5.html\">update-motd man page</ulink> for more options available to "
11820
"<application>update-motd</application>."
11823
#: serverguide/C/other-apps.xml:355(para)
11825
"The Debian Package of the Day <ulink "
11826
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11827
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11828
"details about using the <application>weather</application>utility."
11831
#: serverguide/C/other-apps.xml:362(para)
11834
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11835
"more details on using <application>etckeeper</application>."
11838
#: serverguide/C/other-apps.xml:368(para)
11840
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11841
"Ubuntu Wiki</ulink> page."
11844
#: serverguide/C/other-apps.xml:373(para)
11846
"For the latest news and information about <application>bzr</application> see "
11847
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11850
#: serverguide/C/other-apps.xml:378(para)
11883
#: serverguide/C/other-apps.xml:361(para)
11852
11885
"For more information on <application>screen</application> see the <ulink "
11853
11886
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11856
#: serverguide/C/other-apps.xml:383(para)
11889
#: serverguide/C/other-apps.xml:366(para)
11858
11891
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11859
11892
"screen</ulink> page."
11862
#: serverguide/C/other-apps.xml:388(para)
11895
#: serverguide/C/other-apps.xml:371(para)
11864
11897
"Also, see the <application>byobu</application><ulink "
11865
11898
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
13578
13629
"dn: olcDatabase={1}hdb,cn=config\n"
13581
#: serverguide/C/network-auth.xml:259(para) serverguide/C/network-auth.xml:350(para)
13632
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13582
13633
msgid "Explanation of entries:"
13585
#: serverguide/C/network-auth.xml:266(para)
13636
#: serverguide/C/network-auth.xml:288(para)
13586
13637
msgid "<emphasis>cn=config</emphasis>: global settings"
13589
#: serverguide/C/network-auth.xml:272(para)
13640
#: serverguide/C/network-auth.xml:294(para)
13591
13642
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13594
#: serverguide/C/network-auth.xml:278(para)
13645
#: serverguide/C/network-auth.xml:300(para)
13596
13647
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13600
#: serverguide/C/network-auth.xml:284(para)
13651
#: serverguide/C/network-auth.xml:306(para)
13602
13653
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13606
#: serverguide/C/network-auth.xml:290(para)
13657
#: serverguide/C/network-auth.xml:312(para)
13608
13659
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13611
#: serverguide/C/network-auth.xml:296(para)
13662
#: serverguide/C/network-auth.xml:318(para)
13612
13663
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13615
#: serverguide/C/network-auth.xml:302(para)
13666
#: serverguide/C/network-auth.xml:324(para)
13617
13668
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13618
13669
"inetorgperson schema"
13621
#: serverguide/C/network-auth.xml:308(para)
13672
#: serverguide/C/network-auth.xml:330(para)
13623
13674
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13627
#: serverguide/C/network-auth.xml:314(para)
13678
#: serverguide/C/network-auth.xml:336(para)
13629
13680
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13630
13681
"default settings for other databases"
13633
#: serverguide/C/network-auth.xml:320(para)
13684
#: serverguide/C/network-auth.xml:342(para)
13635
13686
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13636
13687
"database (cn=config)"
13639
#: serverguide/C/network-auth.xml:326(para)
13690
#: serverguide/C/network-auth.xml:348(para)
13641
13692
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13642
13693
"(dc=examle,dc=com)"
13645
#: serverguide/C/network-auth.xml:337(para)
13696
#: serverguide/C/network-auth.xml:359(para)
13646
13697
msgid "This is what the dc=example,dc=com DIT looks like:"
13649
#: serverguide/C/network-auth.xml:342(command)
13700
#: serverguide/C/network-auth.xml:364(command)
13650
13701
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13653
#: serverguide/C/network-auth.xml:343(computeroutput)
13704
#: serverguide/C/network-auth.xml:365(computeroutput)
14250
14301
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14253
#: serverguide/C/network-auth.xml:918(para)
14304
#: serverguide/C/network-auth.xml:940(para)
14255
14306
"Change the rootDN in the LDIF file to match the one you have for your "
14259
#: serverguide/C/network-auth.xml:925(para)
14310
#: serverguide/C/network-auth.xml:947(para)
14261
"The <application>apparmor</application> profile for slapd will need to be "
14262
"adjusted for the accesslog database location. Edit "
14263
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
14312
"The <application>apparmor</application> profile for slapd will not need to "
14313
"be adjusted for the accesslog database location since "
14314
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14267
#: serverguide/C/network-auth.xml:931(programlisting)
14317
#: serverguide/C/network-auth.xml:952(programlisting)
14271
"/var/lib/ldap/accesslog/ r,\n"
14272
"/var/lib/ldap/accesslog/** rwk,\n"
14321
"/var/lib/ldap/ r,\n"
14322
"/var/lib/ldap/** rwk,\n"
14275
#: serverguide/C/network-auth.xml:936(para)
14325
#: serverguide/C/network-auth.xml:957(para)
14277
14327
"Create a directory, set up a databse config file, and reload the apparmor "
14281
#: serverguide/C/network-auth.xml:941(command)
14331
#: serverguide/C/network-auth.xml:962(command)
14282
14332
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14285
#: serverguide/C/network-auth.xml:942(command)
14335
#: serverguide/C/network-auth.xml:963(command)
14286
14336
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14289
#: serverguide/C/network-auth.xml:949(para)
14339
#: serverguide/C/network-auth.xml:970(para)
14291
14341
"Add the new content and, due to the apparmor change, restart the daemon:"
14294
#: serverguide/C/network-auth.xml:954(command)
14344
#: serverguide/C/network-auth.xml:975(command)
14295
14345
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14298
#: serverguide/C/network-auth.xml:955(command) serverguide/C/network-auth.xml:1477(command) serverguide/C/network-auth.xml:1662(command) serverguide/C/network-auth.xml:3883(command)
14348
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14299
14349
msgid "sudo service slapd restart"
14302
#: serverguide/C/network-auth.xml:962(para)
14352
#: serverguide/C/network-auth.xml:983(para)
14303
14353
msgid "The Provider is now configured."
14306
#: serverguide/C/network-auth.xml:969(title)
14356
#: serverguide/C/network-auth.xml:990(title)
14307
14357
msgid "Consumer Configuration"
14310
#: serverguide/C/network-auth.xml:971(para)
14360
#: serverguide/C/network-auth.xml:992(para)
14311
14361
msgid "And now configure the <emphasis>Consumer</emphasis>."
14314
#: serverguide/C/network-auth.xml:978(para)
14364
#: serverguide/C/network-auth.xml:999(para)
14316
14366
"Install the software by going through <xref linkend=\"openldap-server-"
14317
14367
"installation\"/>. Make sure the slapd-config databse is identical to the "
15160
15210
"assist you in the configuration step. Install this package now:"
15163
#: serverguide/C/network-auth.xml:1704(command)
15213
#: serverguide/C/network-auth.xml:1725(command)
15164
15214
msgid "sudo apt-get install libnss-ldap"
15167
#: serverguide/C/network-auth.xml:1707(para)
15217
#: serverguide/C/network-auth.xml:1728(para)
15169
15219
"You will be prompted for details of your LDAP server. If you make a mistake "
15170
15220
"you can try again using:"
15173
#: serverguide/C/network-auth.xml:1712(command)
15223
#: serverguide/C/network-auth.xml:1733(command)
15174
15224
msgid "sudo dpkg-reconfigure ldap-auth-config"
15177
#: serverguide/C/network-auth.xml:1715(para)
15227
#: serverguide/C/network-auth.xml:1736(para)
15179
15229
"The results of the dialog can be seen in "
15180
15230
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15181
15231
"covered in the menu edit this file accordingly."
15184
#: serverguide/C/network-auth.xml:1720(para)
15234
#: serverguide/C/network-auth.xml:1741(para)
15185
15235
msgid "Now configure the LDAP profile for NSS:"
15188
#: serverguide/C/network-auth.xml:1725(command)
15238
#: serverguide/C/network-auth.xml:1746(command)
15189
15239
msgid "sudo auth-client-config -t nss -p lac_ldap"
15192
#: serverguide/C/network-auth.xml:1728(para)
15242
#: serverguide/C/network-auth.xml:1749(para)
15193
15243
msgid "Configure the system to use LDAP for authentication:"
15196
#: serverguide/C/network-auth.xml:1733(command)
15246
#: serverguide/C/network-auth.xml:1754(command)
15197
15247
msgid "sudo pam-auth-update"
15200
#: serverguide/C/network-auth.xml:1736(para)
15250
#: serverguide/C/network-auth.xml:1757(para)
15202
15252
"From the menu, choose LDAP and any other authentication mechanisms you need."
15205
#: serverguide/C/network-auth.xml:1740(para)
15255
#: serverguide/C/network-auth.xml:1761(para)
15206
15256
msgid "You should now be able to log in using LDAP-based credentials."
15209
#: serverguide/C/network-auth.xml:1744(para)
15259
#: serverguide/C/network-auth.xml:1765(para)
15211
15261
"LDAP clients will need to refer to multiple servers if replication is in "
15212
15262
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15215
#: serverguide/C/network-auth.xml:1749(programlisting)
15265
#: serverguide/C/network-auth.xml:1770(programlisting)
15219
15269
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15222
#: serverguide/C/network-auth.xml:1753(para)
15272
#: serverguide/C/network-auth.xml:1774(para)
15224
15274
"The request will time out and the Consumer (ldap02) will attempt to be "
15225
15275
"reached if the Provider (ldap01) becomes unresponsive."
15228
#: serverguide/C/network-auth.xml:1757(para)
15278
#: serverguide/C/network-auth.xml:1778(para)
15230
15280
"If you are going to use LDAP to store Samba users you will need to configure "
15231
15281
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15232
15282
"ldap\"/> for details."
15235
#: serverguide/C/network-auth.xml:1763(para)
15285
#: serverguide/C/network-auth.xml:1784(para)
15237
15287
"An alternative to the <application>libnss-ldap</application> package is the "
15238
15288
"<application>libnss-ldapd</application> package. This, however, will bring "
15283
15333
"MIDSTART=10000\n"
15286
#: serverguide/C/network-auth.xml:1806(para)
15336
#: serverguide/C/network-auth.xml:1827(para)
15288
15338
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15289
15339
"access to the directory:"
15292
#: serverguide/C/network-auth.xml:1811(command)
15342
#: serverguide/C/network-auth.xml:1832(command)
15294
15344
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15297
#: serverguide/C/network-auth.xml:1812(command)
15347
#: serverguide/C/network-auth.xml:1833(command)
15298
15348
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15301
#: serverguide/C/network-auth.xml:1816(para)
15351
#: serverguide/C/network-auth.xml:1837(para)
15303
15353
"Replace <quote>secret</quote> with the actual password for your database's "
15304
15354
"rootDN user."
15307
#: serverguide/C/network-auth.xml:1821(para)
15357
#: serverguide/C/network-auth.xml:1842(para)
15309
15359
"The scripts are now ready to help manage your directory. Here are some "
15310
15360
"examples of how to use them:"
15313
#: serverguide/C/network-auth.xml:1828(para)
15363
#: serverguide/C/network-auth.xml:1849(para)
15314
15364
msgid "Create a new user:"
15317
#: serverguide/C/network-auth.xml:1833(command)
15367
#: serverguide/C/network-auth.xml:1854(command)
15318
15368
msgid "sudo ldapadduser george example"
15321
#: serverguide/C/network-auth.xml:1836(para)
15371
#: serverguide/C/network-auth.xml:1857(para)
15323
15373
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15324
15374
"and set the user's primary group (gid) to <emphasis "
15325
15375
"role=\"italic\">example</emphasis>"
15328
#: serverguide/C/network-auth.xml:1843(para)
15378
#: serverguide/C/network-auth.xml:1864(para)
15329
15379
msgid "Change a user's password:"
15332
#: serverguide/C/network-auth.xml:1848(command)
15382
#: serverguide/C/network-auth.xml:1869(command)
15333
15383
msgid "sudo ldapsetpasswd george"
15336
#: serverguide/C/network-auth.xml:1849(computeroutput)
15386
#: serverguide/C/network-auth.xml:1870(computeroutput)
15338
15388
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15341
#: serverguide/C/network-auth.xml:1850(userinput)
15391
#: serverguide/C/network-auth.xml:1871(userinput)
15343
15393
msgid "New Password: "
15346
#: serverguide/C/network-auth.xml:1851(userinput)
15396
#: serverguide/C/network-auth.xml:1872(userinput)
15348
15398
msgid "New Password (verify): "
15351
#: serverguide/C/network-auth.xml:1857(para)
15401
#: serverguide/C/network-auth.xml:1878(para)
15352
15402
msgid "Delete a user:"
15355
#: serverguide/C/network-auth.xml:1862(command)
15405
#: serverguide/C/network-auth.xml:1883(command)
15356
15406
msgid "sudo ldapdeleteuser george"
15359
#: serverguide/C/network-auth.xml:1868(para)
15409
#: serverguide/C/network-auth.xml:1889(para)
15360
15410
msgid "Add a group:"
15363
#: serverguide/C/network-auth.xml:1873(command)
15413
#: serverguide/C/network-auth.xml:1894(command)
15364
15414
msgid "sudo ldapaddgroup qa"
15367
#: serverguide/C/network-auth.xml:1879(para)
15417
#: serverguide/C/network-auth.xml:1900(para)
15368
15418
msgid "Delete a group:"
15371
#: serverguide/C/network-auth.xml:1884(command)
15421
#: serverguide/C/network-auth.xml:1905(command)
15372
15422
msgid "sudo ldapdeletegroup qa"
15375
#: serverguide/C/network-auth.xml:1890(para)
15425
#: serverguide/C/network-auth.xml:1911(para)
15376
15426
msgid "Add a user to a group:"
15379
#: serverguide/C/network-auth.xml:1895(command)
15429
#: serverguide/C/network-auth.xml:1916(command)
15380
15430
msgid "sudo ldapaddusertogroup george qa"
15383
#: serverguide/C/network-auth.xml:1898(para)
15433
#: serverguide/C/network-auth.xml:1919(para)
15385
15435
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15386
15436
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15387
15437
"role=\"italic\">george</emphasis>."
15390
#: serverguide/C/network-auth.xml:1905(para)
15440
#: serverguide/C/network-auth.xml:1926(para)
15391
15441
msgid "Remove a user from a group:"
15394
#: serverguide/C/network-auth.xml:1910(command)
15444
#: serverguide/C/network-auth.xml:1931(command)
15395
15445
msgid "sudo ldapdeleteuserfromgroup george qa"
15398
#: serverguide/C/network-auth.xml:1913(para)
15448
#: serverguide/C/network-auth.xml:1934(para)
15400
15450
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15401
15451
"<emphasis role=\"italic\">qa</emphasis> group."
15404
#: serverguide/C/network-auth.xml:1920(para)
15454
#: serverguide/C/network-auth.xml:1941(para)
15406
15456
"The <application>ldapmodifyuser</application> script allows you to add, "
15407
15457
"remove, or replace a user's attributes. The script uses the same syntax as "
15408
15458
"the <application>ldapmodify</application> utility. For example:"
15411
#: serverguide/C/network-auth.xml:1926(command)
15461
#: serverguide/C/network-auth.xml:1947(command)
15412
15462
msgid "sudo ldapmodifyuser george"
15415
#: serverguide/C/network-auth.xml:1927(computeroutput)
15465
#: serverguide/C/network-auth.xml:1948(computeroutput)
15418
15468
"# About to modify the following entry :\n"
15501
15551
"title: Employee\n"
15504
#: serverguide/C/network-auth.xml:1995(para)
15554
#: serverguide/C/network-auth.xml:2016(para)
15506
15556
"Notice the <emphasis><ask></emphasis> option used for the "
15507
15557
"<emphasis>sn</emphasis> attribute. This will make "
15508
"<application>ldapadduser</application> prompt you for it's value."
15558
"<application>ldapadduser</application> prompt you for its value."
15511
#: serverguide/C/network-auth.xml:2003(para)
15561
#: serverguide/C/network-auth.xml:2024(para)
15513
15563
"There are utilities in the package that were not covered here. Here is a "
15514
15564
"complete list:"
15517
#: serverguide/C/network-auth.xml:2008(ulink)
15567
#: serverguide/C/network-auth.xml:2029(ulink)
15518
15568
msgid "ldaprenamemachine"
15521
#: serverguide/C/network-auth.xml:2009(ulink)
15571
#: serverguide/C/network-auth.xml:2030(ulink)
15522
15572
msgid "ldapadduser"
15525
#: serverguide/C/network-auth.xml:2010(ulink)
15575
#: serverguide/C/network-auth.xml:2031(ulink)
15526
15576
msgid "ldapdeleteuserfromgroup"
15529
#: serverguide/C/network-auth.xml:2011(ulink)
15579
#: serverguide/C/network-auth.xml:2032(ulink)
15530
15580
msgid "ldapfinger"
15533
#: serverguide/C/network-auth.xml:2012(ulink)
15583
#: serverguide/C/network-auth.xml:2033(ulink)
15534
15584
msgid "ldapid"
15537
#: serverguide/C/network-auth.xml:2013(ulink)
15587
#: serverguide/C/network-auth.xml:2034(ulink)
15538
15588
msgid "ldapgid"
15541
#: serverguide/C/network-auth.xml:2014(ulink)
15591
#: serverguide/C/network-auth.xml:2035(ulink)
15542
15592
msgid "ldapmodifyuser"
15545
#: serverguide/C/network-auth.xml:2015(ulink)
15595
#: serverguide/C/network-auth.xml:2036(ulink)
15546
15596
msgid "ldaprenameuser"
15549
#: serverguide/C/network-auth.xml:2016(ulink)
15599
#: serverguide/C/network-auth.xml:2037(ulink)
15550
15600
msgid "lsldap"
15553
#: serverguide/C/network-auth.xml:2017(ulink)
15603
#: serverguide/C/network-auth.xml:2038(ulink)
15554
15604
msgid "ldapaddusertogroup"
15557
#: serverguide/C/network-auth.xml:2018(ulink)
15607
#: serverguide/C/network-auth.xml:2039(ulink)
15558
15608
msgid "ldapsetpasswd"
15561
#: serverguide/C/network-auth.xml:2019(ulink)
15611
#: serverguide/C/network-auth.xml:2040(ulink)
15562
15612
msgid "ldapinit"
15565
#: serverguide/C/network-auth.xml:2020(ulink)
15615
#: serverguide/C/network-auth.xml:2041(ulink)
15566
15616
msgid "ldapaddgroup"
15569
#: serverguide/C/network-auth.xml:2021(ulink)
15619
#: serverguide/C/network-auth.xml:2042(ulink)
15570
15620
msgid "ldapdeletegroup"
15573
#: serverguide/C/network-auth.xml:2022(ulink)
15623
#: serverguide/C/network-auth.xml:2043(ulink)
15574
15624
msgid "ldapmodifygroup"
15577
#: serverguide/C/network-auth.xml:2023(ulink)
15627
#: serverguide/C/network-auth.xml:2044(ulink)
15578
15628
msgid "ldapdeletemachine"
15581
#: serverguide/C/network-auth.xml:2024(ulink)
15631
#: serverguide/C/network-auth.xml:2045(ulink)
15582
15632
msgid "ldaprenamegroup"
15585
#: serverguide/C/network-auth.xml:2025(ulink)
15635
#: serverguide/C/network-auth.xml:2046(ulink)
15586
15636
msgid "ldapaddmachine"
15589
#: serverguide/C/network-auth.xml:2026(ulink)
15639
#: serverguide/C/network-auth.xml:2047(ulink)
15590
15640
msgid "ldapmodifymachine"
15593
#: serverguide/C/network-auth.xml:2027(ulink)
15643
#: serverguide/C/network-auth.xml:2048(ulink)
15594
15644
msgid "ldapsetprimarygroup"
15597
#: serverguide/C/network-auth.xml:2028(ulink)
15647
#: serverguide/C/network-auth.xml:2049(ulink)
15598
15648
msgid "ldapdeleteuser"
15601
#: serverguide/C/network-auth.xml:2034(title)
15651
#: serverguide/C/network-auth.xml:2055(title)
15602
15652
msgid "Backup and Restore"
15605
#: serverguide/C/network-auth.xml:2036(para)
15655
#: serverguide/C/network-auth.xml:2057(para)
15607
15657
"Now we have ldap running just the way we want, it is time to ensure we can "
15608
15658
"save all of our work and restore it as needed."
15611
#: serverguide/C/network-auth.xml:2041(para)
15661
#: serverguide/C/network-auth.xml:2062(para)
15613
15663
"What we need is a way to backup the ldap database(s), specifically the "
15614
15664
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15659
15709
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15662
#: serverguide/C/network-auth.xml:2088(para)
15712
#: serverguide/C/network-auth.xml:2109(para)
15663
15713
msgid "Now the files are created, they should be copied to a backup server."
15666
#: serverguide/C/network-auth.xml:2093(para)
15716
#: serverguide/C/network-auth.xml:2114(para)
15668
15718
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15669
15719
"something like this:"
15672
#: serverguide/C/network-auth.xml:2099(command)
15722
#: serverguide/C/network-auth.xml:2120(command)
15673
15723
msgid "sudo service slapd stop"
15676
#: serverguide/C/network-auth.xml:2100(command)
15726
#: serverguide/C/network-auth.xml:2121(command)
15677
15727
msgid "sudo mkdir /var/lib/ldap/accesslog"
15680
#: serverguide/C/network-auth.xml:2101(command)
15730
#: serverguide/C/network-auth.xml:2122(command)
15681
15731
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15684
#: serverguide/C/network-auth.xml:2102(command)
15734
#: serverguide/C/network-auth.xml:2123(command)
15686
15736
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15689
#: serverguide/C/network-auth.xml:2103(command)
15739
#: serverguide/C/network-auth.xml:2124(command)
15690
15740
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15693
#: serverguide/C/network-auth.xml:2104(command)
15743
#: serverguide/C/network-auth.xml:2125(command)
15694
15744
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15697
#: serverguide/C/network-auth.xml:2105(command)
15747
#: serverguide/C/network-auth.xml:2126(command)
15698
15748
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15701
#: serverguide/C/network-auth.xml:2106(command)
15751
#: serverguide/C/network-auth.xml:2127(command)
15702
15752
msgid "sudo service slapd start"
15705
#: serverguide/C/network-auth.xml:2117(para)
15755
#: serverguide/C/network-auth.xml:2138(para)
15707
15757
"The primary resource is the upstream documentation: <ulink "
15708
15758
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
15711
#: serverguide/C/network-auth.xml:2123(para)
15761
#: serverguide/C/network-auth.xml:2144(para)
15713
15763
"There are many man pages that come with the slapd package. Here are some "
15714
15764
"important ones, especially considering the material presented in this guide:"
15717
#: serverguide/C/network-auth.xml:2129(ulink)
15767
#: serverguide/C/network-auth.xml:2150(ulink)
15718
15768
msgid "slapd"
15721
#: serverguide/C/network-auth.xml:2130(ulink)
15771
#: serverguide/C/network-auth.xml:2151(ulink)
15722
15772
msgid "slapd-config"
15725
#: serverguide/C/network-auth.xml:2131(ulink)
15775
#: serverguide/C/network-auth.xml:2152(ulink)
15726
15776
msgid "slapd.access"
15729
#: serverguide/C/network-auth.xml:2132(ulink)
15779
#: serverguide/C/network-auth.xml:2153(ulink)
15730
15780
msgid "slapo-syncprov"
15733
#: serverguide/C/network-auth.xml:2138(para)
15783
#: serverguide/C/network-auth.xml:2159(para)
15734
15784
msgid "Other man pages:"
15737
#: serverguide/C/network-auth.xml:2143(ulink)
15787
#: serverguide/C/network-auth.xml:2164(ulink)
15738
15788
msgid "auth-client-config"
15741
#: serverguide/C/network-auth.xml:2144(ulink)
15791
#: serverguide/C/network-auth.xml:2165(ulink)
15742
15792
msgid "pam-auth-update"
15745
#: serverguide/C/network-auth.xml:2150(para)
15795
#: serverguide/C/network-auth.xml:2171(para)
15747
15797
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
15748
15798
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
15751
#: serverguide/C/network-auth.xml:2156(para)
15801
#: serverguide/C/network-auth.xml:2177(para)
15753
15803
"A Ubuntu community <ulink "
15754
15804
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15755
15805
"wiki</ulink> page has a collection of notes"
15758
#: serverguide/C/network-auth.xml:2162(para)
15808
#: serverguide/C/network-auth.xml:2183(para)
15760
15810
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15761
15811
"Administration</ulink> (textbook; 2003)"
15764
#: serverguide/C/network-auth.xml:2168(para)
15814
#: serverguide/C/network-auth.xml:2189(para)
15766
15816
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15767
15817
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
15770
#: serverguide/C/network-auth.xml:2179(title)
15820
#: serverguide/C/network-auth.xml:2200(title)
15771
15821
msgid "Samba and LDAP"
15774
#: serverguide/C/network-auth.xml:2181(para)
15824
#: serverguide/C/network-auth.xml:2202(para)
15776
15826
"This section covers the integration of Samba with LDAP. The Samba server's "
15777
15827
"role will be that of a \"standalone\" server and the LDAP directory will "
15778
15828
"provide the authentication layer in addition to containing the user, group, "
15779
15829
"and machine account information that Samba requires in order to function (in "
15780
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
15830
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
15781
15831
"configured with a directory that can accept authentication requests. See "
15782
15832
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
15783
15833
"requirement. Once this section is completed, you will need to decide what "
15784
15834
"specifically you want Samba to do for you and then configure it accordingly."
15787
#: serverguide/C/network-auth.xml:2190(title)
15837
#: serverguide/C/network-auth.xml:2211(title)
15788
15838
msgid "Software Installation"
15791
#: serverguide/C/network-auth.xml:2192(para)
15841
#: serverguide/C/network-auth.xml:2213(para)
15793
15843
"There are three packages needed when integrating Samba with LDAP: "
15794
15844
"<application>samba</application>, <application>samba-doc</application>, and "
15795
15845
"<application>smbldap-tools</application> packages."
15798
#: serverguide/C/network-auth.xml:2197(para)
15848
#: serverguide/C/network-auth.xml:2223(para)
15800
15850
"Strictly speaking, the <application>smbldap-tools</application> package "
15801
15851
"isn't needed, but unless you have some other way to manage the various Samba "
16247
16297
"<application>smbldap-useradd</application>."
16250
#: serverguide/C/network-auth.xml:2624(para)
16300
#: serverguide/C/network-auth.xml:2653(para)
16252
16302
"There are utilities in the <application>smbldap-tools</application> package "
16253
16303
"that were not covered here. Here is a complete list:"
16256
#: serverguide/C/network-auth.xml:2629(ulink)
16306
#: serverguide/C/network-auth.xml:2658(ulink)
16257
16307
msgid "smbldap-groupadd"
16260
#: serverguide/C/network-auth.xml:2630(ulink)
16310
#: serverguide/C/network-auth.xml:2659(ulink)
16261
16311
msgid "smbldap-groupdel"
16264
#: serverguide/C/network-auth.xml:2631(ulink)
16314
#: serverguide/C/network-auth.xml:2660(ulink)
16265
16315
msgid "smbldap-groupmod"
16268
#: serverguide/C/network-auth.xml:2632(ulink)
16318
#: serverguide/C/network-auth.xml:2661(ulink)
16269
16319
msgid "smbldap-groupshow"
16272
#: serverguide/C/network-auth.xml:2633(ulink)
16322
#: serverguide/C/network-auth.xml:2662(ulink)
16273
16323
msgid "smbldap-passwd"
16276
#: serverguide/C/network-auth.xml:2634(ulink)
16326
#: serverguide/C/network-auth.xml:2663(ulink)
16277
16327
msgid "smbldap-populate"
16280
#: serverguide/C/network-auth.xml:2635(ulink)
16330
#: serverguide/C/network-auth.xml:2664(ulink)
16281
16331
msgid "smbldap-useradd"
16284
#: serverguide/C/network-auth.xml:2636(ulink)
16334
#: serverguide/C/network-auth.xml:2665(ulink)
16285
16335
msgid "smbldap-userdel"
16288
#: serverguide/C/network-auth.xml:2637(ulink)
16338
#: serverguide/C/network-auth.xml:2666(ulink)
16289
16339
msgid "smbldap-userinfo"
16292
#: serverguide/C/network-auth.xml:2638(ulink)
16342
#: serverguide/C/network-auth.xml:2667(ulink)
16293
16343
msgid "smbldap-userlist"
16296
#: serverguide/C/network-auth.xml:2639(ulink)
16346
#: serverguide/C/network-auth.xml:2668(ulink)
16297
16347
msgid "smbldap-usermod"
16300
#: serverguide/C/network-auth.xml:2640(ulink)
16350
#: serverguide/C/network-auth.xml:2669(ulink)
16301
16351
msgid "smbldap-usershow"
16304
#: serverguide/C/network-auth.xml:2651(para)
16354
#: serverguide/C/network-auth.xml:2677(para)
16306
16356
"For more information on installing and configuring Samba see <xref "
16307
16357
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16310
#: serverguide/C/network-auth.xml:2657(para)
16360
#: serverguide/C/network-auth.xml:2686(para)
16312
16362
"There are multiple places where LDAP and Samba is documented in the upstream "
16313
16363
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16314
16364
"HOWTO Collection</ulink>."
16317
#: serverguide/C/network-auth.xml:2664(para)
16367
#: serverguide/C/network-auth.xml:2693(para)
16319
16369
"Regarding the above, see specifically the <ulink "
16320
16370
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16321
16371
"Collection/passdb.html\">passdb section</ulink>."
16324
#: serverguide/C/network-auth.xml:2670(para)
16374
#: serverguide/C/network-auth.xml:2699(para)
16326
16376
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16327
16377
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16328
16378
"valuable notes."
16331
#: serverguide/C/network-auth.xml:2676(para)
16381
#: serverguide/C/network-auth.xml:2705(para)
16333
16383
"The main page of the <ulink "
16334
16384
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16732
16782
"of those networks."
16735
#: serverguide/C/network-auth.xml:3035(para)
16785
#: serverguide/C/network-auth.xml:3064(para)
16737
16787
"First, install the packages, and when asked for the Kerberos and Admin "
16738
16788
"server names enter the name of the Primary KDC:"
16741
#: serverguide/C/network-auth.xml:3046(para)
16791
#: serverguide/C/network-auth.xml:3075(para)
16743
16793
"Once you have the packages installed, create the Secondary KDC's host "
16744
16794
"principal. From a terminal prompt, enter:"
16747
#: serverguide/C/network-auth.xml:3051(command)
16797
#: serverguide/C/network-auth.xml:3080(command)
16748
16798
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16751
#: serverguide/C/network-auth.xml:3055(para)
16801
#: serverguide/C/network-auth.xml:3084(para)
16753
16803
"After, issuing any <application>kadmin</application> commands you will be "
16754
16804
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16758
#: serverguide/C/network-auth.xml:3064(para)
16808
#: serverguide/C/network-auth.xml:3093(para)
16759
16809
msgid "Extract the <emphasis>keytab</emphasis> file:"
16762
#: serverguide/C/network-auth.xml:3069(command)
16812
#: serverguide/C/network-auth.xml:3098(command)
16763
16813
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
16766
#: serverguide/C/network-auth.xml:3075(para)
16816
#: serverguide/C/network-auth.xml:3104(para)
16768
16818
"There should now be a <filename>keytab.kdc02</filename> in the current "
16769
16819
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16772
#: serverguide/C/network-auth.xml:3081(command)
16822
#: serverguide/C/network-auth.xml:3110(command)
16773
16823
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16776
#: serverguide/C/network-auth.xml:3085(para)
16826
#: serverguide/C/network-auth.xml:3114(para)
16778
16828
"If the path to the <filename>keytab.kdc02</filename> file is different "
16779
16829
"adjust accordingly."
16782
#: serverguide/C/network-auth.xml:3090(para)
16832
#: serverguide/C/network-auth.xml:3119(para)
16784
16834
"Also, you can list the principals in a Keytab file, which can be useful when "
16785
16835
"troubleshooting, using the <application>klist</application> utility:"
16788
#: serverguide/C/network-auth.xml:3096(command)
16838
#: serverguide/C/network-auth.xml:3125(command)
16789
16839
msgid "sudo klist -k /etc/krb5.keytab"
16792
#: serverguide/C/network-auth.xml:3099(para)
16842
#: serverguide/C/network-auth.xml:3128(para)
16794
16844
"The <application>-k</application> option indicates the file is a keytab file."
16797
#: serverguide/C/network-auth.xml:3106(para)
16847
#: serverguide/C/network-auth.xml:3135(para)
16799
16849
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16800
16850
"that lists all KDCs for the Realm. For example, on both primary and "
16801
16851
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16804
#: serverguide/C/network-auth.xml:3111(programlisting)
16854
#: serverguide/C/network-auth.xml:3140(programlisting)
17649
17699
"l\">kdb5_ldap_util man page</ulink>."
17652
#: serverguide/C/network-auth.xml:3933(para)
17702
#: serverguide/C/network-auth.xml:3959(para)
17654
17704
"Another useful link is the <ulink "
17655
17705
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17656
17706
"rb5.conf man page</ulink>."
17659
#: serverguide/C/network-auth.xml:3938(para)
17709
#: serverguide/C/network-auth.xml:3967(para)
17661
17711
"Also, see the <ulink "
17662
17712
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17663
17713
"and LDAP</ulink> Ubuntu wiki page."
17716
#: serverguide/C/network-auth.xml:3973(title)
17717
msgid "SSSD and Active Directory"
17720
#: serverguide/C/network-auth.xml:3974(para)
17722
"This section describes the use of sssd to authenticate user logins against "
17723
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17724
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
17725
"However, when authenticating against a Microsoft Windows AD Domain "
17726
"Controller, it was generally necessary to install the POSIX AD extensions on "
17727
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
17728
"requires no modifications to the AD structure."
17731
#: serverguide/C/network-auth.xml:3978(title)
17732
msgid "Prerequisites, Assumptions, and Requirements"
17735
#: serverguide/C/network-auth.xml:3981(para)
17737
"This guide does not explain Active Directory, how it works, how to set one "
17738
"up, or how to maintain it. It may not provide “best practices” for your "
17742
#: serverguide/C/network-auth.xml:3983(para)
17744
"This guide assumes that a working Active Directory domain is already "
17748
#: serverguide/C/network-auth.xml:3985(para)
17750
"The domain controller is acting as an authoritative DNS server for the "
17754
#: serverguide/C/network-auth.xml:3987(para)
17756
"The domain controller is the primary DNS resolver as specified in "
17757
"<filename>/etc/resolv.conf</filename>."
17760
#: serverguide/C/network-auth.xml:3990(para)
17762
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
17763
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
17764
"(see Resources section for external links)."
17767
#: serverguide/C/network-auth.xml:3992(para)
17769
"System time is synchronized on the domain controller (necessary for "
17773
#: serverguide/C/network-auth.xml:3994(para)
17775
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
17779
#: serverguide/C/network-auth.xml:3999(para)
17781
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
17782
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
17783
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
17784
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
17785
"controllers are needed for this step."
17788
#: serverguide/C/network-auth.xml:4000(para)
17789
msgid "Install these packages now."
17792
#: serverguide/C/network-auth.xml:4002(command)
17793
msgid "sudo apt-get install krb5-user samba sssd ntp"
17796
#: serverguide/C/network-auth.xml:4003(para)
17798
"See the next section for the answers to the questions asked by the "
17799
"<emphasis>krb5-user</emphasis> postinstall script."
17802
#: serverguide/C/network-auth.xml:4006(title)
17803
msgid "Kerberos Configuration"
17806
#: serverguide/C/network-auth.xml:4007(para)
17808
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
17809
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
17810
"server (also the domain controller in this example.) This will write the "
17811
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
17812
"These sections may not be necessary if domain autodiscovery is working. If "
17813
"not, then both are needed."
17816
#: serverguide/C/network-auth.xml:4008(para)
17818
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
17819
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
17822
#: serverguide/C/network-auth.xml:4011(para)
17824
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
17825
"settings to specify Kerberos ticket lifetime (these values are safe to use "
17829
#: serverguide/C/network-auth.xml:4012(programlisting)
17835
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
17836
"ticket_lifetime = 24h #\n"
17837
"renew_lifetime = 7d\n"
17841
#: serverguide/C/network-auth.xml:4020(para)
17843
"If default_realm is not specified, it may be necessary to log in with "
17844
"“username@domain” instead of “username”."
17847
#: serverguide/C/network-auth.xml:4022(para)
17849
"The system time on the Active Directory member needs to be consistent with "
17850
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
17851
"the domain controller server itself will provide the NTP service. Edit "
17852
"<filename>/etc/ntp.conf</filename>:"
17855
#: serverguide/C/network-auth.xml:4024(programlisting)
17859
"server dc.myubuntu.example.com\n"
17862
#: serverguide/C/network-auth.xml:4031(para)
17864
"Samba will be used to perform netbios/nmbd services related to Active "
17865
"Directory authentication, even if no file shares are exported. Edit the file "
17866
"/etc/samba/smb.conf and add the following to the "
17867
"<emphasis>[global]</emphasis> section:"
17870
#: serverguide/C/network-auth.xml:4033(programlisting)
17876
"workgroup = MYUBUNTU\n"
17877
"client signing = yes\n"
17878
"client use spnego = yes\n"
17879
"kerberos method = secrets and keytab\n"
17880
"realm = MYUBUNTU.EXAMPLE.COM\n"
17884
#: serverguide/C/network-auth.xml:4044(para)
17886
"Some guides specify that \"password server\" should be specified and pointed "
17887
"to the domain controller. This is only necessary if DNS is not properly set "
17888
"up to find the DC. By default, Samba will display a warning if \"password "
17889
"server\" is specified with \"security = ads\"."
17892
#: serverguide/C/network-auth.xml:4049(title)
17893
msgid "SSSD Configuration"
17896
#: serverguide/C/network-auth.xml:4051(para)
17898
"There is no default/example config file for "
17899
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
17900
"necessary to create one. This is a minimal working config file:"
17903
#: serverguide/C/network-auth.xml:4053(programlisting)
17908
"services = nss, pam\n"
17909
"config_file_version = 2\n"
17910
"domains = MYUBUNTU.EXAMPLE.COM\n"
17912
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
17913
"id_provider = ad\n"
17914
"access_provider = ad\n"
17916
"# Use this if users are being logged in at /.\n"
17917
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
17918
"pam_mkhomedir.so\n"
17919
"override_homedir = /home/%d/%u\n"
17921
"# Uncomment if the client machine hostname doesn't match the computer object "
17923
"# ad_hostname = mymachine.myubuntu.example.com\n"
17925
"# Uncomment if DNS SRV resolution is not working\n"
17926
"# ad_server = dc.mydomain.example.com\n"
17928
"# Uncomment if the AD domain is named differently than the Samba domain\n"
17929
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
17931
"# Enumeration is discouraged for performance reasons.\n"
17932
"# enumerate = true\n"
17935
#: serverguide/C/network-auth.xml:4080(para)
17937
"After saving this file, set the ownership to root and the file permissions "
17941
#: serverguide/C/network-auth.xml:4081(command)
17942
msgid "sudo chown root:root /etc/sssd/sssd.conf"
17945
#: serverguide/C/network-auth.xml:4082(command)
17946
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
17949
#: serverguide/C/network-auth.xml:4084(para)
17951
"If the ownership or permissions are not correct, sssd will refuse to start."
17954
#: serverguide/C/network-auth.xml:4088(title)
17955
msgid "Verify nsswitch.conf Configuration"
17958
#: serverguide/C/network-auth.xml:4089(para)
17960
"The post-install script for the sssd package makes some modifications to "
17961
"/etc/nsswitch.conf automatically. It should look something like this:"
17964
#: serverguide/C/network-auth.xml:4091(programlisting)
17968
"passwd: compat sss\n"
17969
"group: compat sss\n"
17971
"netgroup: nis sss\n"
17972
"sudoers: files sss\n"
17975
#: serverguide/C/network-auth.xml:4101(title)
17976
msgid "Modify /etc/hosts"
17979
#: serverguide/C/network-auth.xml:4102(para)
17981
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
17985
#: serverguide/C/network-auth.xml:4103(programlisting)
17987
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
17990
#: serverguide/C/network-auth.xml:4105(para)
17991
msgid "This is useful in conjunction with dynamic DNS updates."
17994
#: serverguide/C/network-auth.xml:4109(title)
17995
msgid "Join the Active Directory"
17998
#: serverguide/C/network-auth.xml:4110(para)
17999
msgid "Now, restart ntp and samba and start sssd."
18002
#: serverguide/C/virtualization.xml:2208(command)
18003
msgid "sudo service ntp restart"
18006
#: serverguide/C/network-auth.xml:4114(command)
18007
msgid "sudo start sssd"
18010
#: serverguide/C/network-auth.xml:4116(para)
18011
msgid "Test the configuration by obtaining a Kerberos ticket:"
18014
#: serverguide/C/network-auth.xml:4118(command)
18015
msgid "sudo kinit Administrator"
18018
#: serverguide/C/network-auth.xml:4120(para)
18019
msgid "Verify the ticket with:"
18022
#: serverguide/C/network-auth.xml:4121(command)
18026
#: serverguide/C/network-auth.xml:4123(para)
18028
"If there is a ticket with an expiration date listed, then it is time to join "
18032
#: serverguide/C/network-auth.xml:4125(command)
18033
msgid "sudo net ads join -k"
18036
#: serverguide/C/network-auth.xml:4127(para)
18038
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18039
"probably means that there is no (correct) alias in "
18040
"<filename>/etc/hosts</filename>, and the system could not provide its own "
18041
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
18042
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
18043
"\"Modify /etc/hosts\" above."
18046
#: serverguide/C/network-auth.xml:4129(para)
18048
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18049
"something is incorrect. Review the prior steps before proceeding)."
18052
#: serverguide/C/network-auth.xml:4131(para)
18054
"Here are a couple of (optional) checks to verify that the domain join was "
18055
"successful. Note that if the domain was successfully joined but one or both "
18056
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
18057
"Some of the changes appear to be asynchronous."
18060
#: serverguide/C/network-auth.xml:4133(para)
18061
msgid "Verification option #1:"
18064
#: serverguide/C/network-auth.xml:4134(para)
18066
"Check the default Organizational Unit for computer accounts in the Active "
18067
"Directory to verify that the computer account was created. (Organizational "
18068
"Units in Active Directory is a topic outside the scope of this guide)."
18071
#: serverguide/C/network-auth.xml:4136(para)
18072
msgid "Verification option #2"
18075
#: serverguide/C/network-auth.xml:4137(para)
18076
msgid "Execute this command for a specific AD user (e.g. administrator)"
18079
#: serverguide/C/network-auth.xml:4138(command)
18080
msgid "getent passwd username"
18083
#: serverguide/C/network-auth.xml:4140(para)
18085
"If <emphasis>enumerate = true</emphasis> is set in "
18086
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18087
"username argument will list all domain users. This may be useful for "
18088
"testing, but is slow and not recommended for production."
18091
#: serverguide/C/network-auth.xml:4144(title)
18092
msgid "Test Authentication"
18095
#: serverguide/C/network-auth.xml:4145(para)
18097
"It should now be possible to authenticate using an Active Directory User's "
18101
#: serverguide/C/network-auth.xml:4147(command)
18102
msgid "su - username"
18105
#: serverguide/C/network-auth.xml:4149(para)
18107
"If this works, then other login methods (getty, ssh) should also work."
18110
#: serverguide/C/network-auth.xml:4151(para)
18112
"If the computer account was created, indicating that the system was "
18113
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18114
"helpful to review <filename>/etc/pam.d</filename> and "
18115
"<filename>nssswitch.conf</filename> as well as the file changes described "
18116
"earlier in this guide."
18119
#: serverguide/C/network-auth.xml:4155(title)
18120
msgid "Home directories with pam_mkhomedir (optional)"
18123
#: serverguide/C/network-auth.xml:4156(para)
18125
"When logging in using an Active Directory user account, it is likely that "
18126
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18127
"will create the user’s home directory on login. Edit "
18128
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
18129
"after <emphasis>session required pam_unix.so:</emphasis>"
18132
#: serverguide/C/network-auth.xml:4157(programlisting)
18136
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18139
#: serverguide/C/network-auth.xml:4161(para)
18141
"This may also need <emphasis>override_homedir</emphasis> in "
18142
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18146
#: serverguide/C/network-auth.xml:4165(title)
18147
msgid "Desktop Ubuntu Authentication"
18150
#: serverguide/C/network-auth.xml:4166(para)
18152
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18153
"Directory accounts. The AD accounts will not show up in the pick list with "
18154
"local users, so lightdm will need to be modified. Edit the file "
18155
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
18156
"append the following two lines:"
18159
#: serverguide/C/network-auth.xml:4168(programlisting)
18163
"greeter-show-manual-login=true\n"
18164
"greeter-hide-users=true\n"
18167
#: serverguide/C/network-auth.xml:4173(para)
18169
"Reboot to restart lightdm. It should now be possible to log in using a "
18170
"domain account using either <emphasis>username</emphasis> or "
18171
"<emphasis>username/username@domain</emphasis> format."
18174
#: serverguide/C/network-auth.xml:4179(ulink)
18175
msgid "SSSD Project"
18178
#: serverguide/C/network-auth.xml:4180(ulink)
18179
msgid "DNS Server Configuration guidelines"
18182
#: serverguide/C/network-auth.xml:4181(ulink)
18183
msgid "Active Directory DNS Zone Entries"
18186
#: serverguide/C/network-auth.xml:4182(ulink)
18187
msgid "Kerberos config options"
17666
18190
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
17667
18191
msgid "Device Attributes"
20595
#: serverguide/C/mail.xml:1378(para)
21119
#: serverguide/C/mail.xml:1319(para)
20597
21121
"See <xref linkend=\"postfix\"/> for instructions on installing and "
20598
21122
"configuring Postfix."
20601
#: serverguide/C/mail.xml:1381(para)
21125
#: serverguide/C/mail.xml:1322(para)
20603
21127
"To install the rest of the applications enter the following from a terminal "
20607
#: serverguide/C/mail.xml:1385(command)
21131
#: serverguide/C/mail.xml:1326(command)
20608
21132
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
20611
#: serverguide/C/mail.xml:1386(command)
21135
#: serverguide/C/mail.xml:1327(command)
20612
21136
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
20615
#: serverguide/C/mail.xml:1388(para)
21139
#: serverguide/C/mail.xml:1329(para)
20617
21141
"There are some optional packages that integrate with "
20618
21142
"<application>Spamassassin</application> for better spam detection:"
20621
#: serverguide/C/mail.xml:1392(command)
21145
#: serverguide/C/mail.xml:1333(command)
20622
21146
msgid "sudo apt-get install pyzor razor"
20625
#: serverguide/C/mail.xml:1394(para)
21149
#: serverguide/C/mail.xml:1335(para)
20627
21151
"Along with the main filtering applications compression utilities are needed "
20628
21152
"to process some email attachments:"
20631
#: serverguide/C/mail.xml:1398(command)
21155
#: serverguide/C/mail.xml:1339(command)
20633
21157
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
20636
#: serverguide/C/mail.xml:1401(para)
21160
#: serverguide/C/mail.xml:1342(para)
20638
21162
"If some packages are not found, check that the "
20639
21163
"<emphasis>multiverse</emphasis> repository is enabled in "
20640
21164
"<filename>/etc/apt/sources.list</filename>"
20643
#: serverguide/C/mail.xml:1402(para)
21167
#: serverguide/C/mail.xml:1343(para)
20645
21169
"If you make changes to the file, be sure to run <command>sudo apt-get "
20646
21170
"update</command> before trying to install again."
20649
#: serverguide/C/mail.xml:1407(para)
21173
#: serverguide/C/mail.xml:1348(para)
20650
21174
msgid "Now configure everything to work together and filter email."
20653
#: serverguide/C/mail.xml:1411(title)
21177
#: serverguide/C/mail.xml:1352(title)
20654
21178
msgid "ClamAV"
20657
#: serverguide/C/mail.xml:1412(para)
21181
#: serverguide/C/mail.xml:1353(para)
20659
21183
"The default behaviour of <application>ClamAV</application> will fit our "
20660
21184
"needs. For more ClamAV configuration options, check the configuration files "
20661
21185
"in <filename>/etc/clamav</filename>."
20664
#: serverguide/C/mail.xml:1417(para)
21188
#: serverguide/C/mail.xml:1358(para)
20666
21190
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
20667
21191
"group in order for <application>Amavisd-new</application> to have the "
20668
21192
"appropriate access to scan files:"
20671
#: serverguide/C/mail.xml:1422(command)
21195
#: serverguide/C/mail.xml:1363(command)
20672
21196
msgid "sudo adduser clamav amavis"
20675
#: serverguide/C/mail.xml:1423(command)
21199
#: serverguide/C/mail.xml:1364(command)
20676
21200
msgid "sudo adduser amavis clamav"
20679
#: serverguide/C/mail.xml:1427(title)
21203
#: serverguide/C/mail.xml:1368(title)
20680
21204
msgid "Spamassassin"
20683
#: serverguide/C/mail.xml:1428(para)
21207
#: serverguide/C/mail.xml:1369(para)
20685
21209
"Spamassassin automatically detects optional components and will use them if "
20686
21210
"they are present. This means that there is no need to configure "
20687
21211
"<application>pyzor</application> and <application>razor</application>."
20690
#: serverguide/C/mail.xml:1432(para)
21214
#: serverguide/C/mail.xml:1373(para)
20692
21216
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
20693
21217
"<application>Spamassassin</application> daemon. Change "
20694
21218
"<emphasis>ENABLED=0</emphasis> to:"
20697
#: serverguide/C/mail.xml:1436(programlisting)
21221
#: serverguide/C/mail.xml:1377(programlisting)
20701
21225
"ENABLED=1\n"
20704
#: serverguide/C/mail.xml:1439(para)
21228
#: serverguide/C/mail.xml:1380(para)
20705
21229
msgid "Now start the daemon:"
22525
23056
"<emphasis>\"Done setting up partition\"</emphasis>."
22528
#: serverguide/C/installation.xml:518(para)
23059
#: serverguide/C/installation.xml:511(para)
22529
23060
msgid "Repeat steps three through eight for the other disk and partitions."
22532
#: serverguide/C/installation.xml:527(title)
23063
#: serverguide/C/installation.xml:520(title)
22533
23064
msgid "RAID Configuration"
23067
#: serverguide/C/installation.xml:522(para)
23068
msgid "With the partitions setup the arrays are ready to be configured:"
22536
23071
#: serverguide/C/installation.xml:529(para)
22537
msgid "With the partitions setup the arrays are ready to be configured:"
22540
#: serverguide/C/installation.xml:536(para)
22542
23073
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
22543
23074
"Software RAID\"</emphasis> at the top."
23077
#: serverguide/C/installation.xml:536(para)
23078
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
22546
23081
#: serverguide/C/installation.xml:543(para)
22547
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23082
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22550
23085
#: serverguide/C/installation.xml:550(para)
22551
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
22554
#: serverguide/C/installation.xml:557(para)
22556
23087
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
22557
23088
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
22560
#: serverguide/C/installation.xml:563(para)
23091
#: serverguide/C/installation.xml:556(para)
22562
23093
"In order to use <emphasis>RAID5</emphasis> you need at least "
22563
23094
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
22564
23095
"<emphasis>two</emphasis> drives are required."
22567
#: serverguide/C/installation.xml:572(para)
23098
#: serverguide/C/installation.xml:565(para)
22569
23100
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
22570
23101
"of hard drives you have, for the array. Then select "
22571
23102
"<emphasis>\"Continue\"</emphasis>."
22574
#: serverguide/C/installation.xml:580(para)
23105
#: serverguide/C/installation.xml:573(para)
22576
23107
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
22577
23108
"default, then choose <emphasis>\"Continue\"</emphasis>."
22580
#: serverguide/C/installation.xml:587(para)
23111
#: serverguide/C/installation.xml:580(para)
22582
23113
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
22583
23114
"etc. The numbers will usually match and the different letters correspond to "
22584
23115
"different hard drives."
22587
#: serverguide/C/installation.xml:592(para)
23118
#: serverguide/C/installation.xml:585(para)
22589
23120
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
22590
23121
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
22591
23122
"go to the next step."
22594
#: serverguide/C/installation.xml:600(para)
23125
#: serverguide/C/installation.xml:593(para)
22596
23127
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
22597
23128
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
22598
23129
"and <emphasis>sdb2</emphasis>."
22601
#: serverguide/C/installation.xml:608(para)
23132
#: serverguide/C/installation.xml:601(para)
22602
23133
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
22605
#: serverguide/C/installation.xml:618(title)
23136
#: serverguide/C/installation.xml:611(title)
22606
23137
msgid "Formatting"
22609
#: serverguide/C/installation.xml:620(para)
23140
#: serverguide/C/installation.xml:613(para)
22611
23142
"There should now be a list of hard drives and RAID devices. The next step is "
22612
23143
"to format and set the mount point for the RAID devices. Treat the RAID "
22613
23144
"device as a local hard drive, format and mount accordingly."
22616
#: serverguide/C/installation.xml:628(para)
23147
#: serverguide/C/installation.xml:621(para)
22618
23149
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22619
23150
"#0\"</emphasis> partition."
22622
#: serverguide/C/installation.xml:635(para)
23153
#: serverguide/C/installation.xml:628(para)
22624
23155
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
22625
23156
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
22628
#: serverguide/C/installation.xml:643(para)
23159
#: serverguide/C/installation.xml:636(para)
22630
23161
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
22631
23162
"#1\"</emphasis> partition."
22634
#: serverguide/C/installation.xml:650(para)
23165
#: serverguide/C/installation.xml:643(para)
22636
23167
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
22637
23168
"journaling file system\"</emphasis>."
22640
#: serverguide/C/installation.xml:657(para)
23171
#: serverguide/C/installation.xml:650(para)
22642
23173
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
22643
23174
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
22705
23236
"behavior, and can also be manually edited:"
22708
#: serverguide/C/installation.xml:720(programlisting)
23239
#: serverguide/C/installation.xml:713(programlisting)
22712
23243
"BOOT_DEGRADED=true\n"
22715
#: serverguide/C/installation.xml:725(para)
23246
#: serverguide/C/installation.xml:718(para)
22716
23247
msgid "The configuration file can be overridden by using a Kernel argument."
22719
#: serverguide/C/installation.xml:733(para)
23250
#: serverguide/C/installation.xml:726(para)
22721
23252
"Using a Kernel argument will allow the system to boot to a degraded array as "
22725
#: serverguide/C/installation.xml:739(para)
23256
#: serverguide/C/installation.xml:732(para)
22727
23258
"When the server is booting press <keycap>Shift</keycap> to open the "
22728
23259
"<application>Grub</application> menu."
22731
#: serverguide/C/installation.xml:744(para)
23262
#: serverguide/C/installation.xml:737(para)
22732
23263
msgid "Press <keycap>e</keycap> to edit your kernel command options."
22735
#: serverguide/C/installation.xml:749(para)
23266
#: serverguide/C/installation.xml:742(para)
22736
23267
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
22739
#: serverguide/C/installation.xml:754(para)
23270
#: serverguide/C/installation.xml:747(para)
22741
23272
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
22742
23273
"end of the line."
22745
#: serverguide/C/installation.xml:759(para)
23276
#: serverguide/C/installation.xml:752(para)
22747
23278
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
22748
23279
"the system."
22751
#: serverguide/C/installation.xml:768(para)
23282
#: serverguide/C/installation.xml:761(para)
22753
23284
"Once the system has booted you can either repair the array see <xref "
22754
23285
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
22755
23286
"another machine due to major hardware failure."
22758
#: serverguide/C/installation.xml:775(title)
23289
#: serverguide/C/installation.xml:768(title)
22759
23290
msgid "RAID Maintenance"
22762
#: serverguide/C/installation.xml:777(para)
23293
#: serverguide/C/installation.xml:770(para)
22764
23295
"The <application>mdadm</application> utility can be used to view the status "
22765
23296
"of an array, add disks to an array, remove disks, etc:"
22768
#: serverguide/C/installation.xml:784(para)
23299
#: serverguide/C/installation.xml:777(para)
22769
23300
msgid "To view the status of an array, from a terminal prompt enter:"
22772
#: serverguide/C/installation.xml:788(command)
23303
#: serverguide/C/installation.xml:781(command)
22773
23304
msgid "sudo mdadm -D /dev/md0"
22776
#: serverguide/C/installation.xml:791(para)
23307
#: serverguide/C/installation.xml:784(para)
22778
23309
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
22779
23310
"display <emphasis>detailed</emphasis> information about the "
23971
24509
"your vendor documentation to configure your specific iSCSI target."
23974
#: serverguide/C/file-server.xml:470(title)
24512
#: serverguide/C/file-server.xml:471(title)
23975
24513
msgid "iSCSI Initiator Install"
23978
#: serverguide/C/file-server.xml:472(para)
24516
#: serverguide/C/file-server.xml:473(para)
23980
24518
"To configure Ubuntu Server as an iSCSI initiator install the "
23981
24519
"<application>open-iscsi</application> package. In a terminal enter:"
23984
#: serverguide/C/file-server.xml:477(command)
24522
#: serverguide/C/file-server.xml:478(command)
23985
24523
msgid "sudo apt-get install open-iscsi"
23988
#: serverguide/C/file-server.xml:482(title)
24526
#: serverguide/C/file-server.xml:483(title)
23989
24527
msgid "iSCSI Initiator Configuration"
23992
#: serverguide/C/file-server.xml:484(para)
24530
#: serverguide/C/file-server.xml:485(para)
23994
24532
"Once the <application>open-iscsi</application> package is installed, edit "
23995
24533
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
23998
#: serverguide/C/file-server.xml:488(programlisting)
24536
#: serverguide/C/file-server.xml:489(programlisting)
24002
24540
"node.startup = automatic\n"
24005
#: serverguide/C/file-server.xml:492(para)
24543
#: serverguide/C/file-server.xml:493(para)
24007
24545
"You can check which targets are available by using the "
24008
24546
"<application>iscsiadm</application> utility. Enter the following in a "
24012
#: serverguide/C/file-server.xml:497(command)
24550
#: serverguide/C/file-server.xml:498(command)
24013
24551
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24016
#: serverguide/C/file-server.xml:501(para)
24554
#: serverguide/C/file-server.xml:502(para)
24018
24556
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24021
#: serverguide/C/file-server.xml:502(para)
24559
#: serverguide/C/file-server.xml:503(para)
24022
24560
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24025
#: serverguide/C/file-server.xml:503(para)
24563
#: serverguide/C/file-server.xml:504(para)
24026
24564
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24029
#: serverguide/C/file-server.xml:507(para)
24567
#: serverguide/C/file-server.xml:508(para)
24031
24569
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24032
24570
"your network."
24035
#: serverguide/C/file-server.xml:512(para)
24573
#: serverguide/C/file-server.xml:513(para)
24037
24575
"If the target is available you should see output similar to the following:"
24040
#: serverguide/C/file-server.xml:517(computeroutput)
24578
#: serverguide/C/file-server.xml:518(computeroutput)
24044
24582
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24047
#: serverguide/C/file-server.xml:523(para)
24585
#: serverguide/C/file-server.xml:524(para)
24049
24587
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24050
24588
"on your hardware."
24053
#: serverguide/C/file-server.xml:528(para)
24591
#: serverguide/C/file-server.xml:529(para)
24055
24593
"You should now be able to connect to the iSCSI target, and depending on your "
24056
24594
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24059
#: serverguide/C/file-server.xml:534(command)
24597
#: serverguide/C/file-server.xml:535(command)
24060
24598
msgid "sudo iscsiadm -m node --login"
24063
#: serverguide/C/file-server.xml:537(para)
24601
#: serverguide/C/file-server.xml:538(para)
24065
24603
"Check to make sure that the new disk has been detected using "
24066
24604
"<application>dmesg</application>:"
24069
#: serverguide/C/file-server.xml:542(command)
24607
#: serverguide/C/file-server.xml:543(command)
24070
24608
msgid "dmesg | grep sd"
24073
#: serverguide/C/file-server.xml:543(computeroutput)
24611
#: serverguide/C/file-server.xml:544(computeroutput)
26646
27184
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
26649
#: serverguide/C/dm-multipath.xml:1325(screen)
27187
#: serverguide/C/dm-multipath.xml:1326(screen)
26651
27189
msgid "# echo 'show config' | multipathd -k"
26654
#: serverguide/C/dm-multipath.xml:1330(title)
27192
#: serverguide/C/dm-multipath.xml:1331(title)
26655
27193
msgid "DM-Multipath Administration and Troubleshooting"
26658
#: serverguide/C/dm-multipath.xml:1333(title)
27196
#: serverguide/C/dm-multipath.xml:1334(title)
26659
27197
msgid "Resizing an Online Multipath Device"
26662
#: serverguide/C/dm-multipath.xml:1335(para)
27200
#: serverguide/C/dm-multipath.xml:1336(para)
26664
27202
"If you need to resize an online multipath device, use the following procedure"
26667
#: serverguide/C/dm-multipath.xml:1340(para)
27205
#: serverguide/C/dm-multipath.xml:1341(para)
26668
27206
msgid "Resize your physical device. This is storage platform specific."
26671
#: serverguide/C/dm-multipath.xml:1345(para)
27209
#: serverguide/C/dm-multipath.xml:1346(para)
26672
27210
msgid "Use the following command to find the paths to the LUN:"
26675
#: serverguide/C/dm-multipath.xml:1347(screen)
27213
#: serverguide/C/dm-multipath.xml:1348(screen)
26677
27215
msgid "# multipath -l"
26680
#: serverguide/C/dm-multipath.xml:1351(para)
27218
#: serverguide/C/dm-multipath.xml:1352(para)
26682
27220
"Resize your paths. For SCSI devices, writing 1 to the "
26683
27221
"<filename>rescan</filename> file for the device causes the SCSI driver to "
26684
27222
"rescan, as in the following command:"
26687
#: serverguide/C/dm-multipath.xml:1355(screen)
27225
#: serverguide/C/dm-multipath.xml:1356(screen)
26689
27227
msgid "# echo 1 > /sys/block/device_name/device/rescan"
26692
#: serverguide/C/dm-multipath.xml:1359(para)
27230
#: serverguide/C/dm-multipath.xml:1360(para)
26694
27232
"Resize your multipath device by running the multipathd resize command:"
26697
#: serverguide/C/dm-multipath.xml:1362(screen)
27235
#: serverguide/C/dm-multipath.xml:1363(screen)
26699
27237
msgid "# multipathd -k 'resize map mpatha'"
26702
#: serverguide/C/dm-multipath.xml:1366(para)
27240
#: serverguide/C/dm-multipath.xml:1367(para)
26703
27241
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
26706
#: serverguide/C/dm-multipath.xml:1369(screen)
27244
#: serverguide/C/dm-multipath.xml:1370(screen)
26708
27246
msgid "# resize2fs /dev/mapper/mpatha"
26711
#: serverguide/C/dm-multipath.xml:1375(title)
27249
#: serverguide/C/dm-multipath.xml:1376(title)
26713
27251
"Moving root File Systems from a Single Path Device to a Multipath Device"
26716
#: serverguide/C/dm-multipath.xml:1378(para)
27254
#: serverguide/C/dm-multipath.xml:1379(para)
26718
27256
"This is dramatically simplified by the use of UUIDs to identify devices as "
26719
27257
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"